diff --git a/policy-F12.patch b/policy-F12.patch
index 1c88d9a..cfa3d8f 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -4242,12 +4242,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`TODO',`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.6.31/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.31/policy/modules/apps/wine.fc 2009-09-09 15:38:24.000000000 -0400
-@@ -1,4 +1,21 @@
++++ serefpolicy-3.6.31/policy/modules/apps/wine.fc 2009-09-15 15:06:46.000000000 -0400
+@@ -1,4 +1,22 @@
-/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+/usr/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
+/usr/bin/regsvr32 -- gen_context(system_u:object_r:wine_exec_t,s0)
+/usr/bin/regedit -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
+/usr/bin/uninstaller -- gen_context(system_u:object_r:wine_exec_t,s0)
+/usr/bin/msiexec -- gen_context(system_u:object_r:wine_exec_t,s0)
+
@@ -6805,7 +6806,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.6.31/policy/modules/roles/unconfineduser.fc
--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.31/policy/modules/roles/unconfineduser.fc 2009-09-09 15:38:24.000000000 -0400
++++ serefpolicy-3.6.31/policy/modules/roles/unconfineduser.fc 2009-09-15 15:37:54.000000000 -0400
@@ -0,0 +1,36 @@
+# Add programs here which should not be confined by SELinux
+# e.g.:
@@ -6813,7 +6814,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
+/usr/bin/valgrind -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
-+
++/usr/sbin/vboxadd-service -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/lib(64)/virtualbox/VirtualBox -- gen_context(system_u:object_r:execmem_exec_t,s0)
+
@@ -11531,6 +11532,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
+ files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.6.31/policy/modules/services/cyrus.te
+--- nsaserefpolicy/policy/modules/services/cyrus.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.6.31/policy/modules/services/cyrus.te 2009-09-15 17:43:50.000000000 -0400
+@@ -137,6 +137,7 @@
+ optional_policy(`
+ snmp_read_snmp_var_lib_files(cyrus_t)
+ snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
++ snmp_stream_connect(cyrus_t)
+ ')
+
+ optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.31/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2009-07-28 13:28:33.000000000 -0400
+++ serefpolicy-3.6.31/policy/modules/services/dbus.if 2009-09-09 15:38:24.000000000 -0400
@@ -17748,6 +17760,48 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.6.31/policy/modules/services/snmp.if
+--- nsaserefpolicy/policy/modules/services/snmp.if 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.31/policy/modules/services/snmp.if 2009-09-15 17:44:18.000000000 -0400
+@@ -85,6 +85,26 @@
+ dontaudit $1 snmpd_var_lib_t:file write;
+ ')
+
++
++########################################
++##
++## Connect to snmpd using a unix domain stream socket.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`snmp_stream_connect',`
++ gen_require(`
++ type snmpd_t, snmpd_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
++')
++
+ ########################################
+ ##
+ ## All of the rules required to administrate
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.31/policy/modules/services/snmp.te
+--- nsaserefpolicy/policy/modules/services/snmp.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.6.31/policy/modules/services/snmp.te 2009-09-15 15:34:40.000000000 -0400
+@@ -72,6 +72,8 @@
+ corenet_udp_bind_snmp_port(snmpd_t)
+ corenet_sendrecv_snmp_server_packets(snmpd_t)
+ corenet_tcp_connect_agentx_port(snmpd_t)
++corenet_tcp_bind_agentx_port(snmpd_t)
++corenet_udp_bind_agentx_port(snmpd_t)
+
+ dev_list_sysfs(snmpd_t)
+ dev_read_sysfs(snmpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.31/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.31/policy/modules/services/spamassassin.fc 2009-09-09 15:38:24.000000000 -0400
@@ -23541,7 +23595,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.31/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.31/policy/modules/system/modutils.te 2009-09-14 13:14:55.000000000 -0400
++++ serefpolicy-3.6.31/policy/modules/system/modutils.te 2009-09-15 15:38:39.000000000 -0400
@@ -19,6 +19,7 @@
type insmod_exec_t;
application_domain(insmod_t, insmod_exec_t)
@@ -23581,7 +23635,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -91,19 +99,21 @@
+@@ -91,19 +99,23 @@
# insmod local policy
#
@@ -23594,7 +23648,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Read module config and dependency information
-allow insmod_t { modules_conf_t modules_dep_t }:file read_file_perms;
++list_dirs_pattern(insmod_t, modules_conf_t, modules_conf_t)
+read_files_pattern(insmod_t, modules_conf_t, modules_conf_t)
++list_dirs_pattern(insmod_t, modules_dep_t, modules_dep_t)
+read_files_pattern(insmod_t, modules_dep_t, modules_dep_t)
can_exec(insmod_t, insmod_exec_t)
@@ -23605,7 +23661,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_write_proc_files(insmod_t)
kernel_mount_debugfs(insmod_t)
kernel_mount_kvmfs(insmod_t)
-@@ -112,6 +122,7 @@
+@@ -112,6 +124,7 @@
kernel_read_kernel_sysctls(insmod_t)
kernel_rw_kernel_sysctl(insmod_t)
kernel_read_hotplug_sysctls(insmod_t)
@@ -23613,7 +23669,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_bin(insmod_t)
corecmd_exec_shell(insmod_t)
-@@ -124,9 +135,7 @@
+@@ -124,9 +137,7 @@
dev_read_sound(insmod_t)
dev_write_sound(insmod_t)
dev_rw_apm_bios(insmod_t)
@@ -23624,7 +23680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_signal_all_domains(insmod_t)
domain_use_interactive_fds(insmod_t)
-@@ -144,11 +153,14 @@
+@@ -144,11 +155,14 @@
files_write_kernel_modules(insmod_t)
fs_getattr_xattr_fs(insmod_t)
@@ -23639,7 +23695,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg(insmod_t)
logging_search_logs(insmod_t)
-@@ -157,19 +169,30 @@
+@@ -157,19 +171,30 @@
seutil_read_file_contexts(insmod_t)
@@ -23673,7 +23729,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
hotplug_search_config(insmod_t)
')
-@@ -228,7 +251,7 @@
+@@ -228,7 +253,7 @@
can_exec(update_modules_t, update_modules_exec_t)
# manage module loading configuration
diff --git a/selinux-policy.spec b/selinux-policy.spec
index dddd78d..823459d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.31
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -50,7 +50,7 @@ Url: http://oss.tresys.com/repos/refpolicy/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-python >= %{POLICYCOREUTILSVER} bzip2
-Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER} libsemanage >= 2.0.14-3
+Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 2.0.14-3
Requires(post): /usr/bin/bunzip2 /bin/mktemp /bin/awk
Requires: checkpolicy >= %{CHECKPOLICYVER} m4
Obsoletes: selinux-policy-devel
@@ -299,7 +299,7 @@ Summary: SELinux targeted base policy
Provides: selinux-policy-base
Group: System Environment/Base
Obsoletes: selinux-policy-targeted-sources < 2
-Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
+Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
Conflicts: audispd-plugins <= 1.7.7-1
@@ -353,7 +353,7 @@ exit 0
Summary: SELinux minimum base policy
Provides: selinux-policy-base
Group: System Environment/Base
-Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
+Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
Conflicts: seedit
@@ -387,7 +387,7 @@ exit 0
Summary: SELinux olpc base policy
Group: System Environment/Base
Provides: selinux-policy-base
-Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
+Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
Conflicts: seedit
@@ -419,7 +419,7 @@ Group: System Environment/Base
Provides: selinux-policy-base
Obsoletes: selinux-policy-mls-sources < 2
Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
-Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
+Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
Conflicts: seedit
@@ -447,6 +447,10 @@ exit 0
%endif
%changelog
+* Mon Sep 15 2009 Dan Walsh 3.6.31-5
+- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
+- Remove policycoreutils-python requirement except for minimum
+
* Mon Sep 14 2009 Dan Walsh 3.6.31-4
- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)