On 4/12/10 3:30 PM, "James Cammarata" <jimi@xxxxxxxx> wrote: > > Hi, we're looking towards running SELinux on RHEL5 in strict mode here, > however I'm not having any luck finding resources on configuring sudo to > work with SELinux properly. Are there any guides/resources to getting this > working? I've found some older mailing list threads that discuss adding > some new features to sudo to make it selinux-aware, but that doesn't seem > to have found it's way into RHEL5 yet (at least, as of 5.4). > Hi James, What do you want sudo to do with respect to SELinux? Are you looking for it to transition to a more trusted domain when it is run? Most of the time, we let sudo remain a DAC privilege escalation mechanism, but do not use it to escalate SELinux priveleges. We do generally transition into a derived domain for sudo (see sudo_role_template in reference policy for more info), so you could easily grant that derived domain additional privileges if that's what you're looking to do, but that's just policy and requires no SELinux knowledge in sudo. Thanks, Chad -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
