[selinux-policy: 2542/3172] Kernel patch from Dan Walsh.

[Daniel J Walsh]

commit 0417386142191a2303cd87dd89ccc5e23ef4cd5c
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Mar 17 11:16:25 2010 -0400

    Kernel patch from Dan Walsh.

 policy/modules/kernel/kernel.if |   55 +++++++++++++++++++++++++++++++++++++++
 policy/modules/kernel/kernel.te |    2 +-
 2 files changed, 56 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index aad46d8..0352a19 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -144,6 +144,24 @@ interface(`kernel_sigchld',`
 
 ########################################
 ## <summary>
+##	Send a kill signal to kernel threads.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process sending the signal.
+##	</summary>
+## </param>
+#
+interface(`kernel_kill',`
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:process sigkill;
+')
+
+########################################
+## <summary>
 ##	Send a generic signal to kernel threads.
 ## </summary>
 ## <param name="domain">
@@ -624,6 +642,24 @@ interface(`kernel_search_debugfs',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to search the kernel debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_dontaudit_search_debugfs',`
+	gen_require(`
+		type debugfs_t;
+	')
+
+	dontaudit $1 debugfs_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Read information from the debugging filesystem.
 ## </summary>
 ## <param name="domain">
@@ -1994,6 +2030,25 @@ interface(`kernel_kill_unlabeled',`
 
 ########################################
 ## <summary>
+##	Mount a kernel unlabeled filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the domain mounting the filesystem.
+##	</summary>
+## </param>
+#
+interface(`kernel_mount_unlabeled',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:filesystem mount;
+')
+
+
+########################################
+## <summary>
 ##	Send general signals to unlabeled processes.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 400bee5..3ef6a62 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
 
-policy_module(kernel, 1.11.2)
+policy_module(kernel, 1.11.3)
 
 ########################################
 #