On 2017-04-05 04:25:41 +0000, Tsunakawa, Takayuki wrote: > From: Craig Ringer [mailto:[email protected]] > > On 5 April 2017 at 10:37, Tsunakawa, Takayuki > > <[email protected]> wrote: > > > > OTOH, I tried again to leave the DISABLE_MAX_PRIVILEGE as is and add Lock > > Pages in Memory, using the attached pg_ctl.c. Please see > > EnableLockPagesPrivilege() and its call site. But pg_ctl -w start fails > > emitting the following message: > > > > That won't work. You'd have to pass 0 to the flags of CreateRestrictedToken > > and instead supply a PrivilegesToDelete array. > > You'd probably GetTokenInformation and AND with a mask of ones you wanted > > to retain. > > Uh, that's inconvenient. We can't determine what privileges to delete, and > we must be aware of new privileges added in the future version of Windows. > > Then, I have to say the last patch (v12) is the final answer.
As I asked before, why can't we delete all privs and add the explicitly needed once back (using AdjustTokenPrivileges)? - Andres -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
