trunk: Misc fixes for unix_update from Brandon Whalen.

Changelog

@@ -1,3 +1,4 @@
+- Misc fixes for unix_update from Brandon Whalen.
 - Add x_device permissions for XI2 functions, from Eamon Walsh.
 - MLS constraints for the x_selection class, from Eamon Walsh.
 - Postgresql updates from KaiGai Kohei.

policy/modules/system/authlogin.te

@@ -1,5 +1,5 @@
 
-policy_module(authlogin, 2.0.1)
+policy_module(authlogin, 2.0.2)
 
 ########################################
 #
@@ -60,6 +60,7 @@ type updpwd_t;
 type updpwd_exec_t;
 domain_type(updpwd_t)
 domain_entry_file(updpwd_t,updpwd_exec_t)
+domain_obj_id_change_exemption(updpwd_t)
 role system_r types updpwd_t;
 
 type utempter_t;
@@ -309,6 +310,7 @@ optional_policy(`
 # updpwd local policy
 #
 
+allow updpwd_t self:capability { chown dac_override };
 allow updpwd_t self:process setfscreate;
 allow updpwd_t self:fifo_file rw_fifo_file_perms;
 allow updpwd_t self:unix_stream_socket create_stream_socket_perms;
@@ -316,6 +318,8 @@ allow updpwd_t self:unix_dgram_socket create_socket_perms;
 
 kernel_read_system_state(updpwd_t)
 
+dev_read_urand(updpwd_t)
+
 files_manage_etc_files(updpwd_t)
 
 term_dontaudit_use_console(updpwd_t)