Re: One question about security label command

The attached patch revises error message when security label
is specified on unsupported object.
getObjectTypeDescription() may be better than oid of catalog.

postgres=# SECURITY LABEL FOR selinux ON ROLE kaigai
postgres-# IS 'system_u:object_r:unlabeled_t:s0';
ERROR: sepgsql provider does not support labels on role

2015-03-09 23:55 GMT+09:00 Robert Haas <robertmhaas(at)gmail(dot)com>:
> On Tue, Mar 3, 2015 at 5:01 AM, Kouhei Kaigai <kaigai(at)ak(dot)jp(dot)nec(dot)com> wrote:
>> From standpoint of SQL syntax, yep, SECURITY LABEL command support
>> the object types below, however, it fully depends on security label
>> provider; sepgsql.so in this case.
>> At this moment, it supports database, schema, function, tables and
>> column are supported by sepgsql. So, it is expected behavior.
>
> If the core system supports labels on other object types and sepgsql
> does not, it should give a better error for those cases, like:
>
> ERROR: sepgsql provider does not support labels on roles
>
> Errors like "ERROR: unsupported object type: 1260" are a good way to
> report a failure that is never expected to happen, but they shouldn't
> be used as user-facing error messages.
>
> --
> Robert Haas
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers

--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>