diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index a2bc8ce..99e484c 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
 
-policy_module(rpm,1.3.3)
+policy_module(rpm,1.3.4)
 
 ########################################
 #
@@ -117,6 +117,7 @@ fs_search_auto_mountpoints(rpm_t)
 mls_file_read_up(rpm_t)
 mls_file_write_down(rpm_t)
 mls_file_upgrade(rpm_t)
+mls_file_downgrade(rpm_t)
 
 selinux_get_fs_mount(rpm_t)
 selinux_validate_context(rpm_t)
diff --git a/refpolicy/policy/modules/apps/java.fc b/refpolicy/policy/modules/apps/java.fc
index 9375e71..0c38246 100644
--- a/refpolicy/policy/modules/apps/java.fc
+++ b/refpolicy/policy/modules/apps/java.fc
@@ -1,4 +1,9 @@
 #
+# /opt
+#
+/opt(/.*)?/bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
+
+#
 # /usr
 #
 /usr(/.*)?/bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
diff --git a/refpolicy/policy/modules/apps/java.te b/refpolicy/policy/modules/apps/java.te
index fd1df0f..26cca07 100644
--- a/refpolicy/policy/modules/apps/java.te
+++ b/refpolicy/policy/modules/apps/java.te
@@ -1,5 +1,5 @@
 
-policy_module(java,1.1.0)
+policy_module(java,1.1.1)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/kernel/devices.fc b/refpolicy/policy/modules/kernel/devices.fc
index ee2e73e..ec33d1b 100644
--- a/refpolicy/policy/modules/kernel/devices.fc
+++ b/refpolicy/policy/modules/kernel/devices.fc
@@ -72,6 +72,8 @@ ifdef(`distro_suse', `
 
 /dev/dri/.+		-c	gen_context(system_u:object_r:dri_device_t,s0)
 
+/dev/dvb/.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
+
 /dev/input/.*mouse.*	-c	gen_context(system_u:object_r:mouse_device_t,s0)
 /dev/input/event.*	-c	gen_context(system_u:object_r:event_device_t,s0)
 /dev/input/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
diff --git a/refpolicy/policy/modules/kernel/devices.te b/refpolicy/policy/modules/kernel/devices.te
index 58787ea..8e9f377 100644
--- a/refpolicy/policy/modules/kernel/devices.te
+++ b/refpolicy/policy/modules/kernel/devices.te
@@ -1,5 +1,5 @@
 
-policy_module(devices,1.1.8)
+policy_module(devices,1.1.9)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index 6e256bb..b0d39e5 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -197,6 +197,27 @@ template(`apache_content_template',`
 		allow httpd_$1_script_t self:lnk_file read;
 	')
 
+	tunable_policy(`httpd_enable_cgi && httpd_can_network_connect_db',`
+		allow httpd_$1_script_t self:tcp_socket create_stream_socket_perms;
+		allow httpd_$1_script_t self:udp_socket create_socket_perms;
+
+		corenet_non_ipsec_sendrecv(httpd_$1_script_t)
+		corenet_tcp_sendrecv_all_if(httpd_$1_script_t)
+		corenet_udp_sendrecv_all_if(httpd_$1_script_t)
+		corenet_raw_sendrecv_all_if(httpd_$1_script_t)
+		corenet_tcp_sendrecv_all_nodes(httpd_$1_script_t)
+		corenet_udp_sendrecv_all_nodes(httpd_$1_script_t)
+		corenet_raw_sendrecv_all_nodes(httpd_$1_script_t)
+		corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
+		corenet_udp_sendrecv_all_ports(httpd_$1_script_t)
+		corenet_tcp_bind_all_nodes(httpd_$1_script_t)
+		corenet_udp_bind_all_nodes(httpd_$1_script_t)
+		corenet_tcp_connect_postgresql_port(httpd_$1_script_t)
+		corenet_tcp_connect_mysqld_port(httpd_$1_script_t)
+
+		sysnet_read_config(httpd_$1_script_t)
+	')
+
 	tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
 		allow httpd_$1_script_t self:tcp_socket create_stream_socket_perms;
 		allow httpd_$1_script_t self:udp_socket create_socket_perms;
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index 7fd8891..148da51 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
 
-policy_module(apache,1.3.5)
+policy_module(apache,1.3.6)
 
 #
 # NOTES: 
diff --git a/refpolicy/policy/modules/services/automount.te b/refpolicy/policy/modules/services/automount.te
index c0dd711..62b2baf 100644
--- a/refpolicy/policy/modules/services/automount.te
+++ b/refpolicy/policy/modules/services/automount.te
@@ -1,5 +1,5 @@
 
-policy_module(automount,1.2.1)
+policy_module(automount,1.2.2)
 
 ########################################
 #
@@ -123,6 +123,7 @@ logging_send_syslog_msg(automount_t)
 logging_search_logs(automount_t)
 
 miscfiles_read_localization(automount_t)
+miscfiles_read_certs(automount_t)
 
 # Run mount in the mount_t domain.
 mount_domtrans(automount_t)
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 074c2f3..e6b6496 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -1,5 +1,5 @@
 
-policy_module(bluetooth,1.2.3)
+policy_module(bluetooth,1.2.4)
 
 ########################################
 #
@@ -41,7 +41,7 @@ files_pid_file(bluetooth_var_run_t)
 # Bluetooth services local policy
 #
 
-allow bluetooth_t self:capability { net_admin net_raw sys_tty_config };
+allow bluetooth_t self:capability { net_admin net_raw sys_tty_config ipc_lock };
 dontaudit bluetooth_t self:capability sys_tty_config;
 allow bluetooth_t self:process { getsched signal_perms };
 allow bluetooth_t self:fifo_file rw_file_perms;
@@ -176,9 +176,10 @@ allow bluetooth_helper_t self:tcp_socket create_socket_perms;
 
 allow bluetooth_helper_t bluetooth_t:socket { read write };
 
-allow bluetooth_helper_t bluetooth_helper_tmp_t:dir create_dir_perms;
-allow bluetooth_helper_t bluetooth_helper_tmp_t:file create_file_perms;
-files_tmp_filetrans(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir })
+allow bluetooth_helper_t bluetooth_helper_tmp_t:dir manage_dir_perms;
+allow bluetooth_helper_t bluetooth_helper_tmp_t:file manage_file_perms;
+allow bluetooth_helper_t bluetooth_helper_tmp_t:sock_file manage_file_perms;
+files_tmp_filetrans(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir sock_file })
 
 kernel_read_system_state(bluetooth_helper_t)
 kernel_read_kernel_sysctls(bluetooth_helper_t)
@@ -213,6 +214,8 @@ ifdef(`targeted_policy',`
 
 	fs_rw_tmpfs_files(bluetooth_helper_t)
 
+	term_dontaudit_use_generic_ptys(bluetooth_helper_t)
+
 	unconfined_stream_connect(bluetooth_helper_t)
 
 	userdom_read_all_users_home_content_files(bluetooth_helper_t)
@@ -223,6 +226,7 @@ ifdef(`targeted_policy',`
 ')
 
 optional_policy(`
+	bluetooth_dbus_chat(bluetooth_helper_t)
 	dbus_system_bus_client_template(bluetooth_helper,bluetooth_helper_t)
 	dbus_connect_system_bus(bluetooth_helper_t)
 	dbus_send_system_bus(bluetooth_helper_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 9a2d72f..1f8f1f7 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -1,5 +1,5 @@
 
-policy_module(cups,1.3.2)
+policy_module(cups,1.3.3)
 
 ########################################
 #
@@ -110,7 +110,7 @@ allow cupsd_t cupsd_tmp_t:fifo_file create_file_perms;
 files_tmp_filetrans(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
 
 allow cupsd_t cupsd_var_run_t:file create_file_perms;
-allow cupsd_t cupsd_var_run_t:dir rw_dir_perms;
+allow cupsd_t cupsd_var_run_t:dir { setattr rw_dir_perms };
 allow cupsd_t cupsd_var_run_t:sock_file create_file_perms;
 files_pid_filetrans(cupsd_t,cupsd_var_run_t,file)
 
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index 07bd6fc..88289c1 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
 
-policy_module(dbus,1.2.1)
+policy_module(dbus,1.2.2)
 
 gen_require(`
 	class dbus { send_msg acquire_svc };
@@ -102,6 +102,7 @@ libs_use_shared_libs(system_dbusd_t)
 logging_send_syslog_msg(system_dbusd_t)
 
 miscfiles_read_localization(system_dbusd_t)
+miscfiles_read_certs(system_dbusd_t)
 
 seutil_read_config(system_dbusd_t)
 seutil_read_default_contexts(system_dbusd_t)
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index 8ed9e17..cc87327 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -1,5 +1,5 @@
 
-policy_module(ftp,1.2.1)
+policy_module(ftp,1.2.2)
 
 ########################################
 #
@@ -62,6 +62,7 @@ allow ftpd_t ftpd_var_run_t:dir rw_dir_perms;
 files_pid_filetrans(ftpd_t,ftpd_var_run_t,file)
 
 # Create and modify /var/log/xferlog.
+allow ftpd_t xferlog_t:dir search_dir_perms;
 allow ftpd_t xferlog_t:file create_file_perms;
 logging_log_filetrans(ftpd_t,xferlog_t,file)
 
diff --git a/refpolicy/policy/modules/services/gpm.te b/refpolicy/policy/modules/services/gpm.te
index 0b68e0d..c2b800a 100644
--- a/refpolicy/policy/modules/services/gpm.te
+++ b/refpolicy/policy/modules/services/gpm.te
@@ -1,5 +1,5 @@
 
-policy_module(gpm,1.1.1)
+policy_module(gpm,1.1.2)
 
 ########################################
 #
@@ -54,8 +54,7 @@ kernel_read_proc_symlinks(gpm_t)
 
 dev_read_sysfs(gpm_t)
 # Access the mouse.
-# cjp: why write?
-dev_rw_input_dev(event_device_t)
+dev_rw_input_dev(gpm_t)
 dev_rw_mouse(gpm_t)
 
 fs_getattr_all_fs(gpm_t)
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 3ed03c2..6895d46 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
 
-policy_module(hal,1.3.2)
+policy_module(hal,1.3.3)
 
 ########################################
 #
@@ -22,7 +22,7 @@ files_pid_file(hald_var_run_t)
 #
 
 # execute openvt which needs setuid
-allow hald_t self:capability { setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config };
+allow hald_t self:capability { chown setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config };
 dontaudit hald_t self:capability sys_tty_config;
 allow hald_t self:process signal_perms;
 allow hald_t self:fifo_file rw_file_perms;
@@ -52,6 +52,9 @@ kernel_rw_vm_sysctls(hald_t)
 kernel_write_proc_files(hald_t)
 
 files_search_boot(hald_t)
+files_getattr_home_dir(hald_t)
+
+auth_read_pam_console_data(hald_t)
 
 corecmd_exec_bin(hald_t)
 corecmd_exec_sbin(hald_t)
@@ -93,6 +96,7 @@ files_search_var_lib(hald_t)
 files_read_usr_files(hald_t)
 # hal is now execing pm-suspend
 files_create_boot_flag(hald_t)
+files_getattr_default_dirs(hald_t)
 
 fs_getattr_all_fs(hald_t)
 fs_search_all(hald_t)
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index d4a30c2..56776c2 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
 
-policy_module(mysql,1.2.0)
+policy_module(mysql,1.2.1)
 
 ########################################
 #
@@ -104,6 +104,7 @@ logging_send_syslog_msg(mysqld_t)
 
 miscfiles_read_localization(mysqld_t)
 
+sysnet_use_ldap(mysqld_t)
 sysnet_read_config(mysqld_t)
 
 userdom_dontaudit_use_unpriv_user_fds(mysqld_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 8112eb5..eaf58e1 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
 
-policy_module(networkmanager,1.3.0)
+policy_module(networkmanager,1.3.1)
 
 ########################################
 #
@@ -155,6 +155,7 @@ optional_policy(`
 
 optional_policy(`
 	nscd_socket_use(NetworkManager_t)
+	nscd_signal(NetworkManager_t)
 ')
 
 optional_policy(`
diff --git a/refpolicy/policy/modules/services/nscd.if b/refpolicy/policy/modules/services/nscd.if
index dd13368..0625b2d 100644
--- a/refpolicy/policy/modules/services/nscd.if
+++ b/refpolicy/policy/modules/services/nscd.if
@@ -2,6 +2,24 @@
 
 ########################################
 ## <summary>
+##	Send generic signals to NSCD.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`nscd_signal',`
+	gen_require(`
+		type nscd_t;
+	')
+
+	allow $1 nscd_t:process signal;
+')
+
+########################################
+## <summary>
 ##	Execute NSCD in the nscd domain.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index 37802b0..451302d 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
 
-policy_module(nscd,1.2.1)
+policy_module(nscd,1.2.2)
 
 gen_require(`
 	class nscd all_nscd_perms;
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index ae35a20..e362e71 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -1,5 +1,5 @@
 
-policy_module(rsync,1.2.0)
+policy_module(rsync,1.2.1)
 
 ########################################
 #
@@ -65,6 +65,7 @@ corenet_udp_sendrecv_all_ports(rsync_t)
 corenet_non_ipsec_sendrecv(rsync_t)
 corenet_tcp_bind_all_nodes(rsync_t)
 corenet_udp_bind_all_nodes(rsync_t)
+corenet_tcp_bind_rsync_port(rsync_t)
 
 dev_read_urand(rsync_t)
 
@@ -73,10 +74,13 @@ fs_getattr_xattr_fs(rsync_t)
 files_read_etc_files(rsync_t)
 files_search_home(rsync_t)
 
+init_dontaudit_use_fds(rsync_t)
+
 libs_use_ld_so(rsync_t)
 libs_use_shared_libs(rsync_t)
 
 logging_send_syslog_msg(rsync_t)
+logging_dontaudit_search_logs(rsync_t)
 
 miscfiles_read_localization(rsync_t)
 miscfiles_read_public_files(rsync_t)
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 9e3f045..c5ae85e 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
 
-policy_module(samba,1.2.2)
+policy_module(samba,1.2.3)
 
 #################################
 #
@@ -193,6 +193,8 @@ allow smbd_t samba_log_t:dir ra_dir_perms;
 dontaudit smbd_t samba_log_t:dir remove_name;
 allow smbd_t samba_log_t:file { create ra_file_perms };
 
+allow smbd_t samba_net_tmp_t:file getattr;
+
 allow smbd_t samba_secrets_t:dir rw_dir_perms;
 allow smbd_t samba_secrets_t:file create_file_perms;
 type_transition smbd_t samba_etc_t:file samba_secrets_t;
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index c96d72c..ebda872 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -1,5 +1,5 @@
 
-policy_module(snmp,1.1.0)
+policy_module(snmp,1.1.1)
 
 ########################################
 #
@@ -49,6 +49,7 @@ allow snmpd_t snmpd_var_run_t:file create_file_perms;
 allow snmpd_t snmpd_var_run_t:dir rw_dir_perms;
 files_pid_filetrans(snmpd_t,snmpd_var_run_t,file)
 
+kernel_read_device_sysctls(snmpd_t)
 kernel_read_kernel_sysctls(snmpd_t)
 kernel_read_net_sysctls(snmpd_t)
 kernel_read_proc_symlinks(snmpd_t)
diff --git a/refpolicy/policy/modules/system/getty.fc b/refpolicy/policy/modules/system/getty.fc
index 6db25c1..2a3e0f5 100644
--- a/refpolicy/policy/modules/system/getty.fc
+++ b/refpolicy/policy/modules/system/getty.fc
@@ -6,3 +6,5 @@
 /var/log/mgetty\.log.*	--	gen_context(system_u:object_r:getty_log_t,s0)
 
 /var/run/mgetty\.pid.*	--	gen_context(system_u:object_r:getty_var_run_t,s0)
+
+/var/spool/fax		--	gen_context(system_u:object_r:getty_var_run_t,s0)
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index d8ede07..aaac752 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -1,5 +1,5 @@
 
-policy_module(getty,1.1.1)
+policy_module(getty,1.1.2)
 
 ########################################
 #
@@ -110,6 +110,10 @@ ifdef(`targeted_policy',`
 ')
 
 optional_policy(`
+	mta_send_mail(getty_t)
+')
+
+optional_policy(`
 	nscd_socket_use(getty_t)
 ')
 
diff --git a/refpolicy/policy/modules/system/libraries.fc b/refpolicy/policy/modules/system/libraries.fc
index 9802886..bd47da3 100644
--- a/refpolicy/policy/modules/system/libraries.fc
+++ b/refpolicy/policy/modules/system/libraries.fc
@@ -33,6 +33,8 @@ ifdef(`distro_redhat',`
 #
 /opt(/.*)?/lib(64)?(/.*)?			gen_context(system_u:object_r:lib_t,s0)
 /opt(/.*)?/lib(64)?/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:shlib_t,s0)
+/opt/.*/jre.*/libdeploy.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/.*/jre.*/libjvm.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 #
 # /sbin
@@ -55,17 +57,24 @@ ifdef(`distro_redhat',`
 
 /usr(/.*)?/nvidia/.*\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
-/usr/lib(64)?/pgsql/test/regress/.*\.so --	gen_context(system_u:object_r:shlib_t,s0)
+/usr/lib(64)?/pgsql/test/regress/.*\.so	--	gen_context(system_u:object_r:shlib_t,s0)
 
 /usr/lib/win32/.*			--	gen_context(system_u:object_r:shlib_t,s0)
 
 /usr/lib(64)?/im/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
 /usr/lib(64)?/iiim/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
 
+/usr(/.*)?/lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libsipphoneapi\.so.*	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
 /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libGLU\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libjs\.so.*     		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)*             --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)*              --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.*            --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/vmware(.*/)?/VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 /usr/(local/)?lib/wine/.*\.so  		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/(local/)?lib/libfame-.*\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -76,6 +85,7 @@ ifdef(`distro_redhat',`
 
 /usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/xorg/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 ifdef(`distro_redhat',`
 /usr/lib(64)?/.*/program/.*\.so.*		gen_context(system_u:object_r:shlib_t,s0)
@@ -92,6 +102,7 @@ ifdef(`distro_redhat',`
 /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libglide3\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libglide-v[0-9]*\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libdv\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/helix/plugins/oggfformat\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/helix/plugins/theorarend\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -167,16 +178,17 @@ HOME_DIR/.*/plugins/libflashplayer\.so.* --	gen_context(system_u:object_r:textre
 /usr/lib(64)?/libdivxdecore.so.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libdivxencore.so.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
-# vmware
-/usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+# vmware 
+/usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.*  -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 # Java, Sun Microsystems (JPackage SRPM)
-/usr/.*/jre.*/lib/i386/libdeploy.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/.*/jre.*/libdeploy.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/.*/jre.*/libjvm.so			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
-/usr(/.*)?/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:shlib_t,s0)
-/usr(/.*)?/Reader/intellinux/plug_ins/AcroForm\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr(/.*)?/Reader/intellinux/plug_ins/EScript\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr(/.*)?/Reader/intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr(/.*)?/intellinux/nppdf\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
+/usr(/.*)?/intellinux/lib/\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
+/usr(/.*)?/intellinux/plug_ins/.*\.api	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
+/usr(/.*)?/intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 ') dnl end distro_redhat
 
 ifdef(`distro_suse',`
diff --git a/refpolicy/policy/modules/system/libraries.te b/refpolicy/policy/modules/system/libraries.te
index 14cb763..8fe2fc8 100644
--- a/refpolicy/policy/modules/system/libraries.te
+++ b/refpolicy/policy/modules/system/libraries.te
@@ -1,5 +1,5 @@
 
-policy_module(libraries,1.3.3)
+policy_module(libraries,1.3.4)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 48c2212..ba89ae1 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -1,5 +1,5 @@
 
-policy_module(mount,1.3.3)
+policy_module(mount,1.3.4)
 
 ########################################
 #
@@ -19,7 +19,8 @@ files_tmp_file(mount_tmp_t)
 # mount local policy
 #
 
-allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config };
+# setuid/setgid needed to mount cifs 
+allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
 
 allow mount_t mount_tmp_t:file create_file_perms;
 allow mount_t mount_tmp_t:dir create_dir_perms;
@@ -44,6 +45,7 @@ storage_raw_read_removable_device(mount_t)
 storage_raw_write_removable_device(mount_t)
 
 fs_getattr_xattr_fs(mount_t)
+fs_getattr_cifs(mount_t)
 fs_mount_all_fs(mount_t)
 fs_unmount_all_fs(mount_t)
 fs_remount_all_fs(mount_t)
diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if
index 3057feb..74a904f 100644
--- a/refpolicy/policy/modules/system/unconfined.if
+++ b/refpolicy/policy/modules/system/unconfined.if
@@ -55,7 +55,7 @@ interface(`unconfined_domain_noaudit',`
 	tunable_policy(`allow_execmem && allow_execstack',`
 		# Allow making the stack executable via mprotect.
 		allow $1 self:process execstack;
-		auditallow $1 self:process execstack;
+#		auditallow $1 self:process execstack;
 	', `
 		# These are fairly common but seem to be harmless
 		# caused by using shared libraries built with old tool chains
@@ -109,9 +109,10 @@ interface(`unconfined_domain',`
 		auditallow $1 self:process execheap;
 	')
 
-	tunable_policy(`allow_execmem',`
-		auditallow $1 self:process execmem;
-	')
+# Turn off this audit for FC5
+#	tunable_policy(`allow_execmem',`
+#		auditallow $1 self:process execmem;
+#	')
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index f3fb908..0674249 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -1,5 +1,5 @@
 
-policy_module(unconfined,1.3.3)
+policy_module(unconfined,1.3.4)
 
 ########################################
 #
@@ -41,6 +41,10 @@ ifdef(`targeted_policy',`
 	userdom_unconfined(unconfined_t)
 	userdom_priveleged_home_dir_manager(unconfined_t)
 
+#	optional_policy(`
+#		ada_domtrans(unconfined_t)
+#	')
+
 	optional_policy(`
 		amanda_domtrans_recover(unconfined_t)
 	')
@@ -106,10 +110,6 @@ ifdef(`targeted_policy',`
 	')
 
 	optional_policy(`
-		netutils_domtrans_ping(unconfined_t)
-	')
-
-	optional_policy(`
 		portmap_domtrans_helper(unconfined_t)
 	')
 
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index c5a4954..c4d73bc 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,1.3.10)
+policy_module(userdomain,1.3.11)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;
@@ -181,8 +181,9 @@ ifdef(`targeted_policy',`
 		logging_read_audit_log(secadm_t)
 		logging_run_auditctl(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
 		userdom_dontaudit_append_staff_home_content_files(secadm_t)
+		files_relabel_all_files(secadm_t)
+		auth_relabel_shadow(secadm_t)
 	', `
-		logging_domtrans_auditctl(sysadm_t)
 		logging_read_audit_log(sysadm_t)
 		logging_run_auditctl(sysadm_t,sysadm_r,admin_terminal)
 	')