File systemd-tmpfiles.patch of Package selinux-policy

Index: serefpolicy-20140730/policy/modules/kernel/devices.if
===================================================================
--- serefpolicy-20140730.orig/policy/modules/kernel/devices.if
+++ serefpolicy-20140730/policy/modules/kernel/devices.if
@@ -6602,3 +6602,25 @@ interface(`dev_filetrans_xserver_named_d
 	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card8")
 	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card9")
 ')
+
+
+########################################
+## <summary>
+##	Allow full relabeling (to and from) of all device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`dev_create_all_dev_nodes',`
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	allow $1 device_node {create};
+')
+
Index: serefpolicy-20140730/policy/modules/system/systemd.te
===================================================================
--- serefpolicy-20140730.orig/policy/modules/system/systemd.te
+++ serefpolicy-20140730/policy/modules/system/systemd.te
@@ -320,6 +320,11 @@ dev_read_cpu_online(systemd_tmpfiles_t)
 dev_manage_all_dev_nodes(systemd_tmpfiles_t)
 dev_relabel_all_dev_nodes(systemd_tmpfiles_t)
 
+# allow tmpfiles to create files/dirs in /dev
+systemd_tmpfiles_xconsole_create(systemd_tmpfiles_t)
+dev_getattr_autofs_dev(systemd_tmpfiles_t);
+dev_getattr_lvm_control(systemd_tmpfiles_t);
+dev_create_generic_dirs(systemd_tmpfiles_t);
 domain_obj_id_change_exemption(systemd_tmpfiles_t)
 
 # systemd-tmpfiles relabel /run/lock and creates /run/lock/lockdev
Index: serefpolicy-20140730/policy/modules/system/systemd.if
===================================================================
--- serefpolicy-20140730.orig/policy/modules/system/systemd.if
+++ serefpolicy-20140730/policy/modules/system/systemd.if
@@ -1458,3 +1458,22 @@ interface(`systemd_dontaudit_dbus_chat',
 
 	dontaudit $1 systemd_domain:dbus send_msg;
 ')
+
+########################################
+## <summary>
+##	Allow systemd-tmpfiles to create xconsole_device_t
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`systemd_tmpfiles_xconsole_create',`
+	gen_require(`
+		type device_t, xconsole_device_t;
+	')
+
+	create_fifo_files_pattern($1, device_t, xconsole_device_t);
+')
+