[selinux-policy: 2397/3172] Sudo patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:32:46 UTC 2010
commit ed03a5b916f7275da5faaf84aff57e6b516d0024
Author: Chris PeBenito <pebenito at gentoo.org>
Date: Thu Feb 11 09:15:45 2010 -0500
Sudo patch from Dan Walsh.
policy/modules/admin/sudo.if | 9 +++++++--
policy/modules/admin/sudo.te | 2 +-
2 files changed, 8 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index d2deefe..100ca4a 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -66,6 +66,7 @@ template(`sudo_role_template',`
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
allow $1_sudo_t self:unix_dgram_socket sendto;
allow $1_sudo_t self:unix_stream_socket connectto;
+ allow $1_sudo_t self:key manage_key_perms;
allow $1_sudo_t $3:key search;
@@ -84,7 +85,7 @@ template(`sudo_role_template',`
kernel_link_key($1_sudo_t)
corecmd_read_bin_symlinks($1_sudo_t)
- corecmd_getattr_all_executables($1_sudo_t)
+ corecmd_exec_all_executables($1_sudo_t)
dev_read_urand($1_sudo_t)
dev_rw_generic_usb_dev($1_sudo_t)
@@ -132,7 +133,6 @@ template(`sudo_role_template',`
userdom_manage_user_tmp_files($1_sudo_t)
userdom_manage_user_tmp_symlinks($1_sudo_t)
userdom_use_user_terminals($1_sudo_t)
- userdom_use_user_terminals($1_sudo_t)
# for some PAM modules and for cwd
userdom_dontaudit_search_user_home_content($1_sudo_t)
@@ -147,6 +147,11 @@ template(`sudo_role_template',`
optional_policy(`
dbus_system_bus_client($1_sudo_t)
')
+
+ optional_policy(`
+ fprintd_dbus_chat($1_sudo_t)
+ ')
+
')
########################################
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index e7fa8ad..beb99e3 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -1,5 +1,5 @@
-policy_module(sudo, 1.5.0)
+policy_module(sudo, 1.5.1)
########################################
#
More information about the scm-commits
mailing list