[refpolicy] admin_sudo.patch

Daniel J Walsh dwalsh at redhat.com
Tue Mar 24 08:11:37 CDT 2009


Lots of fixes for sudo domain.

sudo can now do stuff newrole used to do so it needs lots of SELinux 
acccess to change roles and types.

sudo writes stuff to homedir so needs to manage nfs and cifs if they are 

Need role access to send email on failed sudo, as well as checking passwd

Sends audit messages

Sudo checks whether it can execute an app before running so it needs to 
be able to execute any app.

Needs sys_nice

More information about the refpolicy mailing list