The SE-PostgreSQL patches are updated as follows: 1) http://sepgsql.googlecode.com/files/sepgsql-01-sysatt-8.4beta2-r2016.patch 2) http://sepgsql.googlecode.com/files/sepgsql-02-core-8.4beta2-r2016.patch 3) http://sepgsql.googlecode.com/files/sepgsql-03-writable-8.4beta2-r2016.patch 4) http://sepgsql.googlecode.com/files/sepgsql-04-rowlevel-8.4beta2-r2016.patch 5) http://sepgsql.googlecode.com/files/sepgsql-05-perms-8.4beta2-r2016.patch 6) http://sepgsql.googlecode.com/files/sepgsql-06-utils-8.4beta2-r2016.patch 7) http://sepgsql.googlecode.com/files/sepgsql-07-tests-8.4beta2-r2016.patch 8) http://sepgsql.googlecode.com/files/sepgsql-08-docs-8.4beta2-r2016.patch 9) http://sepgsql.googlecode.com/files/sepgsql-09-extra-8.4beta2-r2016.patch
The SE-PostgreSQL online documentation: http://wiki.postgresql.org/wiki/SEPostgreSQL List of updates: * Its base version was updated to the latest CVS HEAD. * Add a feature to reclaim orphan pg_security entries. - See below. * Add a new guc parameter: sepostgresql_mcstrans - It turnd on/off mcstrans support when we import/export security context. * Some of bugfixes * Code cleanups * Documentation updates - Ths wiki article was updated corresponding to the latest design. A significant change is a feature to reclaim orphan pg_security entries. The definition of the pg_security was changed, and a 'relid' field was added to indicate the table refering the entry. An administrative purpose function: security_reclaim_label() removes entries within pg_security, which are not refered by the table identified by pg_security.relid. We assume the frequency to be reclaimed is less enough, so it is not automatically as if autovacuume. If necessary, cron script can invoke a script to reclaim orphan entries once per month or bimonth. On the DROP TABLE, orphan entries are also reclaimed automatically. -- Example ------------------------------------------ postgres=# CREATE TABLE t1 (a int, b text); CREATE TABLE postgres=# INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc'); INSERT 0 3 postgres=# UPDATE t1 SET security_label = sepgsql_set_range(security_label, 's0:c' || a); UPDATE 3 postgres=# UPDATE t1 SET security_label = sepgsql_set_user(security_label, 'system_u'); UPDATE 3 postgres=# SELECT security_label, * FROM t1; security_label | a | b -----------------------------------------+---+----- system_u:object_r:sepgsql_table_t:s0:c1 | 1 | aaa system_u:object_r:sepgsql_table_t:s0:c2 | 2 | bbb system_u:object_r:sepgsql_table_t:s0:c3 | 3 | ccc (3 rows) postgres=# SELECT security_reclaim_label('t1'); NOTICE: secattr="unconfined_u:object_r:sepgsql_table_t:s0", secid=16433 on public.t1 was reclaimed NOTICE: secattr="unconfined_u:object_r:sepgsql_table_t:s0:c1", secid=16434 on public.t1 was reclaimed NOTICE: secattr="unconfined_u:object_r:sepgsql_table_t:s0:c2", secid=16435 on public.t1 was reclaimed NOTICE: secattr="unconfined_u:object_r:sepgsql_table_t:s0:c3", secid=16436 on public.t1 was reclaimed security_reclaim_label ------------------------ 4 (1 row) Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
