From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
Subject: | Updates of SE-PostgreSQL 8.4devel patches (r1244) |
Date: | 2008-11-24 12:58:35 |
Message-ID: | 492AA4FB.3090906@kaigai.gr.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
I updated the patch set of SE-PostgreSQL (revision 1244).
[1/6] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1244.patch
[2/6] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1244.patch
[3/6] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1244.patch
[4/6] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1244.patch
[5/6] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1244.patch
[6/6] http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1244.patch
Draft of the SE-PostgreSQL documentation is here:
http://wiki.postgresql.org/wiki/SEPostgreSQL
This revision contains some fixes required by some persons.
(Thanks for Simon, Bruce and Tom.)
List of updates:
- Rebase to the latest CVS HEAD.
- The fixed length security field of HeapTupleHeader becomes optimal.
It enables enhanced security mechanism to control its allocation on
heap_form_tuple(), and to reduce unnecessary storage consumption.
The TupleDesc structure got a new variable of "tdhassecurity".
When it is true, heap_form_tuple() allocates an additional field
to store security identifier. The enhanced security mechanism can
control value of the flag via a new hook: pgaceTupleDescHasSecurity().
- SE-PostgreSQL got a new GUC variable: "sepostgresql_row_level".
When it turned off, SE-PostgreSQL does not apply its row-level
access controls, and does not assign per-tuple security context.
- The following two hooks are removed:
* pgaceIsAllowPlannerHook()
* pgaceIsAllowExecutorRunHook()
And, the following hook is added
* pgaceGramRelationOption()
This hook gives a chance to handle relation options.
- The row-level acl got two new relation options:
* row_level_acl=on|off
When it is tuened off, the row-level access controls are
not applied, and security field is not allocated.
* default_row_acl='...'
It enables to specify a default for newly inserted tuples.
- pg_security system catalog is added to the regression test of
sanity_check.
- Code cleanups related to module installation checks.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2008-11-24 13:02:05 | Re: [PATCHES] Solve a problem of LC_TIME of windows. |
Previous Message | Heikki Linnakangas | 2008-11-24 12:46:29 | Re: Windowing Function Patch Review -> Standard Conformance |