summaryrefslogtreecommitdiff
path: root/src/selinux.c
Commit message (Collapse)AuthorAgeFilesLines
* Avoid calling isatty()/ttyname() on std{in,out,err} if not a char dev.Todd C. Miller2023-04-181-1/+1
| | | | | The user controls these fds so we should avoid calling ioctl(2) on them unless they correspond to actual character device files.
* Use getopt() and getopt_long() for sesh command line options.Todd C. Miller2022-10-101-17/+18
|
* Defer chdir(2) until sesh when running with SELinux.Todd C. Miller2022-08-011-3/+15
| | | | | We need to be running with the correct security context or the chdir(2) may fail. GitHub issue #160.
* Make sudo pass -Wwrite-stringsTodd C. Miller2022-06-281-2/+5
|
* Enable intercept and log_subcmds for SELinux using ptrace and seccomp.Todd C. Miller2022-04-291-4/+6
|
* Back out changes to enable SELinux by default.Todd C. Miller2021-12-221-34/+19
| | | | This may return in a future release in a different form.
* Rename selinux_setcon -> selinux_setexecconTodd C. Miller2021-11-051-4/+4
|
* In the SELinux role is "unconfined_r", disable SELinux support.Todd C. Miller2021-11-051-5/+18
| | | | | We only want to apply SELinux to confined users. This is a bit of a hack as unconfined_r is specific to the targeted policy.
* Separate out the code to compute the context from selinux_setup().Todd C. Miller2021-11-051-52/+37
| | | | | | This makes it possible to determine whether we really need to execute the command via the sesh helper. What was left of selinux_setup() is now selinux_relabel_tty() and selinux_audit_role_change().
* Pass status of selinux sudoers setting to front-end as selinux-rbac.Todd C. Miller2021-11-051-21/+23
| | | | | | | The front-end uses this to decide whether or not to enable SELinux. If selinux-rbac is true _or_ if it is not present and selinux_role or selinux_type are set, SELinux support is enabled. Previously, SELinux support was only enabled if a role was specified.
* Make get_exec_context static, it is unused outside selinux.c.Todd C. Miller2021-11-011-1/+1
|
* Allocate a socketpair to communicate with sudo_intercept.so over.Todd C. Miller2021-08-091-1/+1
| | | | This is used for the intercept and log_children options.
* Add support for loading the sudo_intercept.so DSO.Todd C. Miller2021-08-091-1/+1
|
* Removed depricated security_context_tRadovan Sroka2021-04-011-12/+12
| | | | Signed-off-by: Radovan Sroka <rsroka@redhat.com>
* Fix some warnings from pvs-studioTodd C. Miller2020-08-121-1/+1
|
* Fix some warnings from pvs-studioTodd C. Miller2020-08-121-8/+8
|
* Quiet some clang 10 analyzer warnings.Todd C. Miller2020-08-071-0/+4
|
* We no longer need to include headers we don't use for sudo*.h files.Todd C. Miller2020-05-181-1/+0
| | | | | | Previously we needed to include headers required by the various sudo*h files. Now those files are more self-sufficient and we should only include headers needed by code in the various .c files.
* Fix sudoedit when running with SELinux RBAC mode.Todd C. Miller2020-04-211-15/+27
| | | | | | | | | | | | | We can't use run_command() to run sesh, that will use the sudo event loop (and might run it in a pty!). There's no need to relabel the tty when copying files. Get the path to sesh from sudo.conf. Currently, for SELinux RBAC, the editor runs with the target user's security context. This defeats the purpose of sudoedit. Fixing that requires passing file descriptors between the main sudo process (running with the invoking user's security context) and sesh (runnning with the target user's security context).
* debug_decl and debug_decl_vars now require a semicolon at the end.Todd C. Miller2019-12-221-6/+6
|
* Save/restore the raw form of the file context in case mctrans is not available.Todd C. Miller2019-12-111-14/+23
|
* Use dup3() instead of dup2().Todd C. Miller2019-11-021-2/+17
| | | | | This is less error prone since dup3() returns an error if old == new. Sudo guarantees that fds 0-2 are already open.
* Fix restoring the file context of the user's tty with SELinux.Todd C. Miller2019-09-271-5/+8
| | | | | Also fix broken tty labeling when running a command in a pty. Includes a fix for a typo introduced in the last change set.
* Add some debugging around context setting and tty labelingTodd C. Miller2019-09-271-44/+52
| | | | Also be more extact with error return values
* Add SPDX-License-Identifier to files.Todd C. Miller2019-04-291-0/+2
|
* Convert PVS-Studio comment to ANSI C.Todd C. Miller2018-10-261-2/+4
|
* Add comments in .c files so PVS-Studio will check them.Todd C. Miller2018-10-211-0/+3
|
* update my email to Todd.Miller@sudo.wsTodd C. Miller2017-12-031-1/+1
|
* After opening a tty device, fstat() and error out if it is notTodd C. Miller2017-05-301-3/+20
| | | | a character device.
* Be consistent with the naming of the variable used to store theTodd C. Miller2016-09-081-3/+3
| | | | | | function return value. Previously, some code used "rval", some used "ret". This standardizes on "ret" and uses "rc" for temporary return codes.
* Use O_NOCTTY when opening a tty.Todd C. Miller2016-05-161-2/+2
|
* Fix last commit, now that argc is not reset we need to explicitlyTodd C. Miller2016-05-131-1/+1
| | | | start the copy from argv[1]. From Daniel Kopecek
* cosmetic change to warning stringTodd C. Miller2016-05-121-1/+1
|
* Repair SELinux support, broken by 397722cdd7ec.Todd C. Miller2016-05-111-8/+6
| | | | From Daniel Kopecek.
* In relabel_tty() always jump to bad: on error, regardless of theTodd C. Miller2016-05-041-13/+7
| | | | | value of se_state.enforcing. On error, return -1 if enforcing, else 0. Coverity CID 104099.
* Use string_to_security_class() instead of pulling SECCLASS_CHR_FILETodd C. Miller2016-04-221-6/+13
| | | | from flask.h. Avoids a warning with new SELinux includes.
* Add support for using fexecve() if supported on commands that areTodd C. Miller2016-01-041-5/+12
| | | | checksummed.
* Change noexec flag in selinux_execve() from int to bool.Todd C. Miller2015-12-161-1/+1
|
* Only include stddef.h where it is needed.Todd C. Miller2015-06-201-1/+0
|
* Add function name to "unable to allocate memory" warnings.Todd C. Miller2015-06-191-3/+3
|
* Avoid using exiting allocators in the front end.Todd C. Miller2015-06-171-5/+14
|
* Add target for "make splint". A few files need extra guards to avoidTodd C. Miller2015-05-211-0/+4
| | | | | errors on systems where they would not otherwise be compiled. No warnings from splint.
* Go back to a 2 args debug_decl and just use the "default" instance,Todd C. Miller2015-02-011-7/+7
| | | | now renamed "active".
* Add support for multiple Debug lines per program. Callers mayTodd C. Miller2014-10-221-6/+6
| | | | | register arbitrary debug facilities or use built-in defaults. We now use separate Debug statements for plugins and programs.
* Audit failed user role changes. RedHat bz #665131Todd C. Miller2014-07-121-4/+9
|
* efree -> sudo_efree for consistencyTodd C. Miller2014-07-101-2/+2
|
* Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.hTodd C. Miller2014-06-271-3/+3
|
* Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespaceTodd C. Miller2014-06-271-28/+28
| | | | pollution in libsudo_util.so.
* Rename emalloc2() -> emallocarray() and erealloc3() -> ereallocarray().Todd C. Miller2014-04-221-2/+2
|
* Make noexec parameter to sudo_execve() bool.Todd C. Miller2014-01-081-1/+1
|
View Lorry Controller Status