selinux-refpolicy/policy/modules/admin/sudo.if

## <summary>Execute a command with a substitute user</summary>

#######################################
## <summary>
##	The role template for the sudo module.
## </summary>
## <desc>
##	<p>
##	This template creates a derived domain which is allowed
##	to change the linux user id, to run commands as a different
##	user.
##	</p>
## </desc>
## <param name="role_prefix">
##	<summary>
##	The prefix of the user role (e.g., user
##	is the prefix for user_r).
##	</summary>
## </param>
## <param name="user_role">
##	<summary>
##	The user role.
##	</summary>
## </param>
## <param name="user_domain">
##	<summary>
##	The user domain associated with the role.
##	</summary>
## </param>
#
template(`sudo_role_template',`

	gen_require(`
		type sudo_exec_t;
		attribute sudodomain;
	')

	##############################
	#
	# Declarations
	#

	type $1_sudo_t, sudodomain;
	userdom_user_application_domain($1_sudo_t, sudo_exec_t)
	domain_interactive_fd($1_sudo_t)
	domain_role_change_exemption($1_sudo_t)
	role $2 types $1_sudo_t;

	##############################
	#
	# Local Policy
	#

	# Use capabilities.
	allow $1_sudo_t self:capability { chown dac_override fowner setgid setuid sys_nice sys_resource };
	allow $1_sudo_t self:process { signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr getrlimit rlimitinh siginh transition setsockcreate dyntransition noatsecure setkeycreate };
	allow $1_sudo_t self:process { setexec setrlimit };
	allow $1_sudo_t self:fd use;
	allow $1_sudo_t self:fifo_file rw_fifo_file_perms;
	allow $1_sudo_t self:shm create_shm_perms;
	allow $1_sudo_t self:sem create_sem_perms;
	allow $1_sudo_t self:msgq create_msgq_perms;
	allow $1_sudo_t self:msg { send receive };
	allow $1_sudo_t self:unix_dgram_socket create_socket_perms;
	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
	allow $1_sudo_t self:unix_dgram_socket sendto;
	allow $1_sudo_t self:unix_stream_socket connectto;
	allow $1_sudo_t self:key manage_key_perms;

	allow $1_sudo_t $3:key search;

	# Enter this derived domain from the user domain
	domtrans_pattern($3, sudo_exec_t, $1_sudo_t)

	# By default, revert to the calling domain when a shell is executed.
	corecmd_shell_domtrans($1_sudo_t, $3)
	corecmd_bin_domtrans($1_sudo_t, $3)
	allow $3 $1_sudo_t:fd use;
	allow $3 $1_sudo_t:fifo_file rw_fifo_file_perms;
	allow $3 $1_sudo_t:process signal_perms;

	kernel_read_kernel_sysctls($1_sudo_t)
	kernel_read_system_state($1_sudo_t)
	kernel_link_key($1_sudo_t)

	corecmd_exec_all_executables($1_sudo_t)

	dev_getattr_fs($1_sudo_t)
	dev_read_urand($1_sudo_t)
	dev_rw_generic_usb_dev($1_sudo_t)
	dev_read_sysfs($1_sudo_t)

	domain_use_interactive_fds($1_sudo_t)
	domain_sigchld_interactive_fds($1_sudo_t)
	domain_getattr_all_entry_files($1_sudo_t)

	files_read_etc_files($1_sudo_t)
	files_read_var_files($1_sudo_t)
	files_read_usr_symlinks($1_sudo_t)
	files_getattr_usr_files($1_sudo_t)
	# for some PAM modules and for cwd
	files_dontaudit_search_home($1_sudo_t)
	files_list_tmp($1_sudo_t)

	fs_search_auto_mountpoints($1_sudo_t)
	fs_getattr_xattr_fs($1_sudo_t)

	selinux_validate_context($1_sudo_t)
	selinux_compute_relabel_context($1_sudo_t)

	term_getattr_pty_fs($1_sudo_t)
	term_dontaudit_getattr_unallocated_ttys($1_sudo_t)
	term_relabel_all_ttys($1_sudo_t)
	term_relabel_all_ptys($1_sudo_t)

	auth_run_chk_passwd($1_sudo_t, $2)
	# sudo stores a token in the pam_pid directory
	auth_manage_pam_pid($1_sudo_t)
	auth_use_pam($1_sudo_t)
	auth_pid_filetrans_pam_var_run($1_sudo_t, dir, "sudo")

	init_rw_utmp($1_sudo_t)

	logging_send_audit_msgs($1_sudo_t)
	logging_send_syslog_msg($1_sudo_t)

	miscfiles_read_localization($1_sudo_t)

	seutil_search_default_contexts($1_sudo_t)
	seutil_libselinux_linked($1_sudo_t)

	userdom_spec_domtrans_all_users($1_sudo_t)
	userdom_create_all_users_keys($1_sudo_t)
	userdom_create_user_pty($1_sudo_t)
	userdom_manage_user_home_content_files($1_sudo_t)
	userdom_manage_user_home_content_symlinks($1_sudo_t)
	userdom_manage_user_tmp_files($1_sudo_t)
	userdom_manage_user_tmp_symlinks($1_sudo_t)
	userdom_setattr_user_ptys($1_sudo_t)
	userdom_use_user_terminals($1_sudo_t)
	# for some PAM modules and for cwd
	userdom_dontaudit_search_user_home_content($1_sudo_t)
	userdom_dontaudit_search_user_home_dirs($1_sudo_t)

	ifdef(`hide_broken_symptoms', `
		dontaudit $1_sudo_t $3:socket_class_set { read write };
	')

	tunable_policy(`use_nfs_home_dirs',`
		fs_manage_nfs_files($1_sudo_t)
	')

	tunable_policy(`use_samba_home_dirs',`
		fs_manage_cifs_files($1_sudo_t)
	')

	optional_policy(`
		dbus_system_bus_client($1_sudo_t)

		ifdef(`init_systemd',`
			init_dbus_chat($1_sudo_t)
		')
	')

	optional_policy(`
		fprintd_dbus_chat($1_sudo_t)
	')

')

########################################
## <summary>
##	Send a SIGCHLD signal to the sudo domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`sudo_sigchld',`
	gen_require(`
		attribute sudodomain;
	')

	allow $1 sudodomain:process sigchld;
')
add sudo 2005-08-09 19:30:43 +00:00			`## <summary>Execute a command with a substitute user</summary>`

			`#######################################`
			`## <summary>`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`## The role template for the sudo module.`
add sudo 2005-08-09 19:30:43 +00:00			`## </summary>`
			`## <desc>`
			`## <p>`
			`## This template creates a derived domain which is allowed`
			`## to change the linux user id, to run commands as a different`
			`## user.`
			`## </p>`
			`## </desc>`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`## <param name="role_prefix">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`## The prefix of the user role (e.g., user`
			`## is the prefix for user_r).`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
add sudo 2005-08-09 19:30:43 +00:00			`## </param>`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`## <param name="user_role">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`## The user role.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
send user role to per userdomain templates. update templated interfaces to have the prefix be the first argument 2005-08-30 15:48:57 +00:00			`## </param>`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`## <param name="user_domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`## The user domain associated with the role.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
send user role to per userdomain templates. update templated interfaces to have the prefix be the first argument 2005-08-30 15:48:57 +00:00			`## </param>`
add sudo 2005-08-09 19:30:43 +00:00			`#`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			template(`sudo_role_template',`
add sudo 2005-08-09 19:30:43 +00:00
fixes for module compiling 2005-09-14 00:30:10 +00:00			gen_require(`
			`type sudo_exec_t;`
sudo patch from dan. 2009-07-28 14:29:11 +00:00			`attribute sudodomain;`
fixes for module compiling 2005-09-14 00:30:10 +00:00			`')`

add sudo 2005-08-09 19:30:43 +00:00			`##############################`
			`#`
			`# Declarations`
			`#`

remove trailing whitespaces 2016-12-06 12:28:10 +00:00			`type $1_sudo_t, sudodomain;`
Add user application, tmp and tmpfs file interfaces. 2011-10-28 12:48:10 +00:00			`userdom_user_application_domain($1_sudo_t, sudo_exec_t)`
another round of renaming 2006-02-20 21:33:25 +00:00			`domain_interactive_fd($1_sudo_t)`
sudo patch from dan. 2009-07-28 14:29:11 +00:00			`domain_role_change_exemption($1_sudo_t)`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`role $2 types $1_sudo_t;`
add sudo 2005-08-09 19:30:43 +00:00
			`##############################`
			`#`
			`# Local Policy`
			`#`

			`# Use capabilities.`
Sort capabilities permissions from Russell Coker. 2017-02-15 23:47:33 +00:00			`allow $1_sudo_t self:capability { chown dac_override fowner setgid setuid sys_nice sys_resource };`
Remove complement and wildcard in allow rules. Remove complement (~) and wildcard (*) in allow rules so that there are no unintentional additions when new permissions are declared. This patch does not add or remove permissions from any rules. 2017-08-13 20:21:44 +00:00			`allow $1_sudo_t self:process { signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr getrlimit rlimitinh siginh transition setsockcreate dyntransition noatsecure setkeycreate };`
add sudo 2005-08-09 19:30:43 +00:00			`allow $1_sudo_t self:process { setexec setrlimit };`
			`allow $1_sudo_t self:fd use;`
merge policy patterns to trunk 2006-12-12 20:08:08 +00:00			`allow $1_sudo_t self:fifo_file rw_fifo_file_perms;`
add sudo 2005-08-09 19:30:43 +00:00			`allow $1_sudo_t self:shm create_shm_perms;`
			`allow $1_sudo_t self:sem create_sem_perms;`
			`allow $1_sudo_t self:msgq create_msgq_perms;`
			`allow $1_sudo_t self:msg { send receive };`
more merging from 1.27.1-15 2005-10-14 17:55:40 +00:00			`allow $1_sudo_t self:unix_dgram_socket create_socket_perms;`
			`allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;`
			`allow $1_sudo_t self:unix_dgram_socket sendto;`
			`allow $1_sudo_t self:unix_stream_socket connectto;`
Sudo patch from Dan Walsh. 2010-02-11 14:15:45 +00:00			`allow $1_sudo_t self:key manage_key_perms;`
sudo patch from dan. 2009-07-28 14:29:11 +00:00
			`allow $1_sudo_t $3:key search;`
add sudo 2005-08-09 19:30:43 +00:00
			`# Enter this derived domain from the user domain`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`domtrans_pattern($3, sudo_exec_t, $1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00
			`# By default, revert to the calling domain when a shell is executed.`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`corecmd_shell_domtrans($1_sudo_t, $3)`
sudo patch from dan. 2009-07-28 14:29:11 +00:00			`corecmd_bin_domtrans($1_sudo_t, $3)`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`allow $3 $1_sudo_t:fd use;`
Two insignificant fixes that i stumbled on when merging dev_getattr_fs() Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-10-08 20:40:58 +00:00			`allow $3 $1_sudo_t:fifo_file rw_fifo_file_perms;`
Sudo patch from Dan Walsh. sudo gets execed by apps that leak sockets 2010-06-18 18:43:22 +00:00			`allow $3 $1_sudo_t:process signal_perms;`
add sudo 2005-08-09 19:30:43 +00:00
renaming from 20060131 interface review, round 2 2006-01-31 16:49:43 +00:00			`kernel_read_kernel_sysctls($1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00			`kernel_read_system_state($1_sudo_t)`
sudo patch from dan. 2009-07-28 14:29:11 +00:00			`kernel_link_key($1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00
Sudo patch from Dan Walsh. 2010-02-11 14:15:45 +00:00			`corecmd_exec_all_executables($1_sudo_t)`
fix ordering of interface calls in sudo. 2009-08-05 13:48:46 +00:00
Module version bump for Dominick's sudo cleanup. 2010-10-08 18:33:04 +00:00			`dev_getattr_fs($1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00			`dev_read_urand($1_sudo_t)`
sudo patch from dan. 2009-07-28 14:29:11 +00:00			`dev_rw_generic_usb_dev($1_sudo_t)`
			`dev_read_sysfs($1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00
fix ordering of interface calls in sudo. 2009-08-05 13:48:46 +00:00			`domain_use_interactive_fds($1_sudo_t)`
			`domain_sigchld_interactive_fds($1_sudo_t)`
			`domain_getattr_all_entry_files($1_sudo_t)`

			`files_read_etc_files($1_sudo_t)`
			`files_read_var_files($1_sudo_t)`
			`files_read_usr_symlinks($1_sudo_t)`
			`files_getattr_usr_files($1_sudo_t)`
			`# for some PAM modules and for cwd`
			`files_dontaudit_search_home($1_sudo_t)`
			`files_list_tmp($1_sudo_t)`

add sudo 2005-08-09 19:30:43 +00:00			`fs_search_auto_mountpoints($1_sudo_t)`
			`fs_getattr_xattr_fs($1_sudo_t)`

sudo patch from dan. 2009-07-28 14:29:11 +00:00			`selinux_validate_context($1_sudo_t)`
			`selinux_compute_relabel_context($1_sudo_t)`

sudo: wants to get attributes of generic pts filesystems. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-10-04 18:23:50 +00:00			`term_getattr_pty_fs($1_sudo_t)`
Hide getattr denials upon sudo invocation When sudo is invoked (sudo -i) the audit log gets quite a lot of denials related to the getattr permission against tty_device_t:chr_file for the *_sudo_t domain. However, no additional logging (that would hint at a need) by sudo, nor any functional issues come up. Hence the dontaudit call. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> 2014-03-25 20:30:04 +00:00			`term_dontaudit_getattr_unallocated_ttys($1_sudo_t)`
Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users. 2010-02-11 19:20:10 +00:00			`term_relabel_all_ttys($1_sudo_t)`
			`term_relabel_all_ptys($1_sudo_t)`
sudo patch from dan. 2009-07-28 14:29:11 +00:00
			`auth_run_chk_passwd($1_sudo_t, $2)`
patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00			`# sudo stores a token in the pam_pid directory`
			`auth_manage_pam_pid($1_sudo_t)`
pam_faillock creates files in /run/faillock These are changes needed when pam_fallock creates files in /run/faillock (which is labeled faillog_t). sudo and xdm (and probably other domains) will create files in this directory for successful and failed login attempts. v3 - Updated based on feedback type=AVC msg=audit(1545153126.899:210): avc: denied { search } for pid=8448 comm="lightdm" name="faillock" dev="tmpfs" ino=39318 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1545153131.090:214): avc: denied { write } for pid=8448 comm="lightdm" name="faillock" dev="tmpfs" ino=39318 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1545153131.090:214): avc: denied { add_name } for pid=8448 comm="lightdm" name="dsugar" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1545153131.090:214): avc: denied { create } for pid=8448 comm="lightdm" name="dsugar" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=file permissive=1 type=AVC msg=audit(1545153131.091:215): avc: denied { setattr } for pid=8448 comm="lightdm" name="dsugar" dev="tmpfs" ino=87599 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=file permissive=1 type=AVC msg=audit(1545167205.531:626): avc: denied { search } for pid=8264 comm="sudo" name="faillock" dev="tmpfs" ino=35405 scontext=sysadm_u:sysadm_r:cleaner_applyconfig_sudo_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1545167205.531:627): avc: denied { write } for pid=8264 comm="sudo" name="faillock" dev="tmpfs" ino=35405 scontext=sysadm_u:sysadm_r:cleaner_applyconfig_sudo_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1545167205.531:627): avc: denied { add_name } for pid=8264 comm="sudo" name="root" scontext=sysadm_u:sysadm_r:cleaner_applyconfig_sudo_t:s0-s0:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1545167205.531:627): avc: denied { create } for pid=8264 comm="sudo" name="root" scontext=sysadm_u:sysadm_r:cleaner_applyconfig_sudo_t:s0-s0:c0.c1023 tcontext=sysadm_u:object_r:faillog_t:s0 tclass=file permissive=1 Signed-off-by: Dave Sugar <dsugar@tresys.com> 2019-01-06 18:31:42 +00:00			`auth_use_pam($1_sudo_t)`
New sudo manages timestamp directory in /var/run/sudo Allow sudo (1.8.9_p5 and higher) to handle /var/run/sudo/ts if it does not exist (given the tmpfs nature of /var/run). This is done when sudo is run in the user prefixed domain, and requires both the chown capability as well as the proper file transition when /var/run/sudo is created. 2014-11-22 21:16:36 +00:00			`auth_pid_filetrans_pam_var_run($1_sudo_t, dir, "sudo")`
add sudo 2005-08-09 19:30:43 +00:00
Change initrc_var_run_t interface noun from script_pid to utmp for clarity. 2006-01-18 18:08:39 +00:00			`init_rw_utmp($1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00
sudo patch from dan. 2009-07-28 14:29:11 +00:00			`logging_send_audit_msgs($1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00			`logging_send_syslog_msg($1_sudo_t)`

			`miscfiles_read_localization($1_sudo_t)`

sudo patch from dan. 2009-07-28 14:29:11 +00:00			`seutil_search_default_contexts($1_sudo_t)`
			`seutil_libselinux_linked($1_sudo_t)`

			`userdom_spec_domtrans_all_users($1_sudo_t)`
sudo with SELinux support requires key handling When using sudo with SELinux integrated support, the sudo domains need to be able to create user keys. Without this privilege, any command invoked like "sudo /etc/init.d/local status" will run within the sudo domain (sysadm_sudo_t) instead of the sysadm_t domain (or whatever domain is mentioned in the sudoers file). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> 2012-04-11 18:42:59 +00:00			`userdom_create_all_users_keys($1_sudo_t)`
sudo: allow using use_pty flag When /etc/sudoers contains "Defaults use_pty", sudo creates a new pseudo-pty when running a command. This is currently denied from a sysadm_u session: type=AVC msg=audit(1567807315.843:13300): avc: denied { read write } for pid=5053 comm="sudo" name="ptmx" dev="devtmpfs" ino=1108 scontext=sysadm_u:sysadm_r:sysadm_sudo_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=0 As it seems logical for the newly-created pty to be labeled user_devpts_t, use userdom_create_user_pty() to allow this. Then, a new denial appears: type=AVC msg=audit(1567808670.441:13341): avc: denied { setattr } for pid=30256 comm="sudo" name="9" dev="devpts" ino=12 scontext=sysadm_u:sysadm_r:sysadm_sudo_t tcontext=sysadm_u:object_r:user_devpts_t tclass=chr_file permissive=0 type=SYSCALL msg=audit(1567808670.441:13341): arch=c000003e syscall=92 success=no exit=-13 a0=563c5aac5f80 a1=0 a2=5 a3=fffffffffffff874 items=0 ppid=20934 pid=30256 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts4 ses=687 comm="sudo" exe="/usr/bin/sudo" subj=sysadm_u:sysadm_r:sysadm_sudo_t key=(null) On x86-64, syscall 92 is chown(). Allow this access with userdom_setattr_user_ptys(). Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> 2019-09-06 22:37:52 +00:00			`userdom_create_user_pty($1_sudo_t)`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`userdom_manage_user_home_content_files($1_sudo_t)`
			`userdom_manage_user_home_content_symlinks($1_sudo_t)`
			`userdom_manage_user_tmp_files($1_sudo_t)`
			`userdom_manage_user_tmp_symlinks($1_sudo_t)`
sudo: allow using use_pty flag When /etc/sudoers contains "Defaults use_pty", sudo creates a new pseudo-pty when running a command. This is currently denied from a sysadm_u session: type=AVC msg=audit(1567807315.843:13300): avc: denied { read write } for pid=5053 comm="sudo" name="ptmx" dev="devtmpfs" ino=1108 scontext=sysadm_u:sysadm_r:sysadm_sudo_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=0 As it seems logical for the newly-created pty to be labeled user_devpts_t, use userdom_create_user_pty() to allow this. Then, a new denial appears: type=AVC msg=audit(1567808670.441:13341): avc: denied { setattr } for pid=30256 comm="sudo" name="9" dev="devpts" ino=12 scontext=sysadm_u:sysadm_r:sysadm_sudo_t tcontext=sysadm_u:object_r:user_devpts_t tclass=chr_file permissive=0 type=SYSCALL msg=audit(1567808670.441:13341): arch=c000003e syscall=92 success=no exit=-13 a0=563c5aac5f80 a1=0 a2=5 a3=fffffffffffff874 items=0 ppid=20934 pid=30256 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts4 ses=687 comm="sudo" exe="/usr/bin/sudo" subj=sysadm_u:sysadm_r:sysadm_sudo_t key=(null) On x86-64, syscall 92 is chown(). Allow this access with userdom_setattr_user_ptys(). Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> 2019-09-06 22:37:52 +00:00			`userdom_setattr_user_ptys($1_sudo_t)`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`userdom_use_user_terminals($1_sudo_t)`
add sudo 2005-08-09 19:30:43 +00:00			`# for some PAM modules and for cwd`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`userdom_dontaudit_search_user_home_content($1_sudo_t)`
Adding dontaudit for sudo Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> 2012-03-22 20:13:34 +00:00			`userdom_dontaudit_search_user_home_dirs($1_sudo_t)`
sudo patch from dan. 2009-07-28 14:29:11 +00:00
Sudo patch from Dan Walsh. sudo gets execed by apps that leak sockets 2010-06-18 18:43:22 +00:00			ifdef(`hide_broken_symptoms', `
			`dontaudit $1_sudo_t $3:socket_class_set { read write };`
			`')`

sudo patch from dan. 2009-07-28 14:29:11 +00:00			tunable_policy(`use_nfs_home_dirs',`
			`fs_manage_nfs_files($1_sudo_t)`
			`')`

			tunable_policy(`use_samba_home_dirs',`
			`fs_manage_cifs_files($1_sudo_t)`
			`')`

			optional_policy(`
			`dbus_system_bus_client($1_sudo_t)`
sudo: Whitespace fix. 2019-01-05 19:17:18 +00:00
systemd related interfaces This patch has interface changes related to systemd support as well as policy that uses the new interfaces. 2019-01-04 07:51:18 +00:00			ifdef(`init_systemd',`
			`init_dbus_chat($1_sudo_t)`
			`')`
sudo patch from dan. 2009-07-28 14:29:11 +00:00			`')`
Sudo patch from Dan Walsh. 2010-02-11 14:15:45 +00:00
			optional_policy(`
			`fprintd_dbus_chat($1_sudo_t)`
			`')`

sudo patch from dan. 2009-07-28 14:29:11 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Send a SIGCHLD signal to the sudo domain.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`sudo_sigchld',`
			gen_require(`
			`attribute sudodomain;`
			`')`

			`allow $1 sudodomain:process sigchld;`
add sudo 2005-08-09 19:30:43 +00:00			`')`