diff --git a/policy-20070703.patch b/policy-20070703.patch
index 053cbaf..2dd68b3 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -312,6 +312,49 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.0.8/policy/modules/admin/alsa.if
+--- nsaserefpolicy/policy/modules/admin/alsa.if 2007-05-29 14:10:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/alsa.if 2007-09-22 06:43:02.000000000 -0400
+@@ -74,3 +74,39 @@
+ read_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
+ read_lnk_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
+ ')
++
++########################################
++##
++## search alsa lib config files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`alsa_search_lib',`
++ gen_require(`
++ type alsa_var_lib_t;
++ ')
++
++ allow $1 alsa_var_lib_t:dir search_dir_perms;
++')
++
++########################################
++##
++## Read alsa lib config files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`alsa_read_lib',`
++ gen_require(`
++ type alsa_var_lib_t;
++ ')
++
++ read_files_pattern($1,alsa_var_lib_t,alsa_var_lib_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.0.8/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-07-25 10:37:43.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/admin/alsa.te 2007-09-21 19:08:24.000000000 -0400
@@ -2429,7 +2472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.8/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-09-12 10:34:49.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc 2007-09-21 14:29:01.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc 2007-09-22 08:10:42.000000000 -0400
@@ -20,6 +20,7 @@
/dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
@@ -2442,10 +2485,58 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
/dev/input/event.* -c gen_context(system_u:object_r:event_device_t,s0)
/dev/input/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/input/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
-+/dev/input/uimput -c gen_context(system_u:object_r:scanner_device_t,s0)
++/dev/input/uinput -c gen_context(system_u:object_r:event_device_t,s0)
/dev/mapper/control -c gen_context(system_u:object_r:lvm_control_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.0.8/policy/modules/kernel/devices.if
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-06-15 14:54:30.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.if 2007-09-22 08:11:28.000000000 -0400
+@@ -1306,6 +1306,44 @@
+
+ ########################################
+ ##
++## Get the attributes of the event devices.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dev_getattr_event_dev',`
++ gen_require(`
++ type device_t, event_device_t;
++ ')
++
++ allow $1 device_t:dir r_dir_perms;
++ allow $1 event_device_t:chr_file getattr;
++')
++
++########################################
++##
++## Set the attributes of the event devices.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dev_setattr_event_dev',`
++ gen_require(`
++ type device_t, event_device_t;
++ ')
++
++ allow $1 device_t:dir r_dir_perms;
++ allow $1 event_device_t:chr_file setattr;
++')
++
++########################################
++##
+ ## Read input event devices (/dev/input).
+ ##
+ ##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.0.8/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-06-19 16:23:34.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/kernel/domain.if 2007-09-17 16:20:18.000000000 -0400
@@ -3730,7 +3821,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.8/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.te 2007-09-22 07:26:32.000000000 -0400
@@ -20,6 +20,8 @@
# Declarations
#
@@ -6290,7 +6381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-22 07:42:39.000000000 -0400
@@ -42,6 +42,10 @@
dontaudit $1 krb5_conf_t:file write;
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
@@ -6302,7 +6393,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
tunable_policy(`allow_kerberos',`
allow $1 self:tcp_socket create_socket_perms;
-@@ -172,3 +176,25 @@
+@@ -172,3 +176,26 @@
allow $1 krb5kdc_conf_t:file read_file_perms;
')
@@ -6325,6 +6416,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+
+ files_search_tmp($1)
+ allow $1 self:process setfscreate;
++ selinux_validate_context($1)
+ seutil_read_file_contexts($1)
+ allow $1 krb5_host_rcache_t:file manage_file_perms;
+')
@@ -6977,6 +7069,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
########################################
#
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.0.8/policy/modules/services/networkmanager.fc
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2007-09-12 10:34:50.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.fc 2007-09-22 07:16:25.000000000 -0400
+@@ -5,3 +5,4 @@
+ /var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+ /var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+ /var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
++/var/log/wpa_supplicant.log -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.0.8/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2007-06-15 14:54:33.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.if 2007-09-20 08:50:57.000000000 -0400
@@ -7007,8 +7107,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-09-12 10:34:50.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2007-09-20 08:50:29.000000000 -0400
-@@ -20,7 +20,7 @@
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2007-09-22 07:14:54.000000000 -0400
+@@ -13,6 +13,9 @@
+ type NetworkManager_var_run_t;
+ files_pid_file(NetworkManager_var_run_t)
+
++type NetworkManager_log_t;
++files_pid_file(NetworkManager_log_t)
++
+ ########################################
+ #
+ # Local policy
+@@ -20,7 +23,7 @@
# networkmanager will ptrace itself if gdb is installed
# and it receives a unexpected signal (rh bug #204161)
@@ -7017,7 +7127,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms };
allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
-@@ -138,6 +138,9 @@
+@@ -38,6 +41,9 @@
+ manage_sock_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
+ files_pid_filetrans(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
+
++manage_files_pattern(NetworkManager_t,NetworkManager_log_t,NetworkManager_log_t)
++logging_log_filetrans(NetworkManager_t,NetworkManager_log_t, file)
++
+ kernel_read_system_state(NetworkManager_t)
+ kernel_read_network_state(NetworkManager_t)
+ kernel_read_kernel_sysctls(NetworkManager_t)
+@@ -138,6 +144,9 @@
dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
dbus_connect_system_bus(NetworkManager_t)
dbus_send_system_bus(NetworkManager_t)
@@ -7027,7 +7147,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -173,8 +176,10 @@
+@@ -173,8 +182,10 @@
')
optional_policy(`
@@ -8015,7 +8135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.0.8/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/rlogin.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/rlogin.te 2007-09-22 07:43:42.000000000 -0400
@@ -64,9 +64,10 @@
fs_getattr_xattr_fs(rlogind_t)
fs_search_auto_mountpoints(rlogind_t)
@@ -8028,25 +8148,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
files_read_etc_files(rlogind_t)
files_read_etc_runtime_files(rlogind_t)
-@@ -82,7 +83,7 @@
+@@ -82,21 +83,17 @@
miscfiles_read_localization(rlogind_t)
-seutil_dontaudit_search_config(rlogind_t)
+-
+-sysnet_read_config(rlogind_t)
+seutil_read_config(rlogind_t)
- sysnet_read_config(rlogind_t)
+ userdom_setattr_unpriv_users_ptys(rlogind_t)
+ # cjp: this is egregious
+ userdom_read_all_users_home_content_files(rlogind_t)
-@@ -93,7 +94,9 @@
remotelogin_domtrans(rlogind_t)
++remotelogin_signal(rlogind_t)
optional_policy(`
+ kerberos_use(rlogind_t)
kerberos_read_keytab(rlogind_t)
+-')
+-
+-ifdef(`TODO',`
+-# Allow krb5 rlogind to use fork and open /dev/tty for use
+-allow rlogind_t userpty_type:chr_file setattr;
+ kerberos_manage_host_rcache(rlogind_t)
')
-
- ifdef(`TODO',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.0.8/policy/modules/services/rpcbind.te
--- nsaserefpolicy/policy/modules/services/rpcbind.te 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/rpcbind.te 2007-09-17 16:20:18.000000000 -0400
@@ -8920,7 +9047,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.0.8/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2007-09-12 10:34:50.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/sendmail.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/sendmail.te 2007-09-22 07:08:31.000000000 -0400
@@ -20,19 +20,22 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -9460,7 +9587,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.0.8/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/telnet.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/telnet.te 2007-09-22 07:45:00.000000000 -0400
@@ -32,7 +32,6 @@
allow telnetd_t self:udp_socket create_socket_perms;
# for identd; cjp: this should probably only be inetd_child rules?
@@ -9482,7 +9609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/teln
files_read_etc_files(telnetd_t)
files_read_etc_runtime_files(telnetd_t)
# for identd; cjp: this should probably only be inetd_child rules?
-@@ -80,9 +81,7 @@
+@@ -80,27 +81,26 @@
miscfiles_read_localization(telnetd_t)
@@ -9493,7 +9620,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/teln
remotelogin_domtrans(telnetd_t)
-@@ -90,17 +89,16 @@
++userdom_search_unpriv_users_home_dirs(telnetd_t)
++
+ # for identd; cjp: this should probably only be inetd_child rules?
optional_policy(`
kerberos_use(telnetd_t)
kerberos_read_keytab(telnetd_t)
@@ -10565,7 +10694,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-08-22 07:14:12.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2007-09-21 16:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2007-09-22 08:12:19.000000000 -0400
@@ -9,6 +9,13 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -10601,7 +10730,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
########################################
#
# PAM local policy
-@@ -159,6 +173,8 @@
+@@ -149,6 +163,8 @@
+ dev_setattr_apm_bios_dev(pam_console_t)
+ dev_getattr_dri_dev(pam_console_t)
+ dev_setattr_dri_dev(pam_console_t)
++dev_getattr_event_dev(pam_console_t)
++dev_setattr_event_dev(pam_console_t)
+ dev_getattr_framebuffer_dev(pam_console_t)
+ dev_setattr_framebuffer_dev(pam_console_t)
+ dev_getattr_generic_usb_dev(pam_console_t)
+@@ -159,6 +175,8 @@
dev_setattr_mouse_dev(pam_console_t)
dev_getattr_power_mgmt_dev(pam_console_t)
dev_setattr_power_mgmt_dev(pam_console_t)
@@ -10610,7 +10748,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
dev_getattr_scanner_dev(pam_console_t)
dev_setattr_scanner_dev(pam_console_t)
dev_getattr_sound_dev(pam_console_t)
-@@ -236,7 +252,7 @@
+@@ -236,7 +254,7 @@
optional_policy(`
xserver_read_xdm_pid(pam_console_t)
@@ -10619,7 +10757,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
########################################
-@@ -302,3 +318,28 @@
+@@ -302,3 +320,28 @@
xserver_use_xdm_fds(utempter_t)
xserver_rw_xdm_pipes(utempter_t)
')
@@ -10829,8 +10967,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.0.8/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2007-08-22 07:14:12.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.if 2007-09-17 16:20:18.000000000 -0400
-@@ -540,18 +540,19 @@
++++ serefpolicy-3.0.8/policy/modules/system/init.if 2007-09-22 07:07:39.000000000 -0400
+@@ -211,6 +211,13 @@
+ kernel_dontaudit_use_fds($1)
+ ')
+ ')
++ tunable_policy(`allow_daemons_use_tty',`
++ term_use_all_user_ttys($1)
++ term_use_all_user_ptys($1)
++ ', `
++ term_dontaudit_use_all_user_ttys($1)
++ term_dontaudit_use_all_user_ptys($1)
++ ')
+ ')
+
+ ########################################
+@@ -540,18 +547,19 @@
#
interface(`init_spec_domtrans_script',`
gen_require(`
@@ -10854,7 +11006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
')
')
-@@ -567,18 +568,46 @@
+@@ -567,18 +575,46 @@
#
interface(`init_domtrans_script',`
gen_require(`
@@ -10905,7 +11057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
')
')
-@@ -609,11 +638,11 @@
+@@ -609,11 +645,11 @@
# cjp: added for gentoo integrated run_init
interface(`init_script_file_domtrans',`
gen_require(`
@@ -10919,7 +11071,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
')
########################################
-@@ -684,11 +713,11 @@
+@@ -684,11 +720,11 @@
#
interface(`init_getattr_script_files',`
gen_require(`
@@ -10933,7 +11085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
')
########################################
-@@ -703,11 +732,11 @@
+@@ -703,11 +739,11 @@
#
interface(`init_exec_script_files',`
gen_require(`
@@ -10947,7 +11099,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
')
########################################
-@@ -931,6 +960,7 @@
+@@ -931,6 +967,7 @@
dontaudit $1 initrc_t:unix_stream_socket connectto;
')
@@ -10955,7 +11107,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
########################################
##
## Send messages to init scripts over dbus.
-@@ -1030,11 +1060,11 @@
+@@ -1030,11 +1067,11 @@
#
interface(`init_read_script_files',`
gen_require(`
@@ -10969,7 +11121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
')
########################################
-@@ -1252,7 +1282,7 @@
+@@ -1252,7 +1289,7 @@
type initrc_var_run_t;
')
@@ -10978,7 +11130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
')
########################################
-@@ -1273,3 +1303,64 @@
+@@ -1273,3 +1310,64 @@
files_search_pids($1)
allow $1 initrc_var_run_t:file manage_file_perms;
')
@@ -11045,7 +11197,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.0.8/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-09-12 10:34:51.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.te 2007-09-18 11:07:20.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/init.te 2007-09-22 07:06:37.000000000 -0400
@@ -10,6 +10,20 @@
# Declarations
#
@@ -11140,7 +11292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
selinux_get_enforce_mode(initrc_t)
-@@ -497,6 +515,39 @@
+@@ -497,6 +515,43 @@
')
optional_policy(`
@@ -11152,9 +11304,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+tunable_policy(`allow_daemons_use_tty',`
+ term_use_unallocated_ttys(daemon)
+ term_use_generic_ptys(daemon)
++ term_use_all_user_ttys(daemon)
++ term_use_all_user_ptys(daemon)
+', `
+ term_dontaudit_use_unallocated_ttys(daemon)
+ term_dontaudit_use_generic_ptys(daemon)
++ term_dontaudit_use_all_user_ttys(daemon)
++ term_dontaudit_use_all_user_ptys(daemon)
+ ')
+
+# system-config-services causes avc messages that should be dontaudited
@@ -11180,7 +11336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
')
-@@ -632,12 +683,6 @@
+@@ -632,12 +687,6 @@
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
')
@@ -11193,7 +11349,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
ifdef(`distro_redhat',`
-@@ -703,6 +748,9 @@
+@@ -703,6 +752,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -12991,6 +13147,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
term_dontaudit_use_all_user_ttys(ifconfig_t)
term_dontaudit_use_all_user_ptys(ifconfig_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.0.8/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te 2007-09-12 10:34:51.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/udev.te 2007-09-22 06:43:22.000000000 -0400
+@@ -184,6 +184,10 @@
+ ')
+
+ optional_policy(`
++ alsa_search_lib(udev_t)
++')
++
++optional_policy(`
+ brctl_domtrans(udev_t)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.0.8/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-05-29 14:10:58.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/unconfined.fc 2007-09-21 06:46:14.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 31e3fc7..168d82a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -362,6 +362,9 @@ exit 0
%endif
%changelog
+* Sat Sep 22 2007 Dan Walsh 3.0.8-9
+- Fix service start stop terminal avc's
+
* Fri Sep 21 2007 Dan Walsh 3.0.8-8
- Allow also to search var_lib
- New context for dbus launcher