/etc/init.d/ script

Bogdan Agica bagica at bitdefender.com
Fri Jan 7 09:30:12 UTC 2005 

On Thu, 2005-01-06 at 21:31 +1100, Russell Coker wrote:
> On Thursday 06 January 2005 02:03, Bogdan Agica <bagica at bitdefender.com> 
> wrote:
> > 1. Relabel the script from initrd_exec_t to something else,
> > in which case I'll run into problems starting / stopping the programs.
> 
> You could have the init.d script call something else to do the work.  So you 
> split the script into a worker script in /usr/sbin and a start script in the 
> init.d directory that just calls the worker.
That's probably how we're gonna do it. Thanx for the tips.

> > 2. Give read access to initrd_t in bitdefender_etc_t and _lib_t,
> > which I think is a stupid workaround, providing read access to all
> > scripts in /etc/init.d to this dir.
> 
> That's the usual approach.  Not ideal but not too bad either.  What is the 
> bitdefender data?  initrc_t is a very powerful domain that can break your 
> system in many ways.  Protecting files from it provides little benefit with 
> the way things work now.

The data accessed is not very sensitive (only statistics and settings,
not anybody's email messages). However it would be only an workaround,
not a fix.

> > Is there any way to "inherit" a type (C++like inheritance), e.g. to
> > create a type (say bitdefender_initrc_exec_t), which inherits all the
> > attributes of it's successor, but adds new functionality? (Would be a
> > nice idea if there isn't yet)
> 
> No.
Are there any plans for this? I guess it would make things easier for a
lot of people.

Thanx again for the reply, 
Bogdan

-- 
Bogdan Agica
BitDefender Internal Testing Engineer
-------------------------------------
SOFTWIN
Data Security Division
-------------------------------------
email: bagica at bitdefender.com
phone: +(4021) 233 18 52; 233 07 80
fax: (+4021) 233.07.63
Bucharest, ROMANIA
http://www.bitdefender.com
http://www.softwin.ro
-------------------------------------
secure your every bit
-------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050107/c58dbdac/attachment.sig>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: BitDefender.txt
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050107/c58dbdac/attachment.txt>

More information about the fedora-selinux-list mailing list