diff --git a/.cvsignore b/.cvsignore
index 1d21095..7282265 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -108,3 +108,4 @@ serefpolicy-2.5.4.tgz
serefpolicy-2.5.5.tgz
serefpolicy-2.5.6.tgz
serefpolicy-2.5.7.tgz
+serefpolicy-2.5.8.tgz
diff --git a/modules-mls.conf b/modules-mls.conf
index cf9effa..aad8005 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1037,3 +1037,10 @@ pcscd = module
# Policy for tzdata-update
#
tzdata = base
+
+# Layer: admin
+# Module: amtu
+#
+# Abstract Machine Test Utility (AMTU)
+#
+amtu = module
diff --git a/modules-strict.conf b/modules-strict.conf
index 64cadcb..b80282b 100644
--- a/modules-strict.conf
+++ b/modules-strict.conf
@@ -456,7 +456,7 @@ ethereal = module
# Layer: apps
# Module: userhelper
#
-# SELinux utility to run a shell with a new role
+# A helper interface to pam.
#
userhelper = module
@@ -815,13 +815,6 @@ openct = module
snmp = module
# Layer: services
-# Module: ucspitcp
-#
-# ucspitcp policy
-#
-ucspitcp = module
-
-# Layer: services
# Module: publicfile
#
# publicfile supplies files to the public through HTTP and FTP
@@ -1128,7 +1121,7 @@ xserver = module
#
# Apache web server
#
-apache = module
+apache = base
# Layer: services
# Module: slrnpull
@@ -1340,3 +1333,24 @@ qmail = module
# daiemon that bans IP that makes too many password failures
#
fail2ban = module
+
+# Layer: services
+# Module: pyzor
+#
+# Spam Blocker
+#
+pyzor = module
+
+# Layer: services
+# Module: ricci
+#
+# policy for ricci
+#
+ricci = module
+
+# Layer: admin
+# Module: amtu
+#
+# Abstract Machine Test Utility (AMTU)
+#
+amtu = module
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 319370d..2c442a6 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -11,92 +11,205 @@
# as individual loadable modules.
#
-# Layer: kernel
-# Module: terminal
-# Required in base
+# Layer: admin
+# Module: acct
#
-# Policy for terminals.
+# Berkeley process accounting
#
-terminal = base
+acct = base
-# Layer: kernel
-# Module: kernel
-# Required in base
+# Layer: admin
+# Module: alsa
#
-# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+# Ainit ALSA configuration tool
#
-kernel = base
+alsa = off
-# Layer: kernel
-# Module: filesystem
-# Required in base
+# Layer: apps
+# Module: ada
#
-# Policy for filesystems.
+# ada executable
#
-filesystem = base
+ada = base
-# Layer: kernel
-# Module: devices
-# Required in base
+# Layer: admin
+# Module: amanda
#
-# Device nodes and interfaces for many basic system devices.
+# Automated backup program.
#
-devices = base
+amanda = base
-# Layer: kernel
-# Module: corenetwork
-# Required in base
+# Layer: services
+# Module: amavis
#
-# Policy controlling access to network objects
+# Anti-virus
#
-corenetwork = base
+amavis = module
-# Layer: kernel
-# Module: mls
-# Required in base
+# Layer: admin
+# Module: anaconda
#
-# Multilevel security policy
+# Policy for the Anaconda installer.
#
-mls = base
+anaconda = base
-# Layer: kernel
-# Module: mcs
+# Layer: services
+# Module: apache
+#
+# Apache web server
+#
+apache = base
+
+# Layer: services
+# Module: apm
+#
+# Advanced power management daemon
+#
+apm = base
+
+# Layer: system
+# Module: application
# Required in base
#
-# MultiCategory security policy
+# Defines attributs and interfaces for all user applications
#
-mcs = base
+application = base
+
+# Layer: services
+# Module: arpwatch
+#
+# Ethernet activity monitor.
+#
+arpwatch = base
+
+# Layer: services
+# Module: audioentropy
+#
+# Generate entropy from audio input
+#
+audioentropy = module
+
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+#
+authlogin = base
+
+# Layer: services
+# Module: automount
+#
+# Filesystem automounter service.
+#
+automount = base
+
+# Layer: services
+# Module: avahi
+#
+# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
+#
+avahi = base
+
+# Layer: services
+# Module: bind
+#
+# Berkeley internet name domain DNS server.
+#
+bind = base
+
+# Layer: services
+# Module: bluetooth
+#
+# Bluetooth tools and system services.
+#
+bluetooth = base
# Layer: kernel
-# Module: selinux
-# Required in base
+# Module: bootloader
#
-# Policy for kernel security interface, in particular, selinuxfs.
+# Policy for the kernel modules, kernel image, and bootloader.
#
-selinux = base
+bootloader = base
+
+
+# Layer: services
+# Module: canna
+#
+# Canna - kana-kanji conversion server
+#
+canna = base
+
+
+# Layer: services
+# Module: ccs
+#
+# policy for ccs
+#
+ccs = module
+
+# Layer: apps
+# Module: calamaris
+#
+#
+# Squid log analysis
+#
+calamaris = module
+
+# Layer: apps
+# Module: cdrecord
+#
+# Policy for cdrecord
+#
+cdrecord = module
# Layer: admin
-# Module: prelink
+# Module: certwatch
#
-# Manage temporary directory sizes and file ages
+# Digital Certificate Tracking
#
-prelink = base
+certwatch = module
-# Layer: kernel
-# Module: files
-# Required in base
+# Layer: services
+# Module: cipe
#
-# Basic filesystem types and interfaces.
+# Encrypted tunnel daemon
#
-files = base
+cipe = module
+
+# Layer: services
+# Module: comsat
+#
+# Comsat, a biff server.
+#
+comsat = base
+
+# Layer: services
+# Module: clamav
+#
+# ClamAV Virus Scanner
+#
+clamav = module
# Layer: system
-# Module: domain
-# Required in base
+# Module: clock
#
-# Core policy for domains.
+# Policy for reading and setting the hardware clock.
#
-domain = base
+clock = base
+
+# Layer: services
+# Module: consolekit
+#
+# ConsoleKit is a system daemon for tracking what users are logged
+#
+consolekit = module
+
+# Layer: admin
+# Module: consoletype
+#
+# Determine of the console connected to the controlling terminal.
+#
+consoletype = base
# Layer: kernel
# Module: corecommands
@@ -107,145 +220,207 @@ domain = base
#
corecommands = base
-# Layer: admin
-# Module: acct
+# Layer: kernel
+# Module: corenetwork
+# Required in base
#
-# Berkeley process accounting
+# Policy controlling access to network objects
#
-acct = base
+corenetwork = base
-# Layer: admin
-# Module: usermanage
+# Layer: services
+# Module: cpucontrol
#
-# Policy for managing user accounts.
+# Services for loading CPU microcode and CPU frequency scaling.
#
-usermanage = base
+cpucontrol = base
-# Layer: admin
-# Module: rpm
+# Layer: services
+# Module: cron
#
-# Policy for the RPM package manager.
+# Periodic execution of scheduled commands.
#
-rpm = base
+cron = base
-# Layer: admin
-# Module: readahead
+# Layer: services
+# Module: cups
#
-# Readahead, read files into page cache for improved performance
+# Common UNIX printing system
#
-readahead = base
+cups = base
+
+# Layer: services
+# Module: cvs
+#
+# Concurrent versions system
+#
+cvs = base
+
+# Layer: services
+# Module: cyrus
+#
+# Cyrus is an IMAP service intended to be run on sealed servers
+#
+cyrus = base
+
+# Layer: system
+# Module: daemontools
+#
+# Collection of tools for managing UNIX services
+#
+daemontools = module
+
+# Layer: services
+# Module: dbskk
+#
+# Dictionary server for the SKK Japanese input method system.
+#
+dbskk = base
+
+# Layer: services
+# Module: dbus
+#
+# Desktop messaging bus
+#
+dbus = base
+
+
+# Layer: services
+# Module: dcc
+#
+# A distributed, collaborative, spam detection and filtering network.
+#
+dcc = module
# Layer: admin
-# Module: kudzu
+# Module: ddcprobe
#
-# Hardware detection and configuration tools
+# ddcprobe retrieves monitor and graphics card information
#
-kudzu = base
+ddcprobe = off
# Layer: kernel
-# Module: bootloader
+# Module: devices
+# Required in base
#
-# Policy for the kernel modules, kernel image, and bootloader.
+# Device nodes and interfaces for many basic system devices.
#
-bootloader = base
+devices = base
-# Layer: admin
-# Module: updfstab
+# Layer: services
+# Module: dhcp
#
-# Red Hat utility to change /etc/fstab.
+# Dynamic host configuration protocol (DHCP) server
#
-updfstab = base
+dhcp = base
-# Layer: admin
-# Module: netutils
+# Layer: services
+# Module: dictd
#
-# Network analysis utilities
+# Dictionary daemon
#
-netutils = base
+dictd = base
+
+# Layer: services
+# Module: distcc
+#
+# Distributed compiler daemon
+#
+distcc = off
# Layer: admin
-# Module: alsa
+# Module: dmesg
#
-# Ainit ALSA configuration tool
+# Policy for dmesg.
#
-alsa = off
+dmesg = base
# Layer: admin
-# Module: vpn
+# Module: dmidecode
+#
+# Decode DMI data for x86/ia64 bioses.
+#
+dmidecode = base
+
+# Layer: system
+# Module: domain
+# Required in base
#
-# Virtual Private Networking client
+# Core policy for domains.
#
-vpn = base
+domain = base
-# Layer: admin
-# Module: su
+# Layer: services
+# Module: dovecot
#
-# Run shells with substitute user and group
+# Dovecot POP and IMAP mail server
#
-su = base
+dovecot = base
-# Layer: admin
-# Module: dmesg
+# Layer: apps
+# Module: gpg
#
-# Policy for dmesg.
+# Policy for GNU Privacy Guard and related programs.
#
-dmesg = base
+gpg = off
-# Layer: admin
-# Module: anaconda
+# Layer: services
+# Module: gpm
#
-# Policy for the Anaconda installer.
+# General Purpose Mouse driver
#
-anaconda = base
+gpm = base
-# Layer: admin
-# Module: amanda
+# Layer: apps
+# Module: ethereal
#
-# Automated backup program.
+# Ethereal packet capture tool.
#
-amanda = base
+ethereal = module
-# Layer: admin
-# Module: logrotate
+# Layer: apps
+# Module: evolution
#
-# Rotate and archive system logs
+# Evolution email client
#
-logrotate = base
+evolution = module
-# Layer: admin
-# Module: ddcprobe
+# Layer: services
+# Module: fail2ban
#
-# ddcprobe retrieves monitor and graphics card information
+# daiemon that bans IP that makes too many password failures
#
-ddcprobe = off
+fail2ban = module
-# Layer: admin
-# Module: quota
+# Layer: services
+# Module: fetchmail
#
-# File system quota management
+# Remote-mail retrieval and forwarding utility
#
-quota = off
+fetchmail = base
-# Layer: admin
-# Module: consoletype
+# Layer: kernel
+# Module: files
+# Required in base
#
-# Determine of the console connected to the controlling terminal.
+# Basic filesystem types and interfaces.
#
-consoletype = base
+files = base
-# Layer: admin
-# Module: sudo
+# Layer: kernel
+# Module: filesystem
+# Required in base
#
-# Execute a command with a substitute user
+# Policy for filesystems.
#
-sudo = base
+filesystem = base
-# Layer: admin
-# Module: vbetool
+# Layer: services
+# Module: finger
#
-# run real-mode video BIOS code to alter hardware state
+# Finger user information service.
#
-vbetool = base
+finger = base
# Layer: admin
# Module: firstboot
@@ -255,96 +430,126 @@ vbetool = base
#
firstboot = base
-# Layer: admin
-# Module: tmpreaper
+# Layer: system
+# Module: fstools
#
-# Manage temporary directory sizes and file ages
+# Tools for filesystem management, such as mkfs and fsck.
#
-tmpreaper = off
+fstools = base
-# Layer: admin
-# Module: dmidecode
+# Layer: services
+# Module: ftp
#
-# Decode DMI data for x86/ia64 bioses.
+# File transfer protocol service
#
-dmidecode = base
+ftp = base
# Layer: apps
-# Module: gpg
+# Module: games
#
-# Policy for GNU Privacy Guard and related programs.
+# The Open Group Pegasus CIM/WBEM Server.
#
-gpg = off
+games = module
-# Layer: apps
-# Module: loadkeys
+# Layer: system
+# Module: getty
#
-# Load keyboard mappings.
+# Policy for getty.
#
-loadkeys = base
+getty = base
# Layer: apps
-# Module: webalizer
+# Module: gnome
#
-# Web server log analysis
+# gnome session and gconf
#
-webalizer = base
+gnome = module
-# Layer: kernel
-# Module: storage
+# Layer: services
+# Module: hal
#
-# Policy controlling access to storage devices
+# Hardware abstraction layer
#
-storage = base
+hal = module
-# Layer: services
-# Module: nis
+# Layer: system
+# Module: hostname
#
-# Policy for NIS (YP) servers and clients
+# Policy for changing the system host name.
#
-nis = base
+hostname = base
-# Layer: services
-# Module: distcc
+
+# Layer: system
+# Module: hotplug
#
-# Distributed compiler daemon
+# Policy for hotplug system, for supporting the
+# connection and disconnection of devices at runtime.
#
-distcc = off
+hotplug = base
# Layer: services
-# Module: rshd
+# Module: howl
#
-# Remote shell service.
+# Port of Apple Rendezvous multicast DNS
#
-rshd = base
+howl = base
# Layer: services
-# Module: cpucontrol
+# Module: inetd
#
-# Services for loading CPU microcode and CPU frequency scaling.
+# Internet services daemon.
#
-cpucontrol = base
+inetd = base
-# Layer: services
-# Module: vbetool
+# Layer: system
+# Module: init
#
-# run real-mode video BIOS code to alter hardware state
+# System initialization programs (init and init scripts).
#
-vbetool = base
+init = base
# Layer: services
-# Module: bind
+# Module: inn
#
-# Berkeley internet name domain DNS server.
+# Internet News NNTP server
#
-bind = base
+inn = base
+
+# Layer: system
+# Module: iptables
+#
+# Policy for iptables.
+#
+iptables = base
+
+# Layer: system
+# Module: ipsec
+#
+# TCP/IP encryption
+#
+ipsec = off
+
+# Layer: apps
+# Module: irc
+#
+# IRC client policy
+#
+irc = module
# Layer: services
-# Module: canna
+# Module: irqbalance
#
-# Canna - kana-kanji conversion server
+# IRQ balancing daemon
#
-canna = base
+irqbalance = base
+
+# Layer: system
+# Module: iscsi
+#
+# Open-iSCSI daemon
+#
+iscsi = module
# Layer: services
# Module: i18n_input
@@ -353,112 +558,113 @@ canna = base
#
i18n_input = off
-# Layer: services
-# Module: uucp
+
+# Layer: apps
+# Module: java
#
-# Unix to Unix Copy
+# java executable
#
-uucp = base
+java = base
# Layer: services
-# Module: sasl
+# Module: kerberos
#
-# SASL authentication server
+# MIT Kerberos admin and KDC
#
-sasl = base
+kerberos = base
-# Layer: services
-# Module: pegasus
+# Layer: kernel
+# Module: kernel
+# Required in base
#
-# The Open Group Pegasus CIM/WBEM Server.
+# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
#
-pegasus = base
+kernel = base
# Layer: services
-# Module: cron
+# Module: ktalk
#
-# Periodic execution of scheduled commands.
+# KDE Talk daemon
#
-cron = base
+ktalk = base
-# Layer: services
-# Module: sendmail
+# Layer: admin
+# Module: kudzu
#
-# Policy for sendmail.
+# Hardware detection and configuration tools
#
-sendmail = base
+kudzu = base
+
# Layer: services
-# Module: samba
+# Module: ldap
#
-# SMB and CIFS client/server programs for UNIX and
-# name Service Switch daemon for resolving names
-# from Windows NT servers.
+# OpenLDAP directory server
#
-samba = base
+ldap = base
-# Layer: services
-# Module: dbus
+# Layer: system
+# Module: libraries
#
-# Desktop messaging bus
+# Policy for system libraries.
#
-dbus = base
+libraries = base
-# Layer: services
-# Module: howl
+# Layer: apps
+# Module: loadkeys
#
-# Port of Apple Rendezvous multicast DNS
+# Load keyboard mappings.
#
-howl = base
+loadkeys = base
-# Layer: services
-# Module: timidity
+# Layer: system
+# Module: locallogin
#
-# MIDI to WAV converter and player configured as a service
+# Policy for local logins.
#
-timidity = off
+locallogin = base
-# Layer: services
-# Module: postgresql
+# Layer: apps
+# Module: lockdev
#
-# PostgreSQL relational database
+# device locking policy for lockdev
#
-postgresql = base
+lockdev = module
-# Layer: services
-# Module: openct
+# Layer: system
+# Module: logging
#
-# Service for handling smart card readers.
+# Policy for the kernel message logger and system logging daemon.
#
-openct = off
+logging = base
-# Layer: services
-# Module: snmp
+# Layer: admin
+# Module: logrotate
#
-# Simple network management protocol services
+# Rotate and archive system logs
#
-snmp = base
+logrotate = base
# Layer: services
-# Module: remotelogin
+# Module: logwatch
#
-# Policy for rshd, rlogind, and telnetd.
+# logwatch executable
#
-remotelogin = base
+logwatch = base
# Layer: services
-# Module: telnet
+# Module: lpd
#
-# Telnet daemon
+# Line printer daemon
#
-telnet = base
+lpd = base
-# Layer: services
-# Module: irqbalance
+# Layer: system
+# Module: lvm
#
-# IRQ balancing daemon
+# Policy for logical volume management programs.
#
-irqbalance = base
+lvm = base
# Layer: services
@@ -468,187 +674,190 @@ irqbalance = base
#
mailman = base
-# Layer: services
-# Module: dbskk
+# Layer: kernel
+# Module: mcs
+# Required in base
#
-# Dictionary server for the SKK Japanese input method system.
+# MultiCategory security policy
#
-dbskk = base
+mcs = base
-# Layer: services
-# Module: ldap
+# Layer: system
+# Module: miscfiles
#
-# OpenLDAP directory server
+# Miscelaneous files.
#
-ldap = base
+miscfiles = base
-# Layer: services
-# Module: tftp
+# Layer: kernel
+# Module: mls
+# Required in base
#
-# Trivial file transfer protocol daemon
+# Multilevel security policy
#
-tftp = base
+mls = base
-# Layer: services
-# Module: portmap
+# Layer: system
+# Module: modutils
#
-# RPC port mapping service.
+# Policy for kernel module utilities
#
-portmap = base
+modutils = base
-# Layer: services
-# Module: arpwatch
+# Layer: apps
+# Module: mono
#
-# Ethernet activity monitor.
+# mono executable
#
-arpwatch = base
+mono = base
-# Layer: services
-# Module: dovecot
+# Layer: system
+# Module: mount
#
-# Dovecot POP and IMAP mail server
+# Policy for mount.
#
-dovecot = base
+mount = base
-# Layer: services
-# Module: cups
+# Layer: apps
+# Module: mozilla
#
-# Common UNIX printing system
+# Policy for Mozilla and related web browsers
#
-cups = base
+mozilla = module
-# Layer: services
-# Module: networkmanager
-#
-# Manager for dynamically switching between networks.
-#
-networkmanager = base
-# Layer: services
-# Module: inn
+# Layer: apps
+# Module: mplayer
#
-# Internet News NNTP server
+# Policy for Mozilla and related web browsers
#
-inn = base
+mplayer = module
-# Layer: services
-# Module: sysstat
+# Layer: admin
+# Module: mrtg
#
-# Policy for sysstat. Reports on various system states
+# Network traffic graphing
#
-sysstat = base
+mrtg = module
+
# Layer: services
-# Module: comsat
+# Module: mta
#
-# Comsat, a biff server.
+# Policy common to all email tranfer agents.
#
-comsat = base
+mta = base
+
# Layer: services
-# Module: squid
+# Module: mysql
#
-# Squid caching http proxy server
+# Policy for MySQL
#
-squid = base
+mysql = base
# Layer: services
-# Module: zebra
+# Module: nagios
#
-# Zebra border gateway protocol network routing service
+# policy for nagios Host/service/network monitoring program
#
-zebra = base
+nagios = module
-# Layer: services
-# Module: xfs
+# Layer: admin
+# Module: netutils
#
-# X Windows Font Server
+# Network analysis utilities
#
-xfs = base
+netutils = base
# Layer: services
-# Module: ktalk
+# Module: networkmanager
#
-# KDE Talk daemon
+# Manager for dynamically switching between networks.
#
-ktalk = base
+networkmanager = base
# Layer: services
-# Module: procmail
+# Module: nis
#
-# Procmail mail delivery agent
+# Policy for NIS (YP) servers and clients
#
-procmail = base
+nis = base
+
# Layer: services
-# Module: lpd
+# Module: nscd
#
-# Line printer daemon
+# Name service cache daemon
#
-lpd = base
+nscd = base
+
# Layer: services
-# Module: cyrus
+# Module: ntp
#
-# Cyrus is an IMAP service intended to be run on sealed servers
+# Network time protocol daemon
#
-cyrus = base
+ntp = base
# Layer: services
-# Module: rdisc
+# Module: oddjob
#
-# Network router discovery daemon
+# policy for oddjob
#
-rdisc = base
+oddjob = module
# Layer: services
-# Module: xserver
+# Module: openct
#
-# X windows login display manager
+# Service for handling smart card readers.
#
-xserver = base
+openct = off
# Layer: services
-# Module: rhgb
+# Module: openvpn
#
-# X windows login display manager
+# Policy for OPENVPN full-featured SSL VPN solution
#
-rhgb = base
+openvpn = base
-# Layer: services
-# Module: nscd
+
+
+# Layer: service
+# Module: pcscd
#
-# Name service cache daemon
-#
-nscd = base
+# PC/SC Smart Card Daemon
+#
+pcscd = module
-# Layer: services
-# Module: ppp
+# Layer: system
+# Module: pcmcia
#
-# Point to Point Protocol daemon creates links in ppp networks
+# PCMCIA card management services
#
-ppp = base
+pcmcia = base
# Layer: services
-# Module: ftp
+# Module: pegasus
#
-# File transfer protocol service
+# The Open Group Pegasus CIM/WBEM Server.
#
-ftp = base
+pegasus = base
# Layer: services
-# Module: gpm
+# Module: postgresql
#
-# General Purpose Mouse driver
+# PostgreSQL relational database
#
-gpm = base
+postgresql = base
# Layer: services
-# Module: mta
+# Module: portmap
#
-# Policy common to all email tranfer agents.
+# RPC port mapping service.
#
-mta = base
+portmap = base
+
# Layer: services
# Module: postfix
@@ -658,335 +867,350 @@ mta = base
postfix = base
# Layer: services
-# Module: fetchmail
+# Module: ppp
+#
+# Point to Point Protocol daemon creates links in ppp networks
+#
+ppp = base
+
+# Layer: admin
+# Module: prelink
#
-# Remote-mail retrieval and forwarding utility
+# Manage temporary directory sizes and file ages
#
-fetchmail = base
+prelink = base
# Layer: services
-# Module: ntp
+# Module: procmail
#
-# Network time protocol daemon
+# Procmail mail delivery agent
#
-ntp = base
+procmail = base
# Layer: services
-# Module: bluetooth
+# Module: privoxy
#
-# Bluetooth tools and system services.
+# Privacy enhancing web proxy.
#
-bluetooth = base
+privoxy = base
# Layer: services
-# Module: hal
+# Module: publicfile
#
-# Hardware abstraction layer
+# publicfile supplies files to the public through HTTP and FTP
#
-hal = module
+publicfile = module
# Layer: services
-# Module: consolekit
+# Module: pyzor
#
-# ConsoleKit is a system daemon for tracking what users are logged
+# Spam Blocker
#
-consolekit = module
+pyzor = module
+
# Layer: services
-# Module: avahi
+# Module: qmail
#
-# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
+# Policy for sendmail.
#
-avahi = base
+qmail = module
-# Layer: services
-# Module: rpc
+# Layer: admin
+# Module: quota
#
-# Remote Procedure Call Daemon for managment of network based process communication
+# File system quota management
#
-rpc = base
+quota = off
-# Layer: services
-# Module: apache
+# Layer: system
+# Module: raid
#
-# Apache web server
+# RAID array management tools
#
-apache = base
+raid = base
# Layer: services
-# Module: slrnpull
+# Module: radius
#
-# Service for downloading news feeds the slrn newsreader.
+# RADIUS authentication and accounting server.
#
-slrnpull = off
+radius = base
# Layer: services
-# Module: rsync
+# Module: radius
#
-# Fast incremental file transfer for synchronization
+# RADIUS authentication and accounting server.
#
-rsync = base
+radius = base
+
# Layer: services
-# Module: automount
+# Module: radvd
#
-# Filesystem automounter service.
+# IPv6 router advertisement daemon
#
-automount = base
+radvd = base
# Layer: services
-# Module: kerberos
+# Module: razor
#
-# MIT Kerberos admin and KDC
+# A distributed, collaborative, spam detection and filtering network.
#
-kerberos = base
+razor = module
-# Layer: services
-# Module: dhcp
+# Layer: admin
+# Module: readahead
#
-# Dynamic host configuration protocol (DHCP) server
+# Readahead, read files into page cache for improved performance
#
-dhcp = base
+readahead = base
# Layer: services
-# Module: ssh
+# Module: rhgb
#
-# Secure shell client and server policy.
+# X windows login display manager
#
-ssh = base
+rhgb = base
# Layer: services
-# Module: inetd
+# Module: rdisc
#
-# Internet services daemon.
+# Network router discovery daemon
#
-inetd = base
+rdisc = base
# Layer: services
-# Module: mysql
+# Module: remotelogin
#
-# Policy for MySQL
+# Policy for rshd, rlogind, and telnetd.
#
-mysql = base
+remotelogin = base
# Layer: services
-# Module: dictd
+# Module: ricci
#
-# Dictionary daemon
+# policy for ricci
#
-dictd = base
+ricci = module
# Layer: services
-# Module: finger
+# Module: rlogin
#
-# Finger user information service.
+# Remote login daemon
#
-finger = base
+rlogin = base
# Layer: services
-# Module: radius
+# Module: roundup
#
-# RADIUS authentication and accounting server.
+# Roundup Issue Tracking System policy
#
-radius = base
+roundup = module
# Layer: services
-# Module: spamassassin
+# Module: rpc
#
-# Filter used for removing unsolicited email.
+# Remote Procedure Call Daemon for managment of network based process communication
#
-spamassassin = base
+rpc = base
-# Layer: services
-# Module: radvd
+# Layer: admin
+# Module: rpm
#
-# IPv6 router advertisement daemon
+# Policy for the RPM package manager.
#
-radvd = base
+rpm = base
+
# Layer: services
-# Module: apm
+# Module: rshd
#
-# Advanced power management daemon
+# Remote shell service.
#
-apm = base
+rshd = base
# Layer: services
-# Module: tcpd
+# Module: rsync
#
-# Policy for TCP daemon.
+# Fast incremental file transfer for synchronization
#
-tcpd = base
+rsync = base
+
# Layer: services
-# Module: stunnel
+# Module: sasl
#
-# SSL Tunneling Proxy
+# SASL authentication server
#
-stunnel = base
+sasl = base
# Layer: services
-# Module: privoxy
+# Module: sendmail
#
-# Privacy enhancing web proxy.
+# Policy for sendmail.
#
-privoxy = base
+sendmail = base
# Layer: services
-# Module: cvs
+# Module: samba
#
-# Concurrent versions system
+# SMB and CIFS client/server programs for UNIX and
+# name Service Switch daemon for resolving names
+# from Windows NT servers.
#
-cvs = base
+samba = base
-# Layer: services
-# Module: rlogin
+# Layer: apps
+# Module: screen
#
-# Remote login daemon
+# GNU terminal multiplexer
#
-rlogin = base
+screen = module
-# Layer: system
-# Module: application
+# Layer: kernel
+# Module: selinux
# Required in base
#
-# Defines attributs and interfaces for all user applications
+# Policy for kernel security interface, in particular, selinuxfs.
#
-application = base
+selinux = base
# Layer: system
-# Module: fstools
+# Module: selinuxutil
#
-# Tools for filesystem management, such as mkfs and fsck.
+# Policy for SELinux policy and userland applications.
#
-fstools = base
+selinuxutil = base
# Layer: system
-# Module: logging
+# Module: setrans
+# Required in base
#
-# Policy for the kernel message logger and system logging daemon.
+# Policy for setrans
#
-logging = base
+setrans = base
-# Layer: system
-# Module: hostname
+# Layer: services
+# Module: setroubleshoot
#
-# Policy for changing the system host name.
+# Policy for the SELinux troubleshooting utility
#
-hostname = base
+setroubleshoot = base
-# Layer: system
-# Module: getty
+# Layer: services
+# Module: slrnpull
#
-# Policy for getty.
+# Service for downloading news feeds the slrn newsreader.
#
-getty = base
+slrnpull = off
-# Layer: system
-# Module: lvm
+
+# Layer: apps
+# Module: slocate
#
-# Policy for logical volume management programs.
+# Update database for mlocate
#
-lvm = base
+slocate = module
-# Layer: system
-# Module: sysnetwork
+# Layer: services
+# Module: smartmon
#
-# Policy for network configuration: ifconfig and dhcp client.
+# Smart disk monitoring daemon policy
#
-sysnetwork = base
+smartmon = module
-# Layer: system
-# Module: init
+# Layer: services
+# Module: snmp
#
-# System initialization programs (init and init scripts).
+# Simple network management protocol services
#
-init = base
+snmp = base
-# Layer: system
-# Module: selinuxutil
+# Layer: services
+# Module: spamassassin
#
-# Policy for SELinux policy and userland applications.
+# Filter used for removing unsolicited email.
#
-selinuxutil = base
+spamassassin = base
-# Layer: system
-# Module: udev
+# Layer: services
+# Module: squid
#
-# Policy for udev.
+# Squid caching http proxy server
#
-udev = base
+squid = base
-# Layer: system
-# Module: pcmcia
+# Layer: services
+# Module: ssh
#
-# PCMCIA card management services
+# Secure shell client and server policy.
#
-pcmcia = base
+ssh = base
-# Layer: system
-# Module: authlogin
+# Layer: kernel
+# Module: storage
#
-# Common policy for authentication and user login.
+# Policy controlling access to storage devices
#
-authlogin = base
+storage = base
-# Layer: system
-# Module: libraries
+# Layer: services
+# Module: stunnel
#
-# Policy for system libraries.
+# SSL Tunneling Proxy
#
-libraries = base
+stunnel = base
-# Layer: system
-# Module: userdomain
+# Layer: admin
+# Module: su
#
-# Policy for user domains
+# Run shells with substitute user and group
#
-userdomain = base
+su = base
-# Layer: system
-# Module: modutils
+# Layer: admin
+# Module: sudo
#
-# Policy for kernel module utilities
+# Execute a command with a substitute user
#
-modutils = base
+sudo = base
# Layer: system
-# Module: hotplug
+# Module: sysnetwork
#
-# Policy for hotplug system, for supporting the
-# connection and disconnection of devices at runtime.
+# Policy for network configuration: ifconfig and dhcp client.
#
-hotplug = base
+sysnetwork = base
-# Layer: system
-# Module: clock
+
+# Layer: services
+# Module: sysstat
#
-# Policy for reading and setting the hardware clock.
+# Policy for sysstat. Reports on various system states
#
-clock = base
+sysstat = base
-# Layer: system
-# Module: locallogin
+# Layer: services
+# Module: tcpd
#
-# Policy for local logins.
+# Policy for TCP daemon.
#
-locallogin = base
+tcpd = base
# Layer: system
-# Module: iptables
+# Module: udev
#
-# Policy for iptables.
+# Policy for udev.
#
-iptables = base
+udev = base
# Layer: system
-# Module: mount
+# Module: userdomain
#
-# Policy for mount.
+# Policy for user domains
#
-mount = base
+userdomain = base
# Layer: system
# Module: unconfined
@@ -995,223 +1219,187 @@ mount = base
#
unconfined = base
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = base
-
-# Layer: system
-# Module: ipsec
+# Layer: apps
+# Module: wine
#
-# TCP/IP encryption
+# wine executable
#
-ipsec = off
+wine = base
-# Layer: system
-# Module: xen
+# Layer: admin
+# Module: tzdata
#
-# TCP/IP encryption
+# Policy for tzdata-update
#
-xen = base
+tzdata = base
# Layer: apps
-# Module: java
+# Module: userhelper
#
-# java executable
+# A helper interface to pam.
#
-java = base
+userhelper = module
# Layer: apps
-# Module: ada
+# Module: thunderbird
#
-# ada executable
+# Thunderbird email client
#
-ada = base
+thunderbird = module
# Layer: services
-# Module: logwatch
+# Module: tor
#
-# logwatch executable
+# TOR, the onion router
#
-logwatch = base
+tor = module
# Layer: apps
-# Module: wine
+# Module: tvtime
#
-# wine executable
+# tvtime - a high quality television application
#
-wine = base
+tvtime = module
# Layer: apps
-# Module: mono
-#
-# mono executable
-#
-mono = base
-
-# Layer: services
-# Module: pyzor
+# Module: uml
#
-# Spam Blocker
+# Policy for UML
#
-pyzor = module
+uml = module
-# Layer: services
-# Module: amavis
+# Layer: admin
+# Module: usbmodules
#
-# Anti-virus
+# List kernel modules of USB devices
#
-amavis = module
+usbmodules = module
-# Layer: services
-# Module: clamav
+# Layer: apps
+# Module: usernetctl
#
-# ClamAV Virus Scanner
+# User network interface configuration helper
#
-clamav = module
+usernetctl = module
-# Layer: services
-# Module: razor
-#
-# A distributed, collaborative, spam detection and filtering network.
-#
-razor = module
-# Layer: services
-# Module: dcc
-#
-# A distributed, collaborative, spam detection and filtering network.
-#
-dcc = module
# Layer: system
-# Module: setrans
-# Required in base
+# Module: xen
#
-# Policy for setrans
+# TCP/IP encryption
#
-setrans = base
+xen = base
# Layer: services
-# Module: openvpn
+# Module: telnet
#
-# Policy for OPENVPN full-featured SSL VPN solution
+# Telnet daemon
#
-openvpn = base
-
+telnet = base
# Layer: services
-# Module: setroubleshoot
+# Module: timidity
#
-# Policy for the SELinux troubleshooting utility
+# MIDI to WAV converter and player configured as a service
#
-setroubleshoot = base
+timidity = off
# Layer: services
-# Module: nagios
+# Module: tftp
#
-# policy for nagios Host/service/network monitoring program
+# Trivial file transfer protocol daemon
#
-nagios = module
-
+tftp = base
-# Layer: apps
-# Module: evolution
+# Layer: services
+# Module: uucp
#
-# Evolution email client
+# Unix to Unix Copy
#
-evolution = module
+uucp = base
-# Layer: apps
-# Module: mplayer
+# Layer: services
+# Module: vbetool
#
-# Policy for Mozilla and related web browsers
+# run real-mode video BIOS code to alter hardware state
#
-mplayer = module
+vbetool = base
# Layer: apps
-# Module: mozilla
+# Module: webalizer
#
-# Policy for Mozilla and related web browsers
+# Web server log analysis
#
-mozilla = module
+webalizer = base
# Layer: services
-# Module: ricci
+# Module: xfs
#
-# policy for ricci
+# X Windows Font Server
#
-ricci = module
+xfs = base
# Layer: services
-# Module: oddjob
+# Module: xserver
#
-# policy for oddjob
+# X windows login display manager
#
-oddjob = module
+xserver = base
# Layer: services
-# Module: ccs
+# Module: zebra
#
-# policy for ccs
+# Zebra border gateway protocol network routing service
#
-ccs = module
+zebra = base
-# Layer: system
-# Module: raid
+# Layer: admin
+# Module: usermanage
#
-# RAID array management tools
+# Policy for managing user accounts.
#
-raid = base
+usermanage = base
-# Layer: services
-# Module: smartmon
+# Layer: admin
+# Module: updfstab
#
-# Smart disk monitoring daemon policy
+# Red Hat utility to change /etc/fstab.
#
-smartmon = module
+updfstab = base
-# Layer: system
-# Module: iscsi
+# Layer: admin
+# Module: vpn
#
-# Open-iSCSI daemon
+# Virtual Private Networking client
#
-iscsi = module
-
-# Layer: service
-# Module: pcscd
-#
-# PC/SC Smart Card Daemon
-#
-pcscd = module
+vpn = base
# Layer: admin
-# Module: tzdata
+# Module: vbetool
#
-# Policy for tzdata-update
+# run real-mode video BIOS code to alter hardware state
#
-tzdata = base
+vbetool = base
-# Layer: services
-# Module: qmail
+# Layer: kernel
+# Module: terminal
+# Required in base
#
-# Policy for sendmail.
+# Policy for terminals.
#
-qmail = module
+terminal = base
-# Layer: apps
-# Module: games
+# Layer: admin
+# Module: tmpreaper
#
-# The Open Group Pegasus CIM/WBEM Server.
+# Manage temporary directory sizes and file ages
#
-games = module
+tmpreaper = off
-# Layer: services
-# Module: fail2ban
+# Layer: admin
+# Module: amtu
#
-# daiemon that bans IP that makes too many password failures
+# Abstract Machine Test Utility (AMTU)
#
-fail2ban = module
-
+amtu = module
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2c45d32..7fa2443 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -16,7 +16,7 @@
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.5.7
+Version: 2.5.8
Release: 1%{?dist}
License: GPL
Group: System Environment/Base
@@ -166,7 +166,7 @@ fi;
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2204.
+Based off of reference policy: Checked out revision 2215.
%prep
%setup -q -n serefpolicy-%{version}
@@ -356,6 +356,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
%endif
%changelog
+* Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 2.5.8-1
+- More of my patches from upstream
+
* Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 2.5.7-1
- Update to latest from upstream
- Add fail2ban policy
diff --git a/sources b/sources
index 5529383..79bead5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-5209f5a625764686415aac33935756f5 serefpolicy-2.5.7.tgz
+4fdcc031513d86d233bab7661226046a serefpolicy-2.5.8.tgz