fix ordering of interface calls in sudo.

2009-08-05 09:48:46 -04:00 · 2009-08-05 09:48:46 -04:00 · 9c47227c7a
parent 915dfa68b6
commit 9c47227c7a
1 changed files with 15 additions and 15 deletions
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@ -83,10 +83,25 @@ template(`sudo_role_template',`
 	kernel_read_system_state($1_sudo_t)
 	kernel_link_key($1_sudo_t)

+	corecmd_read_bin_symlinks($1_sudo_t)
+	corecmd_getattr_all_executables($1_sudo_t)
+
 	dev_read_urand($1_sudo_t)
 	dev_rw_generic_usb_dev($1_sudo_t)
 	dev_read_sysfs($1_sudo_t)

+	domain_use_interactive_fds($1_sudo_t)
+	domain_sigchld_interactive_fds($1_sudo_t)
+	domain_getattr_all_entry_files($1_sudo_t)
+
+	files_read_etc_files($1_sudo_t)
+	files_read_var_files($1_sudo_t)
+	files_read_usr_symlinks($1_sudo_t)
+	files_getattr_usr_files($1_sudo_t)
+	# for some PAM modules and for cwd
+	files_dontaudit_search_home($1_sudo_t)
+	files_list_tmp($1_sudo_t)
+
 	fs_search_auto_mountpoints($1_sudo_t)
 	fs_getattr_xattr_fs($1_sudo_t)

@ -101,21 +116,6 @@ template(`sudo_role_template',`
 	auth_manage_pam_pid($1_sudo_t)
 	auth_use_nsswitch($1_sudo_t)

-	corecmd_read_bin_symlinks($1_sudo_t)
-	corecmd_getattr_all_executables($1_sudo_t)
-
-	domain_use_interactive_fds($1_sudo_t)
-	domain_sigchld_interactive_fds($1_sudo_t)
-	domain_getattr_all_entry_files($1_sudo_t)
-
-	files_read_etc_files($1_sudo_t)
-	files_read_var_files($1_sudo_t)
-	files_read_usr_symlinks($1_sudo_t)
-	files_getattr_usr_files($1_sudo_t)
-	# for some PAM modules and for cwd
-	files_dontaudit_search_home($1_sudo_t)
-	files_list_tmp($1_sudo_t)
-
 	init_rw_utmp($1_sudo_t)

 	logging_send_audit_msgs($1_sudo_t)