Peter Eisentraut wrote:
On Friday 12 December 2008 19:09:26 Alvaro Herrera wrote:
I don't understand -- why wouldn't we just have two columns, one for
plain row-level security and another for whatever security system the
platforms happens to offer? If we were to follow that route, we could
have row-level security first, extracting the feature from the current
patch; and the rest of PGACE could be a much smaller patch implementing
the rest of the stuff, with SELinux support for now with an eye to
implementing Solaris TX or whatever.
Exactly.
It seems to me most of people (including me) can agree on the "2 security
feature and 2 security system columns" approach.
Now, I started to work the implementation based on the way here:
http://code.google.com/p/sepgsql/source/browse/#svn/trunk/sepgsql-test
It enables to support a plain row-level DAC and a selectable MAC.
So, it does not require more than two security system columns, in future also.
Please wait for a few days to see the revised version of patches.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kai...@ak.jp.nec.com>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
