[packages/sudo.git] / sudo-selinux.patch

--- sudo-1.6.7p5/Makefile.in.selinux	2003-04-15 20:39:10.000000000 -0400
+++ sudo-1.6.7p5/Makefile.in	2004-01-02 20:18:14.000000000 -0500
@@ -59,7 +59,8 @@
 # Libraries
 LIBS = @LIBS@
 NET_LIBS = @NET_LIBS@
-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
+SELINUX_LIBS = -lselinux 
+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
 
 # C preprocessor flags
 CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
@@ -105,7 +106,7 @@
 sudoers_mode = @SUDOERS_MODE@
 
 # Pass in paths and uid/gid + OS dependent defined
-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
 
 #### End of system configuration section. ####
 
--- sudo-1.6.7p5/sudo.c.selinux	2003-04-15 20:39:14.000000000 -0400
+++ sudo-1.6.7p5/sudo.c	2004-01-13 21:38:54.668372568 -0500
@@ -101,6 +101,16 @@
 #include "interfaces.h"
 #include "version.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/flask.h>             /* for SECCLASS_CHR_FILE */
+#include <selinux/selinux.h>           /* for is_selinux_enabled() */
+#include <selinux/context.h>           /* for context-mangling functions */
+#include <selinux/get_default_type.h>
+char *role_s = NULL;                  /* role spec'd by user in argv[] */
+char *type_s = NULL;                  /* type spec'd by user in argv[] */
+char *ttyn   = NULL;	                /* tty path */
+#endif
+
 #ifndef lint
 static const char rcsid[] = "$Sudo: sudo.c,v 1.334 2003/04/01 15:02:49 millert Exp $";
 #endif /* lint */
@@ -414,10 +424,195 @@
 	(void) sigaction(SIGCHLD, &saved_sa_chld, NULL);
 
 #ifndef PROFILING
-	if ((sudo_mode & MODE_BACKGROUND) && fork() > 0)
+	if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) {
+	  exit(0);
+	}
+#ifdef WITH_SELINUX
+	if( is_selinux_enabled() >0) {
+	  security_context_t old_context=NULL;	/* our original securiy ID ("old_context") */
+	  security_context_t new_context=NULL;  /* our target security ID ("sid") */
+	  security_context_t tty_context=NULL;  /* current sid of tty */
+	  security_context_t new_tty_context=NULL; /* sid to change to while running command*/
+
+	  /*
+	   *	
+	   * Step 1:  Handle command-line arguments.
+	   *
+	   */
+
+	  security_context_t context_s;      /* our security context as a string */
+	  int context_length;
+	  context_t context;                 /* manipulatable form of context_s */
+  
+
+	  /* Fill in a default type if one hasn't been specified */
+	  if( role_s && !type_s ) {
+	    if( get_default_type(role_s,&type_s) )
+	      {
+		fprintf(stderr,"Couldn't get default type.\n");
+		exit(-1);
+	      }
+#ifdef CANTSPELLGDB
+	    printf( "Your type will be %s.\n", type_s );
+#endif  
+	  }
+
+ 
+	  /*
+	   * Get the SID and context of the caller, and extract
+	   * the username from the context.  Don't rely on the Linux
+	   * uid information - it isn't trustworthy.
+	   */
+
+	  /* Put the caller's SID into `old_context'. */
+	  if( 0!=(getprevcon(&old_context)) ) {
+	    fprintf(stderr,"failed to get old_context.\n");
+	    exit(-1);
+	  }
+
+#ifdef CANTSPELLGDB
+	  printf( "Your old context was %s\n", old_context );
+#endif
+	  /* 
+	   * Create a context structure so that we extract and modify 
+	   * components easily. 
+	   */
+	  context=context_new(old_context);
+
+	  /*
+	   *
+	   * Step 3:  Construct a new SID based on our old SID and the
+	   *          arguments specified on the command line.
+	   *
+	   */
+      
+	  /* The first step in constructing a new SID for the new shell we  *
+	   * plan to exec is to take our old context in `context' as a   *
+	   * starting point, and modify it according to the options the user *
+	   * specified on the command line.                                  */
+      
+	  /* If the user specified a new role on the command line (if `role_s'   *
+	   * is set), then replace the old role in `context' with this new role. */
+	  if( role_s ) {
+	    if( context_role_set(context,role_s)) {
+	      fprintf(stderr,"failed to set new role %s\n",role_s);
+	      exit(-1);
+	    }
+#ifdef CANTSPELLGDB
+	    printf("Your new role is %s\n",context_role_get(context));
+#endif
+	  } /* if user specified new role */
+      
+	  /* If the user specified a new type on the command line (if `type_s'   *
+	   * is set), then replace the old type in `context' with this new type. */
+	  if( type_s ) {
+	    if( context_type_set(context,type_s)) {
+	      fprintf(stderr,"failed to set new type %s\n",type_s);
+	      exit(-1);
+	    }
+#ifdef CANTSPELLGDB
+	    printf("Your new type is %s\n",context_type_get(context));
+#endif
+	  } /* if user specified new type */
+      
+	  /* The second step in creating the new SID is to convert our modified *
+	   * `context' structure back to a context string and then to a SID.    */
+      
+	  /* Make `context_s' point to a string version of the new `context'.  */
+	  if( !(new_context=context_str(context))) {
+	    fprintf(stderr,"failed to convert new context to string\n" );
+	    exit(-1);
+	  }
+      
+#ifdef CANTSPELLGDB
+	  printf("Your new context is %s\n",new_context);
+#endif
+      
+	  /*
+	   *
+	   * Step 4: Handle relabeling of the tty.
+	   *
+	   */
+      
+	  /* Fetch TTY information */
+	  ttyn=ttyname(0);
+	  if (! ( ttyn==NULL || *ttyn=='\0')) {
+	    if (getfilecon(ttyn,&tty_context) <0 ) {
+	      fprintf(stderr, "Could not retrieve tty information.\n");
+	    } else {
+
+#ifdef CANTSPELLGDB
+	      printf("Your tty %s was labeled with SID %d\n", ttyn, tty_context);
+#endif
+
+	      new_tty_context = NULL;
+	      if (security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
+		fprintf(stderr, "Warning!  Could not get new context for %s, not relabeling.\n", ttyn);
+	      else 
+		{
+
+#ifdef CANTSPELLGDB
+		  printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
+#endif
+
+		  /* Relabel it */
+		  if( setfilecon(ttyn,new_tty_context)!=0 ) {
+		    fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
+		  }
+		  freecon(new_tty_context);
+		}
+	    }
+	  }
+	  /* Fork, allowing parent to clean up after shell has executed */
+	  pid_t childPid=fork();
+	  if( childPid<0 ) {
+	    int errsv=errno;
+	    
+	    fprintf(stderr,"sudo: failure forking: %s",strerror(errsv));
+	    exit(-1);
+	  } else if (childPid) {
+	    /* PARENT */
+	    wait(NULL);
+
+	    if (tty_context!=NULL) {
+#ifdef CANTSPELLGDB
+	      printf("Restoring tty %s back to SID %d\n", ttyn, tty_context);
+#endif
+
+	      /* Cleanup TTY Context */
+	      setfilecon(ttyn,tty_context);
+	      freecon(tty_context);
+	    }
+	    
+	    /* Done! */
 	    exit(0);
-	else
-	    EXEC(safe_cmnd, NewArgv);	/* run the command */
+	  }
+	  if (setexeccon(new_context) < 0) {
+	    fprintf(stderr, "Could not set exec context to %s.\n", new_context);
+	    exit(-1);
+	  }
+	  freecon(new_context);
+	  /* Close and reopen descriptors 0 through 2 */
+	  if( close(0) || close(1) || close(2) )
+	    {
+	      fprintf(stderr,"Could not close descriptors.\n");
+	      exit(-1);
+	    }
+	  fd = open(ttyn,O_RDWR);
+	  if (fd != 0) {
+	    exit(-1);
+	  }
+	  fd = open(ttyn,O_RDWR);  
+	  if (fd != 1) {
+	    exit(-1);
+	  }
+	  fd = open(ttyn,O_RDWR);  
+	  if (fd != 2) {
+	    exit(-1);
+	  }
+	}
+#endif
+	EXEC(safe_cmnd, NewArgv);	/* run the command */
 #else
 	exit(0);
 #endif /* PROFILING */
@@ -693,6 +888,30 @@
 		NewArgv++;
 		break;
 #endif
+#ifdef WITH_SELINUX
+	    case 'r':
+		/* Must have an associated SELinux role. */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		role_s = NewArgv[1];
+
+		/* Shift Argv over and adjust Argc. */
+		NewArgc--;
+		NewArgv++;
+		break;
+	    case 't':
+		/* Must have an associated SELinux type. */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		type_s = NewArgv[1];
+
+		/* Shift Argv over and adjust Argc. */
+		NewArgc--;
+		NewArgv++;
+		break;
+#endif
 #ifdef HAVE_LOGIN_CAP_H
 	    case 'c':
 		/* Must have an associated login class. */
@@ -1063,6 +1282,9 @@
 #ifdef HAVE_BSD_AUTH_H
     (void) fprintf(stderr, "[-a auth_type] ");
 #endif
+#ifdef WITH_SELINUX
+    (void) fprintf(stderr, "[-r role] [-t type] ");
+#endif
     (void) fprintf(stderr, "-s | <command>\n");
     exit(exit_val);
 }
--- sudo-1.6.7p5/sudo.man.in.selinux	2003-04-15 20:39:14.000000000 -0400
+++ sudo-1.6.7p5/sudo.man.in	2004-01-02 20:18:14.000000000 -0500
@@ -174,7 +174,7 @@
 .IX Header "SYNOPSIS"
 \&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
 [ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ]
-[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ]
+[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ] 
 [ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
@@ -327,6 +327,16 @@
 the group vector to the list of groups the target user is in.
 The real and effective group IDs, however, are still set to match
 the target user.
+.IP "\-r" 4
+.IX Item "-r"
+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
+\fIROLE\fR.
+.IP "\-t" 4
+.IX Item "-t" 
+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
+specified by
+\fITYPE\fR.
+If no type is specified, the default type is derived from the specified role.
 .IP "\-S" 4
 .IX Item "-S"
 The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
--- sudo-1.6.7p5/sudoers.selinux	2001-12-16 23:45:52.000000000 -0500
+++ sudo-1.6.7p5/sudoers	2004-01-02 20:18:14.000000000 -0500
@@ -14,7 +14,8 @@
 # Defaults specification
 
 # User privilege specification
-root	ALL=(ALL) ALL
+#You should not use sudo as root in an SELinux environment
+#root	ALL=(ALL) ALL
 
 # Uncomment to allow people in group wheel to run all commands
 # %wheel	ALL=(ALL)	ALL
Commit	Line	Data
5cb05c03	1	--- sudo-1.6.7p5/Makefile.in.selinux 2003-04-15 20:39:10.000000000 -0400
ad1310e6	2	+++ sudo-1.6.7p5/Makefile.in 2004-01-02 20:18:14.000000000 -0500
5cb05c03 AM	3	@@ -59,7 +59,8 @@
	4	# Libraries
	5	LIBS = @LIBS@
	6	NET_LIBS = @NET_LIBS@
	7	-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
	8	+SELINUX_LIBS = -lselinux
	9	+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
	10
	11	# C preprocessor flags
	12	CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
	13	@@ -105,7 +106,7 @@
	14	sudoers_mode = @SUDOERS_MODE@
	15
	16	# Pass in paths and uid/gid + OS dependent defined
	17	-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
	18	+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
	19
	20	#### End of system configuration section. ####
	21
	22	--- sudo-1.6.7p5/sudo.c.selinux 2003-04-15 20:39:14.000000000 -0400
ad1310e6 AM	23	+++ sudo-1.6.7p5/sudo.c 2004-01-13 21:38:54.668372568 -0500
ad1310e6 AM	24	@@ -101,6 +101,16 @@
5cb05c03 AM	25	#include "interfaces.h"
	26	#include "version.h"
	27
	28	+#ifdef WITH_SELINUX
	29	+#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */
	30	+#include <selinux/selinux.h> /* for is_selinux_enabled() */
	31	+#include <selinux/context.h> /* for context-mangling functions */
	32	+#include <selinux/get_default_type.h>
ad1310e6 AM	33	+char role_s = NULL; / role spec'd by user in argv[] */
	34	+char type_s = NULL; / type spec'd by user in argv[] */
	35	+char ttyn = NULL; / tty path */
5cb05c03 AM	36	+#endif
	37	+
	38	#ifndef lint
	39	static const char rcsid[] = "$Sudo: sudo.c,v 1.334 2003/04/01 15:02:49 millert Exp $";
	40	#endif /* lint */
ad1310e6 AM	41	@@ -414,10 +424,195 @@
ad1310e6 AM	42	(void) sigaction(SIGCHLD, &saved_sa_chld, NULL);
5cb05c03	43
ad1310e6 AM	44	#ifndef PROFILING
	45	- if ((sudo_mode & MODE_BACKGROUND) && fork() > 0)
	46	+ if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) {
	47	+ exit(0);
	48	+ }
5cb05c03	49	+#ifdef WITH_SELINUX
ad1310e6 AM	50	+ if( is_selinux_enabled() >0) {
	51	+ security_context_t old_context=NULL; /* our original securiy ID ("old_context") */
	52	+ security_context_t new_context=NULL; /* our target security ID ("sid") */
	53	+ security_context_t tty_context=NULL; /* current sid of tty */
	54	+ security_context_t new_tty_context=NULL; /* sid to change to while running command*/
5cb05c03	55	+
ad1310e6 AM	56	+ /*
	57	+ *
	58	+ * Step 1: Handle command-line arguments.
	59	+ *
	60	+ */
5cb05c03	61	+
ad1310e6 AM	62	+ security_context_t context_s; /* our security context as a string */
	63	+ int context_length;
	64	+ context_t context; /* manipulatable form of context_s */
5cb05c03 AM	65	+
5cb05c03 AM	66	+
ad1310e6 AM	67	+ /* Fill in a default type if one hasn't been specified */
	68	+ if( role_s && !type_s ) {
	69	+ if( get_default_type(role_s,&type_s) )
	70	+ {
	71	+ fprintf(stderr,"Couldn't get default type.\n");
	72	+ exit(-1);
	73	+ }
5cb05c03	74	+#ifdef CANTSPELLGDB
ad1310e6	75	+ printf( "Your type will be %s.\n", type_s );
5cb05c03	76	+#endif
ad1310e6	77	+ }
5cb05c03 AM	78	+
5cb05c03 AM	79	+
ad1310e6 AM	80	+ /*
	81	+ * Get the SID and context of the caller, and extract
	82	+ * the username from the context. Don't rely on the Linux
	83	+ * uid information - it isn't trustworthy.
	84	+ */
5cb05c03	85	+
ad1310e6 AM	86	+ /* Put the caller's SID into `old_context'. */
	87	+ if( 0!=(getprevcon(&old_context)) ) {
	88	+ fprintf(stderr,"failed to get old_context.\n");
	89	+ exit(-1);
	90	+ }
5cb05c03 AM	91	+
5cb05c03 AM	92	+#ifdef CANTSPELLGDB
ad1310e6	93	+ printf( "Your old context was %s\n", old_context );
5cb05c03	94	+#endif
ad1310e6 AM	95	+ /*
	96	+ * Create a context structure so that we extract and modify
	97	+ * components easily.
	98	+ */
	99	+ context=context_new(old_context);
5cb05c03	100	+
ad1310e6 AM	101	+ /*
	102	+ *
	103	+ * Step 3: Construct a new SID based on our old SID and the
	104	+ * arguments specified on the command line.
	105	+ *
	106	+ */
5cb05c03	107	+
ad1310e6 AM	108	+ /* The first step in constructing a new SID for the new shell we *
	109	+ * plan to exec is to take our old context in `context' as a *
	110	+ * starting point, and modify it according to the options the user *
	111	+ * specified on the command line. */
5cb05c03	112	+
ad1310e6 AM	113	+ /* If the user specified a new role on the command line (if `role_s' *
	114	+ * is set), then replace the old role in `context' with this new role. */
	115	+ if( role_s ) {
	116	+ if( context_role_set(context,role_s)) {
	117	+ fprintf(stderr,"failed to set new role %s\n",role_s);
	118	+ exit(-1);
	119	+ }
5cb05c03	120	+#ifdef CANTSPELLGDB
ad1310e6	121	+ printf("Your new role is %s\n",context_role_get(context));
5cb05c03	122	+#endif
ad1310e6	123	+ } /* if user specified new role */
5cb05c03	124	+
ad1310e6 AM	125	+ /* If the user specified a new type on the command line (if `type_s' *
	126	+ * is set), then replace the old type in `context' with this new type. */
	127	+ if( type_s ) {
	128	+ if( context_type_set(context,type_s)) {
	129	+ fprintf(stderr,"failed to set new type %s\n",type_s);
	130	+ exit(-1);
	131	+ }
5cb05c03	132	+#ifdef CANTSPELLGDB
ad1310e6	133	+ printf("Your new type is %s\n",context_type_get(context));
5cb05c03	134	+#endif
ad1310e6	135	+ } /* if user specified new type */
5cb05c03	136	+
ad1310e6 AM	137	+ /* The second step in creating the new SID is to convert our modified *
ad1310e6 AM	138	+ * `context' structure back to a context string and then to a SID. */
5cb05c03	139	+
ad1310e6 AM	140	+ /* Make `context_s' point to a string version of the new `context'. */
	141	+ if( !(new_context=context_str(context))) {
	142	+ fprintf(stderr,"failed to convert new context to string\n" );
	143	+ exit(-1);
	144	+ }
5cb05c03 AM	145	+
5cb05c03 AM	146	+#ifdef CANTSPELLGDB
ad1310e6	147	+ printf("Your new context is %s\n",new_context);
5cb05c03 AM	148	+#endif
5cb05c03 AM	149	+
ad1310e6 AM	150	+ /*
	151	+ *
	152	+ * Step 4: Handle relabeling of the tty.
	153	+ *
	154	+ */
5cb05c03	155	+
ad1310e6 AM	156	+ /* Fetch TTY information */
	157	+ ttyn=ttyname(0);
	158	+ if (! ( ttyn==NULL \|\| *ttyn=='\0')) {
	159	+ if (getfilecon(ttyn,&tty_context) <0 ) {
	160	+ fprintf(stderr, "Could not retrieve tty information.\n");
	161	+ } else {
5cb05c03 AM	162	+
5cb05c03 AM	163	+#ifdef CANTSPELLGDB
ad1310e6	164	+ printf("Your tty %s was labeled with SID %d\n", ttyn, tty_context);
5cb05c03 AM	165	+#endif
5cb05c03 AM	166	+
ad1310e6 AM	167	+ new_tty_context = NULL;
	168	+ if (security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
	169	+ fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn);
	170	+ else
	171	+ {
5cb05c03 AM	172	+
5cb05c03 AM	173	+#ifdef CANTSPELLGDB
ad1310e6	174	+ printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
5cb05c03 AM	175	+#endif
5cb05c03 AM	176	+
ad1310e6 AM	177	+ /* Relabel it */
	178	+ if( setfilecon(ttyn,new_tty_context)!=0 ) {
	179	+ fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
	180	+ }
	181	+ freecon(new_tty_context);
	182	+ }
5cb05c03	183	+ }
ad1310e6	184	+ }
5cb05c03 AM	185	+ /* Fork, allowing parent to clean up after shell has executed */
	186	+ pid_t childPid=fork();
	187	+ if( childPid<0 ) {
	188	+ int errsv=errno;
	189	+
	190	+ fprintf(stderr,"sudo: failure forking: %s",strerror(errsv));
	191	+ exit(-1);
	192	+ } else if (childPid) {
	193	+ /* PARENT */
	194	+ wait(NULL);
	195	+
ad1310e6	196	+ if (tty_context!=NULL) {
5cb05c03	197	+#ifdef CANTSPELLGDB
ad1310e6	198	+ printf("Restoring tty %s back to SID %d\n", ttyn, tty_context);
5cb05c03 AM	199	+#endif
5cb05c03 AM	200	+
ad1310e6 AM	201	+ /* Cleanup TTY Context */
	202	+ setfilecon(ttyn,tty_context);
	203	+ freecon(tty_context);
	204	+ }
5cb05c03 AM	205	+
	206	+ /* Done! */
	207	exit(0);
	208	- else
	209	- EXEC(safe_cmnd, NewArgv); /* run the command */
	210	+ }
	211	+ if (setexeccon(new_context) < 0) {
	212	+ fprintf(stderr, "Could not set exec context to %s.\n", new_context);
	213	+ exit(-1);
	214	+ }
	215	+ freecon(new_context);
	216	+ /* Close and reopen descriptors 0 through 2 */
	217	+ if( close(0) \|\| close(1) \|\| close(2) )
	218	+ {
	219	+ fprintf(stderr,"Could not close descriptors.\n");
	220	+ exit(-1);
	221	+ }
	222	+ fd = open(ttyn,O_RDWR);
	223	+ if (fd != 0) {
	224	+ exit(-1);
	225	+ }
	226	+ fd = open(ttyn,O_RDWR);
	227	+ if (fd != 1) {
	228	+ exit(-1);
	229	+ }
	230	+ fd = open(ttyn,O_RDWR);
	231	+ if (fd != 2) {
	232	+ exit(-1);
	233	+ }
	234	+ }
	235	+#endif
	236	+ EXEC(safe_cmnd, NewArgv); /* run the command */
	237	#else
	238	exit(0);
	239	#endif /* PROFILING */
ad1310e6	240	@@ -693,6 +888,30 @@
5cb05c03 AM	241	NewArgv++;
	242	break;
	243	#endif
	244	+#ifdef WITH_SELINUX
	245	+ case 'r':
	246	+ /* Must have an associated SELinux role. */
	247	+ if (NewArgv[1] == NULL)
	248	+ usage(1);
	249	+
	250	+ role_s = NewArgv[1];
	251	+
	252	+ /* Shift Argv over and adjust Argc. */
	253	+ NewArgc--;
	254	+ NewArgv++;
	255	+ break;
	256	+ case 't':
	257	+ /* Must have an associated SELinux type. */
	258	+ if (NewArgv[1] == NULL)
	259	+ usage(1);
	260	+
	261	+ type_s = NewArgv[1];
	262	+
	263	+ /* Shift Argv over and adjust Argc. */
	264	+ NewArgc--;
	265	+ NewArgv++;
	266	+ break;
	267	+#endif
	268	#ifdef HAVE_LOGIN_CAP_H
	269	case 'c':
	270	/* Must have an associated login class. */
ad1310e6 AM	271	@@ -1063,6 +1282,9 @@
	272	#ifdef HAVE_BSD_AUTH_H
	273	(void) fprintf(stderr, "[-a auth_type] ");
	274	#endif
	275	+#ifdef WITH_SELINUX
	276	+ (void) fprintf(stderr, "[-r role] [-t type] ");
	277	+#endif
	278	(void) fprintf(stderr, "-s \| <command>\n");
	279	exit(exit_val);
	280	}
5cb05c03	281	--- sudo-1.6.7p5/sudo.man.in.selinux 2003-04-15 20:39:14.000000000 -0400
ad1310e6	282	+++ sudo-1.6.7p5/sudo.man.in 2004-01-02 20:18:14.000000000 -0500
5cb05c03 AM	283	@@ -174,7 +174,7 @@
	284	.IX Header "SYNOPSIS"
	285	\&\fBsudo\fR \fB\-V\fR \| \fB\-h\fR \| \fB\-l\fR \| \fB\-L\fR \| \fB\-v\fR \| \fB\-k\fR \| \fB\-K\fR \| \fB\-s\fR \|
	286	[ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] \| [ \fB\-p\fR \fIprompt\fR ]
	287	-[ \fB\-c\fR \fIclass\fR\|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ]
	288	+[ \fB\-c\fR \fIclass\fR\|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
	289	[ \fB\-u\fR \fIusername\fR\|\fI#uid\fR ] \fIcommand\fR
	290	.SH "DESCRIPTION"
	291	.IX Header "DESCRIPTION"
	292	@@ -327,6 +327,16 @@
	293	the group vector to the list of groups the target user is in.
	294	The real and effective group IDs, however, are still set to match
	295	the target user.
	296	+.IP "\-r" 4
	297	+.IX Item "-r"
	298	+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
	299	+\fIROLE\fR.
	300	+.IP "\-t" 4
	301	+.IX Item "-t"
	302	+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
	303	+specified by
	304	+\fITYPE\fR.
	305	+If no type is specified, the default type is derived from the specified role.
	306	.IP "\-S" 4
	307	.IX Item "-S"
	308	The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
	309	--- sudo-1.6.7p5/sudoers.selinux 2001-12-16 23:45:52.000000000 -0500
ad1310e6	310	+++ sudo-1.6.7p5/sudoers 2004-01-02 20:18:14.000000000 -0500
5cb05c03 AM	311	@@ -14,7 +14,8 @@
	312	# Defaults specification
	313
	314	# User privilege specification
	315	-root ALL=(ALL) ALL
	316	+#You should not use sudo as root in an SELinux environment
	317	+#root ALL=(ALL) ALL
	318
	319	# Uncomment to allow people in group wheel to run all commands
	320	# %wheel ALL=(ALL) ALL