trunk: 3 patches from dan.

policy/modules/admin/brctl.te

@@ -1,4 +1,4 @@
-policy_module(brctl,1.0.1)
+policy_module(brctl,1.0.2)
 
 ########################################
 #
@@ -26,6 +26,7 @@ kernel_read_network_state(brctl_t)
 kernel_read_sysctl(brctl_t)
 
 dev_rw_sysfs(brctl_t)
+dev_write_sysfs_dirs(brctl_t)
 
 # Init script handling
 domain_use_interactive_fds(brctl_t)

policy/modules/admin/logwatch.te

@@ -1,5 +1,5 @@
 
-policy_module(logwatch,1.6.0)
+policy_module(logwatch,1.6.1)
 
 #################################
 #
@@ -48,7 +48,7 @@ corecmd_exec_bin(logwatch_t)
 corecmd_exec_shell(logwatch_t)
 
 dev_read_urand(logwatch_t)
-dev_search_sysfs(logwatch_t)
+dev_read_sysfs(logwatch_t)
 
 # Read /proc/PID directories for all domains.
 domain_read_all_domains_state(logwatch_t)

policy/modules/admin/usermanage.if

@@ -216,6 +216,24 @@ interface(`usermanage_run_admin_passwd',`
 	')
 ')
 
+########################################
+## <summary>
+##	Dontaudit attempts to use useradd fds
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`usermanage_dontaudit_use_useradd_fds',`
+	gen_require(`
+		type useradd_t;
+	')
+
+	dontaudit $1 useradd_t:fd use;
+')
+
 ########################################
 ## <summary>
 ##	Execute useradd in the useradd domain.

policy/modules/admin/usermanage.te

@@ -1,5 +1,5 @@
 
-policy_module(usermanage,1.8.1)
+policy_module(usermanage,1.8.2)
 
 ########################################
 #
@@ -519,6 +519,10 @@ userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notd
 
 mta_manage_spool(useradd_t)
 
+optional_policy(`
+	apache_manage_all_user_content(useradd_t)
+')
+
 optional_policy(`
 	dpkg_use_fds(useradd_t)
 	dpkg_rw_pipes(useradd_t)