diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 4052ab9..85b3bb4 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -559,7 +559,7 @@ interface(`fs_register_binary_executable_type',`
########################################
##
-## Get attributes of cgroup filesystems.
+## Mount cgroup filesystems.
##
##
##
@@ -567,17 +567,17 @@ interface(`fs_register_binary_executable_type',`
##
##
#
-interface(`fs_getattr_cgroup',`
+interface(`fs_mount_cgroup', `
gen_require(`
type cgroup_t;
')
- allow $1 cgroup_t:filesystem getattr;
+ allow $1 cgroup_t:filesystem mount;
')
########################################
##
-## Mount cgroup filesystems.
+## Remount cgroup filesystems.
##
##
##
@@ -585,17 +585,17 @@ interface(`fs_getattr_cgroup',`
##
##
#
-interface(`fs_mount_cgroup', `
+interface(`fs_remount_cgroup', `
gen_require(`
type cgroup_t;
')
- allow $1 cgroup_t:filesystem mount;
+ allow $1 cgroup_t:filesystem remount;
')
########################################
##
-## Mount on cgroup directories.
+## Unmount cgroup filesystems.
##
##
##
@@ -603,17 +603,17 @@ interface(`fs_mount_cgroup', `
##
##
#
-interface(`fs_mounton_cgroup', `
+interface(`fs_unmount_cgroup', `
gen_require(`
type cgroup_t;
')
- allow $1 cgroup_t:dir mounton;
+ allow $1 cgroup_t:filesystem unmount;
')
########################################
##
-## Remount cgroup filesystems.
+## Get attributes of cgroup filesystems.
##
##
##
@@ -621,17 +621,17 @@ interface(`fs_mounton_cgroup', `
##
##
#
-interface(`fs_remount_cgroup', `
+interface(`fs_getattr_cgroup',`
gen_require(`
type cgroup_t;
')
- allow $1 cgroup_t:filesystem remount;
+ allow $1 cgroup_t:filesystem getattr;
')
########################################
##
-## Unmount cgroup filesystems.
+## Search cgroup directories.
##
##
##
@@ -639,17 +639,18 @@ interface(`fs_remount_cgroup', `
##
##
#
-interface(`fs_unmount_cgroup', `
+interface(`fs_search_cgroup_dirs',`
gen_require(`
type cgroup_t;
+
')
- allow $1 cgroup_t:filesystem unmount;
+ search_dirs_pattern($1, cgroup_t, cgroup_t)
')
########################################
##
-## Delete cgroup directories.
+## list cgroup directories.
##
##
##
@@ -657,17 +658,17 @@ interface(`fs_unmount_cgroup', `
##
##
#
-interface(`fs_delete_cgroup_dirs', `
+interface(`fs_list_cgroup_dirs', `
gen_require(`
type cgroup_t;
')
- delete_dirs_pattern($1, cgroup_t, cgroup_t)
+ list_dirs_pattern($1, cgroup_t, cgroup_t)
')
########################################
##
-## list cgroup directories.
+## Delete cgroup directories.
##
##
##
@@ -675,12 +676,12 @@ interface(`fs_delete_cgroup_dirs', `
##
##
#
-interface(`fs_list_cgroup_dirs', `
+interface(`fs_delete_cgroup_dirs', `
gen_require(`
type cgroup_t;
')
- list_dirs_pattern($1, cgroup_t, cgroup_t)
+ delete_dirs_pattern($1, cgroup_t, cgroup_t)
')
########################################
@@ -704,7 +705,7 @@ interface(`fs_manage_cgroup_dirs',`
########################################
##
-## Search cgroup directories.
+## Read cgroup files.
##
##
##
@@ -712,18 +713,18 @@ interface(`fs_manage_cgroup_dirs',`
##
##
#
-interface(`fs_search_cgroup_dirs',`
+interface(`fs_read_cgroup_files',`
gen_require(`
type cgroup_t;
')
- search_dirs_pattern($1, cgroup_t, cgroup_t)
+ read_files_pattern($1, cgroup_t, cgroup_t)
')
########################################
##
-## Manage cgroup files.
+## Write cgroup files.
##
##
##
@@ -731,18 +732,17 @@ interface(`fs_search_cgroup_dirs',`
##
##
#
-interface(`fs_manage_cgroup_files',`
+interface(`fs_write_cgroup_files', `
gen_require(`
type cgroup_t;
-
')
- manage_files_pattern($1, cgroup_t, cgroup_t)
+ write_files_pattern($1, cgroup_t, cgroup_t)
')
########################################
##
-## Read cgroup files.
+## Read and write cgroup files.
##
##
##
@@ -750,37 +750,38 @@ interface(`fs_manage_cgroup_files',`
##
##
#
-interface(`fs_read_cgroup_files',`
+interface(`fs_rw_cgroup_files',`
gen_require(`
type cgroup_t;
')
- read_files_pattern($1, cgroup_t, cgroup_t)
+ rw_files_pattern($1, cgroup_t, cgroup_t)
')
########################################
##
-## Read and write cgroup files.
+## Do not audit attempts to open,
+## get attributes, read and write
+## cgroup files.
##
##
##
-## Domain allowed access.
+## Domain to not audit.
##
##
#
-interface(`fs_rw_cgroup_files',`
+interface(`fs_dontaudit_rw_cgroup_files',`
gen_require(`
type cgroup_t;
-
')
- rw_files_pattern($1, cgroup_t, cgroup_t)
+ dontaudit $1 cgroup_t:file rw_file_perms;
')
########################################
##
-## Write cgroup files.
+## Manage cgroup files.
##
##
##
@@ -788,32 +789,31 @@ interface(`fs_rw_cgroup_files',`
##
##
#
-interface(`fs_write_cgroup_files', `
+interface(`fs_manage_cgroup_files',`
gen_require(`
type cgroup_t;
+
')
- write_files_pattern($1, cgroup_t, cgroup_t)
+ manage_files_pattern($1, cgroup_t, cgroup_t)
')
########################################
##
-## Do not audit attempts to open,
-## get attributes, read and write
-## cgroup files.
+## Mount on cgroup directories.
##
##
##
-## Domain to not audit.
+## Domain allowed access.
##
##
#
-interface(`fs_dontaudit_rw_cgroup_files',`
+interface(`fs_mounton_cgroup', `
gen_require(`
type cgroup_t;
')
- dontaudit $1 cgroup_t:file rw_file_perms;
+ allow $1 cgroup_t:dir mounton;
')
########################################