(2010/12/14 1:03), Robert Haas wrote:
> On Mon, Dec 13, 2010 at 8:32 AM, KaiGai Kohei<kaigai@kaigai.gr.jp> wrote:
>> (2010/12/13 21:53), Robert Haas wrote:
>>> 2010/12/12 KaiGai Kohei<kaigai@ak.jp.nec.com>:
>>>>
>>>> I'd like to see opinions what facilities should be developed
>>>> to the current v9.1 development cycle.
>>>
>>> It seems to me that the next commit after the label-switcher-function
>>> patch ought to be a contrib module that implements a basic form of
>>> SE-Linux driven permissions checking. I'm pretty unexcited about
>>> continuing to add additional facilities that could be used by a
>>> hypothetical module without actually seeing that module, and I think
>>> that the label-switcher-function patch is the last piece of core
>>> infrastructure that is a hard requirement rather than "nice to have".
>>> I'd rather have a complete feature with limited capabilities than
>>> half a feature with really awesome capabilities.
>>>
>> It is a good news for me also, because I didn't imagine SE-PostgreSQL
>> module getting upstreamed, even if contrib module.
>>
>> OK, I'll focus on the works to merge the starter-version of SE-PostgreSQL
>> as a contrib module in the last commit fest.
>>
>> Probably, I need to provide its test cases and minimum documentations
>> in addition to the code itself. Anything else?
>
> Extremely detailed instructions on how to test it.
>
Indeed, it will be necessary.
Two more questions:
How does the contrib module behave when we try to make all the
contrib modules on the platform that doesn't provide libselinux?
One idea is to add a few checks about selinux environment in
the configure script.
I counted number of lines of the sepgsql module that implement
only currently supported hooks. It has 3.2KL of code not.
How about scale of the patch to review?
Thanks,
--
KaiGai Kohei <kaigai@ak.jp.nec.com>