diff --git a/modules-minimum.conf b/modules-minimum.conf
index 1f07777..327b53a 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -412,6 +412,14 @@ dovecot = module
 # 
 gpg = module
 
+# Layer: services
+# Module: gpsd
+#
+# gpsd monitor daemon
+#
+# 
+gpsd = module
+
 # Layer: apps
 # Module: git
 #
diff --git a/modules-mls.conf b/modules-mls.conf
index 6a679d5..ceca7a7 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -413,6 +413,14 @@ dovecot = module
 gpg = off
 
 # Layer: services
+# Module: gpsd
+#
+# gpsd monitor daemon
+#
+# 
+gpsd = module
+
+# Layer: services
 # Module: gpm
 #
 # General Purpose Mouse driver
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 1f07777..327b53a 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -412,6 +412,14 @@ dovecot = module
 # 
 gpg = module
 
+# Layer: services
+# Module: gpsd
+#
+# gpsd monitor daemon
+#
+# 
+gpsd = module
+
 # Layer: apps
 # Module: git
 #
diff --git a/policy-20090105.patch b/policy-20090105.patch
index dec96d0..010a197 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -4394,7 +4394,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in	2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in	2009-03-06 16:02:17.000000000 -0500
 @@ -65,10 +65,12 @@
  type server_packet_t, packet_type, server_packet_type;
  
@@ -4408,7 +4408,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(amanda, udp,10080,s0, tcp,10080,s0, udp,10081,s0, tcp,10081,s0, tcp,10082,s0, tcp,10083,s0)
  network_port(amavisd_recv, tcp,10024,s0)
  network_port(amavisd_send, tcp,10025,s0)
-@@ -79,26 +81,33 @@
+@@ -79,26 +81,34 @@
  network_port(auth, tcp,113,s0)
  network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
  type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
@@ -4438,12 +4438,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
  network_port(giftd, tcp,1213,s0)
  network_port(gopher, tcp,70,s0, udp,70,s0)
++network_port(gpsd,tcp,2947,s0)
  network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0) # 8118 is for privoxy
 +portcon tcp 10001-10010 gen_context(system_u:object_r:http_cache_port_t, s0)
  network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
  network_port(howl, tcp,5335,s0, udp,5353,s0)
  network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
-@@ -118,6 +127,8 @@
+@@ -118,6 +128,8 @@
  network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
  network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
  network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
@@ -4452,7 +4453,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(ktalkd, udp,517,s0, udp,518,s0)
  network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
  type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-@@ -127,6 +138,7 @@
+@@ -127,6 +139,7 @@
  network_port(mmcc, tcp,5050,s0, udp,5050,s0)
  network_port(monopd, tcp,1234,s0)
  network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -4460,7 +4461,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
  portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
  network_port(nessus, tcp,1241,s0)
-@@ -137,12 +149,21 @@
+@@ -137,12 +150,21 @@
  network_port(openvpn, tcp,1194,s0, udp,1194,s0)
  network_port(pegasus_http, tcp,5988,s0)
  network_port(pegasus_https, tcp,5989,s0)
@@ -4482,7 +4483,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pxe, udp,4011,s0)
-@@ -161,9 +182,11 @@
+@@ -161,9 +183,11 @@
  network_port(rwho, udp,513,s0)
  network_port(smbd, tcp,137-139,s0, tcp,445,s0)
  network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
@@ -4495,7 +4496,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
  type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
  type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
-@@ -172,14 +195,17 @@
+@@ -172,14 +196,17 @@
  network_port(syslogd, udp,514,s0)
  network_port(telnetd, tcp,23,s0)
  network_port(tftp, udp,69,s0)
@@ -9128,7 +9129,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.8/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.te	2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/clamav.te	2009-03-06 10:10:40.000000000 -0500
 @@ -13,7 +13,10 @@
  
  # configuration files
@@ -9205,7 +9206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_kernel_sysctls(clamscan_t)
  
  files_read_etc_files(clamscan_t)
-@@ -221,6 +244,12 @@
+@@ -221,6 +244,8 @@
  
  clamav_stream_connect(clamscan_t)
  
@@ -9214,10 +9215,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	apache_read_sys_content(clamscan_t)
  ')
-+
-+optional_policy(`
-+	mailscanner_manage_spool(clamscan_t)
-+')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.8/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2008-08-07 11:15:11.000000000 -0400
 +++ serefpolicy-3.6.8/policy/modules/services/consolekit.fc	2009-03-05 15:25:24.000000000 -0500
@@ -12100,7 +12097,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.8/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ftp.te	2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ftp.te	2009-03-06 10:14:51.000000000 -0500
 @@ -26,7 +26,7 @@
  ## <desc>
  ## <p>
@@ -12144,7 +12141,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  fs_search_auto_mountpoints(ftpd_t)
  fs_getattr_all_fs(ftpd_t)
-+fs_search_fusefs_dirs(ftpd_t)
++fs_search_fusefs(ftpd_t)
  
  auth_use_nsswitch(ftpd_t)
  auth_domtrans_chk_passwd(ftpd_t)
@@ -12343,6 +12340,156 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	polkit_read_reload(gnomeclock_t)
 +')
 +
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.8/policy/modules/services/gpsd.fc
+--- nsaserefpolicy/policy/modules/services/gpsd.fc	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.fc	2009-03-06 16:02:17.000000000 -0500
+@@ -0,0 +1,3 @@
++
++/usr/sbin/gpsd                 --      gen_context(system_u:object_r:gpsd_exec_t,s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.8/policy/modules/services/gpsd.if
+--- nsaserefpolicy/policy/modules/services/gpsd.if	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.if	2009-03-06 16:03:34.000000000 -0500
+@@ -0,0 +1,83 @@
++## <summary>gpsd monitor daemon</summary>
++
++########################################
++## <summary>
++##      Execute a domain transition to run gpsd.
++## </summary>
++## <param name="domain">
++## <summary>
++##      Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`gpsd_domtrans',`
++        gen_require(`
++                type gpsd_t, gpsd_exec_t;
++        ')
++
++        domtrans_pattern($1, gpsd_exec_t, gpsd_t)
++')
++
++########################################
++## <summary>
++##      Execute gpsd in the gpsd domain, and
++##      allow the specified role the gpsd domain.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access
++##      </summary>
++## </param>
++## <param name="role">
++##      <summary>
++##      The role to be allowed the gpsd domain.
++##      </summary>
++## </param>
++#
++interface(`gpsd_run',`
++        gen_require(`
++                type gpsd_t;
++        ')
++
++        gpsd_domtrans($1)
++        role $2 types gpsd_t;
++')
++
++########################################
++## <summary>    
++##      Read and write to gpsd shared memory.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      The type of the process performing this action.
++##      </summary>
++## </param>
++#
++interface(`gpsd_rw_shm',`
++        gen_require(`
++                type gpsd_t;
++        ')
++
++        allow $1 gpsd_t:shm rw_shm_perms;
++')
++
++########################################
++## <summary>
++##      Read/write gpsd tmpfs files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      The type of the process performing this action.
++##      </summary>
++## </param>
++#
++interface(`gpsd_rw_tmpfs_files',`
++        gen_require(`
++                type gpsd_tmpfs_t;
++        ')
++
++        fs_search_tmpfs($1)
++        allow $1 gpsd_tmpfs_t:dir list_dir_perms;
++        rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
++        read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.8/policy/modules/services/gpsd.te
+--- nsaserefpolicy/policy/modules/services/gpsd.te	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.te	2009-03-06 16:06:45.000000000 -0500
+@@ -0,0 +1,52 @@
++policy_module(gpsd,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type gpsd_t;
++type gpsd_exec_t;
++application_domain(gpsd_t, gpsd_exec_t)
++role system_r types gpsd_t;
++
++type gpsd_tmpfs_t;
++files_tmpfs_file(gpsd_tmpfs_t)
++
++########################################
++#
++# gpsd local policy
++#
++
++allow gpsd_t self:capability { setuid sys_nice setgid fowner };
++allow gpsd_t self:process setsched;
++allow gpsd_t self:shm create_shm_perms;
++allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
++allow gpsd_t self:tcp_socket create_stream_socket_perms;
++
++manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
++manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
++fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
++
++corenet_tcp_bind_all_nodes(gpsd_t)
++corenet_tcp_bind_gpsd_port(gpsd_t)
++
++term_use_unallocated_ttys(gpsd_t)
++term_setattr_unallocated_ttys(gpsd_t)
++
++auth_use_nsswitch(gpsd_t)
++
++logging_send_syslog_msg(gpsd_t)
++
++miscfiles_read_localization(gpsd_t)
++
++optional_policy(`
++	ntpd_rw_shm(gpsd_t)
++	ntpd_rw_tmpfs_files(gpsd_t)
++')
++
++optional_policy(`
++        dbus_system_bus_client(gpsd_t)
++')
++
++
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.8/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2008-11-19 11:51:44.000000000 -0500
 +++ serefpolicy-3.6.8/policy/modules/services/hal.fc	2009-03-05 15:25:24.000000000 -0500
@@ -14831,7 +14978,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.8/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.if	2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ntp.if	2009-03-06 16:02:17.000000000 -0500
 @@ -37,6 +37,32 @@
  
  ########################################
@@ -14865,7 +15012,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Execute ntp server in the ntpd domain.
  ## </summary>
  ## <param name="domain">
-@@ -56,6 +82,24 @@
+@@ -56,6 +82,63 @@
  
  ########################################
  ## <summary>
@@ -14885,6 +15032,45 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
 +')
 +
++#######################################
++## <summary>
++##      Read/write ntpdd tmpfs files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      The type of the process performing this action.
++##      </summary>
++## </param>
++#
++interface(`ntpd_rw_tmpfs_files',`
++        gen_require(`
++                type ntpd_tmpfs_t;
++        ')
++
++        fs_search_tmpfs($1)
++        list_dirs_pattern($1,ntpd_tmpfs_t,ntpd_tmpfs_t)
++        rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
++        read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
++')
++
++########################################
++## <summary>    
++##      Read and write to ntpd shared memory.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      The type of the process performing this action.
++##      </summary>
++## </param>
++#
++interface(`ntpd_rw_shm',`
++        gen_require(`
++                type ntpd_t;
++        ')
++
++        allow $1 ntpd_t:shm rw_shm_perms;
++')
++
 +########################################
 +## <summary>
  ##	All of the rules required to administrate 
@@ -14892,8 +15078,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.8/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.te	2009-03-05 15:25:24.000000000 -0500
-@@ -38,10 +38,11 @@
++++ serefpolicy-3.6.8/policy/modules/services/ntp.te	2009-03-06 16:02:17.000000000 -0500
+@@ -25,6 +25,9 @@
+ type ntpd_tmp_t;
+ files_tmp_file(ntpd_tmp_t)
+ 
++type ntpd_tmpfs_t;
++files_tmpfs_file(ntpd_tmpfs_t)
++
+ type ntpd_var_run_t;
+ files_pid_file(ntpd_var_run_t)
+ 
+@@ -38,10 +41,11 @@
  
  # sys_resource and setrlimit is for locking memory
  # ntpdate wants sys_nice
@@ -14906,7 +15102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow ntpd_t self:unix_dgram_socket create_socket_perms;
  allow ntpd_t self:unix_stream_socket create_socket_perms;
  allow ntpd_t self:tcp_socket create_stream_socket_perms;
-@@ -52,6 +53,7 @@
+@@ -52,6 +56,7 @@
  can_exec(ntpd_t,ntpd_exec_t)
  
  read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
@@ -14914,7 +15110,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow ntpd_t ntpd_log_t:dir setattr;
  manage_files_pattern(ntpd_t,ntpd_log_t,ntpd_log_t)
-@@ -90,6 +92,9 @@
+@@ -62,6 +67,10 @@
+ manage_files_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)
+ files_tmp_filetrans(ntpd_t, ntpd_tmp_t, { file dir })
+ 
++manage_dirs_pattern(ntpd_t, ntpd_tmpfs_t, ntpd_tmpfs_t)
++manage_files_pattern(ntpd_t, ntpd_tmpfs_t, ntpd_tmpfs_t)
++fs_tmpfs_filetrans(ntpd_t, ntpd_tmpfs_t, { dir file })
++
+ manage_files_pattern(ntpd_t, ntpd_var_run_t, ntpd_var_run_t)
+ files_pid_filetrans(ntpd_t, ntpd_var_run_t, file)
+ 
+@@ -90,6 +99,9 @@
  
  fs_getattr_all_fs(ntpd_t)
  fs_search_auto_mountpoints(ntpd_t)
@@ -14924,6 +15131,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  term_use_ptmx(ntpd_t)
  
+@@ -121,6 +133,11 @@
+ ')
+ 
+ optional_policy(`
++	gpsd_rw_shm(ntpd_t)
++	gpsd_rw_tmpfs_files(ntpd_t)
++')
++
++optional_policy(`
+ 	firstboot_dontaudit_use_fds(ntpd_t)
+ 	firstboot_dontaudit_rw_pipes(ntpd_t)
+ 	firstboot_dontaudit_rw_stream_sockets(ntpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.8/policy/modules/services/nx.te
 --- nsaserefpolicy/policy/modules/services/nx.te	2009-01-19 11:07:34.000000000 -0500
 +++ serefpolicy-3.6.8/policy/modules/services/nx.te	2009-03-05 15:25:24.000000000 -0500
@@ -18984,7 +19203,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.8/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/samba.te	2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/samba.te	2009-03-06 15:54:27.000000000 -0500
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -19171,7 +19390,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	fs_manage_fusefs_dirs(smbd_t)
 +	fs_manage_fusefs_files(smbd_t)
 +',`
-+	fs_search_fusefs_dirs(smbd_t)
++	fs_search_fusefs(smbd_t)
  ')
  
 +
@@ -27154,7 +27373,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.8/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.te	2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/unconfined.te	2009-03-06 16:03:12.000000000 -0500
 @@ -5,6 +5,35 @@
  #
  # Declarations
@@ -27319,69 +27538,77 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -119,31 +202,33 @@
+@@ -119,72 +202,80 @@
  ')
  
  optional_policy(`
 -	inn_domtrans(unconfined_t)
-+	iptables_run(unconfined_t, unconfined_r)
++        gpsd_run(unconfined_t, unconfined_r)
  ')
  
  optional_policy(`
 -	java_domtrans_unconfined(unconfined_t)
-+	java_run_unconfined(unconfined_t, unconfined_r)
++	iptables_run(unconfined_t, unconfined_r)
  ')
  
  optional_policy(`
 -	lpd_run_checkpc(unconfined_t, unconfined_r)
-+	kismet_run(unconfined_t, unconfined_r)
++	java_run_unconfined(unconfined_t, unconfined_r)
  ')
  
  optional_policy(`
 -	modutils_run_update_mods(unconfined_t, unconfined_r)
-+	livecd_run(unconfined_t, unconfined_r)
++	kismet_run(unconfined_t, unconfined_r)
  ')
  
  optional_policy(`
 -	mono_domtrans(unconfined_t)
-+	lpd_run_checkpc(unconfined_t, unconfined_r)
++	livecd_run(unconfined_t, unconfined_r)
  ')
  
  optional_policy(`
 -	mta_role(unconfined_r, unconfined_t)
-+	modutils_run_update_mods(unconfined_t, unconfined_r)
++	lpd_run_checkpc(unconfined_t, unconfined_r)
  ')
  
  optional_policy(`
 -	oddjob_domtrans_mkhomedir(unconfined_t)
++	modutils_run_update_mods(unconfined_t, unconfined_r)
+ ')
+ 
+ optional_policy(`
+-	prelink_run(unconfined_t, unconfined_r)
 +	mono_role_template(unconfined, unconfined_r, unconfined_t)
 +	unconfined_domain(unconfined_mono_t)
 +	role system_r types unconfined_mono_t;
  ')
  
  optional_policy(`
-@@ -155,36 +240,38 @@
+-	portmap_run_helper(unconfined_t, unconfined_r)
++	prelink_run(unconfined_t, unconfined_r)
  ')
  
  optional_policy(`
 -	postfix_run_map(unconfined_t, unconfined_r)
 -	# cjp: this should probably be removed:
 -	postfix_domtrans_master(unconfined_t)
++	portmap_run_helper(unconfined_t, unconfined_r)
+ ')
+ 
+ optional_policy(`
+-	pyzor_role(unconfined_r, unconfined_t)
 -')
 +	qemu_role_notrans(unconfined_r, unconfined_t)
 +	qemu_unconfined_role(unconfined_r)
  
 -optional_policy(`
--	pyzor_role(unconfined_r, unconfined_t)
+-	# cjp: this should probably be removed:
+-	rpc_domtrans_nfsd(unconfined_t)
 +	tunable_policy(`allow_unconfined_qemu_transition',`
 +		qemu_domtrans(unconfined_t)
 +	',`
 +		qemu_domtrans_unconfined(unconfined_t)
- ')
--
--optional_policy(`
--	# cjp: this should probably be removed:
--	rpc_domtrans_nfsd(unconfined_t)
++')
  ')
  
  optional_policy(`
@@ -27411,7 +27638,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -192,7 +279,7 @@
+@@ -192,7 +283,7 @@
  ')
  
  optional_policy(`
@@ -27420,7 +27647,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -204,11 +291,12 @@
+@@ -204,11 +295,12 @@
  ')
  
  optional_policy(`
@@ -27435,7 +27662,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -218,14 +306,61 @@
+@@ -218,14 +310,61 @@
  
  allow unconfined_execmem_t self:process { execstack execmem };
  unconfined_domain_noaudit(unconfined_execmem_t)