diff --git a/policy-F12.patch b/policy-F12.patch
index e2c7587..b7ac22e 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -277,7 +277,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.6.30/policy/modules/admin/prelink.if
--- nsaserefpolicy/policy/modules/admin/prelink.if 2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/admin/prelink.if 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/admin/prelink.if 2009-09-04 10:32:08.000000000 -0400
@@ -140,3 +140,22 @@
files_search_var_lib($1)
manage_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
@@ -293,14 +293,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+##
+##
+#
-+interface(`prelink_relabelfrom_var_lib',`
++interface(`prelink_relabel_var_lib',`
+ gen_require(`
+ type prelink_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
-+ relabelfrom_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
++ relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
+')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.30/policy/modules/admin/prelink.te
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/admin/prelink.te 2009-09-04 11:49:19.000000000 -0400
+@@ -89,6 +89,7 @@
+ miscfiles_read_localization(prelink_t)
+
+ userdom_use_user_terminals(prelink_t)
++userdom_manage_user_home_content(prelink_t)
+
+ optional_policy(`
+ amanda_manage_lib(prelink_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.30/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.6.30/policy/modules/admin/readahead.te 2009-08-31 13:40:47.000000000 -0400
@@ -964,6 +975,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kismet_manage_log(tmpreaper_t)
')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.6.30/policy/modules/admin/tzdata.te
+--- nsaserefpolicy/policy/modules/admin/tzdata.te 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/admin/tzdata.te 2009-09-04 11:18:45.000000000 -0400
+@@ -19,6 +19,8 @@
+ files_read_etc_files(tzdata_t)
+ files_search_spool(tzdata_t)
+
++fs_getattr_xattr_fs(tzdata_t)
++
+ term_dontaudit_list_ptys(tzdata_t)
+
+ locallogin_dontaudit_use_fds(tzdata_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.30/policy/modules/admin/usermanage.if
--- nsaserefpolicy/policy/modules/admin/usermanage.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.30/policy/modules/admin/usermanage.if 2009-08-31 13:40:47.000000000 -0400
@@ -1125,7 +1148,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysnet_dns_name_resolve(awstats_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/calamaris.te serefpolicy-3.6.30/policy/modules/apps/calamaris.te
--- nsaserefpolicy/policy/modules/apps/calamaris.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/apps/calamaris.te 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/apps/calamaris.te 2009-09-02 09:37:44.000000000 -0400
@@ -59,12 +59,12 @@
libs_read_lib_files(calamaris_t)
@@ -3726,8 +3749,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.30/policy/modules/apps/sandbox.te
--- nsaserefpolicy/policy/modules/apps/sandbox.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.30/policy/modules/apps/sandbox.te 2009-08-31 13:40:47.000000000 -0400
-@@ -0,0 +1,302 @@
++++ serefpolicy-3.6.30/policy/modules/apps/sandbox.te 2009-09-03 10:41:22.000000000 -0400
+@@ -0,0 +1,304 @@
+policy_module(sandbox,1.0.0)
+dbus_stub()
+attribute sandbox_domain;
@@ -3873,6 +3896,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+auth_use_nsswitch(sandbox_x_domain)
+
+init_read_utmp(sandbox_x_domain)
++init_dontaudit_write_utmp(sandbox_x_domain)
+
+miscfiles_read_localization(sandbox_x_domain)
+
@@ -3892,10 +3916,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ cups_read_rw_config(sandbox_x_domain)
+')
+
-+#============= sandbox_x_t ==============
-+allow sandbox_x_t home_root_t:dir search;
-+allow sandbox_x_t user_devpts_t:chr_file { read write };
++userdom_dontaudit_use_user_terminals(sandbox_x_domain)
+
++#============= sandbox_x_t ==============
++files_search_home(sandbox_x_t)
++userdom_use_user_ptys(sandbox_x_t)
+
+########################################
+#
@@ -4370,8 +4395,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.30/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/apps/wine.te 2009-08-31 13:40:47.000000000 -0400
-@@ -9,20 +9,35 @@
++++ serefpolicy-3.6.30/policy/modules/apps/wine.te 2009-09-02 09:37:57.000000000 -0400
+@@ -9,20 +9,36 @@
type wine_t;
type wine_exec_t;
application_domain(wine_t, wine_exec_t)
@@ -4387,6 +4412,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-optional_policy(`
allow wine_t self:process { execstack execmem execheap };
- unconfined_domain_noaudit(wine_t)
++allow wine_t self:fifo_file manage_fifo_file_perms;
+
+domain_mmap_low_type(wine_t)
+tunable_policy(`mmap_low_allowed',`
@@ -4413,7 +4439,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.30/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-07-30 13:09:10.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/kernel/corecommands.fc 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/kernel/corecommands.fc 2009-09-03 10:35:24.000000000 -0400
+@@ -1,4 +1,4 @@
+-
++c
+ #
+ # /bin
+ #
@@ -54,6 +54,7 @@
/etc/cron.weekly/.* -- gen_context(system_u:object_r:bin_t,s0)
/etc/cron.monthly/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -4440,15 +4472,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /usr
#
-@@ -221,6 +226,7 @@
+@@ -221,6 +226,8 @@
/usr/share/PackageKit/pk-upgrade-distro\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/PackageKit/helpers(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
+/usr/share/sandbox/sandboxX.sh -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -315,3 +321,21 @@
+@@ -263,6 +270,7 @@
+ /usr/share/ssl/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-httpd/system-config-httpd -- gen_context(system_u:object_r:bin_t,s0)
+@@ -315,3 +323,21 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -5642,7 +5683,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.30/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/kernel/filesystem.if 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/kernel/filesystem.if 2009-09-04 11:37:45.000000000 -0400
@@ -1537,6 +1537,24 @@
########################################
@@ -7390,8 +7431,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.30/policy/modules/roles/unconfineduser.te
--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.30/policy/modules/roles/unconfineduser.te 2009-08-31 13:40:47.000000000 -0400
-@@ -0,0 +1,392 @@
++++ serefpolicy-3.6.30/policy/modules/roles/unconfineduser.te 2009-09-04 10:33:43.000000000 -0400
+@@ -0,0 +1,393 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -7670,6 +7711,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
+ rtkit_daemon_system_domain(unconfined_t)
++ rtkit_daemon_system_domain(unconfined_execmem_t)
+')
+
+optional_policy(`
@@ -8133,8 +8175,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.30/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.30/policy/modules/services/abrt.te 2009-08-31 13:40:47.000000000 -0400
-@@ -0,0 +1,124 @@
++++ serefpolicy-3.6.30/policy/modules/services/abrt.te 2009-09-06 15:27:50.000000000 -0400
+@@ -0,0 +1,120 @@
+
+policy_module(abrt,1.0.0)
+
@@ -8146,6 +8188,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+type abrt_t;
+type abrt_exec_t;
+init_daemon_domain(abrt_t,abrt_exec_t)
++dbus_system_domain(abrt_t,abrt_exec_t)
+
+type abrt_initrc_exec_t;
+init_script_file(abrt_initrc_exec_t)
@@ -8237,11 +8280,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_certs(abrt_t)
+miscfiles_read_localization(abrt_t)
+
-+optional_policy(`
-+ dbus_connect_system_bus(abrt_t)
-+ dbus_system_bus_client(abrt_t)
-+')
-+
+# to run bugzilla plugin
+# read ~/.abrt/Bugzilla.conf
+userdom_read_user_home_content_files(abrt_t)
@@ -10383,7 +10421,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.30/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/cron.te 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/cron.te 2009-09-04 10:32:17.000000000 -0400
@@ -38,6 +38,10 @@
type cron_var_lib_t;
files_type(cron_var_lib_t)
@@ -10704,7 +10742,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ prelink_manage_lib(system_cronjob_t)
+ prelink_manage_log(system_cronjob_t)
+ prelink_read_cache(system_cronjob_t)
-+ prelink_relabelfrom_var_lib(system_cronjob_t)
++ prelink_relabel_var_lib(system_cronjob_t)
')
optional_policy(`
@@ -14023,7 +14061,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.6.30/policy/modules/services/policykit.te
--- nsaserefpolicy/policy/modules/services/policykit.te 2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/policykit.te 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/policykit.te 2009-09-04 11:37:59.000000000 -0400
@@ -36,11 +36,12 @@
# policykit local policy
#
@@ -14091,7 +14129,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
rw_files_pattern(policykit_auth_t, policykit_reload_t, policykit_reload_t)
-@@ -92,12 +112,13 @@
+@@ -92,12 +112,14 @@
manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
@@ -14101,13 +14139,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_usr_files(policykit_auth_t)
+fs_getattr_all_fs(polkit_auth_t)
++fs_search_tmpfs(polkit_auth_t)
+
auth_use_nsswitch(policykit_auth_t)
+auth_domtrans_chk_passwd(policykit_auth_t)
logging_send_syslog_msg(policykit_auth_t)
-@@ -106,7 +127,7 @@
+@@ -106,7 +128,7 @@
userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
optional_policy(`
@@ -14116,7 +14155,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dbus_session_bus_client(policykit_auth_t)
optional_policy(`
-@@ -119,6 +140,14 @@
+@@ -119,6 +141,14 @@
hal_read_state(policykit_auth_t)
')
@@ -14131,7 +14170,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# polkit_grant local policy
-@@ -126,7 +155,8 @@
+@@ -126,7 +156,8 @@
allow policykit_grant_t self:capability setuid;
allow policykit_grant_t self:process getattr;
@@ -14141,7 +14180,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow policykit_grant_t self:unix_dgram_socket create_socket_perms;
allow policykit_grant_t self:unix_stream_socket create_stream_socket_perms;
-@@ -156,9 +186,12 @@
+@@ -156,9 +187,12 @@
userdom_read_all_users_state(policykit_grant_t)
optional_policy(`
@@ -14155,7 +14194,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
consolekit_dbus_chat(policykit_grant_t)
')
')
-@@ -170,7 +203,8 @@
+@@ -170,7 +204,8 @@
allow policykit_resolve_t self:capability { setuid sys_nice sys_ptrace };
allow policykit_resolve_t self:process getattr;
@@ -14942,7 +14981,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.30/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/ppp.te 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/ppp.te 2009-09-04 10:22:17.000000000 -0400
+@@ -38,7 +38,7 @@
+ files_type(pppd_etc_rw_t)
+
+ type pppd_initrc_exec_t alias pppd_script_exec_t;
+-files_type(pppd_initrc_exec_t)
++init_script_file(pppd_initrc_exec_t)
+
+ # pppd_secret_t is the type of the pap and chap password files
+ type pppd_secret_t;
@@ -193,6 +193,8 @@
optional_policy(`
@@ -15473,7 +15521,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/libexec/rtkit-daemon -- gen_context(system_u:object_r:rtkit_daemon_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit_daemon.if serefpolicy-3.6.30/policy/modules/services/rtkit_daemon.if
--- nsaserefpolicy/policy/modules/services/rtkit_daemon.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.30/policy/modules/services/rtkit_daemon.if 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/rtkit_daemon.if 2009-09-04 10:33:29.000000000 -0400
@@ -0,0 +1,63 @@
+
+## policy for rtkit_daemon
@@ -16520,7 +16568,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.30/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/setroubleshoot.te 2009-08-31 17:31:34.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/setroubleshoot.te 2009-09-06 15:49:01.000000000 -0400
@@ -22,13 +22,19 @@
type setroubleshoot_var_run_t;
files_pid_file(setroubleshoot_var_run_t)
@@ -16582,7 +16630,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
selinux_get_enforce_mode(setroubleshootd_t)
selinux_validate_context(setroubleshootd_t)
-@@ -94,23 +113,70 @@
+@@ -94,23 +113,73 @@
locallogin_dontaudit_use_fds(setroubleshootd_t)
@@ -16647,7 +16695,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+userdom_dontaudit_search_admin_dir(setroubleshoot_fixit_t)
+
+optional_policy(`
-+ rpm_read_db(setroubleshoot_fixit_t)
++ rpm_signull(setroubleshootd_fixit_t)
++ rpm_read_db(setroubleshootd_fixit_t)
++ rpm_dontaudit_manage_db(setroubleshootd_fixit_t)
++ rpm_use_script_fds(setroubleshootd_fixit_t)
+')
+
+optional_policy(`
@@ -19635,7 +19686,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.30/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/xserver.te 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/xserver.te 2009-09-04 09:41:10.000000000 -0400
@@ -34,6 +34,13 @@
##
@@ -19793,7 +19844,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_use_interactive_fds(xauth_t)
files_read_etc_files(xauth_t)
-@@ -300,20 +325,29 @@
+@@ -300,20 +325,31 @@
# XDM Local policy
#
@@ -19815,6 +19866,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow xdm_t self:appletalk_socket create_socket_perms;
allow xdm_t self:key { search link write };
++allow xdm_t xauth_home_t:file rw_file_perms;
++
allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
+manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
+manage_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
@@ -19826,7 +19879,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
-@@ -329,22 +363,39 @@
+@@ -329,22 +365,39 @@
manage_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
manage_sock_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
files_tmp_filetrans(xdm_t, xdm_tmp_t, { file dir sock_file })
@@ -19869,7 +19922,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow xdm_t xserver_t:process signal;
allow xdm_t xserver_t:unix_stream_socket connectto;
-@@ -358,6 +409,7 @@
+@@ -358,6 +411,7 @@
allow xdm_t xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
allow xdm_t xserver_t:shm rw_shm_perms;
@@ -19877,7 +19930,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# connect to xdm xserver over stream socket
stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -366,10 +418,14 @@
+@@ -366,10 +420,14 @@
delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
@@ -19893,7 +19946,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(xdm_t)
kernel_read_kernel_sysctls(xdm_t)
-@@ -389,11 +445,13 @@
+@@ -389,11 +447,13 @@
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_generic_node(xdm_t)
corenet_udp_bind_generic_node(xdm_t)
@@ -19907,7 +19960,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_rand(xdm_t)
dev_read_sysfs(xdm_t)
dev_getattr_framebuffer_dev(xdm_t)
-@@ -401,6 +459,7 @@
+@@ -401,6 +461,7 @@
dev_getattr_mouse_dev(xdm_t)
dev_setattr_mouse_dev(xdm_t)
dev_rw_apm_bios(xdm_t)
@@ -19915,7 +19968,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
-@@ -413,14 +472,17 @@
+@@ -413,14 +474,17 @@
dev_setattr_video_dev(xdm_t)
dev_getattr_scanner_dev(xdm_t)
dev_setattr_scanner_dev(xdm_t)
@@ -19935,7 +19988,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(xdm_t)
files_read_var_files(xdm_t)
-@@ -431,9 +493,13 @@
+@@ -431,9 +495,13 @@
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
@@ -19949,7 +20002,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
storage_dontaudit_read_fixed_disk(xdm_t)
storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -442,6 +508,7 @@
+@@ -442,6 +510,7 @@
storage_dontaudit_raw_write_removable_device(xdm_t)
storage_dontaudit_setattr_removable_dev(xdm_t)
storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -19957,7 +20010,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_setattr_console(xdm_t)
term_use_unallocated_ttys(xdm_t)
-@@ -450,6 +517,7 @@
+@@ -450,6 +519,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -19965,7 +20018,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -460,10 +528,11 @@
+@@ -460,10 +530,11 @@
logging_read_generic_logs(xdm_t)
@@ -19979,7 +20032,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
userdom_create_all_users_keys(xdm_t)
-@@ -472,6 +541,9 @@
+@@ -472,6 +543,9 @@
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -19989,7 +20042,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xserver_rw_session(xdm_t, xdm_tmpfs_t)
xserver_unconfined(xdm_t)
-@@ -504,10 +576,12 @@
+@@ -504,10 +578,12 @@
optional_policy(`
alsa_domtrans(xdm_t)
@@ -20002,7 +20055,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -515,12 +589,46 @@
+@@ -515,12 +591,46 @@
')
optional_policy(`
@@ -20049,7 +20102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
hostname_exec(xdm_t)
')
-@@ -542,6 +650,30 @@
+@@ -542,6 +652,30 @@
')
optional_policy(`
@@ -20080,7 +20133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(xdm_t)
')
-@@ -550,8 +682,9 @@
+@@ -550,8 +684,9 @@
')
optional_policy(`
@@ -20092,7 +20145,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
-@@ -560,7 +693,6 @@
+@@ -560,7 +695,6 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
')
@@ -20100,7 +20153,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
userhelper_dontaudit_search_config(xdm_t)
-@@ -571,6 +703,10 @@
+@@ -571,6 +705,10 @@
')
optional_policy(`
@@ -20111,7 +20164,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xfs_stream_connect(xdm_t)
')
-@@ -587,10 +723,9 @@
+@@ -587,10 +725,9 @@
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -20123,11 +20176,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow xserver_t self:fd use;
allow xserver_t self:fifo_file rw_fifo_file_perms;
allow xserver_t self:sock_file read_sock_file_perms;
-@@ -602,9 +737,11 @@
+@@ -602,9 +739,12 @@
allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xserver_t self:tcp_socket create_stream_socket_perms;
allow xserver_t self:udp_socket create_socket_perms;
+allow xserver_t self:netlink_selinux_socket create_socket_perms;
++allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
# Device rules
allow x_domain xserver_t:x_device { read getattr use setattr setfocus grab bell };
@@ -20135,7 +20189,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow xserver_t { input_xevent_t input_xevent_type }:x_event send;
-@@ -616,13 +753,14 @@
+@@ -616,13 +756,14 @@
type_transition xserver_t xserver_t:{ x_drawable x_colormap } rootwindow_t;
allow xserver_t { rootwindow_t x_domain }:x_drawable send;
@@ -20151,7 +20205,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-@@ -635,9 +773,19 @@
+@@ -635,9 +776,19 @@
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
@@ -20171,7 +20225,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
-@@ -671,7 +819,6 @@
+@@ -671,7 +822,6 @@
dev_rw_agp(xserver_t)
dev_rw_framebuffer(xserver_t)
dev_manage_dri_dev(xserver_t)
@@ -20179,7 +20233,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_create_generic_dirs(xserver_t)
dev_setattr_generic_dirs(xserver_t)
# raw memory access is needed if not using the frame buffer
-@@ -681,9 +828,12 @@
+@@ -681,9 +831,12 @@
dev_rw_xserver_misc(xserver_t)
# read events - the synaptics touchpad driver reads raw events
dev_rw_input_dev(xserver_t)
@@ -20193,7 +20247,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(xserver_t)
files_read_etc_runtime_files(xserver_t)
-@@ -698,8 +848,12 @@
+@@ -698,8 +851,12 @@
fs_search_nfs(xserver_t)
fs_search_auto_mountpoints(xserver_t)
fs_search_ramfs(xserver_t)
@@ -20206,7 +20260,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
selinux_validate_context(xserver_t)
selinux_compute_access_vector(xserver_t)
-@@ -721,6 +875,7 @@
+@@ -721,6 +878,7 @@
miscfiles_read_localization(xserver_t)
miscfiles_read_fonts(xserver_t)
@@ -20214,7 +20268,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
modutils_domtrans_insmod(xserver_t)
-@@ -743,7 +898,7 @@
+@@ -743,7 +901,7 @@
')
ifdef(`enable_mls',`
@@ -20223,7 +20277,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
')
-@@ -775,12 +930,20 @@
+@@ -775,12 +933,20 @@
')
optional_policy(`
@@ -20245,7 +20299,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_domtrans(xserver_t)
')
-@@ -807,7 +970,7 @@
+@@ -807,7 +973,7 @@
allow xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xserver_t xdm_var_lib_t:dir search;
@@ -20254,7 +20308,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Label pid and temporary files with derived types.
manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -828,9 +991,14 @@
+@@ -828,9 +994,14 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -20269,7 +20323,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
fs_manage_nfs_files(xserver_t)
-@@ -845,11 +1013,14 @@
+@@ -845,11 +1016,14 @@
optional_policy(`
dbus_system_bus_client(xserver_t)
@@ -20285,7 +20339,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -882,6 +1053,8 @@
+@@ -882,6 +1056,8 @@
# X Server
# can read server-owned resources
allow x_domain xserver_t:x_resource read;
@@ -20294,7 +20348,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# can mess with own clients
allow x_domain self:x_client { manage destroy };
-@@ -906,6 +1079,8 @@
+@@ -906,6 +1082,8 @@
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -20303,7 +20357,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# X Colormaps
# can use the default colormap
allow x_domain rootwindow_t:x_colormap { read use add_color };
-@@ -973,17 +1148,49 @@
+@@ -973,17 +1151,49 @@
allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
@@ -21121,7 +21175,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.30/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/system/init.if 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/system/init.if 2009-09-03 10:39:12.000000000 -0400
@@ -174,6 +174,7 @@
role system_r types $1;
@@ -22492,7 +22546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.30/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/system/libraries.fc 2009-09-01 08:55:51.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/system/libraries.fc 2009-09-04 11:35:21.000000000 -0400
@@ -60,12 +60,15 @@
#
# /opt
@@ -22542,7 +22596,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/(.*/)?java/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
-@@ -115,27 +120,31 @@
+@@ -115,27 +120,30 @@
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22550,13 +22604,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/vlc/codec/librealvideo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
+/usr/lib64/vlc/codec/librealvideo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib64/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib64/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/catalyst/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+
+
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22582,7 +22635,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -143,11 +152,8 @@
+@@ -143,11 +151,8 @@
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22594,7 +22647,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/xorg/modules/drivers/fglrx_drv\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/drivers/nvidia_drv\.o -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -168,12 +174,12 @@
+@@ -168,12 +173,12 @@
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
@@ -22609,7 +22662,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib/maxima/[^/]+/binary-gcl/maxima -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -185,15 +191,10 @@
+@@ -185,15 +190,10 @@
/usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libglide3\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libglide3-v[0-9]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22626,7 +22679,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/valgrind/hp2ps -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/valgrind/stage2 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -228,31 +229,17 @@
+@@ -228,31 +228,17 @@
/usr/lib(64)?/ladspa/sc3_1427\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/ladspa/sc4_1882\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/ladspa/se4_1883\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22662,7 +22715,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Jai, Sun Microsystems (Jpackage SPRM)
/usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -268,8 +255,8 @@
+@@ -268,8 +254,8 @@
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22673,7 +22726,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Java, Sun Microsystems (JPackage SRPM)
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -295,6 +282,8 @@
+@@ -295,6 +281,8 @@
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22682,7 +22735,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') dnl end distro_redhat
#
-@@ -307,10 +296,94 @@
+@@ -307,10 +295,96 @@
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
@@ -22739,6 +22792,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/usr/lib(64)?/xine/plugins/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
++/usr/lib(64)?/yafaray/libDarkSky.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
+ifdef(`fixed',`
+/usr/lib(64)?/libavfilter\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libavdevice\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -23787,8 +23842,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.30/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/system/raid.te 2009-08-31 13:40:47.000000000 -0400
-@@ -44,6 +44,7 @@
++++ serefpolicy-3.6.30/policy/modules/system/raid.te 2009-09-06 15:32:46.000000000 -0400
+@@ -44,11 +44,13 @@
dev_dontaudit_getattr_generic_chr_files(mdadm_t)
dev_dontaudit_getattr_generic_blk_files(mdadm_t)
dev_read_realtime_clock(mdadm_t)
@@ -23796,6 +23851,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_use_interactive_fds(mdadm_t)
+ files_read_etc_files(mdadm_t)
+ files_read_etc_runtime_files(mdadm_t)
++files_dontaudit_getattr_tmpfs_files(mdadm_t)
+
+ fs_search_auto_mountpoints(mdadm_t)
+ fs_dontaudit_list_tmpfs(mdadm_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.30/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.30/policy/modules/system/selinuxutil.fc 2009-08-31 13:40:47.000000000 -0400