On Tue, 2008-11-18 at 15:02 +0900, KaiGai Kohei wrote: > If we focus on the CreateTemplateTupleDesc(), 5 of call points give > possibile "hasoid" argument, and rest of them always give "false". > I guess it will be same in the security context cases. > However, we have to change all the call points when the declaration > is changed.
Looks promising. > > Another way would be to include a security context in all newly > created > > tuples, but remove it during heap_update, heap_insert etc if it is > > unused by the relation. That seems more straightforward. > > It is not a reasonable option. > > The length of HeapTupleData is determined during heap_form_tuple(), > and it is unchanged later. Thus, we have to interpose here, as object > identifier doing. Currently yes. Is there a reason not to? Do we rely on the tuple length staying same after those operations? Just considering multiple ways of making the context optional. > >> Some of distributions now provides SELinux option, but not a > default. > >> I know Debian, Ubuntu, Gentoo and SuSE are doing. > > > > SUSE? > > The "u" might be a large-letter. Sorry, I wasn't correcting your spelling! :-) I was asking whether Su/USE are definitely supporting SELinux now? I have not heard that. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
