Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)

* Robert Haas <robertmhaas@gmail.com> [080924 00:15]:
>                                                       But I do think
> it's worthwhile to ask whether it makes sense to introduce a bunch of
> features that are only usable to people running SELinux.

Actually, I'ld go one stroke farther, and ask: Does it make sense to introduce a bunch of features that are only usable
topeople *able to write proper SELinux policy sets* (or whatever they are called).
 

>                                           it's very easy to imagine
> people wanting that feature, but NOT being willing to run SELinux to
> get it.

Or, being more generous even, able to *run* SELinux, but not able to
create a proper coherent set of SELinux policies...  SELinux is
"standard" now on most RHEL installs (and FC, and now debian, etc), but
how many admins have actually "made" (or even just altered) a SELinux
policy, and how many have just disabled it because it prevented what
they thought should be a valid operation?

I'm sure NSA can do both of these, but I would hazard that the number of
other people able to do this well can probably be counted on my
fingers...

a.
-- 
Aidan Van Dyk                                             Create like a god,
aidan@highrise.ca                                       command like a king,
http://www.highrise.ca/                                   work like a slave.