On Wed, Aug 15, 2018 at 03:03:41PM -0600, Scott Ribe wrote: > > On Aug 15, 2018, at 2:57 PM, Bruce Momjian <bruce@xxxxxxxxxx> wrote: > > > > On Wed, Aug 15, 2018 at 01:52:43PM -0700, Evan Rempel wrote: > >> There are just a ton of configuration elements that the DBAs need > >> to decide on and implement that require configuration of components > >> that are outside of the database proper. > >> > >> It was a worthwhile discussion. One needs to trust the data > >> stewards. > > > > Agreed. I just wish it had a more positive outcome. ;-) > > Well, it probably elucidated the issues enough that an expert in > SELinux could configure a server such that DBAs could not disable > logging. Of course, you still have to trust somebody with that > configuration, but it is possible to separate responsibilities if you > work hard enough at it. Well, since the superuser can start the server with whatever arguments they want, I am not sure how SELinux would help here. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
