--- refpolicy-0.2.20100524.orig/policy/modules/kernel/files.if
+++ refpolicy-0.2.20100524/policy/modules/kernel/files.if
@@ -413,6 +413,26 @@
 
 ########################################
 ## <summary>
+##	Transform the type into a file, for use on a
+##	virtual memory filesystem (hugetlbfs).
+## </summary>
+## <param name="type">
+##	<summary>
+##	The type to be transformed.
+##	</summary>
+## </param>
+#
+interface(`files_hugetlbfs_file',`
+	gen_require(`
+		attribute hugetlbfsfile;
+	')
+
+	files_type($1)
+	typeattribute $1 hugetlbfsfile;
+')
+
+########################################
+## <summary>
 ##	Get the attributes of all directories.
 ## </summary>
 ## <param name="domain">
@@ -3116,8 +3136,9 @@
 	gen_require(`
 		type mnt_t;
 	')
-
-	allow $1 mnt_t:dir search_dir_perms;
+        
+        allow $1 mnt_t:dir search_dir_perms;
+        allow $1 mnt_t:lnk_file read_lnk_file_perms;
 ')
 
 ########################################
@@ -3136,6 +3157,7 @@
 	')
 
 	dontaudit $1 mnt_t:dir search_dir_perms;
+	dontaudit $1 mnt_t:lnk_file read_lnk_file_perms;
 ')
 
 ########################################
@@ -3154,6 +3176,7 @@
 	')
 
 	allow $1 mnt_t:dir list_dir_perms;
+	allow $1 mnt_t:lnk_file read_lnk_file_perms;
 ')
 
 ########################################
@@ -5204,6 +5227,25 @@
 ')
 
 ########################################
+## <summary>
+##      Create directories under /var/run
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`files_manage_pid_dirs',`
+	gen_require(`
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_t:dir search;
+	allow $1 var_run_t:dir manage_dir_perms;
+')
+
+########################################
 ## <summary>
 ##	Do not audit attempts to write to daemon runtime data files.
 ## </summary>