Re: [v9.1] Add security hook on initialization of instance
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Tom Lane <tgl@sss.pgh.pa.us>, KaiGai Kohei <kaigai@kaigai.gr.jp>, pgsql-hackers@postgresql.org
Date: 2010-07-08T14:58:09Z
Lists: pgsql-hackers
* Robert Haas (robertmhaas@gmail.com) wrote: > I'm not sure what the best thing to do about this is. I think it > might be a good idea to start with some discussion of what problems > people are trying to solve (hopefully N > 1?) and then try to figure > out what a good solution might look like. Guess my first thought was that you'd have a database-level label that would be used by SELinux to validate a connection. A second thought is labels for roles. KaiGai, can you provide your thoughts on this discussion/approach/problems? I realize it's come a bit far-afield from your original proposal. Thanks, Stephen