On Fri, 2009-12-11 at 11:30 -0500, Robert Haas wrote:
[snip...]
>
> I'll stop here because I see that Stephen Frost has just sent an
> insightful email on this topic as well. Hmm, maybe that's the Steve
> you were referring to.
>
> ...Robert
>
Yea I never asked Stephen if he goes by Stephen or
On Fri, 2009-12-11 at 11:36 -0500, Stephen Frost wrote:
[Snip...]
>
> > In addition, OS allows to choose one enhanced security at most eventually.
> >
> > In my image, the hook should be as:
> >
> > Value *
> > ac_database_create([arguments ...])
> > {
> > /*
> >* The default
On Fri, 2009-12-11 at 11:16 -0500, Stephen Frost wrote:
> David,
>
> * David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
> > So I downloaded and read through the PCI DSS document (74 pages is
> > pretty light compared to NFSv4.1 hehe...) and There are several areas
> >
On Fri, 2009-12-11 at 11:28 -0500, Stephen Frost wrote:
[snip...]
> > The main concern I hear is that people are worried that this is an
> > SELinux specific design. I heard at the meeting on Wednesday that the
> > Trusted Extensions people looked at the framework and said it meets
> > their needs
On Fri, 2009-12-11 at 08:56 -0500, Stephen Frost wrote:
[snip...]
> I do assume we're going to do row level security, but I do not feel that
> we need to particularly put one in front of the other. I also feel that
> SEPG will be valuable even without row-level security. One of the
> realms that
On Fri, 2009-12-11 at 09:32 -0500, Robert Haas wrote:
> 2009/12/11 KaiGai Kohei :
> > It tried to provide a set of comprehensive entry points to replace existing
> > PG checks at once.
> > However, the SE-PgSQL/Lite patch covers accesses on only database, schema,
> > tables and columns. Is it neces
On Thu, 2009-12-10 at 17:08 -0500, Tom Lane wrote:
> Robert Haas writes:
> > Unlike Tom (I think), I do believe that there is demand (possibly only
> > from a limited number of people, but demand all the same) for this
> > feature.
>
> Please note that I do not think there is *zero* demand for th
On Tue, 2009-12-08 at 16:51 -0500, Tom Lane wrote:
> Peter Eisentraut writes:
> > PGACE wasn't a plugin system. It was an API inside the core code. If
> > it had been a plugin system, this would have been much easier, because
> > the plugin itself could have been developed independently.
>
> We
On Tue, 2009-12-08 at 15:26 -0500, Robert Haas wrote:
[snip...]
>
> I can say from experience that this project is very skeptical of
> frameworks that aren't accompanied by at least one, and preferably
> multiple, working implementations. So there is a bit of a chicken and
> egg problem here. Wh
On Tue, 2009-12-08 at 15:24 -0500, Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
> > One of the major and fundamental stumbling blocks we've run into is
> > that every solution we've looked at so far seems to involve adding
> > SE-Linux-specific checks in many places in the co
On Tue, 2009-12-08 at 14:22 -0500, Robert Haas wrote:
> On Tue, Dec 8, 2009 at 1:50 PM, Tom Lane wrote:
> > Robert Haas writes:
> >> One of the major and fundamental stumbling blocks we've run into is
> >> that every solution we've looked at so far seems to involve adding
> >> SE-Linux-specific c
On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
> On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley
> wrote:
> > On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
> >> On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian wrote:
> >> > As Alvaro mentioned, t
On Mon, 2009-12-07 at 22:25 -0500, Greg Smith wrote:
> David P. Quigley wrote:
> > Not to start a flame war here about access control models but you gave 3
> > different examples one of which I don't think has any means to do
> > anything productive here.
> You won&
13 matches
Mail list logo
