KaiGai Kohei wrote:
One matter was "use" permission, but I can agree to integrate it into "select" permission as the original design did.
Ok, great.
The other is view. When we use a view in the query, it is extracted as a subquery and its query tree is fetched from pg_rewrite.ev_action which is already parsed. It means we need to ensure the parsed representation is not manipulated. The simplest solution is to prevent updating the pg_rewrite.ev_action by hand when SE-PostgreSQL is enabled.
Agreed. If SE-PostgreSQL is enabled, you need to forbid manual updates to a lot of catalog tables. This is just another case of the same.
I think smaller hard-wired rules are better, but it is a very corner-case and its benefit cannot be ignorable. - It enables to reduce the "walker" code from sepgsql/checker.c. (I guess it makes reduce a few hundreds lines.) - It helps to maintain code to pick up what tables/columns are accessed. If nobody disagree it, I'll integrate "use" permission into "select" and remove the "walker" code from sepgsql/checker.c due to the next Monday. It affects on sepgsql/checker.c, but I expect little changes on others. I'm happy, if you don't stop reviewing patches except for checker.c.
Sounds good, though I'm not 100% sure I understood what you're going to replace the walker with. Seeing the patch will surely enlighten that :-).
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers