setfscreate privilege is needed to be able to install java-config package

During the installation of for instance java-config, Portage wants to set
its default file creation context to root:object_r:portage_tmp_t which isn't
allowed:

creating /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/etc/revdep-rebuild
copying src/revdep-rebuild/60-java -> /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/etc/revdep-rebuild/
running install_egg_info
Writing /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/usr/lib64/python3.1/site-packages/java_config-2.1.11-py3.1.egg-info
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
...
ERROR: dev-java/java-config-2.1.11-r3 failed:
   Merging of intermediate installation image for Python ABI '2.6 into installation image failed

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>

policy/modules/admin/portage.if

@@ -77,8 +77,8 @@ interface(`portage_compile_domain',`
 
 	allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
 	dontaudit $1 self:capability sys_chroot;
-	allow $1 self:process { setpgid setsched setrlimit signal_perms execmem };
+	allow $1 self:process { setpgid setsched setrlimit signal_perms execmem setfscreate };
-	allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+	allow $1 self:process ~{ ptrace setcurrent setexec setrlimit execmem execstack execheap };
 	allow $1 self:fd use;
 	allow $1 self:fifo_file rw_fifo_file_perms;
 	allow $1 self:shm create_shm_perms;