Quick Links

Updates of SE-PostgreSQL 8.4devel patches (r1425)

From:	KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To:	pgsql-hackers(at)postgresql(dot)org
Cc:	Alvaro Herrera <alvherre(at)commandprompt(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, bruce(at)momjian(dot)us, tgl(at)sss(dot)pgh(dot)pa(dot)us, simon(at)2ndQuadrant(dot)com
Subject:	Updates of SE-PostgreSQL 8.4devel patches (r1425)
Date:	2009-01-16 09:39:03
Message-ID:	497055B7.2030006@ak.jp.nec.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I updated my patch set of SE-PostgreSQL and related stuff (r1425).

[1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1425.patch
[2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1425.patch
[3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1425.patch
[4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1425.patch
[5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1425.patch

I tried to check my patches again, as if I am a reviewer in my mind.
Then, I could find some points to be fixed.
Please change reviewing base, if you saw the previous version partway.
(No changes here except for the following parts.)

List of updates:
- It rebased to the latest CVS HEAD.
- pgaceProxyQuery() is renamed to pgacePostRewriteQuery().
In the legacy version, SE-PostgreSQL modified WHERE clause here,
so it has name of "Proxy", but it become a nonsense name now.
- triggerIsForeignKeyConstraint() is replaced by
RI_FKey_trigger_type() due to code duplication.
- bugfix: avc_datum_count was not incremented on avc_make_entry()
correctly.
- Hook is reverted from fmgr_info_cxt() because it applies access
control on purely internal function usage. Now we follow the
manner of pg_proc_aclcheck(), and add checks on system catalog
updates related to function usage.
- bugfix: When we update security_label, sepgsqlHeapTupleUpdate()
checked *:{relabelfrom} permission twice. It was redundant.
- Security policy was updated to fit latest selinux-policy package.

Folks in pgsql-hackers,

My patch set has grew up a bit large for this two and half years, indeed,
but most of them are deployments of security hooks, and well modulared.
Don't hesitate code reviewing and comment anything, please.
We need any volunteers so much, even if you cannot provide comprehensive
reviewing. If necessary, I shall pay my efforts to update them with highest
priority, to get it merged at v8.4.

$ diffstat sepostgresql-sepgsql-8.4devel-3-r1425.patch
configure | 113 +
configure.in | 13
src/Makefile.global.in | 1
src/backend/Makefile | 7
src/backend/access/common/heaptuple.c | 35
src/backend/access/common/reloptions.c | 22
src/backend/access/common/tupdesc.c | 12
src/backend/access/heap/heapam.c | 19
src/backend/access/heap/tuptoaster.c | 19
src/backend/bootstrap/bootparse.y | 13
src/backend/bootstrap/bootstrap.c | 8
src/backend/catalog/Makefile | 1
src/backend/catalog/aclchk.c | 2
src/backend/catalog/catalog.c | 4
src/backend/catalog/heap.c | 91 !
src/backend/catalog/index.c | 16
src/backend/catalog/pg_aggregate.c | 3
src/backend/catalog/pg_largeobject.c | 5
src/backend/catalog/pg_proc.c | 6
src/backend/catalog/toasting.c | 3
src/backend/commands/cluster.c | 11
src/backend/commands/copy.c | 293 +++!
src/backend/commands/dbcommands.c | 20
src/backend/commands/functioncmds.c | 29
src/backend/commands/lockcmds.c | 3
src/backend/commands/proclang.c | 6
src/backend/commands/tablecmds.c | 23
src/backend/commands/trigger.c | 25
src/backend/executor/execJunk.c | 6
src/backend/executor/execMain.c | 210 +++
src/backend/executor/execQual.c | 4
src/backend/executor/execScan.c | 40
src/backend/executor/execTuples.c | 19
src/backend/executor/execUtils.c | 10
src/backend/executor/functions.c | 6
src/backend/executor/nodeAgg.c | 5
src/backend/executor/nodeMergejoin.c | 2
src/backend/executor/nodeSubplan.c | 4
src/backend/executor/nodeWindowAgg.c | 4
src/backend/executor/spi.c | 4
src/backend/libpq/be-fsstubs.c | 16
src/backend/nodes/copyfuncs.c | 44
src/backend/nodes/equalfuncs.c | 34
src/backend/nodes/outfuncs.c | 41
src/backend/nodes/readfuncs.c | 36
src/backend/optimizer/plan/createplan.c | 6
src/backend/optimizer/plan/planner.c | 1
src/backend/optimizer/util/clauses.c | 5
src/backend/optimizer/util/relnode.c | 1
src/backend/parser/analyze.c | 49
src/backend/parser/gram.y | 64 !
src/backend/parser/parse_target.c | 64 !
src/backend/postmaster/postmaster.c | 43
src/backend/rewrite/rewriteHandler.c | 3
src/backend/security/Makefile | 23
src/backend/security/pgaceCommon.c | 729 ++++++++++++
src/backend/security/pgaceHooks.c | 1524 ++++++++++++++++++++++++++
src/backend/security/rowacl/rowacl.c | 721 ++++++++++++
src/backend/security/sepgsql/avc.c | 1118 +++++++++++++++++++
src/backend/security/sepgsql/core.c | 623 ++++++++++
src/backend/security/sepgsql/hooks.c | 952 ++++++++++++++++
src/backend/security/sepgsql/permissions.c | 785 +++++++++++++
src/backend/security/sepgsql/proxy.c | 1134 +++++++++++++++++++
src/backend/storage/file/fd.c | 7
src/backend/storage/ipc/ipci.c | 2
src/backend/tcop/fastpath.c | 2
src/backend/tcop/pquery.c | 2
src/backend/tcop/utility.c | 3
src/backend/utils/adt/acl.c | 6
src/backend/utils/adt/ri_triggers.c | 25
src/backend/utils/adt/trigfuncs.c | 11
src/backend/utils/cache/catcache.c | 32
src/backend/utils/cache/plancache.c | 12
src/backend/utils/cache/relcache.c | 38
src/backend/utils/cache/syscache.c | 40
src/backend/utils/fmgr/dfmgr.c | 10
src/backend/utils/init/postinit.c | 4
src/backend/utils/misc/guc.c | 58
src/backend/utils/misc/postgresql.conf.sample | 6
src/include/access/htup.h | 68 +
src/include/access/sysattr.h | 9
src/include/access/tupdesc.h | 2
src/include/catalog/heap.h | 11
src/include/catalog/indexing.h | 5
src/include/catalog/pg_attribute.h | 495 !!!!!!!!
src/include/catalog/pg_class.h | 2
src/include/catalog/pg_proc.h | 21
src/include/catalog/pg_proc_fn.h | 3
src/include/catalog/pg_security.h | 31
src/include/catalog/pg_type.h | 1
src/include/executor/executor.h | 11
src/include/executor/tuptable.h | 4
src/include/fmgr.h | 3
src/include/libpq/be-fsstubs.h | 3
src/include/nodes/nodes.h | 4
src/include/nodes/parsenodes.h | 17
src/include/nodes/plannodes.h | 10
src/include/nodes/relation.h | 2
src/include/nodes/security.h | 45
src/include/pg_config.h.in | 3
src/include/security/pgace.h | 180 +++
src/include/security/rowacl.h | 41
src/include/security/sepgsql.h | 230 +++
src/include/storage/fd.h | 1
src/include/storage/lwlock.h | 1
src/include/utils/acl.h | 7
src/include/utils/catcache.h | 1
src/include/utils/errcodes.h | 7
src/include/utils/rel.h | 18
src/include/utils/syscache.h | 4
110 files changed, 9697 insertions(+), 16 deletions(-), 918 modifications(!)

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

Updates of SE-PostgreSQL 8.4devel patches (r1408) at 2009-01-14 06:59:50 from KaiGai Kohei

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Zdenek Kotala	2009-01-16 09:50:45	PL test fails on several animals
Previous Message	Joshua D. Drake	2009-01-16 07:14:34	Re: FWD: Re: Updated backslash consistency patch