On 9/27/19 4:24 AM, Dominick Grift wrote:
On Fri, Sep 27, 2019 at 09:55:07AM +0200, Dominick Grift wrote:
sudo does not reset the role of my tty properly [1], and i was wondering if anyone is able to determine what is causing this [2]
[1] https://bugzilla.sudo.ws/show_bug.cgi?id=898
[2] https://www.sudo.ws/repos/sudo/file/tip/src/selinux.c
Does fgetfilecon() get the context from the actual path or does it get it from file_contexts?
If it does the latter then i guess that would explain it as pty/tty contexts are customizable and thus have no entry in file_contexts:
# matchpathcon /dev/pts/0
/dev/pts/0 <<none>>
In that case i guess it skips the relabel?
I don't think that's relevant. fgetfilecon() is a wrapper for
fgetxattr(2); it gets the actual context set on the file, not something
from file_contexts (you would use selabel_lookup(3) or matchpathcon(3)
for the latter).
The behavior you describe suggests that sudo is never calling
selinux_restore_tty() in this case (or there is some bug causing it to
abort before reaching the fsetfilecon, or causing that to fail).
Don't know if you can turn up verbosity/logging and/or use strace or
autrace or something to get more info.
