Updates of SE-PostgreSQL 8.4devel patches (r1348)

Поиск
Список
Период
Сортировка
От KaiGai Kohei
Тема Updates of SE-PostgreSQL 8.4devel patches (r1348)
Дата
Msg-id 49536FD8.9090502@ak.jp.nec.com
обсуждение исходный текст
Ответ на Updates of SE-PostgreSQL 8.4devel patches (r1324)  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Ответы Re: Updates of SE-PostgreSQL 8.4devel patches (r1348)  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Список pgsql-hackers
Дерево обсуждения 
I updated the patch set of SE-PostgreSQL and related stuff (r1348)

[1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1348.patch
[2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1348.patch
[3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1348.patch
[4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1348.patch
[5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1348.patch
 Draft of the SE-PostgreSQL documentation is here:   http://wiki.postgresql.org/wiki/SEPostgreSQL   (It also should be
updatedfor the recent changes...)
 

List of updates:
- The patches are rebased to the latest CVS HEAD. Currently, previous ones (r1324) are not suitable for this.
- It put a copied relkind value on pg_attribute.attkind. This change enables to reduce per tuple lookups for RELOID,
andimprove robustness of security model.
 
- bugfix: heap_getsysattr() could return NULL, when enhanced security feature is disabled. It is fixed to return an
alternativelabel/default acl.
 
- errcode_for_file_access() is applied on filesystem related errors, instead of ERRCODE_SELINUX_ERROR.
- Reloptions related code for Row-level ACLs feature is flattened. Now it invokes rowaclXXX() without PGACE hooks,
becausethere is an active effort to support variable kind of reloptions now.
 
- The "default_row_acl" got stored as text represenation due to incorrect table dump. (We should not put it as security
id.)
- bugfix: Makefile in src/test/sepgsql

Request for comments:

The current heap_reloptions() requires reloption-parser not to
raise an error when validate = false.
However, it makes a matter when we store "default_row_acl" as
a entry of reloptions. The input handler of AclItem[] can raise
an error if given input string has invalid format or users.

What solutions can be considered?
- Implement its own AclItem[] parser which does not raise an error on validate = false.
- Set dependencies on users which appears in default Row-ACLs.
- Remove default Row-level ACLs feature.
- Any other idea?

And, I have a question.
Is the new reloption framework designed to store strings?
The latest one support Bool, Int and Real, doen't it?

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

В списке pgsql-hackers по дате отправления:

Предыдущее
От: "Hitoshi Harada"
Дата:
Сообщение: Re: Window-functions patch handling of aggregates
Следующее
От: "Pavel Stehule"
Дата:
Сообщение: Re: Window-functions patch handling of aggregates