sudo: add fcontext for /run/sudo/ts/USERNAME

This lets restorecon -F set the context properly
author: Jason Zaman <jason@perfinion.com> 2017-09-15 15:14:21 +0800
committer: Jason Zaman <jason@perfinion.com> 2017-09-17 11:17:40 +0800
commit: 2bda37cd873705f0740cf82fc5a02383a14fdbba (patch)
tree: 3e2f6d94ed9aea053d144d1a90db9d013df8e708
parent: syslog: allow map persist file (diff)
download: hardened-refpolicy-2bda37cd873705f0740cf82fc5a02383a14fdbba.tar.gz
hardened-refpolicy-2bda37cd873705f0740cf82fc5a02383a14fdbba.tar.bz2
hardened-refpolicy-2bda37cd873705f0740cf82fc5a02383a14fdbba.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index 68f61737..a0c4d1c9 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -49,5 +49,6 @@ ifdef(`distro_suse', `
 /run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 /run/sepermit(/.*)? 	gen_context(system_u:object_r:pam_var_run_t,s0)
 /run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
+/run/sudo/ts/%{USERNAME}	gen_context(system_u:object_r:pam_var_run_t,s0)
 /var/(db|adm)/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
 /var/lib/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
author	Jason Zaman <jason@perfinion.com>	2017-09-15 15:14:21 +0800
committer	Jason Zaman <jason@perfinion.com>	2017-09-17 11:17:40 +0800
commit	2bda37cd873705f0740cf82fc5a02383a14fdbba (patch)
tree	3e2f6d94ed9aea053d144d1a90db9d013df8e708
parent	syslog: allow map persist file (diff)
download	hardened-refpolicy-2bda37cd873705f0740cf82fc5a02383a14fdbba.tar.gz hardened-refpolicy-2bda37cd873705f0740cf82fc5a02383a14fdbba.tar.bz2 hardened-refpolicy-2bda37cd873705f0740cf82fc5a02383a14fdbba.zip