On Fri, Aug 26, 2011 at 5:32 AM, Kohei KaiGai <kai...@kaigai.gr.jp> wrote: > Yes. It also caches an expected security label when a client being > labeled as "scontext" tries to execute a procedure being labeled as > "tcontext", to reduce number of system call invocations on fmgr_hook > and needs_fmgr_hook. > If the expected security label is not same with "scontext", it means > the procedure performs as a trusted procedure that switches security > label of the client during its execution; like a security invoker > function. > A pair of security labels are the only factor to determine whether the > procedure is a trusted-procedure, or not. Thus, it is suitable to > cache in userspace avc.
I've committed this, but I still think it would be helpful to revise that comment. The turn "boosted up" is not very precise or informative. Could you submit a separate, comment-only patch to improve this? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers