Bruce Momjian wrote:
> Bruce Momjian wrote:
>>> However, the toggle of row-level security feature should be controled
>>> via a GUC option, not a discretionary option.
>>> I'll add a "sepostgresql_row_level" option defined as bool to control
>>> it on start up time.
>> This sounds similar to BSD capability were certain security settings can
>> only be changed in single-user mode.
>
> Actually, an interesting idea would be to allow "sepostgresql_row_level"
> to be turned on, but not off. That means if it was turned on in
> postgresql.conf, it could not be turned off, but if it is off in
> postgresql.conf, it could be turned on via SET or via ALTER
> USER/DATABASE; I think that would be a nice capability.
I think the "sepostgresql_mode" and "sepostgresql_row_level" should not
be toggled frequently.
Please consider SELinux/SE-PostgreSQL requires various kind of objects
(including database objects) to be labeled properly at the initial state.
If it allows clients to turn on row-level security feature, it means many
"unlabeled" tuples appear suddenly. In generally, these have to be labeled
before the system get being available.
> On a related note, KaiGai, you are now starting the long road of getting
> feedback with the ultimate goal of getting your patch into CVS. I will
> warn you that there is often much work during this stage, and it might
> stretch into January as we request adjustments, but ultimately your
> feature and Postgres will be better for it. Thanks for sticking with
> it.
Don't worry, I'm be available for the works, and give a lot for inclusion
of the feature at v8.4.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>