Merge pull request #144 from fishilico/init-mount-kmsg

policy/modules/kernel/devices.if

@@ -2352,6 +2352,24 @@ interface(`dev_rw_kmsg',`
 	rw_chr_files_pattern($1, device_t, kmsg_device_t)
 ')
 
+########################################
+## <summary>
+##	Mount on the kernel messages device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_mounton_kmsg',`
+	gen_require(`
+		type kmsg_device_t;
+	')
+
+	allow $1 kmsg_device_t:chr_file mounton;
+')
+
 ########################################
 ## <summary>
 ##	Get the attributes of the ksm devices.

policy/modules/system/init.te

@@ -286,6 +286,7 @@ ifdef(`init_systemd',`
 	kernel_search_key(init_t)
 	kernel_setsched(init_t)
 	kernel_rw_unix_sysctls(init_t)
+	kernel_mounton_message_if(init_t)
 
 	# run systemd misc initializations
 	# in the initrc_t domain, as would be
@@ -297,6 +298,7 @@ ifdef(`init_systemd',`
 	dev_relabel_all_sysfs(init_t)
 	dev_relabel_generic_symlinks(init_t)
 	dev_read_urand(init_t)
+	dev_mounton_kmsg(init_t)
 	dev_write_kmsg(init_t)
 	dev_write_urand(init_t)
 	dev_rw_lvm_control(init_t)