On Wed, Dec 30, 2015 at 11:28 AM, Haribabu Kommi
<kommi.haribabu@gmail.com> wrote:
> On Thu, Dec 17, 2015 at 12:46 PM, Haribabu Kommi
> <kommi.haribabu@gmail.com> wrote:
>> Rebased patch is attached as it is having an OID conflict with the
>> latest set of changes
>> in the master branch.
>
> Here I attached new series of patches with a slightly different approach.
> Instead of creating the policies on the system catalog tables whenever
> the catalog security command is executed, just enable row level security
> on the system catalog tables. During the relation build, in
> RelationBuildRowSecurity function, if it is a system relation, frame the
> policy using the policy query which we earlier used to create by parsing it.
>
> With the above approach, in case of any problems in the policy, to use
> the corrected policy, user just needs to replace the binaries. whereas in
> earlier approach, either pg_upgrade or disabling and enabling of catalog
> security is required.
>
> Currently it is changed only for shared system catalog tables and also the
> way of enabling catalog security on shared system catalog tables is through
> initdb only. This also can be changed later. I will do similar changes for
> remaining catalog tables.
>
> Any comments on the approach?
Instead of creating policies during the "alter database" command for database
catalog tables, generating at relation building is leading to an
infinite recursion
loop because of transformExpr call for the qual. Any ideas to handle the same?
Here I attached updated patches to HEAD.
Regards,
Hari Babu
Fujitsu Australia