Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

> Bruce Momjian <bruce@momjian.us> writes:
>> Let me outline the simplest API, assuming we are using table-level
>> granularity for the security columns.
>> CREATE TABLE would support
>>     WITH (ROWACL = TRUE/FALSE);
>> for row-level acl and:
>>     WITH (SECEXT = TRUE/FALSE);
>> for SE-Linux, with 'SECEXTL' standing for SECurity EXTernal or
>> SECurity_contEXT.
> 
> Wait a minute.  The original argument for providing SQL-driven row level
> security was that it would help provide a framework for testing the code
> and doing something useful with it on non-selinux platforms.

Yes,
In addition, I want folks to remind that the Row-level ACLs are not designed
based on SQL standards. Thus, I called it one of the enhanced securities.

> I think there should be only *one* underlying column and that it should
> be manipulable by either SQL commands or selinux.  Otherwise you're
> making a lie of the primary argument for having the SQL feature at all.
> 
> It's possible that some people would want to insist that only selinux
> be used to manipulate the settings, but I think that could be addressed
> by a compile-time option to disable the SQL commands.

My original opinion is that users should be able to choose what enhanced
security mechanism is available on his system.
In all honesty, I don't understand why the Row-level ACLs has privileged
position in the enhanced securities and it should be always available.

Thanks,
--
KaiGai Kohei