rpms / sudo

Clone
Source Code
GIT

Blame SOURCES/sudo-1.8.6p3-auditrolechange.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   3f2bfe4bcf59af6415ed0929e55c13f48254a8f0
  2.   SOURCES
  3.   sudo-1.8.6p3-auditrolechange.patch
Blob History Raw
1b092f 
diff -up sudo-1.8.6p3/src/selinux.c.auditrolechange sudo-1.8.6p3/src/selinux.c
1b092f 
--- sudo-1.8.6p3/src/selinux.c.auditrolechange	2012-09-25 16:29:58.090826474 +0200
1b092f 
+++ sudo-1.8.6p3/src/selinux.c	2012-09-25 16:33:53.953084178 +0200
1b092f 
@@ -63,7 +63,7 @@ static struct selinux_state {
1b092f 
 #ifdef HAVE_LINUX_AUDIT
1b092f 
 static int
1b092f 
 audit_role_change(const security_context_t old_context,
1b092f 
-    const security_context_t new_context, const char *ttyn)
1b092f 
+    const security_context_t new_context, const char *ttyn, int result)
1b092f 
 {
1b092f 
     int au_fd, rc = -1;
1b092f 
     char *message;
1b092f 
@@ -80,7 +80,7 @@ audit_role_change(const security_context
1b092f 
 	easprintf(&message, "newrole: old-context=%s new-context=%s",
1b092f 
 	    old_context, new_context);
1b092f 
 	rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
1b092f 
-	    message, NULL, NULL, ttyn, 1);
1b092f 
+	    message, NULL, NULL, ttyn, result);
1b092f 
 	if (rc <= 0)
1b092f 
 	    warning(_("unable to send audit message"));
1b092f 
 	efree(message);
1b092f 
@@ -335,8 +335,13 @@ selinux_setup(const char *role, const ch
1b092f 
     warningx("your old context was %s", se_state.old_context);
1b092f 
 #endif
1b092f 
     se_state.new_context = get_exec_context(se_state.old_context, role, type);
1b092f 
-    if (!se_state.new_context)
1b092f 
+    if (!se_state.new_context) {
1b092f 
+#ifdef HAVE_LINUX_AUDIT
1b092f 
+	audit_role_change(se_state.old_context, "?",
1b092f 
+	  se_state.ttyn, 0);
1b092f 
+#endif
1b092f 
 	goto done;
1b092f 
+    }
1b092f
1b092f 
     if (relabel_tty(ttyn, ptyfd) < 0) {
1b092f 
 	warning(_("unable to setup tty context for %s"), se_state.new_context);
1b092f 
@@ -352,7 +357,7 @@ selinux_setup(const char *role, const ch
1b092f
1b092f 
 #ifdef HAVE_LINUX_AUDIT
1b092f 
     audit_role_change(se_state.old_context, se_state.new_context,
1b092f 
-	se_state.ttyn);
1b092f 
+	se_state.ttyn, 1);
1b092f 
 #endif
1b092f
1b092f 
     rval = 0;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation