On Fri, Oct 16, 2009 at 12:45 PM, Greg Stark <gsst...@mit.edu> wrote: > 2009/10/16 KaiGai Kohei <kai...@ak.jp.nec.com>: >> . In addition, I already tried to put SE-PG hooks >> within pg_xxx_aclchecks() in this CF, but it was failed due to the >> differences in the security models. > > I thought the last discussion ended with a pretty strong conclusion > that we didn't want differences in the security models. > > The first step is to add hooks which don't change the security model > at all, just allow people to control the existing checks from their SE > configuration. Only as a second step we would look into making > incremental changes to the postgres security model to add support for > privileges SE users might expect to find, eventually possibly > including per-row permissions.
I think we sort of came to the conclusion that even a basic implementation of SE-PostgreSQL might have some requirements that didn't quite square with the existing PostgreSQL security model. The charter of this patch AIUI was to refactor things so that they were square up, but I the patch is substantially more complex and invasive than what I thought would be necessary and it's not clear that it solves the problem. Rather than refactoring the existing checks to provide a cleaner abstraction layer, it seems to provide a layer that, if it's anything, is just a place-holder for an SE-PostgreSQL implementation, and there's no guarantee that it's adequate even for that, much less for anything else we might want to do. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
