Home > mailing lists

Re: add a MAC check for TRUNCATE - Mailing list pgsql-hackers

From	Yuli Khodorkovskiy
Subject	Re: add a MAC check for TRUNCATE
Date	September 26, 2019 16:45:03
Msg-id	CAFL5wJfERNr2+OAXJJE3FsdSbzWDNL6aY8EgotUW-D-mhfrRZw@mail.gmail.com Whole thread Raw
In response to	Re: add a MAC check for TRUNCATE (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Wed, Sep 25, 2019 at 5:57 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
<snip>

> I don't see how the addition of a new permissions check could sanely
> be back-patched unless it were to default to "allow", which seems like
> an odd choice.
>
>                         regards, tom lane

That makes sense. Alternatively, we could back patch just the hook to
at least allow the option for an integrator to implement MAC using an
extension. Then the sepgsql changes could be back patched once the
SELinux policy has been merged into Fedora.

Thank you

pgsql-hackers by date:

From: Alvaro Herrera
Date: 26 September 2019, 16:43:27
Subject: Re: Batch insert in CTAS/MatView code

From: Luis Carril
Date: 26 September 2019, 16:47:28
Subject: Re: Add FOREIGN to ALTER TABLE in pg_dump

Re: add a MAC check for TRUNCATE - Mailing list pgsql-hackers

Previous

Next