Simon Riggs wrote: > > On Tue, 2008-12-09 at 03:33 +0900, KaiGai Kohei wrote: > > Tom Lane wrote: > > > KaiGai Kohei <[EMAIL PROTECTED]> writes: > > >> Bruce Momjian wrote: > > >>> I assume that could just be always enabled. > > > > > >> It is not "always" enabled. When we build it with SE-PostgreSQL feature, > > >> rest of enhanced security features (includes the row-level ACL) are > > >> disabled automatically, as we discussed before. > > > > > > It seems like a pretty awful idea to have enabling sepostgres take away > > > a feature that exists in the default build. > > > > Why? > > > > The PGACE security framework allows one or no enhanced security > > mechanism at most. It is quite natural that the default selection > > is overrided when an alternative option is chosen explicitly. > > I'm finding these discussions very confusing to follow, sorry about > that.
It isn't you; it _is_ hard to follow. ;-) No one is at fault; the topic is just complex. > We now have a parameter option that allows you to have row level > security in non-mandatory mode, which is good. But in order to get that > we need to build the server with a special configure option. No, that was removed at my request so it is always available. > My previous objective was to remove the need for a configure option, so > we can enable row-level security in the default distribution of > Postgres. Are we going to enable that option in all normal distros? If > yes, why is it a configure option (at all)? Option is gone in the most recent patch and it is always enabled. We still have a configure option to enable SE-Linux features. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
