Re: add a MAC check for TRUNCATE

On 11/20/19 2:30 PM, Joe Conway wrote:
> On 11/8/19 9:16 AM, Joe Conway wrote:
>> On 11/8/19 9:02 AM, Yuli Khodorkovskiy wrote:
>>> On Thu, Nov 7, 2019 at 7:46 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>>>>
>>>> On Mon, Sep 30, 2019 at 11:38:05AM -0300, Alvaro Herrera wrote:
>>>> > On 2019-Sep-30, Joe Conway wrote:
>>>> >
>>>> > > I am not sure I will get to this today. I assume it is ok for me to move
>>>> > > it forward e.g. next weekend, or is that not in line with commitfest rules?
>>>> >
>>>> > You can commit whatever patch whenever you feel like it. I will
>>>> > probably move this patch to the next commitfest before that, but you can
>>>> > mark it committed there as soon as you commit it.
>>>>
>>>> One month later, nothing has happened here. Joe, are you planning to
>>>> look at this patch?
>>>>
>>>> The last patch I found does not apply properly, so please provide a
>>>> rebase. I am switching the patch as waiting on author.
>>>
>>> Michael,
>>>
>>> I was able to apply the latest patches in the thread (9/25/19) on top
>>> of master. I have attached them for convenience.
>>
>> Yes, I will look when I am able. Hopefully this weekend, almost
>> certainly before the end of this commitfest.
>
> I tested this successfully on Rhinoceros, both with and without
> "db_table: { truncate }" loaded in the policy. Updated patches attached
> here with some editorialization. If there are no objections I will
> commit/push both in about a day or two.

...and I managed to drop the new files from the sepgsql patch. Complete
version attached.

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development