diff --git a/.cvsignore b/.cvsignore
index 88b4515..45ac984 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -191,3 +191,4 @@ serefpolicy-3.6.30.tgz
 serefpolicy-3.6.31.tgz
 serefpolicy-3.6.32.tgz
 serefpolicy-3.6.33.tgz
+serefpolicy-3.7.1.tgz
diff --git a/nsadiff b/nsadiff
index 3fe694e..b1c3c22 100755
--- a/nsadiff
+++ b/nsadiff
@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.33 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.1 > /tmp/diff
diff --git a/policy-F13.patch b/policy-F13.patch
index 88134dc..c3a256e 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -1,6 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.33/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.1/Makefile
 --- nsaserefpolicy/Makefile	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.33/Makefile	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/Makefile	2009-11-17 11:06:58.000000000 -0500
 @@ -244,7 +244,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -10,9 +10,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
  net_contexts := $(builddir)net_contexts
  
  all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.6.33/policy/flask/access_vectors
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.7.1/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/flask/access_vectors	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/flask/access_vectors	2009-11-17 11:06:58.000000000 -0500
 @@ -376,6 +376,7 @@
  	syslog_read  
  	syslog_mod
@@ -21,9 +21,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  }
  
  #
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.33/policy/global_tunables
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.7.1/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/global_tunables	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/global_tunables	2009-11-17 11:06:58.000000000 -0500
 @@ -61,15 +61,6 @@
  
  ## <desc>
@@ -59,9 +59,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +## </desc>
 +gen_tunable(mmap_low_allowed, false)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.6.33/policy/modules/admin/alsa.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.7.1/policy/modules/admin/alsa.te
 --- nsaserefpolicy/policy/modules/admin/alsa.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/alsa.te	2009-11-12 15:17:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/alsa.te	2009-11-17 11:06:58.000000000 -0500
 @@ -51,6 +51,8 @@
  files_read_etc_files(alsa_t)
  files_read_usr_files(alsa_t)
@@ -71,9 +71,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_use_nsswitch(alsa_t)
  
  init_use_fds(alsa_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.6.33/policy/modules/admin/anaconda.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.7.1/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/anaconda.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/anaconda.te	2009-11-17 11:06:58.000000000 -0500
 @@ -31,6 +31,7 @@
  modutils_domtrans_insmod(anaconda_t)
  
@@ -91,9 +91,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.6.33/policy/modules/admin/brctl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.7.1/policy/modules/admin/brctl.te
 --- nsaserefpolicy/policy/modules/admin/brctl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/brctl.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/brctl.te	2009-11-17 11:06:58.000000000 -0500
 @@ -21,7 +21,7 @@
  allow brctl_t self:unix_dgram_socket create_socket_perms;
  allow brctl_t self:tcp_socket create_socket_perms;
@@ -103,9 +103,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_network_state(brctl_t)
  kernel_read_sysctl(brctl_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.33/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/certwatch.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.7.1/policy/modules/admin/certwatch.te
+--- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/certwatch.te	2009-11-17 11:06:58.000000000 -0500
 @@ -36,7 +36,7 @@
  miscfiles_read_localization(certwatch_t)
  
@@ -115,9 +115,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	apache_exec_modules(certwatch_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.6.33/policy/modules/admin/consoletype.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.1/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/consoletype.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/consoletype.te	2009-11-17 11:06:58.000000000 -0500
 @@ -84,6 +84,7 @@
  optional_policy(`
  	hal_dontaudit_use_fds(consoletype_t)
@@ -126,17 +126,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.fc serefpolicy-3.6.33/policy/modules/admin/dmesg.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.fc serefpolicy-3.7.1/policy/modules/admin/dmesg.fc
 --- nsaserefpolicy/policy/modules/admin/dmesg.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/dmesg.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/dmesg.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,2 +1,4 @@
  
  /bin/dmesg		--		gen_context(system_u:object_r:dmesg_exec_t,s0)
 +
 +/usr/sbin/mcelog	--		gen_context(system_u:object_r:dmesg_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.6.33/policy/modules/admin/dmesg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.7.1/policy/modules/admin/dmesg.te
 --- nsaserefpolicy/policy/modules/admin/dmesg.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/dmesg.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/dmesg.te	2009-11-17 11:06:58.000000000 -0500
 @@ -9,6 +9,7 @@
  type dmesg_t;
  type dmesg_exec_t;
@@ -178,9 +178,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +#mcelog needs
 +dev_read_raw_memory(dmesg_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.6.33/policy/modules/admin/firstboot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.7.1/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/firstboot.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/firstboot.te	2009-11-17 11:06:58.000000000 -0500
 @@ -91,8 +91,12 @@
  userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
  
@@ -203,18 +203,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.fc serefpolicy-3.6.33/policy/modules/admin/kismet.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.fc serefpolicy-3.7.1/policy/modules/admin/kismet.fc
 --- nsaserefpolicy/policy/modules/admin/kismet.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/kismet.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/kismet.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,3 +1,5 @@
 +HOME_DIR/\.kismet(/.*)?			gen_context(system_u:object_r:kismet_home_t,s0)
 +
  /usr/bin/kismet			--	gen_context(system_u:object_r:kismet_exec_t,s0)
  /var/lib/kismet(/.*)?			gen_context(system_u:object_r:kismet_var_lib_t,s0)
  /var/log/kismet(/.*)?			gen_context(system_u:object_r:kismet_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.33/policy/modules/admin/kismet.te
---- nsaserefpolicy/policy/modules/admin/kismet.te	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/kismet.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.7.1/policy/modules/admin/kismet.te
+--- nsaserefpolicy/policy/modules/admin/kismet.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/kismet.te	2009-11-17 11:06:58.000000000 -0500
 @@ -26,6 +26,9 @@
  type kismet_var_run_t;
  files_pid_file(kismet_var_run_t)
@@ -238,9 +238,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_search_debugfs(kismet_t)
  kernel_read_system_state(kismet_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.33/policy/modules/admin/logrotate.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.1/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/logrotate.te	2009-11-16 09:58:07.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/logrotate.te	2009-11-17 11:06:58.000000000 -0500
 @@ -32,7 +32,7 @@
  # Change ownership on log files.
  allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -298,18 +298,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	slrnpull_manage_spool(logrotate_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.6.33/policy/modules/admin/logwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.7.1/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/logwatch.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/logwatch.te	2009-11-17 11:06:58.000000000 -0500
 @@ -136,4 +136,5 @@
  
  optional_policy(`
  	samba_read_log(logwatch_t)
 +	samba_read_share_files(logwatch_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.33/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/mrtg.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.7.1/policy/modules/admin/mrtg.te
+--- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/mrtg.te	2009-11-17 11:06:58.000000000 -0500
 @@ -116,6 +116,7 @@
  userdom_use_user_terminals(mrtg_t)
  userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -318,9 +318,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  netutils_domtrans_ping(mrtg_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.33/policy/modules/admin/netutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.1/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/netutils.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/netutils.te	2009-11-17 11:06:58.000000000 -0500
 @@ -44,6 +44,7 @@
  allow netutils_t self:packet_socket create_socket_perms;
  allow netutils_t self:udp_socket create_socket_perms;
@@ -337,18 +337,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_use_user_terminals(netutils_t)
  userdom_use_all_users_fds(netutils_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.fc serefpolicy-3.6.33/policy/modules/admin/ntop.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.fc serefpolicy-3.7.1/policy/modules/admin/ntop.fc
 --- nsaserefpolicy/policy/modules/admin/ntop.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/admin/ntop.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/ntop.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,5 @@
 +/etc/rc\.d/init\.d/ntop	--	gen_context(system_u:object_r:ntop_initrc_exec_t,s0)
 +
 +/usr/sbin/ntop		--	gen_context(system_u:object_r:ntop_exec_t,s0)
 +
 +/var/lib/ntop(/.*)?		gen_context(system_u:object_r:ntop_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.if serefpolicy-3.6.33/policy/modules/admin/ntop.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.if serefpolicy-3.7.1/policy/modules/admin/ntop.if
 --- nsaserefpolicy/policy/modules/admin/ntop.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/admin/ntop.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/ntop.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,158 @@
 +
 +## <summary>policy for ntop</summary>
@@ -508,9 +508,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	ntop_manage_var_lib($1)
 +
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.te serefpolicy-3.6.33/policy/modules/admin/ntop.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.te serefpolicy-3.7.1/policy/modules/admin/ntop.te
 --- nsaserefpolicy/policy/modules/admin/ntop.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/admin/ntop.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/ntop.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,40 @@
 +policy_module(ntop,1.0.0)
 +
@@ -552,9 +552,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +miscfiles_read_localization(ntop_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage.te serefpolicy-3.6.33/policy/modules/admin/portage.te
---- nsaserefpolicy/policy/modules/admin/portage.te	2009-08-18 18:39:50.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/portage.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage.te serefpolicy-3.7.1/policy/modules/admin/portage.te
+--- nsaserefpolicy/policy/modules/admin/portage.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/portage.te	2009-11-17 11:06:58.000000000 -0500
 @@ -196,7 +196,7 @@
  # - for rsync and distfile fetching
  #
@@ -564,9 +564,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow portage_fetch_t self:process signal;
  allow portage_fetch_t self:unix_stream_socket create_socket_perms;
  allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.6.33/policy/modules/admin/prelink.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.7.1/policy/modules/admin/prelink.fc
+--- nsaserefpolicy/policy/modules/admin/prelink.fc	2009-07-23 14:11:04.000000000 -0400
++++ serefpolicy-3.7.1/policy/modules/admin/prelink.fc	2009-11-18 10:28:50.000000000 -0500
+@@ -1,3 +1,4 @@
++/etc/cron\.daily/prelink	--      gen_context(system_u:object_r:prelink_cron_system_exec_t,s0)
+ 
+ /etc/prelink\.cache		--	gen_context(system_u:object_r:prelink_cache_t,s0)
+ 
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.7.1/policy/modules/admin/prelink.if
 --- nsaserefpolicy/policy/modules/admin/prelink.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/prelink.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/prelink.if	2009-11-17 11:06:58.000000000 -0500
 @@ -151,11 +151,11 @@
  ##	</summary>
  ## </param>
@@ -581,10 +589,59 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	relabelfrom_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
 +	relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.33/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/prelink.te	2009-11-12 14:26:53.000000000 -0500
-@@ -80,6 +80,7 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.1/policy/modules/admin/prelink.te
+--- nsaserefpolicy/policy/modules/admin/prelink.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/prelink.te	2009-11-18 10:28:50.000000000 -0500
+@@ -21,8 +21,23 @@
+ type prelink_tmp_t;
+ files_tmp_file(prelink_tmp_t)
+ 
++type prelink_tmpfs_t;
++files_tmpfs_file(prelink_tmpfs_t)
++
+ type prelink_var_lib_t;
+-files_tmp_file(prelink_var_lib_t)
++files_type(prelink_var_lib_t)
++
++########################################
++#
++# Prelink Cron system Declarations
++#
++
++type prelink_cron_system_t;
++type prelink_cron_system_exec_t;
++domain_type(prelink_cron_system_t)
++domain_entry_file(prelink_cron_system_t, prelink_cron_system_exec_t)
++
++permissive prelink_cron_system_t;
+ 
+ ########################################
+ #
+@@ -35,7 +50,6 @@
+ 
+ allow prelink_t prelink_cache_t:file manage_file_perms;
+ files_etc_filetrans(prelink_t, prelink_cache_t, file)
+-files_var_lib_filetrans(prelink_t, prelink_cache_t, file)
+ 
+ allow prelink_t prelink_log_t:dir setattr;
+ create_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
+@@ -45,10 +59,14 @@
+ 
+ allow prelink_t prelink_tmp_t:file { manage_file_perms execute relabelfrom execmod };
+ files_tmp_filetrans(prelink_t, prelink_tmp_t, file)
+-fs_tmpfs_filetrans(prelink_t, prelink_tmp_t, file)
++
++allow prelink_t prelink_tmpfs_t:file { manage_file_perms execute relabelfrom execmod };
++fs_tmpfs_filetrans(prelink_t, prelink_tmpfs_t, file)
+ 
+ manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
+ manage_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
++relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
++files_var_lib_filetrans(prelink_t, prelink_var_lib_t, { dir file })
+ files_search_var_lib(prelink_t)
+ 
+ # prelink misc objects that are not system
+@@ -80,6 +98,7 @@
  selinux_get_enforce_mode(prelink_t)
  
  libs_exec_ld_so(prelink_t)
@@ -592,7 +649,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  libs_manage_ld_so(prelink_t)
  libs_relabel_ld_so(prelink_t)
  libs_manage_shared_libs(prelink_t)
-@@ -89,6 +90,7 @@
+@@ -89,6 +108,7 @@
  miscfiles_read_localization(prelink_t)
  
  userdom_use_user_terminals(prelink_t)
@@ -600,7 +657,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	amanda_manage_lib(prelink_t)
-@@ -99,5 +101,9 @@
+@@ -99,5 +119,53 @@
  ')
  
  optional_policy(`
@@ -610,9 +667,53 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	unconfined_domain(prelink_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.33/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/readahead.te	2009-11-12 14:26:53.000000000 -0500
++
++########################################
++#
++# Prelink Cron system Policy
++#
++
++allow prelink_cron_system_t self:capability setuid;
++allow prelink_cron_system_t self:process setsched;
++allow prelink_cron_system_t self:fifo_file rw_fifo_file_perms;
++allow prelink_cron_system_t self:unix_dgram_socket { write bind create setopt };
++
++domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
++
++read_files_pattern(prelink_cron_system_t, prelink_cache_t, prelink_cache_t)
++
++# This sucks: can it not just append?
++rw_files_pattern(prelink_cron_system_t, prelink_log_t, prelink_log_t)
++
++write_files_pattern(prelink_cron_system_t, prelink_var_lib_t, prelink_var_lib_t)
++
++corecmd_exec_bin(prelink_cron_system_t)
++corecmd_exec_shell(prelink_cron_system_t)
++
++files_read_etc_files(prelink_cron_system_t)
++
++files_search_var_lib(prelink_cron_system_t)
++files_search_var_log(prelink_cron_system_t)
++
++init_chat(prelink_cron_system_t)
++init_exec(prelink_cron_system_t)
++
++kernel_read_system_state(prelink_cron_system_t)
++
++libs_exec_ld_so(prelink_cron_system_t)
++
++miscfiles_read_localization(prelink_cron_system_t)
++
++optional_policy(`
++	cron_system_entry(prelink_cron_system_t, prelink_cron_system_exec_t)
++')
++
++optional_policy(`
++	rpm_read_db(prelink_cron_system_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.1/policy/modules/admin/readahead.te
+--- nsaserefpolicy/policy/modules/admin/readahead.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/readahead.te	2009-11-17 11:06:58.000000000 -0500
 @@ -52,6 +52,7 @@
  
  files_list_non_security(readahead_t)
@@ -621,9 +722,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_create_boot_flag(readahead_t)
  files_getattr_all_pipes(readahead_t)
  files_dontaudit_getattr_all_sockets(readahead_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.33/policy/modules/admin/rpm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.7.1/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/rpm.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/rpm.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,18 +1,18 @@
  
  /bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -673,9 +774,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # SuSE
  ifdef(`distro_suse', `
  /usr/bin/online_update		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.33/policy/modules/admin/rpm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.1/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/rpm.if	2009-11-16 09:56:52.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/rpm.if	2009-11-18 16:19:24.000000000 -0500
 @@ -13,11 +13,34 @@
  interface(`rpm_domtrans',`
  	gen_require(`
@@ -723,7 +824,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_run_loadpolicy(rpm_script_t, $2)
  	seutil_run_semanage(rpm_script_t, $2)
  	seutil_run_setfiles(rpm_script_t, $2)
-@@ -146,6 +174,40 @@
+@@ -146,6 +174,41 @@
  
  ########################################
  ## <summary>
@@ -757,6 +858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	dontaudit $1 rpm_tmp_t:file rw_file_perms;
 + 	dontaudit $1 rpm_tmpfs_t:dir rw_dir_perms;
 + 	dontaudit $1 rpm_tmpfs_t:file write_file_perms;
++	dontaudit $1 rpm_script_tmp_t:file write_file_perms;
 +')
 +
 +########################################
@@ -764,7 +866,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Send and receive messages from
  ##	rpm over dbus.
  ## </summary>
-@@ -167,6 +229,68 @@
+@@ -167,6 +230,68 @@
  
  ########################################
  ## <summary>
@@ -833,7 +935,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Create, read, write, and delete the RPM log.
  ## </summary>
  ## <param name="domain">
-@@ -186,6 +310,24 @@
+@@ -186,6 +311,24 @@
  
  ########################################
  ## <summary>
@@ -858,7 +960,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Inherit and use file descriptors from RPM scripts.
  ## </summary>
  ## <param name="domain">
-@@ -219,7 +361,51 @@
+@@ -219,7 +362,51 @@
  	')
  
  	files_search_tmp($1)
@@ -910,7 +1012,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -241,6 +427,25 @@
+@@ -241,6 +428,25 @@
  	allow $1 rpm_var_lib_t:dir list_dir_perms;
  	read_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
  	read_lnk_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
@@ -936,7 +1038,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -265,6 +470,48 @@
+@@ -265,6 +471,48 @@
  
  ########################################
  ## <summary>
@@ -985,7 +1087,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Do not audit attempts to create, read, 
  ##	write, and delete the RPM package database.
  ## </summary>
-@@ -283,3 +530,99 @@
+@@ -283,3 +531,99 @@
  	dontaudit $1 rpm_var_lib_t:file manage_file_perms;
  	dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
  ')
@@ -1085,9 +1187,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 rpm_t:process signull;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.33/policy/modules/admin/rpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.7.1/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/rpm.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/rpm.te	2009-11-17 11:06:58.000000000 -0500
 @@ -15,6 +15,9 @@
  domain_interactive_fd(rpm_t)
  role system_r types rpm_t;
@@ -1362,9 +1464,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	optional_policy(`
  		java_domtrans_unconfined(rpm_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.6.33/policy/modules/admin/shorewall.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.7.1/policy/modules/admin/shorewall.fc
 --- nsaserefpolicy/policy/modules/admin/shorewall.fc	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/shorewall.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/shorewall.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -4,8 +4,9 @@
  /etc/shorewall(/.*)?				gen_context(system_u:object_r:shorewall_etc_t,s0)
  /etc/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_etc_t,s0)
@@ -1376,9 +1478,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/shorewall(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 +/var/lib/shorewall6(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
  /var/lib/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.6.33/policy/modules/admin/shorewall.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.7.1/policy/modules/admin/shorewall.if
 --- nsaserefpolicy/policy/modules/admin/shorewall.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/shorewall.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/shorewall.if	2009-11-17 11:06:58.000000000 -0500
 @@ -75,6 +75,46 @@
  	rw_files_pattern($1, shorewall_var_run_t, shorewall_var_run_t)
  ')
@@ -1426,9 +1528,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #######################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.6.33/policy/modules/admin/shorewall.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.1/policy/modules/admin/shorewall.te
 --- nsaserefpolicy/policy/modules/admin/shorewall.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/shorewall.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/shorewall.te	2009-11-17 11:06:58.000000000 -0500
 @@ -80,6 +80,8 @@
  
  sysnet_domtrans_ifconfig(shorewall_t)
@@ -1438,22 +1540,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	iptables_domtrans(shorewall_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.fc serefpolicy-3.6.33/policy/modules/admin/smoltclient.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.fc serefpolicy-3.7.1/policy/modules/admin/smoltclient.fc
 --- nsaserefpolicy/policy/modules/admin/smoltclient.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/admin/smoltclient.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/smoltclient.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,4 @@
 +
 +/usr/share/smolt/client/sendProfile.py	--	gen_context(system_u:object_r:smoltclient_exec_t,s0)	
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.if serefpolicy-3.6.33/policy/modules/admin/smoltclient.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.if serefpolicy-3.7.1/policy/modules/admin/smoltclient.if
 --- nsaserefpolicy/policy/modules/admin/smoltclient.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/admin/smoltclient.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/smoltclient.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1 @@
 +## <summary>The Fedora hardware profiler client</summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.6.33/policy/modules/admin/smoltclient.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.7.1/policy/modules/admin/smoltclient.te
 --- nsaserefpolicy/policy/modules/admin/smoltclient.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/admin/smoltclient.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/smoltclient.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,66 @@
 +policy_module(smoltclient,1.0.0)
 +
@@ -1521,9 +1623,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +permissive smoltclient_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.33/policy/modules/admin/sudo.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.7.1/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/sudo.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/sudo.if	2009-11-17 11:06:58.000000000 -0500
 @@ -66,8 +66,8 @@
  	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
  	allow $1_sudo_t self:unix_dgram_socket sendto;
@@ -1568,9 +1670,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.33/policy/modules/admin/tmpreaper.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.7.1/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/tmpreaper.te	2009-11-16 09:57:08.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/tmpreaper.te	2009-11-17 11:06:58.000000000 -0500
 @@ -42,6 +42,7 @@
  cron_system_entry(tmpreaper_t, tmpreaper_exec_t)
  
@@ -1600,9 +1702,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	unconfined_domain(tmpreaper_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.6.33/policy/modules/admin/tzdata.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.7.1/policy/modules/admin/tzdata.te
 --- nsaserefpolicy/policy/modules/admin/tzdata.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/tzdata.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/tzdata.te	2009-11-17 11:06:58.000000000 -0500
 @@ -19,6 +19,8 @@
  files_read_etc_files(tzdata_t)
  files_search_spool(tzdata_t)
@@ -1612,9 +1714,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  term_dontaudit_list_ptys(tzdata_t)
  
  locallogin_dontaudit_use_fds(tzdata_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.33/policy/modules/admin/usermanage.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.7.1/policy/modules/admin/usermanage.if
 --- nsaserefpolicy/policy/modules/admin/usermanage.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/usermanage.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/usermanage.if	2009-11-17 11:06:58.000000000 -0500
 @@ -113,6 +113,12 @@
  	files_search_usr($1)
  	corecmd_search_bin($1)
@@ -1640,9 +1742,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	optional_policy(`
  		nscd_run(useradd_t, $2)
  	')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.33/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/admin/usermanage.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.7.1/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/usermanage.te	2009-11-17 11:06:58.000000000 -0500
 @@ -82,6 +82,7 @@
  selinux_compute_relabel_context(chfn_t)
  selinux_compute_user_contexts(chfn_t)
@@ -1764,9 +1866,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	puppet_rw_tmp(useradd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.6.33/policy/modules/admin/vbetool.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.1/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/vbetool.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/vbetool.te	2009-11-17 11:06:58.000000000 -0500
 @@ -15,15 +15,20 @@
  # Local policy
  #
@@ -1799,9 +1901,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xserver_exec_pid(vbetool_t)
 +	xserver_write_pid(vbetool_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.6.33/policy/modules/admin/vpn.te
---- nsaserefpolicy/policy/modules/admin/vpn.te	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/admin/vpn.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.7.1/policy/modules/admin/vpn.te
+--- nsaserefpolicy/policy/modules/admin/vpn.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/admin/vpn.te	2009-11-17 11:06:58.000000000 -0500
 @@ -46,6 +46,7 @@
  kernel_read_system_state(vpnc_t)
  kernel_read_network_state(vpnc_t)
@@ -1818,9 +1920,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  seutil_dontaudit_search_config(vpnc_t)
  seutil_use_newrole_fds(vpnc_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/calamaris.te serefpolicy-3.6.33/policy/modules/apps/calamaris.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/calamaris.te serefpolicy-3.7.1/policy/modules/apps/calamaris.te
 --- nsaserefpolicy/policy/modules/apps/calamaris.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/calamaris.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/calamaris.te	2009-11-17 11:06:58.000000000 -0500
 @@ -59,12 +59,12 @@
  
  libs_read_lib_files(calamaris_t)
@@ -1843,15 +1945,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -optional_policy(`
 -	nis_use_ypbind(calamaris_t)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.6.33/policy/modules/apps/chrome.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.7.1/policy/modules/apps/chrome.fc
 --- nsaserefpolicy/policy/modules/apps/chrome.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/chrome.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/chrome.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/usr/lib(64)?/chromium-browser/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.6.33/policy/modules/apps/chrome.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.7.1/policy/modules/apps/chrome.if
 --- nsaserefpolicy/policy/modules/apps/chrome.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/chrome.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/chrome.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,85 @@
 +
 +## <summary>policy for chrome</summary>
@@ -1938,10 +2040,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $2 chrome_sandbox_tmpfs_t:file rw_file_perms;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.6.33/policy/modules/apps/chrome.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.1/policy/modules/apps/chrome.te
 --- nsaserefpolicy/policy/modules/apps/chrome.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/chrome.te	2009-11-12 14:26:53.000000000 -0500
-@@ -0,0 +1,72 @@
++++ serefpolicy-3.7.1/policy/modules/apps/chrome.te	2009-11-18 07:50:28.000000000 -0500
+@@ -0,0 +1,74 @@
 +policy_module(chrome,1.0.0)
 +
 +########################################
@@ -1992,6 +2094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_rw_user_tmpfs_files(chrome_sandbox_t)
 +userdom_use_user_ptys(chrome_sandbox_t)
 +userdom_write_inherited_user_tmp_files(chrome_sandbox_t)
++userdom_dontaudit_use_user_terminals(chrome_sandbox_t)
 +
 +miscfiles_read_localization(chrome_sandbox_t)
 +miscfiles_read_fonts(chrome_sandbox_t)
@@ -2007,6 +2110,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +tunable_policy(`use_nfs_home_dirs',`
 +	fs_dontaudit_append_nfs_files(chrome_sandbox_t)
 +	fs_dontaudit_read_nfs_files(chrome_sandbox_t)
++	fs_dontaudit_read_nfs_symlinks(chrome_sandbox_t)
 +')
 +
 +tunable_policy(`use_samba_home_dirs',`
@@ -2014,9 +2118,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	fs_dontaudit_read_cifs_files(chrome_sandbox_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.6.33/policy/modules/apps/cpufreqselector.te
---- nsaserefpolicy/policy/modules/apps/cpufreqselector.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/cpufreqselector.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.7.1/policy/modules/apps/cpufreqselector.te
+--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/cpufreqselector.te	2009-11-17 11:06:58.000000000 -0500
 @@ -26,7 +26,7 @@
  dev_rw_sysfs(cpufreqselector_t)
  
@@ -2026,9 +2130,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.6.33/policy/modules/apps/execmem.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.7.1/policy/modules/apps/execmem.fc
 --- nsaserefpolicy/policy/modules/apps/execmem.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/execmem.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/execmem.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,40 @@
 +/usr/bin/aticonfig	--	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/bin/darcs 		--	gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -2070,10 +2174,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/opt/likewise/bin/domainjoin-cli -- gen_context(system_u:object_r:execmem_exec_t,s0)
 +
 +/opt/google/chrome/chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.6.33/policy/modules/apps/execmem.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.7.1/policy/modules/apps/execmem.if
 --- nsaserefpolicy/policy/modules/apps/execmem.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/execmem.if	2009-11-12 14:41:22.000000000 -0500
-@@ -0,0 +1,102 @@
++++ serefpolicy-3.7.1/policy/modules/apps/execmem.if	2009-11-17 11:06:58.000000000 -0500
+@@ -0,0 +1,104 @@
 +## <summary>execmem domain</summary>
 +
 +########################################
@@ -2137,8 +2241,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1_execmem_t self:process { execmem execstack };
 +	allow $3 $1_execmem_t:process { getattr ptrace noatsecure signal_perms };
-+	mozilla_execmod_user_home_files($1_execmem_t)
-+
 +	domtrans_pattern($3, execmem_exec_t, $1_execmem_t)
 +
 +	files_execmod_tmp($1_execmem_t)
@@ -2148,6 +2250,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +
 +	optional_policy(`
++		mozilla_execmod_user_home_files($1_execmem_t)
++	')
++
++	optional_policy(`
 +		xserver_common_app($1_execmem_t)
 +		xserver_role($2, $1_execmem_t)
 +	')
@@ -2176,9 +2282,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	domtrans_pattern($1, execmem_exec_t, $2)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.6.33/policy/modules/apps/execmem.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.7.1/policy/modules/apps/execmem.te
 --- nsaserefpolicy/policy/modules/apps/execmem.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/execmem.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/execmem.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,11 @@
 +
 +policy_module(execmem, 1.0.0)
@@ -2191,23 +2297,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type execmem_exec_t alias unconfined_execmem_exec_t;
 +application_executable_file(execmem_exec_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.6.33/policy/modules/apps/firewallgui.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.7.1/policy/modules/apps/firewallgui.fc
 --- nsaserefpolicy/policy/modules/apps/firewallgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/firewallgui.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/firewallgui.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,3 @@
 +
 +/usr/share/system-config-firewall/system-config-firewall-mechanism.py	--	gen_context(system_u:object_r:firewallgui_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.6.33/policy/modules/apps/firewallgui.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.7.1/policy/modules/apps/firewallgui.if
 --- nsaserefpolicy/policy/modules/apps/firewallgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/firewallgui.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/firewallgui.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,3 @@
 +
 +## <summary>policy for firewallgui</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.6.33/policy/modules/apps/firewallgui.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.7.1/policy/modules/apps/firewallgui.te
 --- nsaserefpolicy/policy/modules/apps/firewallgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/firewallgui.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/firewallgui.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,64 @@
 +
 +policy_module(firewallgui,1.0.0)
@@ -2273,9 +2379,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        policykit_dbus_chat(firewallgui_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.33/policy/modules/apps/gitosis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.7.1/policy/modules/apps/gitosis.if
 --- nsaserefpolicy/policy/modules/apps/gitosis.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/gitosis.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/gitosis.if	2009-11-17 11:06:58.000000000 -0500
 @@ -43,3 +43,48 @@
  	role $2 types gitosis_t;
  ')
@@ -2325,9 +2431,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +	manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.33/policy/modules/apps/gnome.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.7.1/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/gnome.fc	2009-11-12 14:29:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/gnome.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,8 +1,18 @@
 -HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:gnome_home_t,s0)
 +HOME_DIR/\.cache(/.*)?		gen_context(system_u:object_r:cache_home_t,s0)
@@ -2349,9 +2455,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/libexec/gconf-defaults-mechanism	    	--      gen_context(system_u:object_r:gconfdefaultsm_exec_t,s0)
 +
 +/usr/libexec/gnome-system-monitor-mechanism 	--      gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.6.33/policy/modules/apps/gnome.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.7.1/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/gnome.if	2009-11-12 14:33:12.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/gnome.if	2009-11-17 11:06:58.000000000 -0500
 @@ -84,10 +84,180 @@
  #
  interface(`gnome_manage_config',`
@@ -2536,9 +2642,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	# Connect to pulseaudit server
 +	stream_connect_pattern($1, gnome_home_type, gnome_home_type, $2)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.33/policy/modules/apps/gnome.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.1/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/gnome.te	2009-11-12 14:32:22.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/gnome.te	2009-11-17 11:06:58.000000000 -0500
 @@ -7,18 +7,30 @@
  #
  
@@ -2680,9 +2786,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        policykit_read_lib(gnomesystemmm_t)
 +        policykit_read_reload(gnomesystemmm_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.33/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/gpg.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.1/policy/modules/apps/gpg.te
+--- nsaserefpolicy/policy/modules/apps/gpg.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/gpg.te	2009-11-17 11:06:58.000000000 -0500
 @@ -104,12 +104,19 @@
  
  auth_use_nsswitch(gpg_t)
@@ -2727,10 +2833,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xserver_common_app(gpg_pinentry_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.6.33/policy/modules/apps/java.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.7.1/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/java.fc	2009-11-12 14:26:53.000000000 -0500
-@@ -2,15 +2,16 @@
++++ serefpolicy-3.7.1/policy/modules/apps/java.fc	2009-11-18 10:21:24.000000000 -0500
+@@ -2,15 +2,17 @@
  # /opt
  #
  /opt/(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
@@ -2744,13 +2850,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  # /usr
  #
++/usr/Aptana[^/]*/AptanaStudio	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/(.*/)?bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/lib(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
 +/usr/lib/eclipse/eclipse --	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/frysk		--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/gappletviewer	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/gcj-dbtool	--	gen_context(system_u:object_r:java_exec_t,s0)
-@@ -20,5 +21,12 @@
+@@ -20,5 +22,14 @@
  /usr/bin/grmic		--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/grmiregistry	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/jv-convert	--	gen_context(system_u:object_r:java_exec_t,s0)
@@ -2765,9 +2872,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/bin/octave-[^/]*  	--	gen_context(system_u:object_r:java_exec_t,s0)
 +/usr/lib/opera(/.*)?/opera	--	gen_context(system_u:object_r:java_exec_t,s0)
 +/usr/lib/opera(/.*)?/works	--	gen_context(system_u:object_r:java_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.33/policy/modules/apps/java.if
++
++/opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins(/.*)?	--	gen_context(system_u:object_r:java_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.7.1/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/java.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/java.if	2009-11-17 11:06:58.000000000 -0500
 @@ -30,6 +30,7 @@
  
  	allow java_t $2:unix_stream_socket connectto;
@@ -2911,9 +3020,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		xserver_role($1_r, $1_java_t)
 +	')
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.33/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/java.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.1/policy/modules/apps/java.te
+--- nsaserefpolicy/policy/modules/apps/java.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/java.te	2009-11-17 11:06:58.000000000 -0500
 @@ -20,6 +20,8 @@
  typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
  typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
@@ -2963,21 +3072,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	unconfined_domain_noaudit(unconfined_java_t)
 -	unconfined_dbus_chat(unconfined_java_t)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.6.33/policy/modules/apps/kdumpgui.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.7.1/policy/modules/apps/kdumpgui.fc
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/kdumpgui.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/kdumpgui.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/usr/share/system-config-kdump/system-config-kdump-backend.py -- gen_context(system_u:object_r:kdumpgui_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.6.33/policy/modules/apps/kdumpgui.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.7.1/policy/modules/apps/kdumpgui.if
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/kdumpgui.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/kdumpgui.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,2 @@
 +## <summary>system-config-kdump policy</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.6.33/policy/modules/apps/kdumpgui.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.7.1/policy/modules/apps/kdumpgui.te
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/kdumpgui.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/kdumpgui.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,65 @@
 +policy_module(kdumpgui,1.0.0)
 +
@@ -3044,15 +3153,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +permissive kdumpgui_t;
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.6.33/policy/modules/apps/livecd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.7.1/policy/modules/apps/livecd.fc
 --- nsaserefpolicy/policy/modules/apps/livecd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/livecd.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/livecd.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.6.33/policy/modules/apps/livecd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.7.1/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/livecd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/livecd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,52 @@
 +
 +## <summary>policy for livecd</summary>
@@ -3106,9 +3215,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	usermanage_run_chfn(livecd_t, $2)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.6.33/policy/modules/apps/livecd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.7.1/policy/modules/apps/livecd.te
 --- nsaserefpolicy/policy/modules/apps/livecd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/livecd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/livecd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,27 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -3137,9 +3246,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +seutil_domtrans_setfiles_mac(livecd_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.6.33/policy/modules/apps/loadkeys.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.7.1/policy/modules/apps/loadkeys.te
 --- nsaserefpolicy/policy/modules/apps/loadkeys.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/loadkeys.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/loadkeys.te	2009-11-17 11:06:58.000000000 -0500
 @@ -40,8 +40,12 @@
  miscfiles_read_localization(loadkeys_t)
  
@@ -3154,15 +3263,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +ifdef(`hide_broken_symptoms',`
 +	dev_dontaudit_rw_lvm_control_dev(loadkeys_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.fc serefpolicy-3.6.33/policy/modules/apps/mono.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.fc serefpolicy-3.7.1/policy/modules/apps/mono.fc
 --- nsaserefpolicy/policy/modules/apps/mono.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/mono.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/mono.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1 +1 @@
 -/usr/bin/mono	--	gen_context(system_u:object_r:mono_exec_t,s0)
 +/usr/bin/mono.*	--	gen_context(system_u:object_r:mono_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.33/policy/modules/apps/mono.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.7.1/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/mono.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/mono.if	2009-11-17 11:06:58.000000000 -0500
 @@ -21,6 +21,105 @@
  
  ########################################
@@ -3278,9 +3387,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	corecmd_search_bin($1)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.6.33/policy/modules/apps/mono.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.7.1/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/mono.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/mono.te	2009-11-17 11:06:58.000000000 -0500
 @@ -15,7 +15,7 @@
  # Local policy
  #
@@ -3304,9 +3413,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	xserver_rw_shm(mono_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.6.33/policy/modules/apps/mozilla.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.7.1/policy/modules/apps/mozilla.fc
 --- nsaserefpolicy/policy/modules/apps/mozilla.fc	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/mozilla.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/mozilla.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,6 +1,7 @@
  HOME_DIR/\.galeon(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
  HOME_DIR/\.java(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
@@ -3315,9 +3424,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  HOME_DIR/\.netscape(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
  HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.33/policy/modules/apps/mozilla.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.7.1/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/mozilla.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/mozilla.if	2009-11-17 11:06:58.000000000 -0500
 @@ -45,6 +45,18 @@
  	relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
  	relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
@@ -3407,9 +3516,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Run mozilla in the mozilla domain.
  ## </summary>
  ## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.33/policy/modules/apps/mozilla.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.7.1/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/mozilla.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/mozilla.te	2009-11-17 11:06:58.000000000 -0500
 @@ -59,6 +59,7 @@
  manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
  manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
@@ -3487,9 +3596,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	thunderbird_domtrans(mozilla_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.6.33/policy/modules/apps/nsplugin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.7.1/policy/modules/apps/nsplugin.fc
 --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/nsplugin.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/nsplugin.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,11 @@
 +HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
 +HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -3502,9 +3611,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
 +/usr/lib(64)?/nspluginwrapper/plugin-config	--	gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.33/policy/modules/apps/nsplugin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.7.1/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/nsplugin.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/nsplugin.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,323 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -3829,9 +3938,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 nsplugin_home_t:fifo_file rw_fifo_file_perms; 
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.6.33/policy/modules/apps/nsplugin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.7.1/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/nsplugin.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/nsplugin.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,295 @@
 +
 +policy_module(nsplugin, 1.0.0)
@@ -4128,16 +4237,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.6.33/policy/modules/apps/openoffice.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.7.1/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/openoffice.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/openoffice.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,3 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.33/policy/modules/apps/openoffice.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.1/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/openoffice.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/openoffice.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,93 @@
 +## <summary>Openoffice</summary>
 +
@@ -4232,9 +4341,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		xserver_common_x_domain_template($1, $1_openoffice_t)
 +	')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.33/policy/modules/apps/openoffice.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.1/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/openoffice.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/openoffice.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,11 @@
 +
 +policy_module(openoffice, 1.0.0)
@@ -4247,9 +4356,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type openoffice_t;
 +type openoffice_exec_t;
 +application_domain(openoffice_t, openoffice_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.33/policy/modules/apps/podsleuth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.1/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/podsleuth.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/podsleuth.te	2009-11-17 11:06:58.000000000 -0500
 @@ -71,6 +71,8 @@
  
  sysnet_dns_name_resolve(podsleuth_t)
@@ -4259,9 +4368,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	dbus_system_bus_client(podsleuth_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.33/policy/modules/apps/pulseaudio.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.1/policy/modules/apps/pulseaudio.if
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/pulseaudio.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/pulseaudio.if	2009-11-17 11:06:58.000000000 -0500
 @@ -40,7 +40,7 @@
  	userdom_manage_tmpfs_role($1, pulseaudio_t)
  
@@ -4271,9 +4380,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.33/policy/modules/apps/pulseaudio.te
---- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/pulseaudio.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.1/policy/modules/apps/pulseaudio.te
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/pulseaudio.te	2009-11-17 11:06:58.000000000 -0500
 @@ -26,6 +26,7 @@
  
  can_exec(pulseaudio_t, pulseaudio_exec_t)
@@ -4317,17 +4426,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xserver_read_xdm_lib_files(pulseaudio_t)
 +	xserver_common_app(pulseaudio_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.33/policy/modules/apps/qemu.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.7.1/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/qemu.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/qemu.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,2 +1,2 @@
 -/usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 -/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/bin/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/libexec/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.33/policy/modules/apps/qemu.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.7.1/policy/modules/apps/qemu.if
 --- nsaserefpolicy/policy/modules/apps/qemu.if	2009-08-31 13:44:40.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/qemu.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/qemu.if	2009-11-17 11:06:58.000000000 -0500
 @@ -40,6 +40,10 @@
  
  	qemu_domtrans($1)
@@ -4528,9 +4637,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.33/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/qemu.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.7.1/policy/modules/apps/qemu.te
+--- nsaserefpolicy/policy/modules/apps/qemu.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/qemu.te	2009-11-17 11:06:58.000000000 -0500
 @@ -13,15 +13,46 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
@@ -4638,20 +4747,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role unconfined_r types qemu_unconfined_t;
  	allow qemu_unconfined_t self:process { execstack execmem };
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.6.33/policy/modules/apps/sambagui.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.7.1/policy/modules/apps/sambagui.fc
 --- nsaserefpolicy/policy/modules/apps/sambagui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sambagui.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sambagui.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1 @@
 +/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.6.33/policy/modules/apps/sambagui.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.7.1/policy/modules/apps/sambagui.if
 --- nsaserefpolicy/policy/modules/apps/sambagui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sambagui.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sambagui.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,2 @@
 +## <summary>system-config-samba policy</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.33/policy/modules/apps/sambagui.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.7.1/policy/modules/apps/sambagui.te
 --- nsaserefpolicy/policy/modules/apps/sambagui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sambagui.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sambagui.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,59 @@
 +policy_module(sambagui,1.0.0)
 +
@@ -4712,15 +4821,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	policykit_dbus_chat(sambagui_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.6.33/policy/modules/apps/sandbox.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.7.1/policy/modules/apps/sandbox.fc
 --- nsaserefpolicy/policy/modules/apps/sandbox.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sandbox.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sandbox.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1 @@
 +# No types are sandbox_exec_t
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.6.33/policy/modules/apps/sandbox.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.1/policy/modules/apps/sandbox.if
 --- nsaserefpolicy/policy/modules/apps/sandbox.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sandbox.if	2009-11-12 14:26:53.000000000 -0500
-@@ -0,0 +1,184 @@
++++ serefpolicy-3.7.1/policy/modules/apps/sandbox.if	2009-11-18 16:21:19.000000000 -0500
+@@ -0,0 +1,187 @@
 +
 +## <summary>policy for sandbox</summary>
 +
@@ -4760,6 +4869,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role $2 types sandbox_x_domain;
 +	role $2 types sandbox_xserver_t;
 +	allow $1 sandbox_xserver_t:process signal_perms;
++	dontaudit sandbox_xserver_t $1:fifo_file rw_fifo_file_perms;
++	dontaudit sandbox_xserver_t $1:tcp_socket rw_socket_perms;
++	dontaudit sandbox_xserver_t $1:udp_socket rw_socket_perms;
 +
 +	allow sandbox_x_domain $1:process { sigchld signal };
 +	allow sandbox_x_domain sandbox_x_domain:process signal;
@@ -4905,9 +5017,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 sandbox_xserver_tmpfs_t:file rw_file_perms;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.33/policy/modules/apps/sandbox.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.1/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sandbox.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sandbox.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,331 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
@@ -5240,9 +5352,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	hal_dbus_chat(sandbox_net_client_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.33/policy/modules/apps/screen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.7.1/policy/modules/apps/screen.if
 --- nsaserefpolicy/policy/modules/apps/screen.if	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/screen.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/screen.if	2009-11-17 11:06:58.000000000 -0500
 @@ -80,6 +80,11 @@
  	relabel_files_pattern($3, screen_home_t, screen_home_t)
  	relabel_lnk_files_pattern($3, screen_home_t, screen_home_t)
@@ -5255,9 +5367,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_read_system_state($1_screen_t)
  	kernel_read_kernel_sysctls($1_screen_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.fc serefpolicy-3.6.33/policy/modules/apps/sectoolm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.fc serefpolicy-3.7.1/policy/modules/apps/sectoolm.fc
 --- nsaserefpolicy/policy/modules/apps/sectoolm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sectoolm.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sectoolm.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,6 @@
 +
 +/usr/libexec/sectool-mechanism\.py	--	gen_context(system_u:object_r:sectoolm_exec_t,s0)
@@ -5265,16 +5377,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/sectool(/.*)?				gen_context(system_u:object_r:sectool_var_lib_t,s0)
 +
 +/var/log/sectool\.log			--	gen_context(system_u:object_r:sectool_var_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.if serefpolicy-3.6.33/policy/modules/apps/sectoolm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.if serefpolicy-3.7.1/policy/modules/apps/sectoolm.if
 --- nsaserefpolicy/policy/modules/apps/sectoolm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sectoolm.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sectoolm.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,3 @@
 +
 +## <summary>policy for sectool-mechanism</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.te serefpolicy-3.6.33/policy/modules/apps/sectoolm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.te serefpolicy-3.7.1/policy/modules/apps/sectoolm.te
 --- nsaserefpolicy/policy/modules/apps/sectoolm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/sectoolm.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/sectoolm.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,120 @@
 +
 +policy_module(sectoolm,1.0.0)
@@ -5396,9 +5508,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.6.33/policy/modules/apps/seunshare.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.1/policy/modules/apps/seunshare.if
 --- nsaserefpolicy/policy/modules/apps/seunshare.if	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/seunshare.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/seunshare.if	2009-11-17 11:06:58.000000000 -0500
 @@ -41,6 +41,16 @@
  
  	seunshare_domtrans($1)
@@ -5416,9 +5528,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.6.33/policy/modules/apps/seunshare.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.1/policy/modules/apps/seunshare.te
 --- nsaserefpolicy/policy/modules/apps/seunshare.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/apps/seunshare.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/seunshare.te	2009-11-17 11:06:58.000000000 -0500
 @@ -15,9 +15,8 @@
  #
  # seunshare local policy
@@ -5447,9 +5559,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		mozilla_dontaudit_manage_user_home_files(seunshare_t)
 +	')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.33/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/vmware.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.1/policy/modules/apps/vmware.te
+--- nsaserefpolicy/policy/modules/apps/vmware.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/vmware.te	2009-11-17 11:06:58.000000000 -0500
 @@ -157,6 +157,7 @@
  optional_policy(`
  	xserver_read_tmp_files(vmware_host_t)
@@ -5458,9 +5570,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ifdef(`TODO',`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.6.33/policy/modules/apps/wine.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.7.1/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/wine.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/wine.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,4 +1,22 @@
 -/usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
 +/usr/bin/wine.*			--	gen_context(system_u:object_r:wine_exec_t,s0)
@@ -5487,9 +5599,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -/opt/cxoffice/bin/wine		--	gen_context(system_u:object_r:wine_exec_t,s0)
 -/opt/picasa/wine/bin/wine	--	gen_context(system_u:object_r:wine_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.6.33/policy/modules/apps/wine.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.1/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/wine.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/wine.if	2009-11-17 11:06:58.000000000 -0500
 @@ -43,3 +43,118 @@
  	wine_domtrans($1)
  	role $2 types wine_t;
@@ -5609,9 +5721,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		xserver_role($1_r, $1_wine_t)
 +	')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.33/policy/modules/apps/wine.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.7.1/policy/modules/apps/wine.te
 --- nsaserefpolicy/policy/modules/apps/wine.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/apps/wine.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/apps/wine.te	2009-11-17 11:06:58.000000000 -0500
 @@ -9,20 +9,46 @@
  type wine_t;
  type wine_exec_t;
@@ -5663,10 +5775,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        xserver_common_app(wine_t)
 +	xserver_rw_shm(wine_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.33/policy/modules/kernel/corecommands.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.1/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-07-30 13:09:10.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/corecommands.fc	2009-11-12 15:56:19.000000000 -0500
-@@ -54,6 +53,7 @@
++++ serefpolicy-3.7.1/policy/modules/kernel/corecommands.fc	2009-11-17 11:06:58.000000000 -0500
+@@ -54,6 +54,7 @@
  /etc/cron.weekly/.*		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/cron.monthly/.*		--	gen_context(system_u:object_r:bin_t,s0)
  
@@ -5674,7 +5786,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
-@@ -125,6 +125,7 @@
+@@ -125,6 +126,7 @@
  /sbin/.*				gen_context(system_u:object_r:bin_t,s0)
  /sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:bin_t,s0)
  /sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:bin_t,s0)
@@ -5682,7 +5794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  #
  # /opt
-@@ -135,13 +136,15 @@
+@@ -135,13 +137,15 @@
  
  /opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  
@@ -5699,7 +5811,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  # /usr
  #
-@@ -211,6 +214,8 @@
+@@ -211,6 +215,8 @@
  /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)
@@ -5708,7 +5820,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -221,6 +226,9 @@
+@@ -221,6 +227,9 @@
  /usr/share/PackageKit/pk-upgrade-distro\.sh -- 	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/PackageKit/helpers(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
@@ -5718,7 +5830,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/share/shorewall/configpath	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/shorewall-perl(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/shorewall-shell(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-@@ -263,6 +271,7 @@
+@@ -263,6 +272,7 @@
  /usr/share/ssl/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
@@ -5726,7 +5838,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-httpd/system-config-httpd -- gen_context(system_u:object_r:bin_t,s0)
-@@ -315,3 +324,21 @@
+@@ -315,3 +325,21 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -5748,9 +5860,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)
 +
 +/usr/lib(64)?/gimp/.*/plug-ins(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.33/policy/modules/kernel/corecommands.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.1/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/corecommands.if	2009-11-12 14:36:41.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/corecommands.if	2009-11-17 11:06:58.000000000 -0500
 @@ -893,6 +893,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -5793,9 +5905,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	manage_files_pattern($1, bin_t, exec_type)
  	manage_lnk_files_pattern($1, bin_t, bin_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.33/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/kernel/corenetwork.te.in	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.1/policy/modules/kernel/corenetwork.te.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/corenetwork.te.in	2009-11-17 11:06:58.000000000 -0500
 @@ -65,6 +65,7 @@
  type server_packet_t, packet_type, server_packet_type;
  
@@ -5939,9 +6051,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # network_node examples:
  #network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255)
  #network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.33/policy/modules/kernel/devices.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.1/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/devices.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/devices.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -47,8 +47,10 @@
  /dev/kmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
  /dev/kmsg		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
@@ -5999,9 +6111,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/named/chroot/dev/null -c	gen_context(system_u:object_r:null_device_t,s0)
  /var/named/chroot/dev/random -c	gen_context(system_u:object_r:random_device_t,s0)
  /var/named/chroot/dev/zero -c	gen_context(system_u:object_r:zero_device_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.33/policy/modules/kernel/devices.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.1/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/devices.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/devices.if	2009-11-17 11:06:58.000000000 -0500
 @@ -1692,6 +1692,78 @@
  
  ########################################
@@ -6299,9 +6411,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read and write Xen devices.
  ## </summary>
  ## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.33/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/devices.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.1/policy/modules/kernel/devices.te
+--- nsaserefpolicy/policy/modules/kernel/devices.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/devices.te	2009-11-17 11:06:58.000000000 -0500
 @@ -84,6 +84,13 @@
  dev_node(kmsg_device_t)
  
@@ -6355,9 +6467,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  type xen_device_t;
  dev_node(xen_device_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.33/policy/modules/kernel/domain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.1/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/domain.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/domain.if	2009-11-17 11:06:58.000000000 -0500
 @@ -44,34 +44,6 @@
  interface(`domain_type',`
  	# start with basic domain
@@ -6557,9 +6669,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 unconfined_domain_type:process signal;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.33/policy/modules/kernel/domain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.1/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/domain.te	2009-11-13 11:32:05.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/domain.te	2009-11-17 11:06:58.000000000 -0500
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -6702,9 +6814,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	userdom_relabelto_user_home_dirs(polydomain)
 +	userdom_relabelto_user_home_files(polydomain)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.6.33/policy/modules/kernel/files.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.1/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/files.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/files.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -18,6 +18,7 @@
  /fsckoptions 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /halt			--	gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -6722,9 +6834,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib(/.*)?			gen_context(system_u:object_r:var_lib_t,s0)
  
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.33/policy/modules/kernel/files.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.1/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2009-11-12 13:24:12.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/kernel/files.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/files.if	2009-11-18 16:23:37.000000000 -0500
 @@ -932,10 +932,8 @@
  	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
  	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -6952,7 +7064,32 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -4906,6 +5039,24 @@
+@@ -4405,6 +4538,24 @@
+ 	read_lnk_files_pattern($1, { var_t var_lib_t }, var_lib_t)
+ ')
+ 
++########################################
++## <summary>
++##	Search the /var/log directory.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`files_search_var_log',`
++	gen_require(`
++		type var_t, var_log_t;
++	')
++
++	search_dirs_pattern($1, var_t, var_log_t)
++')
++
+ # cjp: the next two interfaces really need to be fixed
+ # in some way.  They really neeed their own types.
+ 
+@@ -4906,6 +5057,24 @@
  
  ########################################
  ## <summary>
@@ -6977,7 +7114,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Search the contents of generic spool
  ##	directories (/var/spool).
  ## </summary>
-@@ -5072,7 +5223,7 @@
+@@ -5072,7 +5241,7 @@
  	selinux_compute_member($1)
  
  	# Need sys_admin capability for mounting
@@ -6986,7 +7123,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	# Need to give access to the directories to be polyinstantiated
  	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
-@@ -5094,12 +5245,15 @@
+@@ -5094,12 +5263,15 @@
  	allow $1 poly_t:dir { create mounton };
  	fs_unmount_xattr_fs($1)
  
@@ -7003,7 +7140,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -5120,3 +5274,173 @@
+@@ -5120,3 +5292,173 @@
  
  	typeattribute $1 files_unconfined_type;
  ')
@@ -7177,9 +7314,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +	allow $1 file_type:file entrypoint;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.6.33/policy/modules/kernel/files.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.1/policy/modules/kernel/files.te
 --- nsaserefpolicy/policy/modules/kernel/files.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/kernel/files.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/files.te	2009-11-17 11:06:58.000000000 -0500
 @@ -43,6 +43,7 @@
  #
  type boot_t;
@@ -7205,15 +7342,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
  #
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.6.33/policy/modules/kernel/filesystem.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.7.1/policy/modules/kernel/filesystem.fc
 --- nsaserefpolicy/policy/modules/kernel/filesystem.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/filesystem.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/filesystem.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1 +1 @@
 -# This module currently does not have any file contexts.
 +/dev/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.33/policy/modules/kernel/filesystem.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.1/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/filesystem.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/filesystem.if	2009-11-18 07:50:05.000000000 -0500
 @@ -290,7 +290,7 @@
  
  ########################################
@@ -7320,7 +7457,33 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Search inotifyfs filesystem. 
  ## </summary>
  ## <param name="domain">
-@@ -2542,6 +2618,42 @@
+@@ -1993,6 +2069,25 @@
+ 	read_lnk_files_pattern($1, nfs_t, nfs_t)
+ ')
+ 
++########################################
++## <summary>
++##	Dontaudit read symbolic links on a NFS filesystem.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`fs_dontaudit_read_nfs_symlinks',`
++	gen_require(`
++		type nfs_t;
++	')
++
++	allow $1 nfs_t:dir list_dir_perms;
++	read_lnk_files_pattern($1, nfs_t, nfs_t)
++')
++
+ #########################################
+ ## <summary>
+ ##	Read named sockets on a NFS filesystem.
+@@ -2542,6 +2637,42 @@
  
  ########################################
  ## <summary>
@@ -7363,7 +7526,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read and write NFS server files.
  ## </summary>
  ## <param name="domain">
-@@ -3971,3 +4083,122 @@
+@@ -3971,3 +4102,122 @@
  	relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
  	relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
  ')
@@ -7486,9 +7649,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	dontaudit $1 xenfs_t:file manage_file_perms;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.6.33/policy/modules/kernel/filesystem.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.1/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/filesystem.te	2009-11-13 15:47:18.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/filesystem.te	2009-11-17 11:06:58.000000000 -0500
 @@ -29,6 +29,7 @@
  fs_use_xattr ext4dev gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr gfs gen_context(system_u:object_r:fs_t,s0);
@@ -7547,9 +7710,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # Rules for all filesystem types
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.33/policy/modules/kernel/kernel.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.1/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/kernel.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/kernel.if	2009-11-17 11:06:58.000000000 -0500
 @@ -485,6 +485,25 @@
  
  ########################################
@@ -7662,9 +7825,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 kernel_t:unix_stream_socket connectto;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.33/policy/modules/kernel/kernel.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.7.1/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/kernel.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/kernel.te	2009-11-17 11:06:58.000000000 -0500
 @@ -9,6 +9,7 @@
  # assertion related attributes
  attribute can_load_kernmodule;
@@ -7763,9 +7926,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
 +
 +files_boot(kernel_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.6.33/policy/modules/kernel/selinux.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.7.1/policy/modules/kernel/selinux.if
 --- nsaserefpolicy/policy/modules/kernel/selinux.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/selinux.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/selinux.if	2009-11-17 11:06:58.000000000 -0500
 @@ -40,7 +40,7 @@
  
  	# because of this statement, any module which
@@ -7823,9 +7986,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	fs_type($1)
 +	mls_trusted_object($1)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.6.33/policy/modules/kernel/storage.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.7.1/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/storage.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/storage.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -28,6 +28,7 @@
  /dev/megadev.*		-c	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/mmcblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
@@ -7834,9 +7997,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/nb[^/]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/optcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/p[fg][0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.6.33/policy/modules/kernel/storage.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.7.1/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/storage.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/storage.if	2009-11-17 11:06:58.000000000 -0500
 @@ -266,6 +266,7 @@
  
  	dev_list_all_dev_nodes($1)
@@ -7854,9 +8017,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.6.33/policy/modules/kernel/terminal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.7.1/policy/modules/kernel/terminal.fc
 --- nsaserefpolicy/policy/modules/kernel/terminal.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/terminal.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/terminal.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -13,6 +13,7 @@
  /dev/ip2[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
  /dev/isdn.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
@@ -7865,9 +8028,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/rfcomm[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
  /dev/slamr[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
  /dev/tty		-c	gen_context(system_u:object_r:devtty_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.33/policy/modules/kernel/terminal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.1/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/terminal.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/terminal.if	2009-11-17 11:06:58.000000000 -0500
 @@ -196,7 +196,7 @@
  
  	dev_list_all_dev_nodes($1)
@@ -7952,9 +8115,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-3.6.33/policy/modules/kernel/terminal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-3.7.1/policy/modules/kernel/terminal.te
 --- nsaserefpolicy/policy/modules/kernel/terminal.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/kernel/terminal.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/kernel/terminal.te	2009-11-17 11:06:58.000000000 -0500
 @@ -44,6 +44,7 @@
  type ptmx_t;
  dev_node(ptmx_t)
@@ -7963,9 +8126,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  #
  # tty_device_t is the type of /dev/*tty*
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.6.33/policy/modules/roles/guest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.7.1/policy/modules/roles/guest.te
 --- nsaserefpolicy/policy/modules/roles/guest.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/roles/guest.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/roles/guest.te	2009-11-17 11:06:58.000000000 -0500
 @@ -16,7 +16,11 @@
  #
  
@@ -7980,9 +8143,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +gen_user(guest_u, user, guest_r, s0, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.33/policy/modules/roles/staff.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.1/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/roles/staff.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/roles/staff.te	2009-11-17 11:06:58.000000000 -0500
 @@ -10,161 +10,117 @@
  
  userdom_unpriv_user_template(staff)
@@ -8186,9 +8349,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	xserver_role(staff_r, staff_t)
 +	virt_stream_connect(staff_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.33/policy/modules/roles/sysadm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.1/policy/modules/roles/sysadm.te
 --- nsaserefpolicy/policy/modules/roles/sysadm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/roles/sysadm.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/roles/sysadm.te	2009-11-17 11:06:58.000000000 -0500
 @@ -15,7 +15,7 @@
  
  role sysadm_r;
@@ -8498,9 +8661,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +init_script_role_transition(sysadm_r)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.6.33/policy/modules/roles/unconfineduser.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.7.1/policy/modules/roles/unconfineduser.fc
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/roles/unconfineduser.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/roles/unconfineduser.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,8 @@
 +# Add programs here which should not be confined by SELinux
 +# e.g.:
@@ -8510,9 +8673,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/mock			    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +/usr/sbin/sysreport	 	    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.6.33/policy/modules/roles/unconfineduser.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.7.1/policy/modules/roles/unconfineduser.if
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/roles/unconfineduser.if	2009-11-12 14:41:36.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/roles/unconfineduser.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,638 @@
 +## <summary>Unconfiend user role</summary>
 +
@@ -9152,10 +9315,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 unconfined_r;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.33/policy/modules/roles/unconfineduser.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.1/policy/modules/roles/unconfineduser.te
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/roles/unconfineduser.te	2009-11-16 11:05:10.000000000 -0500
-@@ -0,0 +1,430 @@
++++ serefpolicy-3.7.1/policy/modules/roles/unconfineduser.te	2009-11-18 16:34:24.000000000 -0500
+@@ -0,0 +1,426 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -9272,10 +9435,33 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		attribute unconfined_usertype;
 +	')
 +
++	optional_policy(`
++		abrt_dbus_chat(unconfined_usertype)
++		abrt_run_helper(unconfined_usertype, unconfined_r)
++	')
++
 +	nsplugin_role_notrans(unconfined_r, unconfined_usertype)
 +	tunable_policy(`allow_unconfined_nsplugin_transition',`
-+	      nsplugin_domtrans(unconfined_t)
-+	      nsplugin_domtrans_config(unconfined_t)
++	      nsplugin_domtrans(unconfined_usertype)
++	      nsplugin_domtrans_config(unconfined_usertype)
++	')
++
++	optional_policy(`
++		rtkit_daemon_system_domain(unconfined_usertype)
++	')
++
++	userdom_execmod_user_home_files(unconfined_usertype)
++
++	optional_policy(`
++		sandbox_transition(unconfined_usertype, unconfined_r)
++	')
++
++	optional_policy(`
++		avahi_dbus_chat(unconfined_usertype)
++	')
++
++	optional_policy(`
++		hal_dbus_chat(unconfined_usertype)
 +	')
 +')
 +
@@ -9314,10 +9500,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	dbus_stub(unconfined_t)
 +
 +	optional_policy(`
-+		avahi_dbus_chat(unconfined_t)
-+	')
-+
-+	optional_policy(`
 +		bluetooth_dbus_chat(unconfined_t)
 +	')
 +
@@ -9452,10 +9634,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
-+	sandbox_transition(unconfined_t, unconfined_r)
-+')
-+
-+optional_policy(`
 +	sendmail_run_unconfined(unconfined_t, unconfined_r)
 +')
 +
@@ -9497,65 +9675,46 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +
 +optional_policy(`
-+execmem_role_template(unconfined, unconfined_r, unconfined_t)
-+typealias unconfined_execmem_t alias execmem_t;
-+unconfined_domain_noaudit(unconfined_execmem_t)
-+allow unconfined_execmem_t unconfined_t:process transition;
-+rpm_transition_script(unconfined_execmem_t)
++	execmem_role_template(unconfined, unconfined_r, unconfined_t)
++	typealias unconfined_execmem_t alias execmem_t;
++	unconfined_domain_noaudit(unconfined_execmem_t)
++	allow unconfined_execmem_t unconfined_t:process transition;
++	rpm_transition_script(unconfined_execmem_t)
 +
-+optional_policy(`
-+	sandbox_transition(unconfined_execmem_t, unconfined_r)
-+')
-+optional_policy(`
-+	tunable_policy(`allow_unconfined_nsplugin_transition',`
-+	      nsplugin_domtrans(unconfined_execmem_t)
-+	      nsplugin_domtrans_config(unconfined_execmem_t)
++	optional_policy(`
++		init_dbus_chat_script(unconfined_execmem_t)
++		dbus_system_bus_client(unconfined_execmem_t)
++		unconfined_dbus_chat(unconfined_execmem_t)
++		unconfined_dbus_connect(unconfined_execmem_t)
 +	')
-+')
 +
-+optional_policy(`
-+	init_dbus_chat_script(unconfined_execmem_t)
-+	dbus_system_bus_client(unconfined_execmem_t)
-+	unconfined_dbus_chat(unconfined_execmem_t)
-+	unconfined_dbus_connect(unconfined_execmem_t)
-+')
-+
-+optional_policy(`
-+	avahi_dbus_chat(unconfined_execmem_t)
-+')
-+
-+optional_policy(`
-+	hal_dbus_chat(unconfined_execmem_t)
-+')
-+optional_policy(`
-+	gen_require(`
-+		type mplayer_exec_t;
-+		type unconfined_execmem_t;
++	optional_policy(`
++		gen_require(`
++			type mplayer_exec_t;
++			type unconfined_execmem_t;
++		')
++		domtrans_pattern(unconfined_t, mplayer_exec_t, unconfined_execmem_t)
 +	')
-+	domtrans_pattern(unconfined_t, mplayer_exec_t, unconfined_execmem_t)
-+')
 +
-+optional_policy(`
-+tunable_policy(`allow_unconfined_nsplugin_transition',`', `
-+	gen_require(`
-+		type mozilla_exec_t;
-+		type unconfined_execmem_t;
-+		type nsplugin_exec_t;
++	optional_policy(`
++		tunable_policy(`allow_unconfined_nsplugin_transition',`', `
++			gen_require(`
++				type mozilla_exec_t;
++				type unconfined_execmem_t;
++				type nsplugin_exec_t;
++			')
++			domtrans_pattern(unconfined_t, mozilla_exec_t, unconfined_execmem_t)
++			domtrans_pattern(unconfined_t, nsplugin_exec_t, unconfined_execmem_t)
++		')
 +	')
-+	domtrans_pattern(unconfined_t, mozilla_exec_t, unconfined_execmem_t)
-+	domtrans_pattern(unconfined_t, nsplugin_exec_t, unconfined_execmem_t)
-+')
-+')
 +
-+optional_policy(`
-+	gen_require(`
-+		type openoffice_exec_t;
-+		type unconfined_execmem_t;
++	optional_policy(`
++		gen_require(`
++			type openoffice_exec_t;
++			type unconfined_execmem_t;
++		')
++		domtrans_pattern(unconfined_t, openoffice_exec_t, unconfined_execmem_t)
 +	')
-+	domtrans_pattern(unconfined_t, openoffice_exec_t, unconfined_execmem_t)
-+')
-+
-+
 +')
 +
 +########################################
@@ -9586,9 +9745,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.33/policy/modules/roles/unprivuser.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.7.1/policy/modules/roles/unprivuser.te
 --- nsaserefpolicy/policy/modules/roles/unprivuser.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/roles/unprivuser.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/roles/unprivuser.te	2009-11-17 11:06:58.000000000 -0500
 @@ -14,96 +14,19 @@
  userdom_unpriv_user_template(user)
  
@@ -9737,9 +9896,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	xserver_role(user_r, user_t)
 +	setroubleshoot_dontaudit_stream_connect(user_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.33/policy/modules/roles/xguest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.7.1/policy/modules/roles/xguest.te
 --- nsaserefpolicy/policy/modules/roles/xguest.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/roles/xguest.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/roles/xguest.te	2009-11-17 11:06:58.000000000 -0500
 @@ -31,16 +31,37 @@
  
  userdom_restricted_xwindows_user_template(xguest)
@@ -9817,9 +9976,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -#gen_user(xguest_u,, xguest_r, s0, s0)
 +gen_user(xguest_u, user, xguest_r, s0, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.6.33/policy/modules/services/abrt.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.1/policy/modules/services/abrt.fc
 --- nsaserefpolicy/policy/modules/services/abrt.fc	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/abrt.fc	2009-11-13 11:25:52.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/abrt.fc	2009-11-18 16:55:18.000000000 -0500
 @@ -1,11 +1,15 @@
  /etc/abrt(/.*)?			 gen_context(system_u:object_r:abrt_etc_t,s0)
  /etc/rc\.d/init\.d/abrt		--	gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
@@ -9837,9 +9996,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/abrt\.pid		--	gen_context(system_u:object_r:abrt_var_run_t,s0)	
  /var/run/abrt\.lock		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
 +/var/run/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.6.33/policy/modules/services/abrt.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.1/policy/modules/services/abrt.if
 --- nsaserefpolicy/policy/modules/services/abrt.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/abrt.if	2009-11-16 09:55:22.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/abrt.if	2009-11-17 11:06:58.000000000 -0500
 @@ -19,6 +19,24 @@
  	domtrans_pattern($1, abrt_exec_t, abrt_t)
  ')
@@ -9963,9 +10122,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #####################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.33/policy/modules/services/abrt.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.1/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/abrt.te	2009-11-16 10:52:33.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/abrt.te	2009-11-18 16:55:40.000000000 -0500
 @@ -33,12 +33,23 @@
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
@@ -10038,7 +10197,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  sysnet_read_config(abrt_t)
  
-@@ -96,22 +118,59 @@
+@@ -96,22 +118,60 @@
  miscfiles_read_certs(abrt_t)
  miscfiles_read_localization(abrt_t)
  
@@ -10103,11 +10262,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +files_read_etc_files(abrt_helper_t)
 +
-+permissive abrt_helper_t;
++userdom_dontaudit_use_user_terminals(abrt_helper_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.33/policy/modules/services/afs.fc
++permissive abrt_helper_t;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.7.1/policy/modules/services/afs.fc
 --- nsaserefpolicy/policy/modules/services/afs.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/afs.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/afs.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -25,6 +25,7 @@
  /usr/vice/etc/afsd	--	gen_context(system_u:object_r:afs_exec_t,s0)
  
@@ -10116,9 +10276,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /vicepa				gen_context(system_u:object_r:afs_files_t,s0)
  /vicepb				gen_context(system_u:object_r:afs_files_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.33/policy/modules/services/afs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.1/policy/modules/services/afs.te
 --- nsaserefpolicy/policy/modules/services/afs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/afs.te	2009-11-13 08:49:52.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/afs.te	2009-11-17 11:06:58.000000000 -0500
 @@ -71,7 +71,7 @@
  # afs client local policy
  #
@@ -10136,9 +10296,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_rw_etc_runtime_files(afs_t)
  
  fs_getattr_xattr_fs(afs_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.6.33/policy/modules/services/aisexec.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.7.1/policy/modules/services/aisexec.fc
 --- nsaserefpolicy/policy/modules/services/aisexec.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/aisexec.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/aisexec.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,12 @@
 +
 +/etc/rc\.d/init\.d/openais             --      gen_context(system_u:object_r:aisexec_initrc_exec_t,s0)
@@ -10152,9 +10312,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/aisexec\.pid                  --      gen_context(system_u:object_r:aisexec_var_run_t,s0)
 +
 +/var/run/cman_.*                       -s      gen_context(system_u:object_r:aisexec_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.6.33/policy/modules/services/aisexec.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.7.1/policy/modules/services/aisexec.if
 --- nsaserefpolicy/policy/modules/services/aisexec.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/aisexec.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/aisexec.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,106 @@
 +## <summary>SELinux policy for Aisexec Cluster Engine</summary>
 +
@@ -10262,9 +10422,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +        admin_pattern($1, aisexec_tmpfs_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.6.33/policy/modules/services/aisexec.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.7.1/policy/modules/services/aisexec.te
 --- nsaserefpolicy/policy/modules/services/aisexec.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/aisexec.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/aisexec.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,112 @@
 +
 +policy_module(aisexec,1.0.0)
@@ -10378,9 +10538,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +groupd_rw_semaphores(aisexec_t)
 +groupd_rw_shm(aisexec_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.6.33/policy/modules/services/amavis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.7.1/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/amavis.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/amavis.te	2009-11-17 11:06:58.000000000 -0500
 @@ -103,6 +103,8 @@
  kernel_dontaudit_read_proc_symlinks(amavis_t)
  kernel_dontaudit_read_system_state(amavis_t)
@@ -10390,15 +10550,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # find perl
  corecmd_exec_bin(amavis_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.33/policy/modules/services/apache.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.7.1/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/apache.fc	2009-11-12 14:26:53.000000000 -0500
-@@ -1,12 +1,15 @@
++++ serefpolicy-3.7.1/policy/modules/services/apache.fc	2009-11-18 10:24:03.000000000 -0500
+@@ -1,12 +1,16 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
 +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
  
  /etc/apache(2)?(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
  /etc/apache-ssl(2)?(/.*)?		gen_context(system_u:object_r:httpd_config_t,s0)
++/etc/drupal(/.*)?			 gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
  /etc/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 -/etc/httpd			-d	gen_context(system_u:object_r:httpd_config_t,s0)
 -/etc/httpd/conf.*			gen_context(system_u:object_r:httpd_config_t,s0)
@@ -10412,7 +10573,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/vhosts			--	gen_context(system_u:object_r:httpd_config_t,s0)
  
  /srv/([^/]*/)?www(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
-@@ -21,10 +24,13 @@
+@@ -21,10 +25,13 @@
  /usr/lib(64)?/apache(2)?/suexec(2)? --	gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
  /usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
  /usr/lib(64)?/httpd(/.*)?		gen_context(system_u:object_r:httpd_modules_t,s0)
@@ -10426,7 +10587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/rotatelogs		--	gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
  /usr/sbin/suexec		--	gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
  
-@@ -32,12 +38,19 @@
+@@ -32,12 +39,19 @@
  /usr/sbin/httpd2-.*		--	gen_context(system_u:object_r:httpd_exec_t,s0)
  ')
  
@@ -10446,7 +10607,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/cache/mod_proxy(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
  /var/cache/mod_ssl(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
  /var/cache/php-eaccelerator(/.*)?	gen_context(system_u:object_r:httpd_cache_t,s0)
-@@ -46,7 +59,9 @@
+@@ -46,7 +60,9 @@
  /var/cache/ssl.*\.sem		--	gen_context(system_u:object_r:httpd_cache_t,s0)
  
  /var/lib/cacti/rra(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -10456,7 +10617,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /var/lib/httpd(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
  /var/lib/php/session(/.*)?		gen_context(system_u:object_r:httpd_var_run_t,s0)
-@@ -50,13 +65,17 @@
+@@ -50,13 +66,17 @@
  /var/lib/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /var/lib/httpd(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
  /var/lib/php/session(/.*)?		gen_context(system_u:object_r:httpd_var_run_t,s0)
@@ -10474,7 +10635,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`distro_debian', `
  /var/log/horde2(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
  ')
-@@ -64,11 +83,33 @@
+@@ -64,11 +84,33 @@
  /var/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
@@ -10509,9 +10670,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/svn/hooks(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 +/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.33/policy/modules/services/apache.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.1/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2009-07-28 15:51:13.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/apache.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/apache.if	2009-11-17 11:06:58.000000000 -0500
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -11115,9 +11276,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +	typeattribute $1  httpd_rw_content;
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.33/policy/modules/services/apache.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/apache.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/apache.te	2009-11-17 11:06:58.000000000 -0500
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -11923,9 +12084,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +typealias httpd_sys_script_t      alias httpd_fastcgi_script_t;
 +typealias httpd_var_run_t         alias httpd_fastcgi_var_run_t;
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.6.33/policy/modules/services/apm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.7.1/policy/modules/services/apm.te
 --- nsaserefpolicy/policy/modules/services/apm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/apm.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/apm.te	2009-11-17 16:29:03.000000000 -0500
 @@ -60,7 +60,7 @@
  # mknod: controlling an orderly resume of PCMCIA requires creating device
  # nodes 254,{0,1,2} for some reason.
@@ -11935,9 +12096,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow apmd_t self:process { signal_perms getsession };
  allow apmd_t self:fifo_file rw_fifo_file_perms;
  allow apmd_t self:unix_dgram_socket create_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.6.33/policy/modules/services/asterisk.if
+@@ -223,6 +223,10 @@
+ 	unconfined_domain(apmd_t)
+ ')
+ 
++optional_policy(`
++	vbetool_domtrans(apmd_t)
++')
++
+ # cjp: related to sleep/resume (?)
+ optional_policy(`
+ 	xserver_domtrans(apmd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.7.1/policy/modules/services/asterisk.if
 --- nsaserefpolicy/policy/modules/services/asterisk.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/asterisk.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/asterisk.if	2009-11-17 11:06:58.000000000 -0500
 @@ -1,5 +1,26 @@
  ## <summary>Asterisk IP telephony server</summary>
  
@@ -11965,9 +12137,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.6.33/policy/modules/services/asterisk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.1/policy/modules/services/asterisk.te
 --- nsaserefpolicy/policy/modules/services/asterisk.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/asterisk.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/asterisk.te	2009-11-17 11:06:58.000000000 -0500
 @@ -34,6 +34,8 @@
  type asterisk_var_run_t;
  files_pid_file(asterisk_var_run_t)
@@ -11985,9 +12157,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_sendrecv_asterisk_server_packets(asterisk_t)
  # for VOIP voice channels.
  corenet_tcp_bind_generic_port(asterisk_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.33/policy/modules/services/automount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.7.1/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/automount.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/automount.te	2009-11-17 11:06:58.000000000 -0500
 @@ -75,6 +75,7 @@
  
  fs_mount_all_fs(automount_t)
@@ -12004,9 +12176,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  storage_rw_fuse(automount_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.33/policy/modules/services/avahi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.1/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/avahi.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/avahi.te	2009-11-18 16:51:04.000000000 -0500
 @@ -24,7 +24,7 @@
  # Local policy
  #
@@ -12016,9 +12188,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dontaudit avahi_t self:capability sys_tty_config;
  allow avahi_t self:process { setrlimit signal_perms getcap setcap };
  allow avahi_t self:fifo_file rw_fifo_file_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.33/policy/modules/services/bind.if
+@@ -32,6 +32,7 @@
+ allow avahi_t self:unix_dgram_socket create_socket_perms;
+ allow avahi_t self:tcp_socket create_stream_socket_perms;
+ allow avahi_t self:udp_socket create_socket_perms;
++allow avahi_t self:packet_socket create_socket_perms;
+ 
+ manage_dirs_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
+ manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.7.1/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/bind.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/bind.if	2009-11-17 11:06:58.000000000 -0500
 @@ -235,7 +235,7 @@
  
  ########################################
@@ -12080,9 +12260,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an bind environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.6.33/policy/modules/services/bitlbee.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.7.1/policy/modules/services/bitlbee.te
 --- nsaserefpolicy/policy/modules/services/bitlbee.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/bitlbee.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/bitlbee.te	2009-11-17 11:06:58.000000000 -0500
 @@ -68,6 +68,8 @@
  # MSN can use passport auth, which is over http:
  corenet_tcp_connect_http_port(bitlbee_t)
@@ -12092,9 +12272,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_read_rand(bitlbee_t)
  dev_read_urand(bitlbee_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.6.33/policy/modules/services/bluetooth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.7.1/policy/modules/services/bluetooth.if
 --- nsaserefpolicy/policy/modules/services/bluetooth.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/bluetooth.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/bluetooth.if	2009-11-17 11:06:58.000000000 -0500
 @@ -153,6 +153,27 @@
  	dontaudit $1 bluetooth_helper_t:file { read getattr };
  ')
@@ -12123,9 +12303,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.33/policy/modules/services/bluetooth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.1/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/bluetooth.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/bluetooth.te	2009-11-17 11:06:58.000000000 -0500
 @@ -54,9 +54,9 @@
  # Bluetooth services local policy
  #
@@ -12173,9 +12353,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		pulseaudio_dbus_chat(bluetooth_t)
  	')
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-3.6.33/policy/modules/services/ccs.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-3.7.1/policy/modules/services/ccs.fc
 --- nsaserefpolicy/policy/modules/services/ccs.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ccs.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ccs.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -2,9 +2,5 @@
  
  /sbin/ccsd		--	gen_context(system_u:object_r:ccs_exec_t,s0)
@@ -12188,9 +12368,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/var/run/cman_.*	-s	gen_context(system_u:object_r:ccs_var_run_t,s0)
 +/var/run/cluster/ccsd\.pid      --      gen_context(system_u:object_r:ccs_var_run_t,s0)
 +/var/run/cluster/ccsd\.sock     -s      gen_context(system_u:object_r:ccs_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.6.33/policy/modules/services/ccs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.7.1/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ccs.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ccs.te	2009-11-17 11:06:58.000000000 -0500
 @@ -10,23 +10,21 @@
  type ccs_exec_t;
  init_daemon_domain(ccs_t, ccs_exec_t)
@@ -12274,9 +12454,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`hide_broken_symptoms', `
  	corecmd_dontaudit_write_bin_dirs(ccs_t)
  	files_manage_isid_type_files(ccs_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.6.33/policy/modules/services/certmaster.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.7.1/policy/modules/services/certmaster.te
 --- nsaserefpolicy/policy/modules/services/certmaster.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/certmaster.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/certmaster.te	2009-11-17 11:06:58.000000000 -0500
 @@ -30,7 +30,7 @@
  # certmaster local policy 
  #
@@ -12286,9 +12466,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow certmaster_t self:tcp_socket create_stream_socket_perms;
  
  # config files
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.fc serefpolicy-3.6.33/policy/modules/services/chronyd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.fc serefpolicy-3.7.1/policy/modules/services/chronyd.fc
 --- nsaserefpolicy/policy/modules/services/chronyd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/chronyd.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/chronyd.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,11 @@
 +
 +/etc/rc\.d/init\.d/chronyd         --      gen_context(system_u:object_r:chronyd_initrc_exec_t,s0)
@@ -12301,9 +12481,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/run/chronyd\.pid              --      gen_context(system_u:object_r:chronyd_var_run_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.6.33/policy/modules/services/chronyd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.1/policy/modules/services/chronyd.if
 --- nsaserefpolicy/policy/modules/services/chronyd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/chronyd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/chronyd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,105 @@
 +## <summary>chrony background daemon</summary>
 +
@@ -12410,9 +12590,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.6.33/policy/modules/services/chronyd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.7.1/policy/modules/services/chronyd.te
 --- nsaserefpolicy/policy/modules/services/chronyd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/chronyd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/chronyd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,67 @@
 +policy_module(chronyd,1.0.0)
 +
@@ -12481,9 +12661,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +miscfiles_read_localization(chronyd_t)
 +
 +permissive chronyd_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.33/policy/modules/services/clamav.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.1/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/clamav.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/clamav.te	2009-11-17 11:06:58.000000000 -0500
 @@ -117,9 +117,9 @@
  
  logging_send_syslog_msg(clamd_t)
@@ -12525,17 +12705,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	apache_read_sys_content(clamscan_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.6.33/policy/modules/services/clogd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.7.1/policy/modules/services/clogd.fc
 --- nsaserefpolicy/policy/modules/services/clogd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/clogd.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/clogd.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,4 @@
 +
 +/usr/sbin/clogd			--	gen_context(system_u:object_r:clogd_exec_t,s0)
 +
 +/var/run/clogd\.pid             --      gen_context(system_u:object_r:clogd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.6.33/policy/modules/services/clogd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.7.1/policy/modules/services/clogd.if
 --- nsaserefpolicy/policy/modules/services/clogd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/clogd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/clogd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,98 @@
 +## <summary>clogd - clustered mirror log server</summary>
 +
@@ -12635,9 +12815,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        allow $1 clogd_t:shm { rw_shm_perms destroy };
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.6.33/policy/modules/services/clogd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.7.1/policy/modules/services/clogd.te
 --- nsaserefpolicy/policy/modules/services/clogd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/clogd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/clogd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,62 @@
 +
 +policy_module(clogd,1.0.0)
@@ -12701,15 +12881,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.6.33/policy/modules/services/cobbler.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.7.1/policy/modules/services/cobbler.fc
 --- nsaserefpolicy/policy/modules/services/cobbler.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/cobbler.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cobbler.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/var/lib/cobbler(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.6.33/policy/modules/services/cobbler.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.1/policy/modules/services/cobbler.if
 --- nsaserefpolicy/policy/modules/services/cobbler.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/cobbler.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cobbler.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,44 @@
 +## <summary>
 +##	Cobbler var_lib_t
@@ -12755,18 +12935,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_search_var_lib($1)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.6.33/policy/modules/services/cobbler.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.7.1/policy/modules/services/cobbler.te
 --- nsaserefpolicy/policy/modules/services/cobbler.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/cobbler.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cobbler.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,5 @@
 +
 +policy_module(cobbler, 1.10.0)
 +
 +type cobbler_var_lib_t;
 +files_type(cobbler_var_lib_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.33/policy/modules/services/consolekit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.7.1/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/consolekit.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/consolekit.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -2,4 +2,5 @@
  
  /var/log/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_log_t,s0)
@@ -12774,9 +12954,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/var/run/ConsoleKit(/.*)?	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
 +
 +/var/run/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.33/policy/modules/services/consolekit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.7.1/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/consolekit.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/consolekit.if	2009-11-17 11:06:58.000000000 -0500
 @@ -57,3 +57,42 @@
  	read_files_pattern($1, consolekit_log_t, consolekit_log_t)
  	files_search_pids($1)
@@ -12820,9 +13000,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.33/policy/modules/services/consolekit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.1/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/consolekit.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/consolekit.te	2009-11-17 11:06:58.000000000 -0500
 @@ -21,7 +21,7 @@
  # consolekit local policy
  #
@@ -12896,9 +13076,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_stream_connect(consolekit_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.6.33/policy/modules/services/corosync.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.7.1/policy/modules/services/corosync.fc
 --- nsaserefpolicy/policy/modules/services/corosync.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/corosync.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/corosync.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,13 @@
 +
 +/etc/rc\.d/init\.d/corosync     --      gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
@@ -12913,9 +13093,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/run/corosync\.pid          --      gen_context(system_u:object_r:corosync_var_run_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.6.33/policy/modules/services/corosync.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.7.1/policy/modules/services/corosync.if
 --- nsaserefpolicy/policy/modules/services/corosync.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/corosync.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/corosync.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,108 @@
 +## <summary>SELinux policy for Corosync Cluster Engine</summary>
 +
@@ -13025,9 +13205,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.6.33/policy/modules/services/corosync.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.1/policy/modules/services/corosync.te
 --- nsaserefpolicy/policy/modules/services/corosync.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/corosync.te	2009-11-12 15:10:07.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/corosync.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,107 @@
 +
 +policy_module(corosync,1.0.0)
@@ -13136,9 +13316,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +permissive corosync_t;
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.33/policy/modules/services/courier.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.7.1/policy/modules/services/courier.if
 --- nsaserefpolicy/policy/modules/services/courier.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/courier.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/courier.if	2009-11-17 11:06:58.000000000 -0500
 @@ -179,6 +179,24 @@
  
  ########################################
@@ -13164,9 +13344,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read and write to courier spool pipes.
  ## </summary>
  ## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.33/policy/modules/services/courier.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.7.1/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/courier.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/courier.te	2009-11-17 11:06:58.000000000 -0500
 @@ -10,6 +10,7 @@
  
  type courier_etc_t;
@@ -13175,9 +13355,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  courier_domain_template(pcp)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.33/policy/modules/services/cron.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.7.1/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/cron.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cron.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -14,7 +14,7 @@
  /var/run/anacron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
  /var/run/atd\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -13195,9 +13375,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/glpi/files(/.*)?		gen_context(system_u:object_r:cron_var_lib_t,s0)
 +
 +/var/log/mcelog.*		--	gen_context(system_u:object_r:cron_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.33/policy/modules/services/cron.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.1/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/cron.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cron.if	2009-11-17 11:06:58.000000000 -0500
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -13339,9 +13519,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	manage_files_pattern($1, system_cronjob_var_lib_t,  system_cronjob_var_lib_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.33/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/cron.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.1/policy/modules/services/cron.te
+--- nsaserefpolicy/policy/modules/services/cron.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cron.te	2009-11-17 11:06:58.000000000 -0500
 @@ -38,6 +38,7 @@
  type cron_var_lib_t;
  files_type(cron_var_lib_t)
@@ -13598,9 +13778,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_domain(system_cronjob_t)
  	userdom_user_home_dir_filetrans_user_home_content(system_cronjob_t, { dir file lnk_file fifo_file sock_file })
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.33/policy/modules/services/cups.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.7.1/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2009-07-28 15:51:13.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/cups.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cups.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -13,10 +13,14 @@
  /etc/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/rc\.d/init\.d/cups	--	gen_context(system_u:object_r:cupsd_initrc_exec_t,s0)
@@ -13644,9 +13824,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/local/Printer/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +
 +/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.33/policy/modules/services/cups.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.1/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/cups.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cups.te	2009-11-17 11:06:58.000000000 -0500
 @@ -23,6 +23,9 @@
  type cupsd_initrc_exec_t;
  init_script_file(cupsd_initrc_exec_t)
@@ -13808,18 +13988,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_read_sysfs(hplip_t)
  dev_rw_printer(hplip_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.33/policy/modules/services/cvs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.1/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/cvs.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cvs.te	2009-11-17 11:06:58.000000000 -0500
 @@ -112,4 +112,5 @@
  	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
  	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
  	manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
 +	files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.6.33/policy/modules/services/cyrus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.7.1/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/cyrus.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/cyrus.te	2009-11-17 11:06:58.000000000 -0500
 @@ -137,6 +137,7 @@
  optional_policy(`
  	snmp_read_snmp_var_lib_files(cyrus_t)
@@ -13828,9 +14008,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.33/policy/modules/services/dbus.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.1/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/dbus.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/dbus.if	2009-11-17 11:06:58.000000000 -0500
 @@ -42,8 +42,10 @@
  	gen_require(`
  		class dbus { send_msg acquire_svc };
@@ -13956,9 +14136,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.33/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te	2009-08-18 18:39:50.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/dbus.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.7.1/policy/modules/services/dbus.te
+--- nsaserefpolicy/policy/modules/services/dbus.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/dbus.te	2009-11-17 11:06:58.000000000 -0500
 @@ -86,6 +86,7 @@
  dev_read_sysfs(system_dbusd_t)
  
@@ -14011,9 +14191,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow dbusd_unconfined session_bus_type:dbus all_dbus_perms;
 +allow dbusd_unconfined dbusd_unconfined:dbus all_dbus_perms;
 +allow session_bus_type dbusd_unconfined:dbus send_msg;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.33/policy/modules/services/dcc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.7.1/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/dcc.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/dcc.te	2009-11-17 11:06:58.000000000 -0500
 @@ -130,11 +130,13 @@
  
  # Access files in /var/dcc. The map file can be updated
@@ -14040,9 +14220,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	spamassassin_read_spamd_tmp_files(dcc_client_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.6.33/policy/modules/services/ddclient.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.7.1/policy/modules/services/ddclient.if
 --- nsaserefpolicy/policy/modules/services/ddclient.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ddclient.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ddclient.if	2009-11-17 11:06:58.000000000 -0500
 @@ -21,6 +21,31 @@
  
  ########################################
@@ -14075,18 +14255,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an ddclient environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.33/policy/modules/services/devicekit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.7.1/policy/modules/services/devicekit.fc
 --- nsaserefpolicy/policy/modules/services/devicekit.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/devicekit.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/devicekit.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -5,4 +5,4 @@
  /var/lib/DeviceKit-.*			gen_context(system_u:object_r:devicekit_var_lib_t,s0)
  
  /var/run/devkit(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
 -/var/run/DeviceKit-disk(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
 +/var/run/DeviceKit-disks(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.33/policy/modules/services/devicekit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.7.1/policy/modules/services/devicekit.if
 --- nsaserefpolicy/policy/modules/services/devicekit.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/devicekit.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/devicekit.if	2009-11-17 11:06:58.000000000 -0500
 @@ -139,6 +139,26 @@
  
  ########################################
@@ -14123,9 +14303,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	allow $1 devicekit_t:process { ptrace signal_perms getattr };
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.33/policy/modules/services/devicekit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.1/policy/modules/services/devicekit.te
 --- nsaserefpolicy/policy/modules/services/devicekit.te	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/devicekit.te	2009-11-14 00:17:30.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/devicekit.te	2009-11-17 11:06:58.000000000 -0500
 @@ -36,12 +36,15 @@
  manage_dirs_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
  manage_files_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
@@ -14310,9 +14490,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	vbetool_domtrans(devicekit_power_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.33/policy/modules/services/dnsmasq.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.7.1/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/dnsmasq.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/dnsmasq.te	2009-11-17 11:06:58.000000000 -0500
 @@ -83,6 +83,18 @@
  userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
  
@@ -14332,9 +14512,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(dnsmasq_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.33/policy/modules/services/dovecot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.1/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/dovecot.te	2009-11-13 11:27:22.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/dovecot.te	2009-11-17 11:06:58.000000000 -0500
 @@ -56,7 +56,7 @@
  
  allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot };
@@ -14400,9 +14580,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	fs_manage_cifs_symlinks(dovecot_deliver_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.33/policy/modules/services/exim.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.1/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/exim.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/exim.te	2009-11-17 11:06:58.000000000 -0500
 @@ -111,6 +111,7 @@
  files_search_var(exim_t)
  files_read_etc_files(exim_t)
@@ -14422,9 +14602,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	spamassassin_exec(exim_t)
  	spamassassin_exec_client(exim_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.6.33/policy/modules/services/fail2ban.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.7.1/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/fail2ban.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/fail2ban.te	2009-11-17 11:06:58.000000000 -0500
 @@ -33,6 +33,7 @@
  allow fail2ban_t self:process signal;
  allow fail2ban_t self:fifo_file rw_fifo_file_perms;
@@ -14441,21 +14621,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  miscfiles_read_localization(fail2ban_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.6.33/policy/modules/services/fetchmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.7.1/policy/modules/services/fetchmail.te
 --- nsaserefpolicy/policy/modules/services/fetchmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/fetchmail.te	2009-11-12 14:26:53.000000000 -0500
-@@ -47,6 +47,8 @@
++++ serefpolicy-3.7.1/policy/modules/services/fetchmail.te	2009-11-18 08:45:23.000000000 -0500
+@@ -47,6 +47,9 @@
  kernel_read_proc_symlinks(fetchmail_t)
  kernel_dontaudit_read_system_state(fetchmail_t)
  
 +corecmd_exec_shell(fetchmail_t)
++corecmd_exec_bin(fetchmail_t)
 +
  corenet_all_recvfrom_unlabeled(fetchmail_t)
  corenet_all_recvfrom_netlabel(fetchmail_t)
  corenet_tcp_sendrecv_generic_if(fetchmail_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.33/policy/modules/services/fprintd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.7.1/policy/modules/services/fprintd.te
 --- nsaserefpolicy/policy/modules/services/fprintd.te	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/fprintd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/fprintd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -37,6 +37,8 @@
  files_read_etc_files(fprintd_t)
  files_read_usr_files(fprintd_t)
@@ -14473,9 +14654,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	policykit_domtrans_auth(fprintd_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.33/policy/modules/services/ftp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.1/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ftp.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ftp.te	2009-11-17 11:06:58.000000000 -0500
 @@ -41,6 +41,13 @@
  
  ## <desc>
@@ -14599,9 +14780,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(ftpd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.6.33/policy/modules/services/git.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.1/policy/modules/services/git.fc
 --- nsaserefpolicy/policy/modules/services/git.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/git.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/git.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,3 +1,9 @@
  /var/cache/cgit(/.*)?		gen_context(system_u:object_r:httpd_git_script_rw_t,s0)
 -/var/lib/git(/.*)?		gen_context(system_u:object_r:httpd_git_content_t,s0)
@@ -14613,9 +14794,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +# Conflict with Fedora cgit fc spec.
 +/var/lib/git(/.*)?				gen_context(system_u:object_r:git_data_t, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.6.33/policy/modules/services/git.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.1/policy/modules/services/git.if
 --- nsaserefpolicy/policy/modules/services/git.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/git.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/git.if	2009-11-17 11:06:58.000000000 -0500
 @@ -1 +1,285 @@
 -## <summary>GIT revision control system</summary>
 +## <summary>Git daemon is a really simple server for Git repositories.</summary>
@@ -14903,9 +15084,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	seutil_domtrans_setfiles($1)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.6.33/policy/modules/services/git.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.1/policy/modules/services/git.te
 --- nsaserefpolicy/policy/modules/services/git.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/git.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/git.te	2009-11-17 11:06:58.000000000 -0500
 @@ -1,9 +1,173 @@
  
  policy_module(git, 1.0)
@@ -15081,9 +15262,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  apache_content_template(git)
 +git_read_data_content(httpd_git_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.33/policy/modules/services/gpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.7.1/policy/modules/services/gpm.te
 --- nsaserefpolicy/policy/modules/services/gpm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/gpm.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/gpm.te	2009-11-17 11:06:58.000000000 -0500
 @@ -27,7 +27,8 @@
  # Local policy
  #
@@ -15094,9 +15275,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow gpm_t self:unix_stream_socket create_stream_socket_perms;
  
  allow gpm_t gpm_conf_t:dir list_dir_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.33/policy/modules/services/gpsd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.7.1/policy/modules/services/gpsd.fc
 --- nsaserefpolicy/policy/modules/services/gpsd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/gpsd.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/gpsd.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1 +1,6 @@
 +/etc/rc\.d/init\.d/gpsd         --      gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
 +
@@ -15104,9 +15285,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/run/gpsd\.pid               --      gen_context(system_u:object_r:gpsd_var_run_t,s0)
 +/var/run/gpsd\.sock              -s      gen_context(system_u:object_r:gpsd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.33/policy/modules/services/gpsd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.7.1/policy/modules/services/gpsd.if
 --- nsaserefpolicy/policy/modules/services/gpsd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/gpsd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/gpsd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -33,11 +33,6 @@
  ##	The role to be allowed the gpsd domain.
  ##	</summary>
@@ -15152,9 +15333,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
 +        read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.33/policy/modules/services/gpsd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.1/policy/modules/services/gpsd.te
 --- nsaserefpolicy/policy/modules/services/gpsd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/gpsd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/gpsd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -11,15 +11,21 @@
  application_domain(gpsd_t, gpsd_exec_t)
  init_daemon_domain(gpsd_t, gpsd_exec_t)
@@ -15196,9 +15377,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	ntpd_rw_shm(gpsd_t)
 +	ntp_rw_shm(gpsd_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.33/policy/modules/services/hal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.7.1/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/hal.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/hal.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -26,6 +26,7 @@
  /var/run/pm(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
  /var/run/pm-utils(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
@@ -15207,9 +15388,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ifdef(`distro_gentoo',`
  /var/lib/cache/hald(/.*)?			gen_context(system_u:object_r:hald_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.33/policy/modules/services/hal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.7.1/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/hal.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/hal.if	2009-11-17 11:06:58.000000000 -0500
 @@ -413,3 +413,21 @@
  	files_search_pids($1)
  	manage_files_pattern($1, hald_var_run_t, hald_var_run_t)
@@ -15232,9 +15413,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	dontaudit $1 hald_t:unix_dgram_socket { read write };
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.33/policy/modules/services/hal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.1/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/hal.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/hal.te	2009-11-17 11:06:58.000000000 -0500
 @@ -55,6 +55,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -15387,9 +15568,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	dbus_system_bus_client(hald_dccm_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/howl.te serefpolicy-3.6.33/policy/modules/services/howl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/howl.te serefpolicy-3.7.1/policy/modules/services/howl.te
 --- nsaserefpolicy/policy/modules/services/howl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/howl.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/howl.te	2009-11-17 11:06:58.000000000 -0500
 @@ -30,7 +30,7 @@
  
  kernel_read_network_state(howl_t)
@@ -15399,18 +15580,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_list_proc(howl_t)
  kernel_read_proc_symlinks(howl_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.6.33/policy/modules/services/inetd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.7.1/policy/modules/services/inetd.fc
 --- nsaserefpolicy/policy/modules/services/inetd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/inetd.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/inetd.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -9,4 +9,4 @@
  
  /var/log/(x)?inetd\.log	--	gen_context(system_u:object_r:inetd_log_t,s0)
  
 -/var/run/inetd\.pid	--	gen_context(system_u:object_r:inetd_var_run_t,s0)
 +/var/run/(x)?inetd\.pid	--	gen_context(system_u:object_r:inetd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.6.33/policy/modules/services/inetd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.7.1/policy/modules/services/inetd.te
 --- nsaserefpolicy/policy/modules/services/inetd.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/inetd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/inetd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -104,6 +104,8 @@
  corenet_tcp_bind_telnetd_port(inetd_t)
  corenet_udp_bind_tftp_port(inetd_t)
@@ -15429,9 +15610,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_send_syslog_msg(inetd_t)
  
  miscfiles_read_localization(inetd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-3.6.33/policy/modules/services/irqbalance.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-3.7.1/policy/modules/services/irqbalance.te
 --- nsaserefpolicy/policy/modules/services/irqbalance.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/irqbalance.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/irqbalance.te	2009-11-17 11:06:58.000000000 -0500
 @@ -18,11 +18,11 @@
  # Local policy
  #
@@ -15446,9 +15627,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
  files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.33/policy/modules/services/kerberos.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.1/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/kerberos.if	2009-11-13 11:27:57.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/kerberos.if	2009-11-17 11:06:58.000000000 -0500
 @@ -74,7 +74,7 @@
  	')
  
@@ -15469,9 +15650,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	tunable_policy(`allow_kerberos',`
  		allow $1 self:tcp_socket create_socket_perms;
  		allow $1 self:udp_socket create_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.33/policy/modules/services/kerberos.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.1/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/kerberos.te	2009-11-13 08:15:23.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/kerberos.te	2009-11-17 11:06:58.000000000 -0500
 @@ -110,8 +110,9 @@
  manage_files_pattern(kadmind_t, kadmind_var_run_t, kadmind_var_run_t)
  files_pid_filetrans(kadmind_t, kadmind_var_run_t, file)
@@ -15522,9 +15703,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  sysnet_dns_name_resolve(kpropd_t)
  
  kerberos_use(kpropd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.33/policy/modules/services/kerneloops.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.7.1/policy/modules/services/kerneloops.te
 --- nsaserefpolicy/policy/modules/services/kerneloops.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/kerneloops.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/kerneloops.te	2009-11-17 11:06:58.000000000 -0500
 @@ -22,7 +22,7 @@
  #
  
@@ -15534,9 +15715,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow kerneloops_t self:fifo_file rw_file_perms;
  
  manage_files_pattern(kerneloops_t, kerneloops_tmp_t, kerneloops_tmp_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.33/policy/modules/services/ktalk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.7.1/policy/modules/services/ktalk.te
 --- nsaserefpolicy/policy/modules/services/ktalk.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ktalk.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ktalk.te	2009-11-17 11:06:58.000000000 -0500
 @@ -69,6 +69,7 @@
  files_read_etc_files(ktalkd_t)
  
@@ -15545,18 +15726,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  auth_use_nsswitch(ktalkd_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.6.33/policy/modules/services/lircd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.7.1/policy/modules/services/lircd.fc
 --- nsaserefpolicy/policy/modules/services/lircd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/lircd.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/lircd.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -6,3 +6,5 @@
  /usr/sbin/lircd		--	gen_context(system_u:object_r:lircd_exec_t,s0)
  
  /var/run/lircd\.pid		gen_context(system_u:object_r:lircd_var_run_t,s0)
 +/var/run/lircd(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
 +/var/run/lirc(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.6.33/policy/modules/services/lircd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.7.1/policy/modules/services/lircd.if
 --- nsaserefpolicy/policy/modules/services/lircd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/lircd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/lircd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -32,12 +32,11 @@
  #
  interface(`lircd_stream_connect',`
@@ -15588,9 +15769,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -
 -	admin_pattern($1, lircd_sock_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.33/policy/modules/services/lircd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.7.1/policy/modules/services/lircd.te
 --- nsaserefpolicy/policy/modules/services/lircd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/lircd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/lircd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -16,13 +16,9 @@
  type lircd_etc_t;
  files_type(lircd_etc_t)
@@ -15636,9 +15817,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
  miscfiles_read_localization(lircd_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.33/policy/modules/services/mailman.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.7.1/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/mailman.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/mailman.te	2009-11-17 11:06:58.000000000 -0500
 @@ -78,6 +78,10 @@
  mta_dontaudit_rw_queue(mailman_mail_t)
  
@@ -15650,9 +15831,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	cron_read_pipes(mailman_mail_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.6.33/policy/modules/services/memcached.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.7.1/policy/modules/services/memcached.te
 --- nsaserefpolicy/policy/modules/services/memcached.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/memcached.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/memcached.te	2009-11-17 11:06:58.000000000 -0500
 @@ -44,6 +44,8 @@
  
  files_read_etc_files(memcached_t)
@@ -15662,9 +15843,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(memcached_t)
  
  sysnet_dns_name_resolve(memcached_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.33/policy/modules/services/milter.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.7.1/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/milter.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/milter.if	2009-11-17 11:06:58.000000000 -0500
 @@ -35,6 +35,8 @@
  	# Create other data files and directories in the data directory
  	manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
@@ -15674,9 +15855,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	miscfiles_read_localization($1_milter_t)
  
  	logging_send_syslog_msg($1_milter_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.6.33/policy/modules/services/modemmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.1/policy/modules/services/modemmanager.te
 --- nsaserefpolicy/policy/modules/services/modemmanager.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/modemmanager.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/modemmanager.te	2009-11-17 11:06:58.000000000 -0500
 @@ -16,7 +16,7 @@
  #
  # ModemManager local policy
@@ -15694,18 +15875,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(modemmanager_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.33/policy/modules/services/mta.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.7.1/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/mta.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/mta.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -26,3 +26,5 @@
  /var/spool/imap(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
  /var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
  /var/spool/mail(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
 +HOME_DIR/\.forward	--	gen_context(system_u:object_r:mail_forward_t,s0)
 +/root/\.forward		--	gen_context(system_u:object_r:mail_forward_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.33/policy/modules/services/mta.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.7.1/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/mta.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/mta.if	2009-11-17 11:06:58.000000000 -0500
 @@ -69,6 +69,7 @@
  	can_exec($1_mail_t, sendmail_exec_t)
  	allow $1_mail_t sendmail_exec_t:lnk_file read_lnk_file_perms;
@@ -15767,9 +15948,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.33/policy/modules/services/mta.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.1/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/mta.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/mta.te	2009-11-17 11:06:58.000000000 -0500
 @@ -27,6 +27,9 @@
  type mail_spool_t;
  files_mountpoint(mail_spool_t)
@@ -15859,9 +16040,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # User send mail local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.33/policy/modules/services/munin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.7.1/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/munin.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/munin.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -9,3 +9,6 @@
  /var/lib/munin(/.*)?			gen_context(system_u:object_r:munin_var_lib_t,s0)
  /var/log/munin.*			gen_context(system_u:object_r:munin_log_t,s0)
@@ -15869,9 +16050,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/html/munin(/.*)?		gen_context(system_u:object_r:httpd_munin_content_t,s0)
 +/var/www/html/munin/cgi(/.*)?		gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.33/policy/modules/services/munin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.1/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/munin.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/munin.te	2009-11-17 11:06:58.000000000 -0500
 @@ -33,7 +33,7 @@
  # Local policy
  #
@@ -15889,14 +16070,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.33/policy/modules/services/mysql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.1/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/mysql.te	2009-11-12 14:26:53.000000000 -0500
-@@ -136,7 +136,12 @@
++++ serefpolicy-3.7.1/policy/modules/services/mysql.te	2009-11-18 16:52:13.000000000 -0500
+@@ -136,10 +136,17 @@
  
  domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t)
  
-+allow mysqld_safe_t mysqld_var_run_t:sock_file unlink;
++read_files_pattern(mysqld_safe_t, mysqld_var_run_t, mysqld_var_run_t)
++delete_sock_files_pattern(mysqld_safe_t, mysqld_var_run_t, mysqld_var_run_t)
 +
  allow mysqld_safe_t mysqld_log_t:file manage_file_perms;
 +
@@ -15905,7 +16087,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_log_filetrans(mysqld_safe_t, mysqld_log_t, file)
  
  kernel_read_system_state(mysqld_safe_t) 
-@@ -152,7 +157,7 @@
++kernel_read_kernel_sysctls(mysqld_safe_t) 
+ 
+ dev_list_sysfs(mysqld_safe_t)
+ 
+@@ -152,7 +159,7 @@
  
  miscfiles_read_localization(mysqld_safe_t) 
  
@@ -15914,9 +16100,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  mysql_read_config(mysqld_safe_t)
  mysql_search_pid_files(mysqld_safe_t)
  mysql_write_log(mysqld_safe_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.33/policy/modules/services/nagios.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.1/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nagios.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nagios.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,16 +1,22 @@
  /etc/nagios(/.*)?			gen_context(system_u:object_r:nagios_etc_t,s0)
  /etc/nagios/nrpe\.cfg		--	gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -15945,9 +16131,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 +/usr/lib(64)?/cgi-bin/nagios(/.+)?	gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
 +/usr/lib(64)?/nagios/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.33/policy/modules/services/nagios.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.1/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nagios.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nagios.if	2009-11-17 11:06:58.000000000 -0500
 @@ -64,7 +64,7 @@
  
  ########################################
@@ -16066,9 +16252,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	admin_pattern($1, nrpe_etc_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.33/policy/modules/services/nagios.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.1/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nagios.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nagios.te	2009-11-18 16:57:18.000000000 -0500
 @@ -10,13 +10,12 @@
  type nagios_exec_t;
  init_daemon_domain(nagios_t, nagios_exec_t)
@@ -16198,7 +16384,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_system_state(nrpe_t)
  kernel_read_kernel_sysctls(nrpe_t)
  
-@@ -192,6 +204,8 @@
+@@ -183,15 +195,19 @@
+ dev_read_urand(nrpe_t)
+ 
+ domain_use_interactive_fds(nrpe_t)
++domain_read_all_domains_state(nrpe_t)
+ 
+ files_read_etc_runtime_files(nrpe_t)
+ 
++fs_getattr_all_fs(nrpe_t)
+ fs_search_auto_mountpoints(nrpe_t)
+ 
+ logging_send_syslog_msg(nrpe_t)
  
  miscfiles_read_localization(nrpe_t)
  
@@ -16207,10 +16404,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_use_unpriv_user_fds(nrpe_t)
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.33/policy/modules/services/networkmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.1/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/networkmanager.fc	2009-11-12 14:26:53.000000000 -0500
-@@ -1,12 +1,26 @@
++++ serefpolicy-3.7.1/policy/modules/services/networkmanager.fc	2009-11-17 11:06:58.000000000 -0500
+@@ -1,12 +1,28 @@
 +/etc/rc\.d/init\.d/wicd		--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
 +/usr/libexec/nm-dispatcher.action --	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -16225,9 +16422,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/nm-system-settings	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 +
 +/var/lib/wicd(/.*)? 			gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
++/var/lib/NetworkManager(/.*)? 		gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
+ 
 +/etc/NetworkManager/system-connections(/.*)? 	gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
 +/etc/NetworkManager(/.*)? 	gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
- 
++
 +/var/log/wicd(/.*)? 			gen_context(system_u:object_r:NetworkManager_log_t,s0)
  /var/log/wpa_supplicant.*	--	gen_context(system_u:object_r:NetworkManager_log_t,s0)
  
@@ -16237,9 +16436,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 +/var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.33/policy/modules/services/networkmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.1/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/networkmanager.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/networkmanager.if	2009-11-17 11:06:58.000000000 -0500
 @@ -118,6 +118,24 @@
  
  ########################################
@@ -16316,9 +16515,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role $2 types NetworkManager_t;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.33/policy/modules/services/networkmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/networkmanager.te	2009-11-16 10:30:18.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/networkmanager.te	2009-11-17 11:06:58.000000000 -0500
 @@ -19,6 +19,9 @@
  type NetworkManager_tmp_t;
  files_tmp_file(NetworkManager_tmp_t)
@@ -16559,9 +16758,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.33/policy/modules/services/nis.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.1/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nis.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nis.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,4 +1,7 @@
 -
 +/etc/rc\.d/init\.d/ypbind	--	gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -16571,9 +16770,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/ypserv\.conf	--	gen_context(system_u:object_r:ypserv_conf_t,s0)
  
  /sbin/ypbind		--	gen_context(system_u:object_r:ypbind_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.33/policy/modules/services/nis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.1/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nis.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nis.if	2009-11-17 11:06:58.000000000 -0500
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -16715,9 +16914,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role $2 types ypbind_t;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.33/policy/modules/services/nis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.1/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nis.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nis.te	2009-11-17 11:06:58.000000000 -0500
 @@ -13,6 +13,9 @@
  type ypbind_exec_t;
  init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -16767,9 +16966,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_bind_all_rpc_ports(ypxfr_t)
  corenet_udp_bind_all_rpc_ports(ypxfr_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.33/policy/modules/services/nscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.1/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nscd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nscd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -121,6 +121,24 @@
  
  ########################################
@@ -16795,10 +16994,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Use NSCD services by mapping the database from
  ##	an inherited NSCD file descriptor.
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.33/policy/modules/services/nscd.te
---- nsaserefpolicy/policy/modules/services/nscd.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nscd.te	2009-11-12 14:26:53.000000000 -0500
-@@ -5,6 +5,13 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.1/policy/modules/services/nscd.te
+--- nsaserefpolicy/policy/modules/services/nscd.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nscd.te	2009-11-17 11:08:16.000000000 -0500
+@@ -1,10 +1,17 @@
+ 
+-policy_module(nscd, 1.10.0)
++policy_module(nscd, 1.10.1)
+ 
+ gen_require(`
  	class nscd all_nscd_perms;
  ')
  
@@ -16833,9 +17037,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	samba_read_config(nscd_t)
 +	samba_read_var_files(nscd_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.6.33/policy/modules/services/nslcd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.7.1/policy/modules/services/nslcd.if
 --- nsaserefpolicy/policy/modules/services/nslcd.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nslcd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nslcd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -94,6 +94,7 @@
  interface(`nslcd_admin',`
  	gen_require(`
@@ -16856,9 +17060,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_lnk_files_pattern($1,nslcd_var_run_t,nslcd_var_run_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.33/policy/modules/services/ntp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.7.1/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ntp.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ntp.if	2009-11-17 11:06:58.000000000 -0500
 @@ -37,6 +37,32 @@
  
  ########################################
@@ -16926,9 +17130,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an ntp environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.33/policy/modules/services/ntp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.1/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ntp.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ntp.te	2009-11-17 11:06:58.000000000 -0500
 @@ -41,10 +41,11 @@
  
  # sys_resource and setrlimit is for locking memory
@@ -16975,10 +17179,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.fc serefpolicy-3.6.33/policy/modules/services/nut.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.fc serefpolicy-3.7.1/policy/modules/services/nut.fc
 --- nsaserefpolicy/policy/modules/services/nut.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/nut.fc	2009-11-12 14:26:53.000000000 -0500
-@@ -0,0 +1,15 @@
++++ serefpolicy-3.7.1/policy/modules/services/nut.fc	2009-11-17 11:06:58.000000000 -0500
+@@ -0,0 +1,8 @@
 +
 +/usr/sbin/upsd			--	gen_context(system_u:object_r:upsd_exec_t,s0)		
 +
@@ -16986,17 +17190,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/sbin/upsdrvctl			--	 gen_context(system_u:object_r:upsdrvctl_exec_t,s0)
 +
-+/var/run/nut/upsdrvctl\.pid  	--      gen_context(system_u:object_r:upsdrvctl_var_run_t,s0)
-+
-+/var/run/nut/upsd\.pid		--	gen_context(system_u:object_r:upsd_var_run_t,s0)
-+
-+/var/run/nut/upsmon\.pid  	--      gen_context(system_u:object_r:upsmon_var_run_t,s0)
-+
-+/var/run/nut/usbhid-ups-myups\.pid   --      gen_context(system_u:object_r:upsdrvctl_var_run_t,s0)
-+/var/run/nut/usbhid-ups-myups	-s	gen_context(system_u:object_r:upsdrvctl_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.if serefpolicy-3.6.33/policy/modules/services/nut.if
++/var/run/nut(/.*)? 			 gen_context(system_u:object_r:nut_var_run_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.if serefpolicy-3.7.1/policy/modules/services/nut.if
 --- nsaserefpolicy/policy/modules/services/nut.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/nut.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nut.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,82 @@
 +## <summary>SELinux policy for nut - Network UPS Tools </summary>
 +
@@ -17010,7 +17207,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +## </summary>
 +## </param>
 +#
-+interface(`upsd_domtrans',`
++interface(`nut_domtrans_upsd',`
 +        gen_require(`
 +                type upsd_t, upsd_exec_t;
 +        ')
@@ -17030,7 +17227,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +## </summary>
 +## </param>
 +#
-+interface(`upsmon_domtrans',`
++interface(`nut_domtrans_upsmon',`
 +        gen_require(`
 +                type upsmon_t, upsmon_exec_t;
 +        ')
@@ -17050,7 +17247,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +## </summary>
 +## </param>
 +#
-+interface(`upsdrvctl_domtrans',`
++interface(`nut_domtrans_upsdrvctl',`
 +        gen_require(`
 +                type upsdrvctl_t, upsdrvctl_exec_t;
 +        ')
@@ -17071,19 +17268,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +##      </summary>
 +## </param>
 +#
-+interface(`upsdrvctl_stream_connect',`
++interface(`nut_stream_connect',`
 +        gen_require(`
-+                type upsdrvctl_t, upsdrvctl_var_run_t;
++                type upsdrvctl_t, nut_var_run_t;
 +        ')
 +
 +        files_search_pids($1)
-+        stream_connect_pattern($1, upsdrvctl_var_run_t, upsdrvctl_var_run_t, upsdrvctl_t)
++        stream_connect_pattern($1, nut_var_run_t, nut_var_run_t, upsdrvctl_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.6.33/policy/modules/services/nut.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.1/policy/modules/services/nut.te
 --- nsaserefpolicy/policy/modules/services/nut.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/nut.te	2009-11-13 15:33:43.000000000 -0500
-@@ -0,0 +1,140 @@
++++ serefpolicy-3.7.1/policy/modules/services/nut.te	2009-11-17 11:06:58.000000000 -0500
+@@ -0,0 +1,128 @@
 +
 +policy_module(nut,1.0.0)
 +
@@ -17096,23 +17293,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type upsd_exec_t;
 +init_daemon_domain(upsd_t,upsd_exec_t)
 +
-+type upsd_var_run_t;
-+files_pid_file(upsd_var_run_t)
++type nut_var_run_t
++files_pid_file(nut_var_run_t)
++typealias nut_var_run_t alias { upsd_var_run_t upsmon_var_run_t upsdrvctl_var_run_t };
 +
 +type upsmon_t;
 +type upsmon_exec_t;
 +init_daemon_domain(upsmon_t,upsmon_exec_t)
 +
-+type upsmon_var_run_t;
-+files_pid_file(upsmon_var_run_t)
-+
 +type upsdrvctl_t;
 +type upsdrvctl_exec_t;
 +init_daemon_domain(upsdrvctl_t, upsdrvctl_exec_t)
 +
-+type upsdrvctl_var_run_t;
-+files_pid_file(upsdrvctl_var_run_t)
-+
 +permissive upsd_t;
 +permissive upsdrvctl_t;
 +permissive upsmon_t;
@@ -17128,12 +17320,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow upsd_t self:tcp_socket create_stream_socket_perms;
 +
 +# pid file
-+manage_files_pattern(upsd_t, upsd_var_run_t, upsd_var_run_t)
-+manage_dirs_pattern(upsd_t, upsd_var_run_t, upsd_var_run_t)
-+manage_sock_files_pattern(upsd_t, upsd_var_run_t, upsd_var_run_t)
-+files_pid_filetrans(upsd_t, upsd_var_run_t, { file })
-+
-+rw_files_pattern(upsd_t, upsdrvctl_var_run_t, upsdrvctl_var_run_t)
++manage_files_pattern(upsd_t, nut_var_run_t, nut_var_run_t)
++manage_dirs_pattern(upsd_t, nut_var_run_t, nut_var_run_t)
++manage_sock_files_pattern(upsd_t, nut_var_run_t, nut_var_run_t)
++files_pid_filetrans(upsd_t, nut_var_run_t, { file })
 +
 +corenet_tcp_bind_ups_port(upsd_t)
 +corenet_tcp_bind_generic_node(upsd_t)
@@ -17151,9 +17341,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +miscfiles_read_localization(upsd_t)
 +
-+optional_policy(`
-+	upsdrvctl_stream_connect(upsd_t)
-+')
++nut_stream_connect(upsd_t)
 +
 +######################################
 +#
@@ -17167,11 +17355,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow upsmon_t self:tcp_socket create_stream_socket_perms;
 +
 +# pid file
-+manage_files_pattern(upsmon_t, upsmon_var_run_t, upsmon_var_run_t)
-+manage_dirs_pattern(upsmon_t, upsmon_var_run_t, upsmon_var_run_t)
-+files_pid_filetrans(upsmon_t, upsmon_var_run_t, { file })
-+
-+rw_sock_files_pattern(upsmon_t,upsd_var_run_t,upsd_var_run_t)
++manage_files_pattern(upsmon_t, nut_var_run_t, nut_var_run_t)
++manage_dirs_pattern(upsmon_t, nut_var_run_t, nut_var_run_t)
++files_pid_filetrans(upsmon_t, nut_var_run_t, { file })
 +
 +corenet_tcp_connect_ups_port(upsmon_t)
 +
@@ -17203,10 +17389,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow upsdrvctl_t self:unix_dgram_socket { create_socket_perms sendto };
 +
 +# pid file
-+manage_files_pattern(upsdrvctl_t, upsdrvctl_var_run_t, upsdrvctl_var_run_t)
-+manage_dirs_pattern(upsdrvctl_t, upsdrvctl_var_run_t, upsdrvctl_var_run_t)
-+manage_sock_files_pattern(upsdrvctl_t, upsdrvctl_var_run_t, upsdrvctl_var_run_t)
-+files_pid_filetrans(upsdrvctl_t, upsdrvctl_var_run_t, { file sock_file })
++manage_files_pattern(upsdrvctl_t, nut_var_run_t, nut_var_run_t)
++manage_dirs_pattern(upsdrvctl_t, nut_var_run_t, nut_var_run_t)
++manage_sock_files_pattern(upsdrvctl_t, nut_var_run_t, nut_var_run_t)
++files_pid_filetrans(upsdrvctl_t, nut_var_run_t, { file sock_file })
 +
 +corecmd_exec_bin(upsdrvctl_t)
 +
@@ -17223,10 +17409,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +logging_send_syslog_msg(upsdrvctl_t)
 +
 +miscfiles_read_localization(upsdrvctl_t)
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.6.33/policy/modules/services/nx.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.1/policy/modules/services/nx.fc
 --- nsaserefpolicy/policy/modules/services/nx.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nx.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nx.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,6 +1,7 @@
  /opt/NX/bin/nxserver		--	gen_context(system_u:object_r:nx_server_exec_t,s0)
  
@@ -17235,9 +17420,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /opt/NX/var(/.*)?			gen_context(system_u:object_r:nx_server_var_run_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.6.33/policy/modules/services/nx.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.1/policy/modules/services/nx.if
 --- nsaserefpolicy/policy/modules/services/nx.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nx.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nx.if	2009-11-17 11:06:58.000000000 -0500
 @@ -17,3 +17,22 @@
  
  	spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
@@ -17261,9 +17446,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	read_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t)
 +	read_lnk_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.33/policy/modules/services/nx.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.1/policy/modules/services/nx.te
 --- nsaserefpolicy/policy/modules/services/nx.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/nx.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/nx.te	2009-11-17 11:06:58.000000000 -0500
 @@ -25,6 +25,9 @@
  type nx_server_var_run_t;
  files_pid_file(nx_server_var_run_t)
@@ -17284,9 +17469,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_system_state(nx_server_t)
  kernel_read_kernel_sysctls(nx_server_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.33/policy/modules/services/oddjob.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.1/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/oddjob.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/oddjob.if	2009-11-17 11:06:58.000000000 -0500
 @@ -44,6 +44,7 @@
  	')
  
@@ -17295,9 +17480,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.33/policy/modules/services/openvpn.te
---- nsaserefpolicy/policy/modules/services/openvpn.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/openvpn.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.1/policy/modules/services/openvpn.te
+--- nsaserefpolicy/policy/modules/services/openvpn.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/openvpn.te	2009-11-17 11:06:58.000000000 -0500
 @@ -100,6 +100,8 @@
  files_read_etc_files(openvpn_t)
  files_read_etc_runtime_files(openvpn_t)
@@ -17307,9 +17492,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_send_syslog_msg(openvpn_t)
  
  miscfiles_read_localization(openvpn_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.6.33/policy/modules/services/pcscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.1/policy/modules/services/pcscd.if
 --- nsaserefpolicy/policy/modules/services/pcscd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/pcscd.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/pcscd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -53,6 +53,5 @@
  	')
  
@@ -17318,9 +17503,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	allow $1 pcscd_t:unix_stream_socket connectto;
 +	stream_connect_pattern($1, pcscd_var_run_t, pcscd_var_run_t, pcscd_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.33/policy/modules/services/pcscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.7.1/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/pcscd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/pcscd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -29,6 +29,7 @@
  
  manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
@@ -17345,9 +17530,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  term_use_unallocated_ttys(pcscd_t)
  term_dontaudit_getattr_pty_dirs(pcscd_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.33/policy/modules/services/pegasus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.7.1/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/pegasus.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/pegasus.te	2009-11-17 11:06:58.000000000 -0500
 @@ -30,7 +30,7 @@
  # Local policy
  #
@@ -17419,18 +17604,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xen_stream_connect(pegasus_t)
 +	xen_stream_connect_xenstore(pegasus_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.fc serefpolicy-3.6.33/policy/modules/services/plymouth.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.fc serefpolicy-3.7.1/policy/modules/services/plymouth.fc
 --- nsaserefpolicy/policy/modules/services/plymouth.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/plymouth.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/plymouth.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,5 @@
 +/sbin/plymouthd				--	gen_context(system_u:object_r:plymouthd_exec_t, s0)
 +/bin/plymouth				--	gen_context(system_u:object_r:plymouth_exec_t, s0)
 +/var/spool/plymouth(/.*)?			gen_context(system_u:object_r:plymouthd_spool_t, s0)
 +/var/lib/plymouth(/.*)?				gen_context(system_u:object_r:plymouthd_var_lib_t, s0)
 +/var/run/plymouth(/.*)?				gen_context(system_u:object_r:plymouthd_var_run_t, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.if serefpolicy-3.6.33/policy/modules/services/plymouth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.if serefpolicy-3.7.1/policy/modules/services/plymouth.if
 --- nsaserefpolicy/policy/modules/services/plymouth.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/plymouth.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/plymouth.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,286 @@
 +## <summary>policy for plymouthd</summary>
 +
@@ -17718,9 +17903,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 plymouthd_t:unix_stream_socket connectto;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.te serefpolicy-3.6.33/policy/modules/services/plymouth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.te serefpolicy-3.7.1/policy/modules/services/plymouth.te
 --- nsaserefpolicy/policy/modules/services/plymouth.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/plymouth.te	2009-11-16 10:36:01.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/plymouth.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,101 @@
 +policy_module(plymouthd, 1.0.0)
 +
@@ -17823,9 +18008,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hal_dontaudit_rw_pipes(plymouth_t)
 +')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.6.33/policy/modules/services/policykit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.7.1/policy/modules/services/policykit.fc
 --- nsaserefpolicy/policy/modules/services/policykit.fc	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/policykit.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/policykit.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -6,10 +6,13 @@
  /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
  /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
@@ -17841,9 +18026,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
  /var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.6.33/policy/modules/services/policykit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.7.1/policy/modules/services/policykit.if
 --- nsaserefpolicy/policy/modules/services/policykit.if	2009-08-18 18:39:50.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/policykit.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/policykit.if	2009-11-17 11:06:58.000000000 -0500
 @@ -17,6 +17,8 @@
  		class dbus send_msg;
  	')
@@ -17911,9 +18096,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 policykit_auth_t:process signal;
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.6.33/policy/modules/services/policykit.te
---- nsaserefpolicy/policy/modules/services/policykit.te	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/policykit.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.1/policy/modules/services/policykit.te
+--- nsaserefpolicy/policy/modules/services/policykit.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/policykit.te	2009-11-17 11:06:58.000000000 -0500
 @@ -36,11 +36,12 @@
  # policykit local policy
  #
@@ -18063,9 +18248,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow policykit_resolve_t self:unix_dgram_socket create_socket_perms;
  allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms;
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.33/policy/modules/services/postfix.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.7.1/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/postfix.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/postfix.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -18079,9 +18264,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/postdrop	--	gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
  /usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.33/policy/modules/services/postfix.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.7.1/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/postfix.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/postfix.if	2009-11-17 11:06:58.000000000 -0500
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -18328,9 +18513,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role $2 types postfix_postdrop_t;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.33/policy/modules/services/postfix.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.7.1/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/postfix.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/postfix.te	2009-11-17 11:06:58.000000000 -0500
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -18723,9 +18908,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_manage_user_home_content(postfix_virtual_t)
 +userdom_home_filetrans_user_home_dir(postfix_virtual_t)
 +userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.33/policy/modules/services/postgresql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.7.1/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/postgresql.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/postgresql.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -2,6 +2,8 @@
  # /etc
  #
@@ -18763,9 +18948,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_var_run_t,s0)
 +
 +/var/run/postmaster.*			gen_context(system_u:object_r:postgresql_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.33/policy/modules/services/postgresql.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.7.1/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/postgresql.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/postgresql.if	2009-11-17 11:06:58.000000000 -0500
 @@ -384,3 +384,46 @@
  
  	typeattribute $1 sepgsql_unconfined_type;
@@ -18813,9 +18998,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	admin_pattern($1, postgresql_tmp_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.33/policy/modules/services/postgresql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.7.1/policy/modules/services/postgresql.te
 --- nsaserefpolicy/policy/modules/services/postgresql.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/postgresql.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/postgresql.te	2009-11-17 11:06:58.000000000 -0500
 @@ -32,6 +32,9 @@
  type postgresql_etc_t;
  files_config_file(postgresql_etc_t)
@@ -18860,9 +19045,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  miscfiles_read_localization(postgresql_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.33/policy/modules/services/ppp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.7.1/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ppp.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ppp.if	2009-11-17 11:06:58.000000000 -0500
 @@ -177,10 +177,16 @@
  interface(`ppp_run',`
  	gen_require(`
@@ -18880,9 +19065,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.33/policy/modules/services/ppp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.1/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ppp.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ppp.te	2009-11-17 11:06:58.000000000 -0500
 @@ -38,7 +38,7 @@
  files_type(pppd_etc_rw_t)
  
@@ -18934,9 +19119,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	hostname_exec(pptp_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.33/policy/modules/services/prelude.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.1/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/prelude.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/prelude.te	2009-11-17 11:06:58.000000000 -0500
 @@ -122,7 +122,8 @@
  #
  # prelude_audisp local policy
@@ -18947,9 +19132,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow prelude_audisp_t self:fifo_file rw_file_perms;
  allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
  allow prelude_audisp_t self:unix_dgram_socket create_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.6.33/policy/modules/services/privoxy.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.7.1/policy/modules/services/privoxy.fc
 --- nsaserefpolicy/policy/modules/services/privoxy.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/privoxy.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/privoxy.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,6 +1,5 @@
  
 -/etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -18958,9 +19143,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/rc\.d/init\.d/privoxy --	gen_context(system_u:object_r:privoxy_initrc_exec_t,s0)
  
  /usr/sbin/privoxy	--	gen_context(system_u:object_r:privoxy_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.33/policy/modules/services/privoxy.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.7.1/policy/modules/services/privoxy.te
 --- nsaserefpolicy/policy/modules/services/privoxy.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/privoxy.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/privoxy.te	2009-11-17 11:06:58.000000000 -0500
 @@ -47,9 +47,8 @@
  manage_files_pattern(privoxy_t, privoxy_var_run_t, privoxy_var_run_t)
  files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
@@ -18972,9 +19157,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(privoxy_t)
  corenet_all_recvfrom_netlabel(privoxy_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.33/policy/modules/services/procmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.7.1/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/procmail.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/procmail.te	2009-11-17 11:06:58.000000000 -0500
 @@ -22,7 +22,7 @@
  # Local policy
  #
@@ -19022,9 +19207,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.33/policy/modules/services/pyzor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.7.1/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/pyzor.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/pyzor.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,6 +1,10 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -19036,9 +19221,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.33/policy/modules/services/pyzor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.7.1/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/pyzor.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/pyzor.if	2009-11-17 11:06:58.000000000 -0500
 @@ -88,3 +88,50 @@
  	corecmd_search_bin($1)
  	can_exec($1, pyzor_exec_t)
@@ -19090,9 +19275,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.33/policy/modules/services/pyzor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.7.1/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/pyzor.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/pyzor.te	2009-11-17 11:06:58.000000000 -0500
 @@ -6,6 +6,38 @@
  # Declarations
  #
@@ -19157,9 +19342,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_search_user_home_dirs(pyzor_t)
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.33/policy/modules/services/radvd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.7.1/policy/modules/services/radvd.te
 --- nsaserefpolicy/policy/modules/services/radvd.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/radvd.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/radvd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -41,6 +41,7 @@
  kernel_rw_net_sysctls(radvd_t)
  kernel_read_network_state(radvd_t)
@@ -19168,17 +19353,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(radvd_t)
  corenet_all_recvfrom_netlabel(radvd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.33/policy/modules/services/razor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.7.1/policy/modules/services/razor.fc
 --- nsaserefpolicy/policy/modules/services/razor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/razor.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/razor.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,3 +1,4 @@
 +/root/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  
  /etc/razor(/.*)?		gen_context(system_u:object_r:razor_etc_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.33/policy/modules/services/razor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.7.1/policy/modules/services/razor.if
 --- nsaserefpolicy/policy/modules/services/razor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/razor.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/razor.if	2009-11-17 11:06:58.000000000 -0500
 @@ -157,3 +157,45 @@
  
  	domtrans_pattern($1, razor_exec_t, razor_t)
@@ -19225,9 +19410,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.33/policy/modules/services/razor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.7.1/policy/modules/services/razor.te
 --- nsaserefpolicy/policy/modules/services/razor.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/razor.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/razor.te	2009-11-17 11:06:58.000000000 -0500
 @@ -6,6 +6,32 @@
  # Declarations
  #
@@ -19279,9 +19464,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.6.33/policy/modules/services/rgmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.7.1/policy/modules/services/rgmanager.fc
 --- nsaserefpolicy/policy/modules/services/rgmanager.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/rgmanager.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rgmanager.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,8 @@
 +
 +/usr/sbin/rgmanager                    --      gen_context(system_u:object_r:rgmanager_exec_t,s0)
@@ -19291,9 +19476,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/rgmanager\.pid                --      gen_context(system_u:object_r:rgmanager_var_run_t,s0)
 +
 +/var/run/cluster/rgmanager\.sk        -s      gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.6.33/policy/modules/services/rgmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.1/policy/modules/services/rgmanager.if
 --- nsaserefpolicy/policy/modules/services/rgmanager.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/rgmanager.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rgmanager.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,59 @@
 +## <summary>SELinux policy for rgmanager</summary>
 +
@@ -19354,9 +19539,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	stream_connect_pattern($1, rgmanager_var_run_t, rgmanager_var_run_t, rgmanager_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.6.33/policy/modules/services/rgmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.1/policy/modules/services/rgmanager.te
 --- nsaserefpolicy/policy/modules/services/rgmanager.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/rgmanager.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rgmanager.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,83 @@
 +
 +policy_module(rgmanager,1.0.0)
@@ -19441,9 +19626,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	ccs_stream_connect(rgmanager_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.6.33/policy/modules/services/rhcs.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.1/policy/modules/services/rhcs.fc
 --- nsaserefpolicy/policy/modules/services/rhcs.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/rhcs.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rhcs.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,22 @@
 +
 +/sbin/dlm_controld                     --      gen_context(system_u:object_r:dlm_controld_exec_t,s0)
@@ -19467,9 +19652,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/qdiskd(/.*)?                          gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
 +/var/log/cluster/qdiskd\.log.*         --      gen_context(system_u:object_r:qdiskd_var_log_t,s0)
 +/var/run/qdiskd\.pid                   --      gen_context(system_u:object_r:qdiskd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.6.33/policy/modules/services/rhcs.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.7.1/policy/modules/services/rhcs.if
 --- nsaserefpolicy/policy/modules/services/rhcs.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/rhcs.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rhcs.if	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,348 @@
 +## <summary>SELinux policy for RHCS - Red Hat Cluster Suite </summary>
 +
@@ -19819,9 +20004,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.6.33/policy/modules/services/rhcs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.7.1/policy/modules/services/rhcs.te
 --- nsaserefpolicy/policy/modules/services/rhcs.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/rhcs.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rhcs.te	2009-11-17 11:06:58.000000000 -0500
 @@ -0,0 +1,394 @@
 +
 +policy_module(rhcs,1.0.0)
@@ -20217,9 +20402,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.33/policy/modules/services/ricci.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.1/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ricci.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ricci.te	2009-11-17 11:06:58.000000000 -0500
 @@ -194,10 +194,13 @@
  # ricci_modcluster local policy
  #
@@ -20308,9 +20493,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	ccs_stream_connect(ricci_modstorage_t)
  	ccs_read_config(ricci_modstorage_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.33/policy/modules/services/rpcbind.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.7.1/policy/modules/services/rpcbind.if
 --- nsaserefpolicy/policy/modules/services/rpcbind.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/rpcbind.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rpcbind.if	2009-11-17 11:06:58.000000000 -0500
 @@ -97,6 +97,26 @@
  
  ########################################
@@ -20338,9 +20523,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an rpcbind environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.6.33/policy/modules/services/rpcbind.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.7.1/policy/modules/services/rpcbind.te
 --- nsaserefpolicy/policy/modules/services/rpcbind.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/rpcbind.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rpcbind.te	2009-11-17 11:06:58.000000000 -0500
 @@ -42,6 +42,7 @@
  
  kernel_read_system_state(rpcbind_t)
@@ -20349,9 +20534,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(rpcbind_t)
  corenet_all_recvfrom_netlabel(rpcbind_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.33/policy/modules/services/rpc.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.1/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/rpc.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rpc.if	2009-11-17 11:06:58.000000000 -0500
 @@ -54,7 +54,7 @@
  	allow $1_t self:unix_dgram_socket create_socket_perms;
  	allow $1_t self:unix_stream_socket create_stream_socket_perms;
@@ -20380,9 +20565,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		seutil_sigchld_newrole($1_t)
  	')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.33/policy/modules/services/rpc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.1/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/rpc.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rpc.te	2009-11-17 11:06:58.000000000 -0500
 @@ -53,7 +53,7 @@
  # RPC local policy
  #
@@ -20469,9 +20654,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.33/policy/modules/services/rsync.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.7.1/policy/modules/services/rsync.te
 --- nsaserefpolicy/policy/modules/services/rsync.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/rsync.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rsync.te	2009-11-17 11:06:58.000000000 -0500
 @@ -8,6 +8,13 @@
  
  ## <desc>
@@ -20514,9 +20699,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
  auth_can_read_shadow_passwords(rsync_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.6.33/policy/modules/services/rtkit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.7.1/policy/modules/services/rtkit.if
 --- nsaserefpolicy/policy/modules/services/rtkit.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/rtkit.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rtkit.if	2009-11-17 11:06:58.000000000 -0500
 @@ -38,3 +38,23 @@
  	allow $1 rtkit_daemon_t:dbus send_msg;
  	allow rtkit_daemon_t $1:dbus send_msg;
@@ -20541,9 +20726,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow rtkit_daemon_t $1:process { getsched setsched };
 +	rtkit_daemon_dbus_chat($1)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.6.33/policy/modules/services/rtkit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.7.1/policy/modules/services/rtkit.te
 --- nsaserefpolicy/policy/modules/services/rtkit.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/rtkit.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/rtkit.te	2009-11-17 11:06:58.000000000 -0500
 @@ -17,9 +17,11 @@
  
  allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
@@ -20556,9 +20741,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  domain_read_all_domains_state(rtkit_daemon_t)
  
  fs_rw_anon_inodefs_files(rtkit_daemon_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.33/policy/modules/services/samba.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.7.1/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/samba.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/samba.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -51,3 +51,7 @@
  /var/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
  
@@ -20567,9 +20752,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +ifndef(`enable_mls',`
 +/var/lib/samba/scripts(/.*)?		gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.33/policy/modules/services/samba.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.7.1/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/samba.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/samba.if	2009-11-17 11:06:58.000000000 -0500
 @@ -62,6 +62,25 @@
  
  ########################################
@@ -20742,9 +20927,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	admin_pattern($1, winbind_var_run_t)
 +	admin_pattern($1, samba_unconfined_script_exec_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.33/policy/modules/services/samba.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.1/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/samba.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/samba.te	2009-11-17 11:06:58.000000000 -0500
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -20976,9 +21161,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +',`
 +	can_exec(smbd_t, samba_unconfined_script_exec_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.33/policy/modules/services/sasl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.7.1/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/sasl.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/sasl.te	2009-11-17 11:06:58.000000000 -0500
 @@ -31,7 +31,7 @@
  # Local policy
  #
@@ -21041,9 +21226,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(saslauthd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.33/policy/modules/services/sendmail.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.1/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/sendmail.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/sendmail.if	2009-11-17 11:06:58.000000000 -0500
 @@ -59,20 +59,20 @@
  
  ########################################
@@ -21216,9 +21401,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 sendmail_t:fifo_file rw_fifo_file_perms; 
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.33/policy/modules/services/sendmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.1/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/sendmail.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/sendmail.te	2009-11-17 11:06:58.000000000 -0500
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -21394,18 +21579,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
 -') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.33/policy/modules/services/setroubleshoot.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.7.1/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/setroubleshoot.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/setroubleshoot.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -5,3 +5,5 @@
  /var/log/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
  
  /var/lib/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
 +
 +/usr/share/setroubleshoot/SetroubleshootFixit\.py* 	--	gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.33/policy/modules/services/setroubleshoot.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.7.1/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/setroubleshoot.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/setroubleshoot.if	2009-11-17 11:06:58.000000000 -0500
 @@ -16,8 +16,8 @@
  	')
  
@@ -21542,9 +21727,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_list_pids($1)
 +	admin_pattern($1, setroubleshoot_var_run_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.33/policy/modules/services/setroubleshoot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.7.1/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/setroubleshoot.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/setroubleshoot.te	2009-11-17 11:06:58.000000000 -0500
 @@ -22,13 +22,19 @@
  type setroubleshoot_var_run_t;
  files_pid_file(setroubleshoot_var_run_t)
@@ -21685,9 +21870,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +        policykit_dbus_chat(setroubleshoot_fixit_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.33/policy/modules/services/smartmon.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.7.1/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/smartmon.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/smartmon.te	2009-11-17 11:06:58.000000000 -0500
 @@ -19,14 +19,18 @@
  type fsdaemon_tmp_t;
  files_tmp_file(fsdaemon_tmp_t)
@@ -21748,9 +21933,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.6.33/policy/modules/services/snmp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.7.1/policy/modules/services/snmp.if
 --- nsaserefpolicy/policy/modules/services/snmp.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/snmp.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/snmp.if	2009-11-17 11:06:58.000000000 -0500
 @@ -50,6 +50,24 @@
  
  ########################################
@@ -21803,9 +21988,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.33/policy/modules/services/snmp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.7.1/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/snmp.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/snmp.te	2009-11-17 11:06:58.000000000 -0500
 @@ -27,7 +27,7 @@
  #
  allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
@@ -21824,9 +22009,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_list_sysfs(snmpd_t)
  dev_read_sysfs(snmpd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.33/policy/modules/services/spamassassin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.7.1/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/spamassassin.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/spamassassin.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,15 +1,26 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -21856,9 +22041,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/spamd(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
 +/var/spool/MD-Quarantine(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
 +/var/spool/MIMEDefang(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.33/policy/modules/services/spamassassin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.7.1/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/spamassassin.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/spamassassin.if	2009-11-17 11:06:58.000000000 -0500
 @@ -111,6 +111,27 @@
  	')
  
@@ -21967,9 +22152,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_list_pids($1)
 +	admin_pattern($1, spamd_var_run_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.33/policy/modules/services/spamassassin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.7.1/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/spamassassin.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/spamassassin.te	2009-11-17 11:06:58.000000000 -0500
 @@ -20,6 +20,35 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs, true)
@@ -22271,9 +22456,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	udev_read_db(spamd_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.33/policy/modules/services/squid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.7.1/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/squid.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/squid.te	2009-11-17 11:06:58.000000000 -0500
 @@ -67,7 +67,9 @@
  
  can_exec(squid_t, squid_exec_t)
@@ -22302,18 +22487,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -#squid requires the following when run in diskd mode, the recommended setting
 -allow squid_t tmpfs_t:file { read write };
 -') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.33/policy/modules/services/ssh.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.7.1/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ssh.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ssh.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -14,3 +14,5 @@
  /usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
  
  /var/run/sshd\.init\.pid	--	gen_context(system_u:object_r:sshd_var_run_t,s0)
 +
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.33/policy/modules/services/ssh.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.1/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ssh.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/ssh.if	2009-11-18 16:54:14.000000000 -0500
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -22442,15 +22627,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	corenet_tcp_bind_ssh_port($1_t)
  	corenet_tcp_connect_all_ports($1_t)
 +	corenet_tcp_bind_all_unreserved_ports($1_t)
- 	corenet_sendrecv_ssh_server_packets($1_t)
-+	# -R qualifier
 +	corenet_sendrecv_ssh_server_packets($1_t)
++	# -R qualifier
+ 	corenet_sendrecv_ssh_server_packets($1_t)
 +	# tunnel feature and -w (net_admin capability also)
 +	corenet_rw_tun_tap_dev($1_t)
  
  	fs_dontaudit_getattr_all_fs($1_t)
  
-@@ -237,18 +236,23 @@
+@@ -234,21 +233,27 @@
+ 	corecmd_getattr_bin_files($1_t)
+ 
+ 	domain_interactive_fd($1_t)
++	domain_dyntrans_type($1_t)
  
  	files_read_etc_files($1_t)
  	files_read_etc_runtime_files($1_t)
@@ -22476,7 +22665,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	tunable_policy(`use_samba_home_dirs',`
-@@ -257,15 +261,11 @@
+@@ -257,15 +262,11 @@
  
  	optional_policy(`
  		kerberos_use($1_t)
@@ -22494,7 +22683,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	optional_policy(`
-@@ -337,6 +337,7 @@
+@@ -337,6 +338,7 @@
  	allow ssh_t $3:unix_stream_socket connectto;
  
  	# user can manage the keys and config
@@ -22502,7 +22691,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	manage_files_pattern($3, home_ssh_t, home_ssh_t)
  	manage_lnk_files_pattern($3, home_ssh_t, home_ssh_t)
  	manage_sock_files_pattern($3, home_ssh_t, home_ssh_t)
-@@ -446,6 +447,24 @@
+@@ -446,6 +448,24 @@
  
  ########################################
  ## <summary>
@@ -22527,7 +22716,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read a ssh server unnamed pipe.
  ## </summary>
  ## <param name="domain">
-@@ -461,6 +480,23 @@
+@@ -461,6 +481,23 @@
  
  	allow $1 sshd_t:fifo_file { getattr read };
  ')
@@ -22551,7 +22740,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
  ## <summary>
-@@ -603,3 +639,83 @@
+@@ -603,3 +640,104 @@
  
  	dontaudit $1 sshd_key_t:file { getattr read };
  ')
@@ -22616,6 +22805,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	userdom_search_user_home_dirs($1)
 +')
 +
++######################################
++## <summary>
++##  Manage ssh home directory content
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`ssh_manage_user_home_files',`
++    gen_require(`
++        type home_ssh_t;
++    ')
++
++    allow $1 home_ssh_t:dir list_dir_perms;
++    manage_dirs_pattern($1, home_ssh_t, home_ssh_t)
++    manage_files_pattern($1, home_ssh_t, home_ssh_t)
++    userdom_search_user_home_dirs($1)
++')
++
 +########################################
 +## <summary>
 +##	Set the attributes of sshd key files.
@@ -22635,20 +22845,56 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_search_pids($1)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.33/policy/modules/services/ssh.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.1/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/ssh.te	2009-11-12 14:26:53.000000000 -0500
-@@ -41,6 +41,9 @@
++++ serefpolicy-3.7.1/policy/modules/services/ssh.te	2009-11-18 16:54:37.000000000 -0500
+@@ -8,6 +8,31 @@
+ 
+ ## <desc>
+ ## <p>
++## Allow sftp to upload files, used for public file
++## transfer services. Directories must be labeled
++## public_content_rw_t.
++## </p>
++## </desc>
++gen_tunable(allow_sftpd_anon_write, false)
++
++## <desc>
++## <p>
++## Allow sftp to login to local users and 
++## read/write all files on the system, governed by DAC.
++## </p>
++## </desc>
++gen_tunable(allow_sftpd_full_access, false)
++
++## <desc>
++## <p>
++## Allow interlnal-sftp to read and write files 
++## in the user ssh home directories.
++## </p>
++## </desc>
++gen_tunable(sftpd_ssh_home_dir, false)
++
++## <desc>
++## <p>
+ ## allow host key based authentication
+ ## </p>
+ ## </desc>
+@@ -41,6 +66,13 @@
  files_tmp_file(sshd_tmp_t)
  files_poly_parent(sshd_tmp_t)
  
 +type sshd_tmpfs_t;
 +files_tmpfs_file(sshd_tmpfs_t)
 +
++type sftpd_t;
++domain_type(sftpd_t)
++role system_r types sftpd_t;
++
  ifdef(`enable_mcs',`
  	init_ranged_daemon_domain(sshd_t, sshd_exec_t, s0 - mcs_systemhigh)
  ')
-@@ -75,7 +78,7 @@
+@@ -75,7 +107,7 @@
  ubac_constrained(ssh_tmpfs_t)
  
  type home_ssh_t;
@@ -22657,7 +22903,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  typealias home_ssh_t alias { auditadm_home_ssh_t secadm_home_ssh_t };
  files_type(home_ssh_t)
  userdom_user_home_content(home_ssh_t)
-@@ -95,8 +98,7 @@
+@@ -95,8 +127,7 @@
  allow ssh_t self:sem create_sem_perms;
  allow ssh_t self:msgq create_msgq_perms;
  allow ssh_t self:msg { send receive };
@@ -22667,7 +22913,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Read the ssh key file.
  allow ssh_t sshd_key_t:file read_file_perms;
-@@ -115,6 +117,7 @@
+@@ -115,6 +146,7 @@
  manage_dirs_pattern(ssh_t, home_ssh_t, home_ssh_t)
  manage_sock_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
  userdom_user_home_dir_filetrans(ssh_t, home_ssh_t, { dir sock_file })
@@ -22675,7 +22921,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Allow the ssh program to communicate with ssh-agent.
  stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
-@@ -126,11 +129,13 @@
+@@ -126,11 +158,13 @@
  read_lnk_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
  
  # ssh servers can read the user keys and config
@@ -22692,7 +22938,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(ssh_t)
  corenet_all_recvfrom_netlabel(ssh_t)
-@@ -139,6 +144,8 @@
+@@ -139,6 +173,8 @@
  corenet_tcp_sendrecv_all_ports(ssh_t)
  corenet_tcp_connect_ssh_port(ssh_t)
  corenet_sendrecv_ssh_client_packets(ssh_t)
@@ -22701,7 +22947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_read_urand(ssh_t)
  
-@@ -160,19 +167,19 @@
+@@ -160,19 +196,19 @@
  logging_send_syslog_msg(ssh_t)
  logging_read_generic_logs(ssh_t)
  
@@ -22724,7 +22970,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  tunable_policy(`allow_ssh_keysign',`
  	domain_auto_trans(ssh_t, ssh_keysign_exec_t, ssh_keysign_t)
-@@ -194,23 +201,13 @@
+@@ -194,23 +230,13 @@
  # for port forwarding
  tunable_policy(`user_tcp_server',`
  	corenet_tcp_bind_ssh_port(ssh_t)
@@ -22750,7 +22996,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -310,16 +307,34 @@
+@@ -294,6 +320,8 @@
+ allow sshd_t self:netlink_route_socket r_netlink_socket_perms;
+ allow sshd_t self:key { search link write };
+ 
++allow sshd_t self:process setcurrent;
++
+ manage_dirs_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
+ manage_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
+ manage_sock_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
+@@ -310,16 +338,34 @@
  corenet_tcp_bind_xserver_port(sshd_t)
  corenet_sendrecv_xserver_server_packets(sshd_t)
  
@@ -22787,7 +23042,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -331,6 +346,10 @@
+@@ -331,6 +377,10 @@
  ')
  
  optional_policy(`
@@ -22798,7 +23053,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rpm_use_script_fds(sshd_t)
  ')
  
-@@ -341,7 +360,11 @@
+@@ -341,7 +391,11 @@
  ')
  
  optional_policy(`
@@ -22811,7 +23066,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_shell_domtrans(sshd_t)
  ')
  
-@@ -400,15 +423,13 @@
+@@ -400,18 +454,63 @@
  init_use_fds(ssh_keygen_t)
  init_use_script_ptys(ssh_keygen_t)
  
@@ -22829,9 +23084,59 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(ssh_keygen_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.33/policy/modules/services/sssd.fc
+ optional_policy(`
+ 	udev_read_db(ssh_keygen_t)
+ ')
++
++#######################################
++#
++# sftp Local policy
++#
++
++allow ssh_server sftpd_t:process dyntransition;
++
++ssh_sigchld(sftpd_t)
++
++files_read_all_files(sftpd_t)
++files_read_all_symlinks(sftpd_t)
++
++fs_read_noxattr_fs_files(sftpd_t)
++fs_read_nfs_files(sftpd_t)
++fs_read_cifs_files(sftpd_t)
++
++# allow access to /home by default
++userdom_manage_user_home_content_dirs(sftpd_t)
++userdom_manage_user_home_content_files(sftpd_t)
++userdom_manage_user_home_content_symlinks(sftpd_t)
++
++userdom_user_home_dir_filetrans_pattern(sftpd_t, { dir file lnk_file })
++
++tunable_policy(`allow_sftpd_anon_write',`
++    miscfiles_manage_public_files(sftpd_t)
++')
++
++tunable_policy(`allow_sftpd_full_access',`
++    allow sftpd_t self:capability { dac_override dac_read_search };
++    fs_read_noxattr_fs_files(sftpd_t)
++    auth_manage_all_files_except_shadow(sftpd_t)
++')
++
++tunable_policy(`sftpd_ssh_home_dir',`
++    ssh_manage_user_home_files(sftpd_t)
++')
++
++tunable_policy(`use_nfs_home_dirs',`
++    fs_manage_nfs_dirs(sftpd_t)
++    fs_manage_nfs_files(sftpd_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++    fs_manage_cifs_dirs(sftpd_t)
++    fs_manage_cifs_files(sftpd_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.7.1/policy/modules/services/sssd.fc
 --- nsaserefpolicy/policy/modules/services/sssd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/sssd.fc	2009-11-13 10:59:21.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/sssd.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,6 +1,9 @@
 -/etc/rc.d/init.d/sssd	--	gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/sssd	--	gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
@@ -22843,9 +23148,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/sssd(/.*)?		gen_context(system_u:object_r:sssd_var_lib_t,s0)
 +
  /var/run/sssd.pid	--	gen_context(system_u:object_r:sssd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.33/policy/modules/services/sssd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.7.1/policy/modules/services/sssd.if
 --- nsaserefpolicy/policy/modules/services/sssd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/sssd.if	2009-11-13 11:16:42.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/sssd.if	2009-11-17 11:06:58.000000000 -0500
 @@ -12,12 +12,32 @@
  #
  interface(`sssd_domtrans',`
@@ -22934,9 +23239,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Send and receive messages from
  ##	sssd over dbus.
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.33/policy/modules/services/sssd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.1/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/sssd.te	2009-11-13 10:59:01.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/sssd.te	2009-11-17 11:06:58.000000000 -0500
 @@ -16,6 +16,9 @@
  type sssd_var_lib_t;
  files_type(sssd_var_lib_t)
@@ -22981,9 +23286,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	dbus_system_bus_client(sssd_t)
  	dbus_connect_system_bus(sssd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.6.33/policy/modules/services/sysstat.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.7.1/policy/modules/services/sysstat.te
 --- nsaserefpolicy/policy/modules/services/sysstat.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/sysstat.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/sysstat.te	2009-11-17 11:06:58.000000000 -0500
 @@ -19,14 +19,15 @@
  # Local policy
  #
@@ -23002,18 +23307,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
  
  # get info from /proc
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.6.33/policy/modules/services/tftp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.7.1/policy/modules/services/tftp.fc
 --- nsaserefpolicy/policy/modules/services/tftp.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/tftp.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/tftp.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -5,4 +5,4 @@
  /tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
  /tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
  
 -/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_t,s0)
 +/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_rw_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.6.33/policy/modules/services/tuned.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.1/policy/modules/services/tuned.te
 --- nsaserefpolicy/policy/modules/services/tuned.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/services/tuned.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/tuned.te	2009-11-17 11:06:58.000000000 -0500
 @@ -16,12 +16,14 @@
  type tuned_var_run_t;
  files_pid_file(tuned_var_run_t)
@@ -23030,10 +23335,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_files_pattern(tuned_t, tuned_var_run_t, tuned_var_run_t)
  files_pid_filetrans(tuned_t, tuned_var_run_t, file)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.33/policy/modules/services/uucp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.7.1/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/uucp.te	2009-11-12 14:26:53.000000000 -0500
-@@ -95,6 +95,8 @@
++++ serefpolicy-3.7.1/policy/modules/services/uucp.te	2009-11-17 11:06:58.000000000 -0500
+@@ -90,17 +90,26 @@
+ fs_getattr_xattr_fs(uucpd_t)
+ 
+ corecmd_exec_bin(uucpd_t)
++corecmd_exec_shell(uucpd_t)
+ 
+ files_read_etc_files(uucpd_t)
  files_search_home(uucpd_t)
  files_search_spool(uucpd_t)
  
@@ -23042,18 +23353,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_use_nsswitch(uucpd_t)
  
  logging_send_syslog_msg(uucpd_t)
-@@ -102,6 +104,10 @@
+ 
  miscfiles_read_localization(uucpd_t)
  
- optional_policy(`
++mta_send_mail(uucpd_t)
++
++optional_policy(`
 +	cron_system_entry(uucpd_t, uucpd_exec_t)
 +')
 +
-+optional_policy(`
+ optional_policy(`
  	kerberos_use(uucpd_t)
  ')
- 
-@@ -129,6 +135,7 @@
+@@ -129,6 +138,7 @@
  optional_policy(`
  	mta_send_mail(uux_t)
  	mta_read_queue(uux_t)
@@ -23061,9 +23373,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.33/policy/modules/services/virt.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.7.1/policy/modules/services/virt.fc
 --- nsaserefpolicy/policy/modules/services/virt.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/virt.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/virt.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -8,5 +8,18 @@
  
  /var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
@@ -23083,9 +23395,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/libvirt(/.*)?	gen_context(system_u:object_r:svirt_cache_t,s0)
 +
 +/var/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:svirt_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.33/policy/modules/services/virt.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.7.1/policy/modules/services/virt.if
 --- nsaserefpolicy/policy/modules/services/virt.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/virt.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/virt.if	2009-11-17 11:06:58.000000000 -0500
 @@ -136,7 +136,7 @@
  	')
  
@@ -23303,9 +23615,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_files_pattern($1, svirt_cache_t, svirt_cache_t)
 +	manage_lnk_files_pattern($1, svirt_cache_t, svirt_cache_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.33/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/virt.te	2009-11-13 08:13:08.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.1/policy/modules/services/virt.te
+--- nsaserefpolicy/policy/modules/services/virt.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/virt.te	2009-11-17 11:06:58.000000000 -0500
 @@ -20,6 +20,28 @@
  ## </desc>
  gen_tunable(virt_use_samba, false)
@@ -23699,9 +24011,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	virt_read_content(virt_domain)
 +	virt_stream_connect(virt_domain)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.33/policy/modules/services/w3c.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.7.1/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/w3c.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/w3c.te	2009-11-17 11:06:58.000000000 -0500
 @@ -8,11 +8,18 @@
  
  apache_content_template(w3c_validator)
@@ -23721,9 +24033,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
  corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
  corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.33/policy/modules/services/xserver.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.7.1/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/xserver.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/xserver.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -3,12 +3,19 @@
  #
  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -23814,9 +24126,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ifdef(`distro_suse',`
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.33/policy/modules/services/xserver.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.1/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2009-09-09 15:37:17.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/xserver.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/xserver.if	2009-11-17 11:06:58.000000000 -0500
 @@ -74,6 +74,12 @@
  
  	domtrans_pattern($2, iceauth_exec_t, iceauth_t)
@@ -24687,9 +24999,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow xdm_t $1:dbus send_msg;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.33/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/services/xserver.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.1/policy/modules/services/xserver.te
+--- nsaserefpolicy/policy/modules/services/xserver.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/services/xserver.te	2009-11-17 11:06:58.000000000 -0500
 @@ -34,6 +34,13 @@
  
  ## <desc>
@@ -25486,9 +25798,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -#
 -allow xdm_t user_home_type:file unlink;
 -') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.6.33/policy/modules/system/application.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.7.1/policy/modules/system/application.if
 --- nsaserefpolicy/policy/modules/system/application.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/application.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/application.if	2009-11-17 11:06:58.000000000 -0500
 @@ -2,7 +2,7 @@
  
  ########################################
@@ -25520,9 +25832,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 application_domain_type:process signull;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.33/policy/modules/system/application.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.1/policy/modules/system/application.te
 --- nsaserefpolicy/policy/modules/system/application.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/application.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/application.te	2009-11-17 11:06:58.000000000 -0500
 @@ -7,7 +7,18 @@
  # Executables to be run by user
  attribute application_exec_type;
@@ -25542,9 +25854,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	sudo_sigchld(application_domain_type)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.33/policy/modules/system/authlogin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.7.1/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/authlogin.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/authlogin.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -7,12 +7,10 @@
  /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
  /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
@@ -25570,9 +25882,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
 +/var/run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.33/policy/modules/system/authlogin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.1/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/authlogin.if	2009-11-13 11:28:07.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/authlogin.if	2009-11-17 11:06:58.000000000 -0500
 @@ -40,17 +40,76 @@
  ##	</summary>
  ## </param>
@@ -25883,9 +26195,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.33/policy/modules/system/authlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.7.1/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/authlogin.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/authlogin.te	2009-11-17 11:06:58.000000000 -0500
 @@ -103,6 +103,7 @@
  
  fs_dontaudit_getattr_xattr_fs(chkpwd_t)
@@ -25913,9 +26225,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # PAM local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.33/policy/modules/system/fstools.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.1/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/fstools.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/fstools.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -25937,9 +26249,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /sbin/parted		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partprobe		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.33/policy/modules/system/fstools.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.1/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/fstools.te	2009-11-13 07:59:52.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/fstools.te	2009-11-17 11:06:58.000000000 -0500
 @@ -118,6 +118,8 @@
  fs_search_tmpfs(fsadm_t)
  fs_getattr_tmpfs_dirs(fsadm_t)
@@ -25969,9 +26281,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xen_append_log(fsadm_t)
 +	xen_rw_image_files(fsadm_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.33/policy/modules/system/init.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.1/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/init.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/init.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -4,10 +4,10 @@
  /etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
  
@@ -25995,9 +26307,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  #
  # /var
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.33/policy/modules/system/init.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.7.1/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/system/init.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/init.if	2009-11-17 11:06:58.000000000 -0500
 @@ -162,6 +162,7 @@
  	gen_require(`
  		attribute direct_run_init, direct_init, direct_init_entry;
@@ -26252,9 +26564,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 init_t:unix_dgram_socket sendto;
 +	allow init_t $1:unix_dgram_socket sendto;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.33/policy/modules/system/init.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.1/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/system/init.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/init.te	2009-11-17 11:06:58.000000000 -0500
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart, false)
@@ -26839,9 +27151,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	fail2ban_read_lib_files(daemon)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.6.33/policy/modules/system/ipsec.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.7.1/policy/modules/system/ipsec.fc
 --- nsaserefpolicy/policy/modules/system/ipsec.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/ipsec.fc	2009-11-13 08:03:05.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/ipsec.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,3 +1,6 @@
 +/etc/rc\.d/init\.d/ipsec	--	gen_context(system_u:object_r:ipsec_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/racoon	--	gen_context(system_u:object_r:ipsec_initrc_exec_t,s0)
@@ -26859,9 +27171,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/racoon\.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
  
 -/var/run/racoon.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.6.33/policy/modules/system/ipsec.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.7.1/policy/modules/system/ipsec.if
 --- nsaserefpolicy/policy/modules/system/ipsec.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/ipsec.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/ipsec.if	2009-11-17 11:06:58.000000000 -0500
 @@ -229,3 +229,28 @@
  	ipsec_domtrans_setkey($1)
  	role $2 types setkey_t;
@@ -26891,9 +27203,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	ipsec_domtrans_racoon($1)
 +	role $2 types racoon_t;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.33/policy/modules/system/ipsec.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.1/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/ipsec.te	2009-11-13 08:03:41.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/ipsec.te	2009-11-18 16:16:02.000000000 -0500
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -27077,7 +27389,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # Setkey local policy
-@@ -347,6 +396,7 @@
+@@ -341,12 +390,15 @@
+ read_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
+ read_lnk_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
+ 
++kernel_request_load_module(setkey_t)
++
+ # allow setkey utility to set contexts on SA's and policy
+ domain_ipsec_setcontext_all_domains(setkey_t)
+ 
  files_read_etc_files(setkey_t)
  
  init_dontaudit_use_fds(setkey_t)
@@ -27085,9 +27405,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # allow setkey to set the context for ipsec SAs and policy.
  ipsec_setcontext_default_spd(setkey_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.33/policy/modules/system/iptables.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.7.1/policy/modules/system/iptables.fc
 --- nsaserefpolicy/policy/modules/system/iptables.fc	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/iptables.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/iptables.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,7 +1,16 @@
 -/sbin/ip6tables.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
 +
@@ -27109,9 +27429,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/iptables-restore 	--	gen_context(system_u:object_r:iptables_exec_t,s0)
 +/usr/sbin/iptables-multi 	--	gen_context(system_u:object_r:iptables_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.6.33/policy/modules/system/iptables.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.1/policy/modules/system/iptables.if
 --- nsaserefpolicy/policy/modules/system/iptables.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/iptables.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/iptables.if	2009-11-17 11:06:58.000000000 -0500
 @@ -19,6 +19,24 @@
  	domtrans_pattern($1, iptables_exec_t, iptables_t)
  ')
@@ -27220,9 +27540,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        manage_files_pattern($1, iptables_conf_t, iptables_conf_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.33/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/iptables.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.1/policy/modules/system/iptables.te
+--- nsaserefpolicy/policy/modules/system/iptables.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/iptables.te	2009-11-17 11:06:58.000000000 -0500
 @@ -11,6 +11,12 @@
  init_system_domain(iptables_t, iptables_exec_t)
  role system_r types iptables_t;
@@ -27284,9 +27604,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	udev_read_db(iptables_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.6.33/policy/modules/system/iscsi.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.7.1/policy/modules/system/iscsi.if
 --- nsaserefpolicy/policy/modules/system/iscsi.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/iscsi.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/iscsi.if	2009-11-17 11:06:58.000000000 -0500
 @@ -17,3 +17,43 @@
  
  	domtrans_pattern($1, iscsid_exec_t, iscsid_t)
@@ -27331,9 +27651,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	stream_connect_pattern($1,iscsi_var_lib_t,iscsi_var_lib_t,iscsid_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.33/policy/modules/system/iscsi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.1/policy/modules/system/iscsi.te
 --- nsaserefpolicy/policy/modules/system/iscsi.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/iscsi.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/iscsi.te	2009-11-17 11:06:58.000000000 -0500
 @@ -55,6 +55,7 @@
  files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
  
@@ -27357,9 +27677,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -sysnet_dns_name_resolve(iscsid_t)
 +miscfiles_read_localization(iscsid_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.6.33/policy/modules/system/kdump.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.7.1/policy/modules/system/kdump.te
 --- nsaserefpolicy/policy/modules/system/kdump.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/kdump.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/kdump.te	2009-11-17 11:06:58.000000000 -0500
 @@ -21,7 +21,7 @@
  # kdump local policy
  #
@@ -27381,9 +27701,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  term_use_console(kdump_t)
 +
 +permissive kdump_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.33/policy/modules/system/libraries.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/libraries.fc	2009-11-16 09:36:01.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/libraries.fc	2009-11-18 17:00:01.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -27433,7 +27753,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/(.*/)?java/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
-@@ -115,27 +120,37 @@
+@@ -115,27 +120,38 @@
  
  /usr/(.*/)?nvidia/.+\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -27444,6 +27764,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib64/vlc/codec/librealvideo_plugin\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/lib64/vlc/codec/libdmo_plugin\.so	   --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/lib64/vlc/codec/librealaudio_plugin\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/libtfmessbsp\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/X11R6/lib/libGL\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/lib(64)?/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -27479,7 +27800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/(local/)?.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:lib_t,s0)
  /usr/(local/)?lib(64)?/wine/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -143,11 +158,8 @@
+@@ -143,11 +159,8 @@
  /usr/NX/lib/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/NX/lib/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -27491,7 +27812,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/xorg/modules/drivers/fglrx_drv\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/drivers/nvidia_drv\.o -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -168,12 +180,12 @@
+@@ -168,12 +181,12 @@
  
  # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
  # 	HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
@@ -27506,7 +27827,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib/maxima/[^/]+/binary-gcl/maxima	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/mozilla/plugins/libvlcplugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/nx/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -185,15 +197,10 @@
+@@ -185,15 +198,10 @@
  /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libglide3\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libglide3-v[0-9]*\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -27523,7 +27844,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/libHermes\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/valgrind/hp2ps		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/valgrind/stage2		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -228,31 +235,17 @@
+@@ -228,31 +236,17 @@
  /usr/lib(64)?/ladspa/sc3_1427\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/ladspa/sc4_1882\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/ladspa/se4_1883\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -27559,7 +27880,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Jai, Sun Microsystems (Jpackage SPRM)
  /usr/lib(64)?/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -268,8 +261,8 @@
+@@ -268,8 +262,8 @@
  /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -27570,7 +27891,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Java, Sun Microsystems (JPackage SRPM)
  /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -295,6 +288,8 @@
+@@ -295,6 +289,8 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -27579,7 +27900,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ') dnl end distro_redhat
  
  #
-@@ -307,10 +302,104 @@
+@@ -307,10 +303,104 @@
  
  /var/mailman/pythonlib(/.*)?/.+\.so(\..*)? --	gen_context(system_u:object_r:lib_t,s0)
  
@@ -27684,9 +28005,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.6.33/policy/modules/system/libraries.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.1/policy/modules/system/libraries.if
 --- nsaserefpolicy/policy/modules/system/libraries.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/libraries.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/libraries.if	2009-11-17 11:06:58.000000000 -0500
 @@ -17,6 +17,7 @@
  
  	corecmd_search_bin($1)
@@ -27713,9 +28034,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1 lib_t:dir list_dir_perms;
  	read_lnk_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
  	mmap_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.33/policy/modules/system/libraries.te
---- nsaserefpolicy/policy/modules/system/libraries.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/modules/system/libraries.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.1/policy/modules/system/libraries.te
+--- nsaserefpolicy/policy/modules/system/libraries.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/libraries.te	2009-11-17 11:06:58.000000000 -0500
 @@ -58,11 +58,11 @@
  # ldconfig local policy
  #
@@ -27777,9 +28098,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	unconfined_domain(ldconfig_t) 
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.33/policy/modules/system/locallogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.1/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/locallogin.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/locallogin.te	2009-11-17 11:06:58.000000000 -0500
 @@ -33,7 +33,7 @@
  # Local login local policy
  #
@@ -27868,9 +28189,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -optional_policy(`
 -	nscd_socket_use(sulogin_t)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.33/policy/modules/system/logging.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.7.1/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/logging.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/logging.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -51,17 +51,21 @@
  
  ifdef(`distro_redhat',`
@@ -27897,9 +28218,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /var/tinydns/log/main(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.33/policy/modules/system/logging.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.7.1/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/logging.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/logging.if	2009-11-17 11:06:58.000000000 -0500
 @@ -69,6 +69,20 @@
  
  ########################################
@@ -27939,9 +28260,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.33/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/logging.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.1/policy/modules/system/logging.te
+--- nsaserefpolicy/policy/modules/system/logging.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/logging.te	2009-11-17 11:06:58.000000000 -0500
 @@ -123,10 +123,10 @@
  
  allow auditd_t self:capability { chown fsetid sys_nice sys_resource };
@@ -28049,9 +28370,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	inn_manage_log(syslogd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.6.33/policy/modules/system/lvm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.7.1/policy/modules/system/lvm.if
 --- nsaserefpolicy/policy/modules/system/lvm.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/lvm.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/lvm.if	2009-11-17 11:06:58.000000000 -0500
 @@ -21,6 +21,26 @@
  
  ########################################
@@ -28102,9 +28423,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        corecmd_search_bin($1)
 +        domtrans_pattern($1,clvmd_exec_t,clvmd_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.33/policy/modules/system/lvm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.7.1/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/lvm.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/lvm.te	2009-11-17 11:06:58.000000000 -0500
 @@ -10,6 +10,9 @@
  type clvmd_exec_t;
  init_daemon_domain(clvmd_t, clvmd_exec_t)
@@ -28224,18 +28545,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xen_append_log(lvm_t)
  	xen_dontaudit_rw_unix_stream_sockets(lvm_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.6.33/policy/modules/system/miscfiles.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.7.1/policy/modules/system/miscfiles.fc
 --- nsaserefpolicy/policy/modules/system/miscfiles.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/miscfiles.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/miscfiles.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -85,3 +85,5 @@
  /var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
  /var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
  ')
 +
 +HOME_DIR/\.cert(/.*)?		gen_context(system_u:object_r:home_cert_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.33/policy/modules/system/miscfiles.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.1/policy/modules/system/miscfiles.if
 --- nsaserefpolicy/policy/modules/system/miscfiles.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/miscfiles.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/miscfiles.if	2009-11-17 11:06:58.000000000 -0500
 @@ -23,6 +23,28 @@
  
  ########################################
@@ -28344,9 +28665,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.6.33/policy/modules/system/miscfiles.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.7.1/policy/modules/system/miscfiles.te
 --- nsaserefpolicy/policy/modules/system/miscfiles.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/miscfiles.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/miscfiles.te	2009-11-17 11:06:58.000000000 -0500
 @@ -12,6 +12,9 @@
  type cert_t;
  files_type(cert_t)
@@ -28357,9 +28678,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  # fonts_t is the type of various font
  # files in /usr
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.fc serefpolicy-3.6.33/policy/modules/system/modutils.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.fc serefpolicy-3.7.1/policy/modules/system/modutils.fc
 --- nsaserefpolicy/policy/modules/system/modutils.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/modutils.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/modutils.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,6 +1,7 @@
  
  /etc/modules\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
@@ -28368,9 +28689,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ifdef(`distro_gentoo',`
  # gentoo init scripts still manage this file
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.6.33/policy/modules/system/modutils.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.7.1/policy/modules/system/modutils.if
 --- nsaserefpolicy/policy/modules/system/modutils.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/modutils.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/modutils.if	2009-11-17 11:06:58.000000000 -0500
 @@ -1,5 +1,24 @@
  ## <summary>Policy for kernel module utilities</summary>
  
@@ -28444,9 +28765,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.33/policy/modules/system/modutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.7.1/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/modutils.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/modutils.te	2009-11-17 11:06:58.000000000 -0500
 @@ -19,6 +19,7 @@
  type insmod_exec_t;
  application_domain(insmod_t, insmod_exec_t)
@@ -28613,9 +28934,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_kernel_modules_filetrans(update_modules_t, modules_conf_t, file)
  files_etc_filetrans(update_modules_t, modules_conf_t, file)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.33/policy/modules/system/mount.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.7.1/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/mount.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/mount.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,4 +1,9 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -28627,9 +28948,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/cache/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 +/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.33/policy/modules/system/mount.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.1/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/mount.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/mount.if	2009-11-17 11:06:58.000000000 -0500
 @@ -84,9 +84,11 @@
  interface(`mount_signal',`
  	gen_require(`
@@ -28642,9 +28963,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.33/policy/modules/system/mount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.7.1/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/mount.te	2009-11-13 07:48:55.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/mount.te	2009-11-17 11:06:58.000000000 -0500
 @@ -18,8 +18,12 @@
  init_system_domain(mount_t, mount_exec_t)
  role system_r types mount_t;
@@ -28851,18 +29172,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	rpc_domtrans_rpcd(unconfined_mount_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.fc serefpolicy-3.6.33/policy/modules/system/raid.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.fc serefpolicy-3.7.1/policy/modules/system/raid.fc
 --- nsaserefpolicy/policy/modules/system/raid.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/raid.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/raid.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -3,3 +3,5 @@
  /sbin/mdmpd		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
  
  /var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0)
 +
 +/dev/.mdadm.map		--	gen_context(system_u:object_r:mdadm_map_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.33/policy/modules/system/raid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.7.1/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/raid.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/raid.te	2009-11-17 11:06:58.000000000 -0500
 @@ -14,6 +14,9 @@
  type mdadm_var_run_t;
  files_pid_file(mdadm_var_run_t)
@@ -28890,9 +29211,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  fs_search_auto_mountpoints(mdadm_t)
  fs_dontaudit_list_tmpfs(mdadm_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.33/policy/modules/system/selinuxutil.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.7.1/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/selinuxutil.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/selinuxutil.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -6,13 +6,13 @@
  /etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
  /etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
@@ -28932,9 +29253,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/etc/share/selinux/targeted(/.*)?	gen_context(system_u:object_r:semanage_store_t,s0)
 +/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.33/policy/modules/system/selinuxutil.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.1/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/selinuxutil.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/selinuxutil.if	2009-11-17 11:06:58.000000000 -0500
 @@ -351,6 +351,27 @@
  
  ########################################
@@ -29290,9 +29611,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hotplug_use_fds($1)
 +')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.33/policy/modules/system/selinuxutil.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.1/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/selinuxutil.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/selinuxutil.te	2009-11-17 11:06:58.000000000 -0500
 @@ -23,6 +23,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -29667,9 +29988,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	hotplug_use_fds(setfiles_t)
 +	unconfined_domain(setfiles_mac_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.33/policy/modules/system/setrans.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.7.1/policy/modules/system/setrans.if
 --- nsaserefpolicy/policy/modules/system/setrans.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/setrans.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/setrans.if	2009-11-17 11:06:58.000000000 -0500
 @@ -21,3 +21,23 @@
  	stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t)
  	files_list_pids($1)
@@ -29694,9 +30015,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	init_labeled_script_domtrans($1, setrans_initrc_exec_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.33/policy/modules/system/sysnetwork.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.7.1/policy/modules/system/sysnetwork.fc
 --- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/sysnetwork.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/sysnetwork.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -11,15 +11,20 @@
  /etc/dhclient-script	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
  /etc/dhcpc.*			gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -29725,9 +30046,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 +
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.33/policy/modules/system/sysnetwork.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.1/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/sysnetwork.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/sysnetwork.if	2009-11-17 11:06:58.000000000 -0500
 @@ -43,6 +43,39 @@
  
  	sysnet_domtrans_dhcpc($1)
@@ -29905,9 +30226,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	role_transition $1 dhcpc_exec_t system_r;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.33/policy/modules/system/sysnetwork.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.1/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/sysnetwork.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/sysnetwork.te	2009-11-17 11:06:58.000000000 -0500
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t, dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -30120,9 +30441,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hal_dontaudit_rw_pipes(ifconfig_t)
 +	hal_dontaudit_rw_dgram_sockets(ifconfig_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.33/policy/modules/system/udev.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.7.1/policy/modules/system/udev.fc
 --- nsaserefpolicy/policy/modules/system/udev.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/udev.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/udev.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -7,6 +7,9 @@
  /etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
  
@@ -30133,9 +30454,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /sbin/start_udev --	gen_context(system_u:object_r:udev_exec_t,s0)
  /sbin/udev	--	gen_context(system_u:object_r:udev_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.6.33/policy/modules/system/udev.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.7.1/policy/modules/system/udev.if
 --- nsaserefpolicy/policy/modules/system/udev.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/udev.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/udev.if	2009-11-17 11:06:58.000000000 -0500
 @@ -168,4 +168,43 @@
  
  	dev_list_all_dev_nodes($1)
@@ -30180,9 +30501,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 udev_t:process signal;
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.33/policy/modules/system/udev.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.1/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/udev.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/udev.te	2009-11-17 11:06:58.000000000 -0500
 @@ -50,6 +50,7 @@
  allow udev_t self:unix_stream_socket connectto;
  allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -30296,9 +30617,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_write_xen_state(udev_t)
  	kernel_read_xen_state(udev_t)
  	xen_manage_log(udev_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.33/policy/modules/system/unconfined.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.7.1/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/unconfined.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/unconfined.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,16 +1 @@
  # Add programs here which should not be confined by SELinux
 -# e.g.:
@@ -30316,9 +30637,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -ifdef(`distro_gentoo',`
 -/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.33/policy/modules/system/unconfined.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.1/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/unconfined.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/unconfined.if	2009-11-17 11:06:58.000000000 -0500
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -30822,9 +31143,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -
 -	allow $1 unconfined_t:dbus acquire_svc;
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.33/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/unconfined.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.7.1/policy/modules/system/unconfined.te
+--- nsaserefpolicy/policy/modules/system/unconfined.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/unconfined.te	2009-11-17 11:08:37.000000000 -0500
 @@ -5,227 +5,5 @@
  #
  # Declarations
@@ -31054,9 +31375,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -		hal_dbus_chat(unconfined_execmem_t)
 -	')
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.33/policy/modules/system/userdomain.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.7.1/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/userdomain.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/userdomain.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,4 +1,8 @@
  HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
 +HOME_DIR	-l	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -31067,9 +31388,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/dev/shm/pulse-shm.*	gen_context(system_u:object_r:user_tmpfs_t,s0)
 +/dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.33/policy/modules/system/userdomain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/userdomain.if	2009-11-16 11:06:05.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/userdomain.if	2009-11-18 10:28:50.000000000 -0500
 @@ -30,8 +30,9 @@
  	')
  
@@ -33124,7 +33445,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +interface(`userdom_manage_user_home_content',`
 +	gen_require(`
-+		type user_home_dir_t;
++		type user_home_dir_t, user_home_t;
 +		attribute user_home_type;
 +	')
 +
@@ -33347,9 +33668,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 user_tmp_t:file { getattr append };
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.33/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/userdomain.te	2009-11-12 14:26:53.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.7.1/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/userdomain.te	2009-11-17 11:06:58.000000000 -0500
 @@ -8,13 +8,6 @@
  
  ## <desc>
@@ -33434,9 +33755,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +allow userdomain userdomain:process signull;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.33/policy/modules/system/xen.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.7.1/policy/modules/system/xen.fc
 --- nsaserefpolicy/policy/modules/system/xen.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/xen.fc	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/xen.fc	2009-11-17 11:06:58.000000000 -0500
 @@ -1,5 +1,7 @@
  /dev/xen/tapctrl.*	-p	gen_context(system_u:object_r:xenctl_t,s0)
  
@@ -33464,9 +33785,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/xenstore\.pid	--	gen_context(system_u:object_r:xenstored_var_run_t,s0)
  /var/run/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_run_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.33/policy/modules/system/xen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.7.1/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/xen.if	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/xen.if	2009-11-17 11:06:58.000000000 -0500
 @@ -71,6 +71,8 @@
  	')
  
@@ -33517,9 +33838,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 xend_var_lib_t:dir search_dir_perms;
 +	rw_files_pattern($1, xen_image_t, xen_image_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.33/policy/modules/system/xen.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.7.1/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.33/policy/modules/system/xen.te	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/modules/system/xen.te	2009-11-17 11:06:58.000000000 -0500
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -33817,9 +34138,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +manage_sock_files_pattern(evtchnd_t,evtchnd_var_run_t,evtchnd_var_run_t)
 +files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir })
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.33/policy/support/obj_perm_sets.spt
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.1/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.6.33/policy/support/obj_perm_sets.spt	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/support/obj_perm_sets.spt	2009-11-17 11:06:58.000000000 -0500
 @@ -201,7 +201,7 @@
  define(`setattr_file_perms',`{ setattr }')
  define(`read_file_perms',`{ getattr open read lock ioctl }')
@@ -33852,9 +34173,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
 +
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.33/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.7.1/policy/users
 --- nsaserefpolicy/policy/users	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.33/policy/users	2009-11-12 14:26:53.000000000 -0500
++++ serefpolicy-3.7.1/policy/users	2009-11-17 11:06:58.000000000 -0500
 @@ -25,11 +25,8 @@
  # permit any access to such users, then remove this entry.
  #
@@ -33879,3 +34200,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 -')
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/VERSION serefpolicy-3.7.1/VERSION
+--- nsaserefpolicy/VERSION	2009-11-17 10:54:26.000000000 -0500
++++ serefpolicy-3.7.1/VERSION	2009-11-17 11:06:58.000000000 -0500
+@@ -1 +1 @@
+-2.20091117
++2.20090730
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6a64b71..452d7af 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.6.33
+Version: 3.7.1
 Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
@@ -187,7 +187,7 @@ fi;
 
 %description
 SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision  2.20090730
+Based off of reference policy: Checked out revision  2.20091117
 
 %build
 
@@ -449,6 +449,12 @@ exit 0
 %endif
 
 %changelog
+* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 3.7.1-1
+- Update to upstream release 2.20091117
+
+* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 3.6.33-2
+- Fixup nut policy
+
 * Thu Nov 12 2009 Dan Walsh <dwalsh@redhat.com> 3.6.33-1
 - Update to upstream
 
diff --git a/sources b/sources
index 3e8fe50..bad52c6 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 3651679c4b12a31d2ba5f4305bba5540  config.tgz
-e82cab8a9681ae7851aec03029f68285  serefpolicy-3.6.33.tgz
+e6bfc4fb384c2ff376951bd9fc6e1411  serefpolicy-3.7.1.tgz