dontaudit mount writes to newly mounted filesystems

Signed-off-by: Chris Richards <gizmo@giz-works.com>

policy/modules/system/mount.te

@@ -49,16 +49,21 @@ files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
 kernel_read_system_state(mount_t)
 kernel_read_kernel_sysctls(mount_t)
 kernel_dontaudit_getattr_core_if(mount_t)
+kernel_dontaudit_write_debugfs_dirs(mount_t)
+kernel_dontaudit_write_proc_dirs(mount_t)
 
 # required for mount.smbfs
 corecmd_exec_bin(mount_t)
 
 dev_getattr_all_blk_files(mount_t)
 dev_list_all_dev_nodes(mount_t)
+dev_read_sysfs(mount_t)
 dev_rw_lvm_control(mount_t)
 dev_dontaudit_getattr_all_chr_files(mount_t)
 dev_dontaudit_getattr_memory_dev(mount_t)
+dev_dontaudit_write_sysfs_dirs(mount_t)
 dev_getattr_sound_dev(mount_t)
+
 # Early devtmpfs, before udev relabel
 dev_dontaudit_rw_generic_chr_files(mount_t)
 
@@ -80,6 +85,7 @@ files_read_isid_type_files(mount_t)
 # For reading cert files
 files_read_usr_files(mount_t)
 files_list_mnt(mount_t)
+files_dontaudit_write_root_dirs(mount_t)
 
 fs_getattr_xattr_fs(mount_t)
 fs_getattr_cifs(mount_t)
@@ -90,6 +96,7 @@ fs_relabelfrom_all_fs(mount_t)
 fs_list_auto_mountpoints(mount_t)
 fs_rw_tmpfs_chr_files(mount_t)
 fs_read_tmpfs_symlinks(mount_t)
+fs_dontaudit_write_tmpfs_dirs(mount_t)
 
 mls_file_read_all_levels(mount_t)
 mls_file_write_all_levels(mount_t)