Re: [v9.1] sepgsql - userspace access vector cache
Kohei Kaigai <kohei.kaigai@emea.nec.com>
From: Kohei Kaigai <Kohei.Kaigai@EMEA.NEC.COM>
To: Robert Haas <robertmhaas@gmail.com>, Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: PgHacker <pgsql-hackers@postgresql.org>,
Yeb Havinga <yebhavinga@gmail.com>
Date: 2011-09-01T12:56:19Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove the limit on the number of entries allowed in catcaches, and
- 8b9bc234ad43 8.2.0 cited
> On Fri, Aug 26, 2011 at 5:32 AM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote: > > Yes. It also caches an expected security label when a client being > > labeled as "scontext" tries to execute a procedure being labeled as > > "tcontext", to reduce number of system call invocations on fmgr_hook > > and needs_fmgr_hook. > > If the expected security label is not same with "scontext", it means > > the procedure performs as a trusted procedure that switches security > > label of the client during its execution; like a security invoker > > function. > > A pair of security labels are the only factor to determine whether the > > procedure is a trusted-procedure, or not. Thus, it is suitable to > > cache in userspace avc. > > I've committed this, but I still think it would be helpful to revise > that comment. The turn "boosted up" is not very precise or > informative. Could you submit a separate, comment-only patch to > improve this? > OK, Please wait for a few days. Thanks, -- NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kaigai@emea.nec.com>