diff --git a/policy-F16.patch b/policy-F16.patch
index 8c28a80..d891175 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -8580,10 +8580,10 @@ index 0000000..0fedd57
 +')
 diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
 new file mode 100644
-index 0000000..88efdca
+index 0000000..104b919
 --- /dev/null
 +++ b/policy/modules/apps/sandbox.te
-@@ -0,0 +1,479 @@
+@@ -0,0 +1,481 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
 +attribute sandbox_domain;
@@ -8778,6 +8778,7 @@ index 0000000..88efdca
 +manage_sock_files_pattern(sandbox_x_domain, sandbox_file_t, sandbox_file_t);
 +manage_fifo_files_pattern(sandbox_x_domain, sandbox_file_t, sandbox_file_t);
 +manage_lnk_files_pattern(sandbox_x_domain, sandbox_file_t, sandbox_file_t);
++dontaudit sandbox_x_domain sandbox_file_t:dir mounton;
 +
 +domain_dontaudit_read_all_domains_state(sandbox_x_domain)
 +
@@ -9019,6 +9020,7 @@ index 0000000..88efdca
 +')
 +
 +optional_policy(`
++	nsplugin_manage_rw(sandbox_web_type)
 +	nsplugin_read_rw_files(sandbox_web_type)
 +	nsplugin_rw_exec(sandbox_web_type)
 +')
@@ -10342,7 +10344,7 @@ index 223ad43..d400ef6 100644
  # Reading dotfiles...
  # cjp: ?
 diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 34c9d01..d0c0d02 100644
+index 34c9d01..0d54b2c 100644
 --- a/policy/modules/kernel/corecommands.fc
 +++ b/policy/modules/kernel/corecommands.fc
 @@ -72,7 +72,9 @@ ifdef(`distro_redhat',`
@@ -10395,7 +10397,7 @@ index 34c9d01..d0c0d02 100644
  #
  # /usr
  #
-@@ -196,47 +195,49 @@ ifdef(`distro_gentoo',`
+@@ -196,47 +195,50 @@ ifdef(`distro_gentoo',`
  /usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/qt.*/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/wicd/monitor\.py 	-- 	gen_context(system_u:object_r:bin_t, s0)
@@ -10441,6 +10443,7 @@ index 34c9d01..d0c0d02 100644
 -
 -/usr/lib(64)?/xen/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/chromium-browser/chrome   --  gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib/ConsoleKit/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -10486,7 +10489,7 @@ index 34c9d01..d0c0d02 100644
  
  /usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  /usr/libexec/git-core/git-shell	--	gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -244,9 +245,13 @@ ifdef(`distro_gentoo',`
+@@ -244,9 +246,13 @@ ifdef(`distro_gentoo',`
  
  /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
  
@@ -10501,7 +10504,7 @@ index 34c9d01..d0c0d02 100644
  /usr/local/linuxprinter/filters(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  
  /usr/sbin/scponlyc		--	gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -283,6 +288,7 @@ ifdef(`distro_gentoo',`
+@@ -283,6 +289,7 @@ ifdef(`distro_gentoo',`
  /usr/share/smolt/client(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/shorewall/compiler\.pl --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/shorewall/configpath	--	gen_context(system_u:object_r:bin_t,s0)
@@ -10509,7 +10512,7 @@ index 34c9d01..d0c0d02 100644
  /usr/share/shorewall-perl(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/shorewall-shell(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/shorewall-lite(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
-@@ -291,7 +297,7 @@ ifdef(`distro_gentoo',`
+@@ -291,7 +298,7 @@ ifdef(`distro_gentoo',`
  /usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/vhostmd/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  
@@ -10518,7 +10521,7 @@ index 34c9d01..d0c0d02 100644
  
  ifdef(`distro_gentoo', `
  /usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-@@ -304,9 +310,8 @@ ifdef(`distro_redhat', `
+@@ -304,9 +311,8 @@ ifdef(`distro_redhat', `
  /etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
  
  /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -10529,7 +10532,7 @@ index 34c9d01..d0c0d02 100644
  /usr/lib/vmware-tools/(s)?bin32(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/vmware-tools/(s)?bin64(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -316,9 +321,11 @@ ifdef(`distro_redhat', `
+@@ -316,9 +322,11 @@ ifdef(`distro_redhat', `
  /usr/share/clamav/clamd-gen	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/clamav/freshclam-sleep --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/createrepo(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -10541,7 +10544,7 @@ index 34c9d01..d0c0d02 100644
  /usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/pydict/pydict\.py	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -360,7 +367,7 @@ ifdef(`distro_redhat', `
+@@ -360,7 +368,7 @@ ifdef(`distro_redhat', `
  ifdef(`distro_suse', `
  /usr/lib/cron/run-crons		--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/samba/classic/.*	--	gen_context(system_u:object_r:bin_t,s0)
@@ -10550,7 +10553,7 @@ index 34c9d01..d0c0d02 100644
  /usr/share/apache2/[^/]*	--	gen_context(system_u:object_r:bin_t,s0)
  ')
  
-@@ -373,7 +380,6 @@ ifdef(`distro_suse', `
+@@ -373,7 +381,6 @@ ifdef(`distro_suse', `
  
  /var/lib/asterisk/agi-bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/yp/.+			--	gen_context(system_u:object_r:bin_t,s0)
@@ -10957,7 +10960,7 @@ index 6cf8784..5b25039 100644
 +#
 +/sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
 diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
-index e9313fb..255c5bb 100644
+index e9313fb..6db0863 100644
 --- a/policy/modules/kernel/devices.if
 +++ b/policy/modules/kernel/devices.if
 @@ -146,14 +146,33 @@ interface(`dev_relabel_all_dev_nodes',`
@@ -11112,6 +11115,15 @@ index e9313fb..255c5bb 100644
  ')
  
  ########################################
+@@ -920,7 +975,7 @@ interface(`dev_filetrans',`
+ 		type device_t;
+ 	')
+ 
+-	filetrans_pattern($1, device_t, $2, $3)
++	filetrans_pattern($1, device_t, $2, $3, $4)
+ 
+ 	dev_associate($2)
+ 	files_associate_tmp($2)
 @@ -1178,6 +1233,42 @@ interface(`dev_create_all_chr_files',`
  
  ########################################
@@ -11299,7 +11311,7 @@ index e9313fb..255c5bb 100644
  ##	Write to watchdog devices.
  ## </summary>
  ## <param name="domain">
-@@ -4748,3 +4874,22 @@ interface(`dev_unconfined',`
+@@ -4748,3 +4874,751 @@ interface(`dev_unconfined',`
  
  	typeattribute $1 devices_unconfined_type;
  ')
@@ -11322,6 +11334,735 @@ index e9313fb..255c5bb 100644
 +
 +	dontaudit $1 { device_t device_node }:dir_file_class_set getattr;
 +')
++
++########################################
++## <summary>
++##	Create all named devices with the correct label
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dev_filetrans_all_named_dev',`
++
++gen_require(`
++	type device_t;
++	type usb_device_t;
++	type xserver_misc_device_t;
++	type sound_device_t;
++	type apm_bios_t;
++	type mouse_device_t;
++	type autofs_device_t;
++	type lvm_control_t;
++	type crash_device_t;
++	type dlm_control_device_t;
++	type clock_device_t;
++	type v4l_device_t;
++	type event_device_t;
++	type xen_device_t;
++	type framebuf_device_t;
++	type null_device_t;
++	type random_device_t;
++	type dri_device_t;
++	type ipmi_device_t;
++	type printer_device_t;
++	type memory_device_t;
++	type kmsg_device_t;
++	type qemu_device_t;
++	type ksm_device_t;
++	type kvm_device_t;
++	type lirc_device_t;
++	type cpu_device_t;
++	type scanner_device_t;
++	type modem_device_t;
++	type vhost_device_t;
++	type netcontrol_device_t;
++	type nvram_device_t;
++	type power_device_t;
++	type wireless_device_t;
++	type tpm_device_t;
++	type userio_device_t;
++	type urandom_device_t;
++	type usbmon_device_t;
++	type vmware_device_t;
++	type watchdog_device_t;
++	type crypt_device_t;
++	type zero_device_t;
++	type smartcard_device_t;
++	type mtrr_device_t;
++')
++
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, 3dfx)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, aload9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer9)
++	filetrans_pattern($1, device_t, apm_bios_t, chr_file, apm_bios)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, atibm)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, audio9)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs0)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs1)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs2)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs3)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs4)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs5)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs6)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs7)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs8)
++	filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, beep)
++	filetrans_pattern($1, device_t, lvm_control_t, chr_file, btrfs-control)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, controlD64)
++	filetrans_pattern($1, device_t, crash_device_t, chr_file, crash)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm0)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm1)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm2)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm3)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm4)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm5)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm6)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm7)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm8)
++	filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmfm)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp9)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, efirtc)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, e2201)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83000)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83001)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83002)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83003)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83004)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83005)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83006)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83007)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83008)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83009)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event0)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event1)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event2)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event3)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event4)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event5)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event6)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event7)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event8)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, event9)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, evtchn)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb0)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb1)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb2)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb3)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb4)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb5)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb6)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb7)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb8)
++	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb9)
++	filetrans_pattern($1, device_t, null_device_t, chr_file, full)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw0)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw1)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw2)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw3)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw4)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw5)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw6)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw7)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw8)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, fw9)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, gfx)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, graphics)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc0)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc1)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc2)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc3)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc4)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc5)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc6)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc7)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc8)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, hfmodem)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev0)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev1)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev2)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev3)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev4)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev5)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev6)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev7)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev8)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev9)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw0)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw1)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw2)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw3)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw4)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw5)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw6)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw7)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw8)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw9)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, hpet)
++	filetrans_pattern($1, device_t, random_device_t, chr_file, hw_random)
++	filetrans_pattern($1, device_t, random_device_t, chr_file, hwrng)
++	filetrans_pattern($1, device_t, dri_device_t, chr_file, i915)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, inportbm)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi0)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi1)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi2)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi3)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi4)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi5)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi6)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi7)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi8)
++	filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi9)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt0)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt1)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt2)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt3)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt4)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt5)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt6)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt7)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt8)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt9)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, jbm)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js0)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js1)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js2)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js3)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js4)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js5)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js6)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js7)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js8)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, js9)
++	filetrans_pattern($1, device_t, memory_device_t, chr_file, kmem)
++	filetrans_pattern($1, device_t, kmsg_device_t, chr_file, kmsg)
++	filetrans_pattern($1, device_t, qemu_device_t, chr_file, kqemu)
++	filetrans_pattern($1, device_t, ksm_device_t, chr_file, ksm)
++	filetrans_pattern($1, device_t, kvm_device_t, chr_file, kvm)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik0)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik1)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik2)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik3)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik4)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik5)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik6)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik7)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik8)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, lik9)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc0)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc1)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc2)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc3)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc4)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc5)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc6)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc7)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc8)
++	filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc9)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, lircm)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, logibm)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp0)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp1)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp2)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp3)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp4)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp5)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp6)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp7)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp8)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, lp9)
++	filetrans_pattern($1, device_t, kmsg_device_t, chr_file, mcelog)
++	filetrans_pattern($1, device_t, memory_device_t, chr_file, mem)
++	filetrans_pattern($1, device_t, memory_device_t, chr_file, mergemem)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid0)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid1)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid2)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid3)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid4)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid5)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid6)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid7)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid8)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid9)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, mice)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, microcode)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, midi9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer9)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mmetfgrab)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, modem)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4010)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4011)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4012)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4013)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4014)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4015)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4016)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4017)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4018)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4019)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr0)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr1)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr2)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr3)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr4)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr5)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr6)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr7)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr8)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr9)
++	filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost)
++	filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_latency)
++	filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_throughput)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz0)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz1)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz2)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz3)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz4)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz5)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz6)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz7)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz8)
++	filetrans_pattern($1, device_t, modem_device_t, chr_file, noz9)
++	filetrans_pattern($1, device_t, null_device_t, chr_file, null)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia0)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia1)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia2)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia3)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia4)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia5)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia6)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia7)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia8)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia9)
++	filetrans_pattern($1, device_t, nvram_device_t, chr_file, nvram)
++	filetrans_pattern($1, device_t, memory_device_t, chr_file, oldmem)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, opengl)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par0)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par1)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par2)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par3)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par4)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par5)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par6)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par7)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par8)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, par9)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, pc110pad)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock0)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock1)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock2)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock3)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock4)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock5)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock6)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock7)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock8)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock9)
++	filetrans_pattern($1, device_t, power_device_t, chr_file, pmu)
++	filetrans_pattern($1, device_t, memory_device_t, chr_file, port)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps0)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps1)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps2)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps3)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps4)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps5)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps6)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps7)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps8)
++	filetrans_pattern($1, device_t, clock_device_t, chr_file, pps9)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi9)
++	filetrans_pattern($1, device_t, dri_device_t, chr_file, radeon)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio0)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio1)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio2)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio3)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio4)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio5)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio6)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio7)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio8)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio9)
++	filetrans_pattern($1, device_t, random_device_t, chr_file, random)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13940)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13941)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13942)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13943)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13944)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13945)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13946)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13947)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13948)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13949)
++	filetrans_pattern($1, device_t, wireless_device_t, chr_file, rfkill)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte7)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte8)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte9)
++	filetrans_pattern($1, device_t, power_device_t, chr_file, smu)
++	filetrans_pattern($1, device_t, apm_bios_t, chr_file, snapshot)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, sndstat)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, sonypi)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm0)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm1)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm2)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm3)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm4)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm5)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm6)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm7)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm8)
++	filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm9)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, uinput)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio0)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio1)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio2)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio3)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio4)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio5)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio6)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio7)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio8)
++	filetrans_pattern($1, device_t, userio_device_t, chr_file, uio9)
++	filetrans_pattern($1, device_t, urandom_device_t, chr_file, urandom)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb0)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb1)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb2)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb3)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb4)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb5)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb6)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb7)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, usb8)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp0)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp1)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp2)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp3)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp4)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp5)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp6)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp7)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp8)
++	filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp9)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon0)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon1)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon2)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon3)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon4)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon5)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon6)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon7)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon8)
++	filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon9)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, usbscanner)
++	filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost-net)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi0)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi1)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi2)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi3)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi4)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi5)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi6)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi7)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi8)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi9)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox0)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox1)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox2)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox3)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox4)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox5)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox6)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox7)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox8)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox9)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vga_arbiter)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmmon)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet0)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet1)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet2)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet3)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet4)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet5)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet6)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet7)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet8)
++	filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet9)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video0)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video1)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video2)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video3)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video4)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video5)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video6)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video7)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video8)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, video9)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, vrtpanel)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vttuner)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx0)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx1)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx2)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx3)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx4)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx5)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx6)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx7)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx8)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx9)
++	filetrans_pattern($1, device_t, watchdog_device_t, chr_file, watchdog)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio0)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio1)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio2)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio3)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio4)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio5)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio6)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio7)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio8)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio9)
++	filetrans_pattern($1, device_t, crypt_device_t, chr_file, z90crypt)
++	filetrans_pattern($1, device_t, zero_device_t, chr_file, zero)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card0)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card1)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card2)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card3)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card4)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card5)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card6)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card7)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card8)
++	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card9)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx0)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx1)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx2)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx3)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx4)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx5)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx6)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx7)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx8)
++	filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx9)
++	filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, cpu_dma_latency)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu0)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu1)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu2)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu3)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu4)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu5)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu6)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu7)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu8)
++	filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu9)
++	filetrans_pattern($1, device_t, mtrr_device_t, chr_file, mtrr)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor0)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor1)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor2)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor3)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor4)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor5)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor6)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor7)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor8)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, sensor9)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m0)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m1)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m2)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m3)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m4)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m5)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m6)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m7)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m8)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, m9)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard0)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard1)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard2)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard3)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard4)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard5)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard6)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard7)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard8)
++	filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard9)
++	filetrans_pattern($1, device_t, lvm_control_t, chr_file, control)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, ucb1x00)
++	filetrans_pattern($1, device_t, mouse_device_t, chr_file, mk712)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx0)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx1)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx2)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx3)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx4)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx5)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx6)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx7)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx8)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx9)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8000)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8001)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8002)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8003)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8004)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8005)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8006)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8007)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8008)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8009)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner0)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner1)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner2)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner3)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner4)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner5)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner6)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner7)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner8)
++	filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner9)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap0)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap1)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap2)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap3)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap4)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap5)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap6)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap7)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap8)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap9)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, gntdev)
++	filetrans_pattern($1, device_t, xen_device_t, chr_file, gntalloc)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, patmgr0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, patmgr1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd0)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd1)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd2)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd3)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd4)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd5)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd6)
++	filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd7)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk0)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk1)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk2)
++	filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk3)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, uba)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, ubb)
++	filetrans_pattern($1, device_t, usb_device_t, chr_file, ubc)
++')
 diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
 index 3ff4f60..89ffda6 100644
 --- a/policy/modules/kernel/devices.te
@@ -14109,7 +14850,7 @@ index 069d36c..78a81b3 100644
 +')
 +
 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 5001b89..160976e 100644
+index 5001b89..fef153d 100644
 --- a/policy/modules/kernel/kernel.te
 +++ b/policy/modules/kernel/kernel.te
 @@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@@ -14129,7 +14870,17 @@ index 5001b89..160976e 100644
  
  # These initial sids are no longer used, and can be removed:
  sid any_socket		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-@@ -254,7 +257,8 @@ fs_unmount_all_fs(kernel_t)
+@@ -246,6 +249,9 @@ dev_delete_generic_blk_files(kernel_t)
+ dev_create_generic_chr_files(kernel_t)
+ dev_delete_generic_chr_files(kernel_t)
+ dev_mounton(kernel_t)
++dev_filetrans_all_named_dev(kernel_t)
++storage_filetrans_all_named_dev(kernel_t)
++term_filetrans_all_named_dev(kernel_t)
+ 
+ # Mount root file system. Used when loading a policy
+ # from initrd, then mounting the root filesystem
+@@ -254,7 +260,8 @@ fs_unmount_all_fs(kernel_t)
  
  selinux_load_policy(kernel_t)
  
@@ -14139,7 +14890,7 @@ index 5001b89..160976e 100644
  
  corecmd_exec_shell(kernel_t)
  corecmd_list_bin(kernel_t)
-@@ -268,19 +272,28 @@ files_list_root(kernel_t)
+@@ -268,19 +275,28 @@ files_list_root(kernel_t)
  files_list_etc(kernel_t)
  files_list_home(kernel_t)
  files_read_usr_files(kernel_t)
@@ -14168,7 +14919,7 @@ index 5001b89..160976e 100644
  optional_policy(`
  	hotplug_search_config(kernel_t)
  ')
-@@ -296,6 +309,11 @@ optional_policy(`
+@@ -296,6 +312,11 @@ optional_policy(`
  
  optional_policy(`
  	logging_send_syslog_msg(kernel_t)
@@ -14180,7 +14931,7 @@ index 5001b89..160976e 100644
  ')
  
  optional_policy(`
-@@ -357,6 +375,10 @@ optional_policy(`
+@@ -357,6 +378,10 @@ optional_policy(`
  	unconfined_domain_noaudit(kernel_t)
  ')
  
@@ -14364,7 +15115,7 @@ index a9b8982..57c4a6a 100644
 +/lib/udev/devices/loop.* -b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 +/lib/udev/devices/fuse	-c	gen_context(system_u:object_r:fuse_device_t,s0)
 diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
-index 3723150..d6d1dbe 100644
+index 3723150..aa1ba6a 100644
 --- a/policy/modules/kernel/storage.if
 +++ b/policy/modules/kernel/storage.if
 @@ -101,6 +101,8 @@ interface(`storage_raw_read_fixed_disk',`
@@ -14387,6 +15138,272 @@ index 3723150..d6d1dbe 100644
  	dev_add_entry_generic_dirs($1)
  ')
  
+@@ -807,3 +812,265 @@ interface(`storage_unconfined',`
+ 
+ 	typeattribute $1 storage_unconfined_type;
+ ')
++
++########################################
++## <summary>
++##	Create all named devices with the correct label
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`storage_filetrans_all_named_dev',`
++
++gen_require(`
++	type tape_device_t;
++	type fixed_disk_device_t;
++	type removable_device_t;
++	type scsi_generic_device_t;
++	type fuse_device_t;
++')
++
++	dev_filetrans($1, tape_device_t, chr_file, ht00)
++	dev_filetrans($1, tape_device_t, chr_file, ht01)
++	dev_filetrans($1, tape_device_t, chr_file, ht02)
++	dev_filetrans($1, tape_device_t, chr_file, ht03)
++	dev_filetrans($1, tape_device_t, chr_file, ht04)
++	dev_filetrans($1, tape_device_t, chr_file, ht05)
++	dev_filetrans($1, tape_device_t, chr_file, ht06)
++	dev_filetrans($1, tape_device_t, chr_file, ht07)
++	dev_filetrans($1, tape_device_t, chr_file, ht08)
++	dev_filetrans($1, tape_device_t, chr_file, ht09)
++	dev_filetrans($1, tape_device_t, chr_file, st00)
++	dev_filetrans($1, tape_device_t, chr_file, st01)
++	dev_filetrans($1, tape_device_t, chr_file, st02)
++	dev_filetrans($1, tape_device_t, chr_file, st03)
++	dev_filetrans($1, tape_device_t, chr_file, st04)
++	dev_filetrans($1, tape_device_t, chr_file, st05)
++	dev_filetrans($1, tape_device_t, chr_file, st06)
++	dev_filetrans($1, tape_device_t, chr_file, st07)
++	dev_filetrans($1, tape_device_t, chr_file, st08)
++	dev_filetrans($1, tape_device_t, chr_file, st09)
++	dev_filetrans($1, tape_device_t, chr_file, qft0)
++	dev_filetrans($1, tape_device_t, chr_file, qft1)
++	dev_filetrans($1, tape_device_t, chr_file, qft2)
++	dev_filetrans($1, tape_device_t, chr_file, qft3)
++	dev_filetrans($1, tape_device_t, chr_file, osst00)
++	dev_filetrans($1, tape_device_t, chr_file, osst01)
++	dev_filetrans($1, tape_device_t, chr_file, osst02)
++	dev_filetrans($1, tape_device_t, chr_file, osst03)
++	dev_filetrans($1, tape_device_t, chr_file, osst04)
++	dev_filetrans($1, tape_device_t, chr_file, osst05)
++	dev_filetrans($1, tape_device_t, chr_file, osst06)
++	dev_filetrans($1, tape_device_t, chr_file, osst07)
++	dev_filetrans($1, tape_device_t, chr_file, osst08)
++	dev_filetrans($1, tape_device_t, chr_file, osst09)
++	dev_filetrans($1, tape_device_t, chr_file, pt0)
++	dev_filetrans($1, tape_device_t, chr_file, pt1)
++	dev_filetrans($1, tape_device_t, chr_file, pt2)
++	dev_filetrans($1, tape_device_t, chr_file, pt3)
++	dev_filetrans($1, tape_device_t, chr_file, pt4)
++	dev_filetrans($1, tape_device_t, chr_file, pt5)
++	dev_filetrans($1, tape_device_t, chr_file, pt6)
++	dev_filetrans($1, tape_device_t, chr_file, pt7)
++	dev_filetrans($1, tape_device_t, chr_file, pt8)
++	dev_filetrans($1, tape_device_t, chr_file, pt9)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic0)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic1)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic2)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic3)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic4)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic5)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic6)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic7)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic8)
++	dev_filetrans($1, tape_device_t, chr_file, tpqic9)
++	dev_filetrans($1, removable_device_t, blk_file, aztcd)
++	dev_filetrans($1, removable_device_t, blk_file, bpcd)
++	dev_filetrans($1, removable_device_t, blk_file, cdu0)
++	dev_filetrans($1, removable_device_t, blk_file, cdu1)
++	dev_filetrans($1, removable_device_t, blk_file, cdu2)
++	dev_filetrans($1, removable_device_t, blk_file, cdu3)
++	dev_filetrans($1, removable_device_t, blk_file, cdu4)
++	dev_filetrans($1, removable_device_t, blk_file, cdu5)
++	dev_filetrans($1, removable_device_t, blk_file, cdu6)
++	dev_filetrans($1, removable_device_t, blk_file, cdu7)
++	dev_filetrans($1, removable_device_t, blk_file, cdu8)
++	dev_filetrans($1, removable_device_t, blk_file, cdu9)
++	dev_filetrans($1, removable_device_t, blk_file, cm200)
++	dev_filetrans($1, removable_device_t, blk_file, cm201)
++	dev_filetrans($1, removable_device_t, blk_file, cm202)
++	dev_filetrans($1, removable_device_t, blk_file, cm203)
++	dev_filetrans($1, removable_device_t, blk_file, cm204)
++	dev_filetrans($1, removable_device_t, blk_file, cm205)
++	dev_filetrans($1, removable_device_t, blk_file, cm206)
++	dev_filetrans($1, removable_device_t, blk_file, cm207)
++	dev_filetrans($1, removable_device_t, blk_file, cm208)
++	dev_filetrans($1, removable_device_t, blk_file, cm209)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-0)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-1)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-2)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-3)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-4)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-5)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-6)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-7)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-8)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, dm-9)
++	dev_filetrans($1, removable_device_t, blk_file, gscd)
++	dev_filetrans($1, removable_device_t, blk_file, hitcd)
++	dev_filetrans($1, tape_device_t, blk_file, ht0)
++	dev_filetrans($1, tape_device_t, blk_file, ht1)
++	dev_filetrans($1, removable_device_t, blk_file, hwcdrom)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, initrd)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, jsfd)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, jsflash)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop0)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop1)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop2)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop3)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop4)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop5)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop6)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop7)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop8)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, loop9)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, lvm)
++	dev_filetrans($1, removable_device_t, blk_file, mcd)
++	dev_filetrans($1, removable_device_t, blk_file, mcdx)
++	dev_filetrans($1, removable_device_t, chr_file, megadev0)
++	dev_filetrans($1, removable_device_t, chr_file, megadev1)
++	dev_filetrans($1, removable_device_t, chr_file, megadev2)
++	dev_filetrans($1, removable_device_t, chr_file, megadev3)
++	dev_filetrans($1, removable_device_t, chr_file, megadev4)
++	dev_filetrans($1, removable_device_t, chr_file, megadev5)
++	dev_filetrans($1, removable_device_t, chr_file, megadev6)
++	dev_filetrans($1, removable_device_t, chr_file, megadev7)
++	dev_filetrans($1, removable_device_t, chr_file, megadev8)
++	dev_filetrans($1, removable_device_t, chr_file, megadev9)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk0)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk1)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk2)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk3)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk4)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk5)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk6)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk7)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk8)
++	dev_filetrans($1, removable_device_t, blk_file, mmcblk9)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk0)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk1)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk2)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk3)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk4)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk5)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk6)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk7)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk8)
++	dev_filetrans($1, removable_device_t, blk_file, mspblk9)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd0)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd1)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd2)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd3)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd4)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd5)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd6)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd7)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd8)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, mtd9)
++	dev_filetrans($1, removable_device_t, blk_file, optcd)
++	dev_filetrans($1, removable_device_t, blk_file, pf0)
++	dev_filetrans($1, removable_device_t, blk_file, pf1)
++	dev_filetrans($1, removable_device_t, blk_file, pf2)
++	dev_filetrans($1, removable_device_t, blk_file, pf3)
++	dev_filetrans($1, removable_device_t, blk_file, pg0)
++	dev_filetrans($1, removable_device_t, blk_file, pg1)
++	dev_filetrans($1, removable_device_t, blk_file, pg2)
++	dev_filetrans($1, removable_device_t, blk_file, pg3)
++	dev_filetrans($1, removable_device_t, blk_file, pcd0)
++	dev_filetrans($1, removable_device_t, blk_file, pcd1)
++	dev_filetrans($1, removable_device_t, blk_file, pcd2)
++	dev_filetrans($1, removable_device_t, blk_file, pcd3)
++	dev_filetrans($1, removable_device_t, chr_file, pg0)
++	dev_filetrans($1, removable_device_t, chr_file, pg1)
++	dev_filetrans($1, removable_device_t, chr_file, pg2)
++	dev_filetrans($1, removable_device_t, chr_file, pg3)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d0)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d1)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d2)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d3)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d4)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d5)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d6)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d7)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d8)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d9)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram0)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram1)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram2)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram3)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram4)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram5)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram6)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram7)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram8)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, ram9)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd0)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd1)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd2)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd3)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd4)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd5)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd6)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd7)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd8)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, rd9)
++	dev_filetrans($1, fixed_disk_device_t, blk_file, root)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd0)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd1)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd2)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd3)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd4)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd5)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd6)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd7)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd8)
++	dev_filetrans($1, removable_device_t, blk_file, sbpcd9)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg0)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg1)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg2)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg3)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg4)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg5)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg6)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg7)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg8)
++	dev_filetrans($1, scsi_generic_device_t, chr_file, sg9)
++	dev_filetrans($1, removable_device_t, blk_file, sjcd)
++	dev_filetrans($1, removable_device_t, blk_file, sonycd)
++	dev_filetrans($1, tape_device_t, chr_file, tape0)
++	dev_filetrans($1, tape_device_t, chr_file, tape1)
++	dev_filetrans($1, tape_device_t, chr_file, tape2)
++	dev_filetrans($1, tape_device_t, chr_file, tape3)
++	dev_filetrans($1, tape_device_t, chr_file, tape4)
++	dev_filetrans($1, tape_device_t, chr_file, tape5)
++	dev_filetrans($1, tape_device_t, chr_file, tape6)
++	dev_filetrans($1, tape_device_t, chr_file, tape7)
++	dev_filetrans($1, tape_device_t, chr_file, tape8)
++	dev_filetrans($1, tape_device_t, chr_file, tape9)
++	dev_filetrans($1, fuse_device_t, chr_file, fuse)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, device-mapper)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw0)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw1)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw2)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw3)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw4)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw5)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw6)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw7)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw8)
++	dev_filetrans($1, fixed_disk_device_t, chr_file, raw9)
++	dev_filetrans($1, removable_device_t, chr_file, rio500)
++')
 diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
 index 3994e57..a1923fe 100644
 --- a/policy/modules/kernel/terminal.fc
@@ -14414,7 +15431,7 @@ index 3994e57..a1923fe 100644
 +
 +/lib/udev/devices/pts	-d	gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
 diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
-index f3acfee..f54d681 100644
+index f3acfee..0082923 100644
 --- a/policy/modules/kernel/terminal.if
 +++ b/policy/modules/kernel/terminal.if
 @@ -208,6 +208,27 @@ interface(`term_use_all_terms',`
@@ -14654,7 +15671,7 @@ index f3acfee..f54d681 100644
  ')
  
  ########################################
-@@ -1475,3 +1578,22 @@ interface(`term_dontaudit_use_all_user_ttys',`
+@@ -1475,3 +1578,382 @@ interface(`term_dontaudit_use_all_user_ttys',`
  	refpolicywarn(`$0() is deprecated, use term_dontaudit_use_all_ttys() instead.')
  	term_dontaudit_use_all_ttys($1)
  ')
@@ -14677,6 +15694,366 @@ index f3acfee..f54d681 100644
 +        dev_list_all_dev_nodes($1)
 +        allow $1 virtio_device_t:chr_file rw_chr_file_perms;
 +')
++
++########################################
++## <summary>
++##	Create all named term devices with the correct label
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`term_filetrans_all_named_dev',`
++
++gen_require(`
++	type tty_device_t;
++	type bsdpty_device_t;
++	type console_device_t;
++	type ptmx_t;
++	type devtty_t;
++	type virtio_device_t;
++	type devpts_t;
++	type usbtty_device_t;
++')
++
++	dev_filetrans($1, devtty_t, chr_file, tty)
++	dev_filetrans($1, tty_device_t, chr_file, tty0)
++	dev_filetrans($1, tty_device_t, chr_file, tty1)
++	dev_filetrans($1, tty_device_t, chr_file, tty2)
++	dev_filetrans($1, tty_device_t, chr_file, tty3)
++	dev_filetrans($1, tty_device_t, chr_file, tty4)
++	dev_filetrans($1, tty_device_t, chr_file, tty5)
++	dev_filetrans($1, tty_device_t, chr_file, tty6)
++	dev_filetrans($1, tty_device_t, chr_file, tty7)
++	dev_filetrans($1, tty_device_t, chr_file, tty8)
++	dev_filetrans($1, tty_device_t, chr_file, tty9)
++	dev_filetrans($1, tty_device_t, chr_file, tty10)
++	dev_filetrans($1, tty_device_t, chr_file, tty11)
++	dev_filetrans($1, tty_device_t, chr_file, tty12)
++	dev_filetrans($1, tty_device_t, chr_file, tty13)
++	dev_filetrans($1, tty_device_t, chr_file, tty14)
++	dev_filetrans($1, tty_device_t, chr_file, tty15)
++	dev_filetrans($1, tty_device_t, chr_file, tty16)
++	dev_filetrans($1, tty_device_t, chr_file, tty17)
++	dev_filetrans($1, tty_device_t, chr_file, tty18)
++	dev_filetrans($1, tty_device_t, chr_file, tty19)
++	dev_filetrans($1, tty_device_t, chr_file, tty20)
++	dev_filetrans($1, tty_device_t, chr_file, tty21)
++	dev_filetrans($1, tty_device_t, chr_file, tty22)
++	dev_filetrans($1, tty_device_t, chr_file, tty23)
++	dev_filetrans($1, tty_device_t, chr_file, tty24)
++	dev_filetrans($1, tty_device_t, chr_file, tty25)
++	dev_filetrans($1, tty_device_t, chr_file, tty26)
++	dev_filetrans($1, tty_device_t, chr_file, tty27)
++	dev_filetrans($1, tty_device_t, chr_file, tty28)
++	dev_filetrans($1, tty_device_t, chr_file, tty29)
++	dev_filetrans($1, tty_device_t, chr_file, tty30)
++	dev_filetrans($1, tty_device_t, chr_file, tty31)
++	dev_filetrans($1, tty_device_t, chr_file, tty32)
++	dev_filetrans($1, tty_device_t, chr_file, tty33)
++	dev_filetrans($1, tty_device_t, chr_file, tty34)
++	dev_filetrans($1, tty_device_t, chr_file, tty35)
++	dev_filetrans($1, tty_device_t, chr_file, tty36)
++	dev_filetrans($1, tty_device_t, chr_file, tty37)
++	dev_filetrans($1, tty_device_t, chr_file, tty38)
++	dev_filetrans($1, tty_device_t, chr_file, tty39)
++	dev_filetrans($1, tty_device_t, chr_file, tty40)
++	dev_filetrans($1, tty_device_t, chr_file, tty41)
++	dev_filetrans($1, tty_device_t, chr_file, tty42)
++	dev_filetrans($1, tty_device_t, chr_file, tty43)
++	dev_filetrans($1, tty_device_t, chr_file, tty44)
++	dev_filetrans($1, tty_device_t, chr_file, tty45)
++	dev_filetrans($1, tty_device_t, chr_file, tty46)
++	dev_filetrans($1, tty_device_t, chr_file, tty47)
++	dev_filetrans($1, tty_device_t, chr_file, tty48)
++	dev_filetrans($1, tty_device_t, chr_file, tty49)
++	dev_filetrans($1, tty_device_t, chr_file, tty50)
++	dev_filetrans($1, tty_device_t, chr_file, tty51)
++	dev_filetrans($1, tty_device_t, chr_file, tty52)
++	dev_filetrans($1, tty_device_t, chr_file, tty53)
++	dev_filetrans($1, tty_device_t, chr_file, tty54)
++	dev_filetrans($1, tty_device_t, chr_file, tty55)
++	dev_filetrans($1, tty_device_t, chr_file, tty56)
++	dev_filetrans($1, tty_device_t, chr_file, tty57)
++	dev_filetrans($1, tty_device_t, chr_file, tty58)
++	dev_filetrans($1, tty_device_t, chr_file, tty59)
++	dev_filetrans($1, tty_device_t, chr_file, tty60)
++	dev_filetrans($1, tty_device_t, chr_file, tty61)
++	dev_filetrans($1, tty_device_t, chr_file, tty62)
++	dev_filetrans($1, tty_device_t, chr_file, tty63)
++	dev_filetrans($1, tty_device_t, chr_file, tty64)
++	dev_filetrans($1, tty_device_t, chr_file, tty65)
++	dev_filetrans($1, tty_device_t, chr_file, tty66)
++	dev_filetrans($1, tty_device_t, chr_file, tty67)
++	dev_filetrans($1, tty_device_t, chr_file, tty68)
++	dev_filetrans($1, tty_device_t, chr_file, tty69)
++	dev_filetrans($1, tty_device_t, chr_file, tty70)
++	dev_filetrans($1, tty_device_t, chr_file, tty71)
++	dev_filetrans($1, tty_device_t, chr_file, tty72)
++	dev_filetrans($1, tty_device_t, chr_file, tty73)
++	dev_filetrans($1, tty_device_t, chr_file, tty74)
++	dev_filetrans($1, tty_device_t, chr_file, tty75)
++	dev_filetrans($1, tty_device_t, chr_file, tty76)
++	dev_filetrans($1, tty_device_t, chr_file, tty77)
++	dev_filetrans($1, tty_device_t, chr_file, tty78)
++	dev_filetrans($1, tty_device_t, chr_file, tty79)
++	dev_filetrans($1, tty_device_t, chr_file, tty80)
++	dev_filetrans($1, tty_device_t, chr_file, tty81)
++	dev_filetrans($1, tty_device_t, chr_file, tty82)
++	dev_filetrans($1, tty_device_t, chr_file, tty83)
++	dev_filetrans($1, tty_device_t, chr_file, tty84)
++	dev_filetrans($1, tty_device_t, chr_file, tty85)
++	dev_filetrans($1, tty_device_t, chr_file, tty86)
++	dev_filetrans($1, tty_device_t, chr_file, tty87)
++	dev_filetrans($1, tty_device_t, chr_file, tty88)
++	dev_filetrans($1, tty_device_t, chr_file, tty89)
++	dev_filetrans($1, tty_device_t, chr_file, tty90)
++	dev_filetrans($1, tty_device_t, chr_file, tty91)
++	dev_filetrans($1, tty_device_t, chr_file, tty92)
++	dev_filetrans($1, tty_device_t, chr_file, tty93)
++	dev_filetrans($1, tty_device_t, chr_file, tty94)
++	dev_filetrans($1, tty_device_t, chr_file, tty95)
++	dev_filetrans($1, tty_device_t, chr_file, tty96)
++	dev_filetrans($1, tty_device_t, chr_file, tty97)
++	dev_filetrans($1, tty_device_t, chr_file, tty98)
++	dev_filetrans($1, tty_device_t, chr_file, tty99)
++	dev_filetrans($1, tty_device_t, chr_file, pty)
++	dev_filetrans($1, tty_device_t, chr_file, pty0)
++	dev_filetrans($1, tty_device_t, chr_file, pty1)
++	dev_filetrans($1, tty_device_t, chr_file, pty2)
++	dev_filetrans($1, tty_device_t, chr_file, pty3)
++	dev_filetrans($1, tty_device_t, chr_file, pty4)
++	dev_filetrans($1, tty_device_t, chr_file, pty5)
++	dev_filetrans($1, tty_device_t, chr_file, pty6)
++	dev_filetrans($1, tty_device_t, chr_file, pty7)
++	dev_filetrans($1, tty_device_t, chr_file, pty8)
++	dev_filetrans($1, tty_device_t, chr_file, pty9)
++	dev_filetrans($1, tty_device_t, chr_file, pty10)
++	dev_filetrans($1, tty_device_t, chr_file, pty11)
++	dev_filetrans($1, tty_device_t, chr_file, pty12)
++	dev_filetrans($1, tty_device_t, chr_file, pty13)
++	dev_filetrans($1, tty_device_t, chr_file, pty14)
++	dev_filetrans($1, tty_device_t, chr_file, pty15)
++	dev_filetrans($1, tty_device_t, chr_file, pty16)
++	dev_filetrans($1, tty_device_t, chr_file, pty17)
++	dev_filetrans($1, tty_device_t, chr_file, pty18)
++	dev_filetrans($1, tty_device_t, chr_file, pty19)
++	dev_filetrans($1, tty_device_t, chr_file, pty20)
++	dev_filetrans($1, tty_device_t, chr_file, pty21)
++	dev_filetrans($1, tty_device_t, chr_file, pty22)
++	dev_filetrans($1, tty_device_t, chr_file, pty23)
++	dev_filetrans($1, tty_device_t, chr_file, pty24)
++	dev_filetrans($1, tty_device_t, chr_file, pty25)
++	dev_filetrans($1, tty_device_t, chr_file, pty26)
++	dev_filetrans($1, tty_device_t, chr_file, pty27)
++	dev_filetrans($1, tty_device_t, chr_file, pty28)
++	dev_filetrans($1, tty_device_t, chr_file, pty29)
++	dev_filetrans($1, tty_device_t, chr_file, pty30)
++	dev_filetrans($1, tty_device_t, chr_file, pty31)
++	dev_filetrans($1, tty_device_t, chr_file, pty32)
++	dev_filetrans($1, tty_device_t, chr_file, pty33)
++	dev_filetrans($1, tty_device_t, chr_file, pty34)
++	dev_filetrans($1, tty_device_t, chr_file, pty35)
++	dev_filetrans($1, tty_device_t, chr_file, pty36)
++	dev_filetrans($1, tty_device_t, chr_file, pty37)
++	dev_filetrans($1, tty_device_t, chr_file, pty38)
++	dev_filetrans($1, tty_device_t, chr_file, pty39)
++	dev_filetrans($1, tty_device_t, chr_file, pty40)
++	dev_filetrans($1, tty_device_t, chr_file, pty41)
++	dev_filetrans($1, tty_device_t, chr_file, pty42)
++	dev_filetrans($1, tty_device_t, chr_file, pty43)
++	dev_filetrans($1, tty_device_t, chr_file, pty44)
++	dev_filetrans($1, tty_device_t, chr_file, pty45)
++	dev_filetrans($1, tty_device_t, chr_file, pty46)
++	dev_filetrans($1, tty_device_t, chr_file, pty47)
++	dev_filetrans($1, tty_device_t, chr_file, pty48)
++	dev_filetrans($1, tty_device_t, chr_file, pty49)
++	dev_filetrans($1, tty_device_t, chr_file, pty50)
++	dev_filetrans($1, tty_device_t, chr_file, pty51)
++	dev_filetrans($1, tty_device_t, chr_file, pty52)
++	dev_filetrans($1, tty_device_t, chr_file, pty53)
++	dev_filetrans($1, tty_device_t, chr_file, pty54)
++	dev_filetrans($1, tty_device_t, chr_file, pty55)
++	dev_filetrans($1, tty_device_t, chr_file, pty56)
++	dev_filetrans($1, tty_device_t, chr_file, pty57)
++	dev_filetrans($1, tty_device_t, chr_file, pty58)
++	dev_filetrans($1, tty_device_t, chr_file, pty59)
++	dev_filetrans($1, tty_device_t, chr_file, pty60)
++	dev_filetrans($1, tty_device_t, chr_file, pty61)
++	dev_filetrans($1, tty_device_t, chr_file, pty62)
++	dev_filetrans($1, tty_device_t, chr_file, pty63)
++	dev_filetrans($1, tty_device_t, chr_file, pty64)
++	dev_filetrans($1, tty_device_t, chr_file, pty65)
++	dev_filetrans($1, tty_device_t, chr_file, pty66)
++	dev_filetrans($1, tty_device_t, chr_file, pty67)
++	dev_filetrans($1, tty_device_t, chr_file, pty68)
++	dev_filetrans($1, tty_device_t, chr_file, pty69)
++	dev_filetrans($1, tty_device_t, chr_file, pty70)
++	dev_filetrans($1, tty_device_t, chr_file, pty71)
++	dev_filetrans($1, tty_device_t, chr_file, pty72)
++	dev_filetrans($1, tty_device_t, chr_file, pty73)
++	dev_filetrans($1, tty_device_t, chr_file, pty74)
++	dev_filetrans($1, tty_device_t, chr_file, pty75)
++	dev_filetrans($1, tty_device_t, chr_file, pty76)
++	dev_filetrans($1, tty_device_t, chr_file, pty77)
++	dev_filetrans($1, tty_device_t, chr_file, pty78)
++	dev_filetrans($1, tty_device_t, chr_file, pty79)
++	dev_filetrans($1, tty_device_t, chr_file, pty80)
++	dev_filetrans($1, tty_device_t, chr_file, pty81)
++	dev_filetrans($1, tty_device_t, chr_file, pty82)
++	dev_filetrans($1, tty_device_t, chr_file, pty83)
++	dev_filetrans($1, tty_device_t, chr_file, pty84)
++	dev_filetrans($1, tty_device_t, chr_file, pty85)
++	dev_filetrans($1, tty_device_t, chr_file, pty86)
++	dev_filetrans($1, tty_device_t, chr_file, pty87)
++	dev_filetrans($1, tty_device_t, chr_file, pty88)
++	dev_filetrans($1, tty_device_t, chr_file, pty89)
++	dev_filetrans($1, tty_device_t, chr_file, pty90)
++	dev_filetrans($1, tty_device_t, chr_file, pty91)
++	dev_filetrans($1, tty_device_t, chr_file, pty92)
++	dev_filetrans($1, tty_device_t, chr_file, pty93)
++	dev_filetrans($1, tty_device_t, chr_file, pty94)
++	dev_filetrans($1, tty_device_t, chr_file, pty95)
++	dev_filetrans($1, tty_device_t, chr_file, pty96)
++	dev_filetrans($1, tty_device_t, chr_file, pty97)
++	dev_filetrans($1, tty_device_t, chr_file, pty98)
++	dev_filetrans($1, tty_device_t, chr_file, pty99)
++	dev_filetrans($1, tty_device_t, chr_file, adb0)
++	dev_filetrans($1, tty_device_t, chr_file, adb1)
++	dev_filetrans($1, tty_device_t, chr_file, adb2)
++	dev_filetrans($1, tty_device_t, chr_file, adb3)
++	dev_filetrans($1, tty_device_t, chr_file, adb4)
++	dev_filetrans($1, tty_device_t, chr_file, adb5)
++	dev_filetrans($1, tty_device_t, chr_file, adb6)
++	dev_filetrans($1, tty_device_t, chr_file, adb7)
++	dev_filetrans($1, tty_device_t, chr_file, adb8)
++	dev_filetrans($1, tty_device_t, chr_file, adb9)
++	dev_filetrans($1, tty_device_t, chr_file, capi0)
++	dev_filetrans($1, tty_device_t, chr_file, capi1)
++	dev_filetrans($1, tty_device_t, chr_file, capi2)
++	dev_filetrans($1, tty_device_t, chr_file, capi3)
++	dev_filetrans($1, tty_device_t, chr_file, capi4)
++	dev_filetrans($1, tty_device_t, chr_file, capi5)
++	dev_filetrans($1, tty_device_t, chr_file, capi6)
++	dev_filetrans($1, tty_device_t, chr_file, capi7)
++	dev_filetrans($1, tty_device_t, chr_file, capi8)
++	dev_filetrans($1, tty_device_t, chr_file, capi9)
++	dev_filetrans($1, console_device_t, chr_file, console)
++	dev_filetrans($1, tty_device_t, chr_file, cu0)
++	dev_filetrans($1, tty_device_t, chr_file, cu1)
++	dev_filetrans($1, tty_device_t, chr_file, cu2)
++	dev_filetrans($1, tty_device_t, chr_file, cu3)
++	dev_filetrans($1, tty_device_t, chr_file, cu4)
++	dev_filetrans($1, tty_device_t, chr_file, cu5)
++	dev_filetrans($1, tty_device_t, chr_file, cu6)
++	dev_filetrans($1, tty_device_t, chr_file, cu7)
++	dev_filetrans($1, tty_device_t, chr_file, cu8)
++	dev_filetrans($1, tty_device_t, chr_file, cu9)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri0)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri1)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri2)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri3)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri4)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri5)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri6)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri7)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri8)
++	dev_filetrans($1, tty_device_t, chr_file, dcbri9)
++	dev_filetrans($1, tty_device_t, chr_file, hvc0)
++	dev_filetrans($1, tty_device_t, chr_file, hvc1)
++	dev_filetrans($1, tty_device_t, chr_file, hvc2)
++	dev_filetrans($1, tty_device_t, chr_file, hvc3)
++	dev_filetrans($1, tty_device_t, chr_file, hvc4)
++	dev_filetrans($1, tty_device_t, chr_file, hvc5)
++	dev_filetrans($1, tty_device_t, chr_file, hvc6)
++	dev_filetrans($1, tty_device_t, chr_file, hvc7)
++	dev_filetrans($1, tty_device_t, chr_file, hvc8)
++	dev_filetrans($1, tty_device_t, chr_file, hvc9)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi0)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi1)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi2)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi3)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi4)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi5)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi6)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi7)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi8)
++	dev_filetrans($1, tty_device_t, chr_file, hvsi9)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm0)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm1)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm2)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm3)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm4)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm5)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm6)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm7)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm8)
++	dev_filetrans($1, tty_device_t, chr_file, ircomm9)
++	dev_filetrans($1, tty_device_t, chr_file, isdn0)
++	dev_filetrans($1, tty_device_t, chr_file, isdn1)
++	dev_filetrans($1, tty_device_t, chr_file, isdn2)
++	dev_filetrans($1, tty_device_t, chr_file, isdn3)
++	dev_filetrans($1, tty_device_t, chr_file, isdn4)
++	dev_filetrans($1, tty_device_t, chr_file, isdn5)
++	dev_filetrans($1, tty_device_t, chr_file, isdn6)
++	dev_filetrans($1, tty_device_t, chr_file, isdn7)
++	dev_filetrans($1, tty_device_t, chr_file, isdn8)
++	dev_filetrans($1, tty_device_t, chr_file, isdn9)
++	dev_filetrans($1, ptmx_t, chr_file, ptmx)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm0)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm1)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm2)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm3)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm4)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm5)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm6)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm7)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm8)
++	dev_filetrans($1, tty_device_t, chr_file, rfcomm9)
++	dev_filetrans($1, tty_device_t, chr_file, slamr0)
++	dev_filetrans($1, tty_device_t, chr_file, slamr1)
++	dev_filetrans($1, tty_device_t, chr_file, slamr2)
++	dev_filetrans($1, tty_device_t, chr_file, slamr3)
++	dev_filetrans($1, tty_device_t, chr_file, slamr4)
++	dev_filetrans($1, tty_device_t, chr_file, slamr5)
++	dev_filetrans($1, tty_device_t, chr_file, slamr6)
++	dev_filetrans($1, tty_device_t, chr_file, slamr7)
++	dev_filetrans($1, tty_device_t, chr_file, slamr8)
++	dev_filetrans($1, tty_device_t, chr_file, slamr9)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG0)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG1)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG2)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG3)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG4)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG5)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG6)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG7)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG8)
++	dev_filetrans($1, tty_device_t, chr_file, ttySG9)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p0)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p1)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p2)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p3)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p4)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p5)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p6)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p7)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p8)
++	dev_filetrans($1, virtio_device_t, chr_file, vport0p9)
++	dev_filetrans($1, devpts_t, dir, pts)
++	dev_filetrans($1, tty_device_t, chr_file, xvc0)
++	dev_filetrans($1, tty_device_t, chr_file, xvc1)
++	dev_filetrans($1, tty_device_t, chr_file, xvc2)
++	dev_filetrans($1, tty_device_t, chr_file, xvc3)
++	dev_filetrans($1, tty_device_t, chr_file, xvc4)
++	dev_filetrans($1, tty_device_t, chr_file, xvc5)
++	dev_filetrans($1, tty_device_t, chr_file, xvc6)
++	dev_filetrans($1, tty_device_t, chr_file, xvc7)
++	dev_filetrans($1, tty_device_t, chr_file, xvc8)
++	dev_filetrans($1, tty_device_t, chr_file, xvc9)
++')
 diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
 index 361692e..0f09fb5 100644
 --- a/policy/modules/kernel/terminal.te
@@ -15028,10 +16405,10 @@ index 2be17d2..7ccb554 100644
 +	userdom_execmod_user_home_files(staff_usertype)
 +')
 diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
-index 4a8d146..6b0999e 100644
+index 4a8d146..4d02bae 100644
 --- a/policy/modules/roles/sysadm.te
 +++ b/policy/modules/roles/sysadm.te
-@@ -24,20 +24,41 @@ ifndef(`enable_mls',`
+@@ -24,20 +24,56 @@ ifndef(`enable_mls',`
  #
  # Local policy
  #
@@ -15043,6 +16420,10 @@ index 4a8d146..6b0999e 100644
 +
 +files_read_kernel_modules(sysadm_t)
 +
++dev_filetrans_all_named_dev(sysadm_t)
++storage_filetrans_all_named_dev(sysadm_t)
++term_filetrans_all_named_dev(sysadm_t)
++
  mls_process_read_up(sysadm_t)
 +mls_file_read_to_clearance(sysadm_t)
 +mls_process_write_to_clearance(sysadm_t)
@@ -15061,6 +16442,12 @@ index 4a8d146..6b0999e 100644
 +init_script_role_transition(sysadm_r)
 +
 +miscfiles_read_hwdata(sysadm_t)
++
++sysnet_etc_filetrans_config(sysadm_t, resolv.conf)
++sysnet_etc_filetrans_config(sysadm_t, denyhosts)
++sysnet_etc_filetrans_config(sysadm_t, hosts)
++sysnet_etc_filetrans_config(sysadm_t, ethers)
++sysnet_etc_filetrans_config(sysadm_t, yp.conf)
  
  # Add/remove user home directories
  userdom_manage_user_home_dirs(sysadm_t)
@@ -15070,10 +16457,15 @@ index 4a8d146..6b0999e 100644
 +userdom_manage_user_tmp_symlinks(sysadm_t)
 +userdom_manage_user_tmp_chr_files(sysadm_t)
 +userdom_manage_user_tmp_blk_files(sysadm_t)
++
++optional_policy(`
++	ssh_user_home_dir_filetrans(sysadm_t)
++	ssh_admin_home_dir_filetrans(sysadm_t)
++')
  
  ifdef(`direct_sysadm_daemon',`
  	optional_policy(`
-@@ -55,6 +76,7 @@ ifndef(`enable_mls',`
+@@ -55,6 +91,7 @@ ifndef(`enable_mls',`
  	logging_manage_audit_log(sysadm_t)
  	logging_manage_audit_config(sysadm_t)
  	logging_run_auditctl(sysadm_t, sysadm_r)
@@ -15081,7 +16473,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  tunable_policy(`allow_ptrace',`
-@@ -69,7 +91,6 @@ optional_policy(`
+@@ -69,7 +106,6 @@ optional_policy(`
  	apache_run_helper(sysadm_t, sysadm_r)
  	#apache_run_all_scripts(sysadm_t, sysadm_r)
  	#apache_domtrans_sys_script(sysadm_t)
@@ -15089,7 +16481,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -98,6 +119,10 @@ optional_policy(`
+@@ -98,6 +134,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15100,7 +16492,7 @@ index 4a8d146..6b0999e 100644
  	certwatch_run(sysadm_t, sysadm_r)
  ')
  
-@@ -114,7 +139,7 @@ optional_policy(`
+@@ -114,7 +154,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15109,7 +16501,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -124,6 +149,10 @@ optional_policy(`
+@@ -124,6 +164,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15120,7 +16512,7 @@ index 4a8d146..6b0999e 100644
  	ddcprobe_run(sysadm_t, sysadm_r)
  ')
  
-@@ -163,6 +192,13 @@ optional_policy(`
+@@ -163,6 +207,13 @@ optional_policy(`
  	ipsec_stream_connect(sysadm_t)
  	# for lsof
  	ipsec_getattr_key_sockets(sysadm_t)
@@ -15134,7 +16526,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -170,15 +206,15 @@ optional_policy(`
+@@ -170,15 +221,15 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15153,7 +16545,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -198,18 +234,12 @@ optional_policy(`
+@@ -198,18 +249,12 @@ optional_policy(`
  	modutils_run_depmod(sysadm_t, sysadm_r)
  	modutils_run_insmod(sysadm_t, sysadm_r)
  	modutils_run_update_mods(sysadm_t, sysadm_r)
@@ -15174,7 +16566,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -225,6 +255,10 @@ optional_policy(`
+@@ -225,6 +270,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15185,7 +16577,7 @@ index 4a8d146..6b0999e 100644
  	netutils_run(sysadm_t, sysadm_r)
  	netutils_run_ping(sysadm_t, sysadm_r)
  	netutils_run_traceroute(sysadm_t, sysadm_r)
-@@ -253,7 +287,7 @@ optional_policy(`
+@@ -253,7 +302,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15194,7 +16586,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -265,20 +299,14 @@ optional_policy(`
+@@ -265,20 +314,14 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15216,7 +16608,7 @@ index 4a8d146..6b0999e 100644
  
  optional_policy(`
  	rsync_exec(sysadm_t)
-@@ -307,7 +335,7 @@ optional_policy(`
+@@ -307,7 +350,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15225,7 +16617,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -332,10 +360,6 @@ optional_policy(`
+@@ -332,10 +375,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15236,7 +16628,7 @@ index 4a8d146..6b0999e 100644
  	tripwire_run_siggen(sysadm_t, sysadm_r)
  	tripwire_run_tripwire(sysadm_t, sysadm_r)
  	tripwire_run_twadmin(sysadm_t, sysadm_r)
-@@ -343,19 +367,15 @@ optional_policy(`
+@@ -343,19 +382,15 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15258,7 +16650,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -367,17 +387,14 @@ optional_policy(`
+@@ -367,17 +402,14 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15278,7 +16670,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -389,7 +406,7 @@ optional_policy(`
+@@ -389,7 +421,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15287,7 +16679,7 @@ index 4a8d146..6b0999e 100644
  ')
  
  optional_policy(`
-@@ -404,8 +421,15 @@ optional_policy(`
+@@ -404,8 +436,15 @@ optional_policy(`
  	yam_run(sysadm_t, sysadm_r)
  ')
  
@@ -15303,7 +16695,7 @@ index 4a8d146..6b0999e 100644
  		auth_role(sysadm_r, sysadm_t)
  	')
  
-@@ -452,5 +476,60 @@ ifndef(`distro_redhat',`
+@@ -452,5 +491,60 @@ ifndef(`distro_redhat',`
  	optional_policy(`
  		java_role(sysadm_r, sysadm_t)
  	')
@@ -16074,10 +17466,10 @@ index 0000000..8b2cdf3
 +
 diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
 new file mode 100644
-index 0000000..805d0ea
+index 0000000..33c88a7
 --- /dev/null
 +++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,503 @@
+@@ -0,0 +1,519 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -16166,6 +17558,21 @@ index 0000000..805d0ea
 +files_create_default_dir(unconfined_t)
 +files_root_filetrans_default(unconfined_t, dir)
 +
++dev_filetrans_all_named_dev(unconfined_t)
++storage_filetrans_all_named_dev(unconfined_t)
++term_filetrans_all_named_dev(unconfined_t)
++
++sysnet_etc_filetrans_config(unconfined_t, resolv.conf)
++sysnet_etc_filetrans_config(unconfined_t, denyhosts)
++sysnet_etc_filetrans_config(unconfined_t, hosts)
++sysnet_etc_filetrans_config(unconfined_t, ethers)
++sysnet_etc_filetrans_config(unconfined_t, yp.conf)
++
++optional_policy(`
++	ssh_user_home_dir_filetrans(unconfined_t)
++	ssh_admin_home_dir_filetrans(unconfined_t)
++')
++
 +mcs_killall(unconfined_t)
 +mcs_ptrace_all(unconfined_t)
 +mls_file_write_all_levels(unconfined_t)
@@ -16310,6 +17717,7 @@ index 0000000..805d0ea
 +
 +optional_policy(`
 +	apache_run_helper(unconfined_t, unconfined_r)
++	apache_filetrans_home_content(unconfined_t)
 +')
 +
 +optional_policy(`
@@ -17919,7 +19327,7 @@ index 9e39aa5..ec27284 100644
 +/var/run/dirsrv/admin-serv.*	gen_context(system_u:object_r:httpd_var_run_t,s0)
 +/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?       gen_context(system_u:object_r:httpd_var_run_t,s0)
 diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
-index 6480167..09c61a0 100644
+index 6480167..a729492 100644
 --- a/policy/modules/services/apache.if
 +++ b/policy/modules/services/apache.if
 @@ -13,17 +13,13 @@
@@ -18100,16 +19508,17 @@ index 6480167..09c61a0 100644
  	manage_dirs_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
  	manage_files_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
  	manage_lnk_files_pattern($2, httpd_user_rw_content_t, httpd_user_rw_content_t)
-@@ -248,6 +244,8 @@ interface(`apache_role',`
+@@ -248,6 +244,9 @@ interface(`apache_role',`
  	relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
  	relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
  
 +	apache_exec_modules($2)
++	apache_filetrans_home_content($2)
 +
  	tunable_policy(`httpd_enable_cgi',`
  		# If a user starts a script by hand it gets the proper context
  		domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t)
-@@ -317,6 +315,25 @@ interface(`apache_domtrans',`
+@@ -317,6 +316,25 @@ interface(`apache_domtrans',`
  	domtrans_pattern($1, httpd_exec_t, httpd_t)
  ')
  
@@ -18135,7 +19544,7 @@ index 6480167..09c61a0 100644
  #######################################
  ## <summary>
  ##	Send a generic signal to apache.
-@@ -405,7 +422,7 @@ interface(`apache_dontaudit_rw_fifo_file',`
+@@ -405,7 +423,7 @@ interface(`apache_dontaudit_rw_fifo_file',`
  		type httpd_t;
  	')
  
@@ -18144,7 +19553,7 @@ index 6480167..09c61a0 100644
  ')
  
  ########################################
-@@ -487,7 +504,7 @@ interface(`apache_setattr_cache_dirs',`
+@@ -487,7 +505,7 @@ interface(`apache_setattr_cache_dirs',`
  		type httpd_cache_t;
  	')
  
@@ -18153,7 +19562,7 @@ index 6480167..09c61a0 100644
  ')
  
  ########################################
-@@ -531,6 +548,25 @@ interface(`apache_rw_cache_files',`
+@@ -531,6 +549,25 @@ interface(`apache_rw_cache_files',`
  ########################################
  ## <summary>
  ##	Allow the specified domain to delete
@@ -18179,7 +19588,7 @@ index 6480167..09c61a0 100644
  ##	Apache cache.
  ## </summary>
  ## <param name="domain">
-@@ -549,6 +585,26 @@ interface(`apache_delete_cache_files',`
+@@ -549,6 +586,26 @@ interface(`apache_delete_cache_files',`
  
  ########################################
  ## <summary>
@@ -18206,7 +19615,7 @@ index 6480167..09c61a0 100644
  ##	Allow the specified domain to read
  ##	apache configuration files.
  ## </summary>
-@@ -699,7 +755,7 @@ interface(`apache_dontaudit_append_log',`
+@@ -699,7 +756,7 @@ interface(`apache_dontaudit_append_log',`
  		type httpd_log_t;
  	')
  
@@ -18215,7 +19624,7 @@ index 6480167..09c61a0 100644
  ')
  
  ########################################
-@@ -745,6 +801,25 @@ interface(`apache_dontaudit_search_modules',`
+@@ -745,6 +802,25 @@ interface(`apache_dontaudit_search_modules',`
  
  ########################################
  ## <summary>
@@ -18241,7 +19650,7 @@ index 6480167..09c61a0 100644
  ##	Allow the specified domain to list
  ##	the contents of the apache modules
  ##	directory.
-@@ -761,6 +836,7 @@ interface(`apache_list_modules',`
+@@ -761,6 +837,7 @@ interface(`apache_list_modules',`
  	')
  
  	allow $1 httpd_modules_t:dir list_dir_perms;
@@ -18249,7 +19658,7 @@ index 6480167..09c61a0 100644
  ')
  
  ########################################
-@@ -819,6 +895,7 @@ interface(`apache_list_sys_content',`
+@@ -819,6 +896,7 @@ interface(`apache_list_sys_content',`
  	')
  
  	list_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
@@ -18257,7 +19666,7 @@ index 6480167..09c61a0 100644
  	files_search_var($1)
  ')
  
-@@ -846,6 +923,74 @@ interface(`apache_manage_sys_content',`
+@@ -846,6 +924,74 @@ interface(`apache_manage_sys_content',`
  	manage_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
  ')
  
@@ -18332,7 +19741,7 @@ index 6480167..09c61a0 100644
  ########################################
  ## <summary>
  ##	Execute all web scripts in the system
-@@ -862,7 +1007,11 @@ interface(`apache_manage_sys_content',`
+@@ -862,7 +1008,11 @@ interface(`apache_manage_sys_content',`
  interface(`apache_domtrans_sys_script',`
  	gen_require(`
  		attribute httpdcontent;
@@ -18345,7 +19754,7 @@ index 6480167..09c61a0 100644
  	')
  
  	tunable_policy(`httpd_enable_cgi && httpd_unified',`
-@@ -921,9 +1070,10 @@ interface(`apache_domtrans_all_scripts',`
+@@ -921,9 +1071,10 @@ interface(`apache_domtrans_all_scripts',`
  ## </param>
  ## <param name="role">
  ##	<summary>
@@ -18357,7 +19766,7 @@ index 6480167..09c61a0 100644
  #
  interface(`apache_run_all_scripts',`
  	gen_require(`
-@@ -950,7 +1100,7 @@ interface(`apache_read_squirrelmail_data',`
+@@ -950,7 +1101,7 @@ interface(`apache_read_squirrelmail_data',`
  		type httpd_squirrelmail_t;
  	')
  
@@ -18366,7 +19775,7 @@ index 6480167..09c61a0 100644
  ')
  
  ########################################
-@@ -1091,6 +1241,25 @@ interface(`apache_read_tmp_files',`
+@@ -1091,6 +1242,25 @@ interface(`apache_read_tmp_files',`
  	read_files_pattern($1, httpd_tmp_t, httpd_tmp_t)
  ')
  
@@ -18392,7 +19801,7 @@ index 6480167..09c61a0 100644
  ########################################
  ## <summary>
  ##	Dontaudit attempts to write
-@@ -1107,7 +1276,7 @@ interface(`apache_dontaudit_write_tmp_files',`
+@@ -1107,7 +1277,7 @@ interface(`apache_dontaudit_write_tmp_files',`
  		type httpd_tmp_t;
  	')
  
@@ -18401,7 +19810,7 @@ index 6480167..09c61a0 100644
  ')
  
  ########################################
-@@ -1170,17 +1339,14 @@ interface(`apache_cgi_domain',`
+@@ -1170,17 +1340,14 @@ interface(`apache_cgi_domain',`
  #
  interface(`apache_admin',`
  	gen_require(`
@@ -18423,7 +19832,7 @@ index 6480167..09c61a0 100644
  	ps_process_pattern($1, httpd_t)
  
  	init_labeled_script_domtrans($1, httpd_initrc_exec_t)
-@@ -1191,10 +1357,10 @@ interface(`apache_admin',`
+@@ -1191,10 +1358,10 @@ interface(`apache_admin',`
  	apache_manage_all_content($1)
  	miscfiles_manage_public_files($1)
  
@@ -18436,7 +19845,7 @@ index 6480167..09c61a0 100644
  	admin_pattern($1, httpd_log_t)
  
  	admin_pattern($1, httpd_modules_t)
-@@ -1205,14 +1371,43 @@ interface(`apache_admin',`
+@@ -1205,14 +1372,63 @@ interface(`apache_admin',`
  	admin_pattern($1, httpd_var_run_t)
  	files_pid_filetrans($1, httpd_var_run_t, file)
  
@@ -18484,6 +19893,26 @@ index 6480167..09c61a0 100644
 +	dontaudit $1 httpd_t:unix_dgram_socket { read write };
 +	dontaudit $1 httpd_t:unix_stream_socket { read write };
 +	dontaudit $1 httpd_tmp_t:file { read write };
++')
++
++########################################
++## <summary>
++##	Transition to apache named content
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`apache_filetrans_home_content',`
++	gen_require(`
++		type httpd_user_content_t;
++	')
++
++	userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, public_html)
++	userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, www)
++	userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, web)
  ')
 diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
 index 3136c6a..1bf05a6 100644
@@ -29218,7 +30647,7 @@ index 3525d24..923e979 100644
  /var/tmp/host_0			-- 	gen_context(system_u:object_r:krb5_host_rcache_t,s0)
 +/var/tmp/HTTP_23		-- 	gen_context(system_u:object_r:krb5_host_rcache_t,s0)
 diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
-index 604f67b..65fdeb0 100644
+index 604f67b..f5de0a2 100644
 --- a/policy/modules/services/kerberos.if
 +++ b/policy/modules/services/kerberos.if
 @@ -26,9 +26,9 @@
@@ -29299,15 +30728,20 @@ index 604f67b..65fdeb0 100644
  
  	kerberos_read_keytab($2)
  	kerberos_use($2)
-@@ -289,6 +307,7 @@ interface(`kerberos_manage_host_rcache',`
+@@ -289,6 +307,12 @@ interface(`kerberos_manage_host_rcache',`
  
  		seutil_read_file_contexts($1)
  
++<<<<<<< HEAD
++		files_rw_tmp_dirs($1)
++||||||| merged common ancestors
++=======
 +		files_rw_generic_tmp_dir($1)
++>>>>>>> fc09d81ec7c51e42fe3d0ce894bc530645f46456
  		allow $1 krb5_host_rcache_t:file manage_file_perms;
  		files_search_tmp($1)
  	')
-@@ -296,28 +315,6 @@ interface(`kerberos_manage_host_rcache',`
+@@ -296,28 +320,6 @@ interface(`kerberos_manage_host_rcache',`
  
  ########################################
  ## <summary>
@@ -29336,7 +30770,7 @@ index 604f67b..65fdeb0 100644
  ##	All of the rules required to administrate 
  ##	an kerberos environment
  ## </summary>
-@@ -338,9 +335,8 @@ interface(`kerberos_admin',`
+@@ -338,9 +340,8 @@ interface(`kerberos_admin',`
  		type kadmind_t, krb5kdc_t, kerberos_initrc_exec_t;
  		type kadmind_log_t, kadmind_tmp_t, kadmind_var_run_t;
  		type krb5_conf_t, krb5_keytab_t, krb5kdc_conf_t;
@@ -29347,7 +30781,7 @@ index 604f67b..65fdeb0 100644
  	')
  
  	allow $1 kadmind_t:process { ptrace signal_perms };
-@@ -378,3 +374,41 @@ interface(`kerberos_admin',`
+@@ -378,3 +379,41 @@ interface(`kerberos_admin',`
  
  	admin_pattern($1, krb5kdc_var_run_t)
  ')
@@ -42774,7 +44208,7 @@ index 078bcd7..2d60774 100644
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
 +/root/\.shosts				gen_context(system_u:object_r:ssh_home_t,s0)
 diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index 22adaca..68ad7a7 100644
+index 22adaca..e064fd6 100644
 --- a/policy/modules/services/ssh.if
 +++ b/policy/modules/services/ssh.if
 @@ -32,10 +32,10 @@
@@ -43090,7 +44524,7 @@ index 22adaca..68ad7a7 100644
  ')
  
  ######################################
-@@ -735,3 +794,21 @@ interface(`ssh_delete_tmp',`
+@@ -735,3 +794,59 @@ interface(`ssh_delete_tmp',`
  	files_search_tmp($1)
  	delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
  ')
@@ -43112,6 +44546,44 @@ index 22adaca..68ad7a7 100644
 +
 +	allow $1 sshd_t:process signull;
 +')
++
++########################################
++## <summary>
++##	Create .sshd directory in the /root directory
++##	with an correct label.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`ssh_admin_home_dir_filetrans',`
++	gen_require(`
++		type ssh_home_t;
++	')
++
++	userdom_admin_home_dir_filetrans($1, ssh_home_t, dir, .ssh)
++')
++
++########################################
++## <summary>
++##	Create .sshd directory in the /root directory
++##	with an correct label.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`ssh_user_home_dir_filetrans',`
++	gen_require(`
++		type ssh_home_t;
++	')
++
++	userdom_user_home_dir_filetrans($1, ssh_home_t, dir, .ssh)
++')
 diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
 index 2dad3c8..c71bdb9 100644
 --- a/policy/modules/services/ssh.te
@@ -44623,7 +46095,7 @@ index 32a3c13..7baeb6f 100644
  
  optional_policy(`
 diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc
-index 2124b6a..6546d6e 100644
+index 2124b6a..1b33cbb 100644
 --- a/policy/modules/services/virt.fc
 +++ b/policy/modules/services/virt.fc
 @@ -1,4 +1,5 @@
@@ -44633,7 +46105,7 @@ index 2124b6a..6546d6e 100644
  HOME_DIR/VirtualMachines(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
  HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
  
-@@ -13,17 +14,19 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
+@@ -13,17 +14,25 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
  /etc/xen/.*/.*			gen_context(system_u:object_r:virt_etc_rw_t,s0)
  
  /usr/sbin/libvirtd	--	gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -44656,6 +46128,12 @@ index 2124b6a..6546d6e 100644
 +/var/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:qemu_var_run_t,s0-mls_systemhigh)
  
  /var/vdsm(/.*)?			gen_context(system_u:object_r:virt_var_run_t,s0)
++
++# support for AEOLUS project
++/usr/bin/imgfac\.py		--			gen_context(system_u:object_r:virtd_exec_t,s0)
++/var/cache/oz(/.*)?					gen_context(system_u:object_r:virt_cache_t,s0)
++/var/lib/oz(/.*)?					gen_context(system_u:object_r:virt_var_lib_t,s0)
++/var/lib/oz/isos(/.*)?				gen_context(system_u:object_r:virt_content_t,s0)
 diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
 index 7c5d8d8..b961fd7 100644
 --- a/policy/modules/services/virt.if
@@ -48292,10 +49770,10 @@ index c26ecf5..b906c48 100644
  
 diff --git a/policy/modules/services/zarafa.fc b/policy/modules/services/zarafa.fc
 new file mode 100644
-index 0000000..56cb5af
+index 0000000..72059b2
 --- /dev/null
 +++ b/policy/modules/services/zarafa.fc
-@@ -0,0 +1,27 @@
+@@ -0,0 +1,29 @@
 +
 +/etc/zarafa(/.*)?			gen_context(system_u:object_r:zarafa_etc_t,s0)
 +
@@ -48311,6 +49789,8 @@ index 0000000..56cb5af
 +
 +/usr/bin/zarafa-monitor	--	gen_context(system_u:object_r:zarafa_monitor_exec_t,s0)
 +
++/var/lib/zarafa-.*   			gen_context(system_u:object_r:zarafa_var_lib_t,s0)
++
 +/var/log/zarafa/server\.log		--	gen_context(system_u:object_r:zarafa_server_log_t,s0)
 +/var/log/zarafa/spooler\.log	--	gen_context(system_u:object_r:zarafa_spooler_log_t,s0)
 +/var/log/zarafa/gateway\.log	--	gen_context(system_u:object_r:zarafa_gateway_log_t,s0)
@@ -48453,10 +49933,10 @@ index 0000000..8a909f5
 +')
 diff --git a/policy/modules/services/zarafa.te b/policy/modules/services/zarafa.te
 new file mode 100644
-index 0000000..6b80580
+index 0000000..fec9997
 --- /dev/null
 +++ b/policy/modules/services/zarafa.te
-@@ -0,0 +1,127 @@
+@@ -0,0 +1,141 @@
 +policy_module(zarafa, 1.0.0)
 +
 +########################################
@@ -48476,6 +49956,12 @@ index 0000000..6b80580
 +type zarafa_deliver_tmp_t;
 +files_tmp_file(zarafa_deliver_tmp_t)
 +
++type zarafa_server_tmp_t;
++files_tmp_file(zarafa_server_tmp_t)
++
++type zarafa_var_lib_t;
++files_tmp_file(zarafa_var_lib_t)
++
 +type zarafa_etc_t;
 +files_config_file(zarafa_etc_t)
 +
@@ -48500,7 +49986,15 @@ index 0000000..6b80580
 +#
 +
 +allow zarafa_server_t self:capability { chown kill net_bind_service };
-+allow zarafa_server_t self:process { setrlimit signal };
++allow zarafa_server_t self:process setrlimit;
++
++manage_dirs_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
++manage_files_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
++files_tmp_filetrans(zarafa_server_t, zarafa_server_tmp_t, { file dir })
++
++manage_dirs_pattern(zarafa_server_t, zarafa_var_lib_t, zarafa_var_lib_t)
++manage_files_pattern(zarafa_server_t, zarafa_var_lib_t, zarafa_var_lib_t)
++files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir })
 +
 +corenet_tcp_bind_zarafa_port(zarafa_server_t)
 +
@@ -48525,7 +50019,6 @@ index 0000000..6b80580
 +#
 +
 +allow zarafa_spooler_t self:capability { chown kill };
-+allow zarafa_spooler_t self:process signal;
 +
 +can_exec(zarafa_spooler_t, zarafa_spooler_exec_t)
 +
@@ -48537,7 +50030,7 @@ index 0000000..6b80580
 +#
 +
 +allow zarafa_gateway_t self:capability { chown kill };
-+allow zarafa_gateway_t self:process { setrlimit signal };
++allow zarafa_gateway_t self:process setrlimit;
 +
 +corenet_tcp_bind_pop_port(zarafa_gateway_t)
 +
@@ -48564,6 +50057,7 @@ index 0000000..6b80580
 +
 +# bad permission on /etc/zarafa
 +allow zarafa_domain self:capability { dac_override setgid setuid };
++allow zarafa_domain self:process signal;
 +allow zarafa_domain self:fifo_file rw_fifo_file_perms;
 +allow zarafa_domain self:tcp_socket create_stream_socket_perms;
 +allow zarafa_domain self:unix_stream_socket create_stream_socket_perms;
@@ -50544,7 +52038,7 @@ index cc83689..e83c909 100644
 +')
 +
 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index ea29513..0bdb8d8 100644
+index ea29513..44cd32f 100644
 --- a/policy/modules/system/init.te
 +++ b/policy/modules/system/init.te
 @@ -16,6 +16,34 @@ gen_require(`
@@ -51058,8 +52552,14 @@ index ea29513..0bdb8d8 100644
  	# wants to read /.fonts directory
  	files_read_default_files(initrc_t)
  	files_mountpoint(initrc_tmp_t)
-@@ -524,6 +727,23 @@ ifdef(`distro_redhat',`
+@@ -522,8 +725,29 @@ ifdef(`distro_redhat',`
+ 	')
+ 
  	optional_policy(`
++        abrt_manage_pid_files(initrc_t)
++    ')
++
++	optional_policy(`
  		bind_manage_config_dirs(initrc_t)
  		bind_write_config(initrc_t)
 +		bind_setattr_zone_dirs(initrc_t)
@@ -51082,7 +52582,7 @@ index ea29513..0bdb8d8 100644
  	')
  
  	optional_policy(`
-@@ -531,10 +751,17 @@ ifdef(`distro_redhat',`
+@@ -531,10 +755,17 @@ ifdef(`distro_redhat',`
  		rpc_write_exports(initrc_t)
  		rpc_manage_nfs_state_data(initrc_t)
  	')
@@ -51100,7 +52600,7 @@ index ea29513..0bdb8d8 100644
  	')
  
  	optional_policy(`
-@@ -549,6 +776,39 @@ ifdef(`distro_suse',`
+@@ -549,6 +780,39 @@ ifdef(`distro_suse',`
  	')
  ')
  
@@ -51140,7 +52640,7 @@ index ea29513..0bdb8d8 100644
  optional_policy(`
  	amavis_search_lib(initrc_t)
  	amavis_setattr_pid_files(initrc_t)
-@@ -561,6 +821,8 @@ optional_policy(`
+@@ -561,6 +825,8 @@ optional_policy(`
  optional_policy(`
  	apache_read_config(initrc_t)
  	apache_list_modules(initrc_t)
@@ -51149,7 +52649,7 @@ index ea29513..0bdb8d8 100644
  ')
  
  optional_policy(`
-@@ -577,6 +839,7 @@ optional_policy(`
+@@ -577,6 +843,7 @@ optional_policy(`
  
  optional_policy(`
  	cgroup_stream_connect_cgred(initrc_t)
@@ -51157,7 +52657,7 @@ index ea29513..0bdb8d8 100644
  ')
  
  optional_policy(`
-@@ -589,6 +852,11 @@ optional_policy(`
+@@ -589,6 +856,11 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51169,7 +52669,7 @@ index ea29513..0bdb8d8 100644
  	dev_getattr_printer_dev(initrc_t)
  
  	cups_read_log(initrc_t)
-@@ -605,9 +873,13 @@ optional_policy(`
+@@ -605,9 +877,13 @@ optional_policy(`
  	dbus_connect_system_bus(initrc_t)
  	dbus_system_bus_client(initrc_t)
  	dbus_read_config(initrc_t)
@@ -51183,7 +52683,7 @@ index ea29513..0bdb8d8 100644
  	')
  
  	optional_policy(`
-@@ -649,6 +921,11 @@ optional_policy(`
+@@ -649,6 +925,11 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51195,7 +52695,7 @@ index ea29513..0bdb8d8 100644
  	inn_exec_config(initrc_t)
  ')
  
-@@ -706,7 +983,13 @@ optional_policy(`
+@@ -706,7 +987,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51209,7 +52709,7 @@ index ea29513..0bdb8d8 100644
  	mta_dontaudit_read_spool_symlinks(initrc_t)
  ')
  
-@@ -729,6 +1012,10 @@ optional_policy(`
+@@ -729,6 +1016,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51220,7 +52720,7 @@ index ea29513..0bdb8d8 100644
  	postgresql_manage_db(initrc_t)
  	postgresql_read_config(initrc_t)
  ')
-@@ -738,10 +1025,20 @@ optional_policy(`
+@@ -738,10 +1029,20 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51241,7 +52741,7 @@ index ea29513..0bdb8d8 100644
  	quota_manage_flags(initrc_t)
  ')
  
-@@ -750,6 +1047,10 @@ optional_policy(`
+@@ -750,6 +1051,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51252,7 +52752,7 @@ index ea29513..0bdb8d8 100644
  	fs_write_ramfs_sockets(initrc_t)
  	fs_search_ramfs(initrc_t)
  
-@@ -771,8 +1072,6 @@ optional_policy(`
+@@ -771,8 +1076,6 @@ optional_policy(`
  	# bash tries ioctl for some reason
  	files_dontaudit_ioctl_all_pids(initrc_t)
  
@@ -51261,7 +52761,7 @@ index ea29513..0bdb8d8 100644
  ')
  
  optional_policy(`
-@@ -781,14 +1080,21 @@ optional_policy(`
+@@ -781,14 +1084,21 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51283,7 +52783,7 @@ index ea29513..0bdb8d8 100644
  
  optional_policy(`
  	ssh_dontaudit_read_server_keys(initrc_t)
-@@ -800,7 +1106,6 @@ optional_policy(`
+@@ -800,7 +1110,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51291,7 +52791,7 @@ index ea29513..0bdb8d8 100644
  	udev_manage_pid_files(initrc_t)
  	udev_manage_rules_files(initrc_t)
  ')
-@@ -810,11 +1115,19 @@ optional_policy(`
+@@ -810,11 +1119,19 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -51312,7 +52812,7 @@ index ea29513..0bdb8d8 100644
  
  	ifdef(`distro_redhat',`
  		# system-config-services causes avc messages that should be dontaudited
-@@ -824,6 +1137,25 @@ optional_policy(`
+@@ -824,6 +1141,25 @@ optional_policy(`
  	optional_policy(`
  		mono_domtrans(initrc_t)
  	')
@@ -51338,7 +52838,7 @@ index ea29513..0bdb8d8 100644
  ')
  
  optional_policy(`
-@@ -849,3 +1181,42 @@ optional_policy(`
+@@ -849,3 +1185,42 @@ optional_policy(`
  optional_policy(`
  	zebra_read_config(initrc_t)
  ')
@@ -52956,7 +54456,7 @@ index c7cfb62..ee89659 100644
  	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
  	domain_system_change_exemption($1)
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 9b5a9ed..f610462 100644
+index 9b5a9ed..a3a66a2 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
 @@ -19,6 +19,11 @@ type auditd_log_t;
@@ -53115,7 +54615,7 @@ index 9b5a9ed..f610462 100644
  # manage pid file
  manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
  files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
-@@ -412,6 +455,9 @@ corenet_sendrecv_mysqld_client_packets(syslogd_t)
+@@ -412,7 +455,11 @@ corenet_sendrecv_mysqld_client_packets(syslogd_t)
  
  dev_filetrans(syslogd_t, devlog_t, sock_file)
  dev_read_sysfs(syslogd_t)
@@ -53123,9 +54623,11 @@ index 9b5a9ed..f610462 100644
 +# relating to systemd-kmsg-syslogd
 +dev_write_kmsg(syslogd_t)
  
++domain_read_all_domains_state(syslogd_t)
  domain_use_interactive_fds(syslogd_t)
  
-@@ -432,6 +478,7 @@ term_write_console(syslogd_t)
+ files_read_etc_files(syslogd_t)
+@@ -432,6 +479,7 @@ term_write_console(syslogd_t)
  # Allow syslog to a terminal
  term_write_unallocated_ttys(syslogd_t)
  
@@ -53133,7 +54635,7 @@ index 9b5a9ed..f610462 100644
  # for sending messages to logged in users
  init_read_utmp(syslogd_t)
  init_dontaudit_write_utmp(syslogd_t)
-@@ -480,6 +527,10 @@ optional_policy(`
+@@ -480,6 +528,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -53144,7 +54646,7 @@ index 9b5a9ed..f610462 100644
  	postgresql_stream_connect(syslogd_t)
  ')
  
-@@ -488,6 +539,10 @@ optional_policy(`
+@@ -488,6 +540,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -55503,7 +57005,7 @@ index 694fd94..334e80e 100644
 +
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index ff80d0a..7f1a21c 100644
+index ff80d0a..ec91ad9 100644
 --- a/policy/modules/system/sysnetwork.if
 +++ b/policy/modules/system/sysnetwork.if
 @@ -60,6 +60,24 @@ interface(`sysnet_run_dhcpc',`
@@ -55620,6 +57122,15 @@ index ff80d0a..7f1a21c 100644
  ##	Read network config files.
  ## </summary>
  ## <desc>
+@@ -405,7 +498,7 @@ interface(`sysnet_etc_filetrans_config',`
+ 		type net_conf_t;
+ 	')
+ 
+-	files_etc_filetrans($1, net_conf_t, file)
++	files_etc_filetrans($1, net_conf_t, file, $2)
+ ')
+ 
+ #######################################
 @@ -426,6 +519,7 @@ interface(`sysnet_manage_config',`
  	allow $1 net_conf_t:file manage_file_perms;
  
@@ -57596,7 +59107,7 @@ index db75976..392d1ee 100644
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 +HOME_DIR/\.debug(/.*)?	<<none>>
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 28b88de..791d89f 100644
+index 28b88de..5ea0ea4 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
 @@ -30,8 +30,9 @@ template(`userdom_base_user_template',`
@@ -57761,7 +59272,7 @@ index 28b88de..791d89f 100644
  
  	tunable_policy(`allow_execmem',`
  		# Allow loading DSOs that require executable stack.
-@@ -116,6 +149,17 @@ template(`userdom_base_user_template',`
+@@ -116,6 +149,16 @@ template(`userdom_base_user_template',`
  		# Allow making the stack executable via mprotect.
  		allow $1_t self:process execstack;
  	')
@@ -57770,7 +59281,6 @@ index 28b88de..791d89f 100644
 +		fs_list_cgroup_dirs($1_usertype)
 +	')
 +	
-+
 +	optional_policy(`
 +		ssh_rw_stream_sockets($1_usertype)
 +		ssh_delete_tmp($1_t)
@@ -57779,7 +59289,7 @@ index 28b88de..791d89f 100644
  ')
  
  #######################################
-@@ -149,6 +193,8 @@ interface(`userdom_ro_home_role',`
+@@ -149,6 +192,8 @@ interface(`userdom_ro_home_role',`
  		type user_home_t, user_home_dir_t;
  	')
  
@@ -57788,7 +59298,7 @@ index 28b88de..791d89f 100644
  	##############################
  	#
  	# Domain access to home dir
-@@ -166,27 +212,6 @@ interface(`userdom_ro_home_role',`
+@@ -166,27 +211,6 @@ interface(`userdom_ro_home_role',`
  	read_sock_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
  	files_list_home($2)
  
@@ -57816,7 +59326,7 @@ index 28b88de..791d89f 100644
  ')
  
  #######################################
-@@ -218,8 +243,11 @@ interface(`userdom_ro_home_role',`
+@@ -218,8 +242,11 @@ interface(`userdom_ro_home_role',`
  interface(`userdom_manage_home_role',`
  	gen_require(`
  		type user_home_t, user_home_dir_t;
@@ -57828,7 +59338,7 @@ index 28b88de..791d89f 100644
  	##############################
  	#
  	# Domain access to home dir
-@@ -228,17 +256,21 @@ interface(`userdom_manage_home_role',`
+@@ -228,17 +255,21 @@ interface(`userdom_manage_home_role',`
  	type_member $2 user_home_dir_t:dir user_home_dir_t;
  
  	# full control of the home directory
@@ -57860,7 +59370,7 @@ index 28b88de..791d89f 100644
  	filetrans_pattern($2, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file })
  	files_list_home($2)
  
-@@ -246,25 +278,23 @@ interface(`userdom_manage_home_role',`
+@@ -246,25 +277,23 @@ interface(`userdom_manage_home_role',`
  	allow $2 user_home_dir_t:dir { manage_dir_perms relabel_dir_perms };
  
  	tunable_policy(`use_nfs_home_dirs',`
@@ -57890,7 +59400,7 @@ index 28b88de..791d89f 100644
  	')
  ')
  
-@@ -289,6 +319,8 @@ interface(`userdom_manage_tmp_role',`
+@@ -289,6 +318,8 @@ interface(`userdom_manage_tmp_role',`
  		type user_tmp_t;
  	')
  
@@ -57899,7 +59409,7 @@ index 28b88de..791d89f 100644
  	files_poly_member_tmp($2, user_tmp_t)
  
  	manage_dirs_pattern($2, user_tmp_t, user_tmp_t)
-@@ -297,6 +329,45 @@ interface(`userdom_manage_tmp_role',`
+@@ -297,6 +328,45 @@ interface(`userdom_manage_tmp_role',`
  	manage_sock_files_pattern($2, user_tmp_t, user_tmp_t)
  	manage_fifo_files_pattern($2, user_tmp_t, user_tmp_t)
  	files_tmp_filetrans($2, user_tmp_t, { dir file lnk_file sock_file fifo_file })
@@ -57945,7 +59455,7 @@ index 28b88de..791d89f 100644
  ')
  
  #######################################
-@@ -316,6 +387,7 @@ interface(`userdom_exec_user_tmp_files',`
+@@ -316,6 +386,7 @@ interface(`userdom_exec_user_tmp_files',`
  	')
  
  	exec_files_pattern($1, user_tmp_t, user_tmp_t)
@@ -57953,7 +59463,7 @@ index 28b88de..791d89f 100644
  	files_search_tmp($1)
  ')
  
-@@ -350,6 +422,8 @@ interface(`userdom_manage_tmpfs_role',`
+@@ -350,6 +421,8 @@ interface(`userdom_manage_tmpfs_role',`
  		type user_tmpfs_t;
  	')
  
@@ -57962,7 +59472,7 @@ index 28b88de..791d89f 100644
  	manage_dirs_pattern($2, user_tmpfs_t, user_tmpfs_t)
  	manage_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
  	manage_lnk_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
-@@ -360,46 +434,41 @@ interface(`userdom_manage_tmpfs_role',`
+@@ -360,46 +433,41 @@ interface(`userdom_manage_tmpfs_role',`
  
  #######################################
  ## <summary>
@@ -58031,7 +59541,7 @@ index 28b88de..791d89f 100644
  ')
  
  #######################################
-@@ -430,6 +499,7 @@ template(`userdom_xwindows_client_template',`
+@@ -430,6 +498,7 @@ template(`userdom_xwindows_client_template',`
  	dev_dontaudit_rw_dri($1_t)
  	# GNOME checks for usb and other devices:
  	dev_rw_usbfs($1_t)
@@ -58039,7 +59549,7 @@ index 28b88de..791d89f 100644
  
  	xserver_user_x_domain_template($1, $1_t, user_tmpfs_t)
  	xserver_xsession_entry_type($1_t)
-@@ -490,7 +560,7 @@ template(`userdom_common_user_template',`
+@@ -490,7 +559,7 @@ template(`userdom_common_user_template',`
  		attribute unpriv_userdomain;
  	')
  
@@ -58048,7 +59558,7 @@ index 28b88de..791d89f 100644
  
  	##############################
  	#
-@@ -500,73 +570,81 @@ template(`userdom_common_user_template',`
+@@ -500,73 +569,81 @@ template(`userdom_common_user_template',`
  	# evolution and gnome-session try to create a netlink socket
  	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
  	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
@@ -58070,27 +59580,27 @@ index 28b88de..791d89f 100644
 +	kernel_get_sysvipc_info($1_usertype)
  	# Find CDROM devices:
 -	kernel_read_device_sysctls($1_t)
+-
+-	corecmd_exec_bin($1_t)
 +	kernel_read_device_sysctls($1_usertype)
 +	kernel_request_load_module($1_usertype)
  
--	corecmd_exec_bin($1_t)
+-	corenet_udp_bind_generic_node($1_t)
+-	corenet_udp_bind_generic_port($1_t)
 +	corenet_udp_bind_generic_node($1_usertype)
 +	corenet_udp_bind_generic_port($1_usertype)
  
--	corenet_udp_bind_generic_node($1_t)
--	corenet_udp_bind_generic_port($1_t)
+-	dev_read_rand($1_t)
+-	dev_write_sound($1_t)
+-	dev_read_sound($1_t)
+-	dev_read_sound_mixer($1_t)
+-	dev_write_sound_mixer($1_t)
 +	dev_read_rand($1_usertype)
 +	dev_write_sound($1_usertype)
 +	dev_read_sound($1_usertype)
 +	dev_read_sound_mixer($1_usertype)
 +	dev_write_sound_mixer($1_usertype)
  
--	dev_read_rand($1_t)
--	dev_write_sound($1_t)
--	dev_read_sound($1_t)
--	dev_read_sound_mixer($1_t)
--	dev_write_sound_mixer($1_t)
--
 -	files_exec_etc_files($1_t)
 -	files_search_locks($1_t)
 +	files_exec_etc_files($1_usertype)
@@ -58114,10 +59624,10 @@ index 28b88de..791d89f 100644
 +	fs_read_noxattr_fs_files($1_usertype)
 +	fs_read_noxattr_fs_symlinks($1_usertype)
 +	fs_rw_cgroup_files($1_usertype)
-+
-+	application_getattr_socket($1_usertype)
  
 -	fs_rw_cgroup_files($1_t)
++	application_getattr_socket($1_usertype)
++
 +	logging_send_syslog_msg($1_usertype)
 +	logging_send_audit_msgs($1_usertype)
 +	selinux_get_enforce_mode($1_usertype)
@@ -58169,7 +59679,7 @@ index 28b88de..791d89f 100644
  	')
  
  	tunable_policy(`user_ttyfile_stat',`
-@@ -574,67 +652,122 @@ template(`userdom_common_user_template',`
+@@ -574,67 +651,122 @@ template(`userdom_common_user_template',`
  	')
  
  	optional_policy(`
@@ -58183,23 +59693,23 @@ index 28b88de..791d89f 100644
  		# Allow graphical boot to check battery lifespan
 -		apm_stream_connect($1_t)
 +		apm_stream_connect($1_usertype)
++	')
++
++	optional_policy(`
++		canna_stream_connect($1_usertype)
++	')
++
++	optional_policy(`
++		chrome_role($1_r, $1_usertype)
  	')
  
  	optional_policy(`
 -		canna_stream_connect($1_t)
-+		canna_stream_connect($1_usertype)
++		colord_read_lib_files($1_usertype)
  	')
  
  	optional_policy(`
 -		dbus_system_bus_client($1_t)
-+		chrome_role($1_r, $1_usertype)
-+	')
-+
-+	optional_policy(`
-+		colord_read_lib_files($1_usertype)
-+	')
-+
-+	optional_policy(`
 +		dbus_system_bus_client($1_usertype)
 +
 +		allow $1_usertype $1_usertype:dbus  send_msg;
@@ -58215,49 +59725,49 @@ index 28b88de..791d89f 100644
 +		optional_policy(`
 +			bluetooth_dbus_chat($1_usertype)
 +		')
++
++		optional_policy(`
++			consolekit_dbus_chat($1_usertype)
++			consolekit_read_log($1_usertype)
++		')
++
++		optional_policy(`
++			devicekit_dbus_chat($1_usertype)
++			devicekit_dbus_chat_power($1_usertype)
++			devicekit_dbus_chat_disk($1_usertype)
++		')
++
++		optional_policy(`
++			evolution_dbus_chat($1_usertype)
++			evolution_alarm_dbus_chat($1_usertype)
++		')
  
  		optional_policy(`
 -			bluetooth_dbus_chat($1_t)
-+			consolekit_dbus_chat($1_usertype)
-+			consolekit_read_log($1_usertype)
++			gnome_dbus_chat_gconfdefault($1_usertype)
  		')
  
  		optional_policy(`
 -			evolution_dbus_chat($1_t)
 -			evolution_alarm_dbus_chat($1_t)
-+			devicekit_dbus_chat($1_usertype)
-+			devicekit_dbus_chat_power($1_usertype)
-+			devicekit_dbus_chat_disk($1_usertype)
++			hal_dbus_chat($1_usertype)
  		')
  
  		optional_policy(`
 -			cups_dbus_chat_config($1_t)
-+			evolution_dbus_chat($1_usertype)
-+			evolution_alarm_dbus_chat($1_usertype)
++			kde_dbus_chat_backlighthelper($1_usertype)
  		')
  
  		optional_policy(`
 -			hal_dbus_chat($1_t)
-+			gnome_dbus_chat_gconfdefault($1_usertype)
++			modemmanager_dbus_chat($1_usertype)
  		')
  
  		optional_policy(`
 -			networkmanager_dbus_chat($1_t)
-+			hal_dbus_chat($1_usertype)
- 		')
-+
-+		optional_policy(`
-+			kde_dbus_chat_backlighthelper($1_usertype)
-+		')
-+
-+		optional_policy(`
-+			modemmanager_dbus_chat($1_usertype)
-+		')
-+
-+		optional_policy(`
 +			networkmanager_dbus_chat($1_usertype)
 +			networkmanager_read_lib_files($1_usertype)
-+		')
+ 		')
 +
 +		optional_policy(`
 +			vpn_dbus_chat($1_usertype)
@@ -58310,7 +59820,7 @@ index 28b88de..791d89f 100644
  	')
  
  	optional_policy(`
-@@ -650,41 +783,50 @@ template(`userdom_common_user_template',`
+@@ -650,41 +782,50 @@ template(`userdom_common_user_template',`
  
  	optional_policy(`
  		# to allow monitoring of pcmcia status
@@ -58342,51 +59852,53 @@ index 28b88de..791d89f 100644
 +	optional_policy(`
 +		rpc_dontaudit_getattr_exports($1_usertype)
 +		rpc_manage_nfs_rw_content($1_usertype)
++	')
++
++	optional_policy(`
++		rpcbind_stream_connect($1_usertype)
  	')
  
  	optional_policy(`
 -		rpc_dontaudit_getattr_exports($1_t)
 -		rpc_manage_nfs_rw_content($1_t)
-+		rpcbind_stream_connect($1_usertype)
++		samba_stream_connect_winbind($1_usertype)
  	')
  
  	optional_policy(`
 -		samba_stream_connect_winbind($1_t)
-+		samba_stream_connect_winbind($1_usertype)
++		sandbox_transition($1_usertype, $1_r)
  	')
  
  	optional_policy(`
 -		slrnpull_search_spool($1_t)
-+		sandbox_transition($1_usertype, $1_r)
++		seunshare_role_template($1, $1_r, $1_t)
  	')
  
  	optional_policy(`
 -		usernetctl_run($1_t,$1_r)
-+		seunshare_role_template($1, $1_r, $1_t)
- 	')
-+
-+	optional_policy(`
 +		slrnpull_search_spool($1_usertype)
-+	')
+ 	')
 +
  ')
  
  #######################################
-@@ -712,13 +854,26 @@ template(`userdom_login_user_template', `
+@@ -712,13 +853,26 @@ template(`userdom_login_user_template', `
  
  	userdom_base_user_template($1)
  
 -	userdom_manage_home_role($1_r, $1_t)
 +	userdom_manage_home_role($1_r, $1_usertype)
++
++	userdom_manage_tmp_role($1_r, $1_usertype)
++	userdom_manage_tmpfs_role($1_r, $1_usertype)
  
 -	userdom_manage_tmp_role($1_r, $1_t)
 -	userdom_manage_tmpfs_role($1_r, $1_t)
-+	userdom_manage_tmp_role($1_r, $1_usertype)
-+	userdom_manage_tmpfs_role($1_r, $1_usertype)
-+
 +	ifelse(`$1',`unconfined',`',`
 +		gen_tunable(allow_$1_exec_content, true)
-+
+ 
+-	userdom_exec_user_tmp_files($1_t)
+-	userdom_exec_user_home_content_files($1_t)
 +		tunable_policy(`allow_$1_exec_content',`
 +			userdom_exec_user_tmp_files($1_usertype)
 +			userdom_exec_user_home_content_files($1_usertype)
@@ -58394,9 +59906,7 @@ index 28b88de..791d89f 100644
 +		tunable_policy(`allow_$1_exec_content && use_nfs_home_dirs',`
 +                        fs_exec_nfs_files($1_usertype)
 +		')
- 
--	userdom_exec_user_tmp_files($1_t)
--	userdom_exec_user_home_content_files($1_t)
++
 +		tunable_policy(`allow_$1_exec_content && use_samba_home_dirs',`
 +			fs_exec_cifs_files($1_usertype)
 +		')
@@ -58404,7 +59914,7 @@ index 28b88de..791d89f 100644
  
  	userdom_change_password_template($1)
  
-@@ -736,72 +891,70 @@ template(`userdom_login_user_template', `
+@@ -736,72 +890,70 @@ template(`userdom_login_user_template', `
  
  	allow $1_t self:context contains;
  
@@ -58471,10 +59981,10 @@ index 28b88de..791d89f 100644
 -	miscfiles_exec_tetex_data($1_t)
 +	miscfiles_read_tetex_data($1_usertype)
 +	miscfiles_exec_tetex_data($1_usertype)
++
++	seutil_read_config($1_usertype)
  
 -	seutil_read_config($1_t)
-+	seutil_read_config($1_usertype)
-+
 +	optional_policy(`
 +		cups_read_config($1_usertype)
 +		cups_stream_connect($1_usertype)
@@ -58512,7 +60022,7 @@ index 28b88de..791d89f 100644
  	')
  ')
  
-@@ -833,6 +986,9 @@ template(`userdom_restricted_user_template',`
+@@ -833,6 +985,9 @@ template(`userdom_restricted_user_template',`
  	typeattribute $1_t unpriv_userdomain;
  	domain_interactive_fd($1_t)
  
@@ -58522,7 +60032,7 @@ index 28b88de..791d89f 100644
  	##############################
  	#
  	# Local policy
-@@ -874,45 +1030,113 @@ template(`userdom_restricted_xwindows_user_template',`
+@@ -874,45 +1029,113 @@ template(`userdom_restricted_xwindows_user_template',`
  	#
  
  	auth_role($1_r, $1_t)
@@ -58593,40 +60103,40 @@ index 28b88de..791d89f 100644
 +			abrt_dbus_chat($1_usertype)
 +			abrt_run_helper($1_usertype, $1_r)
 +		')
- 
- 		optional_policy(`
--			consolekit_dbus_chat($1_t)
++
++		optional_policy(`
 +			consolekit_dontaudit_read_log($1_usertype)
 +			consolekit_dbus_chat($1_usertype)
- 		')
- 
- 		optional_policy(`
--			cups_dbus_chat($1_t)
-+			cups_dbus_chat($1_usertype)
-+			cups_dbus_chat_config($1_usertype)
- 		')
++		')
 +
 +		optional_policy(`
++			cups_dbus_chat($1_usertype)
++			cups_dbus_chat_config($1_usertype)
++		')
+ 
+ 		optional_policy(`
+-			consolekit_dbus_chat($1_t)
 +			devicekit_dbus_chat($1_usertype)
 +			devicekit_dbus_chat_disk($1_usertype)
 +			devicekit_dbus_chat_power($1_usertype)
-+		')
-+
-+		optional_policy(`
+ 		')
+ 
+ 		optional_policy(`
+-			cups_dbus_chat($1_t)
 +			fprintd_dbus_chat($1_t)
-+		')
+ 		')
+ 	')
+ 
+ 	optional_policy(`
+-		java_role($1_r, $1_t)
++		openoffice_role_template($1, $1_r, $1_usertype)
 +	')
 +
 +	optional_policy(`
-+		openoffice_role_template($1, $1_r, $1_usertype)
++		policykit_role($1_r, $1_usertype)
 +	')
 +
 +	optional_policy(`
-+		policykit_role($1_r, $1_usertype)
- 	')
- 
- 	optional_policy(`
--		java_role($1_r, $1_t)
 +		pulseaudio_role($1_r, $1_usertype)
 +	')
 +
@@ -58647,7 +60157,7 @@ index 28b88de..791d89f 100644
  	')
  ')
  
-@@ -947,7 +1171,7 @@ template(`userdom_unpriv_user_template', `
+@@ -947,7 +1170,7 @@ template(`userdom_unpriv_user_template', `
  	#
  
  	# Inherit rules for ordinary users.
@@ -58656,7 +60166,7 @@ index 28b88de..791d89f 100644
  	userdom_common_user_template($1)
  
  	##############################
-@@ -956,54 +1180,83 @@ template(`userdom_unpriv_user_template', `
+@@ -956,54 +1179,83 @@ template(`userdom_unpriv_user_template', `
  	#
  
  	# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -58726,16 +60236,13 @@ index 28b88de..791d89f 100644
 +
 +	optional_policy(`
 +		gpg_role($1_r, $1_usertype)
- 	')
- 
--	# Run pppd in pppd_t by default for user
- 	optional_policy(`
--		ppp_run_cond($1_t,$1_r)
++	')
++
++	optional_policy(`
 +		gnomeclock_dbus_chat($1_t)
- 	')
- 
- 	optional_policy(`
--		setroubleshoot_stream_connect($1_t)
++	')
++
++	optional_policy(`
 +		gpm_stream_connect($1_usertype)
 +	')
 +
@@ -58758,19 +60265,22 @@ index 28b88de..791d89f 100644
 +
 +	optional_policy(`
 +		wine_role_template($1, $1_r, $1_t)
-+	')
-+
-+	optional_policy(`
+ 	')
+ 
+-	# Run pppd in pppd_t by default for user
+ 	optional_policy(`
+-		ppp_run_cond($1_t,$1_r)
 +		postfix_run_postdrop($1_t, $1_r)
-+	')
-+
+ 	')
+ 
 +	# Run pppd in pppd_t by default for user
-+	optional_policy(`
+ 	optional_policy(`
+-		setroubleshoot_stream_connect($1_t)
 +		ppp_run_cond($1_t, $1_r)
  	')
  ')
  
-@@ -1039,7 +1292,7 @@ template(`userdom_unpriv_user_template', `
+@@ -1039,7 +1291,7 @@ template(`userdom_unpriv_user_template', `
  template(`userdom_admin_user_template',`
  	gen_require(`
  		attribute admindomain;
@@ -58779,7 +60289,7 @@ index 28b88de..791d89f 100644
  	')
  
  	##############################
-@@ -1066,6 +1319,7 @@ template(`userdom_admin_user_template',`
+@@ -1066,6 +1318,7 @@ template(`userdom_admin_user_template',`
  	#
  
  	allow $1_t self:capability ~{ sys_module audit_control audit_write };
@@ -58787,7 +60297,7 @@ index 28b88de..791d89f 100644
  	allow $1_t self:process { setexec setfscreate };
  	allow $1_t self:netlink_audit_socket nlmsg_readpriv;
  	allow $1_t self:tun_socket create;
-@@ -1074,6 +1328,9 @@ template(`userdom_admin_user_template',`
+@@ -1074,6 +1327,9 @@ template(`userdom_admin_user_template',`
  	# Skip authentication when pam_rootok is specified.
  	allow $1_t self:passwd rootok;
  
@@ -58797,7 +60307,7 @@ index 28b88de..791d89f 100644
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
  	kernel_getattr_message_if($1_t)
-@@ -1088,6 +1345,7 @@ template(`userdom_admin_user_template',`
+@@ -1088,6 +1344,7 @@ template(`userdom_admin_user_template',`
  	kernel_sigstop_unlabeled($1_t)
  	kernel_signull_unlabeled($1_t)
  	kernel_sigchld_unlabeled($1_t)
@@ -58805,7 +60315,7 @@ index 28b88de..791d89f 100644
  
  	corenet_tcp_bind_generic_port($1_t)
  	# allow setting up tunnels
-@@ -1105,10 +1363,13 @@ template(`userdom_admin_user_template',`
+@@ -1105,10 +1362,13 @@ template(`userdom_admin_user_template',`
  	dev_rename_all_blk_files($1_t)
  	dev_rename_all_chr_files($1_t)
  	dev_create_generic_symlinks($1_t)
@@ -58819,7 +60329,7 @@ index 28b88de..791d89f 100644
  	domain_dontaudit_ptrace_all_domains($1_t)
  	# signal all domains:
  	domain_kill_all_domains($1_t)
-@@ -1119,17 +1380,21 @@ template(`userdom_admin_user_template',`
+@@ -1119,17 +1379,21 @@ template(`userdom_admin_user_template',`
  	domain_sigchld_all_domains($1_t)
  	# for lsof
  	domain_getattr_all_sockets($1_t)
@@ -58842,7 +60352,7 @@ index 28b88de..791d89f 100644
  
  	auth_getattr_shadow($1_t)
  	# Manage almost all files
-@@ -1141,7 +1406,10 @@ template(`userdom_admin_user_template',`
+@@ -1141,7 +1405,10 @@ template(`userdom_admin_user_template',`
  
  	logging_send_syslog_msg($1_t)
  
@@ -58854,7 +60364,7 @@ index 28b88de..791d89f 100644
  
  	# The following rule is temporary until such time that a complete
  	# policy management infrastructure is in place so that an administrator
-@@ -1210,6 +1478,8 @@ template(`userdom_security_admin_template',`
+@@ -1210,6 +1477,8 @@ template(`userdom_security_admin_template',`
  	dev_relabel_all_dev_nodes($1)
  
  	files_create_boot_flag($1)
@@ -58863,7 +60373,7 @@ index 28b88de..791d89f 100644
  
  	# Necessary for managing /boot/efi
  	fs_manage_dos_files($1)
-@@ -1222,6 +1492,7 @@ template(`userdom_security_admin_template',`
+@@ -1222,6 +1491,7 @@ template(`userdom_security_admin_template',`
  	selinux_set_enforce_mode($1)
  	selinux_set_all_booleans($1)
  	selinux_set_parameters($1)
@@ -58871,7 +60381,7 @@ index 28b88de..791d89f 100644
  
  	auth_relabel_all_files_except_shadow($1)
  	auth_relabel_shadow($1)
-@@ -1237,6 +1508,7 @@ template(`userdom_security_admin_template',`
+@@ -1237,6 +1507,7 @@ template(`userdom_security_admin_template',`
  	seutil_run_checkpolicy($1,$2)
  	seutil_run_loadpolicy($1,$2)
  	seutil_run_semanage($1,$2)
@@ -58879,7 +60389,7 @@ index 28b88de..791d89f 100644
  	seutil_run_setfiles($1, $2)
  
  	optional_policy(`
-@@ -1279,11 +1551,37 @@ template(`userdom_security_admin_template',`
+@@ -1279,11 +1550,37 @@ template(`userdom_security_admin_template',`
  interface(`userdom_user_home_content',`
  	gen_require(`
  		type user_home_t;
@@ -58917,7 +60427,7 @@ index 28b88de..791d89f 100644
  	ubac_constrained($1)
  ')
  
-@@ -1395,6 +1693,7 @@ interface(`userdom_search_user_home_dirs',`
+@@ -1395,6 +1692,7 @@ interface(`userdom_search_user_home_dirs',`
  	')
  
  	allow $1 user_home_dir_t:dir search_dir_perms;
@@ -58925,7 +60435,7 @@ index 28b88de..791d89f 100644
  	files_search_home($1)
  ')
  
-@@ -1441,6 +1740,14 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1441,6 +1739,14 @@ interface(`userdom_list_user_home_dirs',`
  
  	allow $1 user_home_dir_t:dir list_dir_perms;
  	files_search_home($1)
@@ -58940,7 +60450,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -1456,9 +1763,11 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1456,9 +1762,11 @@ interface(`userdom_list_user_home_dirs',`
  interface(`userdom_dontaudit_list_user_home_dirs',`
  	gen_require(`
  		type user_home_dir_t;
@@ -58952,7 +60462,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -1515,10 +1824,10 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1515,10 +1823,10 @@ interface(`userdom_relabelto_user_home_dirs',`
  	allow $1 user_home_dir_t:dir relabelto;
  ')
  
@@ -58965,7 +60475,7 @@ index 28b88de..791d89f 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -1526,21 +1835,57 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1526,22 +1834,58 @@ interface(`userdom_relabelto_user_home_dirs',`
  ##	</summary>
  ## </param>
  #
@@ -58988,6 +60498,7 @@ index 28b88de..791d89f 100644
 +##	Relabel user home files.
  ## </summary>
 -## <desc>
+-##	<p>
 +## <param name="domain">
 +##	<summary>
 +##	Domain allowed access.
@@ -59028,10 +60539,11 @@ index 28b88de..791d89f 100644
 +##	user home directory.
 +## </summary>
 +## <desc>
- ##	<p>
++##	<p>
  ##	Do a domain transition to the specified
  ##	domain when executing a program in the
-@@ -1589,6 +1934,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
+ ##	user home directory.
+@@ -1589,6 +1933,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
  	')
  
  	dontaudit $1 user_home_t:dir search_dir_perms;
@@ -59040,7 +60552,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -1603,10 +1950,12 @@ interface(`userdom_dontaudit_search_user_home_content',`
+@@ -1603,10 +1949,12 @@ interface(`userdom_dontaudit_search_user_home_content',`
  #
  interface(`userdom_list_user_home_content',`
  	gen_require(`
@@ -59055,7 +60567,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -1649,6 +1998,25 @@ interface(`userdom_delete_user_home_content_dirs',`
+@@ -1649,6 +1997,25 @@ interface(`userdom_delete_user_home_content_dirs',`
  
  ########################################
  ## <summary>
@@ -59081,7 +60593,7 @@ index 28b88de..791d89f 100644
  ##	Do not audit attempts to set the
  ##	attributes of user home files.
  ## </summary>
-@@ -1700,12 +2068,32 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1700,12 +2067,32 @@ interface(`userdom_read_user_home_content_files',`
  		type user_home_dir_t, user_home_t;
  	')
  
@@ -59114,7 +60626,7 @@ index 28b88de..791d89f 100644
  ##	Do not audit attempts to read user home files.
  ## </summary>
  ## <param name="domain">
-@@ -1716,11 +2104,14 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1716,11 +2103,14 @@ interface(`userdom_read_user_home_content_files',`
  #
  interface(`userdom_dontaudit_read_user_home_content_files',`
  	gen_require(`
@@ -59132,7 +60644,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -1779,6 +2170,24 @@ interface(`userdom_delete_user_home_content_files',`
+@@ -1779,6 +2169,24 @@ interface(`userdom_delete_user_home_content_files',`
  
  ########################################
  ## <summary>
@@ -59157,7 +60669,7 @@ index 28b88de..791d89f 100644
  ##	Do not audit attempts to write user home files.
  ## </summary>
  ## <param name="domain">
-@@ -1810,8 +2219,7 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -1810,8 +2218,7 @@ interface(`userdom_read_user_home_content_symlinks',`
  		type user_home_dir_t, user_home_t;
  	')
  
@@ -59167,7 +60679,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -1827,20 +2235,14 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -1827,21 +2234,15 @@ interface(`userdom_read_user_home_content_symlinks',`
  #
  interface(`userdom_exec_user_home_content_files',`
  	gen_require(`
@@ -59181,18 +60693,19 @@ index 28b88de..791d89f 100644
 -
 -	tunable_policy(`use_nfs_home_dirs',`
 -		fs_exec_nfs_files($1)
--	')
--
--	tunable_policy(`use_samba_home_dirs',`
--		fs_exec_cifs_files($1)
 +	exec_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
 +	dontaudit $1 user_home_type:sock_file execute;
  	')
--')
  
+-	tunable_policy(`use_samba_home_dirs',`
+-		fs_exec_cifs_files($1)
+-	')
+-')
+-
  ########################################
  ## <summary>
-@@ -2008,7 +2410,7 @@ interface(`userdom_user_home_dir_filetrans',`
+ ##	Do not audit attempts to execute user home files.
+@@ -2008,7 +2409,7 @@ interface(`userdom_user_home_dir_filetrans',`
  		type user_home_dir_t;
  	')
  
@@ -59201,7 +60714,7 @@ index 28b88de..791d89f 100644
  	files_search_home($1)
  ')
  
-@@ -2182,7 +2584,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
+@@ -2182,7 +2583,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
  		type user_tmp_t;
  	')
  
@@ -59210,7 +60723,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -2435,13 +2837,14 @@ interface(`userdom_read_user_tmpfs_files',`
+@@ -2435,13 +2836,14 @@ interface(`userdom_read_user_tmpfs_files',`
  	')
  
  	read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
@@ -59226,7 +60739,7 @@ index 28b88de..791d89f 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2462,26 +2865,6 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2462,26 +2864,6 @@ interface(`userdom_rw_user_tmpfs_files',`
  
  ########################################
  ## <summary>
@@ -59253,7 +60766,7 @@ index 28b88de..791d89f 100644
  ##	Get the attributes of a user domain tty.
  ## </summary>
  ## <param name="domain">
-@@ -2572,6 +2955,24 @@ interface(`userdom_use_user_ttys',`
+@@ -2572,6 +2954,24 @@ interface(`userdom_use_user_ttys',`
  
  ########################################
  ## <summary>
@@ -59278,7 +60791,7 @@ index 28b88de..791d89f 100644
  ##	Read and write a user domain pty.
  ## </summary>
  ## <param name="domain">
-@@ -2590,22 +2991,34 @@ interface(`userdom_use_user_ptys',`
+@@ -2590,22 +2990,34 @@ interface(`userdom_use_user_ptys',`
  
  ########################################
  ## <summary>
@@ -59321,7 +60834,7 @@ index 28b88de..791d89f 100644
  ## </desc>
  ## <param name="domain">
  ##	<summary>
-@@ -2614,14 +3027,33 @@ interface(`userdom_use_user_ptys',`
+@@ -2614,14 +3026,33 @@ interface(`userdom_use_user_ptys',`
  ## </param>
  ## <infoflow type="both" weight="10"/>
  #
@@ -59359,7 +60872,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -2815,7 +3247,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -2815,7 +3246,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
  
  	domain_entry_file_spec_domtrans($1, unpriv_userdomain)
  	allow unpriv_userdomain $1:fd use;
@@ -59368,7 +60881,7 @@ index 28b88de..791d89f 100644
  	allow unpriv_userdomain $1:process sigchld;
  ')
  
-@@ -2831,11 +3263,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -2831,11 +3262,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
  #
  interface(`userdom_search_user_home_content',`
  	gen_require(`
@@ -59384,7 +60897,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -2917,7 +3351,7 @@ interface(`userdom_dontaudit_use_user_ptys',`
+@@ -2917,7 +3350,7 @@ interface(`userdom_dontaudit_use_user_ptys',`
  		type user_devpts_t;
  	')
  
@@ -59393,7 +60906,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -2972,7 +3406,45 @@ interface(`userdom_write_user_tmp_files',`
+@@ -2972,7 +3405,45 @@ interface(`userdom_write_user_tmp_files',`
  		type user_tmp_t;
  	')
  
@@ -59440,7 +60953,7 @@ index 28b88de..791d89f 100644
  ')
  
  ########################################
-@@ -3009,6 +3481,7 @@ interface(`userdom_read_all_users_state',`
+@@ -3009,6 +3480,7 @@ interface(`userdom_read_all_users_state',`
  	')
  
  	read_files_pattern($1, userdomain, userdomain)
@@ -59448,7 +60961,7 @@ index 28b88de..791d89f 100644
  	kernel_search_proc($1)
  ')
  
-@@ -3087,6 +3560,24 @@ interface(`userdom_signal_all_users',`
+@@ -3087,6 +3559,24 @@ interface(`userdom_signal_all_users',`
  
  ########################################
  ## <summary>
@@ -59473,7 +60986,7 @@ index 28b88de..791d89f 100644
  ##	Send a SIGCHLD signal to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -3139,3 +3630,1058 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3139,3 +3629,1058 @@ interface(`userdom_dbus_send_all_users',`
  
  	allow $1 userdomain:dbus send_msg;
  ')
@@ -60533,7 +62046,7 @@ index 28b88de..791d89f 100644
 +')
 +
 diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
-index df29ca1..2a5c03d 100644
+index df29ca1..059cac0 100644
 --- a/policy/modules/system/userdomain.te
 +++ b/policy/modules/system/userdomain.te
 @@ -7,7 +7,7 @@ policy_module(userdomain, 4.5.0)
@@ -60586,7 +62099,7 @@ index df29ca1..2a5c03d 100644
  type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
  fs_associate_tmpfs(user_home_dir_t)
  files_type(user_home_dir_t)
-@@ -71,26 +98,54 @@ ubac_constrained(user_home_dir_t)
+@@ -71,26 +98,59 @@ ubac_constrained(user_home_dir_t)
  
  type user_home_t alias { staff_home_t sysadm_home_t secadm_home_t auditadm_home_t unconfined_home_t };
  typealias user_home_t alias { staff_untrusted_content_t sysadm_untrusted_content_t secadm_untrusted_content_t auditadm_untrusted_content_t unconfined_untrusted_content_t };
@@ -60643,6 +62156,11 @@ index df29ca1..2a5c03d 100644
 +
 +# Nautilus causes this avc
 +dontaudit unpriv_userdomain self:dir setattr;
++
++optional_policy(`
++	ssh_admin_home_dir_filetrans(userdomain)
++')
++
 diff --git a/policy/modules/system/xen.fc b/policy/modules/system/xen.fc
 index a865da7..0818ff0 100644
 --- a/policy/modules/system/xen.fc
@@ -60919,6 +62437,19 @@ index 4350ba0..c8b1d3b 100644
 -		unconfined_domain(xend_t)
 -	')
  ')
+diff --git a/policy/support/file_patterns.spt b/policy/support/file_patterns.spt
+index bdd500c..4719351 100644
+--- a/policy/support/file_patterns.spt
++++ b/policy/support/file_patterns.spt
+@@ -535,7 +535,7 @@ define(`filetrans_add_pattern',`
+ 
+ define(`filetrans_pattern',`
+ 	allow $1 $2:dir rw_dir_perms;
+-	type_transition $1 $2:$4 $3;
++	type_transition $1 $2:$4 $3 $5;
+ ')
+ 
+ define(`admin_pattern',`
 diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
 index 22ca011..df6b5de 100644
 --- a/policy/support/misc_patterns.spt
diff --git a/selinux-policy.spec b/selinux-policy.spec
index dbbe4dd..c4f8ec1 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.9.16
-Release: 15.1%{?dist}
+Release: 16.1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -474,9 +474,17 @@ exit 0
 %endif
 
 %changelog
-* Fri Apr 15 2011 Dan Walsh <dwalsh@redhat.com> 3.9.16-15.1
+* Tue Apr 19 2011 Dan Walsh <dwalsh@redhat.com> 3.9.16-16.1
 - Add filename transitions
 
+* Tue Apr 19 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-16
+- Fixes for zarafa policy
+- Add support for AEOLUS project
+- Change labeling of fping6
+- Allow plymountd to send signals to init
+- Allow initrc_t domain to manage abrt pid files
+- Virt_admin should be allowed to manage images and processes
+
 * Fri Apr 15 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-15
 - xdm_t needs getsession for switch user 
 - Every app that used to exec init is now execing systemdctl