Closed es-fabricemarie closed 2 months ago
In this case I think it would make more sense to just include the SELinux role and type in the options array directly. This is what is done for the LDIF and CSV conversions.
That would look like this:
{
"User_Specs": [
{
"User_List": [
{ "netgroup": "usernetgroup" },
{
"username": "fabrice",
"negated": true
}
],
"Host_List": [
{ "netgroup": "hostnetgroup" },
{
"hostname": "localhost",
"negated": true
}
],
"Cmnd_Specs": [
{
"runasusers": [
{ "username": "operator1" },
{
"username": "operator2",
"negated": true
},
{ "usergroup": "wheel" }
],
"runasgroups": [
{ "usergroup": "operator3" },
{
"usergroup": "operator4",
"negated": true
},
{ "usergroup": "root" }
],
"Options": [
{ "runchroot": "/root/chroot" },
{ "runcwd": "/root/cwd" },
{ "command_timeout": 30 },
{ "notbefore": "20170214080000Z" },
{ "notafter": "20170214090000Z" },
{ "noexec": false },
{ "sudoedit_follow": true },
{ "log_input": true },
{ "role": "selinuxRole1" },
{ "type": "selinuxType1" }
],
"Commands": [
{ "command": "/bin/test102" },
{ "command": "/usr/bin/test102" }
]
}
]
}
]
}
In this case I think it would make more sense to just include the SELinux role and type in the options array directly.
@millert agreed. Definitely makes more sense.
Fixed by 7c2204d
Using the following sudoers file in
/etc/sudoers.d/test6
:Using the command:
We get the following invalid JSON output:
The
SELinux_Spec
options should be added as object, similarly to the options above it.