http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_domain.patch
Add search_dir_perms to domain search
Add interface to define domain_mmap_low_type So I can have the attribute
without the right. Then I can write the allow rule with a boolean.
Add attribute polydomain which can turn on and off
allow_polyinstatiation boolean.
Lots of global allows to prevent spurious avc messages.