pgsql: Support SECURITY LABEL on databases, tablespaces, and roles.

From: Robert Haas <rhaas(at)postgresql(dot)org>
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Support SECURITY LABEL on databases, tablespaces, and roles.
Date: 2011-07-20 17:18:39
Message-ID: E1QjaPv-0004Lz-AC@gemulon.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Support SECURITY LABEL on databases, tablespaces, and roles.

This requires a new shared catalog, pg_shseclabel.

Along the way, fix the security_label regression tests so that they
don't monkey with the labels of any pre-existing objects. This is
unlikely to matter in practice, since only the label for the "dummy"
provider was being manipulated. But this way still seems cleaner.

KaiGai Kohei, with fairly extensive hacking by me.

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/463f2625a5fb183b6a8925ccde98bb3889f921d9

Modified Files
--------------
doc/src/sgml/catalogs.sgml | 78 +++++++++++
doc/src/sgml/ref/security_label.sgml | 3 +
src/backend/catalog/Makefile | 2 +-
src/backend/catalog/catalog.c | 3 +
src/backend/catalog/system_views.sql | 32 ++++-
src/backend/commands/dbcommands.c | 5 +-
src/backend/commands/seclabel.c | 183 ++++++++++++++++++++++++-
src/backend/commands/tablespace.c | 4 +-
src/backend/commands/user.c | 4 +-
src/backend/parser/gram.y | 3 +
src/bin/pg_dump/dumputils.c | 44 ++++++
src/bin/pg_dump/dumputils.h | 4 +
src/bin/pg_dump/pg_dump.c | 18 +++
src/bin/pg_dump/pg_dumpall.c | 56 ++++++--
src/include/catalog/catversion.h | 2 +-
src/include/catalog/indexing.h | 3 +
src/include/catalog/pg_shseclabel.h | 41 ++++++
src/include/commands/seclabel.h | 1 +
src/test/regress/expected/rules.out | 6 +-
src/test/regress/expected/sanity_check.out | 3 +-
src/test/regress/input/security_label.source | 35 ++++-
src/test/regress/output/security_label.source | 45 +++++-
22 files changed, 534 insertions(+), 41 deletions(-)

Browse pgsql-committers by date

  From Date Subject
Next Message Bruce Momjian 2011-07-20 20:38:57 pgsql: In pg_upgrade, use pg_strudup(), for consistency.
Previous Message Tom Lane 2011-07-20 17:04:18 pgsql: Rewrite libxml error handling to be more robust.