Re: [sepgsql 2/3] Add db_schema:search permission checks
| От | Craig Ringer |
|---|---|
| Тема | Re: [sepgsql 2/3] Add db_schema:search permission checks |
| Дата | |
| Msg-id | 51085808.1010107@2ndQuadrant.com обсуждение исходный текст |
| Ответ на | Re: [sepgsql 2/3] Add db_schema:search permission checks (Simon Riggs <simon@2ndquadrant.com>) |
| Список | pgsql-hackers |
On 01/29/2013 10:10 PM, Simon Riggs wrote: > On 29 January 2013 13:30, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote: > >> It makes unavailable to control execution of >> functions from viewpoint of selinux, and here is no way selinux >> to prevent to execute functions defined by other domains, or >> others being not permitted. >> Also, what we want to do is almost same as existing permission >> checks, except for its criteria to make access control decision. > Do you have a roadmap of all the things this relates to? > > If selinux has a viewpoint, I'd like to be able to see a list of > capabilities and then which ones are currently missing. I guess I'm > looking for external assurance that someone somewhere needs this and > that it fits into a complete overall plan of what we should do. Just > like we are able to use SQLStandard as a guide as to what we need to > implement, we would like something to refer back to. Does this have a > request id, specification document page number or whatever? I think that would greatly assist people in understanding why these patches are neccessary, what real-world functionality they lead to, and what problems they solve. Some info on the wiki may be a good option. For example, if you were to say "these changes will help with multi-tenant PostgreSQL installations by <x>" then that will catch some people's eye. -- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: