| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Joshua Brindle <method(at)manicmethod(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: How to get SE-PostgreSQL acceptable |
| Date: | 2009-01-31 02:52:57 |
| Message-ID: | 200901310252.n0V2qvj07264@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei wrote:
> >> Today, I'll debug the modified code...
> >
> > Wow, that was fast. Where are you storing the security information for
> > tables and columns? Did you add a special column to pg_class, etc?
>
> Security information is stored within padding field of HeapTupleHeader
> as we did. It can be fetched via sepgsql_(table|column|...)_getcon()
> functions, and can be set via SECURITY_LABEL = 'xxx'.
Well, we are not using row-level security values so why not store it in
its own column regular or as part of the existing ACL structure. I
think it will be very odd for system tables to have this special column
but not user rows.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Treat | 2009-01-31 03:46:06 | Re: 8.4 release planning |
| Previous Message | KaiGai Kohei | 2009-01-31 01:43:53 | Re: How to get SE-PostgreSQL acceptable |