The sudo application uses /var/db/sudo to keep track of sudo timestamps (to
find out if sudo wants to ask the user to reauthenticate or not).
I have found the same policy rules in fedora's repository (commit
d46a2b01151fd5061cdecd4004dc5993225c053d by Dan Walsh) but couldn't find any
direct mail on the refpolicy archives with a request to push this through.
This is patch 3/3 for the correct labelling of the /var/db/sudo... location
Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/admin/sudo.fc | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/policy/modules/admin/sudo.fc b/policy/modules/admin/sudo.fc
index 7bddc02..16c88ac 100644
--- a/policy/modules/admin/sudo.fc
+++ b/policy/modules/admin/sudo.fc
@@ -1,2 +1,2 @@
-
/usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0)
+/var/db/sudo(/.*)? gen_context(system_u:object_r:sudo_db_t,s0)
--
1.7.3.4