On 2017-04-05 04:25:41 +0000, Tsunakawa, Takayuki wrote: > From: Craig Ringer [mailto:craig.rin...@2ndquadrant.com] > > On 5 April 2017 at 10:37, Tsunakawa, Takayuki > > <tsunakawa.ta...@jp.fujitsu.com> wrote: > > > > OTOH, I tried again to leave the DISABLE_MAX_PRIVILEGE as is and add Lock > > Pages in Memory, using the attached pg_ctl.c. Please see > > EnableLockPagesPrivilege() and its call site. But pg_ctl -w start fails > > emitting the following message: > > > > That won't work. You'd have to pass 0 to the flags of CreateRestrictedToken > > and instead supply a PrivilegesToDelete array. > > You'd probably GetTokenInformation and AND with a mask of ones you wanted > > to retain. > > Uh, that's inconvenient. We can't determine what privileges to delete, and > we must be aware of new privileges added in the future version of Windows. > > Then, I have to say the last patch (v12) is the final answer.
As I asked before, why can't we delete all privs and add the explicitly needed once back (using AdjustTokenPrivileges)? - Andres -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers