sudo: add tunable for HTTP connections

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2021-01-26 18:08:54 -05:00
parent c521270688
commit 95dd9ebf61
No known key found for this signature in database
GPG Key ID: 16DD27345D9905A7

View File

@ -1,5 +1,16 @@
policy_module(sudo, 1.15.0)
## <desc>
## <p>
## Determine whether all sudo domains
## can connect to TCP HTTP ports. This
## is needed if an additional authentication
## mechanism via an HTTP server is
## required for users to use sudo.
## </p>
## </desc>
gen_tunable(sudo_all_tcp_connect_http_port, false)
########################################
#
# Declarations
@ -7,3 +18,7 @@ attribute sudodomain;
type sudo_exec_t;
application_executable_file(sudo_exec_t)
tunable_policy(`sudo_all_tcp_connect_http_port',`
corenet_tcp_connect_http_port(sudodomain)
')