ISCSI patch from Dan Walsh.

policy/modules/system/iscsi.if

@@ -17,3 +17,42 @@ interface(`iscsid_domtrans',`
 
 	domtrans_pattern($1, iscsid_exec_t, iscsid_t)
 ')
+
+########################################
+## <summary>
+##	Connect to ISCSI using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`iscsi_stream_connect',`
+	gen_require(`
+		type iscsid_t, iscsi_var_lib_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t, iscsid_t)
+')
+
+########################################
+## <summary>
+##	Read iscsi lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`iscsi_read_lib_files',`
+	gen_require(`
+		type iscsi_var_lib_t;
+	')
+
+	read_files_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t)
+	allow $1 iscsi_var_lib_t:dir list_dir_perms;
+	files_search_var_lib($1)
+')

policy/modules/system/iscsi.te

@@ -1,5 +1,5 @@
 
-policy_module(iscsi, 1.6.0)
+policy_module(iscsi, 1.6.1)
 
 ########################################
 #
@@ -55,6 +55,7 @@ manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
 files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
 
 kernel_read_system_state(iscsid_t)
+kernel_search_debugfs(iscsid_t)
 
 corenet_all_recvfrom_unlabeled(iscsid_t)
 corenet_all_recvfrom_netlabel(iscsid_t)
@@ -73,6 +74,6 @@ files_read_etc_files(iscsid_t)
 
 logging_send_syslog_msg(iscsid_t)
 
-miscfiles_read_localization(iscsid_t)
+auth_use_nsswitch(iscsid_t)
 
-sysnet_dns_name_resolve(iscsid_t)
+miscfiles_read_localization(iscsid_t)