Hi Joe, The attached one is the regression test fixup in v9.2. As we applied to the v9.3 or later, it replaces unconfined_t domain by the self defined sepgsql_regtest_superuser_t.
Unfortunately, I found a bug to process SELECT INTO statement. Because v9.2 didn't have ObjectAccessPostCreate to inform the context when a relation is newly created, thus, sepgsql had an ugly alternative at sepgsql_executor_start(). It saves kind of statement prior to executor start, then it is referenced when sepgsql_relation_post_create() is called. However, T_CreateTableAsStmt was oversight, thus it is considered as a harmless internal operation, and no label was assigned on the new relation. I'm not certain why we oversight at that time, however, this logic is removed and replaced in v9.3. Thanks, -- NEC Business Creation Division / PG-Strom Project KaiGai Kohei <kai...@ak.jp.nec.com> > -----Original Message----- > From: Joe Conway [mailto:m...@joeconway.com] > Sent: Tuesday, September 08, 2015 10:15 AM > To: Kaigai Kouhei(海外 浩平); Adam Brightwell > Cc: Stephen Frost; Alvaro Herrera; Kohei KaiGai; Tom Lane; Robert Haas; 张元 > 超; pgsql-hackers@postgresql.org; adam.brightw...@crunchydata.com > Subject: Re: [HACKERS] One question about security label command > > On 09/07/2015 04:46 PM, Kouhei Kaigai wrote: > >>>>> 3.) Rework patch for 9.2 (Kohei) > >> > > Could you wait for the next Monday? > > I'll try to work this in the next weekend. > > Sure, that would be great. > > Joe > > -- > Crunchy Data - http://crunchydata.com > PostgreSQL Support for Secure Enterprises > Consulting, Training, & Open Source Development
sepgsql-fixup-regtest-policy.v9.2.patch
Description: sepgsql-fixup-regtest-policy.v9.2.patch
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers