From: jason@perfinion.com (Jason Zaman)
Date: Sat, 16 Sep 2017 01:16:14 +0800
Subject: [refpolicy] [PATCH 3/3] sudo: add fcontext for /run/sudo/ts/USERNAME
In-Reply-To: <20170915171614.26581-1-jason@perfinion.com>
References: <20170915171614.26581-1-jason@perfinion.com>
Message-ID: <20170915171614.26581-3-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This lets restorecon -F set the context properly
---
 policy/modules/system/authlogin.fc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index 68f61737..a0c4d1c9 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -49,5 +49,6 @@ ifdef(`distro_suse', `
 /run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 /run/sepermit(/.*)? 	gen_context(system_u:object_r:pam_var_run_t,s0)
 /run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
+/run/sudo/ts/%{USERNAME}	gen_context(system_u:object_r:pam_var_run_t,s0)
 /var/(db|adm)/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
 /var/lib/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
-- 
2.13.5