[sudo-workers] selinux and noexec
Todd C. Miller
Todd.Miller at courtesan.com
Tue Jan 24 13:29:15 EST 2012
On Mon, 23 Jan 2012 20:30:30 +0100, Arno Schuring wrote:
> Would anyone be interested in making NOEXEC works across SELinux domain
> changes? I wrote a patch for the current version in Debian that appears
> to work for me and I'd be willing to adapt it for upstream. However,
> I'm unfamiliar with Mercurial so I'd appreciate some pointers for that.
This sounds like a useful change. I have some basic instructions
on using Mercurial at http://www.sudo.ws/hg.html
> Basically, all the patch does is factor out disable_execute() into its
> own file and link it into sesh. However, that also pulls in libcommon
> for memory and error handling, and that in turn requires sesh to
> provide its own cleanup() version.
If it is easier you can just send me the patch and I can adapt it
for the upcoming sudo 1.8.4 release.
More information about the sudo-workers