On Fri, Aug 5, 2011 at 2:36 PM, Kohei KaiGai <kai...@kaigai.gr.jp> wrote:
> BTW, what is the current status of this patch?
> The status of contrib/sepgsql part is unclear for me, although we agreed that
> syscache is suitable mechanism for security labels.

Sorry it's taken me a while to get around to looking at this.  Reviewing away...

For me, the line you removed from dml.out causes the regression tests to fail.

I don't understand what this is going for:

+       /*
+        * To boost up trusted procedure checks on db_procedure object
+        * class, we also confirm the decision when user calls a procedure
+        * labeled as 'tcontext'.
+        */

Can you explain?

sepgsql_avc_check_perms_label has a formatting error on the line that
says "result = false".  It's not indented correctly.

Several functions do this: sepgsql_avc_check_valid(); do { ... } while
(!sepgsql_avc_check_valid);  I don't understand why we need a loop

The comment for sepgql_avc_check_perms_label uses the word "elsewhere"
when it really means "otherwise".

Changing the calling sequence of sepgsql_get_label() would perhaps be
better separated out into its own patch.

Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to