Bruce Momjian wrote:
> Robert Haas wrote:
>>> I think the answer is yes, because (as others have said) if we ever want
>>> to have SQL-level per-row permissions, then we can implement them with
>>> no change to the patch currently in discussion.
>> If that's true, it weighs somewhat in favor of accepting this patch,
>> but how sure are we that it's really the case? If you only have one
>> implementation sitting on top of your abstraction layer, it's hard to
>> know whether you've implemented a general framework for doing X or
>> merely an interface that happens to suit the particular flavor of X
>> that you want to do today.
>
> Yes, that is my point, and SE-Linux is just Linux, meaning it is
> OS-specific, making it even less generally useful.
I believe the upcomig "fine-grained security" patch enables to make
clear the security framework is NOT specific for SELinux only.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>