diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2018-08-27 15:11:12 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2018-08-27 15:11:12 -0400 |
| commit | c5e235ff8ad0f4907a736a6440dc4be6f939e65c (patch) | |
| tree | a915a82fd7d4a6735f20db5968db3af3f7c255ea | |
| parent | 9ca2207990002a2fd594fd7f9776d9d91acba189 (diff) | |
| download | postgresql-c5e235ff8ad0f4907a736a6440dc4be6f939e65c.tar.gz postgresql-c5e235ff8ad0f4907a736a6440dc4be6f939e65c.zip | |
Fix missing dependency for pg_dump's ENABLE ROW LEVEL SECURITY items.
The archive should show a dependency on the item's table, but it failed
to include one. This could cause failures in parallel restore due to
emitting ALTER TABLE ... ENABLE ROW LEVEL SECURITY before restoring
the table's data. In practice the odds of a problem seem low, since
you would typically need to have set FORCE ROW LEVEL SECURITY as well,
and you'd also need a very high --jobs count to have any chance of this
happening. That probably explains the lack of field reports.
Still, it's a bug, so back-patch to 9.5 where RLS was introduced.
Discussion: https://postgr.es/m/19784.1535390902@sss.pgh.pa.us
| -rw-r--r-- | src/bin/pg_dump/pg_dump.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 3774867b2e1..5b722ee726c 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -3471,8 +3471,8 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables) /* * Get row security enabled information for the table. We represent - * RLS enabled on a table by creating PolicyInfo object with an empty - * policy. + * RLS being enabled on a table by creating a PolicyInfo object with + * null polname. */ if (tbinfo->rowsec) { @@ -3613,8 +3613,13 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo) query = createPQExpBuffer(); appendPQExpBuffer(query, "ALTER TABLE %s ENABLE ROW LEVEL SECURITY;", - fmtQualifiedDumpable(polinfo)); + fmtQualifiedDumpable(tbinfo)); + /* + * We must emit the ROW SECURITY object's dependency on its table + * explicitly, because it will not match anything in pg_depend (unlike + * the case for other PolicyInfo objects). + */ if (polinfo->dobj.dump & DUMP_COMPONENT_POLICY) ArchiveEntry(fout, polinfo->dobj.catId, polinfo->dobj.dumpId, polinfo->dobj.name, @@ -3623,7 +3628,7 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo) tbinfo->rolname, false, "ROW SECURITY", SECTION_POST_DATA, query->data, "", NULL, - NULL, 0, + &(tbinfo->dobj.dumpId), 1, NULL, NULL); destroyPQExpBuffer(query); |