Unfortunately, I could not get consensus of design on selinux policy side.
Even though my opinion is to add individual security class for materialized
view to implement refresh permission, other people has different opinion.
So, I don't want it shall be a blocker of v9.3 to avoid waste of time.
Also, I'll remind selinux community on this issue again, and tries to handle
in another way from what I proposed before.
Thanks,
2013/7/5 Tom Lane <tgl@sss.pgh.pa.us>:
> Noah Misch <noah@leadboat.com> writes:
>> On Fri, Feb 08, 2013 at 02:51:40PM +0100, Kohei KaiGai wrote:
>>> I'll have a discussion about new materialized_view object class
>>> on selinux list soon, then I'll submit a patch towards contrib/sepgsql
>>> according to the consensus here.
>
>> Has this progressed?
>
>> Should we consider this a 9.3 release blocker? sepgsql already has a red box
>> warning about its limitations, so adding the limitation that materialized
>> views are unrestricted wouldn't be out of the question.
>
> Definitely -1 for considering it a release blocker. If KaiGai-san can
> come up with a fix before we otherwise would release 9.3, that's great,
> but there's no way that sepgsql has a large enough user community to
> justify letting it determine the release schedule.
>
> regards, tom lane
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
