From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | Joshua Brindle <method(at)manicmethod(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Updates of SE-PostgreSQL 8.4devel patches (r1522) |
Date: | 2009-02-06 05:16:23 |
Message-ID: | 498BC7A7.5050002@ak.jp.nec.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
The following patches are updated ones:
[1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1522.patch
[2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1522.patch
[3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1522.patch
[4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1522.patch
[5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1522.patch
- List of updates:
* The facilities of PGACE are removed.
* The facilities of row-level access controls are separated.
* The facilities of security attribute management are separated.
- The pg_security system catalog, the idea of security identifier
and the "security_label" system column are included.
- AVC become to accept text form security context.
- pg_class, pg_attribute, pg_database and pg_proc got a new field
to store text form security context.
* A few of security hooks are integrated into pg_xxx_aclcheck()
- sepgsqlCheckProcedureExecute() from pg_proc_aclmask()
- sepgsqlCheckDatabaseAccess() from pg_database_aclmask()
* Access controls on large objects are separated.
* The baseline security policy module is omitted, so the 3rd patch
provides only developer's policy.
* Descriptions about PGACE and row-level access controls are separated.
* Testcases are reworked.
* Anyway, most of patches are reworked!
- Scale of patches
It may seem you the updated version is not smaller than previous
version, but more than half of affected lines are come from changes
in system catalog.
* The previous full-functional version (r1467)
$ diffstat sepostgresql-sepgsql-8.4devel-3-r1467.patch
:
110 files changed, 9813 insertions(+), 16 deletions(-), 924 modifications(!)
* Current version (r1522)
$ diffstat sepostgresql-sepgsql-8.4devel-3-r1522.patch
:
src/include/catalog/pg_attribute.h | 500 !!!
src/include/catalog/pg_class.h | 12
src/include/catalog/pg_database.h | 6
src/include/catalog/pg_proc.h | 4207 !!!!!!!!!!!!!!!!!!!!!!!!!!
:
65 files changed, 4737 insertions(+), 11 deletions(-), 4908 modifications(!)
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
From | Date | Subject | |
---|---|---|---|
Next Message | Simon Riggs | 2009-02-06 07:56:05 | Re: new GUC var: autovacuum_process_all_tables |
Previous Message | K, Niranjan (NSN - IN/Bangalore) | 2009-02-06 05:14:48 | Re: Synch Replication |