[selinux-policy: 1666/3172] Add support for libselinux 2.0.5 init_selinuxmnt() changes.

[Daniel J Walsh]

commit 86d754eed685c11aa7ddc9c1731ecdedb36fa739
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Feb 27 17:02:35 2007 +0000

    Add support for libselinux 2.0.5 init_selinuxmnt() changes.

 Changelog                        |    1 +
 policy/modules/kernel/selinux.if |    9 +++++++++
 policy/modules/kernel/selinux.te |    2 +-
 3 files changed, 11 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index 256b41e..5d40a43 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
 - Patch for misc fixes to bluetooth from Dan Walsh.
 - Patch for misc fixes to kerberos from Dan Walsh.
 - Patch to start deprecating usercanread attribute from Ryan Bradetich.
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index 8ee0795..a7d7e7e 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -16,6 +16,15 @@
 ## </param>
 #
 interface(`selinux_get_fs_mount',`
+	gen_require(`
+		type security_t;
+	')
+
+	# starting in libselinux 2.0.5, init_selinuxmnt() will
+	# attempt to short circuit by checking if SELINUXMNT
+	# (/selinux) is already a selinuxfs
+	allow $1 security_t:filesystem getattr;
+
 	# read /proc/filesystems to see if selinuxfs is supported
 	# then read /proc/self/mount to see where selinuxfs is mounted
 	kernel_read_system_state($1)
diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te
index af39331..5f24a25 100644
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@@ -1,5 +1,5 @@
 
-policy_module(selinux,1.2.0)
+policy_module(selinux,1.2.1)
 
 ########################################
 #