From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 19 Feb 2011 11:05:13 +0100
Subject: [refpolicy] [patch 1/1] sudo: Fixes for sudo,
	handle /var/db/sudo
In-Reply-To: <4D5EA91C.1080409@redhat.com>
References: <4D5EA91C.1080409@redhat.com>
Message-ID: <20110219100513.GB6270@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, Feb 18, 2011 at 05:15:08PM +0000, Miroslav Grepl wrote:
> http://mgrepl.fedorapeople.org/F15/admin_sudo.patch
> 
>      * Allow sudo to send signals to any domains the user could have 
> transitioned to.
>      * Handle /var/db/sudo
>      * Allow users to run executables in /tmp or ~/

The /var/db/sudo use was discussed not that long ago. As it is a rename from
/var/run/sudo to /var/db/sudo (or /var/lib/sudo or /var/adm/sudo) the
previous mapping (pam_var_run_t) should be applied rather than create a new
type.

Wkr,
	Sven Vermeulen