Merge branch 'newrole_fixes' of git://github.com/cgzones/refpolicy

policy/modules/system/selinuxutil.te

@@ -222,6 +222,7 @@ optional_policy(`
 #
 
 allow newrole_t self:capability { dac_override fowner setgid setuid };
+dontaudit newrole_t self:capability net_admin;
 allow newrole_t self:process setexec;
 allow newrole_t self:fd use;
 allow newrole_t self:fifo_file rw_fifo_file_perms;
@@ -280,6 +281,7 @@ auth_use_nsswitch(newrole_t)
 auth_run_chk_passwd(newrole_t, newrole_roles)
 auth_run_upd_passwd(newrole_t, newrole_roles)
 auth_rw_faillog(newrole_t)
+auth_use_pam_systemd(newrole_t)
 
 # Write to utmp.
 init_rw_utmp(newrole_t)
@@ -328,6 +330,10 @@ tunable_policy(`allow_polyinstantiation',`
 	files_polyinstantiate_all(newrole_t)
 ')
 
+optional_policy(`
+	systemd_use_logind_fds(newrole_t)
+')
+
 ########################################
 #
 # Restorecond local policy