From d0b7562f02f7211a9e3d3982455c3a0b88a57e64 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Sep 16 2010 10:18:31 +0000
Subject: Do not audit interface should not provide permission to read parent directories.


Signed-off-by: Dominick Grift <domg472@gmail.com>

---

diff --git a/policy/modules/services/sssd.if b/policy/modules/services/sssd.if
index 941380a..8208308 100644
--- a/policy/modules/services/sssd.if
+++ b/policy/modules/services/sssd.if
@@ -128,7 +128,6 @@ interface(`sssd_dontaudit_search_lib',`
 	')
 
 	dontaudit $1 sssd_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
 ')
 
 ########################################