From: domg472@gmail.com (Dominick Grift) Date: Fri, 8 Oct 2010 15:21:53 +0200 Subject: [refpolicy] [ patch 31/44] su: do not audit attempts to search /root. In-Reply-To: <4CAF13D5.4090908@tresys.com> References: <1286216636-28449-1-git-send-email-domg472@gmail.com> <1286216636-28449-33-git-send-email-domg472@gmail.com> <4CAF13D5.4090908@tresys.com> Message-ID: <20101008132152.GA6366@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, Oct 08, 2010 at 08:51:33AM -0400, Christopher J. PeBenito wrote: > On 10/04/10 14:23, Dominick Grift wrote: > > > >Signed-off-by: Dominick Grift > > Merged. Please undo this patch and ignore any do not audit attempts to search /root patches. > > >:100644 100644 a0aa8c5... 9337ed7... M policy/modules/admin/su.if > > policy/modules/admin/su.if | 1 + > > 1 files changed, 1 insertions(+), 0 deletions(-) > > > >diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if > >index a0aa8c5..9337ed7 100644 > >--- a/policy/modules/admin/su.if > >+++ b/policy/modules/admin/su.if > >@@ -223,6 +223,7 @@ template(`su_role_template',` > > files_read_etc_runtime_files($1_su_t) > > files_search_var_lib($1_su_t) > > files_dontaudit_getattr_tmp_dirs($1_su_t) > >+ files_dontaudit_list_default($1_su_t) > > > > init_dontaudit_use_fds($1_su_t) > > # Write to utmp. > > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101008/e94f2dcb/attachment.bin