--- nsaserefpolicy/policy/modules/kernel/selinux.if	2007-02-27 14:37:10.000000000 -0500
+++ serefpolicy-2.5.10/policy/modules/kernel/selinux.if	2007-03-22 15:06:58.000000000 -0400
@@ -51,6 +51,44 @@
 
 ########################################
 ## <summary>
+##	Do not audit attempts to get the
+##	attributes of the selinuxfs filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`selinux_dontaudit_getattr_fs',`
+	gen_require(`
+		type security_t;
+	')
+
+	dontaudit $1 security_t:filesystem getattr;
+')
+
+########################################
+## <summary>
+##	Allow domain to get the
+##	attributes of the selinuxfs filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`selinux_getattr_fs',`
+	gen_require(`
+		type security_t;
+	')
+
+	allow $1 security_t:filesystem getattr;
+')
+
+########################################
+## <summary>
 ##	Search selinuxfs.
 ## </summary>
 ## <param name="domain">
--- nsaserefpolicy/policy/modules/system/selinuxutil.if	2007-01-02 12:57:49.000000000 -0500
+++ serefpolicy-2.5.10/policy/modules/system/selinuxutil.if	2007-03-22 15:06:59.000000000 -0400
@@ -616,7 +616,7 @@
 	gen_require(`
 		type selinux_config_t;
 	')
-
+	selinux_dontaudit_getattr_fs($1)
 	dontaudit $1 selinux_config_t:dir search;
 	dontaudit $1 selinux_config_t:file { getattr read };
 ')
@@ -637,6 +637,8 @@
 		type selinux_config_t;
 	')
 
+	selinux_getattr_fs($1)
+
 	files_search_etc($1)
 	allow $1 selinux_config_t:dir list_dir_perms;
 	read_files_pattern($1,selinux_config_t,selinux_config_t)