On 09/13/2015 10:29 AM, Kouhei Kaigai wrote:
> The attached one is the regression test fixup in v9.2.
> As we applied to the v9.3 or later, it replaces unconfined_t domain
> by the self defined sepgsql_regtest_superuser_t.
>
> Unfortunately, I found a bug to process SELECT INTO statement.
> Because v9.2 didn't have ObjectAccessPostCreate to inform the
> context when a relation is newly created, thus, sepgsql had
> an ugly alternative at sepgsql_executor_start().
> It saves kind of statement prior to executor start, then it is
> referenced when sepgsql_relation_post_create() is called.
> However, T_CreateTableAsStmt was oversight, thus it is considered
> as a harmless internal operation, and no label was assigned on
> the new relation.
> I'm not certain why we oversight at that time, however, this logic
> is removed and replaced in v9.3.
Thanks -- I'll look through this over the next day or two.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
