[apparmor] [opensuse-factory] Features making it into 12.1 for blog
Claudio Freire
klaussfreire at gmail.com
Tue Sep 27 01:14:37 UTC 2011
On Tue, Sep 27, 2011 at 1:38 AM, Christian Boltz <opensuse at cboltz.de> wrote:
> The interesting part is that it works with sudo on Ubuntu out of the
> box. They seem to use a less strict configuration that doesn't remove
> most of the environment variables - for example, $HOME isn't changed to
> /root on Ubuntu, and $DISPLAY isn't removed - see "sudo env" results
> from Ubuntu on http://paste.opensuse.org/70652816.
> This is probably a compile-time config option because using a known-
> working /etc/sudoers from Ubuntu didn't make it work on my openSUSE 11.4
> system.
Actually, for the X issue, it's how openSUSE handles X authorization.
Debian uses a less strict method that works without some extra
environment variables that have to be added to the list of variables
to preserve.
sudo can be "fixed" in openSUSE, by adding the required variables to that list.
Although there are warnings about potential security issues when doing
so. I bet that's why openSUSE comes with those variables removed.
More information about the AppArmor
mailing list