sepgsql
A contrib module providing experimental support for label-based mandatory access control (MAC) based on SELinux security policy
sepgsql
is a contrib module providing experimental support for label-based mandatory access control (MAC) based on SELinux security policy.
sepgsql
was added in PostgreSQL 9.1 (commit 968bc6fa).
Change history
- PostgreSQL 13
- PostgreSQL 10
- partitioned table support added (commit 25542d77)
- PostgreSQL 9.3
- enforce
db_procedure:{execute}
permission (commit f8a54e93) - enforce
db_schema:search
permission (commit e965e634) - allow
sepgsql
labels to depend on object name (commit 0f05840b) - support for
object_access_hook
's newOAT_POST_ALTER
type (commit 1cea9bbb)
- enforce
- PostgreSQL 9.2
- allow
sepgsql
to honor database labels (commit 291873c1) - perform
sepgsql
permission checks during the creation of various objects (commit e1042a34) sepgsql_setcon()
and related functions to control thesepgsql
security domain added (commit 523176cb)- user space access cache added to improve performance (commit 4232c4b4)
- allow
- PostgreSQL 9.1
- added (commit 968bc6fa)
References
- PostgreSQL documentation: sepgsql