From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 20 Apr 2012 16:13:35 -0400
Subject: [refpolicy] [PATCH 12/13] Adding dontaudit for sudo
In-Reply-To: <20120322201334.GM3387@siphos.be>
References: <20120322200229.GA3387@siphos.be> <20120322201334.GM3387@siphos.be>
Message-ID: <4F91C36F.7090306@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/22/12 16:13, Sven Vermeulen wrote:
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/admin/sudo.if |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
> index 6e1de7a..095a505 100644
> --- a/policy/modules/admin/sudo.if
> +++ b/policy/modules/admin/sudo.if
> @@ -136,6 +136,7 @@ template(`sudo_role_template',`
>  	userdom_use_user_terminals($1_sudo_t)
>  	# for some PAM modules and for cwd
>  	userdom_dontaudit_search_user_home_content($1_sudo_t)
> +	userdom_dontaudit_search_user_home_dirs($1_sudo_t)
>  
>  	ifdef(`hide_broken_symptoms', `
>  		dontaudit $1_sudo_t $3:socket_class_set { read write };

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com