Allow sysadm execute traceroute in sysadm_t domain using sudo

When an unprivileged user in the sysadm_r role executes traceroute through sudo, it transitions into sysadm_sudo_t domain by default. With this commit, the process transitions back to sysadm_t. Resolves: RHEL-9947
zpytela · Dec 12, 2023 · f9fb075 · f9fb075
1 parent 31c1f0d
commit f9fb075
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
@@ -102,6 +102,7 @@ template(`sudo_role_template',`
 
 	optional_policy(`
 		netutils_domtrans($1_sudo_t)
+		netutils_run_traceroute($1_sudo_t, $2)
 	')
 
 	optional_policy(`