node_exporter: various fixes

Signed-off-by: Kenton Groombridge <me@concord.sh>

policy/modules/services/node_exporter.te

@@ -25,7 +25,7 @@ logging_log_file(node_exporter_log_t)
 
 allow node_exporter_t self:fifo_file rw_fifo_file_perms;
 allow node_exporter_t self:process { getsched signal };
-allow node_exporter_t self:netlink_route_socket r_netlink_socket_perms;
+allow node_exporter_t self:netlink_route_socket create_netlink_socket_perms;
 allow node_exporter_t self:tcp_socket create_stream_socket_perms;
 allow node_exporter_t self:udp_socket create_socket_perms;
 
@@ -47,6 +47,10 @@ corenet_tcp_bind_generic_node(node_exporter_t)
 
 dev_read_sysfs(node_exporter_t)
 
+files_dontaudit_search_all_dirs(node_exporter_t)
+# to read /etc/os-release
+files_read_etc_files(node_exporter_t)
+
 fs_getattr_all_fs(node_exporter_t)
 
 init_read_state(node_exporter_t)
@@ -58,6 +62,9 @@ kernel_read_network_state(node_exporter_t)
 kernel_read_software_raid_state(node_exporter_t)
 kernel_read_system_state(node_exporter_t)
 
+# to read udev state data
+udev_read_runtime_files(node_exporter_t)
+
 ifdef(`init_systemd',`
 	dbus_system_bus_client(node_exporter_t)