Re: Proposal of SE-PostgreSQL patches [try#2]

KaiGai Kohei wrote:
>> Might want to change the option name --enable-selinux to something 
>> like --security-context.
>>
>> In general, we might want to not name things selinux_* but instead
>> sepostgresql_* or security_* or security_context_*.  Or maybe PGACE?
> 
> The pgace_* scheme is an attractive idea, although the server process
> has to provide a bit more hints (like the name of security system column
> and the kind of objects exported with security attribute) pg_dump to
> support various kind of security features with smallest implementation.

It might not be necessary to provide all the hints pg_dump to make queries.
The minimum required information is which security feature is running on
the server process, or nothing. And, pg_dump can add a security system
column within its queries to get security attribute, if required.

Now, I'm considering to add pgaceDumpSOMETHING() functions within pg_dump
for better modularity. What do you think?

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>