/[smeserver]/rpms/sudo/sme9/sudo-1.8.6p3-auditrolechange.patch
ViewVC logotype

Annotation of /rpms/sudo/sme9/sudo-1.8.6p3-auditrolechange.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Thu Feb 4 19:44:07 2021 UTC (3 years, 4 months ago) by jpp
Branch: MAIN
CVS Tags: sudo-1_8_6p3-30_el6_sme, sudo-1_8_6p3-29_el6_9, HEAD 
Sudo
1 jpp 1.1 diff -up sudo-1.8.6p3/src/selinux.c.auditrolechange sudo-1.8.6p3/src/selinux.c
2     --- sudo-1.8.6p3/src/selinux.c.auditrolechange 2012-09-25 16:29:58.090826474 +0200
3     +++ sudo-1.8.6p3/src/selinux.c 2012-09-25 16:33:53.953084178 +0200
4     @@ -63,7 +63,7 @@ static struct selinux_state {
5     #ifdef HAVE_LINUX_AUDIT
6     static int
7     audit_role_change(const security_context_t old_context,
8     - const security_context_t new_context, const char *ttyn)
9     + const security_context_t new_context, const char *ttyn, int result)
10     {
11     int au_fd, rc = -1;
12     char *message;
13     @@ -80,7 +80,7 @@ audit_role_change(const security_context
14     easprintf(&message, "newrole: old-context=%s new-context=%s",
15     old_context, new_context);
16     rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
17     - message, NULL, NULL, ttyn, 1);
18     + message, NULL, NULL, ttyn, result);
19     if (rc <= 0)
20     warning(_("unable to send audit message"));
21     efree(message);
22     @@ -335,8 +335,13 @@ selinux_setup(const char *role, const ch
23     warningx("your old context was %s", se_state.old_context);
24     #endif
25     se_state.new_context = get_exec_context(se_state.old_context, role, type);
26     - if (!se_state.new_context)
27     + if (!se_state.new_context) {
28     +#ifdef HAVE_LINUX_AUDIT
29     + audit_role_change(se_state.old_context, "?",
30     + se_state.ttyn, 0);
31     +#endif
32     goto done;
33     + }
34    
35     if (relabel_tty(ttyn, ptyfd) < 0) {
36     warning(_("unable to setup tty context for %s"), se_state.new_context);
37     @@ -352,7 +357,7 @@ selinux_setup(const char *role, const ch
38    
39     #ifdef HAVE_LINUX_AUDIT
40     audit_role_change(se_state.old_context, se_state.new_context,
41     - se_state.ttyn);
42     + se_state.ttyn, 1);
43     #endif
44    
45     rval = 0;
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed