From ad1411929704a7e9da14592542f173f0527b75d6 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 13 Dec 2011 14:39:56 -0500
Subject: [PATCH] Dont audit writes to leaked file descriptors or redirected
 output for nacl

---
 policy/modules/apps/chrome.te |  5 +++++
 policy/modules/apps/gnome.if  | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
index 4a71739d..aff461c9 100644
--- a/policy/modules/apps/chrome.te
+++ b/policy/modules/apps/chrome.te
@@ -177,3 +177,8 @@ userdom_use_inherited_user_ptys(chrome_sandbox_nacl_t)
 userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t)
 userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t)
 userdom_read_inherited_user_tmp_files(chrome_sandbox_nacl_t)
+
+optional_policy(`
+	gnome_dontaudit_write_config_files(chrome_sandbox_nacl_t)
+')
+
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index c57fc1e3..45580b57 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -228,6 +228,24 @@ interface(`gnome_dontaudit_search_config',`
 	dontaudit $1 gnome_home_type:dir search_dir_perms;
 ')
 
+########################################
+## <summary>
+##	Dontaudit write gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`gnome_dontaudit_write_config_files',`
+	gen_require(`
+		attribute gnome_home_type;
+	')
+
+	dontaudit $1 gnome_home_type:file write;
+')
+
 ########################################
 ## <summary>
 ##	manage gnome homedir content (.config)
-- 
2.47.3