The following patches are updated ones:
[1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1522.patch
[2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1522.patch
[3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1522.patch
[4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1522.patch
[5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1522.patch
- List of updates: * The facilities of PGACE are removed. * The facilities of row-level access controls are separated.
*The facilities of security attribute management are separated. - The pg_security system catalog, the idea of
securityidentifier and the "security_label" system column are included. - AVC become to accept text form security
context. - pg_class, pg_attribute, pg_database and pg_proc got a new field to store text form security context. *
Afew of security hooks are integrated into pg_xxx_aclcheck() - sepgsqlCheckProcedureExecute() from pg_proc_aclmask()
- sepgsqlCheckDatabaseAccess() from pg_database_aclmask() * Access controls on large objects are separated. * The
baselinesecurity policy module is omitted, so the 3rd patch provides only developer's policy. * Descriptions about
PGACEand row-level access controls are separated. * Testcases are reworked. * Anyway, most of patches are reworked!
- Scale of patches It may seem you the updated version is not smaller than previous version, but more than half of
affectedlines are come from changes in system catalog.
* The previous full-functional version (r1467) $ diffstat sepostgresql-sepgsql-8.4devel-3-r1467.patch : 110
fileschanged, 9813 insertions(+), 16 deletions(-), 924 modifications(!)
* Current version (r1522) $ diffstat sepostgresql-sepgsql-8.4devel-3-r1522.patch :
src/include/catalog/pg_attribute.h | 500 !!! src/include/catalog/pg_class.h | 12
src/include/catalog/pg_database.h | 6 src/include/catalog/pg_proc.h | 4207
!!!!!!!!!!!!!!!!!!!!!!!!!! : 65 files changed, 4737 insertions(+), 11 deletions(-), 4908 modifications(!)
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>