On Tue, Nov 1, 2011 at 1:32 PM, Kohei KaiGai <kai...@kaigai.gr.jp> wrote: > I tried to summarize permission checks of DAC/MAC on several object classes > that are allowed to assign security label right now. > http://wiki.postgresql.org/index.php?title=SEPostgreSQL/Permissions > > In most of checks, required contextual information by SELinux are commonly > used to DAC also, as listed.
What's up with this: "a flag to inform whether CASCADE or RESTRICT" That doesn't seem like it should be needed. We should consider whether CREATE TABLE should be considered to consist of creating a table and then n attributes, rather than trying to shove the attribute information wholesale into the create table check. > I guess DROP or some of ALTER code reworking should be done prior to > deploy object_access_hook around their permission checks, to minimize > maintain efforts. +1. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
