Add neccessary permissions for losetup

This allows losetup to bind mount_loopback_t files to loop devices.

policy/modules/kernel/kernel.te

@@ -299,6 +299,11 @@ ifdef(`distro_redhat',`
 	fs_rw_tmpfs_chr_files(kernel_t)
 ')
 
+optional_policy(`
+	# loop devices
+	fstools_use_fds(kernel_t)
+')
+
 optional_policy(`
 	hotplug_search_config(kernel_t)
 ')

policy/modules/system/fstools.te

@@ -94,6 +94,8 @@ dev_rw_sysfs(fsadm_t)
 dev_getattr_usbfs_dirs(fsadm_t)
 # Access to /dev/mapper/control
 dev_rw_lvm_control(fsadm_t)
+# for losetup
+dev_rw_loop_control(fsadm_t)
 
 domain_use_interactive_fds(fsadm_t)
 
@@ -125,6 +127,9 @@ files_search_all(fsadm_t)
 mls_file_read_all_levels(fsadm_t)
 mls_file_write_all_levels(fsadm_t)
 
+# losetup: bind mount_loopback_t files to loop devices
+mount_rw_loopback_files(fsadm_t)
+
 storage_raw_read_fixed_disk(fsadm_t)
 storage_raw_write_fixed_disk(fsadm_t)
 storage_raw_read_removable_device(fsadm_t)