replace the actual security framework with SE-PgSQL to reduce complexity

If the SE-PgSQL patch is seen as complex and "nobody wants to use it", wouldn't it be a big step to use it at PostgreSQL system level? Once you have SELinux, the actual pg_hba.conf framework - which are for sure many lines of code - can be replaced to use the SE framework directly. And suddenly the complexity is reduced, and PostgreSQL hackers will use it like they use the actual framework.

The problem I see is that it would require SELinux to run on the system. Maybe there can be a postgresql selinux daemon to support that if the system as a whole doesn't run SELinux.

Having only one framework is better than two in terms of security. If once in the years to come SELinux will be usable in default installs, PostgreSQL could have a stable implementation already.