Home > mailing lists

Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE
Date	April 20, 2009 14:15:33
Msg-id	5233.1240236841@sss.pgh.pa.us Whole thread Raw
In response to	Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Responses	Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE (Greg Stark <stark@enterprisedb.com>)
List	pgsql-hackers

Tree view

KaiGai Kohei <kaigai@ak.jp.nec.com> writes:
> Heikki Linnakangas wrote:
>> Can't you have a SE-PostgreSQL policy like "disallow ACL_UPDATE on table
>> X for user Y, except when current user is owner of X"?

> It seems to me a quite ad-hoc idea.

That's rather a silly charge to be leveling when your own proposal is
such a horrid kluge as this one.  As near as I can tell, you intend
that SELinux will be unable to prohibit SELECT FOR UPDATE because it
cannot tell the difference between that and a foreign key reference.
If that isn't a hack, I don't know what is.
        regards, tom lane

pgsql-hackers by date:

From: Pavel Stehule
Date: 20 April 2009, 12:46:13
Subject: Re: Patch for 8.5, transformationHook

From: Peter Eisentraut
Date: 20 April 2009, 14:18:24
Subject: Re: Patch for 8.5, transformationHook

Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE - Mailing list pgsql-hackers

Previous

Next