memlockd: Move lines.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>

policy/modules/services/memlockd.te

@@ -15,9 +15,6 @@ init_daemon_domain(memlockd_t, memlockd_exec_t)
 #
 
 allow memlockd_t self:capability { setgid setuid ipc_lock };
-ifndef(`distro_debian', `
-allow memlockd_t self:capability dac_read_search;
-')
 allow memlockd_t self:fifo_file rw_file_perms;
 
 # cache /etc/shadow too
@@ -30,10 +27,15 @@ corecmd_exec_shell(memlockd_t)
 corecmd_read_all_executables(memlockd_t)
 corecmd_search_bin(memlockd_t)
 files_read_etc_files(memlockd_t)
-libs_exec_ld_so(memlockd_t)
 files_map_etc_files(memlockd_t)
 
+libs_exec_ld_so(memlockd_t)
+
 logging_send_syslog_msg(memlockd_t)
 miscfiles_read_localization(memlockd_t)
 
 sysnet_mmap_read_config(memlockd_t)
+
+ifndef(`distro_debian', `
+	allow memlockd_t self:capability dac_read_search;
+')