Stephen Frost wrote:
KaiGai,
<snip>
I do think that, technically, there's no reason we couldn't allow for multiple "only-more-restrictive" models to be enabled and built in a single binary for systems which support it. As such, I would make those just "#if defined()" rather than "#elif". Let it be decided at runtime which are actually used, otherwise it becomes a much bigger problem for packagers too.
It isn't just a case of using #if and it magically working. You'd need a system to manage multiple labels on each object that can be addressed by different systems. So instead of having an object mapped only to "system_u:object_r:mydb_t:s15" you'd also have to have it mapped to, eg., "^" for Smack.
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
