Re: Updates of SE-PostgreSQL 8.4devel patches

KaiGai Kohei wrote:
> >     1) When are we getting column-level permissions that you can
> >        plug into?
> 
> Please note that SE-PostgreSQL checks its column-level permission *after* VIEWs
> are expanded, because it focuses on "what" object is accessed, not "how".
> Thus, it walks on the query tree just after QueryRewrite() to pick up columns
> to be refered in this query.
> The term is same, but it's unclear for me whether it can share the code based
> on SQL standards, or not.
> (In my opinion, it is not a matter, just a difference in security model.)

I understand.

>  >     2) Do we want row-level permissions at the SQL level?
> 
> Now I'm working for it and will submit patches due to the end of Oct,
> if it is really required to make progress reviewing of SE-PostgreSQL
> on the v8.4 development cycle.
> However, the scale of its demand is unclear for me.

Yes, which is why I would like the community to answer the question
before you have to start coding things.  I will say that if we do want
it, the SE-Linux code will be 96% in separate modules and will make it
much easier to accept.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +