2
0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00

Pass status of selinux sudoers setting to front-end as selinux-rbac.

The front-end uses this to decide whether or not to enable SELinux.
If selinux-rbac is true _or_ if it is not present and selinux_role or
selinux_type are set, SELinux support is enabled.
Previously, SELinux support was only enabled if a role was specified.
This commit is contained in:
Todd C. Miller
2021-11-05 12:32:02 -06:00
parent 6804632591
commit a336a8422f
3 changed files with 40 additions and 24 deletions

View File

@@ -632,7 +632,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
}
/* Increase the length of command_info as needed, it is *not* checked. */
command_info = calloc(57, sizeof(char *));
command_info = calloc(58, sizeof(char *));
if (command_info == NULL)
goto oom;
@@ -897,6 +897,9 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
}
#endif /* HAVE_LOGIN_CAP_H */
#ifdef HAVE_SELINUX
if (asprintf(&command_info[info_len++], "selinux_rbac=%s",
def_selinux ? "true" : "false") == -1)
goto oom;
if (def_selinux && user_role != NULL) {
if ((command_info[info_len++] = sudo_new_key_val("selinux_role", user_role)) == NULL)
goto oom;