##
-@@ -15,6 +38,7 @@ gen_tunable(mmap_low_allowed, false)
+ ## Control the ability to mmap a low area of the address space,
+-## as configured by /proc/sys/kernel/mmap_min_addr.
++## as configured by /proc/sys/vm/mmap_min_addr.
+ ##
+ ##
+ gen_tunable(mmap_low_allowed, false)
# Mark process types as domains
attribute domain;
@@ -9534,7 +9557,7 @@ index b876c48..bbd0e79 100644
+/nsr(/.*)? gen_context(system_u:object_r:var_t,s0)
+/nsr/logs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
-index f962f76..ec9e64a 100644
+index f962f76..002283d 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -19,6 +19,136 @@
@@ -10304,7 +10327,7 @@ index f962f76..ec9e64a 100644
')
########################################
-@@ -1946,6 +2425,24 @@ interface(`files_unmount_rootfs',`
+@@ -1946,6 +2425,42 @@ interface(`files_unmount_rootfs',`
########################################
##