Re: SE-PostgreSQL Specifications

Stephen Frost wrote:
> KaiGai,
>
> * KaiGai Kohei (kaigai(at)ak(dot)jp(dot)nec(dot)com) wrote:
>> I began to describe the list of abstraction layer functions (but not completed yet):
>> http://wiki.postgresql.org/wiki/SEPostgreSQL_Abstraction
>
> I'm not really a huge fan of 'security_' as a prefix for these
> functions, but I don't have a better suggestion right now.

If so, 'pgsec_' (PostGresql SECutiry) instead?

> The initial abstraction patch shouldn't include the security context
> pieces. I realize that will be needed eventually, but the patch to do
> the abstraction and to formally move permissions checking to aclchk.c
> needs to stand alone. I'm also not sure that the API of having the
> security context be returned as a Datum makes sense..

OK, I'll add pieces corresponding to the security context on the second
patch (SE-PostgreSQL patch).

> Doesn't security_table_permissions() need to know if the query is an
> UPDATE or an INSERT?

Either ACL_UPDATE or ACL_INSERT should be set on the required_perms.
Both of them are never set in same time.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>