selinux-policy-src - Source of the SELinux reference policy for customization

Property Value
Distribution Ubuntu 16.04 LTS (Xenial Xerus)
Repository Ubuntu Universe i386
Package name selinux-policy-src
Package version 2.20140421
Package release 9
Package architecture all
Package type deb
Installed size 1.20 KB
Download size 1.11 MB
Official Mirror
The SELinux Reference Policy (refpolicy) is a complete SELinux
policy, as an alternative to the existing strict and targeted
policies available from The goal is to have
this policy as the system policy, be and used as the basis for
creating other policies. Refpolicy is based on the current strict and
targeted policies, but aims to accomplish many additional
+ Strong Modularity
+ Clearly stated security Goals
+ Documentation
+ Development Tool Support
+ Forward Looking
+ Configurability
+ Flexible Base Policy
+ Application Policy Variations
+ Multi-Level Security
This is the source of the policy, provided so that local variations of
SELinux policy may be created.


Package Version Architecture Repository
selinux-policy-src_2.20140421-9_all.deb 2.20140421 all Ubuntu Universe
selinux-policy-src - - -


Name Value
checkpolicy >= 2.2
gawk -
policycoreutils >= 2.2.1
python -


Type URL
Binary Package selinux-policy-src_2.20140421-9_all.deb
Source Package refpolicy

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install selinux-policy-src deb package:
    # sudo apt-get install selinux-policy-src




2015-02-06 - Russell Coker <>
refpolicy (2:2.20140421-9) unstable; urgency=medium
* Allow dovecot_t to read /usr/share/dovecot/protocols.d
Allow dovecot_t capability sys_resource
Label /usr/lib/dovecot/* as bin_t unless specified otherwise
Allow dovecot_auth_t to manage dovecot_var_run_t for auth tokens
* Allow clamd_t capability { chown fowner fsetid }
Allow clamd_t to read sysctl_vm_t
* Allow dkim_milter_t capability dac_override and read sysctl_vm_t
allow dkim_milter_t to bind to unreserved UDP ports
* Label all hard-links of perdition perdition_exec_t
Allow perdition to read /dev/urandom and capabilities dac_override, chown,
and fowner
Allow perdition file trans to perdition_var_run_t for directories
Also proxy the sieve service - sieve_port_t
Allow connecting to mysql for map data
* Allow nrpe_t to read nagios_etc_t and have capability dac_override
* Allow httpd_t to write to initrc_tmp_t files
Label /var/lib/php5(/.*)? as httpd_var_lib_t
* Allow postfix_cleanup_t to talk to the dkim filter
allow postfix_cleanup_t to use postfix_smtpd_t fds (for milters)
allow postfix_smtpd_t to talk to clamd_t via unix sockets
allow postfix_master_t to execute hostname for Debian startup scripts
* Allow unconfined_cronjob_t role system_r and allow it to restart daemons
via systemd
Allow system_cronjob_t to unlink httpd_var_lib_t files (for PHP session
* Allow spamass_milter_t to search the postfix spool and sigkill itself
allow spamc_t to be in system_r for when spamass_milter runs it
* Allow courier_authdaemon_t to execute a shell
* Label /usr/bin/maildrop as procmail_exec_t
Allow procmail_t to connect to courier authdaemon for the courier maildrop,
also changed courier_stream_connect_authdaemon to use courier_var_run_t
for the type of the socket file
Allow procmail_t to read courier config for maildrop.
* Allow system_mail_t to be in role unconfined_r
* Label ldconfig.real instead of ldconfig as ldconfig_exec_t
* Allow apt_t to list directories of type apt_var_log_t
* Allow dpkg_t to execute dpkg_tmp_t and load kernel modules for
* Allow dpkg_script_t to create udp sockets, netlink audit sockets, manage
shadow files, process setfscreate, and capabilities audit_write net_admin
* Label /usr/lib/xen-*/xl as xm_exec_t

See Also

Package Description
selinux-policy-ubuntu-dev_0.2.20091117-0ubuntu2_all.deb Security-Enhanced Linux Reference Policy Development Headers
selinux-policy-ubuntu-doc_0.2.20091117-0ubuntu2_all.deb Security-Enhanced Linux Reference Policy Documentation
selinux-policy-ubuntu_0.2.20091117-0ubuntu2_all.deb Security-Enhanced Linux Reference Policy
selinux-utils_2.4-3build2_i386.deb SELinux utility programs
selinux_0.11_all.deb Security-Enhanced Linux runtime support
semanticscuttle_0.98.5+dfsg-1ubuntu1_all.deb Self-hosted and web-based social bookmark manager
semantik_0.8.4-0ubuntu2_i386.deb mindmapping-like tool for KDE
semi_1.14.7~0.20120428-18_all.deb library to provide MIME feature for emacsen
sen_0.2.2-2_i386.deb Terminal user interface for docker engine
sendemail_1.56-5_all.deb lightweight, command line SMTP email client
sendfile_2.1b.20080616-5.3_i386.deb Simple Asynchronous File Transfer
sendip_2.5-7_i386.deb Commandline tool to allow sending arbitrary IP packets
sendmail-base_8.15.2-3_all.deb powerful, efficient, and scalable Mail Transport Agent (arch independent files)
sendmail-bin_8.15.2-3_i386.deb powerful, efficient, and scalable Mail Transport Agent
sendmail-cf_8.15.2-3_all.deb powerful, efficient, and scalable Mail Transport Agent (config macros)