Quick Links

Updates of SE-PostgreSQL 8.4devel patches (r1522)

From:	KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To:	Bruce Momjian <bruce(at)momjian(dot)us>
Cc:	Joshua Brindle <method(at)manicmethod(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Updates of SE-PostgreSQL 8.4devel patches (r1522)
Date:	2009-02-06 05:16:23
Message-ID:	498BC7A7.5050002@ak.jp.nec.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

The following patches are updated ones:

[1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1522.patch
[2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1522.patch
[3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1522.patch
[4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1522.patch
[5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1522.patch

- List of updates:
* The facilities of PGACE are removed.
* The facilities of row-level access controls are separated.
* The facilities of security attribute management are separated.
- The pg_security system catalog, the idea of security identifier
and the "security_label" system column are included.
- AVC become to accept text form security context.
- pg_class, pg_attribute, pg_database and pg_proc got a new field
to store text form security context.
* A few of security hooks are integrated into pg_xxx_aclcheck()
- sepgsqlCheckProcedureExecute() from pg_proc_aclmask()
- sepgsqlCheckDatabaseAccess() from pg_database_aclmask()
* Access controls on large objects are separated.
* The baseline security policy module is omitted, so the 3rd patch
provides only developer's policy.
* Descriptions about PGACE and row-level access controls are separated.
* Testcases are reworked.
* Anyway, most of patches are reworked!

- Scale of patches
It may seem you the updated version is not smaller than previous
version, but more than half of affected lines are come from changes
in system catalog.

* The previous full-functional version (r1467)
$ diffstat sepostgresql-sepgsql-8.4devel-3-r1467.patch
:
110 files changed, 9813 insertions(+), 16 deletions(-), 924 modifications(!)

* Current version (r1522)
$ diffstat sepostgresql-sepgsql-8.4devel-3-r1522.patch
:
src/include/catalog/pg_attribute.h | 500 !!!
src/include/catalog/pg_class.h | 12
src/include/catalog/pg_database.h | 6
src/include/catalog/pg_proc.h | 4207 !!!!!!!!!!!!!!!!!!!!!!!!!!
:
65 files changed, 4737 insertions(+), 11 deletions(-), 4908 modifications(!)

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

Re: How to get SE-PostgreSQL acceptable at 2009-02-03 05:55:46 from KaiGai Kohei

Responses

Updates of SE-PostgreSQL 8.4devel patches (r1530) at 2009-02-10 01:53:41 from KaiGai Kohei

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Simon Riggs	2009-02-06 07:56:05	Re: new GUC var: autovacuum_process_all_tables
Previous Message	K, Niranjan (NSN - IN/Bangalore)	2009-02-06 05:14:48	Re: Synch Replication