diff --git a/docs/sudo.conf.man.in b/docs/sudo.conf.man.in index b1d80e78e..6f6127d45 100644 --- a/docs/sudo.conf.man.in +++ b/docs/sudo.conf.man.in @@ -375,6 +375,7 @@ The default directory to use when searching for plugins that are specified without a fully qualified path name. The default value is \fI@plugindir@\fR. +.if \n(SL \{\ .TP 6n sesh The fully-qualified path to the diff --git a/docs/sudo.conf.man.in.sed b/docs/sudo.conf.man.in.sed index 2534bc893..dbea8a1bb 100644 --- a/docs/sudo.conf.man.in.sed +++ b/docs/sudo.conf.man.in.sed @@ -1,9 +1,9 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ \1/ -/^\.TP 10n$/ { +/^\.TP 6n$/ { N - /^.TP 10n\nsesh$/ { + /^.TP 6n\nsesh$/ { i\ .if \\n(SL \\{\\ } diff --git a/docs/sudo.man.in b/docs/sudo.man.in index 3bb35940a..87bd2deef 100644 --- a/docs/sudo.man.in +++ b/docs/sudo.man.in @@ -214,6 +214,7 @@ If no askpass program is available, \fBsudo\fR will exit with an error. .RE +.if \n(BA \{\ .TP 8n \fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR Use the specified @@ -230,6 +231,7 @@ entry in This option is only available on systems that support BSD authentication. +.\} .TP 8n \fB\-B\fR, \fB\--bell\fR Ring the bell as part of the password prompt when a terminal is present. @@ -265,6 +267,7 @@ policy only permits use of the option when the administrator has enabled the \fIclosefrom_override\fR option. +.if \n(LC \{\ .TP 8n \fB\-c\fR \fIclass\fR, \fB\--login-class\fR=\fIclass\fR Run the @@ -297,6 +300,7 @@ be applied, if present. This option is only available on systems with BSD login classes. +.\} .TP 8n \fB\-D\fR \fIdirectory\fR, \fB\--chdir\fR=\fIdirectory\fR Run the @@ -708,12 +712,14 @@ before running the \fIcommand\fR. The security policy may return an error if the user does not have permission to specify the root directory. +.if \n(SL \{\ .TP 8n \fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR Run the \fIcommand\fR with an SELinux security context that includes the specified \fIrole\fR. +.\} .TP 8n \fB\-S\fR, \fB\--stdin\fR Write the prompt to the standard error and read the password from the @@ -746,6 +752,7 @@ Most shells behave differently when a \fIcommand\fR is specified as compared to an interactive session; consult the shell's manual for details. +.if \n(SL \{\ .TP 8n \fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR Run the @@ -755,6 +762,7 @@ with an SELinux security context that includes the specified If no \fItype\fR is specified, the default type is derived from the role. +.\} .TP 8n \fB\-U\fR \fIuser\fR, \fB\--other-user\fR=\fIuser\fR Used in conjunction with the diff --git a/docs/sudo.man.in.sed b/docs/sudo.man.in.sed index 432dd7474..5659c98f7 100644 --- a/docs/sudo.man.in.sed +++ b/docs/sudo.man.in.sed @@ -9,37 +9,37 @@ s/^\(\[\\fB\\-c\\fR.*\\fIclass\\fR\]\) *$/.if \\n(LC \1/ s/^\(\[\\fB\\-r\\fR.*\\fIrole\\fR\]\) *$/.if \\n(SL \1/ s/^\(\[\\fB\\-t\\fR.*\\fItype\\fR\]\) *$/.if \\n(SL \1/ -/^\.TP 12n$/ { +/^\.TP 8n$/ { N - /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/i\ + /^\.TP 8n\n\\fB\\-a\\fR.*\\fItype\\fR$/,/^\.TP 8n/ { + /^\.TP 8n/ { + /^\.TP 8n\n\\fB\\-a\\fR.*\\fItype\\fR$/i\ .if \\n(BA \\{\\ - /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/!i\ + /^\.TP 8n\n\\fB\\-a\\fR.*\\fItype\\fR$/!i\ .\\} } } - /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/i\ + /^\.TP 8n\n\\fB\\-c\\fR.*\\fIclass\\fR$/,/^\.TP 8n/ { + /^\.TP 8n/ { + /^\.TP 8n\n\\fB\\-c\\fR.*\\fIclass\\fR$/i\ .if \\n(LC \\{\\ - /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/!i\ + /^\.TP 8n\n\\fB\\-c\\fR.*\\fIclass\\fR$/!i\ .\\} } } - /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/i\ + /^\.TP 8n\n\\fB\\-r\\fR.*\\fIrole\\fR$/,/^\.TP 8n/ { + /^\.TP 8n/ { + /^\.TP 8n\n\\fB\\-r\\fR.*\\fIrole\\fR$/i\ .if \\n(SL \\{\\ - /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/!i\ + /^\.TP 8n\n\\fB\\-r\\fR.*\\fIrole\\fR$/!i\ .\\} } } - /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/i\ + /^\.TP 8n\n\\fB\\-t\\fR.*\\fItype\\fR$/,/^\.TP 8n/ { + /^\.TP 8n/ { + /^\.TP 8n\n\\fB\\-t\\fR.*\\fItype\\fR$/i\ .if \\n(SL \\{\\ - /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/!i\ + /^\.TP 8n\n\\fB\\-t\\fR.*\\fItype\\fR$/!i\ .\\} } } diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in index 2b4657ac3..7f7c8b986 100644 --- a/docs/sudoers.man.in +++ b/docs/sudoers.man.in @@ -22,6 +22,7 @@ .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .nr SL @SEMAN@ +.nr AA @AAMAN@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ @@ -1387,20 +1388,28 @@ Cmnd_Spec ::= Runas_Spec? Option_Spec* (Tag_Spec ':')* Cmnd Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' .ie \n(SL \{\ -.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec) -.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec) +.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) .\} .el \{\ -.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec) -.el Option_Spec ::= (Date_Spec | Timeout_Spec) +.ie \n(AA \{\ +.ie \n(PS Option_Spec ::= (AppArmor_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.el Option_Spec ::= (AppArmor_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.\} +.el \{\ +.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.el Option_Spec ::= (Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.\} .\} .if \n(SL \{\ SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') .\} +.if \n(AA \{\ AppArmor_Spec ::= 'APPARMOR_PROFILE=profile' +.\} .if \n(PS \{\ Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') @@ -1622,7 +1631,9 @@ Options may consist of .if \n(SL \{\ SELinux roles and/or types, .\} +.if \n(AA \{\ AppArmor profiles, +.\} .if \n(PS \{\ Solaris privileges sets, .\} @@ -1653,6 +1664,7 @@ A role or type specified on the command line, however, will supersede the values in \fIsudoers\fR. .\} +.if \n(AA \{\ .SS "AppArmor_Spec" On systems supporting AppArmor, \fIsudoers\fR @@ -1711,6 +1723,7 @@ and user to run \fI/bin/ls\fR without any confinement at all. +.\} .if \n(PS \{\ .SS "Solaris_Priv_Spec" On Solaris systems, @@ -4255,7 +4268,7 @@ will set the umask to be the union of the user's umask and what is specified in This flag is \fI@umask_override@\fR by default. -.if \n(BA \{\ +.if \n(LC \{\ .TP 18n use_loginclass If set, @@ -4519,6 +4532,7 @@ The umask setting in PAM is not used for which does not create a new PAM session. .PP \fBStrings\fR: +.if \n(AA \{\ .TP 18n apparmor_profile The default AppArmor profile to transition into when executing the @@ -4532,6 +4546,7 @@ entries by specifying the option. This option is only available when sudo is built with AppArmor support. +.\} .TP 18n cmddenial_message .br diff --git a/docs/sudoers.man.in.sed b/docs/sudoers.man.in.sed index eca83a306..b7cd2e4ea 100644 --- a/docs/sudoers.man.in.sed +++ b/docs/sudoers.man.in.sed @@ -1,4 +1,5 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ +.nr AA @AAMAN@\ .nr BA @BAMAN@\ .nr LC @LCMAN@\ .nr PS @PSMAN@\ @@ -21,6 +22,15 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ } } +/^\.SS "AppArmor_Spec"$/,/^\.SS/ { + /^\.SS / { + /^\.SS "AppArmor_Spec"$/i\ +.if \\n(AA \\{\\ + /^\.SS "AppArmor_Spec"$/!i\ +.\\} + } +} + /^\.SS "Solaris_Priv_Spec"$/,/^\.SS/ { /^\.SS / { /^\.SS "Solaris_Priv_Spec"$/i\ @@ -32,12 +42,18 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ /^Option_Spec ::= / { s/^.*$/.ie \\n(SL \\{\\\ -.ie \\n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\ -.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec)\ +.ie \\n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\ +.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\ .\\}\ .el \\{\\\ -.ie \\n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\ -.el Option_Spec ::= (Date_Spec | Timeout_Spec)\ +.ie \\n(AA \\{\\\ +.ie \\n(PS Option_Spec ::= (AppArmor_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\ +.el Option_Spec ::= (AppArmor_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\ +.\\}\ +.el \\{\\\ +.ie \\n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\ +.el Option_Spec ::= (Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec)\ +.\\}\ .\\}/ } @@ -49,6 +65,14 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ .\\} } +/^AppArmor_Spec ::=/ { + i\ +.if \\n(AA \\{\\ + N + a\ +.\\} +} + /^Solaris_Priv_Spec ::=/ { i\ .if \\n(PS \\{\\ @@ -64,6 +88,13 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ .\\} } +/^AppArmor profiles,/ { + i\ +.if \\n(AA \\{\\ + a\ +.\\} +} + /^Solaris privileges sets,/ { i\ .if \\n(PS \\{\\ @@ -76,8 +107,16 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ /^\.TP 18n\nuse_loginclass$/,/^\.TP 18n/ { /^\.TP 18n/ { /^\.TP 18n\nuse_loginclass$/i\ -.if \\n(BA \\{\\ +.if \\n(LC \\{\\ /^\.TP 18n\nuse_loginclass$/!i\ +.\\} + } + } + /^\.TP 18n\napparmor_profile$/,/^\.TP 18n/ { + /^\.TP 18n/ { + /^\.TP 18n\napparmor_profile$/i\ +.if \\n(AA \\{\\ + /^\.TP 18n\napparmor_profile$/!i\ .\\} } }