| From: | Mike Palmiotto <mike(dot)palmiotto(at)crunchydata(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: partitioned tables and contrib/sepgsql |
| Date: | 2017-03-09 14:59:14 |
| Message-ID: | CAMN686Ek=1EVfZDXyRQs3iNh9Fq36VKWKVMQPQM9yL+m0509nw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 9, 2017 at 9:47 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Greetings,
>
> While going over the contrib modules, I noticed that sepgsql was not
> updated for partitioned tables. What that appears to mean is that it's
> not possible to define labels on partitioned tables. As I recall,
> accessing the parent of a table will, similar to the GRANT system, not
> perform checkes against the child tables, meaning that there's no way to
> have SELinux checks properly enforced when partitioned tables are being
> used.
I'll start taking a look at this. Presumably we'd just extend existing
object_access_hooks to cover partitioned tables?
>
> This is an issue which should be resolved for PG10, so I'll add it to
> the open items list.
I'll grab it. Thanks.
--Mike
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2017-03-09 15:00:47 | Re: CREATE/ALTER ROLE PASSWORD ('value' USING 'method') |
| Previous Message | Stephen Frost | 2017-03-09 14:47:18 | partitioned tables and contrib/sepgsql |