Kohei KaiGai wrote:
> Unfortunately, I could not get consensus of design on selinux policy side.
> Even though my opinion is to add individual security class for materialized
> view to implement refresh permission, other people has different opinion.
> So, I don't want it shall be a blocker of v9.3 to avoid waste of time.
> Also, I'll remind selinux community on this issue again, and tries to handle
> in another way from what I proposed before.
Did we get this fixed?
> 2013/7/5 Tom Lane <tgl@sss.pgh.pa.us>:
> > Noah Misch <noah@leadboat.com> writes:
> >> On Fri, Feb 08, 2013 at 02:51:40PM +0100, Kohei KaiGai wrote:
> >>> I'll have a discussion about new materialized_view object class
> >>> on selinux list soon, then I'll submit a patch towards contrib/sepgsql
> >>> according to the consensus here.
> >
> >> Has this progressed?
> >
> >> Should we consider this a 9.3 release blocker? sepgsql already has a red box
> >> warning about its limitations, so adding the limitation that materialized
> >> views are unrestricted wouldn't be out of the question.
> >
> > Definitely -1 for considering it a release blocker. If KaiGai-san can
> > come up with a fix before we otherwise would release 9.3, that's great,
> > but there's no way that sepgsql has a large enough user community to
> > justify letting it determine the release schedule.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services