Need to allow output from processes under sudo.

Aleksey Nogin aleksey at
Sat May 1 17:56:27 UTC 2004

Recently sudo was changed back not to relabel the tty (see , for 
example). This means that now the processes that sudo might run need to 
be given explicit access to the caller's tty (until something better is 
implemented - see for my 
description of how I think it should work).

Anyway, for now I had to add to my local policy modes:

allow { checkpolicy_t consoletype_t ifconfig_t iptables_t ntpd_t 
load_policy_t sysadm_mail_t ping_t traceroute_t } 
staff_devpts_t:chr_file { getattr read write };
allow { locate_t sysadm_mail_t } staff_tmp_t:file { getattr write };

And this is probably still very incomplete.

Aleksey Nogin

Home Page:
E-Mail: nogin at (office), aleksey at (personal)
Office: Jorgensen 70, tel: (626) 395-2907

More information about the selinux mailing list