Allow certmaster to read usr_t files. All python apps are going to need this.

clvmd creates tmpfs files that corosync needs to communicate with
Allow dbus system services to search the cgroup_t directory

policy/modules/services/certmaster.te

@@ -60,6 +60,7 @@ corenet_tcp_bind_generic_node(certmaster_t)
 corenet_tcp_bind_certmaster_port(certmaster_t)
 
 files_search_etc(certmaster_t)
+files_read_usr_files(certmaster_t)
 files_list_var(certmaster_t)
 files_search_var_lib(certmaster_t)
 

policy/modules/services/corosync.te

@@ -110,6 +110,10 @@ optional_policy(`
 	cmirrord_rw_shm(corosync_t)
 ')
 
+optional_policy(`
+	lvm_rw_clvmd_tmpfs_files(corosync_t)
+')
+
 optional_policy(`
 	# to communication with RHCS
 	rhcs_rw_cluster_shm(corosync_t)

policy/modules/services/dbus.if

@@ -442,6 +442,8 @@ interface(`dbus_system_domain',`
 
 	domtrans_pattern(system_dbusd_t, $2, $1)
 
+	fs_search_cgroup_dirs($1)
+
 	dbus_system_bus_client($1)
 	dbus_connect_system_bus($1)
 

policy/modules/services/rlogin.te

@@ -70,6 +70,7 @@ fs_search_auto_mountpoints(rlogind_t)
 auth_domtrans_chk_passwd(rlogind_t)
 auth_rw_login_records(rlogind_t)
 auth_use_nsswitch(rlogind_t)
+auth_login_pgm_domain(rlogind_t)
 
 files_read_etc_files(rlogind_t)
 files_read_etc_runtime_files(rlogind_t)

policy/modules/system/lvm.if

@@ -123,3 +123,21 @@ interface(`lvm_domtrans_clvmd',`
 	corecmd_search_bin($1)
 	domtrans_pattern($1, clvmd_exec_t, clvmd_t)
 ')
+
+########################################
+## <summary>
+##	Read and write to lvm temporary file system.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`lvm_rw_clvmd_tmpfs_files',`
+	gen_require(`
+		type clvmd_tmpfs_t;
+	')
+
+	allow $1 clvmd_tmpfs_t:file rw_file_perms;
+')

policy/modules/system/lvm.te

@@ -12,6 +12,9 @@ init_daemon_domain(clvmd_t, clvmd_exec_t)
 type clvmd_initrc_exec_t;
 init_script_file(clvmd_initrc_exec_t)
 
+type clmvd_tmpfs_t;
+files_tmpfs_file(clmvd_tmpfs_t)
+
 type clvmd_var_run_t;
 files_pid_file(clvmd_var_run_t)
 
@@ -56,6 +59,10 @@ allow clvmd_t self:unix_stream_socket { connectto create_stream_socket_perms };
 allow clvmd_t self:tcp_socket create_stream_socket_perms;
 allow clvmd_t self:udp_socket create_socket_perms;
 
+manage_dirs_pattern(clvmd_t, clmvd_tmpfs_t, clmvd_tmpfs_t)
+manage_files_pattern(clvmd_t, clmvd_tmpfs_t,clmvd_tmpfs_t)
+fs_tmpfs_filetrans(clvmd_t, clmvd_tmpfs_t, { dir file })
+
 manage_files_pattern(clvmd_t, clvmd_var_run_t, clvmd_var_run_t)
 files_pid_filetrans(clvmd_t, clvmd_var_run_t, file)