| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Kouhei Kaigai <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, 张元超 <zhangyuanchao(at)highgo(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "adam(dot)brightwell(at)crunchydata(dot)com" <adam(dot)brightwell(at)crunchydata(dot)com> |
| Subject: | Re: One question about security label command |
| Date: | 2015-09-15 18:36:34 |
| Message-ID: | 55F86532.4050907@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 09/13/2015 10:29 AM, Kouhei Kaigai wrote:
> The attached one is the regression test fixup in v9.2.
> As we applied to the v9.3 or later, it replaces unconfined_t domain
> by the self defined sepgsql_regtest_superuser_t.
>
> Unfortunately, I found a bug to process SELECT INTO statement.
> Because v9.2 didn't have ObjectAccessPostCreate to inform the
> context when a relation is newly created, thus, sepgsql had
> an ugly alternative at sepgsql_executor_start().
> It saves kind of statement prior to executor start, then it is
> referenced when sepgsql_relation_post_create() is called.
> However, T_CreateTableAsStmt was oversight, thus it is considered
> as a harmless internal operation, and no label was assigned on
> the new relation.
> I'm not certain why we oversight at that time, however, this logic
> is removed and replaced in v9.3.
Thanks -- I'll look through this over the next day or two.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-09-15 18:39:51 | Re: [PATCH] Refactoring of LWLock tranches |
| Previous Message | Joe Conway | 2015-09-15 18:26:29 | Re: row_security GUC, BYPASSRLS |