Sudo patch from Dan Walsh.
This commit is contained in:
Chris PeBenito
parent
ca5dc2f1cb
commit
ed03a5b916
@ -66,6 +66,7 @@ template(`sudo_role_template',`
|
||||
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow $1_sudo_t self:unix_dgram_socket sendto;
|
||||
allow $1_sudo_t self:unix_stream_socket connectto;
|
||||
allow $1_sudo_t self:key manage_key_perms;
|
||||
|
||||
allow $1_sudo_t $3:key search;
|
||||
|
||||
@ -84,7 +85,7 @@ template(`sudo_role_template',`
|
||||
kernel_link_key($1_sudo_t)
|
||||
|
||||
corecmd_read_bin_symlinks($1_sudo_t)
|
||||
corecmd_getattr_all_executables($1_sudo_t)
|
||||
corecmd_exec_all_executables($1_sudo_t)
|
||||
|
||||
dev_read_urand($1_sudo_t)
|
||||
dev_rw_generic_usb_dev($1_sudo_t)
|
||||
@ -132,7 +133,6 @@ template(`sudo_role_template',`
|
||||
userdom_manage_user_tmp_files($1_sudo_t)
|
||||
userdom_manage_user_tmp_symlinks($1_sudo_t)
|
||||
userdom_use_user_terminals($1_sudo_t)
|
||||
userdom_use_user_terminals($1_sudo_t)
|
||||
# for some PAM modules and for cwd
|
||||
userdom_dontaudit_search_user_home_content($1_sudo_t)
|
||||
|
||||
@ -147,6 +147,11 @@ template(`sudo_role_template',`
|
||||
optional_policy(`
|
||||
dbus_system_bus_client($1_sudo_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
fprintd_dbus_chat($1_sudo_t)
|
||||
')
|
||||
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(sudo, 1.5.0)
|
||||
policy_module(sudo, 1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user