Skip site navigation (1) Skip section navigation (2)

Re: [v9.1] sepgsql - userspace access vector cache

From: Kohei Kaigai <Kohei(dot)Kaigai(at)EMEA(dot)NEC(dot)COM>
To: Robert Haas <robertmhaas(at)gmail(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
Cc: PgHacker <pgsql-hackers(at)postgresql(dot)org>, Yeb Havinga<yebhavinga(at)gmail(dot)com>
Subject: Re: [v9.1] sepgsql - userspace access vector cache
Date: 2011-09-01 12:56:19
Message-ID: D0C1A1F8BF513F469926E6C71461D9EC05219F@EX10MBX02.EU.NEC.COM (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
> On Fri, Aug 26, 2011 at 5:32 AM, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
> > Yes. It also caches an expected security label when a client being
> > labeled as "scontext" tries to execute a procedure being labeled as
> > "tcontext", to reduce number of system call invocations on fmgr_hook
> > and needs_fmgr_hook.
> > If the expected security label is not same with "scontext", it means
> > the procedure performs as a trusted procedure that switches security
> > label of the client during its execution; like a security invoker
> > function.
> > A pair of security labels are the only factor to determine whether the
> > procedure is a trusted-procedure, or not. Thus, it is suitable to
> > cache in userspace avc.
> I've committed this, but I still think it would be helpful to revise
> that comment.  The turn "boosted up" is not very precise or
> informative.  Could you submit a separate, comment-only patch to
> improve this?
OK, Please wait for a few days.

NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei(dot)kaigai(at)emea(dot)nec(dot)com>

In response to

pgsql-hackers by date

Next:From: Robert HaasDate: 2011-09-01 13:25:44
Subject: Re: gripes
Previous:From: Robert HaasDate: 2011-09-01 12:51:43
Subject: Re: dblink make fails under postgresql 8.4.4 on mac osx 10.4.11

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group