sepgsql
A contrib module providing experimental support for label-based mandatory access control (MAC) based on SELinux security policy
sepgsql is a contrib module providing experimental support for label-based mandatory access control (MAC) based on SELinux security policy.
sepgsql was added in PostgreSQL 9.1 (commit 968bc6fa).
Change history
- PostgreSQL 13
- mandatory access control for
TRUNCATEadded (commit 4f66c93f)
- mandatory access control for
- PostgreSQL 10
- partitioned table support added (commit 25542d77)
- PostgreSQL 9.3
- enforce
db_procedure:{execute}permission (commit f8a54e93) - enforce
db_schema:searchpermission (commit e965e634) - allow
sepgsqllabels to depend on object name (commit 0f05840b) - support for
object_access_hook's newOAT_POST_ALTERtype (commit 1cea9bbb)
- enforce
- PostgreSQL 9.2
- allow
sepgsqlto honor database labels (commit 291873c1) - perform
sepgsqlpermission checks during the creation of various objects (commit e1042a34) sepgsql_setcon()and related functions to control thesepgsqlsecurity domain added (commit 523176cb)- user space access cache added to improve performance (commit 4232c4b4)
- allow
- PostgreSQL 9.1
- added (commit 968bc6fa)
References
- PostgreSQL documentation: sepgsql