diff --git a/doc/src/sgml/ref/security_label.sgml b/doc/src/sgml/ref/security_label.sgml
index 8a01b94..a62f02a 100644
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@@ -198,6 +198,36 @@ SECURITY LABEL FOR selinux ON TABLE mytable IS 'system_u:object_r:sepgsql_table_
+ See Also
+
+ These modules requires SECURITY LABEL command
+ for their foundation. Also see the section for more details.
+
+
+
+
+
+
+ sepgsql> is a loadable module which supports label-based
+ mandatory access control (MAC) based on SELinux> security
+ policy.
+
+
+
+
+
+
+
+ The dummy_seclabel> module exists only to support regression
+ testing of the SECURITY LABEL> statement. It is not intended
+ to be used in production.
+
+
+
+
+
+
+
Compatibility
There is no SECURITY LABEL command in the SQL standard.
diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml
index db9b64c..4b9e1f3 100644
--- a/doc/src/sgml/sepgsql.sgml
+++ b/doc/src/sgml/sepgsql.sgml
@@ -96,11 +96,13 @@ Policy from config file: targeted
The following instructions that assume your installation is under the
- /usr/local/pgsql> directory. Adjust the paths shown below as
- appropriate for your installation.
+ /usr/local/pgsql> directory and the database cluster is
+ under the /path/to/database> directory. Adjust the paths
+ shown below as appropriate for your installation.
+$ export PGDATA=/path/to/database
$ initdb
$ vi $PGDATA/postgresql.conf
$ for DBNAME in template0 template1 postgres; do
@@ -113,6 +115,17 @@ $ for DBNAME in template0 template1 postgres; do
If the installation process completes without error, you can now start the
server normally.
+
+
+ Please note that you may see the following notifications depending on
+ the combination of a particular version of libselinux>
+ and selinux-policy>.
+
+/etc/selinux/targeted/contexts/sepgsql_contexts: line 33 has invalid object type db_blobs
+
+ It is harmless messages and already fixed. So, you can ignore these
+ messages or update related packages to the latest version.
+
@@ -124,7 +137,16 @@ $ for DBNAME in template0 template1 postgres; do
- First, build and install the policy package for the regression test.
+ First, setup sepgsql according to
+ the .
+ We intend this regression test is run on the working system using
+ make installcheck, so the server system must be
+ correctly set up to allow current user of shell process to connect
+ database as superuser without authentication.
+
+
+
+ Second, build and install the policy package for the regression test.
The sepgsql-regtest.pp> is a special purpose policy package
which provides a set of rules to be allowed during the regression tests.
It should be built from the policy source file
@@ -149,7 +171,7 @@ sepgsql-regtest 1.03
- Second, turn on sepgsql_regression_test_mode>.
+ Third, turn on sepgsql_regression_test_mode>.
We don't enable all the rules in the sepgsql-regtest.pp>
by default, for your system's safety.
The sepgsql_regression_test_mode parameter is associated