2011/6/9 Robert Haas :
> On Thu, Jun 9, 2011 at 3:59 AM, Kohei KaiGai wrote:
>> The only modification by this patch to the core routine is a new
>> syscache for pg_seclabel system catalog. The SECLABELOID enables to
>> reference security label of the object using syscache int
Oops, subject was incorrect. It should be [v9.2], not [v9.1]
2011/6/9 Kohei KaiGai :
> The attached patch adds contrib/sepgsql a cache mechanism for access
> control decision of SELinux. It shall reduce the total number of
> system call invocations to improve the performance on i
The attached patch adds contrib/sepgsql a cache mechanism for access
control decision of SELinux. It shall reduce the total number of
system call invocations to improve the performance on its access
controls.
In the current implementation, the sepgsql always raises a query to
SELinux in-kernel. Ho
This patch enables to fix up leaky-view problem using functions with tiny cost
estimation scenario.
The point of this scenario is criteria to reorder qualifiers of scanning plan
in order_qual_clauses(). The optimizer may pull up simple subqueries into upper
level, then its qualifier will get me
ks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei
> -Original Message-
> From: Devrim GÜNDÜZ [mailto:dev...@gunduz.org]
> Sent: 21. Mai 2011 07:46
> To: Kohei Kaigai
> Cc: Emanuel Calvo; postgresql Forums; KaiGai Kohei
> Subject: Re: [GENERAL] Error compiling
2011/5/23 Robert Haas :
> On Sun, May 22, 2011 at 5:52 AM, Kohei KaiGai wrote:
>> The attached patch fixes up case handling in foreign tables.
>>
>> Now it didn't assign security label on foreign table on its creation
>> time, and didn't check access rights
The attached patch fixes up case handling in foreign tables.
Now it didn't assign security label on foreign table on its creation
time, and didn't check access rights on the dml hook.
This patch fixes these problems; It allows foreign tables default
labeling and access checks as db_table object cl
problem.
Thanks,
> -Original Message-
> From: pgsql-hackers-ow...@postgresql.org
> [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of
> Kohei Kaigai
> Sent: 10. Mai 2011 12:56
> To: Robert Haas; Stephen Frost; Heikki Linnakangas; Tom Lane
> Cc: pgsql-hackers
>
I'd like to summarize expected issues corresponding to leaky-view and RLS
towards v9.2, and PGcon2011/Developer Meeting.
We already made consensus the leaky-view is a problem to be fixed previous
to the row-level security feature.
We know several ways to leak/infer contents of tuples to be invisi
I found a few misdescriptions at SECURITY LABEL documentation.
It might come from the COMMENT ON page.
The attached patch will fix them.
Thanks,
--
KaiGai Kohei
pgsql-fix-security-label-doc.patch
Description: Binary data
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
Sorry, I missed a permission check on invocation of trusted procedures.
When client's label getting switched to Y from X, we needed to check
process:transition permission between label X and label Y.
It is same manner when OS launches a program with a special label to
cause domain transition.
The
I found a problem that extension.c does not invoke post-creation hook
on its creation time, although no module supports to assign security
label on extension objects right now.
The attached patch tries to fix it.
Thanks,
--
KaiGai Kohei
pgsql-extension-hook.patch
Description: Binary data
--
m an older snapshot (20091117), so it does not have enough rules
to run SE-PostgreSQL.
Right now, Fedora 13/14 is the easiest way.
Thanks,
--
NEC Europe Ltd, Global Competence Center
KaiGai Kohei
> -Original Message-
> From: Robert Haas [mailto:robertmh...@gmail.com]
> Se
The attached patch removes rules to build a policy package for regression
test and modifies documentation part to introduce steps to run the test.
Thanks,
--
NEC Europe Ltd, Global Competence Center
KaiGai Kohei
> -Original Message-
> From: Kohei Kaigai
> Sent: 15 February 2
> -Original Message-
> From: Robert Haas [mailto:robertmh...@gmail.com]
> Sent: 15 February 2011 16:52
> To: Tom Lane
> Cc: Andrew Dunstan; Kohei Kaigai; Stephen Frost; KaiGai Kohei; PgHacker
> Subject: Re: [HACKERS] sepgsql contrib module
>
> On Tue, Feb 15, 20
16:29
> To: Kohei Kaigai
> Cc: Robert Haas; KaiGai Kohei; PgHacker
> Subject: Re: [HACKERS] sepgsql contrib module
>
> KaiGai,
>
> * Kohei Kaigai (kohei.kai...@eu.nec.com) wrote:
> > > It would be good to have some buildfarm coverage of this code. Can
> > >
Sorry for the late responding, because of my relocation.
> It would be good to have some buildfarm coverage of this code. Can we
> find anyone brave enough to set up a buildfarm critter using
> --with-selinux?
>
Although I don't have an account on the buildfarm, I'll set up an environment
for dai
2011/1/22 Robert Haas :
> On Fri, Jan 21, 2011 at 9:55 AM, Tom Lane wrote:
>> Robert Haas writes:
>>> For that matter, I wonder what happens with regular function
>>> permissions. If the plan inlines the function and then somebody goes
>>> and changes the permission on the function and makes it
2011/1/22 Robert Haas :
> On Fri, Jan 21, 2011 at 10:46 AM, Tom Lane wrote:
>> Robert Haas writes:
>>> On Fri, Jan 21, 2011 at 9:55 AM, Tom Lane wrote:
ALTER FUNCTION is supposed to cause plan invalidation in such a case.
Not sure if GRANT plays nice with that though.
>>
>>> And in the
Zdenek Kotala wrote:
> Kohei KaiGai napsal(a):
>> It seems to me some of SE-PostgreSQL patches are not delivered yet,
>> although [3/4] and [4/4] were already done.
>>
>> Does anti-spam system caught my previous three messages?
>> If necessary, I will send them
[2/4] - sepostgresql-sepgsql-8.4devel-3.patch.gz
This patch provides SE-PostgreSQL facilities based on PGACE.
Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension
built in PostgreSQL, to provide system-wide consistency in access
controls. It enables to apply a single unigied secur
The series of patches are the proposal of Security-Enhanced PostgreSQL
(SE-PostgreSQL) for the upstreamed PostgreSQL 8.4 development cycle.
[1/4] sepostgresql-pgace-8.4devel-3.patch
provides PGACE (PostgreSQL Access Control Extension) framework
[2/4] sepostgresql-sepgsql-8.4devel-3.patc
It seems to me some of SE-PostgreSQL patches are not delivered yet,
although [3/4] and [4/4] were already done.
Does anti-spam system caught my previous three messages?
If necessary, I will send them again.
Thanks,
Kohei KaiGai wrote:
> The series of patches are the proposal of Secur
[3/4] - sepostgresql-pg_dump-8.4devel-3.patch
This patch gives us a feature to dump database with security attribute.
It is turned on with '--enable-selinux' option at pg_dump/pg_dumpall,
when the server works as SE- version.
No need to say, users need to have enough capabilities to dump whole of
[4/4] - sepostgresql-policy-8.4devel-3.patch
This patch gives us the default security policy for SE-PostgreSQL.
You can build it as a security policy module. It can be linked with
the existing distributor's policy, and reloaded.
--
OSS Platform Development Division, NEC
KaiGai Kohei <[EMAIL PROT
Kurt Roeckx wrote:
Hi,
Has anyone tried to use the huge tlb support of the Linux 2.6 kernel?
If you compile the kernel with support for it (CONFIG_HUGETLBFS), you
can call shmget() with a SHM_HUGETLB parameter so that it will use
larger pages.
Has anyone tried to use it? Is it worth trying to
501 - 526 of 526 matches
Mail list logo