From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) |
Date: | 2008-12-08 18:33:17 |
Message-ID: | 493D686D.7080305@kaigai.gr.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom Lane wrote:
> KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
>> Bruce Momjian wrote:
>>> I assume that could just be always enabled.
>
>> It is not "always" enabled. When we build it with SE-PostgreSQL feature,
>> rest of enhanced security features (includes the row-level ACL) are
>> disabled automatically, as we discussed before.
>
> It seems like a pretty awful idea to have enabling sepostgres take away
> a feature that exists in the default build.
Why?
The PGACE security framework allows one or no enhanced security
mechanism at most. It is quite natural that the default selection
is overrided when an alternative option is chosen explicitly.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Stehule | 2008-12-08 18:44:39 | Re: new vacuum is slower for small tables |
Previous Message | Tom Lane | 2008-12-08 18:15:28 | Re: cvs head initdb hangs on unixware |