diff --git a/policy-F15.patch b/policy-F15.patch
index e8e3b9b..06da897 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -220,18 +220,35 @@ index 90d5203..1392679 100644
##
##
diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
-index 453834c..5ff732d 100644
+index 453834c..9d83d66 100644
--- a/policy/modules/admin/alsa.te
+++ b/policy/modules/admin/alsa.te
-@@ -11,7 +11,7 @@ init_system_domain(alsa_t, alsa_exec_t)
+@@ -11,7 +11,10 @@ init_system_domain(alsa_t, alsa_exec_t)
role system_r types alsa_t;
type alsa_etc_rw_t;
-files_type(alsa_etc_rw_t)
+files_config_file(alsa_etc_rw_t)
++
++type alsa_tmp_t;
++files_tmp_file(alsa_tmp_t)
type alsa_var_lib_t;
files_type(alsa_var_lib_t)
+@@ -39,6 +42,13 @@ files_etc_filetrans(alsa_t, alsa_etc_rw_t, file)
+
+ can_exec(alsa_t, alsa_exec_t)
+
++manage_dirs_pattern(alsa_t, alsa_tmp_t, alsa_tmp_t)
++manage_files_pattern(alsa_t, alsa_tmp_t, alsa_tmp_t)
++files_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
++userdom_user_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
++userdom_dontaudit_setattr_user_tmp(alsa_t)
++
++
+ manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
+ manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
+ files_search_var_lib(alsa_t)
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
index f76ed8a..9a9526a 100644
--- a/policy/modules/admin/anaconda.te
@@ -347,7 +364,7 @@ index a2e9cb5..b2de42c 100644
optional_policy(`
apache_exec_modules(certwatch_t)
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
-index 66fee7d..9191e32 100644
+index 66fee7d..1d231b8 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -79,16 +79,18 @@ optional_policy(`
@@ -355,7 +372,7 @@ index 66fee7d..9191e32 100644
optional_policy(`
+ devicekit_dontaudit_read_pid_files(consoletype_t)
-+ devicekit_dontaudit_write_log(consoletype_t)
++ devicekit_dontaudit_rw_log(consoletype_t)
+')
+
+optional_policy(`
@@ -4165,7 +4182,7 @@ index 9a6d67d..b0c1197 100644
## mozilla over dbus.
##
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index cbf4bec..9826f66 100644
+index cbf4bec..1aa992d 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -7,7 +7,7 @@ policy_module(mozilla, 2.2.2)
@@ -4247,7 +4264,7 @@ index cbf4bec..9826f66 100644
pulseaudio_exec(mozilla_t)
pulseaudio_stream_connect(mozilla_t)
pulseaudio_manage_home_files(mozilla_t)
-@@ -266,3 +291,144 @@ optional_policy(`
+@@ -266,3 +291,145 @@ optional_policy(`
optional_policy(`
thunderbird_domtrans(mozilla_t)
')
@@ -4375,6 +4392,7 @@ index cbf4bec..9826f66 100644
+ nsplugin_manage_home_dirs(mozilla_plugin_t)
+ nsplugin_manage_home_files(mozilla_plugin_t)
+ nsplugin_user_home_dir_filetrans(mozilla_plugin_t, dir)
++ nsplugin_user_home_filetrans(mozilla_plugin_t, file)
+ nsplugin_signal(mozilla_plugin_t)
+')
+
@@ -4495,10 +4513,10 @@ index 0000000..717eb3f
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --git a/policy/modules/apps/nsplugin.if b/policy/modules/apps/nsplugin.if
new file mode 100644
-index 0000000..c06e99e
+index 0000000..4f9cb05
--- /dev/null
+++ b/policy/modules/apps/nsplugin.if
-@@ -0,0 +1,455 @@
+@@ -0,0 +1,480 @@
+
+## policy for nsplugin
+
@@ -4933,7 +4951,32 @@ index 0000000..c06e99e
+ type nsplugin_home_t;
+ ')
+
-+ userdom_user_home_content_filetrans($1, nsplugin_home_t, $2)
++ userdom_user_home_dir_filetrans($1, nsplugin_home_t, $2)
++')
++
++#######################################
++##
++## Create objects in a user home directory
++## with an automatic type transition to
++## the nsplugin home file type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## The class of the object to be created.
++##
++##
++#
++interface(`nsplugin_user_home_filetrans',`
++ gen_require(`
++ type nsplugin_home_t;
++ ')
++
++ userdom_user_home_content_filetrans($1, nsplugin_home_t, $2)
+')
+
+########################################
@@ -15986,10 +16029,10 @@ index 0000000..fa9b95a
+')
diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
new file mode 100644
-index 0000000..4bc3f06
+index 0000000..3b58d07
--- /dev/null
+++ b/policy/modules/services/boinc.te
-@@ -0,0 +1,167 @@
+@@ -0,0 +1,169 @@
+policy_module(boinc, 1.0.0)
+
+########################################
@@ -16110,7 +16153,7 @@ index 0000000..4bc3f06
+domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t)
+allow boinc_t boinc_project_t:process sigkill;
+
-+allow boinc_project_t self:process { ptrace setsched signal signull sigkill sigstop };
++allow boinc_project_t self:process { ptrace setpgid setsched signal signull sigkill sigstop };
+allow boinc_project_t self:process { execmem execstack };
+
+allow boinc_project_t self:fifo_file rw_fifo_file_perms;
@@ -16150,6 +16193,8 @@ index 0000000..4bc3f06
+dev_rw_xserver_misc(boinc_project_t)
+
+files_read_etc_files(boinc_project_t)
++files_read_etc_runtime_files(boinc_project_t)
++files_read_usr_files(boinc_project_t)
+
+miscfiles_read_fonts(boinc_project_t)
+miscfiles_read_localization(boinc_project_t)
@@ -17119,7 +17164,7 @@ index 1f11572..7f6a7ab 100644
')
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
-index 8c36027..532fa91 100644
+index 8c36027..28863a5 100644
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -1,9 +1,9 @@
@@ -17226,7 +17271,11 @@ index 8c36027..532fa91 100644
########################################
#
# clamscam local policy
-@@ -251,6 +266,7 @@ corenet_tcp_sendrecv_clamd_port(clamscan_t)
+@@ -248,9 +263,11 @@ corenet_tcp_sendrecv_generic_if(clamscan_t)
+ corenet_tcp_sendrecv_generic_node(clamscan_t)
+ corenet_tcp_sendrecv_all_ports(clamscan_t)
+ corenet_tcp_sendrecv_clamd_port(clamscan_t)
++corenet_tcp_bind_generic_node(clamscan_t)
corenet_tcp_connect_clamd_port(clamscan_t)
kernel_read_kernel_sysctls(clamscan_t)
@@ -17234,6 +17283,16 @@ index 8c36027..532fa91 100644
files_read_etc_files(clamscan_t)
files_read_etc_runtime_files(clamscan_t)
+@@ -265,6 +282,9 @@ miscfiles_read_public_files(clamscan_t)
+ clamav_stream_connect(clamscan_t)
+
+ mta_send_mail(clamscan_t)
++mta_read_queue(clamscan_t)
++
++sysnet_read_config(clamscan_t)
+
+ optional_policy(`
+ amavis_read_spool_files(clamscan_t)
diff --git a/policy/modules/services/clogd.if b/policy/modules/services/clogd.if
index c0a66a4..e438c5f 100644
--- a/policy/modules/services/clogd.if
@@ -19737,7 +19796,7 @@ index 418a5a0..28d9e41 100644
/var/run/udisks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
/var/run/upower(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
diff --git a/policy/modules/services/devicekit.if b/policy/modules/services/devicekit.if
-index f706b99..4b3d7f7 100644
+index f706b99..6149a45 100644
--- a/policy/modules/services/devicekit.if
+++ b/policy/modules/services/devicekit.if
@@ -5,9 +5,9 @@
@@ -19752,7 +19811,7 @@ index f706b99..4b3d7f7 100644
##
#
interface(`devicekit_domtrans',`
-@@ -118,6 +118,63 @@ interface(`devicekit_dbus_chat_power',`
+@@ -118,6 +118,82 @@ interface(`devicekit_dbus_chat_power',`
allow devicekit_power_t $1:dbus send_msg;
')
@@ -19794,6 +19853,25 @@ index f706b99..4b3d7f7 100644
+ dontaudit $1 devicekit_var_log_t:file { write };
+')
+
++######################################
++##
++## Do not audit attempts to read and write the devicekit
++## log files.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`devicekit_dontaudit_rw_log',`
++ gen_require(`
++ type devicekit_var_log_t;
++ ')
++
++ dontaudit $1 devicekit_var_log_t:file rw_inherited_file_perms;
++')
++
+########################################
+##
+## Allow the domain to read devicekit_power state files in /proc.
@@ -19816,7 +19894,7 @@ index f706b99..4b3d7f7 100644
########################################
##
## Read devicekit PID files.
-@@ -139,22 +196,52 @@ interface(`devicekit_read_pid_files',`
+@@ -139,22 +215,52 @@ interface(`devicekit_read_pid_files',`
########################################
##
@@ -19876,7 +19954,7 @@ index f706b99..4b3d7f7 100644
##
##
##
-@@ -165,21 +252,22 @@ interface(`devicekit_admin',`
+@@ -165,21 +271,22 @@ interface(`devicekit_admin',`
type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t;
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d0fa960..1b91150 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.10
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,11 @@ exit 0
%endif
%changelog
+* Fri Dec 10 2010 Miroslav Grepl 3.9.9-10
+- Fixes for clamscan and boinc policy
+- Add boinc_project_t setpgid
+- Allow alsa to create tmp files in /tmp
+
* Tue Dec 7 2010 Miroslav Grepl 3.9.9-9
- Push fixes to allow disabling of unlabeled_t packet access
- Enable unlabelednet policy