systemd: support LogNamespace

systemd provides a segrated logging facility using a set of parallel
units including

 systemd-journald@<NAME>.service
 systemd-journald@<NAME>.socket
 systemd-journald-varlink@<NAME>.socket

These create files in /run/systemd/journal.<NAME>

systemd creates these files and labels them according to SELinux policy.

Extend the file context patterns to match this paralell infrastructure
so that these files are properly labeled, and the existing rules work.

Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>

Author: aerusso

policy/modules/system/logging.fc

@@ -86,11 +86,11 @@ ifdef(`distro_gentoo',`
 /run/syslog-ng\.ctl	--	gen_context(system_u:object_r:syslogd_runtime_t,s0)
 /run/syslog-ng\.pid	--	gen_context(system_u:object_r:syslogd_runtime_t,mls_systemhigh)
 /run/syslog-ng(/.*)?	gen_context(system_u:object_r:syslogd_runtime_t,s0)
-/run/systemd/journal(/.*)?	gen_context(system_u:object_r:syslogd_runtime_t,mls_systemhigh)
-/run/systemd/journal/socket -s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
-/run/systemd/journal/stdout -s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
-/run/systemd/journal/syslog -s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
-/run/systemd/journal/dev-log -s gen_context(system_u:object_r:devlog_t,mls_systemhigh)
+/run/systemd/journal(\.[^/]*)?(/.*)?	gen_context(system_u:object_r:syslogd_runtime_t,mls_systemhigh)
+/run/systemd/journal(\.[^/]*)?/socket -s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
+/run/systemd/journal(\.[^/]*)?/stdout -s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
+/run/systemd/journal(\.[^/]*)?/syslog -s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
+/run/systemd/journal(\.[^/]*)?/dev-log -s gen_context(system_u:object_r:devlog_t,mls_systemhigh)
 
 /var/spool/audit(/.*)?		gen_context(system_u:object_r:audit_spool_t,mls_systemhigh)
 /var/spool/bacula/log(/.*)? 	gen_context(system_u:object_r:var_log_t,s0)