trunk: filesystem patch from dan.

policy/modules/kernel/filesystem.if

@@ -2139,6 +2139,24 @@ interface(`fs_rw_nfsd_fs',`
 	rw_files_pattern($1,nfsd_fs_t,nfsd_fs_t)
 ')
 
+########################################
+## <summary>
+##	Allow the type to associate to ramfs filesystems.
+## </summary>
+## <param name="type">
+##	<summary>
+##	The type of the object to be associated.
+##	</summary>
+## </param>
+#
+interface(`fs_associate_ramfs',`
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:filesystem associate;
+')
+
 ########################################
 ## <summary>
 ##	Mount a RAM filesystem.

policy/modules/kernel/filesystem.te

@@ -1,5 +1,5 @@
 
-policy_module(filesystem,1.8.0)
+policy_module(filesystem,1.8.1)
 
 ########################################
 #
@@ -77,12 +77,6 @@ fs_type(eventpollfs_t)
 # change to task SID 20060628
 #genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
 
-type fusefs_t;
-fs_noxattr_type(fusefs_t)
-allow fusefs_t self:filesystem associate;
-genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0)
-genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0)
-
 type futexfs_t;
 fs_type(futexfs_t)
 genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
@@ -191,6 +185,13 @@ genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
 genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
 genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
 
+type fusefs_t;
+fs_noxattr_type(fusefs_t)
+allow fusefs_t self:filesystem associate;
+allow fusefs_t fs_t:filesystem associate;
+genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0)
+genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0)
+
 #
 # iso9660_t is the type for CD filesystems
 # and their files.