Re: sepgsql contrib module

Kohei KaiGai <kaigai@kaigai.gr.jp>

From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, KaiGai Kohei <kaigai@ak.jp.nec.com>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2011-01-21T16:00:41Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. pgindent run for 9.0, second run

2011/1/22 Robert Haas <robertmhaas@gmail.com>:
> On Fri, Jan 21, 2011 at 10:46 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Robert Haas <robertmhaas@gmail.com> writes:
>>> On Fri, Jan 21, 2011 at 9:55 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>>> ALTER FUNCTION is supposed to cause plan invalidation in such a case.
>>>> Not sure if GRANT plays nice with that though.
>>
>>> And in the case of SE-Linux, this could get changed from outside the
>>> database.  Not sure how to handle that.  I guess we could just never
>>> inline anything, but that might be an overreaction.
>>
>> I think SELinux is just out of luck in that case.  If it didn't refuse
>> execution permission at the time we checked before inlining (which we
>> do), it doesn't get to change its mind later.
>
> Seems reasonable to me, if it works for KaiGai.
>
I assume users of SE-PostgreSQL put their first priority on security,
not best-performance. So, I also think it is reasonable to kill a part of
optimization for the strict security checks.

Here is one request for the hook.
needs_fmgr_hook() is called by fmgr_info_cxt_security() and routines
to inline. I need a flag to distinct these cases, because we don't need
to invoke all the functions via fmgr_security_definer(), even if it never
allows to inline.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>