cvtsudoers outputs invalid JSON (selinux) #373
Description
Using the following sudoers file in /etc/sudoers.d/test6:
+usernetgroup,!fabrice +hostnetgroup,!localhost = ( operator1,!operator2,%wheel:operator3,!operator4,root ) \
ROLE=selinuxRole1 TYPE=selinuxType1 \
NOTBEFORE=2017021408Z NOTAFTER=2017021409Z \
TIMEOUT=30s CWD=/root/cwd CHROOT=/root/chroot \
EXEC: FOLLOW: LOG_INPUT: \
/bin/test102,/usr/bin/test102
Using the command:
cvtsudoers --defaults=all --output-format=JSON --input-format=SUDOERS --output=- /etc/sudoers.d/test6We get the following invalid JSON output:
{
"User_Specs": [
{
"User_List": [
{ "netgroup": "usernetgroup" },
{
"username": "fabrice",
"negated": true
}
],
"Host_List": [
{ "netgroup": "hostnetgroup" },
{
"hostname": "localhost",
"negated": true
}
],
"Cmnd_Specs": [
{
"runasusers": [
{ "username": "operator1" },
{
"username": "operator2",
"negated": true
},
{ "usergroup": "wheel" }
],
"runasgroups": [
{ "usergroup": "operator3" },
{
"usergroup": "operator4",
"negated": true
},
{ "usergroup": "root" }
],
"Options": [
{ "runchroot": "/root/chroot" },
{ "runcwd": "/root/cwd" },
{ "command_timeout": 30 },
{ "notbefore": "20170214080000Z" },
{ "notafter": "20170214090000Z" },
{ "noexec": false },
{ "sudoedit_follow": true },
{ "log_input": true }
],
"SELinux_Spec": [
"role": "selinuxRole1",
"type": "selinuxType1"
],
"Commands": [
{ "command": "/bin/test102" },
{ "command": "/usr/bin/test102" }
]
}
]
}
]
}The SELinux_Spec options should be added as object, similarly to the options above it.