On Fri, Aug 5, 2011 at 2:36 PM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:
> BTW, what is the current status of this patch?
> The status of contrib/sepgsql part is unclear for me, although we agreed that
> syscache is suitable mechanism for security labels.
Sorry it's taken me a while to get around to looking at this. Reviewing away...
For me, the line you removed from dml.out causes the regression tests to fail.
I don't understand what this is going for:
+ /*
+ * To boost up trusted procedure checks on db_procedure object
+ * class, we also confirm the decision when user calls a procedure
+ * labeled as 'tcontext'.
+ */
Can you explain?
sepgsql_avc_check_perms_label has a formatting error on the line that
says "result = false". It's not indented correctly.
Several functions do this: sepgsql_avc_check_valid(); do { ... } while
(!sepgsql_avc_check_valid); I don't understand why we need a loop
there.
The comment for sepgql_avc_check_perms_label uses the word "elsewhere"
when it really means "otherwise".
Changing the calling sequence of sepgsql_get_label() would perhaps be
better separated out into its own patch.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company