Tom, Andrew, KaiGai,
> "Andrew Dunstan" <andrew@dunslane.net> writes:
>> What's more, we have a SoC project for column level access controls.
I don't see the SE stuff as a replacement for that, since it apparently
exists outside the standard SQL security model.
> ... which presumably wouldn't involve any added dependency on outside code.
> For people who are already using SELinux or Trusted Solaris, making the
> database dependent on that infrastructure might be seen as a plus, but
> I'm not sure the rest of the world would be pleased.
Yes, I was thinking that this should be a compile-time option with a lot
of warnings in the Docs.
Give the team some credit, though; they've managed to come up with a
system that integrates OS-level ACLs for both SElinux and TxSol, are not
asking us to incorporate two different sets, and are coming to us with a
serious proposal that has a lot of work behind it. Please don't blow
them off like they were undergrads submitting a semester project. If
they need to come back after 8.3 beta so we can properly pay attention
to the proposal, then say so.
There are also
> some interesting questions about SQL spec compliance and whether a
> database that silently hides some rows from you will give semantically
> consistent results.
Yeah -- that's a potentially serious issue; KaiGai, have you looked into it?
--Josh Berkus