Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

Bruce Momjian wrote:
> Peter Eisentraut wrote:
>> KaiGai Kohei wrote:
>>> I don't agree. What is the reason why? It has been unclear for me.
>>>
>>> The PGACE security framework is designed to allow users to choose
>>> an enhanced security mechanism from some of provided options.
>>> (Currently, we have sepgsql and rowacl.)
>>> It is quite natural that one is disabled when the other is enabled.
>> As a general rule, mutually exclusive features as compile-time option
>> should be avoided at all costs. Since most people use binary packages,
>> forcing the packager to make such a choice will always make a lot of
>> people unhappy, or alternatively cause one of the features to bitrot.
>>
>> As a secondary rule, mutually exclusive features should be avoided at
>> all, without a compelling reason. I don't see such a reason here.
>
> I think there is a reason to have SE-Linux be compile-time because there
> is no way to know at run time if the OS has the SE-Linux libraries,
> right? I assume this is similar to how we do LDAP.

Yes, the libselinux is a factor it to be a compile-time option.

> But your larger point is that SQL-row-level security should always be
> available, which I just posted about.

If so, it should be hardcoded on somewhere, no need to be implemented
as a guest of PGACE security framework. Its purpose is to implement
enhanced security mechanisms with minimum impact to core facilities.

If you intend to implement is as a hardcoded feature, I can agree.
Please wait for a few days, I'll try to implement it.
So, ignore the 6th patch during the days and make progress to review
the rest of patches.

Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>