selinux: Allow domtrans from kernel_t to drbd_t

selinux/drbd.te

@@ -50,6 +50,7 @@ require {
 #============= drbd_t ==============
 allow drbd_t self:capability { dac_read_search  kill net_admin sys_admin };
 dontaudit drbd_t self:capability sys_tty_config;
+allow drbd_t self:dir rw_dir_perms;
 allow drbd_t self:fifo_file rw_fifo_file_perms;
 allow drbd_t self:unix_stream_socket create_stream_socket_perms;
 allow drbd_t self:netlink_socket create_socket_perms;
@@ -72,6 +73,7 @@ manage_dirs_pattern(drbd_t, drbd_tmp_t, drbd_tmp_t)
 manage_files_pattern(drbd_t, drbd_tmp_t, drbd_tmp_t)
 files_tmp_filetrans(drbd_t, drbd_tmp_t, {file dir})
 
+kernel_domtrans_to(drbd_t, drbd_exec_t)
 kernel_read_system_state(drbd_t)
 kernel_load_module(drbd_t)
 
@@ -91,6 +93,7 @@ files_read_kernel_modules(drbd_t)
 
 logging_send_syslog_msg(drbd_t)
 
+fs_associate_proc(drbd_t)
 fs_getattr_xattr_fs(drbd_t)
 
 modutils_read_module_config(drbd_t)