[refpolicy] admin_sudo.patch

Daniel J Walsh dwalsh at redhat.com
Tue Mar 24 08:11:37 CDT 2009


http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_sudo.patch

Lots of fixes for sudo domain.

sudo can now do stuff newrole used to do so it needs lots of SELinux 
acccess to change roles and types.

sudo writes stuff to homedir so needs to manage nfs and cifs if they are 
homedirs

Need role access to send email on failed sudo, as well as checking passwd

Sends audit messages

Sudo checks whether it can execute an app before running so it needs to 
be able to execute any app.

Needs sys_nice



More information about the refpolicy mailing list