diff --git a/policy-20071130.patch b/policy-20071130.patch
index 9b71c43..ba1df38 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -3998,7 +3998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-12 14:56:02.000000000 +0200
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-03-06 17:15:51.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-03-30 17:08:53.000000000 +0200
@@ -32,7 +32,7 @@
##
##
@@ -4302,14 +4302,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.3.1/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2007-12-19 11:32:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te 2008-03-28 21:10:09.000000000 +0100
-@@ -44,3 +44,6 @@
++++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te 2008-04-01 07:14:00.000000000 +0200
+@@ -44,3 +44,7 @@
optional_policy(`
nscd_dontaudit_search_pid(loadkeys_t)
')
+
+userdom_dontaudit_write_unpriv_user_home_content_files(loadkeys_t)
+userdom_dontaudit_list_user_home_dirs(user, loadkeys_t)
++userdom_dontaudit_list_sysadm_home_dirs(loadkeys_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-01-02 18:57:22.000000000 +0100
+++ serefpolicy-3.3.1/policy/modules/apps/mono.if 2008-03-03 14:24:51.000000000 +0100
@@ -4437,7 +4438,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.3.1/policy/modules/apps/mozilla.fc
--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2007-10-12 14:56:02.000000000 +0200
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc 2008-03-26 06:58:58.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc 2008-04-01 07:23:41.000000000 +0200
@@ -1,8 +1,8 @@
-HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
-HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
@@ -4452,7 +4453,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
#
# /bin
-@@ -29,3 +29,5 @@
+@@ -17,7 +17,6 @@
+ #
+ # /etc
+ #
+-/etc/mozpluggerrc -- gen_context(system_u:object_r:mozilla_conf_t,s0)
+
+ #
+ # /lib
+@@ -29,3 +28,5 @@
/usr/lib(64)?/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
/usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
@@ -5454,8 +5463,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-03-29 12:28:11.000000000 +0100
-@@ -0,0 +1,183 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-04-01 07:01:32.000000000 +0200
+@@ -0,0 +1,184 @@
+
+policy_module(nsplugin,1.0.0)
+
@@ -5595,6 +5604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+ xserver_xdm_rw_shm(nsplugin_t)
+ xserver_read_xdm_tmp_files(nsplugin_t)
+ xserver_read_user_xauth(user, nsplugin_t)
++ xserver_use_user_fonts(user, nsplugin_t)
+')
+
+########################################
@@ -8235,7 +8245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2007-10-23 23:17:42.000000000 +0200
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if 2008-03-20 14:37:55.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.if 2008-04-01 11:19:49.000000000 +0200
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -8665,7 +8675,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
')
########################################
-@@ -1088,3 +1037,133 @@
+@@ -1088,3 +1037,142 @@
allow httpd_t $1:process signal;
')
@@ -8757,6 +8767,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+ attribute httpdcontent;
+ attribute httpd_script_exec_type;
+ type httpd_bool_t;
++ type httpd_php_tmp_t;
++ type httpd_suexec_tmp_t;
++ type httpd_tmp_t;
++
+ ')
+
+ allow $1 httpd_t:process { getattr ptrace signal_perms };
@@ -8794,6 +8808,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+
+ seutil_domtrans_setfiles($1)
+
++ manage_app_pattern($1, httpd_tmp_t)
++ manage_app_pattern($1, httpd_php_tmp_t)
++ manage_app_pattern($1, httpd_suexec_tmp_t)
++ files_tmp_filetrans($1, httpd_tmp_t, { file dir })
++
+# apache_set_booleans($1, $2, $3, httpd_bool_t )
+# seutil_setsebool_per_role_template($1, httpd, $3)
+# allow httpd_setsebool_t httpd_bool_t:dir list_dir_perms;
@@ -15052,8 +15071,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
+/etc/rc.d/init.d/innd -- gen_context(system_u:object_r:innd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.3.1/policy/modules/services/inn.if
--- nsaserefpolicy/policy/modules/services/inn.if 2007-01-02 18:57:43.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.if 2008-02-26 14:29:22.000000000 +0100
-@@ -176,3 +176,80 @@
++++ serefpolicy-3.3.1/policy/modules/services/inn.if 2008-03-30 12:29:52.000000000 +0200
+@@ -54,8 +54,7 @@
+ ')
+
+ logging_rw_generic_log_dirs($1)
+- allow $1 innd_log_t:dir search;
+- allow $1 innd_log_t:file manage_file_perms;
++ manage_files_pattern($1, innd_log_t,innd_log_t)
+ ')
+
+ ########################################
+@@ -176,3 +175,80 @@
corecmd_search_bin($1)
domtrans_pattern($1,innd_exec_t,innd_t)
')
@@ -22285,7 +22314,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+/etc/rc.d/init.d/spamd -- gen_context(system_u:object_r:spamd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.3.1/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2007-10-12 14:56:07.000000000 +0200
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if 2008-02-26 14:29:22.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if 2008-04-01 07:58:40.000000000 +0200
@@ -34,10 +34,11 @@
# cjp: when tunables are available, spamc stuff should be
# toggled on activation of spamc, and similarly for spamd.
@@ -22606,7 +22635,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
')
can_exec($1,spamd_exec_t)
-@@ -398,11 +149,65 @@
+@@ -398,11 +149,66 @@
##
#
template(`spamassassin_domtrans_user_client',`
@@ -22635,6 +22664,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+ ')
+
+ domtrans_pattern($1,spamc_exec_t,spamc_t)
++ allow $1 spamc_exec_t:file ioctl;
+')
+
+########################################
@@ -22674,7 +22704,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
')
########################################
-@@ -446,11 +251,31 @@
+@@ -446,11 +252,31 @@
##
#
template(`spamassassin_domtrans_user_local_client',`
@@ -22708,7 +22738,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
')
########################################
-@@ -469,6 +294,7 @@
+@@ -469,6 +295,7 @@
')
files_search_var_lib($1)
@@ -22716,7 +22746,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
read_files_pattern($1,spamd_var_lib_t,spamd_var_lib_t)
')
-@@ -528,3 +354,133 @@
+@@ -528,3 +355,133 @@
dontaudit $1 spamd_tmp_t:sock_file getattr;
')
@@ -24028,7 +24058,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 17:02:50.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-03-25 22:57:54.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-04-01 07:01:14.000000000 +0200
@@ -12,9 +12,15 @@
##
##
@@ -30409,7 +30439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 15:52:56.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-29 13:10:01.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-04-01 07:17:26.000000000 +0200
@@ -29,9 +29,14 @@
')
@@ -31638,7 +31668,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2003,10 +2027,10 @@
+@@ -2003,10 +2027,11 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@@ -31648,10 +31678,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
- dontaudit $2 $1_home_dir_t:dir list_dir_perms;
+ dontaudit $2 user_home_dir_t:dir list_dir_perms;
++ dontaudit $2 user_home_t:dir list_dir_perms;
')
########################################
-@@ -2038,11 +2062,47 @@
+@@ -2038,11 +2063,47 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@@ -31701,7 +31732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2074,10 +2134,10 @@
+@@ -2074,10 +2135,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@@ -31714,7 +31745,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2107,11 +2167,11 @@
+@@ -2107,11 +2168,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@@ -31728,7 +31759,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2141,11 +2201,11 @@
+@@ -2141,11 +2202,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -31743,7 +31774,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2175,10 +2235,14 @@
+@@ -2175,10 +2236,14 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@@ -31760,7 +31791,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2208,11 +2272,11 @@
+@@ -2208,11 +2273,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@@ -31774,7 +31805,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2242,11 +2306,11 @@
+@@ -2242,11 +2307,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -31788,7 +31819,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2276,10 +2340,10 @@
+@@ -2276,10 +2341,10 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -31801,7 +31832,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2311,12 +2375,12 @@
+@@ -2311,12 +2376,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -31817,7 +31848,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2348,10 +2412,10 @@
+@@ -2348,10 +2413,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -31830,7 +31861,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2383,12 +2447,12 @@
+@@ -2383,12 +2448,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -31846,7 +31877,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2420,12 +2484,12 @@
+@@ -2420,12 +2485,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -31862,7 +31893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2457,12 +2521,12 @@
+@@ -2457,12 +2522,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -31878,7 +31909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2507,11 +2571,11 @@
+@@ -2507,11 +2572,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -31892,7 +31923,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2556,11 +2620,11 @@
+@@ -2556,11 +2621,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -31906,7 +31937,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2600,11 +2664,11 @@
+@@ -2600,11 +2665,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -31920,7 +31951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2634,11 +2698,11 @@
+@@ -2634,11 +2699,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -31934,7 +31965,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2668,11 +2732,11 @@
+@@ -2668,11 +2733,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -31948,7 +31979,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2704,10 +2768,10 @@
+@@ -2704,10 +2769,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -31961,7 +31992,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2739,10 +2803,10 @@
+@@ -2739,10 +2804,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -31974,7 +32005,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2772,12 +2836,12 @@
+@@ -2772,12 +2837,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -31990,7 +32021,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2809,10 +2873,10 @@
+@@ -2809,10 +2874,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -32003,7 +32034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2844,10 +2908,48 @@
+@@ -2844,10 +2909,48 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -32054,7 +32085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2877,12 +2979,12 @@
+@@ -2877,12 +2980,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -32070,7 +32101,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2914,10 +3016,10 @@
+@@ -2914,10 +3017,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -32083,7 +32114,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2949,12 +3051,12 @@
+@@ -2949,12 +3052,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -32099,7 +32130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2986,11 +3088,11 @@
+@@ -2986,11 +3089,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -32113,7 +32144,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3022,11 +3124,11 @@
+@@ -3022,11 +3125,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -32127,7 +32158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3058,11 +3160,11 @@
+@@ -3058,11 +3161,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -32141,7 +32172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3094,11 +3196,11 @@
+@@ -3094,11 +3197,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -32155,7 +32186,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3130,11 +3232,11 @@
+@@ -3130,11 +3233,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -32169,7 +32200,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3179,10 +3281,10 @@
+@@ -3179,10 +3282,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -32182,7 +32213,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_search_tmp($2)
')
-@@ -3223,10 +3325,10 @@
+@@ -3223,10 +3326,10 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -32195,7 +32226,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3254,6 +3356,42 @@
+@@ -3254,6 +3357,42 @@
##
##
#
@@ -32238,7 +32269,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
type $1_tmpfs_t;
-@@ -4231,11 +4369,11 @@
+@@ -4231,11 +4370,11 @@
#
interface(`userdom_search_staff_home_dirs',`
gen_require(`
@@ -32252,7 +32283,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4251,10 +4389,10 @@
+@@ -4251,10 +4390,10 @@
#
interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
@@ -32265,7 +32296,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4270,11 +4408,11 @@
+@@ -4270,11 +4409,11 @@
#
interface(`userdom_manage_staff_home_dirs',`
gen_require(`
@@ -32279,7 +32310,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4289,16 +4427,16 @@
+@@ -4289,16 +4428,16 @@
#
interface(`userdom_relabelto_staff_home_dirs',`
gen_require(`
@@ -32299,7 +32330,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## users home directory.
##
##
-@@ -4307,12 +4445,27 @@
+@@ -4307,12 +4446,27 @@
##
##
#
@@ -32330,7 +32361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4327,13 +4480,13 @@
+@@ -4327,13 +4481,13 @@
#
interface(`userdom_read_staff_home_content_files',`
gen_require(`
@@ -32348,7 +32379,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4531,10 +4684,10 @@
+@@ -4531,10 +4685,10 @@
#
interface(`userdom_getattr_sysadm_home_dirs',`
gen_require(`
@@ -32361,7 +32392,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4551,10 +4704,10 @@
+@@ -4551,10 +4705,10 @@
#
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
gen_require(`
@@ -32374,7 +32405,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4569,10 +4722,10 @@
+@@ -4569,10 +4723,10 @@
#
interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
@@ -32387,7 +32418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4588,10 +4741,10 @@
+@@ -4588,10 +4742,10 @@
#
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
gen_require(`
@@ -32400,7 +32431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4606,10 +4759,10 @@
+@@ -4606,10 +4760,10 @@
#
interface(`userdom_list_sysadm_home_dirs',`
gen_require(`
@@ -32413,7 +32444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4625,10 +4778,10 @@
+@@ -4625,10 +4779,10 @@
#
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
gen_require(`
@@ -32426,7 +32457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4644,12 +4797,11 @@
+@@ -4644,12 +4798,11 @@
#
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
gen_require(`
@@ -32442,7 +32473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4676,10 +4828,10 @@
+@@ -4676,10 +4829,10 @@
#
interface(`userdom_sysadm_home_dir_filetrans',`
gen_require(`
@@ -32455,7 +32486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4694,10 +4846,10 @@
+@@ -4694,10 +4847,10 @@
#
interface(`userdom_search_sysadm_home_content_dirs',`
gen_require(`
@@ -32468,7 +32499,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4712,13 +4864,13 @@
+@@ -4712,13 +4865,13 @@
#
interface(`userdom_read_sysadm_home_content_files',`
gen_require(`
@@ -32486,7 +32517,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4754,11 +4906,49 @@
+@@ -4754,11 +4907,49 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -32537,7 +32568,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4778,6 +4968,14 @@
+@@ -4778,6 +4969,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -32552,7 +32583,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4839,6 +5037,26 @@
+@@ -4839,6 +5038,26 @@
########################################
##
@@ -32579,7 +32610,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all directories
## in all users home directories.
##
-@@ -4859,6 +5077,25 @@
+@@ -4859,6 +5078,25 @@
########################################
##
@@ -32605,7 +32636,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all files
## in all users home directories.
##
-@@ -4879,6 +5116,26 @@
+@@ -4879,6 +5117,26 @@
########################################
##
@@ -32632,7 +32663,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all symlinks
## in all users home directories.
##
-@@ -5115,7 +5372,7 @@
+@@ -5115,7 +5373,7 @@
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
@@ -32641,7 +32672,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
files_search_home($1)
-@@ -5304,6 +5561,50 @@
+@@ -5304,6 +5562,50 @@
########################################
##
@@ -32692,7 +32723,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete directories in
## unprivileged users home directories.
##
-@@ -5509,6 +5810,42 @@
+@@ -5509,6 +5811,42 @@
########################################
##
@@ -32735,7 +32766,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Read and write unprivileged user ttys.
##
##
-@@ -5674,6 +6011,42 @@
+@@ -5674,6 +6012,42 @@
########################################
##
@@ -32778,7 +32809,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Send a dbus message to all user domains.
##
##
-@@ -5704,3 +6077,370 @@
+@@ -5704,3 +6078,370 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d9cc034..d68cdcc 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 26%{?dist}
+Release: 27%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,11 @@ exit 0
%endif
%changelog
+* Tue Apr 1 2008 Dan Walsh 3.3.1-27
+- Allow nsplugin to read /etc/mozpluggerrc, user_fonts
+- Allow syslog to manage innd logs.
+- Allow procmail to ioctl spamd_exec_t
+
* Sat Mar 28 2008 Dan Walsh 3.3.1-26
- Allow initrc_t to dbus chat with consolekit.