The attached patch adds argument of OAT_POST_CREATE hook;
to inform extensions type of the context of this object creation. It allows
extensions to know whether the new object is indirectly created apart
from user's operations, or not.
I found out this flag is necessary to add feature to support selinux
checks on ALTER statement (with reasonably simple code) during
my investigation.
A table has various kind of properties; some of them are inlined in
pg_class but others are stored in extra catalogs such as pg_trigger,
pg_constraint and so on.
It might take an extra discussion whether trigger or constraint is
an independent object or an attribute of table. But, anyway, the
default permission checks table's ownership or ACLs when we
create or drop them. I don't think sepgsql should establish its own
object model here.
So, I want sepgsql to check table's "setattr" permission when user
create, drop or alter these objects.
In case of index creation, here are two cases a) user's operation
intend to create index, thus, checks permission of the table being
indexed on b) index is indirectly created as a result of other
operations like change of column's data type.
Due to same reason why we don't check permissions for cleanup
of temporary object, I don't want to apply checks on the later case.
Right now, sepgsql determines the current context using command
tag being saved at ProceddUtility_hook; to avoid permission checks
on table creation due to CLUSTER command for example.
But, it is not easy to apply this approach for the case of index
creation because it can be defined as a part of ALTER TABLE
which may have multiple sub-commands.
So, I want OAT_POST_CREATE hook to inform the current context
of the object creation; whether it is internal / indirect creation, or not.
This patch includes hook enhancement and "setattr" permission checks
on index creation / deletion.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>