2010-11-18 02:46:19 +01:00
|
|
|
<!-- doc/src/sgml/dummy_seclabel.sgml -->
|
|
|
|
|
2011-05-08 04:29:20 +02:00
|
|
|
<sect1 id="dummy-seclabel" xreflabel="dummy_seclabel">
|
2010-11-18 02:46:19 +01:00
|
|
|
<title>dummy_seclabel</title>
|
|
|
|
|
|
|
|
<indexterm zone="dummy-seclabel">
|
|
|
|
<primary>dummy_seclabel</primary>
|
|
|
|
</indexterm>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
The <filename>dummy_seclabel</> module exists only to support regression
|
|
|
|
testing of the <command>SECURITY LABEL</> statement. It is not intended
|
|
|
|
to be used in production.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
<title>Rationale</title>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
The <command>SECURITY LABEL</> statement allows the user to assign security
|
|
|
|
labels to database objects; however, security labels can only be assigned
|
|
|
|
when specifically allowed by a loadable module, so this module is provided
|
|
|
|
to allow proper regression testing.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Security label providers intended to be used in production will typically be
|
|
|
|
dependent on a platform-specific feature such as
|
|
|
|
<productname>SE-Linux</productname>. This module is platform-independent,
|
|
|
|
and therefore better-suited to regression testing.
|
|
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
<title>Usage</title>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Here's a simple example of usage:
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<programlisting>
|
|
|
|
# postgresql.conf
|
|
|
|
shared_preload_libraries = 'dummy_label'
|
|
|
|
</programlisting>
|
|
|
|
|
|
|
|
<programlisting>
|
|
|
|
postgres=# CREATE TABLE t (a int, b text);
|
|
|
|
CREATE TABLE
|
|
|
|
postgres=# SECURITY LABEL ON TABLE t IS 'classified';
|
|
|
|
SECURITY LABEL
|
|
|
|
</programlisting>
|
|
|
|
|
|
|
|
<para>
|
2010-11-18 16:28:00 +01:00
|
|
|
The <filename>dummy_seclabel</> module provides only four hardcoded
|
2010-11-18 02:46:19 +01:00
|
|
|
labels: <literal>unclassified</>, <literal>classified</>,
|
2010-11-18 16:28:00 +01:00
|
|
|
<literal>secret</>, and <literal>top secret</>.
|
2010-11-18 02:46:19 +01:00
|
|
|
It does not allow any other strings as security labels.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
These labels are not used to enforce access controls. They are only used
|
|
|
|
to check whether the <command>SECURITY LABEL</> statement works as expected,
|
|
|
|
or not.
|
|
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
<title>Author</title>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
|
|
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
</sect1>
|