| 1 |
diff -up sudo-1.8.6p3/src/selinux.c.auditrolechange sudo-1.8.6p3/src/selinux.c |
| 2 |
--- sudo-1.8.6p3/src/selinux.c.auditrolechange 2012-09-25 16:29:58.090826474 +0200 |
| 3 |
+++ sudo-1.8.6p3/src/selinux.c 2012-09-25 16:33:53.953084178 +0200 |
| 4 |
@@ -63,7 +63,7 @@ static struct selinux_state { |
| 5 |
#ifdef HAVE_LINUX_AUDIT |
| 6 |
static int |
| 7 |
audit_role_change(const security_context_t old_context, |
| 8 |
- const security_context_t new_context, const char *ttyn) |
| 9 |
+ const security_context_t new_context, const char *ttyn, int result) |
| 10 |
{ |
| 11 |
int au_fd, rc = -1; |
| 12 |
char *message; |
| 13 |
@@ -80,7 +80,7 @@ audit_role_change(const security_context |
| 14 |
easprintf(&message, "newrole: old-context=%s new-context=%s", |
| 15 |
old_context, new_context); |
| 16 |
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, |
| 17 |
- message, NULL, NULL, ttyn, 1); |
| 18 |
+ message, NULL, NULL, ttyn, result); |
| 19 |
if (rc <= 0) |
| 20 |
warning(_("unable to send audit message")); |
| 21 |
efree(message); |
| 22 |
@@ -335,8 +335,13 @@ selinux_setup(const char *role, const ch |
| 23 |
warningx("your old context was %s", se_state.old_context); |
| 24 |
#endif |
| 25 |
se_state.new_context = get_exec_context(se_state.old_context, role, type); |
| 26 |
- if (!se_state.new_context) |
| 27 |
+ if (!se_state.new_context) { |
| 28 |
+#ifdef HAVE_LINUX_AUDIT |
| 29 |
+ audit_role_change(se_state.old_context, "?", |
| 30 |
+ se_state.ttyn, 0); |
| 31 |
+#endif |
| 32 |
goto done; |
| 33 |
+ } |
| 34 |
|
| 35 |
if (relabel_tty(ttyn, ptyfd) < 0) { |
| 36 |
warning(_("unable to setup tty context for %s"), se_state.new_context); |
| 37 |
@@ -352,7 +357,7 @@ selinux_setup(const char *role, const ch |
| 38 |
|
| 39 |
#ifdef HAVE_LINUX_AUDIT |
| 40 |
audit_role_change(se_state.old_context, se_state.new_context, |
| 41 |
- se_state.ttyn); |
| 42 |
+ se_state.ttyn, 1); |
| 43 |
#endif |
| 44 |
|
| 45 |
rval = 0; |
Parent Directory
| 
Revision Log
| 
Revision Graph
