[DSE-User] SELinux on Wheezy: sudo
Arno Schuring
aelschuring at hotmail.com
Thu Feb 9 23:04:06 UTC 2012
When performing role changes, sudo uses an internal binary to ensure
correct transitions. Make sure this binary is labeled as bin_t to avoid
entrypoint avc denials.
Regards,
Arno
-8<--
diff --git a/policy/modules/admin/sudo.fc b/policy/modules/admin/sudo.fc
index 7bddc02..17157f1 100644
--- a/policy/modules/admin/sudo.fc
+++ b/policy/modules/admin/sudo.fc
@@ -1,2 +1,4 @@
/usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0)
+
+/usr/lib/sudo/sesh -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index 1c5dbf2..f8823c5 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -1,4 +1,4 @@
-policy_module(sudo, 1.8.0)
+policy_module(sudo, 1.8.1)
########################################
#
More information about the Selinux-user
mailing list