Re: [v9.1] sepgsql - userspace access vector cache
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Kohei Kaigai <Kohei.Kaigai@emea.nec.com>, PgHacker <pgsql-hackers@postgresql.org>, Yeb Havinga <yebhavinga@gmail.com>
Date: 2011-08-05T18:36:10Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove the limit on the number of entries allowed in catcaches, and
- 8b9bc234ad43 8.2.0 cited
BTW, what is the current status of this patch? The status of contrib/sepgsql part is unclear for me, although we agreed that syscache is suitable mechanism for security labels. Thanks, 2011/7/22 Kohei KaiGai <kaigai@kaigai.gr.jp>: > 2011/7/22 Yeb Havinga <yebhavinga@gmail.com>: >> On 2011-07-22 11:55, Kohei Kaigai wrote: >>> >>>> 2) Also I thought if it could work to not remember tcontext is valid, but >>>> instead remember the consequence, >>>> which is that it is replaced by "unlabeled". It makes the avc_cache >>>> struct shorter and the code somewhat >>>> simpler. >>>> >>> Here is a reason why we hold tcontext, even if it is not valid. >>> The hash key of avc_cache is combination of scontext, tcontext and tclass. >>> Thus, if we replaced an invalid >>> tcontext by unlabeled context, it would always make cache mishit and >>> performance loss. >> >> I see that now, thanks. >> >> I have no further comments, and I think that the patch in it's current >> status is ready for committer. >> > Thanks for your reviewing. > > The attached patch is a revised one according to your suggestion to > include fallback for 'unlabeled' label within sepgsql_avc_lookup(). > And I found a noise in regression test results, so eliminated it from v5. > -- > KaiGai Kohei <kaigai@kaigai.gr.jp> > -- KaiGai Kohei <kaigai@kaigai.gr.jp>