Use a flag bit in struct command_details for selinux instead of a separate

field.

diff --git a/src/exec.c b/src/exec.c
index 2c0115f9b7d7c4afedb666538f0f5de9eed79895..25af3440b3f9e98fcb7e173225ea82f651fdc849 100644 (file)
--- a/src/exec.c
+++ b/src/exec.c
@@ -114,7 +114,7 @@ static int fork_cmnd(struct command_details *details, char *argv[],
            if (details->closefrom >= 0)
                closefrom(details->closefrom);
 #ifdef HAVE_SELINUX
-           if (details->selinux_enabled)
+           if (ISSET(details->flags, CD_RBAC_ENABLED))
                selinux_execve(details->command, argv, envp);
            else
 #endif
@@ -328,7 +328,7 @@ sudo_execve(struct command_details *details, char *argv[], char *envp[],
    }
 
 #ifdef HAVE_SELINUX
-    if (details->selinux_enabled) {
+    if (ISSET(details->flags, CD_RBAC_ENABLED)) {
        /* This is probably not needed in log_io mode. */
        if (selinux_restore_tty() != 0)
            warningx("unable to restore tty label");

diff --git a/src/exec_pty.c b/src/exec_pty.c
index 2cfe78d98c17a92745b2612b568dd19cd8f60364..a1e72478b3d1c9d8f4d106d60b29171bcf96e0f1 100644 (file)
--- a/src/exec_pty.c
+++ b/src/exec_pty.c
@@ -1116,7 +1116,7 @@ exec_pty(struct command_details *details, char *argv[], char *envp[])
     if (details->closefrom >= 0)
        closefrom(details->closefrom);
 #ifdef HAVE_SELINUX
-    if (details->selinux_enabled)
+    if (ISSET(details->flags, CD_RBAC_ENABLED))
        selinux_execve(details->command, argv, envp);
     else
 #endif

diff --git a/src/sudo.c b/src/sudo.c
index a6d4e80483c34a0434ae6c3f1e1b3bc8a32401f0..727693622bed90dbd4e69cd510b79c4324d0ec32 100644 (file)
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -594,7 +594,7 @@ command_info_to_details(char * const info[], struct command_details *details)
 
 #ifdef HAVE_SELINUX
     if (details->selinux_role != NULL && is_selinux_enabled() > 0)
-       details->selinux_enabled = TRUE;
+       SET(details->flags, CD_RBAC_ENABLED);
 #endif
 }
 
@@ -655,7 +655,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
     }
 
 #ifdef HAVE_SELINUX
-    if (details->selinux_enabled) {
+    if (ISSET(details->flags, CD_RBAC_ENABLED)) {
        if (selinux_setup(details->selinux_role, details->selinux_type,
            ptyname ? ptyname : user_details.tty, ptyfd) == -1)
            goto done;

diff --git a/src/sudo.h b/src/sudo.h
index 31347627c74e59df7cb6ad7f1fa15b704669ef94..33f119e586c2db5e86157ea750ba748015d735ba 100644 (file)
--- a/src/sudo.h
+++ b/src/sudo.h
@@ -117,6 +117,7 @@ struct user_details {
 #define CD_SET_TIMEOUT         0x0100
 #define CD_SUDOEDIT            0x0200
 #define CD_BACKGROUND          0x0400
+#define CD_RBAC_ENABLED                0x0800
 
 struct command_details {
     uid_t uid;
@@ -128,8 +129,7 @@ struct command_details {
     int timeout;
     int ngroups;
     int closefrom;
-    short flags;
-    short selinux_enabled;
+    int flags;
     GETGROUPS_T *groups;
     const char *command;
     const char *cwd;