On 04/05/2017 02:29 PM, Mike Palmiotto wrote: > I'm going to hold the partition table regression changes for a > separate patch and include some ORDER BY fixes. Will post tomorrow > > In the meantime, attached are the latest and greatest patches.
I'm going to push the attached in a few hours unless there is any additional discussion. As stated above we'll do the regression changes in a separate patch once that is sorted. I used Tom's approach and comment wording for 0001a. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
diff --git a/contrib/sepgsql/label.c b/contrib/sepgsql/label.c index 1a8f884..5e2eba6 100644 *** a/contrib/sepgsql/label.c --- b/contrib/sepgsql/label.c *************** *** 10,15 **** --- 10,25 ---- */ #include "postgres.h" + #include <selinux/label.h> + + /* + * <selinux/label.h> includes <stdbool.h>, which creates an incompatible + * #define for bool. Get rid of that so we can use our own typedef. + * (We don't care if <stdbool.h> redefines "true"/"false"; those are close + * enough.) + */ + #undef bool + #include "access/heapam.h" #include "access/htup_details.h" #include "access/genam.h" *************** *** 37,44 **** #include "sepgsql.h" - #include <selinux/label.h> - /* * Saved hook entries (if stacked) */ --- 47,52 ----
diff --git a/contrib/sepgsql/relation.c b/contrib/sepgsql/relation.c
index ab98a9b..2ea6bfb 100644
*** a/contrib/sepgsql/relation.c
--- b/contrib/sepgsql/relation.c
*************** sepgsql_relation_post_create(Oid relOid)
*** 243,249 ****
HeapTuple tuple;
Form_pg_class classForm;
ObjectAddress object;
! uint16 tclass;
char *scontext; /* subject */
char *tcontext; /* schema */
char *rcontext; /* relation */
--- 243,249 ----
HeapTuple tuple;
Form_pg_class classForm;
ObjectAddress object;
! uint16_t tclass;
char *scontext; /* subject */
char *tcontext; /* schema */
char *rcontext; /* relation */
*************** sepgsql_relation_drop(Oid relOid)
*** 413,419 ****
{
ObjectAddress object;
char *audit_name;
! uint16_t tclass;
char relkind;
relkind = get_rel_relkind(relOid);
--- 413,419 ----
{
ObjectAddress object;
char *audit_name;
! uint16_t tclass = 0;
char relkind;
relkind = get_rel_relkind(relOid);
diff --git a/contrib/sepgsql/label.c b/contrib/sepgsql/label.c
index 1a8f884..4dda82a 100644
*** a/contrib/sepgsql/label.c
--- b/contrib/sepgsql/label.c
*************** exec_object_restorecon(struct selabel_ha
*** 779,785 ****
case RelationRelationId:
relForm = (Form_pg_class) GETSTRUCT(tuple);
! if (relForm->relkind == RELKIND_RELATION)
objtype = SELABEL_DB_TABLE;
else if (relForm->relkind == RELKIND_SEQUENCE)
objtype = SELABEL_DB_SEQUENCE;
--- 779,786 ----
case RelationRelationId:
relForm = (Form_pg_class) GETSTRUCT(tuple);
! if (relForm->relkind == RELKIND_RELATION ||
! relForm->relkind == RELKIND_PARTITIONED_TABLE)
objtype = SELABEL_DB_TABLE;
else if (relForm->relkind == RELKIND_SEQUENCE)
objtype = SELABEL_DB_SEQUENCE;
diff --git a/contrib/sepgsql/relation.c b/contrib/sepgsql/relation.c
index ab98a9b..f8689c0 100644
*** a/contrib/sepgsql/relation.c
--- b/contrib/sepgsql/relation.c
*************** sepgsql_attribute_post_create(Oid relOid
*** 54,65 ****
ObjectAddress object;
Form_pg_attribute attForm;
StringInfoData audit_name;
/*
! * Only attributes within regular relation have individual security
! * labels.
*/
! if (get_rel_relkind(relOid) != RELKIND_RELATION)
return;
/*
--- 54,66 ----
ObjectAddress object;
Form_pg_attribute attForm;
StringInfoData audit_name;
+ char relkind = get_rel_relkind(relOid);
/*
! * Only attributes within regular relation or partition relations have
! * individual security labels.
*/
! if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
return;
/*
*************** sepgsql_attribute_drop(Oid relOid, AttrN
*** 135,142 ****
{
ObjectAddress object;
char *audit_name;
! if (get_rel_relkind(relOid) != RELKIND_RELATION)
return;
/*
--- 136,144 ----
{
ObjectAddress object;
char *audit_name;
+ char relkind = get_rel_relkind(relOid);
! if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
return;
/*
*************** sepgsql_attribute_relabel(Oid relOid, At
*** 167,174 ****
{
ObjectAddress object;
char *audit_name;
! if (get_rel_relkind(relOid) != RELKIND_RELATION)
ereport(ERROR,
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
errmsg("cannot set security label on non-regular columns")));
--- 169,177 ----
{
ObjectAddress object;
char *audit_name;
+ char relkind = get_rel_relkind(relOid);
! if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
ereport(ERROR,
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
errmsg("cannot set security label on non-regular columns")));
*************** sepgsql_attribute_setattr(Oid relOid, At
*** 209,216 ****
{
ObjectAddress object;
char *audit_name;
! if (get_rel_relkind(relOid) != RELKIND_RELATION)
return;
/*
--- 212,220 ----
{
ObjectAddress object;
char *audit_name;
+ char relkind = get_rel_relkind(relOid);
! if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
return;
/*
*************** sepgsql_relation_post_create(Oid relOid)
*** 291,296 ****
--- 295,301 ----
switch (classForm->relkind)
{
case RELKIND_RELATION:
+ case RELKIND_PARTITIONED_TABLE:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
*************** sepgsql_relation_post_create(Oid relOid)
*** 333,339 ****
true);
/*
! * Assign the default security label on the new relation
*/
object.classId = RelationRelationId;
object.objectId = relOid;
--- 338,345 ----
true);
/*
! * Assign the default security label on the new relation or partitioned
! * table.
*/
object.classId = RelationRelationId;
object.objectId = relOid;
*************** sepgsql_relation_post_create(Oid relOid)
*** 341,350 ****
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
/*
! * We also assigns a default security label on columns of the new regular
! * tables.
*/
! if (classForm->relkind == RELKIND_RELATION)
{
Relation arel;
ScanKeyData akey;
--- 347,356 ----
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
/*
! * We also assign a default security label on columns of a new table.
*/
! if (classForm->relkind == RELKIND_RELATION ||
! classForm->relkind == RELKIND_PARTITIONED_TABLE)
{
Relation arel;
ScanKeyData akey;
*************** sepgsql_relation_drop(Oid relOid)
*** 414,425 ****
ObjectAddress object;
char *audit_name;
uint16_t tclass = 0;
! char relkind;
- relkind = get_rel_relkind(relOid);
switch (relkind)
{
case RELKIND_RELATION:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
--- 420,431 ----
ObjectAddress object;
char *audit_name;
uint16_t tclass;
! char relkind = get_rel_relkind(relOid);
switch (relkind)
{
case RELKIND_RELATION:
+ case RELKIND_PARTITIONED_TABLE:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
*************** sepgsql_relation_drop(Oid relOid)
*** 479,485 ****
/*
* check db_column:{drop} permission
*/
! if (relkind == RELKIND_RELATION)
{
Form_pg_attribute attForm;
CatCList *attrList;
--- 485,491 ----
/*
* check db_column:{drop} permission
*/
! if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
{
Form_pg_attribute attForm;
CatCList *attrList;
*************** sepgsql_relation_relabel(Oid relOid, con
*** 521,531 ****
{
ObjectAddress object;
char *audit_name;
! char relkind;
uint16_t tclass = 0;
! relkind = get_rel_relkind(relOid);
! if (relkind == RELKIND_RELATION)
tclass = SEPG_CLASS_DB_TABLE;
else if (relkind == RELKIND_SEQUENCE)
tclass = SEPG_CLASS_DB_SEQUENCE;
--- 527,536 ----
{
ObjectAddress object;
char *audit_name;
! char relkind = get_rel_relkind(relOid);
uint16_t tclass = 0;
! if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
tclass = SEPG_CLASS_DB_TABLE;
else if (relkind == RELKIND_SEQUENCE)
tclass = SEPG_CLASS_DB_SEQUENCE;
signature.asc
Description: OpenPGP digital signature
