Re: security label support, revised

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, KaiGai Kohei <kaigai@kaigai.gr.jp>, pgsql-hackers@postgresql.org
Date: 2010-09-23T18:06:52Z
Lists: pgsql-hackers
* Robert Haas (robertmhaas@gmail.com) wrote:
> The point is that SECURITY LABEL, as coded, will fail utterly unless
> there is a label provider loaded.  So you can't actually run it and
> check the results in the catalog without loading a contrib module.

Urgh, yes, point.  Well, we could test that it errors out correctly. :)

Another thought might be to allow the "check if a module is loaded
before doing things" to be a postgresql.conf option that is disabled in
the regression testing..  If you can modify postgresql.conf you can
remove the module anyway..  Interesting question as to if we should
auto-fail queries against objects which have labels when no security
module is loaded.  Have we discussed that yet?

	Thanks,

		Stephen