version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2013/07/22 10:46:13
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 2008 Dan Walsh <dwalsh@redhat.com> |
* Copyright (c) 2008 Dan Walsh <dwalsh@redhat.com> |
* |
* |
* Borrowed heavily from newrole source code |
* Borrowed heavily from newrole source code |
Line 74 audit_role_change(const security_context_t old_context
|
Line 74 audit_role_change(const security_context_t old_context
|
/* Kernel may not have audit support. */ |
/* Kernel may not have audit support. */ |
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT |
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT |
) |
) |
error(1, _("unable to open audit system")); | fatal(_("unable to open audit system")); |
} else { |
} else { |
/* audit role change using the same format as newrole(1) */ |
/* audit role change using the same format as newrole(1) */ |
easprintf(&message, "newrole: old-context=%s new-context=%s", |
easprintf(&message, "newrole: old-context=%s new-context=%s", |
Line 366 selinux_execve(const char *path, char *const argv[], c
|
Line 366 selinux_execve(const char *path, char *const argv[], c
|
int noexec) |
int noexec) |
{ |
{ |
char **nargv; |
char **nargv; |
|
const char *sesh; |
int argc, serrno; |
int argc, serrno; |
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) |
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) |
|
|
|
sesh = sudo_conf_sesh_path(); |
|
if (sesh == NULL) { |
|
warningx("internal error: sesh path not set"); |
|
errno = EINVAL; |
|
debug_return; |
|
} |
|
|
if (setexeccon(se_state.new_context)) { |
if (setexeccon(se_state.new_context)) { |
warning(_("unable to set exec context to %s"), se_state.new_context); |
warning(_("unable to set exec context to %s"), se_state.new_context); |
if (se_state.enforcing) |
if (se_state.enforcing) |
Line 399 selinux_execve(const char *path, char *const argv[], c
|
Line 407 selinux_execve(const char *path, char *const argv[], c
|
memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */ |
memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */ |
|
|
/* sesh will handle noexec for us. */ |
/* sesh will handle noexec for us. */ |
sudo_execve(_PATH_SUDO_SESH, nargv, envp, 0); | sudo_execve(sesh, nargv, envp, 0); |
serrno = errno; |
serrno = errno; |
free(nargv); |
free(nargv); |
errno = serrno; |
errno = serrno; |