[DSE-Dev] Bug#875676: also needs other access

[Russell Coker]

fs_unmount_xattr_fs(bootloader_t)
       allow bootloader_t bootloader_tmp_t:dir mounton;
       files_search_mnt(bootloader_t)
       fs_mount_fusefs(bootloader_t)
       fs_mounton_fusefs(bootloader_t)
       fs_read_fusefs_symlinks(bootloader_t)
       fs_read_fusefs_files(bootloader_t)
       fs_stat_fusefs(bootloader_t)
       fs_unmount_fusefs(bootloader_t)
       fstools_manage_runfile(bootloader_t)
       mount_rw_runfiles(bootloader_t)
       dpkg_rw_pipes(bootloader_t)
       storage_rw_fuse(bootloader_t)
       udev_read_pid_files(bootloader_t)
       raid_manage_mdadm_pid(bootloader_t)

bootloader_t needs the above access to make initramfs images, to talk to 
dpkg_t, and to correctly recognise software RAID installations.  It also needs 
to send sigchild to dpkg_t for when it's run from a kernel image postinst.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/