Written by: Martin Orr

Allow mount to write to all mount points.
As of 2.18, mount tests all mounts to check if they are read-only, to
ensure that mtab is correct.

Index: policy/modules/kernel/files.if
===================================================================
--- policy/modules/kernel/files.if.orig
+++ policy/modules/kernel/files.if
@@ -1482,6 +1482,24 @@
 
 ########################################
 ## <summary>
+##	Write all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_write_all_mountpoints',`
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	allow $1 mountpoint:dir write;
+')
+
+########################################
+## <summary>
 ##	List the contents of the root directory.
 ## </summary>
 ## <param name="domain">
Index: policy/modules/system/mount.te
===================================================================
--- policy/modules/system/mount.te.orig
+++ policy/modules/system/mount.te
@@ -75,6 +75,7 @@
 files_manage_etc_runtime_files(mount_t)
 files_etc_filetrans_etc_runtime(mount_t, file)
 files_mounton_all_mountpoints(mount_t)
+files_write_all_mountpoints(mount_t)
 files_unmount_rootfs(mount_t)
 # These rules need to be generalized.  Only admin, initrc should have it:
 files_relabelto_all_file_type_fs(mount_t)