RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sudo patch from Dan Walsh. 

sudo gets execed by apps that leak sockets
This commit is contained in:
Chris PeBenito 2010-06-18 14:43:22 -04:00
parent f7e3410aed
commit 3835c39a13
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
policy/modules/admin/sudo.if
View File

@ -78,7 +78,7 @@ template(`sudo_role_template',`
corecmd_bin_domtrans($1_sudo_t, $3) corecmd_bin_domtrans($1_sudo_t, $3)
allow $3 $1_sudo_t:fd use; allow $3 $1_sudo_t:fd use;
allow $3 $1_sudo_t:fifo_file rw_file_perms; allow $3 $1_sudo_t:fifo_file rw_file_perms;
allow $3 $1_sudo_t:process sigchld; allow $3 $1_sudo_t:process signal_perms;
kernel_read_kernel_sysctls($1_sudo_t) kernel_read_kernel_sysctls($1_sudo_t)
kernel_read_system_state($1_sudo_t) kernel_read_system_state($1_sudo_t)
@ -136,6 +136,10 @@ template(`sudo_role_template',`
# for some PAM modules and for cwd # for some PAM modules and for cwd
userdom_dontaudit_search_user_home_content($1_sudo_t) userdom_dontaudit_search_user_home_content($1_sudo_t)
ifdef(`hide_broken_symptoms', `
dontaudit $1_sudo_t $3:socket_class_set { read write };
')
tunable_policy(`use_nfs_home_dirs',` tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files($1_sudo_t) fs_manage_nfs_files($1_sudo_t)
') ')

2
policy/modules/admin/sudo.te
View File

@ -1,4 +1,4 @@
policy_module(sudo, 1.6.0) policy_module(sudo, 1.6.1)
######################################## ########################################
# #