> Yes, we need '--enable-selinux' to activate all of SE-PostgreSQL features.
>
> In addition, these are invoked via security hooks which are declared
> as inline functions. So, I think it does not give us additional loss of
> performances when you don't add the compile time option explicitly.
That is good as far as it goes but I assume that if this patch is
accepted many vendors will build with this feature enabled, and many
end-users will turn off SELinux but keep the same binaries. It's
important that those people don't get hosed either.
It's also probably worth asking what the performance penalty is when
you ARE using all the bells and whistles.
...Robert
