From Debian package 0.2.20100524-8
0058-Dontaudit-bind_t-write-attempts-to-for-lwresd-callin.patch

  * Dontaudit bind_t write attempts to / for lwresd calling access(".", W_OK)

Index: policy/modules/contrib/bind.te
===================================================================
--- policy/modules/contrib/bind.te.orig
+++ policy/modules/contrib/bind.te
@@ -69,6 +69,9 @@
 allow named_t self:tcp_socket create_stream_socket_perms;
 allow named_t self:udp_socket create_socket_perms;
 
+# because lwresd calls access(".", W_OK)
+files_dontaudit_rw_root_dir(named_t)
+
 allow named_t dnssec_t:file read_file_perms;
 
 # read configuration