Merge branch 'locallogin_module' of git://github.com/cgzones/refpolicy

policy/modules/system/locallogin.te

@@ -33,8 +33,7 @@ role system_r types sulogin_t;
 #
 
 allow local_login_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config };
-allow local_login_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+allow local_login_t self:process { setexec setrlimit setsched };
-allow local_login_t self:process { setrlimit setexec };
 allow local_login_t self:fd use;
 allow local_login_t self:fifo_file rw_fifo_file_perms;
 allow local_login_t self:sock_file read_sock_file_perms;
@@ -171,7 +170,9 @@ optional_policy(`
 optional_policy(`
 	dbus_system_bus_client(local_login_t)
 
-	consolekit_dbus_chat(local_login_t)
+	optional_policy(`
+		consolekit_dbus_chat(local_login_t)
+	')
 ')
 
 optional_policy(`
@@ -211,7 +212,6 @@ optional_policy(`
 #
 
 allow sulogin_t self:capability dac_override;
-allow sulogin_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
 allow sulogin_t self:fd use;
 allow sulogin_t self:fifo_file rw_fifo_file_perms;
 allow sulogin_t self:unix_dgram_socket create_socket_perms;