Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE
Дата
Msg-id 5233.1240236841@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Ответы Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE  (Greg Stark <stark@enterprisedb.com>)
Список pgsql-hackers
Дерево обсуждения 
KaiGai Kohei <kaigai@ak.jp.nec.com> writes:
> Heikki Linnakangas wrote:
>> Can't you have a SE-PostgreSQL policy like "disallow ACL_UPDATE on table
>> X for user Y, except when current user is owner of X"?

> It seems to me a quite ad-hoc idea.

That's rather a silly charge to be leveling when your own proposal is
such a horrid kluge as this one.  As near as I can tell, you intend
that SELinux will be unable to prohibit SELECT FOR UPDATE because it
cannot tell the difference between that and a foreign key reference.
If that isn't a hack, I don't know what is.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Pavel Stehule
Дата:
Сообщение: Re: Patch for 8.5, transformationHook
Следующее
От: Peter Eisentraut
Дата:
Сообщение: Re: Patch for 8.5, transformationHook