diff --git a/policy-F12.patch b/policy-F12.patch
index 50bc00f..1c7923e 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -2833,8 +2833,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.21/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.21/policy/modules/apps/mozilla.if 2009-07-01 10:43:35.000000000 -0400
-@@ -64,6 +64,7 @@
++++ serefpolicy-3.6.21/policy/modules/apps/mozilla.if 2009-07-08 11:19:59.000000000 -0400
+@@ -45,6 +45,18 @@
+ relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
+ relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
+ relabel_lnk_files_pattern($2, mozilla_home_t, mozilla_home_t)
++
++ mozilla_dbus_chat($2)
++
++ userdom_manage_tmp_role($1, mozilla_t)
++
++ optional_policy(`
++ nsplugin_role($1, mozilla_t)
++ ')
++
++ optional_policy(`
++ pulseaudio_role($1, mozilla_t)
++ ')
+ ')
+
+ ########################################
+@@ -64,6 +76,7 @@
allow $1 mozilla_home_t:dir list_dir_perms;
allow $1 mozilla_home_t:file read_file_perms;
@@ -2842,7 +2861,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_search_user_home_dirs($1)
')
-@@ -83,7 +84,7 @@
+@@ -83,7 +96,7 @@
')
allow $1 mozilla_home_t:dir list_dir_perms;
@@ -2853,8 +2872,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.21/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.21/policy/modules/apps/mozilla.te 2009-07-01 10:43:35.000000000 -0400
-@@ -105,6 +105,7 @@
++++ serefpolicy-3.6.21/policy/modules/apps/mozilla.te 2009-07-08 11:32:50.000000000 -0400
+@@ -59,6 +59,7 @@
+ manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
+ manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
+ userdom_search_user_home_dirs(mozilla_t)
++userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
+
+ # Mozpluggerrc
+ allow mozilla_t mozilla_conf_t:file read_file_perms;
+@@ -97,6 +98,7 @@
+ corenet_tcp_connect_ftp_port(mozilla_t)
+ corenet_tcp_connect_ipp_port(mozilla_t)
+ corenet_tcp_connect_generic_port(mozilla_t)
++corenet_tcp_connect_soundd_port(mozilla_t)
+ corenet_sendrecv_http_client_packets(mozilla_t)
+ corenet_sendrecv_http_cache_client_packets(mozilla_t)
+ corenet_sendrecv_ftp_client_packets(mozilla_t)
+@@ -105,6 +107,7 @@
# Should not need other ports
corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
@@ -2862,7 +2897,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_urand(mozilla_t)
dev_read_rand(mozilla_t)
-@@ -128,6 +129,7 @@
+@@ -113,6 +116,8 @@
+ dev_dontaudit_rw_dri(mozilla_t)
+ dev_getattr_sysfs_dirs(mozilla_t)
+
++domain_dontaudit_read_all_domains_state(mozilla_t)
++
+ files_read_etc_runtime_files(mozilla_t)
+ files_read_usr_files(mozilla_t)
+ files_read_etc_files(mozilla_t)
+@@ -128,6 +133,7 @@
fs_rw_tmpfs_files(mozilla_t)
term_dontaudit_getattr_pty_dirs(mozilla_t)
@@ -2870,15 +2914,28 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg(mozilla_t)
-@@ -143,6 +145,7 @@
- userdom_manage_user_tmp_dirs(mozilla_t)
- userdom_manage_user_tmp_files(mozilla_t)
- userdom_manage_user_tmp_sockets(mozilla_t)
+@@ -137,12 +143,7 @@
+ # Browse the web, connect to printer
+ sysnet_dns_name_resolve(mozilla_t)
+
+-userdom_manage_user_home_content_dirs(mozilla_t)
+-userdom_manage_user_home_content_files(mozilla_t)
+-userdom_manage_user_home_content_symlinks(mozilla_t)
+-userdom_manage_user_tmp_dirs(mozilla_t)
+-userdom_manage_user_tmp_files(mozilla_t)
+-userdom_manage_user_tmp_sockets(mozilla_t)
+userdom_use_user_ptys(mozilla_t)
xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
-@@ -243,6 +246,8 @@
+@@ -239,10 +240,15 @@
+ optional_policy(`
+ dbus_system_bus_client(mozilla_t)
+ dbus_session_bus_client(mozilla_t)
++ optional_policy(`
++ networkmanager_dbus_chat(mozilla_t)
++ ')
+ ')
optional_policy(`
gnome_stream_connect_gconf(mozilla_t)
@@ -2887,7 +2944,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -263,5 +268,10 @@
+@@ -263,5 +269,10 @@
')
optional_policy(`
@@ -2916,7 +2973,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.21/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.21/policy/modules/apps/nsplugin.if 2009-07-06 15:10:59.000000000 -0400
++++ serefpolicy-3.6.21/policy/modules/apps/nsplugin.if 2009-07-08 10:43:18.000000000 -0400
@@ -0,0 +1,313 @@
+
+## policy for nsplugin
@@ -3784,7 +3841,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.21/policy/modules/apps/pulseaudio.if
--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.21/policy/modules/apps/pulseaudio.if 2009-07-01 10:43:35.000000000 -0400
++++ serefpolicy-3.6.21/policy/modules/apps/pulseaudio.if 2009-07-08 10:50:31.000000000 -0400
@@ -0,0 +1,148 @@
+
+## policy for pulseaudio
@@ -8612,8 +8669,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_manage_user_home_content_files(webadm_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.21/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.21/policy/modules/roles/xguest.te 2009-07-01 10:43:35.000000000 -0400
-@@ -67,7 +67,11 @@
++++ serefpolicy-3.6.21/policy/modules/roles/xguest.te 2009-07-08 11:32:12.000000000 -0400
+@@ -36,11 +36,17 @@
+ # Local policy
+ #
+
++# Dontaudit fusermount
++dontaudit xguest_t self:capability sys_admin;
++
+ # Allow mounting of file systems
+ optional_policy(`
+ tunable_policy(`xguest_mount_media',`
+ kernel_read_fs_sysctls(xguest_t)
+
++ # allow fusermount
++ allow xguest_t self:capability sys_admin;
++
+ files_dontaudit_getattr_boot_dirs(xguest_t)
+ files_search_mnt(xguest_t)
+
+@@ -67,7 +73,11 @@
')
optional_policy(`
@@ -8626,7 +8701,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -75,9 +79,13 @@
+@@ -75,9 +85,13 @@
')
optional_policy(`
@@ -10209,15 +10284,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.6.21/policy/modules/services/apm.te
--- nsaserefpolicy/policy/modules/services/apm.te 2009-06-26 13:59:19.000000000 -0400
-+++ serefpolicy-3.6.21/policy/modules/services/apm.te 2009-07-01 10:43:35.000000000 -0400
-@@ -39,6 +39,7 @@
- #
-
- allow apm_t self:capability { dac_override sys_admin };
-+dontaudit apm_t self:capability sys_ptrace;
-
- kernel_read_system_state(apm_t)
-
++++ serefpolicy-3.6.21/policy/modules/services/apm.te 2009-07-08 10:40:06.000000000 -0400
+@@ -60,7 +60,7 @@
+ # mknod: controlling an orderly resume of PCMCIA requires creating device
+ # nodes 254,{0,1,2} for some reason.
+ allow apmd_t self:capability { sys_admin sys_nice sys_time kill mknod };
+-dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_tty_config };
++dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_ptrace sys_tty_config };
+ allow apmd_t self:process { signal_perms getsession };
+ allow apmd_t self:fifo_file rw_fifo_file_perms;
+ allow apmd_t self:unix_dgram_socket create_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.6.21/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2008-10-14 11:58:09.000000000 -0400
+++ serefpolicy-3.6.21/policy/modules/services/automount.if 2009-07-01 10:43:35.000000000 -0400
@@ -17486,7 +17562,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.21/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2009-06-26 13:59:19.000000000 -0400
-+++ serefpolicy-3.6.21/policy/modules/services/postgresql.te 2009-07-01 10:43:36.000000000 -0400
++++ serefpolicy-3.6.21/policy/modules/services/postgresql.te 2009-07-07 16:27:00.000000000 -0400
@@ -32,6 +32,9 @@
type postgresql_etc_t;
files_config_file(postgresql_etc_t)
@@ -17517,6 +17593,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_sendrecv_postgresql_server_packets(postgresql_t)
corenet_sendrecv_auth_client_packets(postgresql_t)
+@@ -247,6 +253,7 @@
+ init_read_utmp(postgresql_t)
+
+ logging_send_syslog_msg(postgresql_t)
++logging_send_audit_msgs(postgresql_t)
+
+ miscfiles_read_localization(postgresql_t)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.21/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-09-11 11:28:34.000000000 -0400
+++ serefpolicy-3.6.21/policy/modules/services/ppp.fc 2009-07-01 10:43:36.000000000 -0400
@@ -19565,7 +19649,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.21/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.21/policy/modules/services/sendmail.te 2009-07-01 10:43:36.000000000 -0400
++++ serefpolicy-3.6.21/policy/modules/services/sendmail.te 2009-07-07 17:16:43.000000000 -0400
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -19732,7 +19816,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
+ mta_etc_filetrans_aliases(unconfined_sendmail_t)
-+ unconfined_domain(unconfined_sendmail_t)
++ unconfined_domain_noaudit(unconfined_sendmail_t)
+')
-dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
@@ -22746,7 +22830,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.21/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-06-26 13:59:19.000000000 -0400
-+++ serefpolicy-3.6.21/policy/modules/services/xserver.te 2009-07-07 15:47:58.000000000 -0400
++++ serefpolicy-3.6.21/policy/modules/services/xserver.te 2009-07-08 10:50:38.000000000 -0400
@@ -34,6 +34,13 @@
##
@@ -23173,7 +23257,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
hostname_exec(xdm_t)
')
-@@ -542,6 +650,28 @@
+@@ -542,6 +650,29 @@
')
optional_policy(`
@@ -23185,6 +23269,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
+ pulseaudio_exec(xdm_t)
++ pulseaudio_dbus_chat(xdm_t)
+')
+
+# On crash gdm execs gdb to dump stack
@@ -23202,7 +23287,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(xdm_t)
')
-@@ -550,8 +680,9 @@
+@@ -550,8 +681,9 @@
')
optional_policy(`
@@ -23214,7 +23299,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
-@@ -560,7 +691,6 @@
+@@ -560,7 +692,6 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
')
@@ -23222,7 +23307,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
userhelper_dontaudit_search_config(xdm_t)
-@@ -571,6 +701,10 @@
+@@ -571,6 +702,10 @@
')
optional_policy(`
@@ -23233,7 +23318,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xfs_stream_connect(xdm_t)
')
-@@ -587,7 +721,7 @@
+@@ -587,7 +722,7 @@
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -23242,7 +23327,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dontaudit xserver_t self:capability chown;
allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow xserver_t self:memprotect mmap_zero;
-@@ -602,9 +736,11 @@
+@@ -602,9 +737,11 @@
allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xserver_t self:tcp_socket create_stream_socket_perms;
allow xserver_t self:udp_socket create_socket_perms;
@@ -23254,7 +23339,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow xserver_t { input_xevent_t input_xevent_type }:x_event send;
-@@ -616,13 +752,14 @@
+@@ -616,13 +753,14 @@
type_transition xserver_t xserver_t:{ x_drawable x_colormap } rootwindow_t;
allow xserver_t { rootwindow_t x_domain }:x_drawable send;
@@ -23270,7 +23355,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-@@ -635,9 +772,19 @@
+@@ -635,9 +773,19 @@
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
@@ -23290,7 +23375,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
-@@ -680,9 +827,14 @@
+@@ -680,9 +828,14 @@
dev_rw_xserver_misc(xserver_t)
# read events - the synaptics touchpad driver reads raw events
dev_rw_input_dev(xserver_t)
@@ -23305,7 +23390,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(xserver_t)
files_read_etc_runtime_files(xserver_t)
-@@ -697,8 +849,12 @@
+@@ -697,8 +850,12 @@
fs_search_nfs(xserver_t)
fs_search_auto_mountpoints(xserver_t)
fs_search_ramfs(xserver_t)
@@ -23318,7 +23403,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
selinux_validate_context(xserver_t)
selinux_compute_access_vector(xserver_t)
-@@ -720,6 +876,7 @@
+@@ -720,6 +877,7 @@
miscfiles_read_localization(xserver_t)
miscfiles_read_fonts(xserver_t)
@@ -23326,7 +23411,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
modutils_domtrans_insmod(xserver_t)
-@@ -742,7 +899,7 @@
+@@ -742,7 +900,7 @@
')
ifdef(`enable_mls',`
@@ -23335,7 +23420,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
')
-@@ -774,12 +931,20 @@
+@@ -774,12 +932,20 @@
')
optional_policy(`
@@ -23357,7 +23442,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_domtrans(xserver_t)
')
-@@ -806,7 +971,7 @@
+@@ -806,7 +972,7 @@
allow xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xserver_t xdm_var_lib_t:dir search;
@@ -23366,7 +23451,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Label pid and temporary files with derived types.
manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -827,9 +992,14 @@
+@@ -827,9 +993,14 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -23381,7 +23466,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
fs_manage_nfs_files(xserver_t)
-@@ -844,11 +1014,14 @@
+@@ -844,11 +1015,14 @@
optional_policy(`
dbus_system_bus_client(xserver_t)
@@ -23397,7 +23482,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -856,6 +1029,11 @@
+@@ -856,6 +1030,11 @@
rhgb_rw_tmpfs_files(xserver_t)
')
@@ -23409,7 +23494,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Rules common to all X window domains
-@@ -881,6 +1059,8 @@
+@@ -881,6 +1060,8 @@
# X Server
# can read server-owned resources
allow x_domain xserver_t:x_resource read;
@@ -23418,7 +23503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# can mess with own clients
allow x_domain self:x_client { manage destroy };
-@@ -905,6 +1085,8 @@
+@@ -905,6 +1086,8 @@
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -23427,7 +23512,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# X Colormaps
# can use the default colormap
allow x_domain rootwindow_t:x_colormap { read use add_color };
-@@ -972,17 +1154,49 @@
+@@ -972,17 +1155,49 @@
allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
@@ -27864,7 +27949,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.21/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-06-26 13:59:21.000000000 -0400
-+++ serefpolicy-3.6.21/policy/modules/system/userdomain.if 2009-07-01 10:43:36.000000000 -0400
++++ serefpolicy-3.6.21/policy/modules/system/userdomain.if 2009-07-08 11:19:36.000000000 -0400
@@ -30,8 +30,9 @@
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2d0e05c..cd84301 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.21
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -475,6 +475,9 @@ exit 0
%endif
%changelog
+* Wed Jul 8 2009 Dan Walsh 3.6.21-3
+- Fixes for xguest
+
* Tue Jul 7 2009 Tom "spot" Callaway 3.6.21-2
- fix multiple directory ownership of mandirs