Re: Adding support for SE-Linux security

On mån, 2009-12-07 at 17:33 +0100, Martijn van Oosterhout wrote:
> On Mon, Dec 07, 2009 at 01:09:59PM -0300, Alvaro Herrera wrote:
> > > Given the extreme patience and diligence exhibited by KaiGai, I
> > > hesitate to say this, but it seems to me that this would be
> > > critically important for the long term success of this feature.  I
> > > have no idea how much work it would be to make the interface to the
> > > external security system pluggable, but if it's at all feasible, I
> > > think it should be done.
> > 
> > This is how the code was developed initially -- the patch was called
> > PGACE and SELinux was but the first implementation on top of it.
> 
> I find it astonishing that after SE-PgSQL was implemented on top of a
> pluggable system (PGACE) and this system was removed at request of the
> "community" [1] that at this late phase people are suggesting it needs
> to be added back again. Havn't the goalposts been moved enough times?

PGACE wasn't a plugin system.  It was an API inside the core code.  If
it had been a plugin system, this would have been much easier, because
the plugin itself could have been developed independently.