sepgsql contrib module

The attached patch is the modular version of SE-PostgreSQL.

Since I reduced the caching mechanism for access control decision,
its code scale became about 2.6KL.

[kaigai@saba sepgsql]$ wc -l *.[ch]
  353 dml.c
  366 hooks.c
  477 label.c
  158 proc.c
  267 relation.c
   98 schema.c
  617 selinux.c
  287 sepgsql.h
 2623 total

In addition, *.sgml file uses about 300 lines.


There is one another issue to be discussed.
We need a special form of regression test. Because SE-PostgreSQL
makes access control decision based on security label of the peer
process, we need to switch psql process during regression test.
(So, I don't include test cases yet.)

We have 'runcon' command to launch a child process with specified
security label as long as the security policy allows. If we could
launch 'psql' by 'runcon' with specified label, we can describe
test-cases on the existing framework on 'make installcheck'.

An idea is to add an option to pg_regress to launch psql command
with a specified wrapper program (like 'runcon').
In this case, each contrib modules kicks with REGRESS_OPTS setting.
One thing to be considered is the security label to be given to
the 'runcon' is flexible for each *.sql files.

Thanks,
--
KaiGai Kohei <kaigai@ak.jp.nec.com>