Login take 4 from Russell Coker.

I have used optional sections for dbus and xserver as requested and also
fixed a minor issue of a rule not being in the correct section.

Please merge this.

policy/modules/contrib

@@ -1 +1 @@
-Subproject commit f22b859da477bf59374ea572449d023fc007e957
+Subproject commit 23c5c78943224a02037fa2789205183c2ff2939a

policy/modules/system/authlogin.te

@@ -118,6 +118,9 @@ files_dontaudit_search_var(chkpwd_t)
 
 fs_dontaudit_getattr_xattr_fs(chkpwd_t)
 
+selinux_get_enforce_mode(chkpwd_t)
+selinux_getattr_fs(chkpwd_t)
+
 term_dontaudit_use_console(chkpwd_t)
 term_dontaudit_use_unallocated_ttys(chkpwd_t)
 term_dontaudit_use_generic_ptys(chkpwd_t)

policy/modules/system/locallogin.te

@@ -33,6 +33,7 @@ role system_r types sulogin_t;
 #
 
 allow local_login_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config };
+dontaudit local_login_t self:capability net_admin;
 allow local_login_t self:process { setexec setrlimit setsched };
 allow local_login_t self:fd use;
 allow local_login_t self:fifo_file rw_fifo_file_perms;