BTW, what is the current status of this patch? The status of contrib/sepgsql part is unclear for me, although we agreed that syscache is suitable mechanism for security labels.
Thanks, 2011/7/22 Kohei KaiGai <kai...@kaigai.gr.jp>: > 2011/7/22 Yeb Havinga <yebhavi...@gmail.com>: >> On 2011-07-22 11:55, Kohei Kaigai wrote: >>> >>>> 2) Also I thought if it could work to not remember tcontext is valid, but >>>> instead remember the consequence, >>>> which is that it is replaced by "unlabeled". It makes the avc_cache >>>> struct shorter and the code somewhat >>>> simpler. >>>> >>> Here is a reason why we hold tcontext, even if it is not valid. >>> The hash key of avc_cache is combination of scontext, tcontext and tclass. >>> Thus, if we replaced an invalid >>> tcontext by unlabeled context, it would always make cache mishit and >>> performance loss. >> >> I see that now, thanks. >> >> I have no further comments, and I think that the patch in it's current >> status is ready for committer. >> > Thanks for your reviewing. > > The attached patch is a revised one according to your suggestion to > include fallback for 'unlabeled' label within sepgsql_avc_lookup(). > And I found a noise in regression test results, so eliminated it from v5. > -- > KaiGai Kohei <kai...@kaigai.gr.jp> > -- KaiGai Kohei <kai...@kaigai.gr.jp> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
