Allow sepgsql labels to depend on object name.

The main change here is to call security_compute_create_name_raw()
rather than security_compute_create_raw().  This ups the minimum
requirement for libselinux from 2.0.99 to 2.1.10, but it looks
like most distributions will have picked that up before 9.3 is out.

KaiGai Kohei

contrib/sepgsql/relation.c

@@ -88,7 +88,8 @@ sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
 	scontext = sepgsql_get_client_label();
 	tcontext = sepgsql_get_label(RelationRelationId, relOid, 0);
 	ncontext = sepgsql_compute_create(scontext, tcontext,
-									  SEPG_CLASS_DB_COLUMN);
+									  SEPG_CLASS_DB_COLUMN,
+									  NameStr(attForm->attname));
 
 	/*
 	 * check db_column:{create} permission
@@ -309,7 +310,8 @@ sepgsql_relation_post_create(Oid relOid)
 	scontext = sepgsql_get_client_label();
 	tcontext = sepgsql_get_label(NamespaceRelationId,
 								 classForm->relnamespace, 0);
-	rcontext = sepgsql_compute_create(scontext, tcontext, tclass);
+	rcontext = sepgsql_compute_create(scontext, tcontext, tclass,
+									  NameStr(classForm->relname));
 
 	/*
 	 * check db_xxx:{create} permission
@@ -363,7 +365,8 @@ sepgsql_relation_post_create(Oid relOid)
 
 			ccontext = sepgsql_compute_create(scontext,
 											  rcontext,
-											  SEPG_CLASS_DB_COLUMN);
+											  SEPG_CLASS_DB_COLUMN,
+											  NameStr(attForm->attname));
 
 			/*
 			 * check db_column:{create} permission