Home Explore Blog CI



postgresql
11th chunk of `doc/src/sgml/sepgsql.sgml`
844104b66eed87871949b0e61f855427e812abcea2af1dc10000000100000d9c
 running.
       </para></entry>
      </row>

      <row>
       <entry role="func_table_entry"><para role="func_signature">
        <function>sepgsql_restorecon</function> ( <type>text</type> )
        <returnvalue>boolean</returnvalue>
       </para>
       <para>
        Sets up initial security labels for all objects within the
        current database. The argument may be <literal>NULL</literal>, or the
        name of a specfile to be used as alternative of the system default.
       </para></entry>
      </row>
     </tbody>
    </tgroup>
  </table>
 </sect2>

 <sect2 id="sepgsql-limitations">
  <title>Limitations</title>

  <variablelist>
   <varlistentry>
    <term>Data Definition Language (DDL) Permissions</term>
    <listitem>
     <para>
      Due to implementation restrictions, some DDL operations do not
      check permissions.
     </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>Data Control Language (DCL) Permissions</term>
    <listitem>
     <para>
      Due to implementation restrictions, DCL operations do not check
      permissions.
     </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>Row-level access control</term>
    <listitem>
     <para>
      <productname>PostgreSQL</productname> supports row-level access, but
      <filename>sepgsql</filename> does not.
     </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>Covert channels</term>
    <listitem>
     <para>
      <filename>sepgsql</filename> does not try to hide the existence of
      a certain object, even if the user is not allowed to reference it.
      For example, we can infer the existence of an invisible object as
      a result of primary key conflicts, foreign key violations, and so on,
      even if we cannot obtain the contents of the object.  The existence
      of a top secret table cannot be hidden; we only hope to conceal its
      contents.
     </para>
    </listitem>
   </varlistentry>
  </variablelist>
 </sect2>

 <sect2 id="sepgsql-resources">
  <title>External Resources</title>
  <variablelist>
   <varlistentry>
    <term><ulink url="https://wiki.postgresql.org/wiki/SEPostgreSQL_Introduction">SE-PostgreSQL Introduction</ulink></term>
    <listitem>
     <para>
      This wiki page provides a brief overview, security design, architecture,
      administration and upcoming features.
     </para>
    </listitem>
   </varlistentry>
   <varlistentry>
    <term><ulink url="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/index">SELinux User's and Administrator's Guide</ulink></term>
    <listitem>
     <para>
      This document provides a wide spectrum of knowledge to administer
      <productname>SELinux</productname> on your systems.
      It focuses primarily on Red Hat operating systems, but is not limited to them.
     </para>
    </listitem>
   </varlistentry>
   <varlistentry>
    <term><ulink url="https://fedoraproject.org/wiki/SELinux_FAQ">Fedora SELinux FAQ</ulink></term>
    <listitem>
     <para>
      This document answers frequently asked questions about
      <productname>SELinux</productname>.
      It focuses primarily on Fedora, but is not limited to Fedora.
     </para>
    </listitem>
   </varlistentry>
  </variablelist>
 </sect2>

 <sect2 id="sepgsql-author">
  <title>Author</title>
  <para>
   KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
  </para>
 </sect2>
</sect1>
Title: SEPostgreSQL Limitations, Resources, and Author
Summary
This section discusses the limitations of SEPostgreSQL, including the lack of permission checks for DDL and DCL operations, no support for row-level access control, and the inability to hide covert channels. It also provides a list of external resources, including wiki pages and guides for SEPostgreSQL, SELinux, and Fedora, and finally, it credits the author of the document, KaiGai Kohei.