Bruce Momjian wrote:
KaiGai Kohei wrote:
Hasn't a plan for this already been posted? See
http://archives.postgresql.org/pgsql-hackers/2009-01/msg02407.php
FYI:
* previous full-functional SE-PostgreSQL/Row-ACLs
[kai...@fedora10 security]$ wc -l *.c */*.c
729 pgaceCommon.c
1547 pgaceHooks.c
721 rowacl/rowacl.c
1200 sepgsql/avc.c
623 sepgsql/core.c
1019 sepgsql/hooks.c
785 sepgsql/permissions.c
1097 sepgsql/proxy.c
7721 total
* A lite SE-PostgreSQL without row-level security,
large object support, writable system column
[kai...@fedora10 sepgsql]$ wc -l *.c
904 checker.c
1181 avc.c
360 core.c
55 dummy.c
683 hooks.c
478 label.c
553 perms.c
4214 total
Today, I'll debug the modified code...
Wow, that was fast. Where are you storing the security information for
tables and columns? Did you add a special column to pg_class, etc?
Security information is stored within padding field of HeapTupleHeader
as we did. It can be fetched via sepgsql_(table|column|...)_getcon()
functions, and can be set via SECURITY_LABEL = 'xxx'.
--
KaiGai Kohei <kai...@kaigai.gr.jp>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
