sudo -i chdir fails sometimes with SELinux enforcing

sudo-project / sudo

Utility to execute a command as another user

https://www.sudo.ws

Other

1.19k stars 221 forks source link

sudo -i chdir fails sometimes with SELinux enforcing #160

Closed neutronscott closed 2 years ago

neutronscott commented 2 years ago

[user@server ~]$ sudo -r unconfined_r -t unconfined_t -i -u oracle bash
sudo: unable to change directory to /home/oracle: Permission denied
sudo: unable to execute /bin/bash: Permission denied
[user@server ~]$ sudo -r unconfined_r -t unconfined_t -s -u oracle bash
[oracle@server user ]$ cd
[oracle@server ~ ]$ pwd
/home/oracle
[oracle@server ~ ]$

This is because /home/oracle is a different context than original user can access. SELinux role isn't set until later.

millert commented 2 years ago

The chdir needs to be deferred until sesh is run for the SELinux case.

millert commented 2 years ago

This should be fixed by cf25035