Simple map patch from Russell Coker.

policy/modules/contrib

@@ -1 +1 @@
-Subproject commit 2791e5c2969733c012ee7e5c3f1da66170cf738d
+Subproject commit 9dbcfc199d296a0d82076f899a3549344f124294

policy/modules/kernel/files.if

@@ -2942,6 +2942,36 @@ interface(`files_read_etc_files',`
 	read_lnk_files_pattern($1, etc_t, etc_t)
 ')
 
+########################################
+## <summary>
+##	Map generic files in /etc.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to map generic files in /etc.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_read_etc_files()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+interface(`files_map_etc_files',`
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:file map;
+')
+
 ########################################
 ## <summary>
 ##	Do not audit attempts to write generic files in /etc.

policy/modules/kernel/files.te

@@ -1,4 +1,4 @@
-policy_module(files, 1.25.0)
+policy_module(files, 1.25.1)
 
 ########################################
 #

policy/modules/system/logging.te

@@ -1,4 +1,4 @@
-policy_module(logging, 1.27.0)
+policy_module(logging, 1.27.1)
 
 ########################################
 #
@@ -257,6 +257,7 @@ corecmd_exec_shell(audisp_t)
 
 domain_use_interactive_fds(audisp_t)
 
+files_map_etc_files(audisp_t)
 files_read_etc_files(audisp_t)
 files_read_etc_runtime_files(audisp_t)
 
@@ -418,6 +419,8 @@ files_pid_filetrans(syslogd_t, syslogd_tmp_t, dir, "log")
 # manage temporary files
 manage_dirs_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
 manage_files_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
+allow syslogd_t syslogd_tmp_t:file map;
+
 files_tmp_filetrans(syslogd_t, syslogd_tmp_t, { dir file })
 
 manage_files_pattern(syslogd_t, syslogd_var_lib_t, syslogd_var_lib_t)
@@ -426,6 +429,8 @@ files_search_var_lib(syslogd_t)
 
 # manage pid file
 manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
+allow syslogd_t syslogd_var_run_t:file map;
+
 files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
 allow syslogd_t syslogd_var_run_t:dir create_dir_perms;
 

policy/modules/system/lvm.te

@@ -1,4 +1,4 @@
-policy_module(lvm, 1.20.0)
+policy_module(lvm, 1.20.1)
 
 ########################################
 #
@@ -211,6 +211,8 @@ manage_sock_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
 files_pid_filetrans(lvm_t, lvm_var_run_t, { file sock_file })
 
 read_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
+allow lvm_t lvm_etc_t:file map;
+
 read_lnk_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
 # Write to /etc/lvm, /etc/lvmtab, /etc/lvmtab.d
 manage_files_pattern(lvm_t, lvm_metadata_t, lvm_metadata_t)

policy/modules/system/modutils.te

@@ -1,4 +1,4 @@
-policy_module(modutils, 1.19.0)
+policy_module(modutils, 1.19.1)
 
 ########################################
 #
@@ -132,7 +132,9 @@ optional_policy(`
 ')
 
 optional_policy(`
+	# for postinst of a new kernel package
 	dpkg_manage_script_tmp_files(kmod_t)
+	dpkg_map_script_tmp_files(kmod_t)
 ')
 
 optional_policy(`

policy/modules/system/systemd.if

@@ -366,6 +366,7 @@ interface(`systemd_manage_journal_files',`
 
 	manage_dirs_pattern($1, systemd_journal_t, systemd_journal_t)
 	manage_files_pattern($1, systemd_journal_t, systemd_journal_t)
+	allow $1 systemd_journal_t:file map;
 ')
 
 

policy/modules/system/systemd.te

@@ -1,4 +1,4 @@
-policy_module(systemd, 1.5.1)
+policy_module(systemd, 1.5.2)
 
 #########################################
 #