diff --git a/policy-F15.patch b/policy-F15.patch
index e8e3b9b..06da897 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -220,18 +220,35 @@ index 90d5203..1392679 100644
  ## </summary>
  ## <param name="domain">
 diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
-index 453834c..5ff732d 100644
+index 453834c..9d83d66 100644
 --- a/policy/modules/admin/alsa.te
 +++ b/policy/modules/admin/alsa.te
-@@ -11,7 +11,7 @@ init_system_domain(alsa_t, alsa_exec_t)
+@@ -11,7 +11,10 @@ init_system_domain(alsa_t, alsa_exec_t)
  role system_r types alsa_t;
  
  type alsa_etc_rw_t;
 -files_type(alsa_etc_rw_t)
 +files_config_file(alsa_etc_rw_t)
++
++type alsa_tmp_t;
++files_tmp_file(alsa_tmp_t)
  
  type alsa_var_lib_t;
  files_type(alsa_var_lib_t)
+@@ -39,6 +42,13 @@ files_etc_filetrans(alsa_t, alsa_etc_rw_t, file)
+ 
+ can_exec(alsa_t, alsa_exec_t)
+ 
++manage_dirs_pattern(alsa_t, alsa_tmp_t, alsa_tmp_t)
++manage_files_pattern(alsa_t, alsa_tmp_t, alsa_tmp_t)
++files_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
++userdom_user_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
++userdom_dontaudit_setattr_user_tmp(alsa_t)
++
++
+ manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
+ manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
+ files_search_var_lib(alsa_t)
 diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
 index f76ed8a..9a9526a 100644
 --- a/policy/modules/admin/anaconda.te
@@ -347,7 +364,7 @@ index a2e9cb5..b2de42c 100644
  optional_policy(`
  	apache_exec_modules(certwatch_t)
 diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
-index 66fee7d..9191e32 100644
+index 66fee7d..1d231b8 100644
 --- a/policy/modules/admin/consoletype.te
 +++ b/policy/modules/admin/consoletype.te
 @@ -79,16 +79,18 @@ optional_policy(`
@@ -355,7 +372,7 @@ index 66fee7d..9191e32 100644
  
  optional_policy(`
 +	devicekit_dontaudit_read_pid_files(consoletype_t)
-+	devicekit_dontaudit_write_log(consoletype_t)
++	devicekit_dontaudit_rw_log(consoletype_t)
 +')
 +
 +optional_policy(`
@@ -4165,7 +4182,7 @@ index 9a6d67d..b0c1197 100644
  ##	mozilla over dbus.
  ## </summary>
 diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index cbf4bec..9826f66 100644
+index cbf4bec..1aa992d 100644
 --- a/policy/modules/apps/mozilla.te
 +++ b/policy/modules/apps/mozilla.te
 @@ -7,7 +7,7 @@ policy_module(mozilla, 2.2.2)
@@ -4247,7 +4264,7 @@ index cbf4bec..9826f66 100644
  	pulseaudio_exec(mozilla_t)
  	pulseaudio_stream_connect(mozilla_t)
  	pulseaudio_manage_home_files(mozilla_t)
-@@ -266,3 +291,144 @@ optional_policy(`
+@@ -266,3 +291,145 @@ optional_policy(`
  optional_policy(`
  	thunderbird_domtrans(mozilla_t)
  ')
@@ -4375,6 +4392,7 @@ index cbf4bec..9826f66 100644
 +	nsplugin_manage_home_dirs(mozilla_plugin_t)
 +	nsplugin_manage_home_files(mozilla_plugin_t)
 +	nsplugin_user_home_dir_filetrans(mozilla_plugin_t, dir)
++	nsplugin_user_home_filetrans(mozilla_plugin_t, file)
 +	nsplugin_signal(mozilla_plugin_t)
 +')
 +
@@ -4495,10 +4513,10 @@ index 0000000..717eb3f
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff --git a/policy/modules/apps/nsplugin.if b/policy/modules/apps/nsplugin.if
 new file mode 100644
-index 0000000..c06e99e
+index 0000000..4f9cb05
 --- /dev/null
 +++ b/policy/modules/apps/nsplugin.if
-@@ -0,0 +1,455 @@
+@@ -0,0 +1,480 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@@ -4933,7 +4951,32 @@ index 0000000..c06e99e
 +		type nsplugin_home_t;
 +	')
 +
-+	userdom_user_home_content_filetrans($1, nsplugin_home_t,  $2)
++	userdom_user_home_dir_filetrans($1, nsplugin_home_t, $2)
++')
++
++#######################################
++## <summary>
++##  Create objects in a user home directory
++##  with an automatic type transition to
++##  the nsplugin home file type.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++## <param name="object_class">
++##  <summary>
++##  The class of the object to be created.
++##  </summary>
++## </param>
++#
++interface(`nsplugin_user_home_filetrans',`
++    gen_require(`
++        type nsplugin_home_t;
++    ')
++
++    userdom_user_home_content_filetrans($1, nsplugin_home_t, $2)
 +')
 +
 +########################################
@@ -15986,10 +16029,10 @@ index 0000000..fa9b95a
 +')
 diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
 new file mode 100644
-index 0000000..4bc3f06
+index 0000000..3b58d07
 --- /dev/null
 +++ b/policy/modules/services/boinc.te
-@@ -0,0 +1,167 @@
+@@ -0,0 +1,169 @@
 +policy_module(boinc, 1.0.0)
 +
 +########################################
@@ -16110,7 +16153,7 @@ index 0000000..4bc3f06
 +domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t)
 +allow boinc_t boinc_project_t:process sigkill;
 +
-+allow boinc_project_t self:process { ptrace setsched signal signull sigkill sigstop };
++allow boinc_project_t self:process { ptrace setpgid setsched signal signull sigkill sigstop };
 +allow boinc_project_t self:process { execmem execstack };
 +
 +allow boinc_project_t self:fifo_file rw_fifo_file_perms;
@@ -16150,6 +16193,8 @@ index 0000000..4bc3f06
 +dev_rw_xserver_misc(boinc_project_t)
 +
 +files_read_etc_files(boinc_project_t)
++files_read_etc_runtime_files(boinc_project_t)
++files_read_usr_files(boinc_project_t)
 +
 +miscfiles_read_fonts(boinc_project_t)
 +miscfiles_read_localization(boinc_project_t)
@@ -17119,7 +17164,7 @@ index 1f11572..7f6a7ab 100644
  	')
  
 diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
-index 8c36027..532fa91 100644
+index 8c36027..28863a5 100644
 --- a/policy/modules/services/clamav.te
 +++ b/policy/modules/services/clamav.te
 @@ -1,9 +1,9 @@
@@ -17226,7 +17271,11 @@ index 8c36027..532fa91 100644
  ########################################
  #
  # clamscam local policy
-@@ -251,6 +266,7 @@ corenet_tcp_sendrecv_clamd_port(clamscan_t)
+@@ -248,9 +263,11 @@ corenet_tcp_sendrecv_generic_if(clamscan_t)
+ corenet_tcp_sendrecv_generic_node(clamscan_t)
+ corenet_tcp_sendrecv_all_ports(clamscan_t)
+ corenet_tcp_sendrecv_clamd_port(clamscan_t)
++corenet_tcp_bind_generic_node(clamscan_t)
  corenet_tcp_connect_clamd_port(clamscan_t)
  
  kernel_read_kernel_sysctls(clamscan_t)
@@ -17234,6 +17283,16 @@ index 8c36027..532fa91 100644
  
  files_read_etc_files(clamscan_t)
  files_read_etc_runtime_files(clamscan_t)
+@@ -265,6 +282,9 @@ miscfiles_read_public_files(clamscan_t)
+ clamav_stream_connect(clamscan_t)
+ 
+ mta_send_mail(clamscan_t)
++mta_read_queue(clamscan_t)
++
++sysnet_read_config(clamscan_t)
+ 
+ optional_policy(`
+ 	amavis_read_spool_files(clamscan_t)
 diff --git a/policy/modules/services/clogd.if b/policy/modules/services/clogd.if
 index c0a66a4..e438c5f 100644
 --- a/policy/modules/services/clogd.if
@@ -19737,7 +19796,7 @@ index 418a5a0..28d9e41 100644
  /var/run/udisks(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
  /var/run/upower(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
 diff --git a/policy/modules/services/devicekit.if b/policy/modules/services/devicekit.if
-index f706b99..4b3d7f7 100644
+index f706b99..6149a45 100644
 --- a/policy/modules/services/devicekit.if
 +++ b/policy/modules/services/devicekit.if
 @@ -5,9 +5,9 @@
@@ -19752,7 +19811,7 @@ index f706b99..4b3d7f7 100644
  ## </param>
  #
  interface(`devicekit_domtrans',`
-@@ -118,6 +118,63 @@ interface(`devicekit_dbus_chat_power',`
+@@ -118,6 +118,82 @@ interface(`devicekit_dbus_chat_power',`
  	allow devicekit_power_t $1:dbus send_msg;
  ')
  
@@ -19794,6 +19853,25 @@ index f706b99..4b3d7f7 100644
 +	dontaudit $1 devicekit_var_log_t:file { write };
 +')
 +
++######################################
++## <summary>
++##  Do not audit attempts to read and write the devicekit
++##  log files.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain to not audit.
++##  </summary>
++## </param>
++#
++interface(`devicekit_dontaudit_rw_log',`
++    gen_require(`
++        type devicekit_var_log_t;
++    ')
++
++    dontaudit $1 devicekit_var_log_t:file rw_inherited_file_perms;
++')
++
 +########################################
 +## <summary>
 +##	Allow the domain to read devicekit_power state files in /proc.
@@ -19816,7 +19894,7 @@ index f706b99..4b3d7f7 100644
  ########################################
  ## <summary>
  ##	Read devicekit PID files.
-@@ -139,22 +196,52 @@ interface(`devicekit_read_pid_files',`
+@@ -139,22 +215,52 @@ interface(`devicekit_read_pid_files',`
  
  ########################################
  ## <summary>
@@ -19876,7 +19954,7 @@ index f706b99..4b3d7f7 100644
  ##	</summary>
  ## </param>
  ## <rolecap/>
-@@ -165,21 +252,22 @@ interface(`devicekit_admin',`
+@@ -165,21 +271,22 @@ interface(`devicekit_admin',`
  		type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t;
  	')
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d0fa960..1b91150 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.9.10
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,11 @@ exit 0
 %endif
 
 %changelog
+* Fri Dec 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-10
+- Fixes for clamscan and boinc policy
+- Add boinc_project_t setpgid
+- Allow alsa to create tmp files in /tmp
+
 * Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-9
 - Push fixes to allow disabling of unlabeled_t packet access
 - Enable unlabelednet policy