Need to allow output from processes under sudo.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Recently sudo was changed back not to relabel the tty (see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120213 , for example). This means that now the processes that sudo might run need to be given explicit access to the caller's tty (until something better is implemented - see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120213#c2 for my description of how I think it should work).

Anyway, for now I had to add to my local policy modes:

allow { checkpolicy_t consoletype_t ifconfig_t iptables_t ntpd_t load_policy_t sysadm_mail_t ping_t traceroute_t } staff_devpts_t:chr_file { getattr read write };
allow { locate_t sysadm_mail_t } staff_tmp_t:file { getattr write };

And this is probably still very incomplete.

--
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin@xxxxxxxxxxxxxx (office), aleksey@xxxxxxxxx (personal)
Office: Jorgensen 70, tel: (626) 395-2907
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux