Updates of SE-PostgreSQL 8.4devel patches (r1244)

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: pgsql-hackers(at)postgresql(dot)org
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Subject: Updates of SE-PostgreSQL 8.4devel patches (r1244)
Date: 2008-11-24 12:58:35
Message-ID: 492AA4FB.3090906@kaigai.gr.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I updated the patch set of SE-PostgreSQL (revision 1244).

[1/6] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1244.patch
[2/6] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1244.patch
[3/6] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1244.patch
[4/6] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1244.patch
[5/6] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1244.patch
[6/6] http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1244.patch

Draft of the SE-PostgreSQL documentation is here:
http://wiki.postgresql.org/wiki/SEPostgreSQL

This revision contains some fixes required by some persons.
(Thanks for Simon, Bruce and Tom.)

List of updates:
- Rebase to the latest CVS HEAD.

- The fixed length security field of HeapTupleHeader becomes optimal.
It enables enhanced security mechanism to control its allocation on
heap_form_tuple(), and to reduce unnecessary storage consumption.
The TupleDesc structure got a new variable of "tdhassecurity".
When it is true, heap_form_tuple() allocates an additional field
to store security identifier. The enhanced security mechanism can
control value of the flag via a new hook: pgaceTupleDescHasSecurity().

- SE-PostgreSQL got a new GUC variable: "sepostgresql_row_level".
When it turned off, SE-PostgreSQL does not apply its row-level
access controls, and does not assign per-tuple security context.

- The following two hooks are removed:
* pgaceIsAllowPlannerHook()
* pgaceIsAllowExecutorRunHook()
And, the following hook is added
* pgaceGramRelationOption()
This hook gives a chance to handle relation options.

- The row-level acl got two new relation options:
* row_level_acl=on|off
When it is tuened off, the row-level access controls are
not applied, and security field is not allocated.
* default_row_acl='...'
It enables to specify a default for newly inserted tuples.

- pg_security system catalog is added to the regression test of
sanity_check.

- Code cleanups related to module installation checks.

Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2008-11-24 13:02:05 Re: [PATCHES] Solve a problem of LC_TIME of windows.
Previous Message Heikki Linnakangas 2008-11-24 12:46:29 Re: Windowing Function Patch Review -> Standard Conformance