diff -up serefpolicy-3.10.0/policy/mcs.trans serefpolicy-3.10.0/policy/mcs

--- serefpolicy-3.10.0/policy/mcs.trans	2011-12-05 16:30:45.081703537 -0500

+++ serefpolicy-3.10.0/policy/mcs	2011-12-05 16:34:09.674001926 -0500

@@ -1,4 +1,6 @@

 ifdef(`enable_mcs',`

+default_range dir_file_class_set target low;

+

 #

 # Define sensitivities 

 #

diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc

index 26c13f2..2354089 100644

--- a/policy/modules/kernel/devices.fc

+++ b/policy/modules/kernel/devices.fc

@@ -205,6 +205,7 @@ ifdef(`distro_redhat',`

 # /sys

 #

 /sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)

+/sys/devices/system/cpu/online	gen_context(system_u:object_r:cpu_online_t,s0)

 /usr/lib/udev/devices(/.*)?		gen_context(system_u:object_r:device_t,s0)

 /usr/lib/udev/devices/lp.*	-c	gen_context(system_u:object_r:printer_device_t,s0)

diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te

index 112bebb..8f727be 100644

--- a/policy/modules/kernel/devices.te

+++ b/policy/modules/kernel/devices.te

@@ -226,8 +226,8 @@ fs_type(sysfs_t)

 genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)

 type cpu_online_t;

-allow cpu_online_t sysfs_t:filesystem associate;

-genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)

+files_type(cpu_online_t)

+dev_associate_sysfs(cpu_online_t)

 #

 # Type for /dev/tpm

diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc

index 7be4ddf..f7021a0 100644

--- a/policy/modules/kernel/kernel.fc

+++ b/policy/modules/kernel/kernel.fc

@@ -1 +1,2 @@

-# This module currently does not have any file contexts.

+

+/sys/class/net/ib.* 		gen_context(system_u:object_r:sysctl_net_t,s0)