Re: SE-PgSQL patch review

KaiGai Kohei <kaigai@ak.jp.nec.com> wrote:

> >>> ==== Internal structures ====
> http://wiki.postgresql.org/wiki/SEPostgreSQL_Architecture#Interaction_between_pg_security_system_catalog
> 
> In SELinux model, massive number of objects shares a limited number of
> security context (e.g more than 100 tables may have a same one), this
> design (it stores "security label OID" within the tuple header) is well
> suitable for database objects.

What plan do you have for system columns added by the patch
(datsecon, nspsecon, relsecon, etc) after we have securty_id
system column? Will we have duplicated features then?

Even if system tables don't use security_id columns, should the data type
of *secon be oid instead of text? I think pg_security described in the wiki
page is useful even if we only have object-level security.
How about adding pg_security and changing the type of *secon to oid?

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center