RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Hide getattr denials upon sudo invocation 

When sudo is invoked (sudo -i) the audit log gets quite a lot of denials
related to the getattr permission against tty_device_t:chr_file for the
*_sudo_t domain. However, no additional logging (that would hint at a
need) by sudo, nor any functional issues come up.

Hence the dontaudit call.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2014-03-25 21:30:04 +01:00 committed by Chris PeBenito
parent 8d94022284
commit 6e0000b725
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/admin/sudo.if
View File

@ -110,6 +110,7 @@ template(`sudo_role_template',`
selinux_compute_relabel_context($1_sudo_t)
term_getattr_pty_fs($1_sudo_t)
term_dontaudit_getattr_unallocated_ttys($1_sudo_t)
term_relabel_all_ttys($1_sudo_t)
term_relabel_all_ptys($1_sudo_t)