From Debian package 0.2.20091117-2

* Allow iptables_t, insmod_t and mount_t to do module_request
* Allow ifconfig to load modules.

As of 0.2.20050124-1, iptables_t here is a duplicate.
ifconfig_t done upstream 1fa92b8a (2010-03-18), removed here 0.2.20100524-2
mount_t done upstream 4d8e9ffc (2010-12-21)
insmod_t done upstream 9fda512c (2011-02-06)

Index: policy/modules/system/modutils.te
===================================================================
--- policy/modules/system/modutils.te.orig
+++ policy/modules/system/modutils.te
@@ -20,6 +20,8 @@
 mls_file_write_all_levels(insmod_t)
 role system_r types insmod_t;
 
+kernel_request_load_module(insmod_t)
+
 # module loading config
 type modules_conf_t;
 files_type(modules_conf_t)
Index: policy/modules/system/mount.te
===================================================================
--- policy/modules/system/mount.te.orig
+++ policy/modules/system/mount.te
@@ -32,6 +32,7 @@
 type unconfined_mount_t;
 application_domain(unconfined_mount_t, mount_exec_t)
 
+kernel_request_load_module(mount_t)
 ########################################
 #
 # mount local policy
Index: policy/modules/system/iptables.te
===================================================================
--- policy/modules/system/iptables.te.orig
+++ policy/modules/system/iptables.te
@@ -27,6 +27,7 @@
 # Iptables local policy
 #
 
+kernel_request_load_module(iptables_t)
 allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
 dontaudit iptables_t self:capability sys_tty_config;
 allow iptables_t self:fifo_file rw_fifo_file_perms;