Re: How to get SE-PostgreSQL acceptable
| От | KaiGai Kohei |
|---|---|
| Тема | Re: How to get SE-PostgreSQL acceptable |
| Дата | |
| Msg-id | 4983DD26.9020907@kaigai.gr.jp обсуждение исходный текст |
| Ответ на | Re: How to get SE-PostgreSQL acceptable (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: How to get SE-PostgreSQL acceptable
|
| Список | pgsql-hackers |
Bruce Momjian wrote: > KaiGai Kohei wrote: >>>> Today, I'll debug the modified code... >>> Wow, that was fast. Where are you storing the security information for >>> tables and columns? Did you add a special column to pg_class, etc? >> Security information is stored within padding field of HeapTupleHeader >> as we did. It can be fetched via sepgsql_(table|column|...)_getcon() >> functions, and can be set via SECURITY_LABEL = 'xxx'. > > Well, we are not using row-level security values so why not store it in > its own column regular or as part of the existing ACL structure. I > think it will be very odd for system tables to have this special column > but not user rows. Sorry, my description might easily make confusion. I read it again myself, indeed, it makes confusion. :( SECURITY_LABEL = 'xxx' means following sytle: CREATE TABLE t ( a int, b text SECURITY_LABEL = '...' ) SECURITY_LABEL = '...'; I don't provide both of "security_label" and "security_acl" system columns for system/user tables. I didn't write it explicitly, it might make you confusing. User cannot see what security label is assigned to them due to lack of system column, so new sepgsql_xxx_getcon() functions are provided an interface to see security label. In this patch, I don't touch new system columns. Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>
В списке pgsql-hackers по дате отправления: