[sudo-workers] selinux and noexec

Todd C. Miller Todd.Miller at courtesan.com
Tue Jan 24 13:29:15 EST 2012


On Mon, 23 Jan 2012 20:30:30 +0100, Arno Schuring wrote:

> Would anyone be interested in making NOEXEC works across SELinux domain
> changes? I wrote a patch for the current version in Debian that appears
> to work for me and I'd be willing to adapt it for upstream. However,
> I'm unfamiliar with Mercurial so I'd appreciate some pointers for that.

This sounds like a useful change.  I have some basic instructions
on using Mercurial at http://www.sudo.ws/hg.html

> Basically, all the patch does is factor out disable_execute() into its
> own file and link it into sesh. However, that also pulls in libcommon
> for memory and error handling, and that in turn requires sesh to
> provide its own cleanup() version.

If it is easier you can just send me the patch and I can adapt it
for the upcoming sudo 1.8.4 release.

 - todd



More information about the sudo-workers mailing list