Re: Multi-tenancy with RLS

From: Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>
To: Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Multi-tenancy with RLS
Date: 2016-01-06 04:07:01
Message-ID: CAJrrPGdd3EDw9JJHBx40YdZqUCLTzcdeCzbO36D+biNexD-4Og@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Jan 6, 2016 at 1:43 PM, Amit Langote
<Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp> wrote:
> On 2016/01/06 10:17, Haribabu Kommi wrote:
>> On Mon, Jan 4, 2016 at 10:43 PM, Haribabu Kommi
>>>
>>> Thanks for the test. Yes, the issue happens at backend startup itself.
>>> I will give a try by separating the initialization of security
>>> policies after init phase 3.
>>
>> Here I attached updated patches with the fix of infinite recursion in
>> RelationBuildRowSecurity function by checking with a variable that
>> whether the build row security is already in progress for a system
>> relation or not. If it is already in progress for a relation, then it doesn't
>> build the row security description for this relation.
>
> Thanks for updating the patch.
>
> Patch 4_database_catalog_tenancy_v5 fails to apply:
>
> patching file src/backend/commands/policy.c
> Hunk #3 succeeded at 112 with fuzz 2 (offset 3 lines).
> Hunk #4 succeeded at 269 with fuzz 1 (offset 13 lines).
> Hunk #5 succeeded at 298 (offset 13 lines).
> Hunk #6 succeeded at 365 (offset 12 lines).
> Hunk #7 FAILED at 466.
> Hunk #8 succeeded at 577 (offset 22 lines).
> Hunk #9 succeeded at 607 with fuzz 2 (offset 22 lines).
> Hunk #10 succeeded at 633 with fuzz 2 (offset 22 lines).
> Hunk #11 FAILED at 801.
> Hunk #12 FAILED at 813.
> 3 out of 12 hunks FAILED -- saving rejects to file
> src/backend/commands/policy.c.rej

May be you missed to apply the 3_shared_catalog_tenancy_v4 path,
because 4_database_catalog_tenancy_v5 patch depends on it.

Here I attached all the patches for your convenience, I am able to
apply all patches in the order without any problem.

Regards,
Hari Babu
Fujitsu Australia

Attachment Content-Type Size
4_database_catalog_tenancy_v5.patch application/octet-stream 92.5 KB
1_any_privilege_option_v3.patch application/octet-stream 5.3 KB
2_view_security_definer_v3.patch application/octet-stream 12.9 KB
3_shared_catalog_tenancy_v4.patch application/octet-stream 20.9 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2016-01-06 06:04:02 Re: Function and view to retrieve WAL receiver status
Previous Message Jim Nasby 2016-01-06 04:06:17 Re: Add schema-qualified relnames in constraint error messages.