From 7487f355dd41d033b7f1bfa59c295bcb5cb82ad2 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 23 Aug 2014 13:35:51 +0200
Subject: [PATCH] Label (/var)?/tmp/systemd-private-.../tmp like /tmp

Such directories are used by systemd as private mountpoints for
services.
---
 policy/modules/kernel/files.fc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index b876c48ad..fc765e7b3 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -191,6 +191,10 @@ ifdef(`distro_debian',`
 /tmp/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
 /tmp/lost\+found/.*		<<none>>
 
+/tmp/systemd-private-[^/]+	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/tmp/systemd-private-[^/]+/tmp	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/tmp/systemd-private-[^/]+/tmp/.*	<<none>>
+
 #
 # /usr
 #
@@ -265,6 +269,9 @@ ifndef(`distro_redhat',`
 /var/tmp/.*			<<none>>
 /var/tmp/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
 /var/tmp/lost\+found/.*		<<none>>
+/var/tmp/systemd-private-[^/]+	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/var/tmp/systemd-private-[^/]+/tmp	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/var/tmp/systemd-private-[^/]+/tmp/.*	<<none>>
 /var/tmp/vi\.recover	-d	gen_context(system_u:object_r:tmp_t,s0)
 
 ifdef(`distro_debian',`