update selinux-server-custom; add selinux-desktop-custom

sec-policy/selinux-server-custom/files/server-custom.fc

@@ -0,0 +1,4 @@
+# Portage related
+/usr/bin/eix    --      gen_context(system_u:object_r:portage_exec_t)
+/usr/bin/eix-sync       --      gen_context(system_u:object_r:portage_exec_t)
+/usr/lib/python-exec/python[0-9]\.[0-9]*/ebuild --      gen_context(system_u:object_r:portage_exec_t)

sec-policy/selinux-server-custom/files/server-custom.te

@@ -1,4 +1,4 @@
-policy_module(server-custom, 1.0.2)
+policy_module(server-custom, 1.0.3)
 
 gen_require(`
     type ping_t, rsync_t, nginx_t, syncthing_t;
@@ -90,8 +90,11 @@ logging_send_syslog_msg(tmpfiles_t)
 
 # type=AVC msg=audit(1535383674.057:1263): avc:  denied  { write } for  pid=19064 comm="ebuild.sh" name="fd" dev="proc" ino=1054984 scontext=staff_u:sysadm_r:portage_t:s0 tcontext=staff_u:sysadm_r:portage_t:s0 tclass=dir permissive=0
 allow portage_t self:dir write;
+kernel_mounton_proc(portage_t)
+kernel_mount_proc(portage_t)
 # type=AVC msg=audit(1536753503.662:7355): avc:  denied  { map } for  pid=19388 comm="eix-update" path="/var/lib/layman/musl/sys-apps/sandbox/sandbox-2.12.ebuild" dev="dm-0" ino=749977658 scontext=staff_u:sysadm_r:portage_t:s0 tcontext=system_u:object_r:portage_ebuild_t:s0 tclass=file permissive=0
 allow portage_t portage_ebuild_t:file map;
+allow portage_t cert_t:file map;
 
 #optional_policy(`
 #        nsd_admin(sysadm_t, sysadm_r)