Bruce Momjian wrote:
> KaiGai Kohei wrote:
>>> Hasn't a plan for this already been posted? See
>>> http://archives.postgresql.org/pgsql-hackers/2009-01/msg02407.php
>> FYI:
>>
>> * previous full-functional SE-PostgreSQL/Row-ACLs
>>
>> [kaigai@fedora10 security]$ wc -l *.c */*.c
>> 729 pgaceCommon.c
>> 1547 pgaceHooks.c
>> 721 rowacl/rowacl.c
>> 1200 sepgsql/avc.c
>> 623 sepgsql/core.c
>> 1019 sepgsql/hooks.c
>> 785 sepgsql/permissions.c
>> 1097 sepgsql/proxy.c
>> 7721 total
>>
>> * A lite SE-PostgreSQL without row-level security,
>> large object support, writable system column
>>
>> [kaigai@fedora10 sepgsql]$ wc -l *.c
>> 904 checker.c
>> 1181 avc.c
>> 360 core.c
>> 55 dummy.c
>> 683 hooks.c
>> 478 label.c
>> 553 perms.c
>> 4214 total
>>
>> Today, I'll debug the modified code...
>
> Wow, that was fast. Where are you storing the security information for
> tables and columns? Did you add a special column to pg_class, etc?
Security information is stored within padding field of HeapTupleHeader
as we did. It can be fetched via sepgsql_(table|column|...)_getcon()
functions, and can be set via SECURITY_LABEL = 'xxx'.
--
KaiGai Kohei <kaigai@kaigai.gr.jp>