diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2018-08-27 15:11:12 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2018-08-27 15:11:12 -0400 |
| commit | cbdca00bef59ee204313fe8f0e4f36bc804a38aa (patch) | |
| tree | e423ee31d08095bc5a05a49556706490c5914bb2 /src | |
| parent | 9b39b799db781642dd0c1424c28e827d19663e20 (diff) | |
| download | postgresql-cbdca00bef59ee204313fe8f0e4f36bc804a38aa.tar.gz postgresql-cbdca00bef59ee204313fe8f0e4f36bc804a38aa.zip | |
Fix missing dependency for pg_dump's ENABLE ROW LEVEL SECURITY items.
The archive should show a dependency on the item's table, but it failed
to include one. This could cause failures in parallel restore due to
emitting ALTER TABLE ... ENABLE ROW LEVEL SECURITY before restoring
the table's data. In practice the odds of a problem seem low, since
you would typically need to have set FORCE ROW LEVEL SECURITY as well,
and you'd also need a very high --jobs count to have any chance of this
happening. That probably explains the lack of field reports.
Still, it's a bug, so back-patch to 9.5 where RLS was introduced.
Discussion: https://postgr.es/m/19784.1535390902@sss.pgh.pa.us
Diffstat (limited to 'src')
| -rw-r--r-- | src/bin/pg_dump/pg_dump.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index cd325c0484e..6763a899d81 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -3480,8 +3480,8 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables) /* * Get row security enabled information for the table. We represent - * RLS enabled on a table by creating PolicyInfo object with an empty - * policy. + * RLS being enabled on a table by creating a PolicyInfo object with + * null polname. */ if (tbinfo->rowsec) { @@ -3622,8 +3622,13 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo) query = createPQExpBuffer(); appendPQExpBuffer(query, "ALTER TABLE %s ENABLE ROW LEVEL SECURITY;", - fmtQualifiedDumpable(polinfo)); + fmtQualifiedDumpable(tbinfo)); + /* + * We must emit the ROW SECURITY object's dependency on its table + * explicitly, because it will not match anything in pg_depend (unlike + * the case for other PolicyInfo objects). + */ if (polinfo->dobj.dump & DUMP_COMPONENT_POLICY) ArchiveEntry(fout, polinfo->dobj.catId, polinfo->dobj.dumpId, polinfo->dobj.name, @@ -3632,7 +3637,7 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo) tbinfo->rolname, false, "ROW SECURITY", SECTION_POST_DATA, query->data, "", NULL, - NULL, 0, + &(tbinfo->dobj.dumpId), 1, NULL, NULL); destroyPQExpBuffer(query); |