[sudo-workers] selinux and noexec

Arno Schuring aelschuring at hotmail.com
Mon Jan 23 14:30:30 EST 2012


Hello list,

Would anyone be interested in making NOEXEC works across SELinux domain
changes? I wrote a patch for the current version in Debian that appears
to work for me and I'd be willing to adapt it for upstream. However,
I'm unfamiliar with Mercurial so I'd appreciate some pointers for that.

Basically, all the patch does is factor out disable_execute() into its
own file and link it into sesh. However, that also pulls in libcommon
for memory and error handling, and that in turn requires sesh to
provide its own cleanup() version.

I'm not including the patch here because it's fairly large (500loc) due
to code motion. Nothing too scary, just a lot of churn.


Please keep me in CC, I'm not subscribed.

Regards,
Arno



More information about the sudo-workers mailing list