# By default, revert to the calling domain when a shell is executed.
corecmd_shell_domtrans($1_sudo_t, $3)
corecmd_bin_domtrans($1_sudo_t, $3)
+ userdom_domtrans_user_home($1_sudo_t, $3)
+ userdom_domtrans_user_tmp($1_sudo_t, $3)
allow $3 $1_sudo_t:fd use;
- allow $3 $1_sudo_t:fifo_file rw_file_perms;
+ allow $3 $1_sudo_t:fifo_file rw_fifo_file_perms;
allow $3 $1_sudo_t:process signal_perms;
kernel_read_kernel_sysctls($1_sudo_t)
selinux_validate_context($1_sudo_t)
selinux_compute_relabel_context($1_sudo_t)
+ term_getattr_pty_fs($1_sudo_t)
term_relabel_all_ttys($1_sudo_t)
term_relabel_all_ptys($1_sudo_t)
+ term_getattr_pty_fs($1_sudo_t)
auth_run_chk_passwd($1_sudo_t, $2)
# sudo stores a token in the pam_pid directory
#
# Use (read and write) terminals
#
- define(`rw_inherited_term_perms', `{ getattr open read write ioctl append }')
- define(`rw_term_perms', `{ open rw_inherited_term_perms }')
+ define(`rw_term_perms', `{ getattr open read write append ioctl }')
++define(`rw_inherited_term_perms', `{ rw_term_perms -open }')
#
# Sockets