Home Explore Blog CI



postgresql
10th chunk of `doc/src/sgml/sepgsql.sgml`
a8a6a8126853bb00868829ee381fef6dfc392d944f620f6100000001000009ad
 role="func_table_entry"><para role="func_signature">
        <function>sepgsql_getcon</function> ()
        <returnvalue>text</returnvalue>
       </para>
       <para>
        Returns the client domain, the current security label of the client.
       </para></entry>
      </row>

      <row>
       <entry role="func_table_entry"><para role="func_signature">
        <function>sepgsql_setcon</function> ( <type>text</type> )
        <returnvalue>boolean</returnvalue>
       </para>
       <para>
        Switches the client domain of the current session to the new domain,
        if allowed by the security policy.
        It also accepts <literal>NULL</literal> input as a request to transition
        to the client's original domain.
       </para></entry>
      </row>

      <row>
       <entry role="func_table_entry"><para role="func_signature">
        <function>sepgsql_mcstrans_in</function> ( <type>text</type> )
        <returnvalue>text</returnvalue>
       </para>
       <para>
        Translates the given qualified MLS/MCS range into raw format if
        the mcstrans daemon is running.
       </para></entry>
      </row>

      <row>
       <entry role="func_table_entry"><para role="func_signature">
        <function>sepgsql_mcstrans_out</function> ( <type>text</type> )
        <returnvalue>text</returnvalue>
       </para>
       <para>
        Translates the given raw MLS/MCS range into qualified format if
        the mcstrans daemon is running.
       </para></entry>
      </row>

      <row>
       <entry role="func_table_entry"><para role="func_signature">
        <function>sepgsql_restorecon</function> ( <type>text</type> )
        <returnvalue>boolean</returnvalue>
       </para>
       <para>
        Sets up initial security labels for all objects within the
        current database. The argument may be <literal>NULL</literal>, or the
        name of a specfile to be used as alternative of the system default.
       </para></entry>
      </row>
     </tbody>
    </tgroup>
  </table>
 </sect2>

 <sect2 id="sepgsql-limitations">
  <title>Limitations</title>

  <variablelist>
   <varlistentry>
    <term>Data Definition Language (DDL) Permissions</term>
    <listitem>
     <para>
      Due to implementation restrictions, some DDL operations do not
      check permissions.
     </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>Data Control Language (DCL) Permissions</term>
    <listitem>
     <para>
Title: SEPostgreSQL Functions and Limitations
Summary
This section lists various SEPostgreSQL functions, including sepgsql_getcon, sepgsql_setcon, sepgsql_mcstrans_in, sepgsql_mcstrans_out, and sepgsql_restorecon, which are used to manage security labels, translate MLS/MCS ranges, and set up initial security labels. It also discusses the limitations of SEPostgreSQL, including the lack of permission checks for certain Data Definition Language (DDL) operations and Data Control Language (DCL) permissions.