Re: Adding support for SE-Linux security
| От | Greg Smith |
|---|---|
| Тема | Re: Adding support for SE-Linux security |
| Дата | |
| Msg-id | 4B21A059.2000208@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: Adding support for SE-Linux security (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Tom Lane wrote: > My guess is that a credible SEPostgres offering will require a long-term > amount of work at least equal to, and very possibly a good deal more > than, what it took to make a native Windows port. Wow, if I thought that was the case I'd be as negative about the whole thing as you obviously are. In my head, I've been mentally bounding the effort by thinking that its worst case work would be more like what it took to add the role-based security to the system. I'd think that adding a new feature to the existing security setup couldn't be more painful than adding security in the first place, right? I didn't carefully watch either play out , but I was under the impression that the Windows port was quite a bit more work than that. Since the current discussion keeps going around in circles, the way I was trying to tilt the other thread I started towards was asking the question "what would need to change in the current PostgreSQL code to make the impact of adding the SEPostgreSQL code smaller?" I'd be curious to hear any thoughts you had on that topic. We already sort of refactored out "adding row-level security" as one answer to that, I feel like there may be others in there too. -- Greg Smith 2ndQuadrant Baltimore, MD PostgreSQL Training, Services and Support greg@2ndQuadrant.com www.2ndQuadrant.com
В списке pgsql-hackers по дате отправления: