Re: Resend: Sudo Changes for SELinux

[Daniel J Walsh <dwalsh@redhat.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd Miller wrote:
> Daniel J Walsh wrote:
>> I don't recall, I wrote it several years ago.  I guess the simplest
>> thing is to try it out, without the fork.
> 
> Seems to work fine without the fork.  I've made quite a few changes and
> you can now specify sudoers lines like:
> 
> tmiller ALL=(ALL) ROLE=sysadm_r TYPE=sysadmin_t /bin/sh
> 
> and have it do what (I think) you want.  Note that "make install" does
> not currently set the label on sesh, perhaps it should.  I'm also not
> sure that /usr/sbin is the best place for sesh.  My inclination would be
> to put it in /usr/libexec, though this is not a big deal.
> 
>  - todd
You are the boss.  Move it to /usr/libexec.  And I will fix policy to
label it correctly.  I would not put SELinux awareness into the install,
that is either "install", rpm. dpkg problem.

I look forward to testing it out.  And once it is in Rawhide, will blog
about how to use it with SELinux.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkerPeQACgkQrlYvE4MpobM0dgCgsVNlzSmComL5m39JExgG0cjj
Z3gAoJ1GydVEoFvHUf4CNvgjNhZNoygg
=grpX
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.