diff --git a/booleans-strict.conf b/booleans-strict.conf
index 32deb34..ba35ade 100644
--- a/booleans-strict.conf
+++ b/booleans-strict.conf
@@ -218,3 +218,7 @@ allow_ptrace = false
## Control users use of ping and traceroute
user_ping = true
+
+# Allow unlabeled packets to flow
+#
+allow_unlabeled_packets = true
diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index b815e14..b3432a1 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -1,6 +1,6 @@
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
#
-allow_execmem = false
+allow_execmem = true
# Allow making a modified private filemapping executable (text relocation).
#
@@ -8,7 +8,7 @@ allow_execmod = false
# Allow making the stack executable via mprotect.Also requires allow_execmem.
#
-allow_execstack = false
+allow_execstack = true
# Allow ftpd to read cifs directories.
#
@@ -229,3 +229,7 @@ allow_daemons_dump_core = true
# Allow mount command to mounton any directory
#
allow_mounton_anydir = true
+
+# Allow unlabeled packets to flow
+#
+allow_unlabeled_packets = true
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 62f0116..c6829fd 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -16,12 +16,12 @@
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.4.6
-Release: 21%{?dist}
+Version: 2.5.1
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
-patch: policy-20061106.patch
+patch: policy-20070102.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@@ -33,6 +33,9 @@ Source9: modules-strict.conf
Source10: booleans-strict.conf
Source12: setrans-strict.conf
Source13: policygentool
+Source14: securetty_contexts-targeted
+Source15: securetty_contexts-mls
+Source16: securetty_contexts-strict
Url: http://serefpolicy.sourceforge.net
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -99,6 +102,7 @@ touch %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \
touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
+install -m0644 ${RPM_SOURCE_DIR}/securetty_contexts-%1 %{buildroot}%{_sysconfdir}/selinux/%1/contexts/securetty_contexts \
install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \
ln -sf ../devel/include %{buildroot}%{_usr}/share/selinux/%1 \
%nil
@@ -120,6 +124,7 @@ ln -sf ../devel/include %{buildroot}%{_usr}/share/selinux/%1 \
%ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
%dir %{_sysconfdir}/selinux/%1/contexts \
%config %{_sysconfdir}/selinux/%1/contexts/customizable_types \
+%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/securetty_contexts \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \
%config %{_sysconfdir}/selinux/%1/contexts/default_contexts \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \
@@ -160,6 +165,7 @@ fi;
%description
SELinux Reference Policy - modular.
+Based off of reference policy: Checked out revision 2175.
%prep
%setup -q -n serefpolicy-%{version}
@@ -351,6 +357,23 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
%endif
%changelog
+* Mon Jan 8 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-1
+- Allow prelink when run from rpm to create tmp files
+Resolves: #221865
+- Remove file_context for exportfs
+Resolves: #221181
+- Allow spamassassin to create ~/.spamassissin
+Resolves: #203290
+- Allow ssh access to the krb tickets
+- Allow sshd to change passwd
+- Stop newrole -l from working on non securetty
+Resolves: #200110
+
+
+* Wed Jan 3 2007 Dan Walsh <dwalsh@redhat.com> 2.4.6-22
+- Fixes to run prelink in MLS machine
+Resolves: #221233
+
* Tue Jan 29 2007 Dan Walsh <dwalsh@redhat.com> 2.4.6-21
- Allow spamassassin to read var_lib_t dir
Resolves: #219234