> I think there should be only *one* underlying column and that it should
> be manipulable by either SQL commands or selinux. Otherwise you're
> making a lie of the primary argument for having the SQL feature at all.
I agree that we're getting pretty far afield from the original
proposal, but I don't think it's a good idea to foreclose the option
of ever supporting MAC and DAC in the same executable. Whichever one
the vendor decides to ship, I have to recompile if I want the other.
There's a good chance that most people will use NEITHER feature, but
it isn't nice if one of the two is easily available and the other is
much harder.
...Robert
