Re: Multi-tenancy with RLS

On Mon, Jan 4, 2016 at 10:43 PM, Haribabu Kommi
<kommi(dot)haribabu(at)gmail(dot)com> wrote:
> On Mon, Jan 4, 2016 at 8:34 PM, Amit Langote
> <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp> wrote:
>>
>> I tried your latest patch to see what may have caused the infinite
>> recursion. The recursion occurs during backend startup itself, right?
>>
>> ISTM, doing transformWhereClause during RelationCacheInitializePhase3()
>> would not work. Things like operators, functions within the policy qual
>> require namespace lookup which down the line would call
>> RelationBuildRowSecurity for pg_namespace build and so on thus causing the
>> infinite recursion. Perhaps, it would have to be done in a separate phase
>> after the phase 3 but I'm not sure.
>
> Thanks for the test. Yes, the issue happens at backend startup itself.
> I will give a try by separating the initialization of security
> policies after init phase 3.

Here I attached updated patches with the fix of infinite recursion in
RelationBuildRowSecurity function by checking with a variable that
whether the build row security is already in progress for a system
relation or not. If it is already in progress for a relation, then it doesn't
build the row security description for this relation.

Regards,
Hari Babu
Fujitsu Australia