The attached patch is a portion that we splitted off when we added pg_shseclabel system catalog.
It enables the control/sepgsql to assign security label on pg_database objects that are utilized as a basis to compute a default security label of schema object. Currently, we have an ugly assumption that all the pg_database entries are labeled as "system_u:object_r:sepgsql_db_t:s0", and default security label of schema is computed based on this assumption. See, sepgsql_schema_post_create() in sepgsql/schema.c It also enables initial labeling at sepgsql_restorecon() and permission checks on relabeling, however, nothing are checked any more. Thanks, -- KaiGai Kohei <kai...@kaigai.gr.jp>
pgsql-v9.2-sepgsql-database.v1.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
