From: dominick.grift@gmail.com (Dominick Grift)
Date: Fri, 19 Oct 2012 21:32:41 +0200
Subject: [refpolicy] [PATCH 4/7] Ignore searches when ran from the user
 home directory
In-Reply-To: <1350672840-14590-5-git-send-email-sven.vermeulen@siphos.be>
References: <1350672840-14590-1-git-send-email-sven.vermeulen@siphos.be>
	<1350672840-14590-5-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1350675161.12496.27.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Fri, 2012-10-19 at 20:53 +0200, Sven Vermeulen wrote:
> When ran, fail2ban-client searches through the current working directory,
> although this isn't used for anything. As in most cases, commands are ran from
> within the user home directory, ignore such searches.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  fail2ban.te |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/fail2ban.te b/fail2ban.te
> index 6d6cd0e..23b92bc 100644
> --- a/fail2ban.te
> +++ b/fail2ban.te
> @@ -142,4 +142,5 @@ files_search_pids(fail2ban_client_t)
>  
>  miscfiles_read_localization(fail2ban_client_t)
>  
> +userdom_dontaudit_search_user_home_dirs(fail2ban_client_t)
>  userdom_use_user_terminals(fail2ban_client_t)

This was merged, thanks