From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 19 Oct 2012 20:53:57 +0200
Subject: [refpolicy] [PATCH 4/7] Ignore searches when ran from the user home
	directory
In-Reply-To: <1350672840-14590-1-git-send-email-sven.vermeulen@siphos.be>
References: <1350672840-14590-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1350672840-14590-5-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When ran, fail2ban-client searches through the current working directory,
although this isn't used for anything. As in most cases, commands are ran from
within the user home directory, ignore such searches.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 fail2ban.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/fail2ban.te b/fail2ban.te
index 6d6cd0e..23b92bc 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -142,4 +142,5 @@ files_search_pids(fail2ban_client_t)
 
 miscfiles_read_localization(fail2ban_client_t)
 
+userdom_dontaudit_search_user_home_dirs(fail2ban_client_t)
 userdom_use_user_terminals(fail2ban_client_t)
-- 
1.7.8.6