Updates of SE-PostgreSQL 8.4devel patches (r1324)

I updated the patch set of SE-PostgreSQL and related ones (r1324).

[1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1324.patch
[2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1324.patch
[3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1324.patch
[4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1324.patch
[5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1324.patch

Draft of the SE-PostgreSQL documentation is here: http://wiki.postgresql.org/wiki/SEPostgreSQL

List of updates:
- The patches are rebased to the latest CVS HEAD.

- Now the "sepostgresql-sepgsql-8.4devel-3-r1324.patch" contains PGACE security framework, SE-PostgreSQL and Row-level
ACLs.So, the 6th patch has gone.
 

- It enables to compile multiple security features within a single binary. The Row-level ACLs feature is always
available,and SE-PostgreSQL is available when we build it with "--enable-selinux" option.
 

- Two new system columns ("security_acl" and "security_label") are added. The first one is for the Row-level ACLs, and
theother is for the guest of PGACE security framework which is chosen by user.
 

- Some of interfaces are changed: * initdb got a new option "--pgace-feature" which enables to specify   one or no MAC
featureon initialization of $PGDATA.   e.g)     $ initdb --pgace-feature=selinux * pg_dump got two new options
(--security-acland --security-label)   to dump row-level ACLs and security contexts. * $PGDATA/postgresql.conf has a
newparameter of "pgace_feature".   It enables users to choose an enhanced security mechanism from   candidates.
Currently,SE-PostgreSQL is the only candidate.
 

- Todo item * Documentation updates.   The "sepostgresql-docs-8.4devel-3-r1324.patch" is not uptodate,   because higher
priorityshould be given to provide the patch   set for reviewers. So, I'll update the src/doc/* from now.
 

Thanks,

===[ Example ]========================================================
postgres=# CREATE TABLE t1 (a int, b text) WITH (row_level_acl=on);
CREATE TABLE
postgres=# INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc');
INSERT 0 3
postgres=# SELECT security_label, security_acl, * FROM t1;             security_label              |  security_acl  | a
| b
 
------------------------------------------+----------------+---+-----unconfined_u:object_r:sepgsql_table_t:s0 |
{=rwdx/kaigai}| 1 | aaaunconfined_u:object_r:sepgsql_table_t:s0 | {=rwdx/kaigai} | 2 |
bbbunconfined_u:object_r:sepgsql_table_t:s0| {=rwdx/kaigai} | 3 | ccc
 
(3 rows)

postgres=# INSERT INTO t1 (security_acl, a, b) VALUES ('{kaigai=rw/kaigai}', 4, 'ddd');
INSERT 0 1
postgres=# INSERT INTO t1 (security_label, security_acl, a, b)       VALUES ('system_u:object_r:sepgsql_ro_table_t:s0',
'{kaigai=rx/kaigai}',5, 'eee');
 
INSERT 0 1
postgres=# SELECT security_label, security_acl, * FROM t1;             security_label              |    security_acl
|a |  b
 
------------------------------------------+--------------------+---+-----unconfined_u:object_r:sepgsql_table_t:s0 |
{=rwdx/kaigai}    | 1 | aaaunconfined_u:object_r:sepgsql_table_t:s0 | {=rwdx/kaigai}     | 2 |
bbbunconfined_u:object_r:sepgsql_table_t:s0| {=rwdx/kaigai}     | 3 | cccunconfined_u:object_r:sepgsql_table_t:s0 |
{kaigai=rw/kaigai}| 4 | dddsystem_u:object_r:sepgsql_ro_table_t:s0  | {kaigai=rx/kaigai} | 5 | eee
 
(5 rows)

postgres=# UPDATE t1 SET security_label = sepgsql_set_user(security_label, 'system_u'), security_acl =
'{kaigai=r/kaigai}';
UPDATE 5
postgres=# SELECT security_label, security_acl, * FROM t1;            security_label              |   security_acl    |
a|  b
 
-----------------------------------------+-------------------+---+-----system_u:object_r:sepgsql_table_t:s0    |
{kaigai=r/kaigai}| 1 | aaasystem_u:object_r:sepgsql_table_t:s0    | {kaigai=r/kaigai} | 2 |
bbbsystem_u:object_r:sepgsql_table_t:s0   | {kaigai=r/kaigai} | 3 | cccsystem_u:object_r:sepgsql_table_t:s0    |
{kaigai=r/kaigai}| 4 | dddsystem_u:object_r:sepgsql_ro_table_t:s0 | {kaigai=r/kaigai} | 5 | eee
 
(5 rows)

postgres=#

-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>