Merge pull request #339 from 0xC0ncord/feature/sudodomain_http_connect_boolean

This commit is contained in:
Chris PeBenito 2021-01-28 15:24:38 -05:00
commit 2e6d7b8cb9

View File

@ -1,5 +1,16 @@
policy_module(sudo, 1.15.0) policy_module(sudo, 1.15.0)
## <desc>
## <p>
## Determine whether all sudo domains
## can connect to TCP HTTP ports. This
## is needed if an additional authentication
## mechanism via an HTTP server is
## required for users to use sudo.
## </p>
## </desc>
gen_tunable(sudo_all_tcp_connect_http_port, false)
######################################## ########################################
# #
# Declarations # Declarations
@ -7,3 +18,7 @@ attribute sudodomain;
type sudo_exec_t; type sudo_exec_t;
application_executable_file(sudo_exec_t) application_executable_file(sudo_exec_t)
tunable_policy(`sudo_all_tcp_connect_http_port',`
corenet_tcp_connect_http_port(sudodomain)
')