Aleksey Nogin wrote:
On 13.03.2004 21:15, Russell Coker wrote:
sudo_t transitions to another domain upon executing shell_exec_t. If you execute a binary that's not of type shell_exec_t then that doesn't work.
Is there a reason for that? This is kind of unfortunatye - one of the big advantages of sudo is that it logs everything and having to execute the shell first is kind of inconvenient. Can transition on an ordinary bin_t be added?
I have just modified sudo to exec $SHELL -c COMMAND when in SELinux mode.
This should cause the transitions to happen properly.
SELinux will start the default shell under the context of the user, or the context overridden by the -r qualifier. Then if
the user specified a command with context, the transition should happen.
so if the user specified
sudo -r sysadm_r rpm -Uhv bind-9.2.3-9.i386.rpm
rpm should end up running in rpm_t context, Just as if you had started a shell as sysadm_t and executed the rpm command.
Dan
