I updated the patch set of SE-PostgreSQL (revision 1244).
[1/6] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1244.patch
[2/6] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1244.patch
[3/6] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1244.patch
[4/6] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1244.patch
[5/6] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1244.patch
[6/6] http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1244.patch
Draft of the SE-PostgreSQL documentation is here: http://wiki.postgresql.org/wiki/SEPostgreSQL
This revision contains some fixes required by some persons.
(Thanks for Simon, Bruce and Tom.)
List of updates:
- Rebase to the latest CVS HEAD.
- The fixed length security field of HeapTupleHeader becomes optimal. It enables enhanced security mechanism to control
itsallocation on heap_form_tuple(), and to reduce unnecessary storage consumption. The TupleDesc structure got a new
variableof "tdhassecurity". When it is true, heap_form_tuple() allocates an additional field to store security
identifier.The enhanced security mechanism can control value of the flag via a new hook: pgaceTupleDescHasSecurity().
- SE-PostgreSQL got a new GUC variable: "sepostgresql_row_level". When it turned off, SE-PostgreSQL does not apply its
row-levelaccess controls, and does not assign per-tuple security context.
- The following two hooks are removed: * pgaceIsAllowPlannerHook() * pgaceIsAllowExecutorRunHook() And, the
followinghook is added * pgaceGramRelationOption() This hook gives a chance to handle relation options.
- The row-level acl got two new relation options: * row_level_acl=on|off When it is tuened off, the row-level
accesscontrols are not applied, and security field is not allocated. * default_row_acl='...' It enables to
specifya default for newly inserted tuples.
- pg_security system catalog is added to the regression test of sanity_check.
- Code cleanups related to module installation checks.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>