From: dominick.grift@gmail.com (Dominick Grift) Date: Fri, 19 Oct 2012 21:33:00 +0200 Subject: [refpolicy] [PATCH 3/7] Be able to get output from fail2ban-client In-Reply-To: <1350672840-14590-4-git-send-email-sven.vermeulen@siphos.be> References: <1350672840-14590-1-git-send-email-sven.vermeulen@siphos.be> <1350672840-14590-4-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1350675180.12496.28.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2012-10-19 at 20:53 +0200, Sven Vermeulen wrote: > fail2ban-client is a client-side, command-line utility used by the > administrators. It needs to use the user terminal (and interactive fds, for > instance when the admin is logged on through SSH) in order to provide output to > the user. > > Signed-off-by: Sven Vermeulen > --- > fail2ban.te | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/fail2ban.te b/fail2ban.te > index ed39236..6d6cd0e 100644 > --- a/fail2ban.te > +++ b/fail2ban.te > @@ -134,8 +134,12 @@ kernel_read_system_state(fail2ban_client_t) > > corecmd_exec_bin(fail2ban_client_t) > > +domain_use_interactive_fds(fail2ban_client_t) > + > files_read_etc_files(fail2ban_client_t) > files_read_usr_files(fail2ban_client_t) > files_search_pids(fail2ban_client_t) > > miscfiles_read_localization(fail2ban_client_t) > + > +userdom_use_user_terminals(fail2ban_client_t) This was merged, thanks