| From: | Kouhei Kaigai <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Noah Misch" <noah(at)leadboat(dot)com>, Kevin Grittner <kgrittn(at)ymail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sepgsql and materialized views |
| Date: | 2015-03-10 03:51:46 |
| Message-ID: | 9A28C8860F777E439AA12E8AEA7694F8010BEF18@BPXM15GP.gisp.nec.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> * Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
> > Kohei KaiGai wrote:
> > > Unfortunately, I could not get consensus of design on selinux policy side.
> > > Even though my opinion is to add individual security class for materialized
> > > view to implement refresh permission, other people has different opinion.
> > > So, I don't want it shall be a blocker of v9.3 to avoid waste of time.
> > > Also, I'll remind selinux community on this issue again, and tries to handle
> > > in another way from what I proposed before.
> >
> > Did we get this fixed?
>
> I don't think so, but it's something I'm interested in and have an
> envrionment where I can work on it.
>
> Will look into it and try to provide an update soon.
>
> Any further thoughts or suggestions would be appreciated.
>
Ah, yes, the issue has been kept unhandled.
May I remind selinux folks again, to add "db_materialized_view" class?
Or, Stephan, do you have idea to apply equivalent checks on refresh
operation?
Thanks,
--
NEC OSS Promotion Center / PG-Strom Project
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2015-03-10 04:09:51 | Re: Parallel Seq Scan |
| Previous Message | Tom Lane | 2015-03-10 03:45:53 | Re: BRIN page type identifier |