Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit25542d7

Browse files
committed
Add partitioned table support to sepgsql
The new partitioned table capability added a new relkind, namelyRELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkindexactly the same way it does RELKIND_RELATION.In addition, add regression test coverage for partitioned tables.Issue raised by Stephen Frost and initial patch by Mike Palmiotto.Review by Tom Lane and Robert Haas, and editorializing by me.Discussion:https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
1 parenteef8c00 commit25542d7

File tree

13 files changed

+1154
-69
lines changed

13 files changed

+1154
-69
lines changed

‎contrib/sepgsql/dml.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,7 @@ check_relation_privileges(Oid relOid,
190190
switch (relkind)
191191
{
192192
caseRELKIND_RELATION:
193+
caseRELKIND_PARTITIONED_TABLE:
193194
result=sepgsql_avc_check_perms(&object,
194195
SEPG_CLASS_DB_TABLE,
195196
required,
@@ -225,7 +226,7 @@ check_relation_privileges(Oid relOid,
225226
/*
226227
* Only columns owned by relations shall be checked
227228
*/
228-
if (relkind!=RELKIND_RELATION)
229+
if (relkind!=RELKIND_RELATION&&relkind!=RELKIND_PARTITIONED_TABLE)
229230
return true;
230231

231232
/*

‎contrib/sepgsql/expected/alter.out

Lines changed: 110 additions & 2 deletions
Large diffs are not rendered by default.

‎contrib/sepgsql/expected/ddl.out

Lines changed: 253 additions & 0 deletions
Large diffs are not rendered by default.

‎contrib/sepgsql/expected/dml.out

Lines changed: 194 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,23 @@ SECURITY LABEL ON TABLE t5 IS 'system_u:object_r:sepgsql_table_t:s0';
2121
SECURITY LABEL ON COLUMN t5.e IS 'system_u:object_r:sepgsql_table_t:s0';
2222
SECURITY LABEL ON COLUMN t5.f IS 'system_u:object_r:sepgsql_ro_table_t:s0';
2323
SECURITY LABEL ON COLUMN t5.g IS 'system_u:object_r:sepgsql_secret_table_t:s0';
24+
---
25+
-- partitioned table parent
26+
CREATE TABLE t1p (o int, p text, q text) PARTITION BY RANGE (o);
27+
SECURITY LABEL ON TABLE t1p IS 'system_u:object_r:sepgsql_table_t:s0';
28+
SECURITY LABEL ON COLUMN t1p.o IS 'system_u:object_r:sepgsql_table_t:s0';
29+
SECURITY LABEL ON COLUMN t1p.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
30+
SECURITY LABEL ON COLUMN t1p.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
31+
-- partitioned table children
32+
CREATE TABLE t1p_ones PARTITION OF t1p FOR VALUES FROM ('0') TO ('10');
33+
SECURITY LABEL ON COLUMN t1p_ones.o IS 'system_u:object_r:sepgsql_table_t:s0';
34+
SECURITY LABEL ON COLUMN t1p_ones.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
35+
SECURITY LABEL ON COLUMN t1p_ones.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
36+
CREATE TABLE t1p_tens PARTITION OF t1p FOR VALUES FROM ('10') TO ('100');
37+
SECURITY LABEL ON COLUMN t1p_tens.o IS 'system_u:object_r:sepgsql_table_t:s0';
38+
SECURITY LABEL ON COLUMN t1p_tens.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
39+
SECURITY LABEL ON COLUMN t1p_tens.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
40+
---
2441
CREATE TABLE customer (cid int primary key, cname text, ccredit text);
2542
SECURITY LABEL ON COLUMN customer.ccredit IS 'system_u:object_r:sepgsql_secret_table_t:s0';
2643
INSERT INTO customer VALUES (1, 'Taro', '1111-2222-3333-4444'),
@@ -33,24 +50,44 @@ SECURITY LABEL ON FUNCTION customer_credit(int)
3350
SELECT objtype, objname, label FROM pg_seclabels
3451
WHERE provider = 'selinux'
3552
AND objtype in ('table', 'column')
36-
AND objname in ('t1', 't2', 't3', 't4', 't5', 't5.e', 't5.f', 't5.g')
53+
AND objname in ('t1', 't2', 't3', 't4',
54+
't5', 't5.e', 't5.f', 't5.g',
55+
't1p', 't1p.o', 't1p.p', 't1p.q',
56+
't1p_ones', 't1p_ones.o', 't1p_ones.p', 't1p_ones.q',
57+
't1p_tens', 't1p_tens.o', 't1p_tens.p', 't1p_tens.q')
3758
ORDER BY objname;
38-
objtype | objname | label
39-
---------+---------+---------------------------------------------
40-
table | t1 | system_u:object_r:sepgsql_table_t:s0
41-
table | t2 | system_u:object_r:sepgsql_ro_table_t:s0
42-
table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0
43-
table | t4 | system_u:object_r:sepgsql_secret_table_t:s0
44-
table | t5 | system_u:object_r:sepgsql_table_t:s0
45-
column | t5.e | system_u:object_r:sepgsql_table_t:s0
46-
column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0
47-
column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0
48-
(8 rows)
59+
objtype | objname | label
60+
---------+------------+---------------------------------------------
61+
table | t1 | system_u:object_r:sepgsql_table_t:s0
62+
table | t1p | system_u:object_r:sepgsql_table_t:s0
63+
column | t1p.o | system_u:object_r:sepgsql_table_t:s0
64+
table | t1p_ones | unconfined_u:object_r:sepgsql_table_t:s0
65+
column | t1p_ones.o | system_u:object_r:sepgsql_table_t:s0
66+
column | t1p_ones.p | system_u:object_r:sepgsql_ro_table_t:s0
67+
column | t1p_ones.q | system_u:object_r:sepgsql_secret_table_t:s0
68+
column | t1p.p | system_u:object_r:sepgsql_ro_table_t:s0
69+
column | t1p.q | system_u:object_r:sepgsql_secret_table_t:s0
70+
table | t1p_tens | unconfined_u:object_r:sepgsql_table_t:s0
71+
column | t1p_tens.o | system_u:object_r:sepgsql_table_t:s0
72+
column | t1p_tens.p | system_u:object_r:sepgsql_ro_table_t:s0
73+
column | t1p_tens.q | system_u:object_r:sepgsql_secret_table_t:s0
74+
table | t2 | system_u:object_r:sepgsql_ro_table_t:s0
75+
table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0
76+
table | t4 | system_u:object_r:sepgsql_secret_table_t:s0
77+
table | t5 | system_u:object_r:sepgsql_table_t:s0
78+
column | t5.e | system_u:object_r:sepgsql_table_t:s0
79+
column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0
80+
column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0
81+
(20 rows)
4982

5083
CREATE SCHEMA my_schema_1;
5184
CREATE TABLE my_schema_1.ts1 (a int, b text);
85+
CREATE TABLE my_schema_1.pts1 (o int, p text) PARTITION BY RANGE (o);
86+
CREATE TABLE my_schema_1.pts1_ones PARTITION OF my_schema_1.pts1 FOR VALUES FROM ('0') to ('10');
5287
CREATE SCHEMA my_schema_2;
5388
CREATE TABLE my_schema_2.ts2 (x int, y text);
89+
CREATE TABLE my_schema_2.pts2 (o int, p text) PARTITION BY RANGE (o);
90+
CREATE TABLE my_schema_2.pts2_tens PARTITION OF my_schema_2.pts2 FOR VALUES FROM ('10') to ('100');
5491
SECURITY LABEL ON SCHEMA my_schema_2
5592
IS 'system_u:object_r:sepgsql_regtest_invisible_schema_t:s0';
5693
-- Hardwired Rules
@@ -99,7 +136,42 @@ SELECT e,f FROM t5;-- ok
99136
---+---
100137
(0 rows)
101138

102-
SELECT * FROM customer;-- failed
139+
---
140+
-- partitioned table parent
141+
SELECT * FROM t1p;-- failed
142+
ERROR: SELinux: security policy violation
143+
SELECT o,p FROM t1p;-- ok
144+
o | p
145+
---+---
146+
(0 rows)
147+
148+
--partitioned table children
149+
SELECT * FROM t1p_ones;-- failed
150+
ERROR: SELinux: security policy violation
151+
SELECT o FROM t1p_ones;-- ok
152+
o
153+
---
154+
(0 rows)
155+
156+
SELECT o,p FROM t1p_ones;-- ok
157+
o | p
158+
---+---
159+
(0 rows)
160+
161+
SELECT * FROM t1p_tens;-- failed
162+
ERROR: SELinux: security policy violation
163+
SELECT o FROM t1p_tens;-- ok
164+
o
165+
---
166+
(0 rows)
167+
168+
SELECT o,p FROM t1p_tens;-- ok
169+
o | p
170+
---+---
171+
(0 rows)
172+
173+
---
174+
SELECT * FROM customer;-- failed
103175
ERROR: SELinux: security policy violation
104176
SELECT cid, cname, customer_credit(cid) FROM customer;-- ok
105177
cid | cname | customer_credit
@@ -108,14 +180,42 @@ SELECT cid, cname, customer_credit(cid) FROM customer;-- ok
108180
2 | Hanako | 5555-6666-7777-????
109181
(2 rows)
110182

111-
SELECT count(*) FROM t5;-- ok
183+
SELECT count(*) FROM t5;-- ok
112184
count
113185
-------
114186
0
115187
(1 row)
116188

117189
SELECT count(*) FROM t5 WHERE g IS NULL;-- failed
118190
ERROR: SELinux: security policy violation
191+
---
192+
-- partitioned table parent
193+
SELECT count(*) FROM t1p;-- ok
194+
count
195+
-------
196+
0
197+
(1 row)
198+
199+
SELECT count(*) FROM t1p WHERE q IS NULL;-- failed
200+
ERROR: SELinux: security policy violation
201+
-- partitioned table children
202+
SELECT count(*) FROM t1p_ones;-- ok
203+
count
204+
-------
205+
0
206+
(1 row)
207+
208+
SELECT count(*) FROM t1p_ones WHERE q IS NULL;-- failed
209+
ERROR: SELinux: security policy violation
210+
SELECT count(*) FROM t1p_tens;-- ok
211+
count
212+
-------
213+
0
214+
(1 row)
215+
216+
SELECT count(*) FROM t1p_tens WHERE q IS NULL;-- failed
217+
ERROR: SELinux: security policy violation
218+
---
119219
INSERT INTO t1 VALUES (4, 'abc');-- ok
120220
INSERT INTO t2 VALUES (4, 'xyz');-- failed
121221
ERROR: SELinux: security policy violation
@@ -127,6 +227,22 @@ ERROR: SELinux: security policy violation
127227
INSERT INTO t5 (e,f) VALUES ('abc', 'def');-- failed
128228
ERROR: SELinux: security policy violation
129229
INSERT INTO t5 (e) VALUES ('abc');-- ok
230+
---
231+
-- partitioned table parent
232+
INSERT INTO t1p (o,p) VALUES (9, 'mno');-- failed
233+
ERROR: SELinux: security policy violation
234+
INSERT INTO t1p (o) VALUES (9);-- ok
235+
INSERT INTO t1p (o,p) VALUES (99, 'pqr');-- failed
236+
ERROR: SELinux: security policy violation
237+
INSERT INTO t1p (o) VALUES (99);-- ok
238+
-- partitioned table children
239+
INSERT INTO t1p_ones (o,p) VALUES (9, 'mno');-- failed
240+
ERROR: SELinux: security policy violation
241+
INSERT INTO t1p_ones (o) VALUES (9);-- ok
242+
INSERT INTO t1p_tens (o,p) VALUES (99, 'pqr');-- failed
243+
ERROR: SELinux: security policy violation
244+
INSERT INTO t1p_tens (o) VALUES (99);-- ok
245+
---
130246
UPDATE t1 SET b = b || '_upd';-- ok
131247
UPDATE t2 SET y = y || '_upd';-- failed
132248
ERROR: SELinux: security policy violation
@@ -138,6 +254,23 @@ UPDATE t5 SET e = 'xyz';-- ok
138254
UPDATE t5 SET e = f || '_upd';-- ok
139255
UPDATE t5 SET e = g || '_upd';-- failed
140256
ERROR: SELinux: security policy violation
257+
---
258+
-- partitioned table parent
259+
UPDATE t1p SET o = 9 WHERE o < 10;-- ok
260+
UPDATE t1p SET o = 99 WHERE o >= 10;-- ok
261+
UPDATE t1p SET o = ascii(COALESCE(p,'upd'))%10 WHERE o < 10;-- ok
262+
UPDATE t1p SET o = ascii(COALESCE(q,'upd'))%100 WHERE o >= 10;-- failed
263+
ERROR: SELinux: security policy violation
264+
-- partitioned table children
265+
UPDATE t1p_ones SET o = 9;-- ok
266+
UPDATE t1p_ones SET o = ascii(COALESCE(p,'upd'))%10;-- ok
267+
UPDATE t1p_ones SET o = ascii(COALESCE(q,'upd'))%10;-- failed
268+
ERROR: SELinux: security policy violation
269+
UPDATE t1p_tens SET o = 99;-- ok
270+
UPDATE t1p_tens SET o = ascii(COALESCE(p,'upd'))%100;-- ok
271+
UPDATE t1p_tens SET o = ascii(COALESCE(q,'upd'))%100;-- failed
272+
ERROR: SELinux: security policy violation
273+
---
141274
DELETE FROM t1;-- ok
142275
DELETE FROM t2;-- failed
143276
ERROR: SELinux: security policy violation
@@ -149,6 +282,20 @@ DELETE FROM t5;-- ok
149282
DELETE FROM t5 WHERE f IS NULL;-- ok
150283
DELETE FROM t5 WHERE g IS NULL;-- failed
151284
ERROR: SELinux: security policy violation
285+
---
286+
-- partitioned table parent
287+
DELETE FROM t1p;-- ok
288+
DELETE FROM t1p WHERE p IS NULL;-- ok
289+
DELETE FROM t1p WHERE q IS NULL;-- failed
290+
ERROR: SELinux: security policy violation
291+
-- partitioned table children
292+
DELETE FROM t1p_ones WHERE p IS NULL;-- ok
293+
DELETE FROM t1p_ones WHERE q IS NULL;-- failed;
294+
ERROR: SELinux: security policy violation
295+
DELETE FROM t1p_tens WHERE p IS NULL;-- ok
296+
DELETE FROM t1p_tens WHERE q IS NULL;-- failed
297+
ERROR: SELinux: security policy violation
298+
---
152299
--
153300
-- COPY TO/FROM statements
154301
--
@@ -160,6 +307,19 @@ ERROR: SELinux: security policy violation
160307
COPY t5 TO '/dev/null';-- failed
161308
ERROR: SELinux: security policy violation
162309
COPY t5(e,f) TO '/dev/null';-- ok
310+
---
311+
-- partitioned table parent
312+
COPY (SELECT * FROM t1p) TO '/dev/null';-- failed
313+
ERROR: SELinux: security policy violation
314+
COPY (SELECT (o,p) FROM t1p) TO '/dev/null';-- ok
315+
-- partitioned table children
316+
COPY t1p_ones TO '/dev/null';-- failed
317+
ERROR: SELinux: security policy violation
318+
COPY t1p_ones(o,p) TO '/dev/null';-- ok
319+
COPY t1p_tens TO '/dev/null';-- failed
320+
ERROR: SELinux: security policy violation
321+
COPY t1p_tens(o,p) TO '/dev/null';-- ok
322+
---
163323
COPY t1 FROM '/dev/null';-- ok
164324
COPY t2 FROM '/dev/null';-- failed
165325
ERROR: SELinux: security policy violation
@@ -171,6 +331,19 @@ ERROR: SELinux: security policy violation
171331
COPY t5 (e,f) FROM '/dev/null';-- failed
172332
ERROR: SELinux: security policy violation
173333
COPY t5 (e) FROM '/dev/null';-- ok
334+
---
335+
-- partitioned table parent
336+
COPY t1p FROM '/dev/null';-- failed
337+
ERROR: SELinux: security policy violation
338+
COPY t1p (o) FROM '/dev/null';-- ok
339+
-- partitioned table children
340+
COPY t1p_ones FROM '/dev/null';-- failed
341+
ERROR: SELinux: security policy violation
342+
COPY t1p_ones (o) FROM '/dev/null';-- ok
343+
COPY t1p_tens FROM '/dev/null';-- failed
344+
ERROR: SELinux: security policy violation
345+
COPY t1p_tens (o) FROM '/dev/null';-- ok
346+
---
174347
--
175348
-- Schema search path
176349
--
@@ -202,8 +375,13 @@ DROP TABLE IF EXISTS t2 CASCADE;
202375
DROP TABLE IF EXISTS t3 CASCADE;
203376
DROP TABLE IF EXISTS t4 CASCADE;
204377
DROP TABLE IF EXISTS t5 CASCADE;
378+
DROP TABLE IF EXISTS t1p CASCADE;
205379
DROP TABLE IF EXISTS customer CASCADE;
206380
DROP SCHEMA IF EXISTS my_schema_1 CASCADE;
207-
NOTICE: drop cascades to table my_schema_1.ts1
381+
NOTICE: drop cascades to 2 other objects
382+
DETAIL: drop cascades to table my_schema_1.ts1
383+
drop cascades to table my_schema_1.pts1
208384
DROP SCHEMA IF EXISTS my_schema_2 CASCADE;
209-
NOTICE: drop cascades to table my_schema_2.ts2
385+
NOTICE: drop cascades to 2 other objects
386+
DETAIL: drop cascades to table my_schema_2.ts2
387+
drop cascades to table my_schema_2.pts2

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp