commit: 21ac5d4937112c4cca29d52c36c91b240c2abb5f Author: Kenton Groombridge <me <AT> concord <DOT> sh> AuthorDate: Tue Jan 26 23:08:54 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Feb 1 01:21:42 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=21ac5d49
sudo: add tunable for HTTP connections Signed-off-by: Kenton Groombridge <me <AT> concord.sh> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/admin/sudo.te | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te index 2cebeef7..2ac111d6 100644 --- a/policy/modules/admin/sudo.te +++ b/policy/modules/admin/sudo.te @@ -1,5 +1,16 @@ policy_module(sudo, 1.15.0) +## <desc> +## <p> +## Determine whether all sudo domains +## can connect to TCP HTTP ports. This +## is needed if an additional authentication +## mechanism via an HTTP server is +## required for users to use sudo. +## </p> +## </desc> +gen_tunable(sudo_all_tcp_connect_http_port, false) + ######################################## # # Declarations @@ -7,3 +18,7 @@ attribute sudodomain; type sudo_exec_t; application_executable_file(sudo_exec_t) + +tunable_policy(`sudo_all_tcp_connect_http_port',` + corenet_tcp_connect_http_port(sudodomain) +')
