[HACKERS] Updates of SE-PostgreSQL 8.4devel patches (r1244)

Mon, 24 Nov 2008 04:59:18 -0800 

I updated the patch set of SE-PostgreSQL (revision 1244).

[1/6] 
http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1244.patch
[2/6] 
http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1244.patch
[3/6] 
http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1244.patch
[4/6] 
http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1244.patch
[5/6] 
http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1244.patch
[6/6] 
http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1244.patch

Draft of the SE-PostgreSQL documentation is here:
  http://wiki.postgresql.org/wiki/SEPostgreSQL

This revision contains some fixes required by some persons.
(Thanks for Simon, Bruce and Tom.)

List of updates:
- Rebase to the latest CVS HEAD.

- The fixed length security field of HeapTupleHeader becomes optimal.
  It enables enhanced security mechanism to control its allocation on
  heap_form_tuple(), and to reduce unnecessary storage consumption.
  The TupleDesc structure got a new variable of "tdhassecurity".
  When it is true, heap_form_tuple() allocates an additional field
  to store security identifier. The enhanced security mechanism can
  control value of the flag via a new hook: pgaceTupleDescHasSecurity().

- SE-PostgreSQL got a new GUC variable: "sepostgresql_row_level".
  When it turned off, SE-PostgreSQL does not apply its row-level
  access controls, and does not assign per-tuple security context.

- The following two hooks are removed:
    * pgaceIsAllowPlannerHook()
    * pgaceIsAllowExecutorRunHook()
  And, the following hook is added
    * pgaceGramRelationOption()
  This hook gives a chance to handle relation options.

- The row-level acl got two new relation options:
    * row_level_acl=on|off
      When it is tuened off, the row-level access controls are
      not applied, and security field is not allocated.
    * default_row_acl='...'
      It enables to specify a default for newly inserted tuples.

- pg_security system catalog is added to the regression test of
  sanity_check.

- Code cleanups related to module installation checks.

Thanks,
-- 
KaiGai Kohei <[EMAIL PROTECTED]>

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to