Re: [COMMITTERS] pgsql: sepgsql: Support for new post-ALTER access hook.

On Wed, Mar 27, 2013 at 9:09 AM, Thom Brown <thom(at)linux(dot)com> wrote:
> Perhaps something along the lines of:
>
> "When a CREATE FUNCTION command is executed, the install permission
> will be checked to determine whether the LEAKPROOF attribute was
> present. This permission will also be checked when the user tries to
> apply the LEAKPROOF attribute using the ALTER FUNCTION command."
>
> I'm not sure what the last part is actually describing ("with setattr
> permission on the function being altered."), so I'm not sure how that
> should be read. It doesn't help that I'm not familiar with SELinux
> terms.

Right, so what it's trying to say is: whenever you modify an object,
we check whether you've got {setattr} permission for that object and
disallow the operation if not. However, for some operations on some
object types, {setattr} is necessary but not sufficient. The
paragraph is recapping, for various cases, which operations require
additional permissions, and what those additional things are.

> I was really just thinking of CREATE and LEAKPROOF, but I'm not sure
> "CREATE" should be in there anyway.

create here is referring to the sepgsql permission, not the SQL
command, so it's correct as-is.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company