Re: [PATCH] SE-PgSQL/lite rev.2163 - Mailing list pgsql-hackers

From Robert Haas
Subject Re: [PATCH] SE-PgSQL/lite rev.2163
Date
Msg-id 603c8f070907151911w4f74da08u7de5a182cd6da16a@mail.gmail.com
Whole thread Raw
In response to Re: [PATCH] SE-PgSQL/lite rev.2163  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Responses Re: [PATCH] SE-PgSQL/lite rev.2163
List pgsql-hackers
2009/7/14 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> On the other hand, db_schema class was designed as an analogy to
> directoty in filesystems. SELinux defines several permissions on
> "dir" object class, such as "add_name", "remove_name" and "search".

I think that's a bad analogy and you need to make the permission names
match the way PostgreSQL handles schema permissions generally.
There's only so many times and ways to says this...

...Robert


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: [GENERAL] pg_migrator not setting values of sequences?
Next
From: KaiGai Kohei
Date:
Subject: Re: [PATCH] SE-PgSQL/lite rev.2163