Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

>> I don't oppose to elimination of "--disable-row-acl" options, however,
>> it is not clear for me whether it should be unavoidable selection in
>> the future, or not.
> 
> Look at the existing configure options;  we don't remove features via
> configure unless it is for some platform-specific reason.  Please remove
> the configure option and make it always enabled.

OK, I'll update it in the next patch set.

>>> I assume that could just be always enabled.
>> It is not "always" enabled. When we build it with SE-PostgreSQL feature,
>> rest of enhanced security features (includes the row-level ACL) are
>> disabled automatically, as we discussed before.
> 
> Oh.  Is that because we use SE-Linux row-level security when
> SE-PostgreSQL is enabled?  I guess that makes sense.

Yes, when SE-PostgreSQL is enabled, it provides row-level security,
and the per-tuple security field is used to show its security context.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>