| From: | Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
| Subject: | Re: security labels on databases are bad for dump & restore |
| Date: | 2015-07-20 23:01:14 |
| Message-ID: | CAKRt6CSZoe8iUYgB2CK+WOrPtuwmTTsYUdZEdObc7UksiMdGyA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Consistency with existing practice would indeed have pg_dump ignore
> pg_shseclabel and have pg_dumpall reproduce its entries.
I think that makes sense, but what about other DATABASE level info
such as COMMENT? Should that also be ignored by pg_dump as well? I'm
specifically thinking of the discussion from the following thread:
http://www.postgresql.org/message-id/20150317172459.GM3636@alvh.no-ip.org
If COMMENT is included then why not SECURITY LABEL or others?
> In a greenfield, I would make "pg_dump --create" reproduce pertinent entries
> from datacl, pg_db_role_setting, pg_shseclabel and pg_shdescription. I would
> make non-creating pg_dump reproduce none of those.
I think the bigger question is "Where is the line drawn between
pg_dump and pg_dumpall?". At what point does one tool become the
other?
-Adam
--
Adam Brightwell - adam(dot)brightwell(at)crunchydatasolutions(dot)com
Database Engineer - www.crunchydatasolutions.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Brightwell | 2015-07-20 23:05:41 | Re: Unnecessary #include in objectaddress.h? |
| Previous Message | Alvaro Herrera | 2015-07-20 22:10:48 | Re: Unnecessary #include in objectaddress.h? |