From 1fe3d0929e2fdf428949c72757951787eda21ff7 Mon Sep 17 00:00:00 2001 From: Sven Vermeulen Date: Wed, 11 Apr 2012 20:42:59 +0200 Subject: [PATCH] sudo with SELinux support requires key handling When using sudo with SELinux integrated support, the sudo domains need to be able to create user keys. Without this privilege, any command invoked like "sudo /etc/init.d/local status" will run within the sudo domain (sysadm_sudo_t) instead of the sysadm_t domain (or whatever domain is mentioned in the sudoers file). Signed-off-by: Sven Vermeulen --- policy/modules/admin/sudo.if | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if index 095a5058d..096019932 100644 --- a/policy/modules/admin/sudo.if +++ b/policy/modules/admin/sudo.if @@ -129,6 +129,7 @@ template(`sudo_role_template',` seutil_libselinux_linked($1_sudo_t) userdom_spec_domtrans_all_users($1_sudo_t) + userdom_create_all_users_keys($1_sudo_t) userdom_manage_user_home_content_files($1_sudo_t) userdom_manage_user_home_content_symlinks($1_sudo_t) userdom_manage_user_tmp_files($1_sudo_t)