- Allow clamscan to read proc_t

- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir

policy-F14.patch

@@ -2569,6 +2569,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
 +optional_policy(`
  	xserver_dontaudit_write_log(shutdown_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.8.8/policy/modules/admin/smoltclient.te
+--- nsaserefpolicy/policy/modules/admin/smoltclient.te	2010-07-27 16:06:04.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/admin/smoltclient.te	2010-08-23 17:32:41.000000000 -0400
+@@ -42,6 +42,7 @@
+ 
+ fs_getattr_all_fs(smoltclient_t)
+ fs_getattr_all_dirs(smoltclient_t)
++fs_list_auto_mountpoints(smoltclient_t)
+ 
+ files_getattr_generic_locks(smoltclient_t)
+ files_read_etc_files(smoltclient_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.8.8/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2010-07-27 16:06:04.000000000 -0400
 +++ serefpolicy-3.8.8/policy/modules/admin/sudo.if	2010-07-30 14:06:53.000000000 -0400
@@ -9419,7 +9430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +/cgroup(/.*)? 	 	gen_context(system_u:object_r:cgroup_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.8/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2010-07-27 16:06:05.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if	2010-08-13 10:09:00.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if	2010-08-23 17:32:34.000000000 -0400
 @@ -1233,7 +1233,7 @@
  		type cifs_t;
  	')