Add ssh_dontaudit_search_home_dir

diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 126255fa8444a818c8306f373b56854fc075c718..d6a4b773edb1da0fc3a960533fef1c6fe98c4fcc 100644 (file)
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -713,6 +713,24 @@ interface(`ssh_getattr_user_home_dir',`
        allow $1 ssh_home_t:dir getattr;
 ')
 
+########################################
+## <summary>
+##     Dontaudit search ssh home directory
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`ssh_dontaudit_search_user_home_dir',`
+       gen_require(`
+               type ssh_home_t;
+       ')
+
+       dontaudit $1 ssh_home_t:dir search_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##     Read ssh home directory content