Joshua Drake wrote:
> On Wed, 24 Sep 2008 11:58:58 -0400
> Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> > The objection comes down to this: it's an extremely large, invasive,
> > and probably performance-losing patch, which apparently will be of use
> > to only a rather small set of people. It's not unreasonable to
> > discuss just how large that set might be while we debate whether to
> > accept the patch.
>
> I know of no one that really uses SELinux because it is a nightmare. On
> the other hand, this type of security is required to get into certain
> scary tin foil hat producing institutions.
>
> Do we want want to target those respective types of installs. If so,
> then we have no choice but to try and make this patch (or similar)
> work. If not, then I believe it is entirely too large of a change to
> even bother with.
I think if we get the SQL-level stuff we want implemented we can see
much better how much code SE-Linux support requires. For example, as
the patch stands we have SE-Linux-specific tuple header fields, which
seems like major overkill, but if the fields were already there for SQL
feature capability the SE-Linux patch would be much less invasive.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +