[HACKERS] Updates of SE-PostgreSQL 8.4devel patches (r1522)

Thu, 05 Feb 2009 21:17:43 -0800 

The following patches are updated ones:

[1/5] 
http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1522.patch
[2/5] 
http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1522.patch
[3/5] 
http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1522.patch
[4/5] 
http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1522.patch
[5/5] 
http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1522.patch

- List of updates:
 * The facilities of PGACE are removed.
 * The facilities of row-level access controls are separated.
 * The facilities of security attribute management are separated.
   - The pg_security system catalog, the idea of security identifier
     and the "security_label" system column are included.
   - AVC become to accept text form security context.
   - pg_class, pg_attribute, pg_database and pg_proc got a new field
     to store text form security context.
 * A few of security hooks are integrated into pg_xxx_aclcheck()
   - sepgsqlCheckProcedureExecute() from pg_proc_aclmask()
   - sepgsqlCheckDatabaseAccess() from pg_database_aclmask()
 * Access controls on large objects are separated.
 * The baseline security policy module is omitted, so the 3rd patch
   provides only developer's policy.
 * Descriptions about PGACE and row-level access controls are separated.
 * Testcases are reworked.
 * Anyway, most of patches are reworked!

- Scale of patches
 It may seem you the updated version is not smaller than previous
 version, but more than half of affected lines are come from changes
 in system catalog.

 * The previous full-functional version (r1467)
  $ diffstat sepostgresql-sepgsql-8.4devel-3-r1467.patch
       :
  110 files changed, 9813 insertions(+), 16 deletions(-), 924 modifications(!)

 * Current version (r1522)
  $ diffstat sepostgresql-sepgsql-8.4devel-3-r1522.patch
       :
   src/include/catalog/pg_attribute.h            |  500 !!!
   src/include/catalog/pg_class.h                |   12
   src/include/catalog/pg_database.h             |    6
   src/include/catalog/pg_proc.h                 | 4207 
!!!!!!!!!!!!!!!!!!!!!!!!!!
       :
   65 files changed, 4737 insertions(+), 11 deletions(-), 4908 modifications(!)

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kai...@ak.jp.nec.com>

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to