[PATCH] SE-PostgreSQL for v8.5 development (r1769)

The following list of patches are the initial revision of SE-PostgreSQL
on the v8.5 development cycle.
These are separated into several functional components to help review
and commit in earlier phase. Every patches (except for the core) have
abour 1KL scales. It is far smaller than them in a year ago. :-)

http://sepgsql.googlecode.com/files/sepgsql-01-sysatt-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-02-core-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-03-writable-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-04-rowlevel-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-05-perms-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-06-utils-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-07-tests-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-08-docs-8.4devel-r1769.patch

Needless to say, it is now designed on 8.4devel tree, so anyone who want
to build/install SE-PostgreSQL can apply these patches by hand.
I'll also update and fix them with the progress of v8.4 development.
Before you apply them, please confirm whether they are the latest, or not.

Bruice,
| KaiGai-san, the only option I can offer is perhaps to list a URL for
| your SE-PostgreSQL patch to be applied by people who want to use SE-PG.

Does it mean I need to submit a patch to add an introduction under doc/ ?
If so, I'll submit it as soon as possible.

Thanks,

01) Security system attribute support
scale: 38 files changed, 853 insertions(+), 1 deletion(-), 113 modifications(!)
This patch adds a new system catalog "pg_security" and enables to store
security identifier associated to a text representation within padding
area of HeapTupleHeader, as object identifier doing.
It is a foundation of any other facilities.

02) Core facilities of SE-PostgreSQL
scale: 55 files changed, 3588 insertions(+), 10 deletions(-), 736 modifications(!)
This patch adds a mandatory access control feature collaborating with
SELinux in table, column, procedure level granurality. Most of this
patch is same as I proposed in the v8.4 development cycle, except for
it is designed on the basis of security system attribute support.

03) Writable system column support
scale: 7 files changed, 298 insertions(+), 199 modifications(!)
This patch enables users to update/insert on system columns ("security_label"
and "security_acl") with explicit values. This feature is necessary to provide
a user interface for row-level access controls.

04) Row-level access controls support
scale: 31 files changed, 1101 insertions(+), 231 modifications(!)
This patch enables to apply mandatory/discretionary access control in row-level
granularity also.

05) Advanced permission checks support
scale: 18 files changed, 858 insertions(+), 3 deletions(-), 43 modifications(!)
This patch add some of advanced permission checks:
- file:{read write} on server side filesystem accesses
- db_procedure:{install} on user defined functions as system internal ones
- db_database:{load_module install_module} on binary shared library files
In the v8.4 development, these are suggested to separate from the core.

06) Security options in utilities
scale: 4 files changed, 95 insertions(+), 116 modifications(!)
This patch adds options on utilities
- "--enable-selinux" option for initdb
- "--security-label" option for pg_dump and pg_dumpall

07) Testcases of SE-PostgreSQL
scale: 18 files changed, 1819 insertions(+), 2 modifications(!)
This patch adds testcases for SE-PostgreSQL.

08) Documentation of SE-PostgreSQL
scale: 16 files changed, 1595 insertions(+), 42 modifications(!)
This patch adds documentations for SE-PostgreSQL

0X) Upcoming patches
The following patches are upcoming now.
* Reclaim of unused entries in pg_security
I have a plan to implement it based on the idea from Robert Haas in:
http://archives.postgresql.org/message-id/603c8f070901281818u3e1fa70brd28e1bfac7adfea9@mail.gmail.com

* System audit integration with SE-PostgreSQL
Linux has system audit stuff which is used by in-kernel SELinux and
its userspace facilities can output audit messages here.
Now SE-PostgreSQL writes out audit messages into PostgreSQL logs,
but it is more desirable to write it on system audit.

--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>