From Debian package 0.2.20091117-3 and 0.2.20100524-1

0.2.20091117-3:
  * Allow mount_t to set the scheduling for kernel threads.
0.2.20100524-1:
  * Allow mount_t to read sysfs_t.
  * Allow mount_t and setfiles_t to read/write device_t chr_file.

Allowing mount_t to read/write device_t chr_file was superseded by a dontaudit
in upstream 2fc79f1e (2010-08-18)

Index: policy/modules/system/mount.te
===================================================================
--- policy/modules/system/mount.te.orig
+++ policy/modules/system/mount.te
@@ -26,6 +26,8 @@
 type mount_var_run_t;
 files_pid_file(mount_var_run_t)
 
+dev_read_sysfs(mount_t)
+
 # causes problems with interfaces when
 # this is optionally declared in monolithic
 # policy--duplicate type declaration
@@ -38,6 +40,8 @@
 # mount local policy
 #
 
+kernel_setsched(mount_t)
+
 # setuid/setgid needed to mount cifs 
 allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
 
Index: policy/modules/system/selinuxutil.te
===================================================================
--- policy/modules/system/selinuxutil.te.orig
+++ policy/modules/system/selinuxutil.te
@@ -109,6 +109,7 @@
 domain_obj_id_change_exemption(setfiles_t)
 term_read_console(setfiles_t)
 dev_read_urand(setfiles_t)
+dev_rw_generic_chr_files(setfiles_t)
 
 ########################################
 #