KaiGai Kohei wrote:
>> Might want to change the option name --enable-selinux to something
>> like --security-context.
>>
>> In general, we might want to not name things selinux_* but instead
>> sepostgresql_* or security_* or security_context_*. Or maybe PGACE?
>
> The pgace_* scheme is an attractive idea, although the server process
> has to provide a bit more hints (like the name of security system column
> and the kind of objects exported with security attribute) pg_dump to
> support various kind of security features with smallest implementation.
It might not be necessary to provide all the hints pg_dump to make queries.
The minimum required information is which security feature is running on
the server process, or nothing. And, pg_dump can add a security system
column within its queries to get security attribute, if required.
Now, I'm considering to add pgaceDumpSOMETHING() functions within pg_dump
for better modularity. What do you think?
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>