From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 6 Feb 2011 15:57:07 +0100
Subject: [refpolicy] [PATCH 3/3] Label /var/db/sudo... as the sudo_db_t
 timestamp database type
Message-ID: <20110206145706.GA12290@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The sudo application uses /var/db/sudo to keep track of sudo timestamps (to
find out if sudo wants to ask the user to reauthenticate or not).

I have found the same policy rules in fedora's repository (commit
d46a2b01151fd5061cdecd4004dc5993225c053d by Dan Walsh) but couldn't find any
direct mail on the refpolicy archives with a request to push this through.

This is patch 3/3 for the correct labelling of the /var/db/sudo... location

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/admin/sudo.fc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/admin/sudo.fc b/policy/modules/admin/sudo.fc
index 7bddc02..16c88ac 100644
--- a/policy/modules/admin/sudo.fc
+++ b/policy/modules/admin/sudo.fc
@@ -1,2 +1,2 @@
-
 /usr/bin/sudo(edit)?	--	gen_context(system_u:object_r:sudo_exec_t,s0)
+/var/db/sudo(/.*)?		gen_context(system_u:object_r:sudo_db_t,s0)
-- 
1.7.3.4