Re: How to get SE-PostgreSQL acceptable

>> Even if I implement SE-PostgreSQL as a loadable module, core
>> PostgreSQL has to provide proper hooks in strategic points and
>> facilities to manage security attribute (pg_security system catalog
>> and security_label system column).
>> If you require to implement it without these facilities, I think
>> it is impossible and prefer scraping PGACE and integrate SE- code
>> into core.
> 
> I am not in a position to require anything since I am not a committer,
> but I would think that you would need to convince people that the
> facilities which your plugin requires were pretty much the same as the
> facilities that any other future plugin might require - that the
> plugin framework was client-agnostic.

We (as a security folks) know any MAC facility have similar
architecture called as reference monitor, so I believe it is
quite possible to implement them as same basis.
But it is a hard request to take an evidence immediately.
IMO, the framework is purely implementation matter, so it is
not late when the second one appeared.

As I noted to another message, I can accept to integrate limited
functional SE-PostgreSQL without any PGACE.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>