On Fri, Apr 12, 2013 at 2:44 PM, Kohei KaiGai wrote:
> Yes, of course. The attached one replaces the getObjectDescription in
> sepgsql/proc.c, and relative changes in regression test.
Thanks. Committed. I also committed the first two hunks of your
cleanup patch but omitted the third one, which
>> A problem regarding to validation of sepgsql-regtest policy module
>> is originated by semodule commands that takes root privilege to
>> list up installed policy modules. So, I avoided to use this command
>> in the test_sepgsql script.
>> However, I have an idea that does not raise script fail e
2013/4/12 Robert Haas :
> On Fri, Apr 12, 2013 at 10:42 AM, Alvaro Herrera
> wrote:
>> Robert Haas escribió:
>>> On Mon, Apr 8, 2013 at 12:28 PM, Kohei KaiGai wrote:
>>
>>> > Also, the attached function-execute-permission patch is a rebased
>>> > version. I rethought its event name should be OAT_
On Fri, Apr 12, 2013 at 10:42 AM, Alvaro Herrera
wrote:
> Robert Haas escribió:
>> On Mon, Apr 8, 2013 at 12:28 PM, Kohei KaiGai wrote:
>
>> > Also, the attached function-execute-permission patch is a rebased
>> > version. I rethought its event name should be OAT_FUNCTION_EXECUTE,
>> > rather tha
Robert Haas escribió:
> On Mon, Apr 8, 2013 at 12:28 PM, Kohei KaiGai wrote:
> > Also, the attached function-execute-permission patch is a rebased
> > version. I rethought its event name should be OAT_FUNCTION_EXECUTE,
> > rather than OAT_FUNCTION_EXEC according to the manner without
> > abbrevia
On Mon, Apr 8, 2013 at 12:28 PM, Kohei KaiGai wrote:
> Thanks. I could find two obvious wording stuffs here, please see smaller
> one of the attached patches. I didn't fixup manner to use "XXX" in source
> code comments.
Committed.
> Also, the attached function-execute-permission patch is a reba
2013/4/5 Robert Haas :
> On Thu, Apr 4, 2013 at 8:26 AM, Kohei KaiGai wrote:
>> OK, I follow the manner of the terminology as we usually call it.
>> The attached patch just replaced things you suggested.
>
> Thanks, I have committed this, after making some changes to the
> comments and documentati
On Thu, Apr 4, 2013 at 8:26 AM, Kohei KaiGai wrote:
> OK, I follow the manner of the terminology as we usually call it.
> The attached patch just replaced things you suggested.
Thanks, I have committed this, after making some changes to the
comments and documentation. Please review the changes a
On Tue, Apr 2, 2013 at 2:22 PM, Kohei KaiGai wrote:
> OK, please check the attached ones.
Thanks. I reviewed the schema-search patch and I think it looks
reasonable, but shouldn't we be calling the event OAT_NAMESPACE_SEARCH
rather than OAT_SCHEMA_SEARCH? And, similarly,
ObjectAccessNamespaceSe
On Tue, Jan 15, 2013 at 3:28 PM, Kohei KaiGai wrote:
> This patch adds sepgsql support for permission checks equivalent
> to the existing SCHEMA USE privilege.
>
> This feature is constructed on new OAT_SCHEMA_SEARCH event
> type being invoked around pg_namespace_aclcheck().
> So, its expected beh
Sorry for my late updates.
I tried to update list of permissions that sepgsql expects, even though
the description might be still a bit rough...
https://wiki.postgresql.org/wiki/SEPostgreSQL_Permissions
Set of permissions are defined for each object class that represents
a particular database
On 01/29/2013 10:10 PM, Simon Riggs wrote:
> On 29 January 2013 13:30, Kohei KaiGai wrote:
>
>> It makes unavailable to control execution of
>> functions from viewpoint of selinux, and here is no way selinux
>> to prevent to execute functions defined by other domains, or
>> others being not permit
On 29 January 2013 14:39, Kohei KaiGai wrote:
> 2013/1/29 Simon Riggs :
>> On 29 January 2013 13:30, Kohei KaiGai wrote:
>>
>>> It makes unavailable to control execution of
>>> functions from viewpoint of selinux, and here is no way selinux
>>> to prevent to execute functions defined by other dom
2013/1/29 Simon Riggs :
> On 29 January 2013 13:30, Kohei KaiGai wrote:
>
>> It makes unavailable to control execution of
>> functions from viewpoint of selinux, and here is no way selinux
>> to prevent to execute functions defined by other domains, or
>> others being not permitted.
>> Also, what
On 29 January 2013 13:30, Kohei KaiGai wrote:
> It makes unavailable to control execution of
> functions from viewpoint of selinux, and here is no way selinux
> to prevent to execute functions defined by other domains, or
> others being not permitted.
> Also, what we want to do is almost same as
2013/1/29 Simon Riggs :
> On 15 January 2013 20:28, Kohei KaiGai wrote:
>
>> This patch adds sepgsql support for permission checks equivalent
>> to the existing SCHEMA USE privilege.
>>
>> This feature is constructed on new OAT_SCHEMA_SEARCH event
>> type being invoked around pg_namespace_aclcheck
On 15 January 2013 20:28, Kohei KaiGai wrote:
> This patch adds sepgsql support for permission checks equivalent
> to the existing SCHEMA USE privilege.
>
> This feature is constructed on new OAT_SCHEMA_SEARCH event
> type being invoked around pg_namespace_aclcheck().
Can you explain the exact d
17 matches
Mail list logo
