X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=src%2Fselinux.c;h=30d6949ab47e5f5588d236405460f28ef0308884;hb=e8db7f6eea9b35527ddd4532affabd18a30549b5;hp=80505725981541f6b0750c9905d59cdcd0158996;hpb=98b9fd63cd28a3636a7cd24641b8f497eaadcd50;p=debian%2Fsudo

diff --git a/src/selinux.c b/src/selinux.c
index 8050572..30d6949 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  * Copyright (c) 2008 Dan Walsh <dwalsh@redhat.com>
  *
  * Borrowed heavily from newrole source code
@@ -74,7 +74,7 @@ audit_role_change(const security_context_t old_context,
         /* Kernel may not have audit support. */
         if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT
 )
-            error(1, _("unable to open audit system"));
+            fatal(_("unable to open audit system"));
     } else {
 	/* audit role change using the same format as newrole(1) */
 	easprintf(&message, "newrole: old-context=%s new-context=%s",
@@ -366,9 +366,17 @@ selinux_execve(const char *path, char *const argv[], char *const envp[],
     int noexec)
 {
     char **nargv;
+    const char *sesh;
     int argc, serrno;
     debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
 
+    sesh = sudo_conf_sesh_path();
+    if (sesh == NULL) {
+	warningx("internal error: sesh path not set");
+	errno = EINVAL;
+	debug_return;
+    }
+
     if (setexeccon(se_state.new_context)) {
 	warning(_("unable to set exec context to %s"), se_state.new_context);
 	if (se_state.enforcing)
@@ -399,7 +407,7 @@ selinux_execve(const char *path, char *const argv[], char *const envp[],
     memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */
 
     /* sesh will handle noexec for us. */
-    sudo_execve(_PATH_SUDO_SESH, nargv, envp, 0);
+    sudo_execve(sesh, nargv, envp, 0);
     serrno = errno;
     free(nargv);
     errno = serrno;