394315 – SELinux support within sudo is still lacking

Bug 394315 - SELinux support within sudo is still lacking

Summary: SELinux support within sudo is still lacking

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sven Vermeulen (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:	394329
Blocks:
	Show dependency tree

Reported:	2011-12-11 11:42 UTC by Sven Vermeulen (RETIRED)
Modified:	2012-02-26 10:08 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sven Vermeulen (RETIRED) gentoo-dev

2011-12-11 11:42:36 UTC

Currently, using sudo as a means to delegate privileges is not fully functional with SELinux. For instance:

(1.) directly executing sudo commands ("sudo command") where the command would invoke a role transition as well (like "sudo /etc/init.d/local status") fails, the command runs in sysadm_sudo_t instead of sysadm_t
(2.) asking for a sudo shell ("sudo -i") fails, currently the way to get a shell is to use "sudo bash"

Reproducible: Always

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2011-12-26 16:57:32 UTC

(1.) will be resolved, (2.) is not supported upstream.

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2011-12-27 19:17:12 UTC

In hardened-dev overlay

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2012-01-14 20:09:00 UTC

Pushed to main tree, ~arch

Comment 4 Sven Vermeulen (RETIRED) gentoo-dev

2012-02-26 10:08:47 UTC

Marked as stable in tree