On 9/6/19 11:26 AM, Yuli Khodorkovskiy wrote: > On Fri, Sep 6, 2019 at 10:40 AM Stephen Frost <sfr...@snowman.net> wrote: >> There are actual reasons why the 'DELETE' privilege is *not* the same as >> 'TRUNCATE' in PostgreSQL and I'm really not convinced that we should >> just be tossing that distinction out the window for users of SELinux. A >> pretty obvious one is that DELETE triggers don't get fired for a >> TRUNCATE command, but TRUNCATE also doesn't follow the same MVCC rules >> that the rest of the system does. > > I do agree with you there should be a distinction between TRUNCATE and > DELETE in the SELinux perms. I'll wait a few days for more discussion > and send an updated patch.
+1 - I don't think there is any question about it. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
signature.asc
Description: OpenPGP digital signature