sepgsql, an SE-Linux integration for PostgreSQL

This is still pretty rough - among other things, the documentation
needs work, and the messages need a visit from the style police -
but this gets the basic framework in place.

KaiGai Kohei

contrib/sepgsql/sepgsql.sql.in

@@ -0,0 +1,36 @@
+--
+-- contrib/sepgsql/sepgsql.sql
+--
+-- [Step to install]
+--
+-- 1. Run initdb
+--    to set up a new database cluster.
+--
+-- 2. Edit $PGDATA/postgresql.conf
+--    to add 'MODULE_PATHNAME' to shared_preload_libraries.
+--
+--    Example)
+--        shared_preload_libraries = 'MODULE_PATHNAME'
+--
+-- 3. Run this script for each databases
+--    This script installs corresponding functions, and assigns initial
+--    security labels on target database objects.
+--    It can be run both single-user mode and multi-user mode, according
+--    to your preference.
+--
+--    Example)
+--      $ for DBNAME in template0 template1 postgres;     \
+--        do                                              \
+--          postgres --single -F -c exit_on_error=true -D $PGDATA $DBNAME \
+--            < /path/to/script/sepgsql.sql > /dev/null   \
+--        done
+--
+-- 4. Start postmaster,
+--    if you initialized the database in single-user mode.
+--
+LOAD 'MODULE_PATHNAME';
+CREATE OR REPLACE FUNCTION pg_catalog.sepgsql_getcon() RETURNS text AS 'MODULE_PATHNAME', 'sepgsql_getcon' LANGUAGE C;
+CREATE OR REPLACE FUNCTION pg_catalog.sepgsql_mcstrans_in(text) RETURNS text AS 'MODULE_PATHNAME', 'sepgsql_mcstrans_in' LANGUAGE C STRICT;
+CREATE OR REPLACE FUNCTION pg_catalog.sepgsql_mcstrans_out(text) RETURNS text AS 'MODULE_PATHNAME', 'sepgsql_mcstrans_out' LANGUAGE C STRICT;
+CREATE OR REPLACE FUNCTION pg_catalog.sepgsql_restorecon(text) RETURNS bool AS 'MODULE_PATHNAME', 'sepgsql_restorecon' LANGUAGE C;
+SELECT sepgsql_restorecon(NULL);