Re: [sepgsql 2/3] Add db_schema:search permission checks - Mailing list pgsql-hackers

From Kohei KaiGai
Subject Re: [sepgsql 2/3] Add db_schema:search permission checks
Date
Msg-id CADyhKSVULwuQEe9Z1YH0U-SeTMye8K_WWi1NRV0xLOA_R7ATqA@mail.gmail.com
Whole thread Raw
In response to Re: [sepgsql 2/3] Add db_schema:search permission checks  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: [sepgsql 2/3] Add db_schema:search permission checks
List pgsql-hackers
2013/4/1 Robert Haas <robertmhaas@gmail.com>:
> On Tue, Jan 15, 2013 at 3:28 PM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:
>> This patch adds sepgsql support for permission checks equivalent
>> to the existing SCHEMA USE privilege.
>>
>> This feature is constructed on new OAT_SCHEMA_SEARCH event
>> type being invoked around pg_namespace_aclcheck().
>> So, its expected behavior also follows the behavior of existing
>> permissions; unprivileged schema is ignored from the search path,
>> or raise an error if object name is fully qualified.
>>
>> This patch needs src/backend/catalog/objectaccess.c is existing,
>> so please apply this patch on top of this feature.
>> https://commitfest.postgresql.org/action/patch_view?id=1003
>
> KaiGai,
>
> Could you please rebase this patch?
>
OK, please check the attached ones.

Both patches were rebased to the latest master branch, thus, once either
of them got committed, another one has to be rebased later.
Please also pay attention security policy module for regression test was
also adjusted for these features.

Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>

Attachment

pgsql-hackers by date:

Previous
From: Merlin Moncure
Date:
Subject: Re: Page replacement algorithm in buffer cache
Next
From: Kevin Grittner
Date:
Subject: Re: Drastic performance loss in assert-enabled build in HEAD