sudo: add tunable for HTTP connections
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
c521270688
commit
95dd9ebf61
@ -1,5 +1,16 @@
|
||||
policy_module(sudo, 1.15.0)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Determine whether all sudo domains
|
||||
## can connect to TCP HTTP ports. This
|
||||
## is needed if an additional authentication
|
||||
## mechanism via an HTTP server is
|
||||
## required for users to use sudo.
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(sudo_all_tcp_connect_http_port, false)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
@ -7,3 +18,7 @@ attribute sudodomain;
|
||||
|
||||
type sudo_exec_t;
|
||||
application_executable_file(sudo_exec_t)
|
||||
|
||||
tunable_policy(`sudo_all_tcp_connect_http_port',`
|
||||
corenet_tcp_connect_http_port(sudodomain)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user