* [refpolicy] [PATCH 1/1] sudo with SELinux support requires key handling
@ 2012-04-11 18:42 Sven Vermeulen
2012-05-04 12:44 ` Christopher J. PeBenito
0 siblings, 1 reply; 2+ messages in thread
From: Sven Vermeulen @ 2012-04-11 18:42 UTC (permalink / raw)
To: refpolicy
When using sudo with SELinux integrated support, the sudo domains need to be able to create user keys. Without this
privilege, any command invoked like "sudo /etc/init.d/local status" will run within the sudo domain (sysadm_sudo_t)
instead of the sysadm_t domain (or whatever domain is mentioned in the sudoers file).
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
policy/modules/admin/sudo.if | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 6e1de7a..f6bef78 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -129,6 +129,7 @@ template(`sudo_role_template',`
seutil_libselinux_linked($1_sudo_t)
userdom_spec_domtrans_all_users($1_sudo_t)
+ userdom_create_all_users_keys($1_sudo_t)
userdom_manage_user_home_content_files($1_sudo_t)
userdom_manage_user_home_content_symlinks($1_sudo_t)
userdom_manage_user_tmp_files($1_sudo_t)
--
1.7.3.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [refpolicy] [PATCH 1/1] sudo with SELinux support requires key handling
2012-04-11 18:42 [refpolicy] [PATCH 1/1] sudo with SELinux support requires key handling Sven Vermeulen
@ 2012-05-04 12:44 ` Christopher J. PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2012-05-04 12:44 UTC (permalink / raw)
To: refpolicy
On 04/11/12 14:42, Sven Vermeulen wrote:
> When using sudo with SELinux integrated support, the sudo domains need to be able to create user keys. Without this
> privilege, any command invoked like "sudo /etc/init.d/local status" will run within the sudo domain (sysadm_sudo_t)
> instead of the sysadm_t domain (or whatever domain is mentioned in the sudoers file).
>
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
> policy/modules/admin/sudo.if | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
> index 6e1de7a..f6bef78 100644
> --- a/policy/modules/admin/sudo.if
> +++ b/policy/modules/admin/sudo.if
> @@ -129,6 +129,7 @@ template(`sudo_role_template',`
> seutil_libselinux_linked($1_sudo_t)
>
> userdom_spec_domtrans_all_users($1_sudo_t)
> + userdom_create_all_users_keys($1_sudo_t)
> userdom_manage_user_home_content_files($1_sudo_t)
> userdom_manage_user_home_content_symlinks($1_sudo_t)
> userdom_manage_user_tmp_files($1_sudo_t)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-05-04 12:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-11 18:42 [refpolicy] [PATCH 1/1] sudo with SELinux support requires key handling Sven Vermeulen
2012-05-04 12:44 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.