pgsql: Support SECURITY LABEL on databases, tablespaces, and roles. - Mailing list pgsql-committers

Support SECURITY LABEL on databases, tablespaces, and roles.

This requires a new shared catalog, pg_shseclabel.

Along the way, fix the security_label regression tests so that they
don't monkey with the labels of any pre-existing objects.  This is
unlikely to matter in practice, since only the label for the "dummy"
provider was being manipulated.  But this way still seems cleaner.

KaiGai Kohei, with fairly extensive hacking by me.

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/463f2625a5fb183b6a8925ccde98bb3889f921d9

Modified Files
--------------
doc/src/sgml/catalogs.sgml                    |   78 +++++++++++
doc/src/sgml/ref/security_label.sgml          |    3 +
src/backend/catalog/Makefile                  |    2 +-
src/backend/catalog/catalog.c                 |    3 +
src/backend/catalog/system_views.sql          |   32 ++++-
src/backend/commands/dbcommands.c             |    5 +-
src/backend/commands/seclabel.c               |  183 ++++++++++++++++++++++++-
src/backend/commands/tablespace.c             |    4 +-
src/backend/commands/user.c                   |    4 +-
src/backend/parser/gram.y                     |    3 +
src/bin/pg_dump/dumputils.c                   |   44 ++++++
src/bin/pg_dump/dumputils.h                   |    4 +
src/bin/pg_dump/pg_dump.c                     |   18 +++
src/bin/pg_dump/pg_dumpall.c                  |   56 ++++++--
src/include/catalog/catversion.h              |    2 +-
src/include/catalog/indexing.h                |    3 +
src/include/catalog/pg_shseclabel.h           |   41 ++++++
src/include/commands/seclabel.h               |    1 +
src/test/regress/expected/rules.out           |    6 +-
src/test/regress/expected/sanity_check.out    |    3 +-
src/test/regress/input/security_label.source  |   35 ++++-
src/test/regress/output/security_label.source |   45 +++++-
22 files changed, 534 insertions(+), 41 deletions(-)