From mboxrd@z Thu Jan  1 00:00:00 1970
From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 22 Mar 2012 21:13:34 +0100
Subject: [refpolicy] [PATCH 12/13] Adding dontaudit for sudo
In-Reply-To: <20120322200229.GA3387@siphos.be>
References: <20120322200229.GA3387@siphos.be>
Message-ID: <20120322201334.GM3387@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/admin/sudo.if |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 6e1de7a..095a505 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -136,6 +136,7 @@ template(`sudo_role_template',`
 	userdom_use_user_terminals($1_sudo_t)
 	# for some PAM modules and for cwd
 	userdom_dontaudit_search_user_home_content($1_sudo_t)
+	userdom_dontaudit_search_user_home_dirs($1_sudo_t)
 
 	ifdef(`hide_broken_symptoms', `
 		dontaudit $1_sudo_t $3:socket_class_set { read write };
-- 
1.7.3.4