• 1
Looks like a bug in sudo, this does not work in permissive mode, if I remove the changing of the context it works.

The problem is sudo is changing the real and effective user id before it tries to set the terminal context, so it basically drops privs before running the SELinux code. And the user is not allowed to modify the attributes of the terminal.

  • 1
?

Log in