From mboxrd@z Thu Jan  1 00:00:00 1970
From: dominick.grift@gmail.com (Dominick Grift)
Date: Mon, 23 Sep 2013 20:33:22 +0200
Subject: [refpolicy] [PATCH] Sudo file context specification did not
 catch paths
In-Reply-To: <524088BD.90705@tresys.com>
References: <1377546835-8202-1-git-send-email-dominick.grift@gmail.com>
	<524088BD.90705@tresys.com>
Message-ID: <1379961202.5366.18.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2013-09-23 at 14:30 -0400, Christopher J. PeBenito wrote:
> On Mon 26 Aug 2013 03:53:55 PM EDT, Dominick Grift wrote:
> >
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
> > index 28ad538..5d0f398 100644
> > --- a/policy/modules/system/authlogin.fc
> > +++ b/policy/modules/system/authlogin.fc
> > @@ -46,4 +46,4 @@
> >  /var/run/sepermit(/.*)? 	gen_context(system_u:object_r:pam_var_run_t,s0)
> >  /var/run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
> >  /var/run/user(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
> > -/var/(db|lib|adm)/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
> > +/var/((db)|(lib)|(adm))/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
> 
> Odd. It seems to work fine for me.  Maybe it is some sort of fc sort 
> problem on your system?

see if it catches /var/lib/sudo. It does catch the first and the last,
just not the one in the middle if i remember correctly

its not just on my system. this bug was reported by the debian guys i
believe

> 
> --
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com