Re: Updates of SE-PostgreSQL 8.4devel patches (r1168)
От | Bruce Momjian |
---|---|
Тема | Re: Updates of SE-PostgreSQL 8.4devel patches (r1168) |
Дата | |
Msg-id | 200811012239.mA1MdjR21714@momjian.us обсуждение исходный текст |
Ответ на | Updates of SE-PostgreSQL 8.4devel patches (r1168) (KaiGai Kohei <kaigai@ak.jp.nec.com>) |
Ответы |
Re: Updates of SE-PostgreSQL 8.4devel patches (r1168)
("Joshua D. Drake" <jd@commandprompt.com>)
Re: Updates of SE-PostgreSQL 8.4devel patches (r1168) (KaiGai Kohei <kaigai@kaigai.gr.jp>) |
Список | pgsql-hackers |
KaiGai Kohei wrote: > I've updated my patches, it contains a few bugfixes. > > [1/6] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1168.patch > [2/6] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1168.patch > [3/6] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1168.patch > [4/6] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1168.patch > [5/6] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1168.patch > [6/6] http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1168.patch > > The comprehensive documentation for SE-PostgreSQL is here: > http://wiki.postgresql.org/wiki/SEPostgreSQL (it is now under reworking.) > > List of updates: > - Patches are rebased to the latest CVS HEAD. > - bugfix: permission checks are ignored for per statement trigger functions > - bugfix: per-statement trigger function ignored trusted function configuration > - bugfix: not a proper permission check on lo_export(xxx, '/dev/null') > > > Request for Comments: > > - The 4th patch is actually needed? It can be replaced by wiki page. > > - Do you think anything remained towards the final CommitFest? > > - Do you have any reviewing comment? Most of patches are unchanged from > > the previous vesion. If you can comment anything, I can fix them without > > waiting for the final commit fest. I just looked over the patch. This new version with row-level SQL security has certainly reduced the SE-Linux-specific part, which is good. It was interesting how you implemented SQL-level column-level permissions: CREATE TABLE customer ( cid integer primary key, cname varchar(32), credit varchar(32) SECURITY_CONTEXT= 'system_u:object_r:sepgsql_secret_table_t'); I am unclear how that will behave with the column-level permissions patch someone is working on. I am wondering if your approach is clearer than the other patch because it gives a consistent right policy for rows and columns. I was wondering why you mention the NSA (U.S. National Security Agency) in the patch? +# NSA SELinux support The size of the patch is still larger but I don't see any way to reduce it: 1275 sepostgresql-docs-8.4devel-3-r1168.patch 625 sepostgresql-pg_dump-8.4devel-3-r1168.patch 829 sepostgresql-policy-8.4devel-3-r1168.patch 1736 sepostgresql-row_acl-8.4devel-3-r1168.patch 10847 sepostgresql-sepgsql-8.4devel-3-r1168.patch 1567 sepostgresql-tests-8.4devel-3-r1168.patch 16879 total -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-hackers по дате отправления:
Следующее
От: "Joshua Tolley"Дата:
Сообщение: Re: Proposed Patch to Improve Performance of Multi-Batch Hash Join for Skewed Data Sets