Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

KaiGai Kohei wrote:
> > I hate to ask for something else from you, but I am trying to figure out
> > how we can proceed in reviewing and applying your additions.  I am
> > wondering if you can produce a patch that has the SE-Linux part separate
> > so I can review the non-SE-Linux parts of the patch alone --- right now
> > I am not 100% clear on what parts are always active as row-level SQL
> > security and what needs SE-Linux to operate.  I know this is an
> > additional burden on you and if it is too much to ask, please tell me.
> 
> All the SELinux specific part is stored within:
>   - src/include/security/sepgsq.h
>   - src/backend/security/sepgsql/*
>   - Blocks enclosed by "#if defined(HAVE_SELINUX)"
>     in src/include/security/pgace.h
> 
> SELinux related codes are never invoked without pgaceXXXX() hooks,
> so you can simply ignore the above files/parts when you are under
> the reviewing to non-SELinux parts.
> Rest of changes are commonly needed to manage security attribute
> and to inject security hooks.
> 
> In all honesty, I hesitate to separate the patch again into two
> parts to be integrated later. I would be happy, if you suggested
> it a half year ago, because this feature was suggested as two
> separated patches in CommitFest:May. :(

Thanks, that's what I needed to know.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +