diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
index 810ae5f..4250bbd 100644
--- a/policy/modules/admin/alsa.te
+++ b/policy/modules/admin/alsa.te
@@ -1,5 +1,5 @@
-policy_module(alsa, 1.7.0)
+policy_module(alsa, 1.7.1)
########################################
#
@@ -43,6 +43,7 @@ kernel_read_system_state(alsa_t)
dev_read_sound(alsa_t)
dev_write_sound(alsa_t)
+dev_read_sysfs(alsa_t)
corecmd_exec_bin(alsa_t)
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
index d8bf97f..955532d 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -1,5 +1,5 @@
-policy_module(consoletype, 1.7.0)
+policy_module(consoletype, 1.7.1)
########################################
#
@@ -18,7 +18,7 @@ role system_r types consoletype_t;
# Local declarations
#
-allow consoletype_t self:capability sys_admin;
+allow consoletype_t self:capability { sys_admin sys_tty_config };
allow consoletype_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow consoletype_t self:fd use;
allow consoletype_t self:fifo_file rw_fifo_file_perms;
@@ -38,6 +38,7 @@ kernel_dontaudit_read_system_state(consoletype_t)
fs_getattr_all_fs(consoletype_t)
fs_search_auto_mountpoints(consoletype_t)
fs_write_nfs_files(consoletype_t)
+fs_list_inotifyfs(consoletype_t)
mls_file_read_all_levels(consoletype_t)
mls_file_write_all_levels(consoletype_t)
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 5d3068b..1c753fa 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -1,5 +1,5 @@
-policy_module(netutils, 1.8.2)
+policy_module(netutils, 1.8.3)
########################################
#
@@ -128,6 +128,8 @@ domain_use_interactive_fds(ping_t)
files_read_etc_files(ping_t)
files_dontaudit_search_var(ping_t)
+kernel_read_system_state(ping_t)
+
auth_use_nsswitch(ping_t)
logging_send_syslog_msg(ping_t)
@@ -146,6 +148,10 @@ tunable_policy(`user_ping',`
')
optional_policy(`
+ munin_append_log(ping_t)
+')
+
+optional_policy(`
pcmcia_use_cardmgr_fds(ping_t)
')
diff --git a/policy/modules/admin/vbetool.if b/policy/modules/admin/vbetool.if
index 001e148..2dc9f53 100644
--- a/policy/modules/admin/vbetool.if
+++ b/policy/modules/admin/vbetool.if
@@ -18,3 +18,28 @@ interface(`vbetool_domtrans',`
corecmd_search_bin($1)
domtrans_pattern($1, vbetool_exec_t, vbetool_t)
')
+
+########################################
+##
+## Execute vbetool in the vbetool domain, and
+## allow the specified role the vbetool domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+##
+## The role to be allowed the vbetool domain.
+##
+##
+#
+interface(`vbetool_run',`
+ gen_require(`
+ type vbetool_t;
+ ')
+
+ vbetool_domtrans($1)
+ role $2 types vbetool_t;
+')
diff --git a/policy/modules/admin/vbetool.te b/policy/modules/admin/vbetool.te
index a6d316e..34e0a33 100644
--- a/policy/modules/admin/vbetool.te
+++ b/policy/modules/admin/vbetool.te
@@ -1,5 +1,5 @@
-policy_module(vbetool, 1.3.0)
+policy_module(vbetool, 1.3.1)
########################################
#
@@ -23,6 +23,8 @@ dev_read_raw_memory(vbetool_t)
dev_rwx_zero(vbetool_t)
dev_read_sysfs(vbetool_t)
+domain_mmap_low(vbetool_t)
+
term_use_unallocated_ttys(vbetool_t)
miscfiles_read_localization(vbetool_t)
diff --git a/policy/modules/admin/vpn.if b/policy/modules/admin/vpn.if
index 8779a18..b5272fb 100644
--- a/policy/modules/admin/vpn.if
+++ b/policy/modules/admin/vpn.if
@@ -47,6 +47,24 @@ interface(`vpn_run',`
########################################
##
+## Send VPN clients the kill signal.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`vpn_kill',`
+ gen_require(`
+ type vpnc_t;
+ ')
+
+ allow $1 vpnc_t:process sigkill;
+')
+
+########################################
+##
## Send generic signals to VPN clients.
##
##
@@ -65,6 +83,24 @@ interface(`vpn_signal',`
########################################
##
+## Send signull to VPN clients.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`vpn_signull',`
+ gen_require(`
+ type vpnc_t;
+ ')
+
+ allow $1 vpnc_t:process signull;
+')
+
+########################################
+##
## Send and receive messages from
## Vpnc over dbus.
##
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index d3029b3..4fa636b 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -1,5 +1,5 @@
-policy_module(vpn, 1.10.2)
+policy_module(vpn, 1.10.3)
########################################
#
diff --git a/policy/modules/services/munin.if b/policy/modules/services/munin.if
index 19848bb..903e39b 100644
--- a/policy/modules/services/munin.if
+++ b/policy/modules/services/munin.if
@@ -45,6 +45,26 @@ interface(`munin_read_config',`
#######################################
##
+## Append to the munin log.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`munin_append_log',`
+ gen_require(`
+ type munin_log_t;
+ ')
+
+ allow $1 munin_log_t:file append_file_perms;
+ logging_search_logs($1)
+')
+
+#######################################
+##
## Search munin library directories.
##
##
diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
index 2a0971d..f0aab75 100644
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@@ -1,5 +1,5 @@
-policy_module(munin, 1.6.1)
+policy_module(munin, 1.6.2)
########################################
#