On Thu, Mar 9, 2017 at 9:47 AM, Stephen Frost <sfrost@snowman.net> wrote:
> Greetings,
>
> While going over the contrib modules, I noticed that sepgsql was not
> updated for partitioned tables. What that appears to mean is that it's
> not possible to define labels on partitioned tables. As I recall,
> accessing the parent of a table will, similar to the GRANT system, not
> perform checkes against the child tables, meaning that there's no way to
> have SELinux checks properly enforced when partitioned tables are being
> used.
I'll start taking a look at this. Presumably we'd just extend existing
object_access_hooks to cover partitioned tables?
>
> This is an issue which should be resolved for PG10, so I'll add it to
> the open items list.
I'll grab it. Thanks.
--Mike