Re: How to get SE-PostgreSQL acceptable

Robert Haas wrote:
> On Wed, Jan 28, 2009 at 9:27 PM, Stephen Frost <sfrost@snowman.net> wrote:
>> Robert,
>>
>> * Robert Haas (robertmhaas@gmail.com) wrote:
>>> pg_security (which I really think out to be renamed to
>>> pg_selinux_context or something, and make a new table if we someday
>>> support Trusted Solaris or whatever).
>> Err, this doesn't really make sense if we're doing row-level security,
>> that's not something which is tied to SELinux or Trusted Solaris.  Of
>> course, it's likely we'll need such a pg_selinux_context table or
>> something too..  Or maybe pg_security can be pg_rls instead.  Just
>> wanted to avoid confusion over this point..  Assuming Peter's approach
>> is the path that is generally agreed upon by core..
> 
> I don't think there's anything about pg_security that is specific to
> row-level security.

Yes, SELinux requires any objects (not only tuples) to be labeled.
The pg_security is also necessary for tables/columns/...

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>