diff --git a/modules-minimum.conf b/modules-minimum.conf
index 1f08acc..35c7ddb 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -2009,6 +2009,20 @@ xguest = module
#
courier = module
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+#
+cgroup = module
+
+# Layer: services
+# Module: denyhosts
+#
+# script to help thwart ssh server attacks
+#
+denyhosts = module
+
# Layer: apps
# Module: livecd
#
diff --git a/modules-mls.conf b/modules-mls.conf
index 9eaf94a..779e1b6 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -32,6 +32,13 @@ alsa = base
#
ada = module
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+#
+cgroup = module
+
# Layer: apps
# Module: cpufreqselector
#
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 1f08acc..35c7ddb 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -2009,6 +2009,20 @@ xguest = module
#
courier = module
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+#
+cgroup = module
+
+# Layer: services
+# Module: denyhosts
+#
+# script to help thwart ssh server attacks
+#
+denyhosts = module
+
# Layer: apps
# Module: livecd
#
diff --git a/policy-F13.patch b/policy-F13.patch
index 1210af1..6a5742b 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -26105,7 +26105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+/var/lib/nxserver/home/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.5/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.5/policy/modules/services/xserver.if 2009-12-22 09:50:42.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/services/xserver.if 2009-12-22 12:24:34.000000000 -0500
@@ -56,6 +56,13 @@
domtrans_pattern($2, iceauth_exec_t, iceauth_t)
@@ -26199,7 +26199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -1219,3 +1232,301 @@
+@@ -1219,3 +1232,329 @@
typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type;
')
@@ -26234,6 +26234,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+
+########################################
+##
++## append to .xsession-errors file
++##
++##
++##
++## Domain to not audit
++##
++##
++#
++interface(`xserver_append_xdm_home_files',`
++ gen_require(`
++ type xdm_home_t;
++ type xserver_tmp_t;
++ ')
++
++ allow $1 xdm_home_t:file append_file_perms;
++ allow $1 xserver_tmp_t:file append_file_perms;
++
++ tunable_policy(`use_nfs_home_dirs',`
++ fs_append_nfs_files($1)
++ ')
++
++ tunable_policy(`use_samba_home_dirs',`
++ fs_append_cifs_files($1)
++ ')
++')
++
++########################################
++##
+## Manage the xdm_spool files
+##
+##
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 032ac75..2df6be7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.7.5
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -449,6 +449,9 @@ exit 0
%endif
%changelog
+* Tue Dec 22 2009 Dan Walsh 3.7.5-3
+- Add back xserver_manage_home_fonts
+
* Mon Dec 21 2009 Dan Walsh 3.7.5-2
- Dontaudit sandbox trying to read nscd and sssd