Re: sepgsql and materialized views

Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Noah Misch <noah(at)leadboat(dot)com> writes:
>> On Fri, Feb 08, 2013 at 02:51:40PM +0100, Kohei KaiGai wrote:
>>> I'll have a discussion about new materialized_view object class
>>> on selinux list soon, then I'll submit a patch towards
>>> contrib/sepgsql according to the consensus here.
>
>> Has this progressed?
>>
>> Should we consider this a 9.3 release blocker?  sepgsql already has a red
>> box warning about its limitations, so adding the limitation that materialized
>> views are unrestricted wouldn't be out of the question.
>
> Definitely -1 for considering it a release blocker.  If KaiGai-san can
> come up with a fix before we otherwise would release 9.3, that's great,
> but there's no way that sepgsql has a large enough user community to
> justify letting it determine the release schedule.

Agreed.  I posted (many months ago) a proposed version which
treated them as being subject to the same security labels as
tables, and another which created new security lables for
materialized views.  I'm not aware of any third option, but I sure
don't feel like I'm in a position to determine which is better (or
whether someone has a third idea), and I don't think we can hold up
the PostgreSQL release waiting for the security community to
choose.

--
Kevin Grittner
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company