[refpolicy] [PATCH 12/13] Adding dontaudit for sudo
Christopher J. PeBenito
cpebenito at tresys.com
Fri Apr 20 15:13:35 CDT 2012
On 03/22/12 16:13, Sven Vermeulen wrote:
>
> Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
> ---
> policy/modules/admin/sudo.if | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
> index 6e1de7a..095a505 100644
> --- a/policy/modules/admin/sudo.if
> +++ b/policy/modules/admin/sudo.if
> @@ -136,6 +136,7 @@ template(`sudo_role_template',`
> userdom_use_user_terminals($1_sudo_t)
> # for some PAM modules and for cwd
> userdom_dontaudit_search_user_home_content($1_sudo_t)
> + userdom_dontaudit_search_user_home_dirs($1_sudo_t)
>
> ifdef(`hide_broken_symptoms', `
> dontaudit $1_sudo_t $3:socket_class_set { read write };
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list