Home > mailing lists

Re: [PATCH] SE-PgSQL/lite rev.2163 - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: [PATCH] SE-PgSQL/lite rev.2163
Date	July 16, 2009 03:20:30
Msg-id	603c8f070907152020r18829880j46b9f27d034a9e4f@mail.gmail.com Whole thread Raw
In response to	Re: [PATCH] SE-PgSQL/lite rev.2163 (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Responses	Re: [PATCH] SE-PgSQL/lite rev.2163
List	pgsql-hackers

Tree view

2009/7/15 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> Robert Haas wrote:
>> 2009/7/14 KaiGai Kohei <kaigai@ak.jp.nec.com>:
>>> On the other hand, db_schema class was designed as an analogy to
>>> directoty in filesystems. SELinux defines several permissions on
>>> "dir" object class, such as "add_name", "remove_name" and "search".
>>
>> I think that's a bad analogy and you need to make the permission names
>> match the way PostgreSQL handles schema permissions generally.
>> There's only so many times and ways to says this...
>
> OK...
> I can replace "search" by "usage".
>
> Do you have any alternative ideas for "add_name" and "remove_name"?

Aack!  Come on!  Use whatever names those permissions already have!
If there are no corresponding names, then rip them out!!!

...Robert

pgsql-hackers by date:

From: KaiGai Kohei
Date: 16 July 2009, 03:05:45
Subject: [PATCH] SE-PgSQL/tiny rev.2193

From: KaiGai Kohei
Date: 16 July 2009, 03:41:51
Subject: Re: [PATCH] SE-PgSQL/lite rev.2163

Re: [PATCH] SE-PgSQL/lite rev.2163 - Mailing list pgsql-hackers

Previous

Next