diff --git a/.cvsignore b/.cvsignore
index dbaf9f6..5545237 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -172,3 +172,4 @@ serefpolicy-3.6.14.tgz
serefpolicy-3.6.15.tgz
serefpolicy-3.6.16.tgz
serefpolicy-3.6.17.tgz
+serefpolicy-3.6.18.tgz
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 1078d16..199a810 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -413,6 +413,13 @@ domain = base
dovecot = module
# Layer: apps
+# Module: gitosis
+#
+# Policy for gitosis
+#
+gitosis = module
+
+# Layer: apps
# Module: gpg
#
# Policy for GNU Privacy Guard and related programs.
diff --git a/nsadiff b/nsadiff
index 1fb6f8a..3b8e504 100755
--- a/nsadiff
+++ b/nsadiff
@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.16 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.18 > /tmp/diff
diff --git a/policy-F12.patch b/policy-F12.patch
index 3f87c5d..6ab49c0 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -1686,6 +1686,159 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+permissive cpufreqselector_t;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.6.18/policy/modules/apps/gitosis.fc
+--- nsaserefpolicy/policy/modules/apps/gitosis.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.18/policy/modules/apps/gitosis.fc 2009-06-20 07:15:46.000000000 -0400
+@@ -0,0 +1,4 @@
++
++/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
++
++/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.18/policy/modules/apps/gitosis.if
+--- nsaserefpolicy/policy/modules/apps/gitosis.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.18/policy/modules/apps/gitosis.if 2009-06-20 07:15:46.000000000 -0400
+@@ -0,0 +1,94 @@
++## gitosis interface
++
++#######################################
++##
++## Execute a domain transition to run gitosis.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++#
++interface(`gitosis_domtrans',`
++ gen_require(`
++ type gitosis_t, gitosis_exec_t;
++ ')
++
++ domtrans_pattern($1, gitosis_exec_t, gitosis_t)
++')
++
++#######################################
++##
++## Execute gitosis-serve in the gitosis domain, and
++## allow the specified role the gitosis domain.
++##
++##
++##
++## Domain allowed access
++##
++##
++##
++##
++## The role to be allowed the gpsd domain.
++##
++##
++##
++##
++## The type of the role's terminal.
++##
++##
++#
++interface(`gitosis_run',`
++ gen_require(`
++ type gitosis_t;
++ ')
++
++ gitosis_domtrans($1)
++ role $2 types gitosis_t;
++ allow gitosis_t $3:chr_file rw_term_perms;
++')
++
++#######################################
++##
++## Allow the specified domain to read
++## gitosis lib files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`gitosis_read_var_lib',`
++ gen_require(`
++ type gitosis_var_lib_t;
++
++ ')
++
++ read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++')
++
++######################################
++##
++## Allow the specified domain to manage
++## gitosis lib files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`gitosis_manage_var_lib',`
++ gen_require(`
++ type gitosis_var_lib_t;
++
++ ')
++
++ manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.6.18/policy/modules/apps/gitosis.te
+--- nsaserefpolicy/policy/modules/apps/gitosis.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.18/policy/modules/apps/gitosis.te 2009-06-20 07:15:46.000000000 -0400
+@@ -0,0 +1,43 @@
++policy_module(gitosis,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type gitosis_t;
++type gitosis_exec_t;
++application_domain(gitosis_t, gitosis_exec_t)
++role system_r types gitosis_t;
++
++type gitosis_var_lib_t;
++files_type(gitosis_var_lib_t)
++
++########################################
++#
++# gitosis local policy
++#
++
++allow gitosis_t self:fifo_file rw_fifo_file_perms;
++
++exec_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_lnk_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_dirs_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++
++corecmd_exec_bin(gitosis_t)
++corecmd_exec_shell(gitosis_t)
++
++kernel_read_system_state(gitosis_t)
++
++files_read_usr_files(gitosis_t)
++files_search_var_lib(gitosis_t)
++
++libs_use_ld_so(gitosis_t)
++libs_use_shared_libs(gitosis_t)
++
++miscfiles_read_localization(gitosis_t)
++
++optional_policy(`
++ ssh_rw_pipes(gitosis_t)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.18/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-11-11 16:13:42.000000000 -0500
+++ serefpolicy-3.6.18/policy/modules/apps/gnome.fc 2009-06-20 06:49:47.000000000 -0400
@@ -28016,7 +28169,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.18/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-06-20 06:26:20.000000000 -0400
-+++ serefpolicy-3.6.18/policy/modules/system/sysnetwork.te 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.18/policy/modules/system/sysnetwork.te 2009-06-20 09:54:49.000000000 -0400
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -28045,7 +28198,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
-+allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_relay };
++allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 55bdc4b..b2dc843 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
%define CHECKPOLICYVER 2.0.16-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.6.17
+Version: 3.6.18
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
@@ -473,6 +473,9 @@ exit 0
%endif
%changelog
+* Sat Jun 20 2009 Dan Walsh 3.6.18-1
+- Update to upstream
+ * cleanup
* Fri Jun 19 2009 Dan Walsh 3.6.17-1
- Update to upstream
- Additional mail ports
diff --git a/sources b/sources
index 019c2c1..21b7b14 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ff26e4c0c4b5057f2fae0ecc28f2c5fa serefpolicy-3.6.17.tgz
+2513cf1675a62086dbd60387d6a74861 serefpolicy-3.6.18.tgz