[DSE-Dev] Refpolicy module for exim
Devin Carraway
devin at debian.org
Tue Sep 4 07:11:33 UTC 2007
I've written a policy module for exim:
http://devin.com/debian/exim-selinux/
It seems to work with both targeted and strict, although I could only test
strict in a limited fashion. When run under strict, I've seen problems
surrounding the invoke-rc.d restart under dpkg-reconfigure, although I don't
think those are specific to the policy.
This policy is written for the current Exim arrangement of having a single
entry point and exec'ing over itself to switch tasks. It doesn't try to
address the option of putting in hardlinks/wrappers to impose domain
transitions, although it could be extended in that direction. I wanted to
make something that could work today, and which I could plausibly backport to
use with Etch.
I'd welcome criticism if anyone's got any.
--
Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20070904/00580149/attachment.pgp
More information about the SELinux-devel
mailing list