Sudo patch from Dan Walsh.

sudo gets execed by apps that leak sockets

policy/modules/admin/sudo.if

@@ -78,7 +78,7 @@ template(`sudo_role_template',`
 	corecmd_bin_domtrans($1_sudo_t, $3)
 	allow $3 $1_sudo_t:fd use;
 	allow $3 $1_sudo_t:fifo_file rw_file_perms;
-	allow $3 $1_sudo_t:process sigchld;
+	allow $3 $1_sudo_t:process signal_perms;
 
 	kernel_read_kernel_sysctls($1_sudo_t)
 	kernel_read_system_state($1_sudo_t)
@@ -136,6 +136,10 @@ template(`sudo_role_template',`
 	# for some PAM modules and for cwd
 	userdom_dontaudit_search_user_home_content($1_sudo_t)
 
+	ifdef(`hide_broken_symptoms', `
+		dontaudit $1_sudo_t $3:socket_class_set { read write };
+	')
+
 	tunable_policy(`use_nfs_home_dirs',`
 		fs_manage_nfs_files($1_sudo_t)
 	')

policy/modules/admin/sudo.te

@@ -1,4 +1,4 @@
-policy_module(sudo, 1.6.0)
+policy_module(sudo, 1.6.1)
 
 ########################################
 #