diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-04-29 13:09:03 -0600 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-04-29 13:09:03 -0600 |
commit | bb5a0efdf3b9d17d5a57d22682bd0ae9bcdc7fea (patch) | |
tree | f6994b4ac6c8d854e93b3a8cf829a39dd07ed6dc /src/selinux.c | |
parent | a1e0a744086682d0b19a76ecc43908134ba5c1e9 (diff) | |
download | sudo-bb5a0efdf3b9d17d5a57d22682bd0ae9bcdc7fea.tar.gz |
Enable intercept and log_subcmds for SELinux using ptrace and seccomp.
Diffstat (limited to 'src/selinux.c')
-rw-r--r-- | src/selinux.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/selinux.c b/src/selinux.c index 8cce2eb33..2326326ef 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -440,7 +440,7 @@ selinux_setexeccon(void) void selinux_execve(int fd, const char *path, char *const argv[], char *envp[], - bool noexec) + int flags) { char **nargv; const char *sesh; @@ -474,10 +474,12 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return; } - if (noexec) + if (ISSET(flags, CD_NOEXEC)) { nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec"; - else + CLR(flags, CD_NOEXEC); + } else { nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh"; + } nargc = 1; if (fd != -1 && asprintf(&nargv[nargc++], "--execfd=%d", fd) == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -487,7 +489,7 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], memcpy(&nargv[nargc], &argv[1], argc * sizeof(char *)); /* copies NULL */ /* sesh will handle noexec for us. */ - sudo_execve(-1, sesh, nargv, envp, -1, 0); + sudo_execve(-1, sesh, nargv, envp, -1, flags); serrno = errno; free(nargv); errno = serrno; |