Re: One question about security label command

From: Joe Conway <mail(at)joeconway(dot)com>
To: Kouhei Kaigai <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, 张元超 <zhangyuanchao(at)highgo(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "adam(dot)brightwell(at)crunchydata(dot)com" <adam(dot)brightwell(at)crunchydata(dot)com>
Subject: Re: One question about security label command
Date: 2015-09-15 18:36:34
Message-ID: 55F86532.4050907@joeconway.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 09/13/2015 10:29 AM, Kouhei Kaigai wrote:
> The attached one is the regression test fixup in v9.2.
> As we applied to the v9.3 or later, it replaces unconfined_t domain
> by the self defined sepgsql_regtest_superuser_t.
>
> Unfortunately, I found a bug to process SELECT INTO statement.
> Because v9.2 didn't have ObjectAccessPostCreate to inform the
> context when a relation is newly created, thus, sepgsql had
> an ugly alternative at sepgsql_executor_start().
> It saves kind of statement prior to executor start, then it is
> referenced when sepgsql_relation_post_create() is called.
> However, T_CreateTableAsStmt was oversight, thus it is considered
> as a harmless internal operation, and no label was assigned on
> the new relation.
> I'm not certain why we oversight at that time, however, this logic
> is removed and replaced in v9.3.

Thanks -- I'll look through this over the next day or two.

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2015-09-15 18:39:51 Re: [PATCH] Refactoring of LWLock tranches
Previous Message Joe Conway 2015-09-15 18:26:29 Re: row_security GUC, BYPASSRLS