diff --git a/.gitignore b/.gitignore
index 91580fb..1dc9872 100644
--- a/.gitignore
+++ b/.gitignore
@@ -231,3 +231,4 @@ serefpolicy*
 /serefpolicy-3.9.8.tgz
 /serefpolicy-3.9.9.tgz
 /serefpolicy-3.9.10.tgz
+/serefpolicy-3.9.11.tgz
diff --git a/policy-F15.patch b/policy-F15.patch
index 64e3f90..d8ca3b4 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -220,7 +220,7 @@ index 90d5203..1392679 100644
  ## </summary>
  ## <param name="domain">
 diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
-index 453834c..9d83d66 100644
+index a7c7971..d073f49 100644
 --- a/policy/modules/admin/alsa.te
 +++ b/policy/modules/admin/alsa.te
 @@ -11,7 +11,10 @@ init_system_domain(alsa_t, alsa_exec_t)
@@ -250,7 +250,7 @@ index 453834c..9d83d66 100644
  manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
  files_search_var_lib(alsa_t)
 diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
-index f76ed8a..9a9526a 100644
+index e81bdbd..63ab279 100644
 --- a/policy/modules/admin/anaconda.te
 +++ b/policy/modules/admin/anaconda.te
 @@ -30,6 +30,7 @@ modutils_domtrans_insmod(anaconda_t)
@@ -300,7 +300,7 @@ index 63eb96b..17a9f6d 100644
  ## <summary>
  ##	Execute bootloader interactively and do
 diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
-index 40c0192..1a0f72c 100644
+index d3da8f2..c171daf 100644
 --- a/policy/modules/admin/bootloader.te
 +++ b/policy/modules/admin/bootloader.te
 @@ -23,7 +23,7 @@ role system_r types bootloader_t;
@@ -346,7 +346,7 @@ index 2c2cdb6..73b3814 100644
 +        role $2 types brctl_t;
 +')
 diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
-index a2e9cb5..b2de42c 100644
+index 9de382b..682e78e 100644
 --- a/policy/modules/admin/certwatch.te
 +++ b/policy/modules/admin/certwatch.te
 @@ -31,11 +31,11 @@ auth_var_filetrans_cache(certwatch_t)
@@ -364,7 +364,7 @@ index a2e9cb5..b2de42c 100644
  optional_policy(`
  	apache_exec_modules(certwatch_t)
 diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
-index 66fee7d..1d231b8 100644
+index cd5e005..7f3f992 100644
 --- a/policy/modules/admin/consoletype.te
 +++ b/policy/modules/admin/consoletype.te
 @@ -79,16 +79,18 @@ optional_policy(`
@@ -459,7 +459,7 @@ index 8fa451c..bc5bfc4 100644
  ## </summary>
  ## <param name="domain">
 diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
-index 66e486e..bfda8e9 100644
+index c4d8998..6f193f8 100644
 --- a/policy/modules/admin/firstboot.te
 +++ b/policy/modules/admin/firstboot.te
 @@ -103,6 +103,10 @@ optional_policy(`
@@ -511,7 +511,7 @@ index 4198ff5..df3f4d6 100644
  ## <summary>
  ##	Manage kdump configuration file.
 diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
-index 7390b15..a46b249 100644
+index 7090dae..a874b65 100644
 --- a/policy/modules/admin/logrotate.te
 +++ b/policy/modules/admin/logrotate.te
 @@ -119,14 +119,20 @@ seutil_dontaudit_read_config(logrotate_t)
@@ -618,10 +618,10 @@ index 56c43c0..de535e4 100644
 +/var/run/mcelog-client  -s 	gen_context(system_u:object_r:mcelog_var_run_t,s0)
 +
 diff --git a/policy/modules/admin/mcelog.te b/policy/modules/admin/mcelog.te
-index 5a9cebf..ef413f2 100644
+index 5671977..7b4728c 100644
 --- a/policy/modules/admin/mcelog.te
 +++ b/policy/modules/admin/mcelog.te
-@@ -7,9 +7,13 @@ policy_module(mcelog, 1.0.1)
+@@ -7,9 +7,13 @@ policy_module(mcelog, 1.1.0)
  
  type mcelog_t;
  type mcelog_exec_t;
@@ -900,7 +900,7 @@ index c6ca761..46e0767 100644
  ')
  
 diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
-index 6a53a18..1bc14ea 100644
+index e0791b9..c083ea8 100644
 --- a/policy/modules/admin/netutils.te
 +++ b/policy/modules/admin/netutils.te
 @@ -48,6 +48,8 @@ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
@@ -1008,7 +1008,7 @@ index c633aea..b773bc3 100644
  type portage_cache_t;
  files_type(portage_cache_t)
 diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
-index aa0dcc6..0faba2a 100644
+index af55369..7d2fcff 100644
 --- a/policy/modules/admin/prelink.te
 +++ b/policy/modules/admin/prelink.te
 @@ -59,10 +59,11 @@ manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@@ -1129,7 +1129,7 @@ index 47c4723..4866a08 100644
 +	domtrans_pattern($1, readahead_exec_t, readahead_t)
 +')
 diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
-index 2df2f1d..c1aaa79 100644
+index b4ac57e..8fa8451 100644
 --- a/policy/modules/admin/readahead.te
 +++ b/policy/modules/admin/readahead.te
 @@ -53,6 +53,7 @@ domain_read_all_domains_state(readahead_t)
@@ -1347,11 +1347,11 @@ index d33daa8..e50a5ed 100644
 +	allow rpm_script_t $1:process sigchld;
 +')
 diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
-index 542b820..0b1760d 100644
+index 47a8f7d..31f474e 100644
 --- a/policy/modules/admin/rpm.te
 +++ b/policy/modules/admin/rpm.te
 @@ -1,10 +1,11 @@
- policy_module(rpm, 1.11.2)
+ policy_module(rpm, 1.12.0)
  
 +attribute rpm_transition_domain;
 +
@@ -1563,7 +1563,7 @@ index 0948921..f198119 100644
  	admin_pattern($1, shorewall_tmp_t)
  ')
 diff --git a/policy/modules/admin/shorewall.te b/policy/modules/admin/shorewall.te
-index a22e546..ffc0571 100644
+index c17b6a6..d412305 100644
 --- a/policy/modules/admin/shorewall.te
 +++ b/policy/modules/admin/shorewall.te
 @@ -58,6 +58,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
@@ -1684,10 +1684,10 @@ index d0604cf..679d61c 100644
  ## </summary>
  ## <param name="domain">
 diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te
-index 3863241..344a158 100644
+index 8966ec9..80939b0 100644
 --- a/policy/modules/admin/shutdown.te
 +++ b/policy/modules/admin/shutdown.te
-@@ -7,6 +7,7 @@ policy_module(shutdown, 1.0.1)
+@@ -7,6 +7,7 @@ policy_module(shutdown, 1.1.0)
  
  type shutdown_t;
  type shutdown_exec_t;
@@ -1724,7 +1724,7 @@ index 3863241..344a158 100644
  	xserver_dontaudit_write_log(shutdown_t)
  ')
 diff --git a/policy/modules/admin/smoltclient.te b/policy/modules/admin/smoltclient.te
-index f48e9dd..b72049a 100644
+index bc00875..3c1b37b 100644
 --- a/policy/modules/admin/smoltclient.te
 +++ b/policy/modules/admin/smoltclient.te
 @@ -46,6 +46,7 @@ fs_list_auto_mountpoints(smoltclient_t)
@@ -1833,7 +1833,7 @@ index 975af1a..30a7f38 100644
  		fs_manage_nfs_files($1_sudo_t)
  	')
 diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
-index 91944a8..d1c11b9 100644
+index 7aacfc2..9829fc3 100644
 --- a/policy/modules/admin/sudo.te
 +++ b/policy/modules/admin/sudo.te
 @@ -7,3 +7,7 @@ attribute sudodomain;
@@ -1894,7 +1894,7 @@ index 6a5004b..c59c3cd 100644
  ')
  
 diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te
-index 332ba93..e6d3bd9 100644
+index d0f2a64..7df0825 100644
 --- a/policy/modules/admin/tzdata.te
 +++ b/policy/modules/admin/tzdata.te
 @@ -15,7 +15,7 @@ application_domain(tzdata_t, tzdata_exec_t)
@@ -1921,7 +1921,7 @@ index 81fb26f..cd18ca8 100644
  
  	optional_policy(`
 diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
-index 65f8143..16a8510 100644
+index 441cf22..e1b55f8 100644
 --- a/policy/modules/admin/usermanage.te
 +++ b/policy/modules/admin/usermanage.te
 @@ -88,9 +88,7 @@ fs_search_auto_mountpoints(chfn_t)
@@ -1990,7 +1990,7 @@ index 65f8143..16a8510 100644
  mta_manage_spool(useradd_t)
  
 diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
-index a870982..6067b85 100644
+index ebf4b26..c7cb8c5 100644
 --- a/policy/modules/admin/vpn.te
 +++ b/policy/modules/admin/vpn.te
 @@ -106,7 +106,8 @@ sysnet_etc_filetrans_config(vpnc_t)
@@ -2235,7 +2235,7 @@ index 0000000..0852151
 +	fs_dontaudit_append_cifs_files(chrome_sandbox_t)
 +')
 diff --git a/policy/modules/apps/cpufreqselector.te b/policy/modules/apps/cpufreqselector.te
-index 7fd0900..899e234 100644
+index 0457de1..f702cfe 100644
 --- a/policy/modules/apps/cpufreqselector.te
 +++ b/policy/modules/apps/cpufreqselector.te
 @@ -27,7 +27,7 @@ dev_rw_sysfs(cpufreqselector_t)
@@ -3210,10 +3210,10 @@ index f5afe78..2c8f94a 100644
 +	allow gconfdefaultsm_t $1:dbus send_msg;
 +')
 diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
-index 35f7486..26852d2 100644
+index 2505654..c1f491f 100644
 --- a/policy/modules/apps/gnome.te
 +++ b/policy/modules/apps/gnome.te
-@@ -6,11 +6,24 @@ policy_module(gnome, 2.0.1)
+@@ -6,11 +6,24 @@ policy_module(gnome, 2.1.0)
  #
  
  attribute gnomedomain;
@@ -3421,10 +3421,10 @@ index 40e0a2a..13d939a 100644
  ## <summary>
  ##	Send generic signals to user gpg processes.
 diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
-index 4525c37..e9a7937 100644
+index 9050e8c..8af881a 100644
 --- a/policy/modules/apps/gpg.te
 +++ b/policy/modules/apps/gpg.te
-@@ -4,6 +4,7 @@ policy_module(gpg, 2.3.1)
+@@ -4,6 +4,7 @@ policy_module(gpg, 2.4.0)
  #
  # Declarations
  #
@@ -3432,7 +3432,7 @@ index 4525c37..e9a7937 100644
  
  ## <desc>
  ## <p>
-@@ -13,7 +14,15 @@ policy_module(gpg, 2.3.1)
+@@ -13,7 +14,15 @@ policy_module(gpg, 2.4.0)
  ## </desc>
  gen_tunable(gpg_agent_env_file, false)
  
@@ -3808,7 +3808,7 @@ index e6d84e8..b027189 100644
  
  ########################################
 diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
-index 726e853..90ce46a 100644
+index 167950d..97853ff 100644
 --- a/policy/modules/apps/java.te
 +++ b/policy/modules/apps/java.te
 @@ -82,12 +82,12 @@ dev_read_urand(java_t)
@@ -4219,10 +4219,10 @@ index 9a6d67d..b0c1197 100644
  ##	mozilla over dbus.
  ## </summary>
 diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index cbf4bec..e3517da 100644
+index 2a91fa8..451a1c0 100644
 --- a/policy/modules/apps/mozilla.te
 +++ b/policy/modules/apps/mozilla.te
-@@ -7,7 +7,7 @@ policy_module(mozilla, 2.2.2)
+@@ -7,7 +7,7 @@ policy_module(mozilla, 2.3.0)
  
  ## <desc>
  ## <p>
@@ -4496,7 +4496,7 @@ index d8ea41d..8bdc526 100644
 +	domtrans_pattern($1, mplayer_exec_t, $2)
 +')
 diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
-index 815a467..192d54e 100644
+index 931304b..e8c6795 100644
 --- a/policy/modules/apps/mplayer.te
 +++ b/policy/modules/apps/mplayer.te
 @@ -32,6 +32,7 @@ files_config_file(mplayer_etc_t)
@@ -5524,7 +5524,7 @@ index 0000000..a842371
 +#
 +
 diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
-index 690589e..815d35d 100644
+index a2f6124..9d62060 100644
 --- a/policy/modules/apps/podsleuth.te
 +++ b/policy/modules/apps/podsleuth.te
 @@ -27,7 +27,7 @@ ubac_constrained(podsleuth_tmpfs_t)
@@ -5585,7 +5585,7 @@ index 2ba7787..9f12b51 100644
  ')
  
 diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te
-index 5c2680c..db96581 100644
+index c2d20a2..1773e24 100644
 --- a/policy/modules/apps/pulseaudio.te
 +++ b/policy/modules/apps/pulseaudio.te
 @@ -44,6 +44,7 @@ allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -5780,7 +5780,7 @@ index c1d5f50..989f88c 100644
 +
 +
 diff --git a/policy/modules/apps/qemu.te b/policy/modules/apps/qemu.te
-index a3225d4..bc10481 100644
+index 5ef2f7d..5a13201 100644
 --- a/policy/modules/apps/qemu.te
 +++ b/policy/modules/apps/qemu.te
 @@ -21,7 +21,7 @@ gen_tunable(qemu_use_cifs, true)
@@ -6856,7 +6856,7 @@ index 7590165..e5ef7b3 100644
  ')
 +
 diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
-index e9134f0..3d2ef30 100644
+index e43c380..410027f 100644
 --- a/policy/modules/apps/slocate.te
 +++ b/policy/modules/apps/slocate.te
 @@ -38,6 +38,7 @@ dev_getattr_all_blk_files(locate_t)
@@ -7484,10 +7484,10 @@ index ced285a..2e50976 100644
 +	')
 +')
 diff --git a/policy/modules/apps/userhelper.te b/policy/modules/apps/userhelper.te
-index d584dff..b46a20e 100644
+index 13b2cea..45731eb 100644
 --- a/policy/modules/apps/userhelper.te
 +++ b/policy/modules/apps/userhelper.te
-@@ -6,9 +6,61 @@ policy_module(userhelper, 1.5.1)
+@@ -6,9 +6,61 @@ policy_module(userhelper, 1.6.0)
  #
  
  attribute userhelper_type;
@@ -7561,7 +7561,7 @@ index 5872ea2..028c994 100644
  /var/run/vmnat.* 		-s	gen_context(system_u:object_r:vmware_var_run_t,s0)
  /var/run/vmware.* 			gen_context(system_u:object_r:vmware_var_run_t,s0)
 diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
-index 1f803bb..4bdcbe3 100644
+index c76ceb2..d7df452 100644
 --- a/policy/modules/apps/vmware.te
 +++ b/policy/modules/apps/vmware.te
 @@ -126,6 +126,7 @@ dev_getattr_all_blk_files(vmware_host_t)
@@ -7708,7 +7708,7 @@ index 0440b4c..4b055c1 100644
 +	allow $1 wine_t:shm rw_shm_perms;
 +')
 diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
-index f9a123a..277543a 100644
+index 953cb28..646620a 100644
 --- a/policy/modules/apps/wine.te
 +++ b/policy/modules/apps/wine.te
 @@ -51,7 +51,11 @@ optional_policy(`
@@ -7725,7 +7725,7 @@ index f9a123a..277543a 100644
  
  optional_policy(`
 diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
-index d4e9877..ebb6ca4 100644
+index 8bfe97d..6bba1a8 100644
 --- a/policy/modules/apps/wireshark.te
 +++ b/policy/modules/apps/wireshark.te
 @@ -15,6 +15,7 @@ ubac_constrained(wireshark_t)
@@ -7915,7 +7915,7 @@ index b06df19..c0763c2 100644
  ## </summary>
  ## <param name="domain">
 diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 36ba519..e2d8b49 100644
+index edefaf3..e00278f 100644
 --- a/policy/modules/kernel/corenetwork.te.in
 +++ b/policy/modules/kernel/corenetwork.te.in
 @@ -15,6 +15,7 @@ attribute rpc_port_type;
@@ -8501,7 +8501,7 @@ index 15a7bef..ee7727f 100644
  
  ########################################
 diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
-index ae138bb..95f6137 100644
+index 41f892f..cab1bfc 100644
 --- a/policy/modules/kernel/devices.te
 +++ b/policy/modules/kernel/devices.te
 @@ -102,6 +102,7 @@ dev_node(ksm_device_t)
@@ -8591,10 +8591,10 @@ index aad8c52..0d8458a 100644
 +	dontaudit $1 domain:socket_class_set { read write };
 +')
 diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
-index 099f57f..5843cad 100644
+index bc534c1..778d512 100644
 --- a/policy/modules/kernel/domain.te
 +++ b/policy/modules/kernel/domain.te
-@@ -4,6 +4,21 @@ policy_module(domain, 1.8.1)
+@@ -4,6 +4,21 @@ policy_module(domain, 1.9.0)
  #
  # Declarations
  #
@@ -9892,7 +9892,7 @@ index ed203b2..bfb7926 100644
 +	allow $1 file_type:kernel_service create_files_as;
 +')
 diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
-index ba9529a..cd45491 100644
+index e8a6b1d..fd53860 100644
 --- a/policy/modules/kernel/files.te
 +++ b/policy/modules/kernel/files.te
 @@ -11,6 +11,7 @@ attribute lockfile;
@@ -10468,7 +10468,7 @@ index dfe361a..496954e 100644
 +')
 +
 diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
-index 6d21b3d..255b47a 100644
+index e49c148..995fade 100644
 --- a/policy/modules/kernel/filesystem.te
 +++ b/policy/modules/kernel/filesystem.te
 @@ -52,6 +52,7 @@ type anon_inodefs_t;
@@ -10669,7 +10669,7 @@ index b4ad6d7..67e89f0 100644
 +')
 +
 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 25a817f..7426f2a 100644
+index 9e2e6d7..08e82d9 100644
 --- a/policy/modules/kernel/kernel.te
 +++ b/policy/modules/kernel/kernel.te
 @@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@@ -11048,7 +11048,7 @@ index 492bf76..525563a 100644
 +        allow $1 virtio_device_t:chr_file rw_chr_file_perms;
 +')
 diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
-index 646bbcf..49d77df 100644
+index e004757..b5be387 100644
 --- a/policy/modules/kernel/terminal.te
 +++ b/policy/modules/kernel/terminal.te
 @@ -29,6 +29,7 @@ files_mountpoint(devpts_t)
@@ -11093,7 +11093,7 @@ index 0000000..e1ebd1a
 +
 +corenet_enable_unlabeled_packets()
 diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te
-index b0d5b27..a96f2e6 100644
+index 0faef68..46c58bd 100644
 --- a/policy/modules/roles/auditadm.te
 +++ b/policy/modules/roles/auditadm.te
 @@ -28,10 +28,13 @@ logging_manage_audit_log(auditadm_t)
@@ -11131,7 +11131,7 @@ index 1875064..e9c9277 100644
 +	sudo_role_template(dbadm, dbadm_r, dbadm_t)
 +')
 diff --git a/policy/modules/roles/guest.te b/policy/modules/roles/guest.te
-index 531c616..f332441 100644
+index 1cb7311..1de82b2 100644
 --- a/policy/modules/roles/guest.te
 +++ b/policy/modules/roles/guest.te
 @@ -9,9 +9,15 @@ role guest_r;
@@ -11152,7 +11152,7 @@ index 531c616..f332441 100644
 +
 +gen_user(guest_u, user, guest_r, s0, s0)
 diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
-index 5a3d720..924baee 100644
+index be4de58..cce681a 100644
 --- a/policy/modules/roles/secadm.te
 +++ b/policy/modules/roles/secadm.te
 @@ -9,6 +9,8 @@ role secadm_r;
@@ -11165,10 +11165,10 @@ index 5a3d720..924baee 100644
  ########################################
  #
 diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index d62886d..2e8ae26 100644
+index 2be17d2..96d3fbf 100644
 --- a/policy/modules/roles/staff.te
 +++ b/policy/modules/roles/staff.te
-@@ -8,12 +8,48 @@ policy_module(staff, 2.1.4)
+@@ -8,12 +8,48 @@ policy_module(staff, 2.2.0)
  role staff_r;
  
  userdom_unpriv_user_template(staff)
@@ -11336,7 +11336,7 @@ index d62886d..2e8ae26 100644
  	')
  
 diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
-index d5e88be..fd670dd 100644
+index 1ae9a94..27404e7 100644
 --- a/policy/modules/roles/sysadm.te
 +++ b/policy/modules/roles/sysadm.te
 @@ -24,20 +24,41 @@ ifndef(`enable_mls',`
@@ -12857,7 +12857,7 @@ index 0000000..7d5de28
 +
 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
-index 606a257..aa3da20 100644
+index 1e0753e..4ae4116 100644
 --- a/policy/modules/roles/unprivuser.te
 +++ b/policy/modules/roles/unprivuser.te
 @@ -12,15 +12,51 @@ role user_r;
@@ -13222,10 +13222,10 @@ index 0b827c5..8961dba 100644
  	admin_pattern($1, abrt_tmp_t)
  ')
 diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
-index 98646c4..5fdea83 100644
+index 30861ec..7065b02 100644
 --- a/policy/modules/services/abrt.te
 +++ b/policy/modules/services/abrt.te
-@@ -5,6 +5,14 @@ policy_module(abrt, 1.1.1)
+@@ -5,6 +5,14 @@ policy_module(abrt, 1.2.0)
  # Declarations
  #
  
@@ -13459,7 +13459,7 @@ index 8559cdc..49c0cc8 100644
  	# Allow afs_admin to restart the afs service
  	afs_initrc_domtrans($1)
 diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te
-index de8b791..7e2cdf2 100644
+index a496fde..847609a 100644
 --- a/policy/modules/services/afs.te
 +++ b/policy/modules/services/afs.te
 @@ -107,6 +107,10 @@ miscfiles_read_localization(afs_t)
@@ -15463,7 +15463,7 @@ index 08dfa0c..b02e348 100644
 +	userdom_read_user_home_content_files(httpd_user_script_t)
  ')
 diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te
-index 3b7d9eb..6a7073b 100644
+index d052bf0..8478eca 100644
 --- a/policy/modules/services/apcupsd.te
 +++ b/policy/modules/services/apcupsd.te
 @@ -94,6 +94,10 @@ optional_policy(`
@@ -15653,7 +15653,7 @@ index 61c74bc..c6b0498 100644
  	allow avahi_t $1:dbus send_msg;
  ')
 diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
-index fd64068..647fff8 100644
+index a7a0e71..15686e9 100644
 --- a/policy/modules/services/avahi.te
 +++ b/policy/modules/services/avahi.te
 @@ -46,6 +46,7 @@ files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file })
@@ -15823,7 +15823,7 @@ index 4deca04..42aa033 100644
  
  optional_policy(`
 diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te
-index 5f239ca..29de096 100644
+index f4e7ad3..6591639 100644
 --- a/policy/modules/services/bitlbee.te
 +++ b/policy/modules/services/bitlbee.te
 @@ -28,7 +28,7 @@ files_type(bitlbee_var_t)
@@ -16704,7 +16704,7 @@ index 0000000..575c16e
 +
 +init_sigchld_script(cachefiles_kernel_t)
 diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te
-index a0dfd2f..d60e2bf 100644
+index 1d25efe..1b16191 100644
 --- a/policy/modules/services/canna.te
 +++ b/policy/modules/services/canna.te
 @@ -34,7 +34,7 @@ allow canna_t self:unix_dgram_socket create_stream_socket_perms;
@@ -16821,7 +16821,7 @@ index fa62787..ffd0da5 100644
  	admin_pattern($1, certmaster_etc_rw_t)
  
 diff --git a/policy/modules/services/certmaster.te b/policy/modules/services/certmaster.te
-index 73f03ff..d5c4c94 100644
+index 3384132..daef4e1 100644
 --- a/policy/modules/services/certmaster.te
 +++ b/policy/modules/services/certmaster.te
 @@ -43,23 +43,23 @@ files_var_lib_filetrans(certmaster_t, certmaster_var_lib_t, { file dir })
@@ -16881,7 +16881,7 @@ index 7a6e5ba..d664be8 100644
  	admin_pattern($1, certmonger_var_run_t)
  ')
 diff --git a/policy/modules/services/certmonger.te b/policy/modules/services/certmonger.te
-index 1a65b5e..ec0594e 100644
+index c3e3f79..23c4087 100644
 --- a/policy/modules/services/certmonger.te
 +++ b/policy/modules/services/certmonger.te
 @@ -23,7 +23,8 @@ files_type(certmonger_var_lib_t)
@@ -17285,11 +17285,11 @@ index 1f11572..7f6a7ab 100644
  	')
  
 diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
-index 8c36027..28863a5 100644
+index f758323..f1571f1 100644
 --- a/policy/modules/services/clamav.te
 +++ b/policy/modules/services/clamav.te
 @@ -1,9 +1,9 @@
- policy_module(clamav, 1.8.1)
+ policy_module(clamav, 1.9.0)
  
  ## <desc>
 -## <p>
@@ -18417,7 +18417,7 @@ index 9971337..f081899 100644
  ')
  
 diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
-index 37f4810..cc93958 100644
+index 2802dbb..5d323df 100644
 --- a/policy/modules/services/courier.te
 +++ b/policy/modules/services/courier.te
 @@ -93,7 +93,7 @@ allow courier_pop_t courier_authdaemon_t:process sigchld;
@@ -19650,7 +19650,7 @@ index 0d5711c..3874025 100644
 +	delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
 +')
 diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
-index 9ce6713..ea78dc1 100644
+index 98e5af6..61bb74a 100644
 --- a/policy/modules/services/dbus.te
 +++ b/policy/modules/services/dbus.te
 @@ -74,9 +74,10 @@ files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
@@ -19717,7 +19717,7 @@ index 784753e..bf65e7d 100644
  	stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
  ')
 diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
-index 8bab059..284a888 100644
+index ec19ff4..d110456 100644
 --- a/policy/modules/services/dcc.te
 +++ b/policy/modules/services/dcc.te
 @@ -36,7 +36,7 @@ type dcc_var_t;
@@ -20919,7 +20919,7 @@ index 0000000..01c3755
 +	snmp_stream_connect(dirsrv_snmp_t)
 +')
 diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
-index 0c6a473..51e2ce8 100644
+index 03b5286..fcafa0b 100644
 --- a/policy/modules/services/djbdns.te
 +++ b/policy/modules/services/djbdns.te
 @@ -23,9 +23,6 @@ djbdns_daemontools_domain_template(tinydns)
@@ -23199,7 +23199,7 @@ index 87b4531..db2d189 100644
 +	files_list_etc($1)
  ')
 diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te
-index 267bb4c..1647fc4 100644
+index c234b32..a7b6bf7 100644
 --- a/policy/modules/services/hddtemp.te
 +++ b/policy/modules/services/hddtemp.te
 @@ -46,4 +46,3 @@ storage_raw_read_fixed_disk(hddtemp_t)
@@ -23252,10 +23252,10 @@ index ecab47a..40affd8 100644
 -
  ')
 diff --git a/policy/modules/services/icecast.te b/policy/modules/services/icecast.te
-index f368bf3..d43b779 100644
+index fdb7e9a..1c02a45 100644
 --- a/policy/modules/services/icecast.te
 +++ b/policy/modules/services/icecast.te
-@@ -5,6 +5,14 @@ policy_module(icecast, 1.0.1)
+@@ -5,6 +5,14 @@ policy_module(icecast, 1.1.0)
  # Declarations
  #
  
@@ -24275,7 +24275,7 @@ index 771e04b..81d98b3 100644
  	manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
  	files_pid_filetrans($1_t, $1_var_run_t, file)
 diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te
-index ae9d49f..931d2f5 100644
+index 3acbf1d..ef07a0e 100644
 --- a/policy/modules/services/likewise.te
 +++ b/policy/modules/services/likewise.te
 @@ -17,7 +17,7 @@ type likewise_var_lib_t;
@@ -24657,10 +24657,10 @@ index ed1af3c..40b5f0e 100644
 +	delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
 +')
 diff --git a/policy/modules/services/milter.te b/policy/modules/services/milter.te
-index 1b6dea0..b90c727 100644
+index 47e3612..98801a7 100644
 --- a/policy/modules/services/milter.te
 +++ b/policy/modules/services/milter.te
-@@ -9,6 +9,13 @@ policy_module(milter, 1.2.1)
+@@ -9,6 +9,13 @@ policy_module(milter, 1.3.0)
  attribute milter_domains;
  attribute milter_data_type;
  
@@ -26616,7 +26616,7 @@ index 8581040..cfcdf10 100644
  
  	allow $1 nagios_t:process { ptrace signal_perms };
 diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
-index da5b33d..8b56967 100644
+index bf64a4c..55b3ce7 100644
 --- a/policy/modules/services/nagios.te
 +++ b/policy/modules/services/nagios.te
 @@ -107,13 +107,11 @@ files_read_etc_files(nagios_t)
@@ -27309,7 +27309,7 @@ index 23c769c..be5a5b4 100644
 +	admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
  ')
 diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te
-index 34eee5f..a9f19d8 100644
+index 4e28d58..01faaef 100644
 --- a/policy/modules/services/nslcd.te
 +++ b/policy/modules/services/nslcd.te
 @@ -16,7 +16,7 @@ type nslcd_var_run_t;
@@ -27633,7 +27633,7 @@ index bb4fae5..b1b5e51 100644
 +	admin_pattern($1, oidentd_config_t)
 +')
 diff --git a/policy/modules/services/oident.te b/policy/modules/services/oident.te
-index f0da874..18f8a8c 100644
+index 8845174..98f541f 100644
 --- a/policy/modules/services/oident.te
 +++ b/policy/modules/services/oident.te
 @@ -26,10 +26,10 @@ files_config_file(oidentd_config_t)
@@ -28022,10 +28022,10 @@ index 1c2a091..ea5ae69 100644
  #
  interface(`pcscd_domtrans',`
 diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
-index 3116191..df751a6 100644
+index ceafba6..eca6852 100644
 --- a/policy/modules/services/pcscd.te
 +++ b/policy/modules/services/pcscd.te
-@@ -7,7 +7,6 @@ policy_module(pcscd, 1.6.1)
+@@ -7,7 +7,6 @@ policy_module(pcscd, 1.7.0)
  
  type pcscd_t;
  type pcscd_exec_t;
@@ -29228,7 +29228,7 @@ index 4313a6f..1d9fa76 100644
  /sbin/portreserve		--	gen_context(system_u:object_r:portreserve_exec_t,s0)
  
 diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te
-index 0b1f471..075a550 100644
+index 152af92..1594066 100644
 --- a/policy/modules/services/portreserve.te
 +++ b/policy/modules/services/portreserve.te
 @@ -13,7 +13,7 @@ type portreserve_initrc_exec_t;
@@ -30011,7 +30011,7 @@ index 539a7c9..4782bdb 100644
  
  	postgresql_tcp_connect($1)
 diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
-index 39abf57..b4101fa 100644
+index 4b18978..1ab2e1d 100644
 --- a/policy/modules/services/postgresql.te
 +++ b/policy/modules/services/postgresql.te
 @@ -15,16 +15,16 @@ gen_require(`
@@ -30354,7 +30354,7 @@ index 2316653..77ef768 100644
 +	admin_pattern($1, prelude_lml_tmp_t)
  ')
 diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te
-index 7e84587..febda2f 100644
+index b1bc02c..8f0b07e 100644
 --- a/policy/modules/services/prelude.te
 +++ b/policy/modules/services/prelude.te
 @@ -35,7 +35,6 @@ files_pid_file(prelude_audisp_var_run_t)
@@ -30391,10 +30391,10 @@ index 7e84587..febda2f 100644
  
  dev_read_rand(prelude_lml_t)
 diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
-index 6f1b2c3..3f1a3fe 100644
+index 2dbf4d4..abb4475 100644
 --- a/policy/modules/services/privoxy.te
 +++ b/policy/modules/services/privoxy.te
-@@ -6,10 +6,10 @@ policy_module(privoxy, 1.10.1)
+@@ -6,10 +6,10 @@ policy_module(privoxy, 1.11.0)
  #
  
  ## <desc>
@@ -31556,10 +31556,10 @@ index f04a595..3203212 100644
 +	read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
 +')
 diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te
-index 340a6c0..f24c52e 100644
+index 852840b..1244ab2 100644
 --- a/policy/modules/services/razor.te
 +++ b/policy/modules/services/razor.te
-@@ -5,118 +5,139 @@ policy_module(razor, 2.1.1)
+@@ -5,118 +5,139 @@ policy_module(razor, 2.2.0)
  # Declarations
  #
  
@@ -34256,7 +34256,7 @@ index 4804f14..6f49778 100644
  term_dontaudit_search_ptys(fsdaemon_t)
  
 diff --git a/policy/modules/services/smokeping.te b/policy/modules/services/smokeping.te
-index 688fbd0..5873bce 100644
+index 740994a..a92ba26 100644
 --- a/policy/modules/services/smokeping.te
 +++ b/policy/modules/services/smokeping.te
 @@ -23,7 +23,7 @@ files_type(smokeping_var_lib_t)
@@ -34452,7 +34452,7 @@ index c117e8b..88ebedb 100644
 +	files_list_pids($1)
  ')
 diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
-index d7f4bd4..012723c 100644
+index 179bc1b..735c400 100644
 --- a/policy/modules/services/snort.te
 +++ b/policy/modules/services/snort.te
 @@ -32,17 +32,17 @@ files_pid_file(snort_var_run_t)
@@ -34699,10 +34699,10 @@ index c954f31..7f57f22 100644
 +	admin_pattern($1, spamd_var_run_t)
  ')
 diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
-index 9d40380..56e4c2e 100644
+index ec1eb1e..9948efa 100644
 --- a/policy/modules/services/spamassassin.te
 +++ b/policy/modules/services/spamassassin.te
-@@ -6,54 +6,93 @@ policy_module(spamassassin, 2.3.1)
+@@ -6,54 +6,93 @@ policy_module(spamassassin, 2.4.0)
  #
  
  ## <desc>
@@ -35956,10 +35956,10 @@ index 6073656..eaf49b2 100644
  	allow $1 stunnel_t:tcp_socket rw_socket_perms;
  ')
 diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
-index 7ecb27b..296e5ba 100644
+index f646c66..b8eec46 100644
 --- a/policy/modules/services/stunnel.te
 +++ b/policy/modules/services/stunnel.te
-@@ -6,17 +6,7 @@ policy_module(stunnel, 1.9.1)
+@@ -6,17 +6,7 @@ policy_module(stunnel, 1.10.0)
  #
  
  type stunnel_t;
@@ -36372,7 +36372,7 @@ index 904f13e..464347f 100644
  
  	init_labeled_script_domtrans($1, tor_initrc_exec_t)
 diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
-index f793912..8e58d40 100644
+index c842cad..fe5deee 100644
 --- a/policy/modules/services/tor.te
 +++ b/policy/modules/services/tor.te
 @@ -42,6 +42,7 @@ files_pid_file(tor_var_run_t)
@@ -36510,7 +36510,7 @@ index 831b4a3..a206464 100644
  
  /var/log/ulogd(/.*)?			gen_context(system_u:object_r:ulogd_var_log_t,s0)
 diff --git a/policy/modules/services/ulogd.te b/policy/modules/services/ulogd.te
-index 00aa99e..5f1ad7d 100644
+index 3b953f5..70f687a 100644
 --- a/policy/modules/services/ulogd.te
 +++ b/policy/modules/services/ulogd.te
 @@ -11,7 +11,7 @@ init_daemon_domain(ulogd_t, ulogd_exec_t)
@@ -36551,7 +36551,7 @@ index c2cf97e..037a1e8 100644
  allow uptimed_t uptimed_etc_t:file read_file_perms;
  files_search_etc(uptimed_t)
 diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
-index 9001230..7ff3ef8 100644
+index d4349e9..d9dbcc2 100644
 --- a/policy/modules/services/uucp.te
 +++ b/policy/modules/services/uucp.te
 @@ -125,6 +125,8 @@ optional_policy(`
@@ -36564,10 +36564,10 @@ index 9001230..7ff3ef8 100644
  uucp_manage_spool(uux_t)
  
 diff --git a/policy/modules/services/varnishd.te b/policy/modules/services/varnishd.te
-index e385c83..10710fd 100644
+index f9310f3..064171e 100644
 --- a/policy/modules/services/varnishd.te
 +++ b/policy/modules/services/varnishd.te
-@@ -6,10 +6,10 @@ policy_module(varnishd, 1.1.1)
+@@ -6,10 +6,10 @@ policy_module(varnishd, 1.2.0)
  #
  
  ## <desc>
@@ -39108,7 +39108,7 @@ index da2601a..6b12229 100644
 +	manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
 +')
 diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index e226da4..1ada171 100644
+index 145fc4b..6b4d8c9 100644
 --- a/policy/modules/services/xserver.te
 +++ b/policy/modules/services/xserver.te
 @@ -26,27 +26,50 @@ gen_require(`
@@ -40220,7 +40220,7 @@ index d77e631..4776863 100644
  #
  interface(`zabbix_append_log',`
 diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te
-index b8dd21a..20d7cde 100644
+index c26ecf5..b906c48 100644
 --- a/policy/modules/services/zabbix.te
 +++ b/policy/modules/services/zabbix.te
 @@ -26,11 +26,11 @@ files_pid_file(zabbix_var_run_t)
@@ -40561,10 +40561,10 @@ index 6b87605..347f754 100644
  
  	allow $1 zebra_t:process { ptrace signal_perms };
 diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te
-index c349adc..a4855b1 100644
+index ade6c2c..2b78f0d 100644
 --- a/policy/modules/services/zebra.te
 +++ b/policy/modules/services/zebra.te
-@@ -6,11 +6,10 @@ policy_module(zebra, 1.11.1)
+@@ -6,11 +6,10 @@ policy_module(zebra, 1.12.0)
  #
  
  ## <desc>
@@ -41463,7 +41463,7 @@ index 408f4e6..55c2d03 100644
  auth_rw_login_records(getty_t)
  
 diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
-index 1fcd657..52063bc 100644
+index c310775..d5fc685 100644
 --- a/policy/modules/system/hostname.te
 +++ b/policy/modules/system/hostname.te
 @@ -28,15 +28,18 @@ dev_read_sysfs(hostname_t)
@@ -42005,7 +42005,7 @@ index df3fa64..473d2b4 100644
 +	allow $1 init_t:unix_dgram_socket sendto;
 +')
 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index 8a105fd..2be1d2a 100644
+index 2fbb25a..2cba7c4 100644
 --- a/policy/modules/system/init.te
 +++ b/policy/modules/system/init.te
 @@ -16,6 +16,27 @@ gen_require(`
@@ -43936,7 +43936,7 @@ index c7cfb62..620e0a4 100644
  	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
  	domain_system_change_exemption($1)
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index aa2b0a6..304fbba 100644
+index 9b5a9ed..2b30dd6 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
 @@ -55,11 +55,12 @@ type klogd_var_run_t;
@@ -44296,10 +44296,10 @@ index 926ba65..1dfa62a 100644
  ##	transfer services.
  ## </summary>
 diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
-index 2cb10d4..6c33b3b 100644
+index 703944c..1d3a6a9 100644
 --- a/policy/modules/system/miscfiles.te
 +++ b/policy/modules/system/miscfiles.te
-@@ -4,7 +4,6 @@ policy_module(miscfiles, 1.8.2)
+@@ -4,7 +4,6 @@ policy_module(miscfiles, 1.9.0)
  #
  # Declarations
  #
@@ -44710,7 +44710,7 @@ index 8b5c196..b195f9d 100644
 +    role $2 types showmount_t;
  ')
 diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
-index 6fe8471..21de81b 100644
+index 1899313..c6b6821 100644
 --- a/policy/modules/system/mount.te
 +++ b/policy/modules/system/mount.te
 @@ -17,8 +17,15 @@ type mount_exec_t;
@@ -45945,7 +45945,7 @@ index ff5d72d..9cd171a 100644
 +	unconfined_domain(setfiles_mac_t)
  ')
 diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
-index 0e48679..78b3429 100644
+index 1447687..cdc0223 100644
 --- a/policy/modules/system/setrans.te
 +++ b/policy/modules/system/setrans.te
 @@ -12,6 +12,7 @@ gen_require(`
@@ -47350,10 +47350,10 @@ index 416e668..20a28e7 100644
 -	allow $1 unconfined_t:dbus acquire_svc;
 -')
 diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
-index 8a4ee77..f0dca4c 100644
+index eae5001..71e46b2 100644
 --- a/policy/modules/system/unconfined.te
 +++ b/policy/modules/system/unconfined.te
-@@ -4,231 +4,4 @@ policy_module(unconfined, 3.2.1)
+@@ -4,231 +4,4 @@ policy_module(unconfined, 3.3.0)
  #
  # Declarations
  #
@@ -50099,10 +50099,10 @@ index 35f1476..1571559 100644
 +	type_transition $1 user_tmp_t:process $2;
 +')
 diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
-index a7088c6..2c840bc 100644
+index df29ca1..97b3c20 100644
 --- a/policy/modules/system/userdomain.te
 +++ b/policy/modules/system/userdomain.te
-@@ -7,7 +7,7 @@ policy_module(userdomain, 4.4.4)
+@@ -7,7 +7,7 @@ policy_module(userdomain, 4.5.0)
  
  ## <desc>
  ## <p>
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4b59bb1..786cb35 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,8 +20,8 @@
 %define CHECKPOLICYVER 2.0.21-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.9.10
-Release: 13%{?dist}
+Version: 3.9.11
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -471,17 +471,21 @@ exit 0
 %endif
 
 %changelog
-* Tue Dec 14 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-13
+* Wed Dec 15 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.11-1
+- Update to upstream
+- Fix version of policy in spec file
+
+* Tue Dec 14 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-13
 - Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs
 - remove per sandbox domains devpts types
 - Allow dkim-milter sending signal to itself
 
-* Mon Dec 13 2010 Dan Walsh <dwalsh@redhat.com> 3.9.9-12
+* Mon Dec 13 2010 Dan Walsh <dwalsh@redhat.com> 3.9.10-12
 - Allow domains that transition to ping or traceroute, kill them
 - Allow user_t to conditionally transition to ping_t and traceroute_t
 - Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup
 
-* Mon Dec 13 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-11
+* Mon Dec 13 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-11
 - Turn on systemd policy
 - mozilla_plugin needs to read certs in the homedir.
 - Dontaudit leaked file descriptors from devicekit
@@ -494,19 +498,19 @@ exit 0
 - systemd is creating symlinks in /dev
 - Change label on /etc/httpd/alias to be all cert_t
 
-* Fri Dec 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-10
+* Fri Dec 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-10
 - Fixes for clamscan and boinc policy
 - Add boinc_project_t setpgid
 - Allow alsa to create tmp files in /tmp
 
-* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-9
+* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-9
 - Push fixes to allow disabling of unlabeled_t packet access
 - Enable unlabelednet policy
 
-* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-8
+* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-8
 - Fixes for lvm to work with systemd
 
-* Mon Dec 6 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-7
+* Mon Dec 6 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-7
 - Fix the label for wicd log
 - plymouthd creates force-display-on-active-vt file
 - Allow avahi to request the kernel to load a module
@@ -518,19 +522,19 @@ exit 0
 - Fix the label for wicd log
 - Add systemd policy
 
-* Fri Dec 3 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-6
+* Fri Dec 3 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-6
 - Fix gnome_manage_data interface
 - Dontaudit sys_ptrace capability for iscsid
 - Fixes for nagios plugin policy
 
-* Thu Dec 1 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-5
+* Thu Dec 1 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-5
 - Fix cron to run ranged when started by init
 - Fix devicekit to use log files
 - Dontaudit use of devicekit_var_run_t for fstools
 - Allow init to setattr on logfile directories
 - Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t
 
-* Tue Nov 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.9-4
+* Tue Nov 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.10-4
 - Fix up handling of dnsmasq_t creating /var/run/libvirt/network
 - Turn on sshd_forward_ports boolean by default
 - Allow sysadmin to dbus chat with rpm
diff --git a/sources b/sources
index 56f19d9..ed93240 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 409b40c8102b1617681ba17c31032e66  config.tgz
-1deb2db0ad303b26fc44b5c7f7497c32  serefpolicy-3.9.10.tgz
+7e14bb9fd00b6aabaf1372bab00914cc  serefpolicy-3.9.11.tgz