/*
- * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2008 Dan Walsh <dwalsh@redhat.com>
*
* Borrowed heavily from newrole source code
/* Kernel may not have audit support. */
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT
)
- error(1, _("unable to open audit system"));
+ fatal(_("unable to open audit system"));
} else {
/* audit role change using the same format as newrole(1) */
easprintf(&message, "newrole: old-context=%s new-context=%s",
int noexec)
{
char **nargv;
+ const char *sesh;
int argc, serrno;
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
+ sesh = sudo_conf_sesh_path();
+ if (sesh == NULL) {
+ warningx("internal error: sesh path not set");
+ errno = EINVAL;
+ debug_return;
+ }
+
if (setexeccon(se_state.new_context)) {
warning(_("unable to set exec context to %s"), se_state.new_context);
if (se_state.enforcing)
memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */
/* sesh will handle noexec for us. */
- sudo_execve(_PATH_SUDO_SESH, nargv, envp, 0);
+ sudo_execve(sesh, nargv, envp, 0);
serrno = errno;
free(nargv);
errno = serrno;