Written by: Martin Orr

Allow mount to use /var/run/mount directory (for utab for libmount)

Index: policy/modules/system/mount.fc
===================================================================
--- policy/modules/system/mount.fc.orig
+++ policy/modules/system/mount.fc
@@ -2,3 +2,5 @@
 /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 
 /usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
+
+/var/run/mount(/.*)			gen_context(system_u:object_r:mount_var_run_t,s0)
Index: policy/modules/system/mount.te
===================================================================
--- policy/modules/system/mount.te.orig
+++ policy/modules/system/mount.te
@@ -23,6 +23,9 @@
 type mount_tmp_t;
 files_tmp_file(mount_tmp_t)
 
+type mount_var_run_t;
+files_pid_file(mount_var_run_t)
+
 # causes problems with interfaces when
 # this is optionally declared in monolithic
 # policy--duplicate type declaration
@@ -46,6 +49,10 @@
 
 files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
 
+manage_dirs_pattern(mount_t, mount_var_run_t, mount_var_run_t)
+manage_files_pattern(mount_t, mount_var_run_t, mount_var_run_t)
+files_pid_filetrans(mount_t, mount_var_run_t, { file dir })
+
 kernel_read_system_state(mount_t)
 kernel_read_kernel_sysctls(mount_t)
 kernel_dontaudit_getattr_core_if(mount_t)