Sudo patch from Dan Walsh.
This commit is contained in:
parent
ca5dc2f1cb
commit
ed03a5b916
@ -66,6 +66,7 @@ template(`sudo_role_template',`
|
|||||||
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
|
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow $1_sudo_t self:unix_dgram_socket sendto;
|
allow $1_sudo_t self:unix_dgram_socket sendto;
|
||||||
allow $1_sudo_t self:unix_stream_socket connectto;
|
allow $1_sudo_t self:unix_stream_socket connectto;
|
||||||
|
allow $1_sudo_t self:key manage_key_perms;
|
||||||
|
|
||||||
allow $1_sudo_t $3:key search;
|
allow $1_sudo_t $3:key search;
|
||||||
|
|
||||||
@ -84,7 +85,7 @@ template(`sudo_role_template',`
|
|||||||
kernel_link_key($1_sudo_t)
|
kernel_link_key($1_sudo_t)
|
||||||
|
|
||||||
corecmd_read_bin_symlinks($1_sudo_t)
|
corecmd_read_bin_symlinks($1_sudo_t)
|
||||||
corecmd_getattr_all_executables($1_sudo_t)
|
corecmd_exec_all_executables($1_sudo_t)
|
||||||
|
|
||||||
dev_read_urand($1_sudo_t)
|
dev_read_urand($1_sudo_t)
|
||||||
dev_rw_generic_usb_dev($1_sudo_t)
|
dev_rw_generic_usb_dev($1_sudo_t)
|
||||||
@ -132,7 +133,6 @@ template(`sudo_role_template',`
|
|||||||
userdom_manage_user_tmp_files($1_sudo_t)
|
userdom_manage_user_tmp_files($1_sudo_t)
|
||||||
userdom_manage_user_tmp_symlinks($1_sudo_t)
|
userdom_manage_user_tmp_symlinks($1_sudo_t)
|
||||||
userdom_use_user_terminals($1_sudo_t)
|
userdom_use_user_terminals($1_sudo_t)
|
||||||
userdom_use_user_terminals($1_sudo_t)
|
|
||||||
# for some PAM modules and for cwd
|
# for some PAM modules and for cwd
|
||||||
userdom_dontaudit_search_user_home_content($1_sudo_t)
|
userdom_dontaudit_search_user_home_content($1_sudo_t)
|
||||||
|
|
||||||
@ -147,6 +147,11 @@ template(`sudo_role_template',`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_system_bus_client($1_sudo_t)
|
dbus_system_bus_client($1_sudo_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
fprintd_dbus_chat($1_sudo_t)
|
||||||
|
')
|
||||||
|
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(sudo, 1.5.0)
|
policy_module(sudo, 1.5.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user