mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Document the dummy_seclabel contrib module.

Browse Source 
KaiGai Kohei, with editing and markup fixes by me.
This commit is contained in:
Robert Haas 2010-11-17 20:46:19 -05:00
parent 511e902b51
commit 45768d10e3
3 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/src/sgml/contrib.sgml
View File

@ -90,6 +90,7 @@ psql -d dbname -f <replaceable>SHAREDIR</>/contrib/<replaceable>module</>.sql
&dblink; &dblink;
&dict-int; &dict-int;
&dict-xsyn; &dict-xsyn;
&dummy-seclabel;
&earthdistance; &earthdistance;
&fuzzystrmatch; &fuzzystrmatch;
&hstore; &hstore;

75
doc/src/sgml/dummy-seclabel.sgml Normal file
View File

@ -0,0 +1,75 @@
<!-- doc/src/sgml/dummy_seclabel.sgml -->
<sect1 id="dummy-seclabel">
<title>dummy_seclabel</title>
<indexterm zone="dummy-seclabel">
<primary>dummy_seclabel</primary>
</indexterm>
<para>
The <filename>dummy_seclabel</> module exists only to support regression
testing of the <command>SECURITY LABEL</> statement. It is not intended
to be used in production.
</para>
<sect2>
<title>Rationale</title>
<para>
The <command>SECURITY LABEL</> statement allows the user to assign security
labels to database objects; however, security labels can only be assigned
when specifically allowed by a loadable module, so this module is provided
to allow proper regression testing.
</para>
<para>
Security label providers intended to be used in production will typically be
dependent on a platform-specific feature such as
<productname>SE-Linux</productname>. This module is platform-independent,
and therefore better-suited to regression testing.
</para>
</sect2>
<sect2>
<title>Usage</title>
<para>
Here's a simple example of usage:
</para>
<programlisting>
# postgresql.conf
shared_preload_libraries = 'dummy_label'
</programlisting>
<programlisting>
postgres=# CREATE TABLE t (a int, b text);
CREATE TABLE
postgres=# SECURITY LABEL ON TABLE t IS 'classified';
SECURITY LABEL
</programlisting>
<para>
The <filename>dummy_seclabel</> provides only four hardcoded
labels: <literal>unclassified</>, <literal>classified</>,
<literal>secret</>, <literal>top secret</> and <literal>trusted</>.
It does not allow any other strings as security labels.
</para>
<para>
These labels are not used to enforce access controls. They are only used
to check whether the <command>SECURITY LABEL</> statement works as expected,
or not.
</para>
</sect2>
<sect2>
<title>Author</title>
<para>
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
</para>
</sect2>
</sect1>

1
doc/src/sgml/filelist.sgml
View File

@ -102,6 +102,7 @@
<!entity dblink SYSTEM "dblink.sgml"> <!entity dblink SYSTEM "dblink.sgml">
<!entity dict-int SYSTEM "dict-int.sgml"> <!entity dict-int SYSTEM "dict-int.sgml">
<!entity dict-xsyn SYSTEM "dict-xsyn.sgml"> <!entity dict-xsyn SYSTEM "dict-xsyn.sgml">
<!entity dummy-seclabel SYSTEM "dummy-seclabel.sgml">
<!entity earthdistance SYSTEM "earthdistance.sgml"> <!entity earthdistance SYSTEM "earthdistance.sgml">
<!entity fuzzystrmatch SYSTEM "fuzzystrmatch.sgml"> <!entity fuzzystrmatch SYSTEM "fuzzystrmatch.sgml">
<!entity hstore SYSTEM "hstore.sgml"> <!entity hstore SYSTEM "hstore.sgml">