diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 6542902..6067b85 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -106,8 +106,8 @@ sysnet_etc_filetrans_config(vpnc_t)
sysnet_manage_config(vpnc_t)
userdom_use_all_users_fds(vpnc_t)
-userdom_dontaudit_search_user_home_content(vpnc_t)
userdom_read_home_certs(vpnc_t)
+userdom_search_admin_dir(vpnc_t)
optional_policy(`
dbus_system_bus_client(vpnc_t)
diff --git a/policy/modules/apps/mediawiki.fc b/policy/modules/apps/mediawiki.fc
new file mode 100644
index 0000000..bf872ef
--- /dev/null
+++ b/policy/modules/apps/mediawiki.fc
@@ -0,0 +1,10 @@
+
+/usr/lib(64)?/mediawiki/math/texvc -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
+/usr/lib(64)?/mediawiki/math/texvc_tex -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
+/usr/lib(64)?/mediawiki/math/texvc_tes -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
+
+/var/www/wiki(/.*)? gen_context(system_u:object_r:httpd_mediawiki_rw_content_t,s0)
+
+/var/www/wiki/.*\.php -- gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
+
+/usr/share/mediawiki(/.*)? gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
diff --git a/policy/modules/apps/mediawiki.if b/policy/modules/apps/mediawiki.if
new file mode 100644
index 0000000..1c1d012
--- /dev/null
+++ b/policy/modules/apps/mediawiki.if
@@ -0,0 +1,40 @@
+## Mediawiki policy
+
+#######################################
+##
+## Allow the specified domain to read
+## mediawiki tmp files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mediawiki_read_tmp_files',`
+ gen_require(`
+ type httpd_mediawiki_tmp_t;
+ ')
+
+ files_search_tmp($1)
+ read_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+ read_lnk_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+')
+
+#######################################
+##
+## Delete mediawiki tmp files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mediawiki_delete_tmp_files',`
+ gen_require(`
+ type httpd_mediawiki_tmp_t;
+ ')
+
+ delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+')
diff --git a/policy/modules/apps/mediawiki.te b/policy/modules/apps/mediawiki.te
new file mode 100644
index 0000000..b7f569d
--- /dev/null
+++ b/policy/modules/apps/mediawiki.te
@@ -0,0 +1,35 @@
+
+policy_module(mediawiki, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+apache_content_template(mediawiki)
+
+type httpd_mediawiki_tmp_t;
+files_tmp_file(httpd_mediawiki_tmp_t)
+
+permissive httpd_mediawiki_script_t;
+
+########################################
+#
+# mediawiki local policy
+#
+
+manage_dirs_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+manage_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+manage_lnk_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+files_tmp_filetrans(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, { file dir lnk_file })
+
+files_search_var_lib(httpd_mediawiki_script_t)
+
+userdom_read_user_tmp_files(httpd_mediawiki_script_t)
+
+miscfiles_read_tetex_data(httpd_mediawiki_script_t)
+
+optional_policy(`
+ apache_dontaudit_rw_tmp_files(httpd_mediawiki_script_t)
+')
+
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 46af2a4..217bd0d 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -273,6 +273,7 @@ ifdef(`distro_gentoo',`
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
+/usr/share/texmf/texconfig/tcfmgr -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/vhostmd/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 1a47bdc..410ff39 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -719,6 +719,11 @@ optional_policy(`
')
optional_policy(`
+ mediawiki_read_tmp_files(httpd_t)
+ mediawiki_delete_tmp_files(httpd_t)
+')
+
+optional_policy(`
# Allow httpd to work with mysql
mysql_read_config(httpd_t)
mysql_stream_connect(httpd_t)