On Thu, 2005-01-06 at 21:31 +1100, Russell Coker wrote:
On Thursday 06 January 2005 02:03, Bogdan Agica
<bagica(a)bitdefender.com>
wrote:
> 1. Relabel the script from initrd_exec_t to something else,
> in which case I'll run into problems starting / stopping the programs.
You could have the init.d script call something else to do the work. So you
split the script into a worker script in /usr/sbin and a start script in the
init.d directory that just calls the worker.
That's probably how we're
gonna do it. Thanx for the tips.
> 2. Give read access to initrd_t in bitdefender_etc_t and
_lib_t,
> which I think is a stupid workaround, providing read access to all
> scripts in /etc/init.d to this dir.
That's the usual approach. Not ideal but not too bad either. What is the
bitdefender data? initrc_t is a very powerful domain that can break your
system in many ways. Protecting files from it provides little benefit with
the way things work now.
The data accessed is not very sensitive (only statistics and settings,
not anybody's email messages). However it would be only an workaround,
not a fix.
> Is there any way to "inherit" a type (C++like
inheritance), e.g. to
> create a type (say bitdefender_initrc_exec_t), which inherits all the
> attributes of it's successor, but adds new functionality? (Would be a
> nice idea if there isn't yet)
No.
Are there any plans for this? I guess it would make things easier for a
lot of people.
Thanx again for the reply,
Bogdan
--
Bogdan Agica
BitDefender Internal Testing Engineer
-------------------------------------
SOFTWIN
Data Security Division
-------------------------------------
email: bagica(a)bitdefender.com
phone: +(4021) 233 18 52; 233 07 80
fax: (+4021) 233.07.63
Bucharest, ROMANIA
http://www.bitdefender.com
http://www.softwin.ro
-------------------------------------
secure your every bit
-------------------------------------
--
This message was scanned for spam and viruses by BitDefender.
For more information please visit
http://www.bitdefender.com/