[selinux-policy: 2914/3172] - Allow all domains that can use cgroups to search tmpfs_t directory - Allow init to send audit mess

[Daniel J Walsh]

commit d7f2020c46cac5dd9814f831d72d3d82a1a47d0e
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Tue Sep 14 15:18:34 2010 -0400

    - Allow all domains that can use cgroups to search tmpfs_t directory
    - Allow init to send audit messages

 policy/modules/kernel/filesystem.if |    8 ++++++++
 policy/modules/system/init.te       |    1 +
 2 files changed, 9 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 8d6d333..4eecefb 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -646,6 +646,7 @@ interface(`fs_search_cgroup_dirs',`
 	')
 
 	search_dirs_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
@@ -665,6 +666,7 @@ interface(`fs_list_cgroup_dirs', `
 	')
 
 	list_dirs_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
@@ -684,6 +686,7 @@ interface(`fs_delete_cgroup_dirs', `
 	')
 
 	delete_dirs_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
@@ -704,6 +707,7 @@ interface(`fs_manage_cgroup_dirs',`
 	')
 
 	manage_dirs_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
@@ -724,6 +728,7 @@ interface(`fs_read_cgroup_files',`
 	')
 
 	read_files_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
@@ -743,6 +748,7 @@ interface(`fs_write_cgroup_files', `
 	')
 
 	write_files_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
@@ -763,6 +769,7 @@ interface(`fs_rw_cgroup_files',`
 	')
 
 	rw_files_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
@@ -803,6 +810,7 @@ interface(`fs_manage_cgroup_files',`
 	')
 
 	manage_files_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
 
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index e0dc975..1b6733f 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -191,6 +191,7 @@ init_domtrans_script(init_t)
 libs_rw_ld_so_cache(init_t)
 
 logging_send_syslog_msg(init_t)
+logging_send_audit_msgs(init_t)
 logging_rw_generic_logs(init_t)
 
 seutil_read_config(init_t)