On Thursday 06 January 2005 02:03, Bogdan Agica <bagica@xxxxxxxxxxxxxxx> wrote: > 1. Relabel the script from initrd_exec_t to something else, > in which case I'll run into problems starting / stopping the programs. You could have the init.d script call something else to do the work. So you split the script into a worker script in /usr/sbin and a start script in the init.d directory that just calls the worker. > 2. Give read access to initrd_t in bitdefender_etc_t and _lib_t, > which I think is a stupid workaround, providing read access to all > scripts in /etc/init.d to this dir. That's the usual approach. Not ideal but not too bad either. What is the bitdefender data? initrc_t is a very powerful domain that can break your system in many ways. Protecting files from it provides little benefit with the way things work now. > I know, the best idea would to leave the /etc/init.d/ script for > starting and stopping the program, and to provide all the other > functionality via other means, but that is not feasible in the short > term. It's not difficult to split a shell script into two shell scripts. > Is there any way to "inherit" a type (C++like inheritance), e.g. to > create a type (say bitdefender_initrc_exec_t), which inherits all the > attributes of it's successor, but adds new functionality? (Would be a > nice idea if there isn't yet) No. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
