Re: [sepgsql 2/3] Add db_schema:search permission checks
Simon Riggs <simon@2ndquadrant.com>
From: Simon Riggs <simon@2ndquadrant.com>
To: Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: PgHacker <pgsql-hackers@postgresql.org>
Date: 2013-01-29T14:10:35Z
Lists: pgsql-hackers
On 29 January 2013 13:30, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote: > It makes unavailable to control execution of > functions from viewpoint of selinux, and here is no way selinux > to prevent to execute functions defined by other domains, or > others being not permitted. > Also, what we want to do is almost same as existing permission > checks, except for its criteria to make access control decision. Do you have a roadmap of all the things this relates to? If selinux has a viewpoint, I'd like to be able to see a list of capabilities and then which ones are currently missing. I guess I'm looking for external assurance that someone somewhere needs this and that it fits into a complete overall plan of what we should do. Just like we are able to use SQLStandard as a guide as to what we need to implement, we would like something to refer back to. Does this have a request id, specification document page number or whatever? -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services