Heikki Linnakangas <heikki.linnakangas@enterprisedb.com> writes:
> If we drop the goal of trying to restrict what a superuser can do, is
> the patch still useful?
> One idea is to add a single "is superuser" permission to sepgsql.
The agreement back in January was that what we'd consider for 8.4 is
a patch that adds SELinux-driven enforcement of permissions checks
that already exist in Postgres. Allowing the above seems to me to
fit within that charter, but this other stuff definitely doesn't.
regards, tom lane