Re: [v9.1] Add security hook on initialization of instance

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Tom Lane <tgl@sss.pgh.pa.us>, KaiGai Kohei <kaigai@kaigai.gr.jp>, pgsql-hackers@postgresql.org
Date: 2010-07-08T14:58:09Z
Lists: pgsql-hackers
* Robert Haas (robertmhaas@gmail.com) wrote:
> I'm not sure what the best thing to do about this is.  I think it
> might be a good idea to start with some discussion of what problems
> people are trying to solve (hopefully N > 1?) and then try to figure
> out what a good solution might look like.

Guess my first thought was that you'd have a database-level label that
would be used by SELinux to validate a connection.  A second thought is
labels for roles.  KaiGai, can you provide your thoughts on this
discussion/approach/problems?  I realize it's come a bit far-afield from
your original proposal.

	Thanks,

		Stephen