Sudo patch from Dan Walsh.
sudo gets execed by apps that leak sockets
This commit is contained in:
parent
f7e3410aed
commit
3835c39a13
|
@ -78,7 +78,7 @@ template(`sudo_role_template',`
|
|||
corecmd_bin_domtrans($1_sudo_t, $3)
|
||||
allow $3 $1_sudo_t:fd use;
|
||||
allow $3 $1_sudo_t:fifo_file rw_file_perms;
|
||||
allow $3 $1_sudo_t:process sigchld;
|
||||
allow $3 $1_sudo_t:process signal_perms;
|
||||
|
||||
kernel_read_kernel_sysctls($1_sudo_t)
|
||||
kernel_read_system_state($1_sudo_t)
|
||||
|
@ -136,6 +136,10 @@ template(`sudo_role_template',`
|
|||
# for some PAM modules and for cwd
|
||||
userdom_dontaudit_search_user_home_content($1_sudo_t)
|
||||
|
||||
ifdef(`hide_broken_symptoms', `
|
||||
dontaudit $1_sudo_t $3:socket_class_set { read write };
|
||||
')
|
||||
|
||||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_manage_nfs_files($1_sudo_t)
|
||||
')
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
policy_module(sudo, 1.6.0)
|
||||
policy_module(sudo, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue