Heikki Linnakangas <heikki.linnakan...@enterprisedb.com> writes:
> If we drop the goal of trying to restrict what a superuser can do, is
> the patch still useful?
> One idea is to add a single "is superuser" permission to sepgsql.
The agreement back in January was that what we'd consider for 8.4 is
a patch that adds SELinux-driven enforcement of permissions checks
that already exist in Postgres. Allowing the above seems to me to
fit within that charter, but this other stuff definitely doesn't.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
