(2010/12/14 1:03), Robert Haas wrote: > On Mon, Dec 13, 2010 at 8:32 AM, KaiGai Kohei<kai...@kaigai.gr.jp> wrote: >> (2010/12/13 21:53), Robert Haas wrote: >>> 2010/12/12 KaiGai Kohei<kai...@ak.jp.nec.com>: >>>> >>>> I'd like to see opinions what facilities should be developed >>>> to the current v9.1 development cycle. >>> >>> It seems to me that the next commit after the label-switcher-function >>> patch ought to be a contrib module that implements a basic form of >>> SE-Linux driven permissions checking. I'm pretty unexcited about >>> continuing to add additional facilities that could be used by a >>> hypothetical module without actually seeing that module, and I think >>> that the label-switcher-function patch is the last piece of core >>> infrastructure that is a hard requirement rather than "nice to have". >>> I'd rather have a complete feature with limited capabilities than >>> half a feature with really awesome capabilities. >>> >> It is a good news for me also, because I didn't imagine SE-PostgreSQL >> module getting upstreamed, even if contrib module. >> >> OK, I'll focus on the works to merge the starter-version of SE-PostgreSQL >> as a contrib module in the last commit fest. >> >> Probably, I need to provide its test cases and minimum documentations >> in addition to the code itself. Anything else? > > Extremely detailed instructions on how to test it. > Indeed, it will be necessary.
Two more questions: How does the contrib module behave when we try to make all the contrib modules on the platform that doesn't provide libselinux? One idea is to add a few checks about selinux environment in the configure script. I counted number of lines of the sepgsql module that implement only currently supported hooks. It has 3.2KL of code not. How about scale of the patch to review? Thanks, -- KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
