selinux: ignore pmie/pmlogger getattr on nsfs files

Resolves Red Hat bug RHEL-29799

src/selinux/pcp.if

@@ -476,6 +476,26 @@ ifndef(`systemd_status_systemd_services',`
     ')
 ')
 
+########################################
+## <summary>
+##      Dummy fs_dontaudit_getattr_nsfs_files().
+##      Needed for pmie/pmlogger on some platforms, but if you
+##      don't have fs_dontaudit_getattr_nsfs_files() definition
+##      nothing needs to be done.
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </summary> 
+#
+ifndef(`fs_dontaudit_getattr_nsfs_files',`
+    interface(`fs_dontaudit_getattr_nsfs_files',`
+        gen_require(`
+            type $1;
+        ')
+    ')
+')
+
 ########################################
 ## <summary>
 ##      Dummy userdom_manage_tmp_dirs().

src/selinux/pcp.te

@@ -266,6 +266,7 @@ corecmd_getattr_all_executables(pcp_pmie_t)
 
 domain_read_all_domains_state(pcp_pmie_t)
 
+fs_dontaudit_getattr_nsfs_files(pcp_pmie_t)
 fs_search_cgroup_dirs(pcp_pmie_t)
 
 init_status(pcp_pmie_t)
@@ -314,6 +315,7 @@ corenet_tcp_bind_generic_node(pcp_pmlogger_t)
 
 domain_read_all_domains_state(pcp_pmlogger_t)
 
+fs_dontaudit_getattr_nsfs_files(pcp_pmlogger_t)
 fs_mount_tracefs(pcp_pmlogger_t)
 fs_getattr_all_fs(pcp_pmlogger_t)