diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te index 2cebeef7d..2ac111d6c 100644 --- a/policy/modules/admin/sudo.te +++ b/policy/modules/admin/sudo.te @@ -1,5 +1,16 @@ policy_module(sudo, 1.15.0) +## +##

+## Determine whether all sudo domains +## can connect to TCP HTTP ports. This +## is needed if an additional authentication +## mechanism via an HTTP server is +## required for users to use sudo. +##

+##
+gen_tunable(sudo_all_tcp_connect_http_port, false) + ######################################## # # Declarations @@ -7,3 +18,7 @@ attribute sudodomain; type sudo_exec_t; application_executable_file(sudo_exec_t) + +tunable_policy(`sudo_all_tcp_connect_http_port',` + corenet_tcp_connect_http_port(sudodomain) +')