Problems with sudo

Bogdan Agica bagica at bitdefender.com
Fri Dec 17 11:17:44 UTC 2004 

Hi everybody.

First of all, let me introduce myself. My name is Bogdan Agica and I'm
in the Linux team for the BitDefender Antivirus.

I'm responsible with the SELinux integration of BitDefender and I seem
to have some issues with dropping privileges. The startup scripts rely
on sudo in order to drop privileges in a standard linux system. I have
written the test policy for the postfix agent, which works fine if the
programs are started as root (not via the startup scripts); however the
final policy is supposed to integrate seamlessly with the product.

In the /etc/init.d script, the programs (5 of them) are started by
comands like:
# sudo -u bitdefender /opt/BitDefender/bin/bdcored start

I have looked at the files domains/program/sudo.te and
macros/program/sudo_macros.te. Unfortunately, the lack of documentation
for the sudo_domain() macro was a problem, so I have some questions:

1. What exactly does the sudo_domain() macro do?
2. Is this the tool that I need? (i have tried to integrate it with the
policy, but it resulted in errors)

I'm using FC3, and the following packages:
# rpm -qa | grep -i selinux
selinux-policy-strict-1.19.10-2
selinux-policy-targeted-sources-1.17.30-2.51
selinux-doc-1.14.1-1
libselinux-1.19.1-8
selinux-policy-targeted-1.17.30-2.51
selinux-policy-strict-sources-1.19.10-2

Of course, should anyone want to look at the beta policy that I've
written, I can provide it, and the software itself is available on the
company's ftp site.

TIA,
-- 
Bogdan Agica
BitDefender Internal Testing Engineer
-------------------------------------
SOFTWIN
Data Security Division
-------------------------------------
email: bagica at bitdefender.com
phone: +(4021) 233 18 52; 233 07 80
fax: (+4021) 233.07.63
Bucharest, ROMANIA
http://www.bitdefender.com
http://www.softwin.ro
-------------------------------------
secure your every bit
-------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20041217/a791bd40/attachment.bin 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: BitDefender.txt
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20041217/a791bd40/attachment.txt

More information about the selinux mailing list