Index: sepgsql/doc/src/sgml/security.sgml
===================================================================
*** sepgsql/doc/src/sgml/security.sgml (revision 1467)
--- sepgsql/doc/src/sgml/security.sgml (working copy)
***************
*** 684,692 ****
From this, the client can infer the existence of the invisible foreign
key, an inference to which he is not entitled.
! As a practical matter, this scenario can sometimes be avoided by using
! non-natural primary and foreign keys, such as UUIDs. This may make it
! impossible to infer any meaningful data.
--- 684,692 ----
From this, the client can infer the existence of the invisible foreign
key, an inference to which he is not entitled.
! As a practical matter, this scenario can sometimes be avoided by using
! non-natural primary and foreign keys, such as UUIDs. This may make it
! impossible to infer any meaningful data.
***************
*** 702,729 ****
We need the following packages to build and install
SE-PostgreSQL properly. Please check it at first.
!
!
!
! Linux kernel (2.6.23, or later)
!
!
!
!
! libselinux and libselinux-devel (2.0.43, or later)
!
!
!
!
! selinux-policy (3.4.2, or later)
!
!
!
!
! policycoreutils (2.0.16, or later)
!
!
!
--- 702,796 ----
We need the following packages to build and install
SE-PostgreSQL properly. Please check it at first.
!
!
!
! Linux kernel
!
!
! Linux kernel has to support SELinux feature, at least.
! In addition, it is necessary to provide an interface to
! obtain a list of supported object classes and permissions
! via /selinux/class, which is available
! on the Linux kernel 2.6.23 or later.
!
!
!
!
!
! Security policy
!
!
! The security policy of SELinux is neccesary to contain access
! control rules related to database objects.
! The recent upstreamed security policy already has a set of
! rules for SE-PostgreSQL, as a part of policy for PostgreSQL.
!
!
! In Red Hat EL or Fedora,
! check the version number of selinux-policy
! rpm package is 3.4.2, or later.
!
!
!
!
!
! libselinux
!
!
! libselinux is a library to communicate
! between applications and in-kernel SELinux, so it provides
! us various kind of APIs and header definitions.
! It is necessary to provide header definitions of object
! classes and permissions related to database. Rest of
! requirements are already included in older version.
!
!
! In Red Hat EL or Fedora,
! check the version number of libselinux
! and libselinux-devel rpm packages are
! 2.0.46, or later.
!
!
!
!
!
! checkmodule
!
!
! The checkmodule is a policy compiler for
! a modular policy package, such as
! sepostgresql-devel.pp we provided.
!
!
!
!
!
! semodule
!
!
! The semodule is a command to manage
! modular policy packages. It enables to link/unlink,
! upgrade or load/unload modular policy packages, such as
! sepostgresql-devel.pp we provided.
!
!
!
!
!
! restorecon
!
!
! The restorecon enables to assign
! correct security context for files, directories and
! any other objects on filesystem, based on the security
! policy configuration.
! It helps to assign correct security context on
! installed files by hand.
!
!
!
!
***************
*** 740,749 ****
$ make -C src/backend/security/sepgsql/policy
! The current default security policy of SELinux contains a set of
! rules for SE-PostgreSQL on selinux-policy-3.4.2
! or later. So, we don't need to install special purpose security
! policy module now.
However, SE-PostgreSQL also provides an optinal policy module
--- 807,815 ----
$ make -C src/backend/security/sepgsql/policy
! Please note that the recent upstreamed security policy of SELinux
! contains a set of rules for SE-PostgreSQL, so we are not always
! necessary to build security policy module.
However, SE-PostgreSQL also provides an optinal policy module
***************
*** 914,922 ****
! This section introduces the steps to set up labeled ipsec.
!
! For more detailed information, visit Red Hat Enterprise Linux 4 - Security Guide
--- 980,989 ----
! This section introduces the steps to set up labeled ipsec,
! but it is necessity minimum configuration, so we recommend
! you to refer external technical documents related to ipsec
! for more details.
Index: sepgsql/doc/src/sgml/user-manag.sgml
===================================================================
*** sepgsql/doc/src/sgml/user-manag.sgml (revision 1467)
--- sepgsql/doc/src/sgml/user-manag.sgml (working copy)
***************
*** 29,34 ****
--- 29,40 ----
.
+
+ PostgreSQL has an enhancement of database roles and privileges mechanism
+ which allows to set database ACLs in row-level granuality.
+ See, for more details.
+
+
Database Roles
Index: sepgsql/doc/src/sgml/config.sgml
===================================================================
*** sepgsql/doc/src/sgml/config.sgml (revision 1467)
--- sepgsql/doc/src/sgml/config.sgml (working copy)
***************
*** 750,756 ****
specified mode, independent from kernel setting. Please note
that those configuration requires in-kernel SELinux is not
disabled. The disabled disables SE-PostgreSQL.
! This parameter can only be set at server start.
--- 750,758 ----
specified mode, independent from kernel setting. Please note
that those configuration requires in-kernel SELinux is not
disabled. The disabled disables SE-PostgreSQL.
! This parameter is available on a binary with SELinux support
! (--enable-selinux), and can only be set at
! server start.
***************
*** 770,776 ****
for saving storage consumption.
The default is on which means row-level access
controls are available.
! This parameter can only be set at server start.
--- 772,780 ----
for saving storage consumption.
The default is on which means row-level access
controls are available.
! This parameter is available on a binary with SELinux support
! (--enable-selinux), and can only be set at
! server start.