isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add an apparmor_profile sudo setting

Browse Source 
Define a new sudo setting, `apparmor_profile`, that can be used to pass
in an AppArmor profile that should be used to confine commands. If
apparmor_profile is specified, sudo will execute the command using the
new `apparmor_execve` function, which confines the command under the
provided profile before exec'ing it.
This commit is contained in:
kernelmethod
2022-05-23 13:41:42 -06:00
parent 0b541c2029
commit bd25b85a66
7 changed files with 150 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/sudo.h
View File

@@ -103,6 +103,7 @@
#define ARG_CWD 24
#define ARG_ASKPASS 25
#define ARG_INTERCEPT_SETID 26
#define ARG_APPARMOR_PROFILE 27
/*
* Flags for tgetpass()
@@ -198,6 +199,7 @@ struct command_details {
const char *chroot;
const char *selinux_role;
const char *selinux_type;
const char *apparmor_profile;
const char *utmp_user;
const char *tty;
char **argv;
@@ -285,6 +287,10 @@ int selinux_setexeccon(void);
void selinux_execve(int fd, const char *path, char *const argv[],
char *envp[], int flags);
/* apparmor.c */
int apparmor_is_enabled(void);
int apparmor_prepare(const char* new_profile);
/* solaris.c */
void set_project(struct passwd *);
int os_init_solaris(int argc, char *argv[], char *envp[]);