On Fri, Nov 07, 2008 at 01:50:18PM +0000, Simon Riggs wrote:
> How will unique indexes work? Do you implicitly add security context as
> last column on every unique index, or does the uniqueness violation only
> occurs within security contexts, or does the uniqueness violation tested
> against all contextx that the inserter can currently see? Is there a
> change to system catalogs?
The wiki clearly states that the unique test is prior to any filtering.
Anything else seems crazy to me.
http://wiki.postgresql.org/wiki/SEPostgreSQL#Unique_constraint
> Foreign Key deletions could be handled correctly if you treat them as
> updates. If we have the following example
Why? If a client does a delete and the database says OK, the tuple
should be gone, *for everyone*.
http://wiki.postgresql.org/wiki/SEPostgreSQL#Foreign_Key_constraint
It is the responsibility of the DB administrator to worry about covert
channels.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.