kernel, rpc, systemd: deprecate kernel_mounton_proc

Deprecate kernel_mounton_proc in favor of kernel_mounton_proc_dirs. The
former seems to be a duplicate interface. Also fixup the summary of
kernel_mounton_proc_dirs.

Signed-off-by: Kenton Groombridge <me@concord.sh>

policy/modules/kernel/kernel.if

@@ -948,7 +948,7 @@ interface(`kernel_dontaudit_getattr_proc',`
 
 ########################################
 ## <summary>
-##	Mount on proc directories.
+##	Mount on proc directories.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -958,11 +958,8 @@ interface(`kernel_dontaudit_getattr_proc',`
 ## <rolecap/>
 #
 interface(`kernel_mounton_proc',`
-	gen_require(`
-		type proc_t;
-	')
-
-	allow $1 proc_t:dir mounton;
+	refpolicywarn(`$0($*) has been deprecated, please use kernel_mounton_proc_dirs() instead.')
+	kernel_mounton_proc_dirs($1)
 ')
 
 ########################################
@@ -1060,7 +1057,7 @@ interface(`kernel_dontaudit_write_proc_dirs',`
 
 ########################################
 ## <summary>
-##	Mount the directories in /proc.
+##	Mount on the directories in /proc.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

policy/modules/services/rpc.te

@@ -311,7 +311,7 @@ kernel_dontaudit_getattr_core_if(nfsd_t)
 kernel_search_debugfs(nfsd_t)
 kernel_setsched(nfsd_t)
 kernel_request_load_module(nfsd_t)
-# kernel_mounton_proc(nfsd_t)
+# kernel_mounton_proc_dirs(nfsd_t)
 
 corenet_sendrecv_nfs_server_packets(nfsd_t)
 corenet_tcp_bind_nfs_port(nfsd_t)

policy/modules/system/systemd.te

@@ -970,7 +970,7 @@ kernel_mount_proc(systemd_nspawn_t)
 kernel_mounton_sysctl_dirs(systemd_nspawn_t)
 kernel_mounton_kernel_sysctl_files(systemd_nspawn_t)
 kernel_mounton_message_if(systemd_nspawn_t)
-kernel_mounton_proc(systemd_nspawn_t)
+kernel_mounton_proc_dirs(systemd_nspawn_t)
 kernel_read_kernel_sysctls(systemd_nspawn_t)
 kernel_read_system_state(systemd_nspawn_t)
 kernel_remount_proc(systemd_nspawn_t)