From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/
Date: Sun, 12 Oct 2014 09:13:41 +0000 (UTC) [thread overview]
Message-ID: <1413104182.67ee9d7026c6e3887eb590811aa1291682945840.swift@gentoo> (raw)
Message-ID: <20141012091341.lXB0JCTsoEurd9FRiLGuikh5RhbOrPHNQmy1mayRfTk@z> (raw)
commit: 67ee9d7026c6e3887eb590811aa1291682945840
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Oct 12 08:56:22 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Oct 12 08:56:22 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=67ee9d70
Allow setting ownership of ts/ directory
When creating the ts/ directory (in which sudo keeps timestamps), allow
the sudo application to set ownership.
No errors involved (only denial) but the end result is different (group
ownership is different, even though there is no group privilege).
---
policy/modules/admin/sudo.if | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index b282877..58c456b 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -161,6 +161,9 @@ template(`sudo_role_template',`
')
ifdef(`distro_gentoo',`
+ # Set ownership of ts directory (timestamp keeping)
+ allow $1_sudo_t self:capability { chown };
+ # Create /var/run/sudo
auth_pid_filetrans_pam_var_run($1_sudo_t, dir, "sudo")
')
')
next reply other threads:[~2014-10-12 9:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-12 8:59 Sven Vermeulen [this message]
2014-10-12 9:13 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/ Sven Vermeulen
-- strict thread matches above, loose matches on Subject: below --
2017-02-17 8:44 Jason Zaman
2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-01-01 16:36 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-01-01 16:37 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-06-09 10:45 Sven Vermeulen
2015-06-07 9:31 Sven Vermeulen
2015-01-29 6:51 Jason Zaman
2014-11-28 10:04 Sven Vermeulen
2014-11-27 22:23 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2014-10-12 8:44 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1413104182.67ee9d7026c6e3887eb590811aa1291682945840.swift@gentoo \
--to=swift@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox