diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index 9f442ff..f2994aa 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -269,8 +269,8 @@ allow_qemu_full_network=true
 
 # Allow nsplugin execmem/execstack for bad plugins
 # 
-allow_nsplugin_execmem=false
+allow_nsplugin_execmem=true
 
 # Allow unconfined domain to transition to confined domain
 # 
-allow_unconfined_nsplugin_transition=true
+allow_unconfined_nsplugin_transition=false
diff --git a/policy-20071130.patch b/policy-20071130.patch
index bd5aa49..ecc369f 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -2794,7 +2794,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.3.1/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2008-02-19 17:24:26.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te	2008-04-04 12:06:55.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te	2008-04-08 09:10:03.000000000 -0400
 @@ -97,6 +97,7 @@
  
  # allow checking if a shell is executable
@@ -2827,7 +2827,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  
  libs_use_ld_so(passwd_t)
  libs_use_shared_libs(passwd_t)
-@@ -503,6 +507,7 @@
+@@ -334,6 +338,7 @@
+ # user generally runs this from their home directory, so do not audit a search
+ # on user home dir
+ userdom_dontaudit_search_all_users_home_content(passwd_t)
++userdom_unpriv_users_stream_connect(passwd_t)
+ 
+ optional_policy(`
+ 	nscd_domtrans(passwd_t)
+@@ -503,6 +508,7 @@
  userdom_use_unpriv_users_fds(useradd_t)
  # for when /root is the cwd
  userdom_dontaudit_search_sysadm_home_dirs(useradd_t)
@@ -2835,7 +2843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  # Add/remove user home directories
  userdom_home_filetrans_generic_user_home_dir(useradd_t)
  userdom_manage_all_users_home_content_dirs(useradd_t)
-@@ -525,6 +530,12 @@
+@@ -525,6 +531,12 @@
  ')
  
  optional_policy(`
@@ -5207,8 +5215,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +HOME_DIR/\.local.*			gen_context(system_u:object_r:user_nsplugin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2008-04-05 07:58:19.000000000 -0400
-@@ -0,0 +1,352 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2008-04-08 13:32:39.000000000 -0400
+@@ -0,0 +1,353 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@@ -5376,6 +5384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +	dontaudit nsplugin_t $2:tcp_socket rw_socket_perms;
 +	dontaudit nsplugin_t $2:udp_socket rw_socket_perms;
 +	dontaudit nsplugin_t $2:unix_stream_socket rw_socket_perms;
++	dontaudit nsplugin_t $2:unix_dgram_socket rw_socket_perms;
 +	dontaudit nsplugin_config_t $2:tcp_socket rw_socket_perms;
 +	dontaudit nsplugin_config_t $2:udp_socket rw_socket_perms;
 +	dontaudit nsplugin_config_t $2:unix_stream_socket rw_socket_perms;
@@ -5563,8 +5572,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-04-06 06:06:06.000000000 -0400
-@@ -0,0 +1,187 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-04-08 13:28:42.000000000 -0400
+@@ -0,0 +1,188 @@
 +
 +policy_module(nsplugin,1.0.0)
 +
@@ -5630,6 +5639,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +corenet_all_recvfrom_unlabeled(nsplugin_t)
 +corenet_all_recvfrom_netlabel(nsplugin_t)
 +corenet_tcp_connect_flash_port(nsplugin_t)
++corenet_tcp_connect_pulseaudio_port(nsplugin_t)
 +corenet_tcp_connect_http_port(nsplugin_t)
 +corenet_tcp_sendrecv_generic_if(nsplugin_t)
 +corenet_tcp_sendrecv_all_nodes(nsplugin_t)
@@ -6723,7 +6733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-02-01 09:12:53.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-04-05 15:02:25.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-04-08 13:28:17.000000000 -0400
 @@ -75,6 +75,7 @@
  network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0) 
  network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
@@ -6765,10 +6775,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
  portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
  network_port(nessus, tcp,1241,s0)
-@@ -133,10 +139,12 @@
+@@ -133,10 +139,13 @@
  network_port(pegasus_http, tcp,5988,s0)
  network_port(pegasus_https, tcp,5989,s0)
  network_port(postfix_policyd, tcp,10031,s0)
++network_port(pulseaudio, tcp,4713,s0)
 +network_port(pgpkeyserver, udp, 11371,s0, tcp,11371,s0)
  network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
  network_port(portmap, udp,111,s0, tcp,111,s0)
@@ -6778,7 +6789,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pxe, udp,4011,s0)
-@@ -148,11 +156,11 @@
+@@ -148,11 +157,11 @@
  network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
  network_port(rlogind, tcp,513,s0)
  network_port(rndc, tcp,953,s0)
@@ -6792,7 +6803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
  network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
  network_port(spamd, tcp,783,s0)
-@@ -170,7 +178,12 @@
+@@ -170,7 +179,12 @@
  network_port(transproxy, tcp,8081,s0)
  type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
  network_port(uucpd, tcp,540,s0)
@@ -7382,13 +7393,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +dontaudit can_change_object_identity can_change_object_identity:key link;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.3.1/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.fc	2008-04-07 21:39:29.000000000 -0400
-@@ -31,7 +31,7 @@
- /boot/\.journal			<<none>>
++++ serefpolicy-3.3.1/policy/modules/kernel/files.fc	2008-04-08 13:17:18.000000000 -0400
+@@ -32,6 +32,7 @@
  /boot/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
  /boot/lost\+found/.*		<<none>>
--/boot/System\.map(-.*)?	--	gen_context(system_u:object_r:system_map_t,s0)
-+/boot(/.*)?/System\.map(-.*)?	--	gen_context(system_u:object_r:system_map_t,s0)
+ /boot/System\.map(-.*)?	--	gen_context(system_u:object_r:system_map_t,s0)
++/boot/efi(/.*)?/System\.map(-.*)?	--	gen_context(system_u:object_r:system_map_t,s0)
  
  #
  # /emul
@@ -10993,7 +11003,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.3.1/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.te	2008-04-07 22:36:44.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.te	2008-04-08 10:52:26.000000000 -0400
 @@ -13,6 +13,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -11033,7 +11043,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  # needs to read /var/lib/dbus/machine-id
  files_read_var_lib_files(consolekit_t)
  
-@@ -47,16 +57,37 @@
+@@ -47,23 +57,72 @@
  
  auth_use_nsswitch(consolekit_t)
  
@@ -11074,19 +11084,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  
  	optional_policy(`
  		unconfined_dbus_chat(consolekit_t)
-@@ -64,6 +95,33 @@
+ 	')
  ')
  
- optional_policy(`
++polkit_read_lib(consolekit_t)
++
++optional_policy(`
 +	polkit_domtrans_auth(consolekit_t)
-+	polkit_read_lib(consolekit_t)
 +')
 +
-+optional_policy(`
+ optional_policy(`
  	xserver_read_all_users_xauth(consolekit_t)
  	xserver_stream_connect_xdm_xserver(consolekit_t)
 +	xserver_ptrace_xdm(consolekit_t)
- ')
++')
 +
 +optional_policy(`
 +	#reading .Xauthity
@@ -11101,7 +11112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +tunable_policy(`use_nfs_home_dirs',`
 +	fs_dontaudit_list_nfs(consolekit_t)
 +	fs_dontaudit_rw_nfs_files(consolekit_t)
-+')
+ ')
 +
 +tunable_policy(`use_samba_home_dirs',`
 +	fs_dontaudit_list_cifs(consolekit_t)
@@ -11928,7 +11939,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.3.1/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/cups.te	2008-04-04 12:06:55.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cups.te	2008-04-08 11:43:01.000000000 -0400
 @@ -43,14 +43,13 @@
  
  type cupsd_var_run_t;
@@ -12073,7 +12084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  files_list_world_readable(cupsd_t)
  files_read_world_readable_files(cupsd_t)
  files_read_world_readable_symlinks(cupsd_t)
-@@ -195,15 +219,15 @@
+@@ -195,15 +219,16 @@
  files_read_var_symlinks(cupsd_t)
  # for /etc/printcap
  files_dontaudit_write_etc_files(cupsd_t)
@@ -12086,6 +12097,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +selinux_validate_context(cupsd_t)
  
  init_exec_script_files(cupsd_t)
++init_read_utmp(cupsd_t)
  
 +auth_domtrans_chk_passwd(cupsd_t)
 +auth_dontaudit_read_pam_pid(cupsd_t)
@@ -12093,7 +12105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  auth_use_nsswitch(cupsd_t)
  
  libs_use_ld_so(cupsd_t)
-@@ -219,17 +243,22 @@
+@@ -219,17 +244,22 @@
  miscfiles_read_fonts(cupsd_t)
  
  seutil_read_config(cupsd_t)
@@ -12118,7 +12130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  ')
  
  optional_policy(`
-@@ -242,12 +271,21 @@
+@@ -242,12 +272,21 @@
  
  optional_policy(`
  	dbus_system_bus_client_template(cupsd,cupsd_t)
@@ -12140,7 +12152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  ')
  
  optional_policy(`
-@@ -263,6 +301,10 @@
+@@ -263,6 +302,10 @@
  ')
  
  optional_policy(`
@@ -12151,7 +12163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	# cups execs smbtool which reads samba_etc_t files
  	samba_read_config(cupsd_t)
  	samba_rw_var_files(cupsd_t)
-@@ -326,6 +368,7 @@
+@@ -326,6 +369,7 @@
  dev_read_sysfs(cupsd_config_t)
  dev_read_urand(cupsd_config_t)
  dev_read_rand(cupsd_config_t)
@@ -12159,7 +12171,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  fs_getattr_all_fs(cupsd_config_t)
  fs_search_auto_mountpoints(cupsd_config_t)
-@@ -353,6 +396,7 @@
+@@ -353,6 +397,7 @@
  logging_send_syslog_msg(cupsd_config_t)
  
  miscfiles_read_localization(cupsd_config_t)
@@ -12167,7 +12179,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  seutil_dontaudit_search_config(cupsd_config_t)
  
-@@ -372,6 +416,10 @@
+@@ -372,6 +417,10 @@
  ')
  
  optional_policy(`
@@ -12178,7 +12190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
  ')
  
-@@ -387,6 +435,7 @@
+@@ -387,6 +436,7 @@
  optional_policy(`
  	hal_domtrans(cupsd_config_t)
  	hal_read_tmp_files(cupsd_config_t)
@@ -12186,7 +12198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  ')
  
  optional_policy(`
-@@ -499,15 +548,10 @@
+@@ -499,15 +549,10 @@
  allow hplip_t self:udp_socket create_socket_perms;
  allow hplip_t self:rawip_socket create_socket_perms;
  
@@ -12203,7 +12215,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
  files_pid_filetrans(hplip_t,hplip_var_run_t,file)
  
-@@ -537,14 +581,14 @@
+@@ -537,14 +582,14 @@
  dev_read_urand(hplip_t)
  dev_read_rand(hplip_t)
  dev_rw_generic_usb_dev(hplip_t)
@@ -12220,7 +12232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  domain_use_interactive_fds(hplip_t)
  
  files_read_etc_files(hplip_t)
-@@ -564,7 +608,8 @@
+@@ -564,7 +609,8 @@
  userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
  userdom_dontaudit_search_all_users_home_content(hplip_t)
  
@@ -12230,7 +12242,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  optional_policy(`
  	seutil_sigchld_newrole(hplip_t)
-@@ -645,3 +690,37 @@
+@@ -645,3 +691,39 @@
  optional_policy(`
  	udev_read_db(ptal_t)
  ')
@@ -12268,6 +12280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +userdom_manage_generic_user_home_content_files(cups_pdf_t)
 +
 +lpd_manage_spool(cups_pdf_t)
++
++rw_files_pattern(cups_pdf_t, cupsd_log_t, cupsd_log_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.3.1/policy/modules/services/cvs.if
 --- nsaserefpolicy/policy/modules/services/cvs.if	2007-01-02 12:57:43.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/cvs.if	2008-04-04 12:06:55.000000000 -0400
@@ -16394,7 +16408,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-04-04 12:06:55.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-04-08 10:11:15.000000000 -0400
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -16463,15 +16477,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ')
  
  optional_policy(`
-@@ -73,6 +95,7 @@
+@@ -73,7 +95,9 @@
  
  optional_policy(`
  	cron_read_system_job_tmp_files(system_mail_t)
 +	cron_read_tmp_files(system_mail_t)
  	cron_dontaudit_write_pipes(system_mail_t)
++	cron_dontaudit_write_system_job_tmp_files(system_mail_t)
  ')
  
-@@ -81,6 +104,11 @@
+ optional_policy(`
+@@ -81,6 +105,11 @@
  ')
  
  optional_policy(`
@@ -16483,7 +16499,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  	logrotate_read_tmp_files(system_mail_t)
  ')
  
-@@ -136,11 +164,38 @@
+@@ -136,11 +165,38 @@
  ')
  
  optional_policy(`
@@ -16523,7 +16539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  optional_policy(`
  	# why is mail delivered to a directory of type arpwatch_data_t?
  	arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +209,4 @@
+@@ -154,3 +210,4 @@
  		cron_read_system_job_tmp_files(mta_user_agent)
  	')
  ')
@@ -17161,7 +17177,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-04-07 14:54:21.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-04-08 14:34:18.000000000 -0400
 @@ -13,6 +13,13 @@
  type NetworkManager_var_run_t;
  files_pid_file(NetworkManager_var_run_t)
@@ -17223,7 +17239,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  libs_use_ld_so(NetworkManager_t)
  libs_use_shared_libs(NetworkManager_t)
  
-@@ -129,21 +144,21 @@
+@@ -113,6 +128,7 @@
+ userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
+ # Read gnome-keyring
+ userdom_read_unpriv_users_home_content_files(NetworkManager_t)
++userdom_unpriv_users_stream_connect(NetworkManager_t)
+ 
+ optional_policy(`
+ 	bind_domtrans(NetworkManager_t)
+@@ -129,21 +145,21 @@
  ')
  
  optional_policy(`
@@ -17250,7 +17274,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -155,19 +170,20 @@
+@@ -155,19 +171,20 @@
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
@@ -19532,7 +19556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.3.1/policy/modules/services/privoxy.fc
 --- nsaserefpolicy/policy/modules/services/privoxy.fc	2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc	2008-04-04 12:06:55.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc	2008-04-08 10:04:40.000000000 -0400
 @@ -1,6 +1,10 @@
  
  /etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -28208,7 +28232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
 +/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.3.1/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.te	2008-04-04 12:06:56.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/lvm.te	2008-04-08 14:25:58.000000000 -0400
 @@ -44,9 +44,9 @@
  # Cluster LVM daemon local policy
  #
@@ -28269,7 +28293,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  userdom_dontaudit_use_unpriv_user_fds(clvmd_t)
  userdom_dontaudit_search_sysadm_home_dirs(clvmd_t)
-@@ -146,17 +159,19 @@
+@@ -136,6 +149,14 @@
+ ')
+ 
+ optional_policy(`
++	unconfined_domain(clvmd_t)
++')
++
++optional_policy(`
++	unconfined_domain(lvm_t)
++')
++
++optional_policy(`
+ 	udev_read_db(clvmd_t)
+ ')
+ 
+@@ -146,17 +167,19 @@
  
  # DAC overrides and mknod for modifying /dev entries (vgmknodes)
  # rawio needed for dmraid
@@ -28292,7 +28331,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  manage_dirs_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
  manage_files_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
-@@ -188,6 +203,7 @@
+@@ -188,6 +211,7 @@
  manage_files_pattern(lvm_t,lvm_metadata_t,lvm_metadata_t)
  filetrans_pattern(lvm_t,lvm_etc_t,lvm_metadata_t,file)
  files_etc_filetrans(lvm_t,lvm_metadata_t,file)
@@ -28300,7 +28339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  kernel_read_system_state(lvm_t)
  kernel_read_kernel_sysctls(lvm_t)
-@@ -204,7 +220,6 @@
+@@ -204,7 +228,6 @@
  selinux_compute_user_contexts(lvm_t)
  
  dev_create_generic_chr_files(lvm_t)
@@ -28308,7 +28347,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  dev_read_rand(lvm_t)
  dev_read_urand(lvm_t)
  dev_rw_lvm_control(lvm_t)
-@@ -224,6 +239,8 @@
+@@ -224,6 +247,8 @@
  dev_dontaudit_getattr_generic_blk_files(lvm_t)
  dev_dontaudit_getattr_generic_pipes(lvm_t)
  dev_create_generic_dirs(lvm_t)
@@ -28317,7 +28356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  fs_getattr_xattr_fs(lvm_t)
  fs_search_auto_mountpoints(lvm_t)
-@@ -242,6 +259,7 @@
+@@ -242,6 +267,7 @@
  storage_dev_filetrans_fixed_disk(lvm_t)
  # Access raw devices and old /dev/lvm (c 109,0).  Is this needed?
  storage_manage_fixed_disk(lvm_t)
@@ -28325,7 +28364,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  term_getattr_all_user_ttys(lvm_t)
  term_list_ptys(lvm_t)
-@@ -250,6 +268,7 @@
+@@ -250,6 +276,7 @@
  
  domain_use_interactive_fds(lvm_t)
  
@@ -28333,7 +28372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  files_read_etc_files(lvm_t)
  files_read_etc_runtime_files(lvm_t)
  # for when /usr is not mounted:
-@@ -271,6 +290,8 @@
+@@ -271,6 +298,8 @@
  seutil_search_default_contexts(lvm_t)
  seutil_sigchld_newrole(lvm_t)
  
@@ -28342,7 +28381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  ifdef(`distro_redhat',`
  	# this is from the initrd:
  	files_rw_isid_type_dirs(lvm_t)
-@@ -289,5 +310,18 @@
+@@ -289,5 +318,18 @@
  ')
  
  optional_policy(`
@@ -28474,7 +28513,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.3.1/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2008-02-06 10:33:22.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.te	2008-04-04 12:06:56.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/modutils.te	2008-04-08 14:30:44.000000000 -0400
 @@ -22,6 +22,8 @@
  type insmod_exec_t;
  application_domain(insmod_t,insmod_exec_t)
@@ -28600,12 +28639,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  ifdef(`distro_ubuntu',`
  	optional_policy(`
  		unconfined_domain(depmod_t)
-@@ -219,11 +243,12 @@
+@@ -219,11 +243,13 @@
  
  optional_policy(`
  	# Read System.map from home directories.
 -	unconfined_read_home_content_files(depmod_t)
 +	unconfined_dontaudit_use_terminals(depmod_t)
++	unconfined_domain(depmod_t)
  ')
  
  optional_policy(`
@@ -30756,7 +30796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-15 09:52:56.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-04-07 22:54:48.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-04-08 14:33:30.000000000 -0400
 @@ -29,9 +29,14 @@
  	')
  
@@ -31589,7 +31629,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_base_user_template($1)
  
  	userdom_manage_home_template($1)
-@@ -923,70 +921,68 @@
+@@ -923,70 +921,69 @@
  
  	allow $1_t self:context contains;
  
@@ -31631,6 +31671,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
 -	application_exec_all($1_t)
 +	auth_dontaudit_write_login_records($1_t)
++	auth_rw_cache($1_t)
  
  	# The library functions always try to open read-write first,
  	# then fall back to read-only if it fails. 
@@ -31692,7 +31733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1020,9 +1016,6 @@
+@@ -1020,9 +1017,6 @@
  	domain_interactive_fd($1_t)
  
  	typeattribute $1_devpts_t user_ptynode;
@@ -31702,7 +31743,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	typeattribute $1_tty_device_t user_ttynode;
  
  	##############################
-@@ -1031,16 +1024,29 @@
+@@ -1031,16 +1025,29 @@
  	#
  
  	# privileged home directory writers
@@ -31738,7 +31779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -1068,6 +1074,13 @@
+@@ -1068,6 +1075,13 @@
  
  	userdom_restricted_user_template($1)
  
@@ -31752,7 +31793,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_xwindows_client_template($1)
  
  	##############################
-@@ -1076,14 +1089,16 @@
+@@ -1076,14 +1090,16 @@
  	#
  
  	authlogin_per_role_template($1, $1_t, $1_r)
@@ -31774,7 +31815,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	logging_dontaudit_send_audit_msgs($1_t)
  
  	# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1091,32 +1106,29 @@
+@@ -1091,32 +1107,29 @@
  	selinux_get_enforce_mode($1_t)
  
  	optional_policy(`
@@ -31818,7 +31859,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1127,10 +1139,10 @@
+@@ -1127,10 +1140,10 @@
  ## </summary>
  ## <desc>
  ##	<p>
@@ -31833,7 +31874,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	This template creates a user domain, types, and
  ##	rules for the user's tty, pty, home directories,
  ##	tmp, and tmpfs files.
-@@ -1164,7 +1176,6 @@
+@@ -1164,7 +1177,6 @@
  	# Need the following rule to allow users to run vpnc
  	corenet_tcp_bind_xserver_port($1_t)
  
@@ -31841,7 +31882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	# cjp: why?
  	files_read_kernel_symbol_table($1_t)
  
-@@ -1193,12 +1204,11 @@
+@@ -1193,12 +1205,11 @@
  	# and may change other protocols
  	tunable_policy(`user_tcp_server',`
  		corenet_tcp_bind_all_nodes($1_t)
@@ -31856,7 +31897,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	# Run pppd in pppd_t by default for user
-@@ -1207,7 +1217,27 @@
+@@ -1207,7 +1218,27 @@
  	')
  
  	optional_policy(`
@@ -31885,7 +31926,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1284,8 +1314,6 @@
+@@ -1284,8 +1315,6 @@
  	# Manipulate other users crontab.
  	allow $1_t self:passwd crontab;
  
@@ -31894,7 +31935,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
  	kernel_getattr_message_if($1_t)
-@@ -1307,8 +1335,6 @@
+@@ -1307,8 +1336,6 @@
  
  	dev_getattr_generic_blk_files($1_t)
  	dev_getattr_generic_chr_files($1_t)
@@ -31903,7 +31944,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	# Allow MAKEDEV to work
  	dev_create_all_blk_files($1_t)
  	dev_create_all_chr_files($1_t)
-@@ -1363,13 +1389,6 @@
+@@ -1363,13 +1390,6 @@
  	# But presently necessary for installing the file_contexts file.
  	seutil_manage_bin_policy($1_t)
  
@@ -31917,7 +31958,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	optional_policy(`
  		userhelper_exec($1_t)
  	')
-@@ -1422,6 +1441,7 @@
+@@ -1422,6 +1442,7 @@
  	dev_relabel_all_dev_nodes($1)
  
  	files_create_boot_flag($1)
@@ -31925,7 +31966,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	# Necessary for managing /boot/efi
  	fs_manage_dos_files($1)
-@@ -1787,10 +1807,14 @@
+@@ -1787,10 +1808,14 @@
  template(`userdom_user_home_content',`
  	gen_require(`
  		attribute $1_file_type;
@@ -31941,7 +31982,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1886,11 +1910,11 @@
+@@ -1886,11 +1911,11 @@
  #
  template(`userdom_search_user_home_dirs',`
  	gen_require(`
@@ -31955,7 +31996,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1920,11 +1944,11 @@
+@@ -1920,11 +1945,11 @@
  #
  template(`userdom_list_user_home_dirs',`
  	gen_require(`
@@ -31969,7 +32010,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1968,12 +1992,12 @@
+@@ -1968,12 +1993,12 @@
  #
  template(`userdom_user_home_domtrans',`
  	gen_require(`
@@ -31985,7 +32026,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2003,10 +2027,11 @@
+@@ -2003,10 +2028,11 @@
  #
  template(`userdom_dontaudit_list_user_home_dirs',`
  	gen_require(`
@@ -31999,7 +32040,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2038,11 +2063,47 @@
+@@ -2038,11 +2064,47 @@
  #
  template(`userdom_manage_user_home_content_dirs',`
  	gen_require(`
@@ -32049,7 +32090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2074,10 +2135,10 @@
+@@ -2074,10 +2136,10 @@
  #
  template(`userdom_dontaudit_setattr_user_home_content_files',`
  	gen_require(`
@@ -32062,7 +32103,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2107,11 +2168,11 @@
+@@ -2107,11 +2169,11 @@
  #
  template(`userdom_read_user_home_content_files',`
  	gen_require(`
@@ -32076,7 +32117,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2141,11 +2202,11 @@
+@@ -2141,11 +2203,11 @@
  #
  template(`userdom_dontaudit_read_user_home_content_files',`
  	gen_require(`
@@ -32091,7 +32132,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2175,10 +2236,14 @@
+@@ -2175,10 +2237,14 @@
  #
  template(`userdom_dontaudit_write_user_home_content_files',`
  	gen_require(`
@@ -32108,7 +32149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2208,11 +2273,11 @@
+@@ -2208,11 +2274,11 @@
  #
  template(`userdom_read_user_home_content_symlinks',`
  	gen_require(`
@@ -32122,7 +32163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2242,11 +2307,11 @@
+@@ -2242,11 +2308,11 @@
  #
  template(`userdom_exec_user_home_content_files',`
  	gen_require(`
@@ -32136,7 +32177,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2276,10 +2341,10 @@
+@@ -2276,10 +2342,10 @@
  #
  template(`userdom_dontaudit_exec_user_home_content_files',`
  	gen_require(`
@@ -32149,7 +32190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2311,12 +2376,12 @@
+@@ -2311,12 +2377,12 @@
  #
  template(`userdom_manage_user_home_content_files',`
  	gen_require(`
@@ -32165,7 +32206,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2348,10 +2413,10 @@
+@@ -2348,10 +2414,10 @@
  #
  template(`userdom_dontaudit_manage_user_home_content_dirs',`
  	gen_require(`
@@ -32178,7 +32219,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2383,12 +2448,12 @@
+@@ -2383,12 +2449,12 @@
  #
  template(`userdom_manage_user_home_content_symlinks',`
  	gen_require(`
@@ -32194,7 +32235,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2420,12 +2485,12 @@
+@@ -2420,12 +2486,12 @@
  #
  template(`userdom_manage_user_home_content_pipes',`
  	gen_require(`
@@ -32210,7 +32251,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2457,12 +2522,12 @@
+@@ -2457,12 +2523,12 @@
  #
  template(`userdom_manage_user_home_content_sockets',`
  	gen_require(`
@@ -32226,7 +32267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2507,11 +2572,11 @@
+@@ -2507,11 +2573,11 @@
  #
  template(`userdom_user_home_dir_filetrans',`
  	gen_require(`
@@ -32240,7 +32281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2556,11 +2621,11 @@
+@@ -2556,11 +2622,11 @@
  #
  template(`userdom_user_home_content_filetrans',`
  	gen_require(`
@@ -32254,7 +32295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2600,11 +2665,11 @@
+@@ -2600,11 +2666,11 @@
  #
  template(`userdom_user_home_dir_filetrans_user_home_content',`
  	gen_require(`
@@ -32268,7 +32309,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2634,11 +2699,11 @@
+@@ -2634,11 +2700,11 @@
  #
  template(`userdom_write_user_tmp_sockets',`
  	gen_require(`
@@ -32282,7 +32323,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2668,11 +2733,11 @@
+@@ -2668,11 +2734,11 @@
  #
  template(`userdom_list_user_tmp',`
  	gen_require(`
@@ -32296,7 +32337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2704,10 +2769,10 @@
+@@ -2704,10 +2770,10 @@
  #
  template(`userdom_dontaudit_list_user_tmp',`
  	gen_require(`
@@ -32309,7 +32350,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2739,10 +2804,10 @@
+@@ -2739,10 +2805,10 @@
  #
  template(`userdom_dontaudit_manage_user_tmp_dirs',`
  	gen_require(`
@@ -32322,7 +32363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2772,12 +2837,12 @@
+@@ -2772,12 +2838,12 @@
  #
  template(`userdom_read_user_tmp_files',`
  	gen_require(`
@@ -32338,7 +32379,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2809,10 +2874,10 @@
+@@ -2809,10 +2875,10 @@
  #
  template(`userdom_dontaudit_read_user_tmp_files',`
  	gen_require(`
@@ -32351,7 +32392,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2844,10 +2909,48 @@
+@@ -2844,10 +2910,48 @@
  #
  template(`userdom_dontaudit_append_user_tmp_files',`
  	gen_require(`
@@ -32402,7 +32443,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2877,12 +2980,12 @@
+@@ -2877,12 +2981,12 @@
  #
  template(`userdom_rw_user_tmp_files',`
  	gen_require(`
@@ -32418,7 +32459,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2914,10 +3017,10 @@
+@@ -2914,10 +3018,10 @@
  #
  template(`userdom_dontaudit_manage_user_tmp_files',`
  	gen_require(`
@@ -32431,7 +32472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2949,12 +3052,12 @@
+@@ -2949,12 +3053,12 @@
  #
  template(`userdom_read_user_tmp_symlinks',`
  	gen_require(`
@@ -32447,7 +32488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2986,11 +3089,11 @@
+@@ -2986,11 +3090,11 @@
  #
  template(`userdom_manage_user_tmp_dirs',`
  	gen_require(`
@@ -32461,7 +32502,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3022,11 +3125,11 @@
+@@ -3022,11 +3126,11 @@
  #
  template(`userdom_manage_user_tmp_files',`
  	gen_require(`
@@ -32475,7 +32516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3058,11 +3161,11 @@
+@@ -3058,11 +3162,11 @@
  #
  template(`userdom_manage_user_tmp_symlinks',`
  	gen_require(`
@@ -32489,7 +32530,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3094,11 +3197,11 @@
+@@ -3094,11 +3198,11 @@
  #
  template(`userdom_manage_user_tmp_pipes',`
  	gen_require(`
@@ -32503,7 +32544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3130,11 +3233,11 @@
+@@ -3130,11 +3234,11 @@
  #
  template(`userdom_manage_user_tmp_sockets',`
  	gen_require(`
@@ -32517,7 +32558,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3179,10 +3282,10 @@
+@@ -3179,10 +3283,10 @@
  #
  template(`userdom_user_tmp_filetrans',`
  	gen_require(`
@@ -32530,7 +32571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_search_tmp($2)
  ')
  
-@@ -3223,10 +3326,10 @@
+@@ -3223,10 +3327,10 @@
  #
  template(`userdom_tmp_filetrans_user_tmp',`
  	gen_require(`
@@ -32543,7 +32584,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3254,24 +3357,24 @@
+@@ -3254,24 +3358,24 @@
  ##	</summary>
  ## </param>
  #
@@ -32572,7 +32613,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	</p>
  ##	<p>
  ##	This is a templated interface, and should only
-@@ -3290,23 +3393,24 @@
+@@ -3290,23 +3394,24 @@
  ##	</summary>
  ## </param>
  #
@@ -32604,7 +32645,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	</p>
  ##	<p>
  ##	This is a templated interface, and should only
-@@ -3321,25 +3425,28 @@
+@@ -3321,25 +3426,28 @@
  ## </param>
  ## <param name="domain">
  ##	<summary>
@@ -32639,7 +32680,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	</p>
  ##	<p>
  ##	This is a templated interface, and should only
-@@ -3358,18 +3465,86 @@
+@@ -3358,18 +3466,86 @@
  ##	</summary>
  ## </param>
  #
@@ -32729,7 +32770,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <desc>
  ##      <p>
-@@ -4231,11 +4406,11 @@
+@@ -4231,11 +4407,11 @@
  #
  interface(`userdom_search_staff_home_dirs',`
  	gen_require(`
@@ -32743,7 +32784,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4251,10 +4426,10 @@
+@@ -4251,10 +4427,10 @@
  #
  interface(`userdom_dontaudit_search_staff_home_dirs',`
  	gen_require(`
@@ -32756,7 +32797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4270,11 +4445,11 @@
+@@ -4270,11 +4446,11 @@
  #
  interface(`userdom_manage_staff_home_dirs',`
  	gen_require(`
@@ -32770,7 +32811,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4289,16 +4464,16 @@
+@@ -4289,16 +4465,16 @@
  #
  interface(`userdom_relabelto_staff_home_dirs',`
  	gen_require(`
@@ -32790,7 +32831,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	users home directory.
  ## </summary>
  ## <param name="domain">
-@@ -4307,12 +4482,27 @@
+@@ -4307,12 +4483,27 @@
  ##	</summary>
  ## </param>
  #
@@ -32821,7 +32862,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4327,13 +4517,13 @@
+@@ -4327,13 +4518,13 @@
  #
  interface(`userdom_read_staff_home_content_files',`
  	gen_require(`
@@ -32839,7 +32880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4531,10 +4721,10 @@
+@@ -4531,10 +4722,10 @@
  #
  interface(`userdom_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -32852,7 +32893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4551,10 +4741,10 @@
+@@ -4551,10 +4742,10 @@
  #
  interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -32865,7 +32906,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4569,10 +4759,10 @@
+@@ -4569,10 +4760,10 @@
  #
  interface(`userdom_search_sysadm_home_dirs',`
  	gen_require(`
@@ -32878,7 +32919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4588,10 +4778,10 @@
+@@ -4588,10 +4779,10 @@
  #
  interface(`userdom_dontaudit_search_sysadm_home_dirs',`
  	gen_require(`
@@ -32891,7 +32932,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4606,10 +4796,10 @@
+@@ -4606,10 +4797,10 @@
  #
  interface(`userdom_list_sysadm_home_dirs',`
  	gen_require(`
@@ -32904,7 +32945,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4625,10 +4815,10 @@
+@@ -4625,10 +4816,10 @@
  #
  interface(`userdom_dontaudit_list_sysadm_home_dirs',`
  	gen_require(`
@@ -32917,7 +32958,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4644,12 +4834,11 @@
+@@ -4644,12 +4835,11 @@
  #
  interface(`userdom_dontaudit_read_sysadm_home_content_files',`
  	gen_require(`
@@ -32933,7 +32974,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4676,10 +4865,10 @@
+@@ -4676,10 +4866,10 @@
  #
  interface(`userdom_sysadm_home_dir_filetrans',`
  	gen_require(`
@@ -32946,7 +32987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4694,10 +4883,10 @@
+@@ -4694,10 +4884,10 @@
  #
  interface(`userdom_search_sysadm_home_content_dirs',`
  	gen_require(`
@@ -32959,7 +33000,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4712,13 +4901,13 @@
+@@ -4712,13 +4902,13 @@
  #
  interface(`userdom_read_sysadm_home_content_files',`
  	gen_require(`
@@ -32977,7 +33018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4754,11 +4943,49 @@
+@@ -4754,11 +4944,49 @@
  #
  interface(`userdom_search_all_users_home_dirs',`
  	gen_require(`
@@ -33028,7 +33069,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4778,6 +5005,14 @@
+@@ -4778,6 +5006,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -33043,7 +33084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4839,6 +5074,26 @@
+@@ -4839,6 +5075,26 @@
  
  ########################################
  ## <summary>
@@ -33070,7 +33111,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all directories
  ##	in all users home directories.
  ## </summary>
-@@ -4859,6 +5114,25 @@
+@@ -4859,6 +5115,25 @@
  
  ########################################
  ## <summary>
@@ -33096,7 +33137,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all files
  ##	in all users home directories.
  ## </summary>
-@@ -4879,6 +5153,26 @@
+@@ -4879,6 +5154,26 @@
  
  ########################################
  ## <summary>
@@ -33123,7 +33164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all symlinks
  ##	in all users home directories.
  ## </summary>
-@@ -5115,7 +5409,7 @@
+@@ -5115,7 +5410,7 @@
  #
  interface(`userdom_relabelto_generic_user_home_dirs',`
  	gen_require(`
@@ -33132,7 +33173,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	files_search_home($1)
-@@ -5304,6 +5598,50 @@
+@@ -5304,6 +5599,50 @@
  
  ########################################
  ## <summary>
@@ -33183,7 +33224,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete directories in
  ##	unprivileged users home directories.
  ## </summary>
-@@ -5509,6 +5847,42 @@
+@@ -5509,6 +5848,42 @@
  
  ########################################
  ## <summary>
@@ -33226,7 +33267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Read and write unprivileged user ttys.
  ## </summary>
  ## <param name="domain">
-@@ -5559,7 +5933,7 @@
+@@ -5559,7 +5934,7 @@
  		attribute userdomain;
  	')
  
@@ -33235,7 +33276,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_search_proc($1)
  ')
  
-@@ -5674,7 +6048,7 @@
+@@ -5674,7 +6049,7 @@
  
  ########################################
  ## <summary>
@@ -33244,7 +33285,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -5682,18 +6056,54 @@
+@@ -5682,18 +6057,54 @@
  ##	</summary>
  ## </param>
  #
@@ -33303,7 +33344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -5704,3 +6114,370 @@
+@@ -5704,3 +6115,370 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2a80307..3480cff 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 29%{?dist}
+Release: 30%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Apr 8 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-30
+- Allow passwd to communicate with user sockets to change gnome-keyring
+
 * Sat Apr 5 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-29
 - Fix initial install