Peter Eisentraut wrote:
> On Friday 12 December 2008 19:09:26 Alvaro Herrera wrote:
>> I don't understand -- why wouldn't we just have two columns, one for
>> plain row-level security and another for whatever security system the
>> platforms happens to offer? If we were to follow that route, we could
>> have row-level security first, extracting the feature from the current
>> patch; and the rest of PGACE could be a much smaller patch implementing
>> the rest of the stuff, with SELinux support for now with an eye to
>> implementing Solaris TX or whatever.
>
> Exactly.
It seems to me most of people (including me) can agree on the "2 security
feature and 2 security system columns" approach.
Now, I started to work the implementation based on the way here:
http://code.google.com/p/sepgsql/source/browse/#svn/trunk/sepgsql-test
It enables to support a plain row-level DAC and a selectable MAC.
So, it does not require more than two security system columns, in future also.
Please wait for a few days to see the revised version of patches.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>