sudo with SELinux support requires key handling

When using sudo with SELinux integrated support, the sudo domains need to be able to create user keys. Without this
privilege, any command invoked like "sudo /etc/init.d/local status" will run within the sudo domain (sysadm_sudo_t)
instead of the sysadm_t domain (or whatever domain is mentioned in the sudoers file).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-04-11 20:42:59 +02:00 committed by Chris PeBenito
parent 2e83467903
commit 1fe3d0929e

View File

@ -129,6 +129,7 @@ template(`sudo_role_template',`
seutil_libselinux_linked($1_sudo_t)
userdom_spec_domtrans_all_users($1_sudo_t)
userdom_create_all_users_keys($1_sudo_t)
userdom_manage_user_home_content_files($1_sudo_t)
userdom_manage_user_home_content_symlinks($1_sudo_t)
userdom_manage_user_tmp_files($1_sudo_t)