diff --git a/modules-minimum.conf b/modules-minimum.conf
index 7e698e0..1dcf933 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -182,6 +182,13 @@ cdrecord = module
#
certwatch = module
+# Layer: admin
+# Module: certmaster
+#
+# Digital Certificate Tracking
+#
+certmanager = module
+
# Layer: services
# Module: cipe
#
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 7e698e0..1dcf933 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -182,6 +182,13 @@ cdrecord = module
#
certwatch = module
+# Layer: admin
+# Module: certmaster
+#
+# Digital Certificate Tracking
+#
+certmanager = module
+
# Layer: services
# Module: cipe
#
diff --git a/policy-20080710.patch b/policy-20080710.patch
index 31c2d9a..beb93c9 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -12178,8 +12178,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-10-30 14:44:58.000000000 -0400
-@@ -0,0 +1,133 @@
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-11-03 15:55:54.000000000 -0500
+@@ -0,0 +1,132 @@
+## policy for certmaster
+
+########################################
@@ -12205,15 +12205,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+#######################################
-+###
-+### read
-+### certmaster logs.
-+###
-+###
-+###
-+### Domain allowed access.
-+###
-+###
++##
++## read
++## certmaster logs.
++##
++##
++##
++## Domain allowed access.
++##
++##
+##
+#
+interface(`certmaster_read_log',`
@@ -12225,14 +12225,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+#######################################
-+###
-+### Append to certmaster logs.
-+###
-+###
-+###
-+### Domain allowed access.
-+###
-+###
++##
++## Append to certmaster logs.
++##
++##
++##
++## Domain allowed access.
++##
++##
+##
+#
+interface(`certmaster_append_log',`
@@ -12244,15 +12244,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+#######################################
-+###
-+### Create, read, write, and delete
-+### certmaster logs.
-+###
-+###
-+###
-+### Domain allowed access.
-+###
-+###
++##
++## Create, read, write, and delete
++## certmaster logs.
++##
++##
++##
++## Domain allowed access.
++##
++##
+##
+#
+interface(`certmaster_manage_log',`
@@ -12265,22 +12265,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+########################################
-+###
-+### All of the rules required to administrate
-+### an snort environment
-+###
-+###
-+###
-+### Domain allowed access.
-+###
-+###
-+###
-+###
-+### The role to be allowed to manage the syslog domain.
-+###
-+###
-+###
-+##
++##
++## All of the rules required to administrate
++## an snort environment
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## The role to be allowed to manage the syslog domain.
++##
++##
++##
++#
+
+interface(`certmaster_admin',`
+ gen_require(`
@@ -12312,7 +12312,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_var_lib($1)
+ admin_pattern($1, certmaster_var_lib_t)
+')
-+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-10-30 14:48:03.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a77565b..36b5b72 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 11%{?dist}
+Release: 13%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,13 @@ exit 0
%endif
%changelog
+* Mon Nov 3 2008 Dan Walsh 3.5.13-13
+- Allow dhcpc to restart ypbind
+- Fixup labeling in /var/run
+
+* Thu Oct 30 2008 Dan Walsh 3.5.13-12
+- Add certmaster policy
+
* Wed Oct 29 2008 Dan Walsh 3.5.13-11
- Fix confined users
- Allow xguest to read/write xguest_dbusd_t