systemd: Updates for generators and kmod-static-nodes.service.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>

policy/modules/system/logging.te

@@ -549,6 +549,7 @@ ifdef(`init_systemd',`
 	init_dgram_send(syslogd_t)
 	init_read_runtime_pipes(syslogd_t)
 	init_read_runtime_symlinks(syslogd_t)
+	init_read_runtime_files(syslogd_t)
 	init_read_state(syslogd_t)
 
 	# needed for systemd-initrd case when syslog socket is unlabelled

policy/modules/system/modutils.fc

@@ -10,6 +10,7 @@ ifdef(`distro_gentoo',`
 
 ifdef(`init_systemd',`
 /run/tmpfiles\.d/kmod\.conf	--	gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0)
+/run/tmpfiles\.d/static-nodes\.conf --  gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0)
 ')
 
 /usr/bin/depmod.*		--	gen_context(system_u:object_r:kmod_exec_t,s0)

policy/modules/system/systemd.te

@@ -506,7 +506,7 @@ systemd_log_parse_environment(systemd_generator_t)
 
 term_use_unallocated_ttys(systemd_generator_t)
 
-udev_search_runtime(systemd_generator_t)
+udev_read_runtime_files(systemd_generator_t)
 
 ifdef(`distro_gentoo',`
 	corecmd_shell_entry_type(systemd_generator_t)
@@ -1442,6 +1442,8 @@ files_runtime_filetrans(systemd_sessions_t, systemd_sessions_runtime_t, file)
 
 fs_getattr_all_fs(systemd_sessions_t)
 fs_search_cgroup_dirs(systemd_sessions_t)
+fs_search_tmpfs(systemd_sessions_t)
+fs_search_ramfs(systemd_sessions_t)
 
 kernel_read_kernel_sysctls(systemd_sessions_t)
 kernel_dontaudit_getattr_proc(systemd_sessions_t)
@@ -1600,6 +1602,7 @@ init_read_state(systemd_tmpfiles_t)
 
 init_relabel_utmp(systemd_tmpfiles_t)
 init_relabel_var_lib_dirs(systemd_tmpfiles_t)
+init_read_runtime_files(systemd_tmpfiles_t)
 
 logging_manage_generic_logs(systemd_tmpfiles_t)
 logging_manage_generic_log_dirs(systemd_tmpfiles_t)