<!-- doc/src/sgml/sepgsql.sgml -->
<sect1 id="sepgsql" xreflabel="sepgsql">
<title>sepgsql —
SELinux-, label-based mandatory access control (MAC) security module</title>
<indexterm zone="sepgsql">
<primary>sepgsql</primary>
</indexterm>
<para>
<filename>sepgsql</filename> is a loadable module that supports label-based
mandatory access control (MAC) based on <productname>SELinux</productname> security
policy.
</para>
<warning>
<para>
The current implementation has significant limitations, and does not
enforce mandatory access control for all actions. See
<xref linkend="sepgsql-limitations"/>.
</para>
</warning>
<sect2 id="sepgsql-overview">
<title>Overview</title>
<para>
This module integrates with <productname>SELinux</productname> to provide an
additional layer of security checking above and beyond what is normally
provided by <productname>PostgreSQL</productname>. From the perspective of
<productname>SELinux</productname>, this module allows
<productname>PostgreSQL</productname> to function as a user-space object
manager. Each table or function access initiated by a DML query will be
checked against the system security policy. This check is in addition to
the usual SQL permissions checking performed by
<productname>PostgreSQL</productname>.
</para>
<para>
<productname>SELinux</productname> access control decisions are made using
security labels, which are represented by strings such as
<literal>system_u:object_r:sepgsql_table_t:s0</literal>. Each access control
decision involves two labels: the label of the subject attempting to
perform the action, and the label of the object on which the operation is
to be performed. Since these labels can be applied to any sort of object,
access control decisions for objects stored within the database can be
(and, with this module, are) subjected to the same general criteria used
for objects of any other type, such as files. This design is intended to
allow a centralized security policy to protect information assets
independent of the particulars of how those assets are stored.
</para>
<para>
The <link linkend="sql-security-label"><command>SECURITY LABEL</command></link> statement allows assignment of
a security label to a database object.
</para>
</sect2>
<sect2 id="sepgsql-installation">
<title>Installation</title>
<para>
<filename>sepgsql</filename> can only be used on <productname>Linux</productname>
2.6.28 or higher with <productname>SELinux</productname> enabled.
It is not available on any other platform. You will also need
<productname>libselinux</productname> 2.1.10 or higher and
<productname>selinux-policy</productname> 3.9.13 or higher (although some
distributions may backport the necessary rules into older policy
versions).
</para>
<para>
The <command>sestatus</command> command allows you to check the status of
<productname>SELinux</productname>. A typical display is:
<screen>
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
</screen>
If <productname>SELinux</productname> is disabled or not installed, you must set
that product up first before installing this module.
</para>
<para>
To build this module, specify <xref
linkend="configure-option-with-sepgsql"/> (when using <link
linkend="install-make">make and autoconf</link> ) or <xref
linkend="configure-with-sepgsql-meson"/> (when using <link
linkend="install-meson">meson</link>).
Be sure that the <filename>libselinux-devel</filename> RPM is installed at
build time.
</para>
<para>
To use this module, you must include <literal>sepgsql</literal>
in the <xref linkend="guc-shared-preload-libraries"/> parameter