Hi everybody. First of all, let me introduce myself. My name is Bogdan Agica and I'm in the Linux team for the BitDefender Antivirus. I'm responsible with the SELinux integration of BitDefender and I seem to have some issues with dropping privileges. The startup scripts rely on sudo in order to drop privileges in a standard linux system. I have written the test policy for the postfix agent, which works fine if the programs are started as root (not via the startup scripts); however the final policy is supposed to integrate seamlessly with the product. In the /etc/init.d script, the programs (5 of them) are started by comands like: # sudo -u bitdefender /opt/BitDefender/bin/bdcored start I have looked at the files domains/program/sudo.te and macros/program/sudo_macros.te. Unfortunately, the lack of documentation for the sudo_domain() macro was a problem, so I have some questions: 1. What exactly does the sudo_domain() macro do? 2. Is this the tool that I need? (i have tried to integrate it with the policy, but it resulted in errors) I'm using FC3, and the following packages: # rpm -qa | grep -i selinux selinux-policy-strict-1.19.10-2 selinux-policy-targeted-sources-1.17.30-2.51 selinux-doc-1.14.1-1 libselinux-1.19.1-8 selinux-policy-targeted-1.17.30-2.51 selinux-policy-strict-sources-1.19.10-2 Of course, should anyone want to look at the beta policy that I've written, I can provide it, and the software itself is available on the company's ftp site. TIA, -- Bogdan Agica BitDefender Internal Testing Engineer ------------------------------------- SOFTWIN Data Security Division ------------------------------------- email: bagica@xxxxxxxxxxxxxxx phone: +(4021) 233 18 52; 233 07 80 fax: (+4021) 233.07.63 Bucharest, ROMANIA http://www.bitdefender.com http://www.softwin.ro ------------------------------------- secure your every bit -------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
-- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
