From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: sepgsql contrib module |
Date: | 2011-01-27 05:43:31 |
Message-ID: | 4D410603.6050805@ak.jp.nec.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
(2011/01/27 0:25), Robert Haas wrote:
> 2011/1/25 KaiGai Kohei<kaigai(at)ak(dot)jp(dot)nec(dot)com>:
>> (2011/01/26 12:23), KaiGai Kohei wrote:
>>>>> Yikes. On further examination, exec_object_restorecon() is pretty
>>>>> bogus. Surely you need some calls to quote_literal_cstr() in there
>>>>> someplace.
>>>>
>>> Are you concerning about the object name being supplied to
>>> selabel_lookup_raw() in exec_object_restorecon()?
>>> I also think this quoting you suggested is reasonable.
>>>
>> How about the case when the object name only contains alphabet and
>> numerical characters?
>
> Oh, quote_literal_cstr() is the wrong function - these are
> identifiers, not literals. So we should use quote_identifier().
>
OK, I did with quote_identifier().
The attached patch fixes up several stuffs in sepgsql module.
- The object names being supplied to selabel_lookup_raw() to
lookup initial labels become qualified by quote_identifier(),
if necessary.
- On access violation, sepgsql_check_perms() records audit
logs. It contains object name being referenced.
It became generated using getObjectDescription().
- Also, sepgsql_audit_log() becomes to quote the supplied
object name, because it may contains white-space.
- Error messages become obtaining "%m", when the error was
originated from the libselinux interfaces. It will provides
DBA a hint why interactions with SELinux does not work well.
- Documentation was updated to suggest users to install
libselinux v2.0.93 or later, because it used newer features
than ones provided in v2.0.80.
- Regression Test was updated, because of error message updates.
Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Attachment | Content-Type | Size |
---|---|---|
sepgsql-v9.1-fixup.1.patch | application/octect-stream | 17.1 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Noah Misch | 2011-01-27 06:14:28 | Re: ALTER TYPE 3: add facility to identify further no-work cases |
Previous Message | Fujii Masao | 2011-01-27 04:44:20 | Re: Include WAL in base backup |