On Thu, Oct 16, 2025 at 11:23 PM jian he <jian.universality@gmail.com> wrote:
> > As for the unnecessary code for security labels on extensions
> > you mentioned earlier, I've created a patch to remove it. Patch attached.
>
> looks good to me.
Thanks for the review! Unless there are any objections, I'll commit the patch.
By the way, while reading the documentation about security labels and
extensions, I noticed this section:
https://www.postgresql.org/docs/devel/extend-extensions.html
> PostgreSQL does not currently support extension scripts issuing CREATE POLICY
> or SECURITY LABEL statements. These are expected to be set after
> the extension has been created. All RLS policies and security labels on
> extension objects will be included in dumps created by pg_dump.
I'm not sure the last sentence is accurate - in my quick test, a security label
on the pgstattuple function wasn't included in the dump. If that's correct,
should we update this part of the documentation, as a separate patch?
------------------------
$ psql
=# CREATE EXTENSION dummy_seclabel ;
=# CREATE EXTENSION pgstattuple ;
=# SECURITY LABEL ON FUNCTION pgstattuple(regclass) IS 'classified';
=# \q
$ pg_dump | grep -i "security label"
COMMENT ON EXTENSION dummy_seclabel IS 'Test code for SECURITY LABEL feature';
------------------------
In the above example, SECURITY LABEL command for pgstattuple function
was not included in the dump.
Regards,
--
Fujii Masao
