我的用户 (tom) 通过 semanage 映射到 user_u 用户、 user_r 角色和 user_t 域
[tom@localhost ~]$ id -Z
user_u:user_r:user_t:s0
[tom@localhost ~]$
因为我已将“默认”设置为“user_u”
[tom@localhos ~]$ sudo semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ user_u s0 *
root unconfined_u s0-s0:c0.c1023 *
system_u system_u s0-s0:c0.c1023 *
[tom@localhos ~]$
但它仍然可以执行 sudo
[tom@localhost ~]$ sudo -l
Matching Defaults entries for tom on localhost:
User tom may run the following commands on localhost:
(ALL) NOPASSWD: ALL
[tom@localhost ~]$
看来,这是因为 sudoers 中的“%<user tom's group> ALL = (ALL) NOPASSWD:ALL”
[tom@localhost ~]$ sudo cat /etc/sudoers
root ALL = (ALL) NOPASSWD:ALL
%<user tom's group> ALL = (ALL) NOPASSWD:ALL
admin ALL = (ALL) NOPASSWD:ALL
[tom@localhost ~]$
请帮我解决我的问题