Robert Haas wrote:
> On Jul 15, 2009, at 11:41 PM, KaiGai Kohei wrote:
>
>> Robert Haas wrote:
>>> 2009/7/15 KaiGai Kohei :
Robert Haas wrote:
> 2009/7/14 KaiGai Kohei :
>> On the other hand, db_schema class was designed as an analogy to
>> directoty in filesystems. SELinux defin
On Jul 15, 2009, at 11:41 PM, KaiGai Kohei wrote:
Robert Haas wrote:
2009/7/15 KaiGai Kohei :
Robert Haas wrote:
2009/7/14 KaiGai Kohei :
On the other hand, db_schema class was designed as an analogy to
directoty in filesystems. SELinux defines several permissions on
"dir" object class, suc
Robert Haas wrote:
> 2009/7/15 KaiGai Kohei :
>> Robert Haas wrote:
>>> 2009/7/14 KaiGai Kohei :
On the other hand, db_schema class was designed as an analogy to
directoty in filesystems. SELinux defines several permissions on
"dir" object class, such as "add_name", "remove_name" and
2009/7/15 KaiGai Kohei :
> Robert Haas wrote:
>> 2009/7/14 KaiGai Kohei :
>>> On the other hand, db_schema class was designed as an analogy to
>>> directoty in filesystems. SELinux defines several permissions on
>>> "dir" object class, such as "add_name", "remove_name" and "search".
>>
>> I think t
Robert Haas wrote:
> 2009/7/14 KaiGai Kohei :
>> On the other hand, db_schema class was designed as an analogy to
>> directoty in filesystems. SELinux defines several permissions on
>> "dir" object class, such as "add_name", "remove_name" and "search".
>
> I think that's a bad analogy and you need
2009/7/14 KaiGai Kohei :
> On the other hand, db_schema class was designed as an analogy to
> directoty in filesystems. SELinux defines several permissions on
> "dir" object class, such as "add_name", "remove_name" and "search".
I think that's a bad analogy and you need to make the permission name
Robert Haas wrote:
>> If so, I can postpone some of permission checks outside of the
>> pg_xxx_aclcheck(). However, SELinux's security model often
>> requires different criteria to make its decision.
>> (Please note that I never say either of them is better or worse.)
>> Thus, we will need to add s
2009/7/14 KaiGai Kohei :
> Robert Haas wrote:
>> 2009/7/13 KaiGai Kohei :
>>> The sepgsql/avc.c provides a facility to cache access control decisions
>>> in userspace, and enables to reduce time of kernel invocations.
>>> However, its size is the largest one in the SE-PgSQL patch.
>>
>> I think tha
Robert Haas wrote:
> 2009/7/13 KaiGai Kohei :
>> The sepgsql/avc.c provides a facility to cache access control decisions
>> in userspace, and enables to reduce time of kernel invocations.
>> However, its size is the largest one in the SE-PgSQL patch.
>
> I think that caching access control decisio
2009/7/13 KaiGai Kohei :
> The sepgsql/avc.c provides a facility to cache access control decisions
> in userspace, and enables to reduce time of kernel invocations.
> However, its size is the largest one in the SE-PgSQL patch.
I think that caching access control decisions in userspace is a good
th
Robert,
The sepgsql/avc.c provides a facility to cache access control decisions
in userspace, and enables to reduce time of kernel invocations.
However, its size is the largest one in the SE-PgSQL patch.
[kai...@saba gram]$ wc -l src/backend/security/sepgsql/avc.c
829 src/backend/security/sepgs
Robert Haas wrote:
> 2009/7/12 KaiGai Kohei :
>> Robert, thanks for your comments.
>>
>> Robert Haas wrote:
>>> 2009/7/10 KaiGai Kohei :
The SE-PostgreSQL patches are updated as follows:
[1/5]
http://sepgsql.googlecode.com/files/sepgsql-01-sysatt-8.5devel-r2163.patch
[2/5]
2009/7/12 KaiGai Kohei :
> Robert, thanks for your comments.
>
> Robert Haas wrote:
>> 2009/7/10 KaiGai Kohei :
>>> The SE-PostgreSQL patches are updated as follows:
>>>
>>> [1/5]
>>> http://sepgsql.googlecode.com/files/sepgsql-01-sysatt-8.5devel-r2163.patch
>>> [2/5]
>>> http://sepgsql.googlecod
Robert, thanks for your comments.
Robert Haas wrote:
> 2009/7/10 KaiGai Kohei :
>> The SE-PostgreSQL patches are updated as follows:
>>
>> [1/5]
>> http://sepgsql.googlecode.com/files/sepgsql-01-sysatt-8.5devel-r2163.patch
>> [2/5]
>> http://sepgsql.googlecode.com/files/sepgsql-02-core-8.5devel-
2009/7/10 KaiGai Kohei :
> The SE-PostgreSQL patches are updated as follows:
>
> [1/5]
> http://sepgsql.googlecode.com/files/sepgsql-01-sysatt-8.5devel-r2163.patch
> [2/5] http://sepgsql.googlecode.com/files/sepgsql-02-core-8.5devel-r2163.patch
> [3/5] http://sepgsql.googlecode.com/files/sepgsql-0
15 matches
Mail list logo
