Merge pull request #635 from gtrentalancia/main

The kernel domain should be able to mounton default and runtime directories

policy/modules/kernel/kernel.te

@@ -360,10 +360,12 @@ files_delete_root_symlinks(kernel_t)
 files_delete_root_chr_files(kernel_t)
 files_list_root(kernel_t)
 files_list_etc(kernel_t)
+files_mounton_runtime_dirs(kernel_t)
 files_getattr_etc_runtime_dirs(kernel_t)
 files_mounton_etc_runtime_dirs(kernel_t)
 files_list_home(kernel_t)
 files_read_usr_files(kernel_t)
+files_mounton_default(kernel_t)
 
 mcs_process_set_categories(kernel_t)
 

policy/modules/system/init.te

@@ -850,10 +850,6 @@ files_exec_etc_files(initrc_t)
 files_read_usr_files(initrc_t)
 files_manage_urandom_seed(initrc_t)
 files_manage_generic_spool(initrc_t)
-# Mount and unmount file systems.
-# cjp: not sure why these are here; should use mount policy
-files_list_default(initrc_t)
-files_mounton_default(initrc_t)
 files_manage_mnt_dirs(initrc_t)
 files_manage_mnt_files(initrc_t)