"Magnus Hagander" <[EMAIL PROTECTED]> writes:
> Attached is a patch for initdb only (the other patch stands unchanged).
> It will make initdb re-exec itself with a restricted token when
> available (since we can only control the security of subprocesses)

Applied to HEAD.

> There's a bit of shared code with pg_ctl (but not all of the exec stuff,
> because there is no need for a job object for initdb). I'm unsure if
> it's worth putting something in src/port instead for it, so this version
> doesn't.

I agree that it seems marginal at this point.  But if we find ourselves
adding the functionality anyplace else, you should probably factor out
the common code into a /port module.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?


Reply via email to