isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Separate out the code to compute the context from selinux_setup().

Browse Source 
This makes it possible to determine whether we really need to execute
the command via the sesh helper.  What was left of selinux_setup()
is now selinux_relabel_tty() and selinux_audit_role_change().
This commit is contained in:
Todd C. Miller
2021-11-05 12:33:20 -06:00
parent a336a8422f
commit e97fb5fd0b
6 changed files with 61 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/sudo.h
View File

@@ -246,9 +246,10 @@ void usage(void) __attribute__((__noreturn__));
int os_init_openbsd(int argc, char *argv[], char *envp[]);
/* selinux.c */
int selinux_audit_role_change(void);
int selinux_getexeccon(const char *role, const char *type);
int selinux_relabel_tty(const char *ttyn, int ttyfd);
int selinux_restore_tty(void);
int selinux_setup(const char *role, const char *type, const char *ttyn,
int ttyfd, bool label_tty);
int selinux_setcon(void);
void selinux_execve(int fd, const char *path, char *const argv[],
char *envp[], bool noexec);