The attached patch revises error message when security label is specified on unsupported object. getObjectTypeDescription() may be better than oid of catalog.
postgres=# SECURITY LABEL FOR selinux ON ROLE kaigai postgres-# IS 'system_u:object_r:unlabeled_t:s0'; ERROR: sepgsql provider does not support labels on role 2015-03-09 23:55 GMT+09:00 Robert Haas <robertmh...@gmail.com>: > On Tue, Mar 3, 2015 at 5:01 AM, Kouhei Kaigai <kai...@ak.jp.nec.com> wrote: >> From standpoint of SQL syntax, yep, SECURITY LABEL command support >> the object types below, however, it fully depends on security label >> provider; sepgsql.so in this case. >> At this moment, it supports database, schema, function, tables and >> column are supported by sepgsql. So, it is expected behavior. > > If the core system supports labels on other object types and sepgsql > does not, it should give a better error for those cases, like: > > ERROR: sepgsql provider does not support labels on roles > > Errors like "ERROR: unsupported object type: 1260" are a good way to > report a failure that is never expected to happen, but they shouldn't > be used as user-facing error messages. > > -- > Robert Haas > EnterpriseDB: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers -- KaiGai Kohei <kai...@kaigai.gr.jp>
security-label-errmsg.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
