Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

Bruce Momjian wrote:
> KaiGai Kohei wrote:
>> Bruce Momjian wrote:
>>> KaiGai Kohei wrote:
>>>>>> I don't oppose to elimination of "--disable-row-acl" options, however,
>>>>>> it is not clear for me whether it should be unavoidable selection in
>>>>>> the future, or not.
>>>>> Look at the existing configure options; we don't remove features via
>>>>> configure unless it is for some platform-specific reason. Please remove
>>>>> the configure option and make it always enabled.
>>>> OK, I'll update it in the next patch set.
>>> Good. I assume the SQL-row security patch is not testable alone with
>>> out the rest of the patches, right?
>> The minimum requirements are the 1st and 2nd patches.
>> The first provides security hooks to PostgreSQL server program, and
>> the other provides ones to pg_dump command.
>> The 3rd, 4th and 5th are not necessary for the test purpose.
>
> First, let me say you have done an amazing job of producing patches for
> us, and your code quality is very high, especially considering the
> complexity of this code and your newness to our development process. My
> compliments to NEC, your employer.
>
> Also, I personally am excited about this code and what it will add to
> Postgres 8.4.
>
> I hate to ask for something else from you, but I am trying to figure out
> how we can proceed in reviewing and applying your additions. I am
> wondering if you can produce a patch that has the SE-Linux part separate
> so I can review the non-SE-Linux parts of the patch alone --- right now
> I am not 100% clear on what parts are always active as row-level SQL
> security and what needs SE-Linux to operate. I know this is an
> additional burden on you and if it is too much to ask, please tell me.

All the SELinux specific part is stored within:
- src/include/security/sepgsq.h
- src/backend/security/sepgsql/*
- Blocks enclosed by "#if defined(HAVE_SELINUX)"
in src/include/security/pgace.h

SELinux related codes are never invoked without pgaceXXXX() hooks,
so you can simply ignore the above files/parts when you are under
the reviewing to non-SELinux parts.
Rest of changes are commonly needed to manage security attribute
and to inject security hooks.

In all honesty, I hesitate to separate the patch again into two
parts to be integrated later. I would be happy, if you suggested
it a half year ago, because this feature was suggested as two
separated patches in CommitFest:May. :(

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>