Heikki Linnakangas <hlinnakangas@vmware.com> writes:
> No-one's replied yet, but perhaps the worry is that after you've written
> the commit record, you have to go ahead with removing/creating the init
> fork, and that is seen as too risky. If a creat() or unlink() call
> fails, that will have to be a PANIC, and crash recovery will likewise
> have to PANIC if the forks still cannot be removed/created.
> My first thought is that that seems ok.
No, it isn't. No filesystem operation should *ever* be thought to be
guaranteed to succeed.
I also concur with Andres' complaint that this feature is not worth
adding complication to the core transaction commit path for.
regards, tom lane