From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 19 Oct 2012 20:53:56 +0200
Subject: [refpolicy] [PATCH 3/7] Be able to get output from fail2ban-client
In-Reply-To: <1350672840-14590-1-git-send-email-sven.vermeulen@siphos.be>
References: <1350672840-14590-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1350672840-14590-4-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

fail2ban-client is a client-side, command-line utility used by the
administrators. It needs to use the user terminal (and interactive fds, for
instance when the admin is logged on through SSH) in order to provide output to
the user.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 fail2ban.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/fail2ban.te b/fail2ban.te
index ed39236..6d6cd0e 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -134,8 +134,12 @@ kernel_read_system_state(fail2ban_client_t)
 
 corecmd_exec_bin(fail2ban_client_t)
 
+domain_use_interactive_fds(fail2ban_client_t)
+
 files_read_etc_files(fail2ban_client_t)
 files_read_usr_files(fail2ban_client_t)
 files_search_pids(fail2ban_client_t)
 
 miscfiles_read_localization(fail2ban_client_t)
+
+userdom_use_user_terminals(fail2ban_client_t)
-- 
1.7.8.6