From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 16 Sep 2017 13:15:14 -0400 Subject: [refpolicy] [PATCH 3/3] sudo: add fcontext for /run/sudo/ts/USERNAME In-Reply-To: <20170915171614.26581-3-jason@perfinion.com> References: <20170915171614.26581-1-jason@perfinion.com> <20170915171614.26581-3-jason@perfinion.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/15/2017 01:16 PM, Jason Zaman via refpolicy wrote: > This lets restorecon -F set the context properly > --- > policy/modules/system/authlogin.fc | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc > index 68f61737..a0c4d1c9 100644 > --- a/policy/modules/system/authlogin.fc > +++ b/policy/modules/system/authlogin.fc > @@ -49,5 +49,6 @@ ifdef(`distro_suse', ` > /run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0) > /run/sepermit(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) > /run/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) > +/run/sudo/ts/%{USERNAME} gen_context(system_u:object_r:pam_var_run_t,s0) > /var/(db|adm)/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) > /var/lib/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) Merged. -- Chris PeBenito