Robert Haas wrote: > 2009/7/15 KaiGai Kohei <kai...@ak.jp.nec.com>: >> Robert Haas wrote: >>> 2009/7/14 KaiGai Kohei <kai...@ak.jp.nec.com>: >>>> On the other hand, db_schema class was designed as an analogy to >>>> directoty in filesystems. SELinux defines several permissions on >>>> "dir" object class, such as "add_name", "remove_name" and "search". >>> I think that's a bad analogy and you need to make the permission names >>> match the way PostgreSQL handles schema permissions generally. >>> There's only so many times and ways to says this... >> OK... >> I can replace "search" by "usage". >> >> Do you have any alternative ideas for "add_name" and "remove_name"? > > Aack! Come on! Use whatever names those permissions already have! > If there are no corresponding names, then rip them out!!!
OK, I'll rip definitions of unused SELinux's permissions from the permission table of SE-PgSQL. Is it correct for what you say? -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
