--- embedaddon/sudo/src/selinux.c 2012/05/29 12:26:49 1.1.1.2 +++ embedaddon/sudo/src/selinux.c 2013/10/14 07:56:35 1.1.1.4 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2010 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * Copyright (c) 2008 Dan Walsh * * Borrowed heavily from newrole source code @@ -74,7 +74,7 @@ audit_role_change(const security_context_t old_context /* Kernel may not have audit support. */ if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT ) - error(1, _("unable to open audit system")); + fatal(_("unable to open audit system")); } else { /* audit role change using the same format as newrole(1) */ easprintf(&message, "newrole: old-context=%s new-context=%s", @@ -339,7 +339,7 @@ selinux_setup(const char *role, const char *type, cons goto done; if (relabel_tty(ttyn, ptyfd) < 0) { - warning(_("unable to setup tty context for %s"), se_state.new_context); + warning(_("unable to set tty context to %s"), se_state.new_context); goto done; } @@ -366,9 +366,17 @@ selinux_execve(const char *path, char *const argv[], c int noexec) { char **nargv; + const char *sesh; int argc, serrno; debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) + sesh = sudo_conf_sesh_path(); + if (sesh == NULL) { + warningx("internal error: sesh path not set"); + errno = EINVAL; + debug_return; + } + if (setexeccon(se_state.new_context)) { warning(_("unable to set exec context to %s"), se_state.new_context); if (se_state.enforcing) @@ -399,7 +407,7 @@ selinux_execve(const char *path, char *const argv[], c memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */ /* sesh will handle noexec for us. */ - sudo_execve(_PATH_SUDO_SESH, nargv, envp, 0); + sudo_execve(sesh, nargv, envp, 0); serrno = errno; free(nargv); errno = serrno;