Re: [v9.1] sepgsql - userspace access vector cache

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: Kohei Kaigai <Kohei.Kaigai@emea.nec.com>, PgHacker <pgsql-hackers@postgresql.org>, Yeb Havinga <yebhavinga@gmail.com>
Date: 2011-09-01T12:40:31Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove the limit on the number of entries allowed in catcaches, and

On Fri, Aug 26, 2011 at 5:32 AM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:
> Yes. It also caches an expected security label when a client being
> labeled as "scontext" tries to execute a procedure being labeled as
> "tcontext", to reduce number of system call invocations on fmgr_hook
> and needs_fmgr_hook.
> If the expected security label is not same with "scontext", it means
> the procedure performs as a trusted procedure that switches security
> label of the client during its execution; like a security invoker
> function.
> A pair of security labels are the only factor to determine whether the
> procedure is a trusted-procedure, or not. Thus, it is suitable to
> cache in userspace avc.

I've committed this, but I still think it would be helpful to revise
that comment.  The turn "boosted up" is not very precise or
informative.  Could you submit a separate, comment-only patch to
improve this?

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company