Set selinux role and type in command details.

2010-05-25 13:58:16 -04:00
parent 2942edcbd0
commit 937b5f166d
1 changed files with 6 additions and 0 deletions
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -608,6 +608,12 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
    }
    if (def_closefrom >= 0)
 	easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom);
+#ifdef HAVE_SELINUX
+    if (user_role != NULL)
+	command_info[info_len++] = fmt_string("selinux_role", user_role);
+    if (user_type != NULL)
+	command_info[info_len++] = fmt_string("selinux_type", user_type);
+#endif /* HAVE_SELINUX */

    /* Must audit before uid change. */
    audit_success(NewArgv);