SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: exim4 policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Russell Coker <russell_at_coker.com.au> Date: Tue, 20 Apr 2004 22:52:31 +1000 On Tue, 20 Apr 2004 20:59, Peter Gervai <grin@tolna.net> wrote: > Is there a working exim4 policy somewhere? It was posted on the list, got > some comments, and the thread seem to have died away. It seem not to be a > part of the distribution. For the most desirable support of Exim we need some minor changes to the way it works. I have spoken to the author about this and he has a positive attitude towards this, all that is necessary is for me (or someone else) to write some patches, test them, and send them to him. Once we get Exim working the way we desire doing the policy will be easy. What we want is to have different parts of Exim running in different domains. Exim is comprised of a single program that performs multiple tasks, but it re-exec's itself for each task. I think that the best way to do this is to have (for non-SE systems) multiple hard links to the main executable and have it use different names for each exec call. This just takes up a few extra directory entries on a non-SE system and has no noticeable overhead. For a SE system we could have small wrapper programs (a few K in size - they would provide little overhead) that just exec the main executable. So when a new Exim task is launched it would exec the appropriate name which would trigger a domain transition, that new domain would then execute the main program to do the work. This way Exim itself need know nothing about SE Linux, but we can get all the functionality we want. I believe that this would probably be acceptable to the author. In a month or so I may have time to code this. If someone else makes an appropriate patch to Exim I'll write the SE Linux policy immediately. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 20 Apr 2004 - 08:54:05 EDT This message: [ Message body ] Next message: Stephen Smalley: "[PATCH][SELINUX] Change context_to_sid handling for no-policy case" Previous message: Peter Gervai: "exim4 policy" In reply to: Peter Gervai: "exim4 policy" Next in thread: Dale Amon: "Re: exim4 policy" Reply: Dale Amon: "Re: exim4 policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom