Tom Lane wrote: > KaiGai Kohei <[EMAIL PROTECTED]> writes: > > Bruce Momjian wrote: > >> I assume that could just be always enabled. > > > It is not "always" enabled. When we build it with SE-PostgreSQL feature, > > rest of enhanced security features (includes the row-level ACL) are > > disabled automatically, as we discussed before. > > It seems like a pretty awful idea to have enabling sepostgres take away > a feature that exists in the default build.
Agreed. The problem is that the security column used for SQL-level row security is reused to hold the SE-Linux ACL when SE-Linux is enabled. I suppose the only way to enable them both in an SE-Linux build would be to use a new optional column for SE-Linux and keep the SQL-level row security optional column unchanged. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers