2011/1/25 KaiGai Kohei <kai...@ak.jp.nec.com>: > (2011/01/26 12:23), KaiGai Kohei wrote: >>>> Yikes. On further examination, exec_object_restorecon() is pretty >>>> bogus. Surely you need some calls to quote_literal_cstr() in there >>>> someplace. >>> >> Are you concerning about the object name being supplied to >> selabel_lookup_raw() in exec_object_restorecon()? >> I also think this quoting you suggested is reasonable. >> > How about the case when the object name only contains alphabet and > numerical characters?
Oh, quote_literal_cstr() is the wrong function - these are identifiers, not literals. So we should use quote_identifier(). -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
