mount: sets kernel thread priority mount: mount reads /lib/modules/3.10-2-amd64/modules.dep mount: mount lists all mount points

In debian mount was trying to list / on a tmpfs (/run/lock). Since
var_lock_t is a mountpoint type, and so is mnt_t, i decided to implement
a files_list_all_mountpoints() and call that for mount because it makes
sense

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>

policy/modules/kernel/files.if

@@ -1653,6 +1653,24 @@ interface(`files_dontaudit_search_all_mountpoints',`
 	dontaudit $1 mountpoint:dir search_dir_perms;
 ')
 
+########################################
+## <summary>
+##	List all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_list_all_mountpoints',`
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	allow $1 mountpoint:dir list_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	Do not audit listing of all mount points.

policy/modules/system/mount.te

@@ -59,6 +59,7 @@ files_pid_filetrans(mount_t, mount_var_run_t, dir, "mount")
 
 kernel_read_system_state(mount_t)
 kernel_read_kernel_sysctls(mount_t)
+kernel_setsched(mount_t)
 kernel_dontaudit_getattr_core_if(mount_t)
 kernel_dontaudit_write_debugfs_dirs(mount_t)
 kernel_dontaudit_write_proc_dirs(mount_t)
@@ -96,7 +97,7 @@ files_unmount_all_file_type_fs(mount_t)
 files_read_isid_type_files(mount_t)
 # For reading cert files
 files_read_usr_files(mount_t)
-files_list_mnt(mount_t)
+files_list_all_mountpoints(mount_t)
 files_dontaudit_write_all_mountpoints(mount_t)
 files_dontaudit_setattr_all_mountpoints(mount_t)
 
@@ -201,6 +202,10 @@ optional_policy(`
 	')
 ')
 
+optional_policy(`
+	modutils_read_module_deps(mount_t)
+')
+
 optional_policy(`
 	puppet_rw_tmp(mount_t)
 ')