[DSE-Dev] Refpolicy module for exim

Devin Carraway devin at debian.org
Tue Sep 4 07:11:33 UTC 2007

I've written a policy module for exim:


It seems to work with both targeted and strict, although I could only test
strict in a limited fashion.  When run under strict, I've seen problems
surrounding the invoke-rc.d restart under dpkg-reconfigure, although I don't
think those are specific to the policy.

This policy is written for the current Exim arrangement of having a single
entry point and exec'ing over itself to switch tasks.  It doesn't try to
address the option of putting in hardlinks/wrappers to impose domain
transitions, although it could be extended in that direction.  I wanted to
make something that could work today, and which I could plausibly backport to
use with Etch.

I'd welcome criticism if anyone's got any.

Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20070904/00580149/attachment.pgp 

More information about the SELinux-devel mailing list