XtraDB SELinux

I'm trying to make XtraDB and SELinux "play nice",

A resulting policy of my work so far:

---
module xtradb 1.0;

require {
        type ifconfig_exec_t;
        type mysqld_safe_t;
        type mysqld_t;
        type var_lib_t;
        type sysctl_net_t;
        class file { write ioctl read open execute setattr write getattr append execute_no_trans };
        class dir search;
        class unix_stream_socket connectto;
        class sock_file unlink;
}

#============= mysqld_safe_t ==============
allow mysqld_safe_t var_lib_t:file { ioctl open setattr write getattr append };
allow mysqld_t ifconfig_exec_t:file { read open execute getattr execute_no_trans };
allow mysqld_t var_lib_t:file { read write append getattr open };
allow mysqld_t var_lib_t:sock_file unlink;
allow mysqld_t sysctl_net_t:dir search;
allow mysqld_t self:unix_stream_socket connectto;
---

There is however still a large number of avc denials, due to on startup attempting to invoke "ps", as this requires access to various /proc/[0-9]+/ files it's causing a lot of AVC denials; and a policy allowing access for the process to walk all of these files seems somewhat insecure, and I'd rather not do that if ay all avoidable.

Could someone please shed some light on what this process is trying to achieve? perhaps this could be written in a cleaner manner?