Allow sysadm execute tcpdump in sysadm_t domain using sudo

When an unprivileged user in the sysadm_r role executes tcpdump through sudo, it transitions into sysadm_sudo_t domain by default. With this commit, the process transitions back to sysadm_t. Resolves: RHEL-15398
zpytela · Dec 12, 2023 · 31c1f0d · 31c1f0d
1 parent f442292
commit 31c1f0d
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
@@ -100,6 +100,10 @@ template(`sudo_role_template',`
 		kerberos_read_config($1_sudo_t)
 	')
 
+	optional_policy(`
+		netutils_domtrans($1_sudo_t)
+	')
+
 	optional_policy(`
 		systemd_domtrans_systemctl($1_sudo_t, $3)
 		systemd_systemctl_entrypoint($3)