sudo with SELinux support requires key handling
When using sudo with SELinux integrated support, the sudo domains need to be able to create user keys. Without this privilege, any command invoked like "sudo /etc/init.d/local status" will run within the sudo domain (sysadm_sudo_t) instead of the sysadm_t domain (or whatever domain is mentioned in the sudoers file). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
2e83467903
commit
1fe3d0929e
@ -129,6 +129,7 @@ template(`sudo_role_template',`
|
||||
seutil_libselinux_linked($1_sudo_t)
|
||||
|
||||
userdom_spec_domtrans_all_users($1_sudo_t)
|
||||
userdom_create_all_users_keys($1_sudo_t)
|
||||
userdom_manage_user_home_content_files($1_sudo_t)
|
||||
userdom_manage_user_home_content_symlinks($1_sudo_t)
|
||||
userdom_manage_user_tmp_files($1_sudo_t)
|
||||
|
Loading…
Reference in New Issue
Block a user