diff --git a/exclude b/exclude
new file mode 100644
index 0000000..21b7aed
--- /dev/null
+++ b/exclude
@@ -0,0 +1,27 @@
+CVS
+*2004*
+*h
+*~
+.#*
+*.spec
+*.orig
+*.rej
+*.suse
+*.strict
+policy.conf
+policy.15
+tmp
+debian
+#*
+policy.conf
+policy.xml
+modules.conf
+booleans.conf
+base.conf
+base.fc
+*.pyc
+fc_sort
+CVS
+CVSROOT
+.svn
+svn
diff --git a/nsadiff b/nsadiff
new file mode 100755
index 0000000..3557048
--- /dev/null
+++ b/nsadiff
@@ -0,0 +1 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.8 > /tmp/diff
diff --git a/policy-20090105.patch b/policy-20090105.patch
index b226687..fb964c2 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -1,6 +1,6 @@
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.8/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/default_contexts	2009-03-09 17:56:08.452575000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -24,13 +24,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.6.8/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.8/config/appconfig-mcs/failsafe_context	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/failsafe_context	2009-03-09 17:56:08.454576000 -0400
 @@ -1 +1 @@
 -sysadm_r:sysadm_t:s0
 +system_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/guest_u_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/guest_u_default_contexts	2009-03-09 17:56:08.457575000 -0400
 @@ -0,0 +1,6 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -40,7 +40,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +guest_r:guest_t:s0		guest_r:guest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/root_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/root_default_contexts	2009-03-09 17:56:08.459573000 -0400
 @@ -1,11 +1,7 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -57,7 +57,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.8/config/appconfig-mcs/seusers
 --- nsaserefpolicy/config/appconfig-mcs/seusers	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.8/config/appconfig-mcs/seusers	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/seusers	2009-03-09 17:56:08.461575000 -0400
 @@ -1,3 +1,3 @@
  system_u:system_u:s0-mcs_systemhigh
 -root:root:s0-mcs_systemhigh
@@ -66,7 +66,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +__default__:unconfined_u:s0-mcs_systemhigh
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/staff_u_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/staff_u_default_contexts	2009-03-09 17:56:08.464572000 -0400
 @@ -1,10 +1,12 @@
  system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
  system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -83,7 +83,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/unconfined_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/unconfined_u_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/unconfined_u_default_contexts	2009-03-09 17:56:08.466573000 -0400
 @@ -1,4 +1,4 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0
@@ -99,13 +99,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.6.8/config/appconfig-mcs/userhelper_context
 --- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.8/config/appconfig-mcs/userhelper_context	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/userhelper_context	2009-03-09 17:56:08.468575000 -0400
 @@ -1 +1 @@
 -system_u:sysadm_r:sysadm_t:s0
 +system_u:system_r:unconfined_t:s0	
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/user_u_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/user_u_default_contexts	2009-03-09 17:56:08.470575000 -0400
 @@ -1,8 +1,9 @@
  system_r:local_login_t:s0	user_r:user_t:s0
  system_r:remote_login_t:s0	user_r:user_t:s0
@@ -120,17 +120,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +user_r:user_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.8/config/appconfig-mcs/virtual_domain_context
 --- nsaserefpolicy/config/appconfig-mcs/virtual_domain_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/virtual_domain_context	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/virtual_domain_context	2009-03-09 17:56:08.472577000 -0400
 @@ -0,0 +1 @@
 +system_u:system_r:svirt_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.8/config/appconfig-mcs/virtual_image_context
 --- nsaserefpolicy/config/appconfig-mcs/virtual_image_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/virtual_image_context	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/virtual_image_context	2009-03-09 17:56:08.474575000 -0400
 @@ -0,0 +1 @@
 +system_u:object_r:virt_image_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/xguest_u_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mcs/xguest_u_default_contexts	2009-03-09 17:56:08.476573000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -141,7 +141,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.6.8/config/appconfig-mls/default_contexts
 --- nsaserefpolicy/config/appconfig-mls/default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mls/default_contexts	2009-03-09 17:56:08.478573000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -165,7 +165,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/guest_u_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mls/guest_u_default_contexts	2009-03-09 17:56:08.490572000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -173,7 +173,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:crond_t:s0		guest_r:guest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.6.8/config/appconfig-mls/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/root_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/root_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mls/root_default_contexts	2009-03-09 17:56:08.491577000 -0400
 @@ -1,11 +1,11 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
 -system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -194,17 +194,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +#system_r:sshd_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.8/config/appconfig-mls/virtual_domain_context
 --- nsaserefpolicy/config/appconfig-mls/virtual_domain_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/virtual_domain_context	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mls/virtual_domain_context	2009-03-09 17:56:08.493579000 -0400
 @@ -0,0 +1 @@
 +system_u:system_r:qemu_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.8/config/appconfig-mls/virtual_image_context
 --- nsaserefpolicy/config/appconfig-mls/virtual_image_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/virtual_image_context	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mls/virtual_image_context	2009-03-09 17:56:08.495579000 -0400
 @@ -0,0 +1 @@
 +system_u:object_r:virt_image_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mls/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/xguest_u_default_contexts	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/config/appconfig-mls/xguest_u_default_contexts	2009-03-09 17:56:08.497575000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -214,8 +214,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:initrc_su_t:s0	xguest_r:xguest_t:s0
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.8/Makefile
---- nsaserefpolicy/Makefile	2009-01-19 11:07:35.000000000 -0500
-+++ serefpolicy-3.6.8/Makefile	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/Makefile	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/Makefile	2009-03-09 17:56:08.500572000 -0400
 @@ -241,7 +241,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -279,8 +279,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
  	@mkdir -p $(appdir)
  	$(verbose) $(INSTALL) -m 644 $< $@
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.6.8/policy/flask/access_vectors
---- nsaserefpolicy/policy/flask/access_vectors	2009-03-05 10:02:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/flask/access_vectors	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/flask/access_vectors	2009-03-09 17:54:21.056246000 -0400
++++ serefpolicy-3.6.8/policy/flask/access_vectors	2009-03-09 17:56:08.502573000 -0400
 @@ -157,6 +157,9 @@
  
  class sock_file
@@ -293,7 +293,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  inherits file
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.8/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/global_tunables	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/global_tunables	2009-03-09 17:56:08.504576000 -0400
 @@ -61,15 +61,6 @@
  
  ## <desc>
@@ -324,8 +324,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.8/policy/mcs
---- nsaserefpolicy/policy/mcs	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/mcs	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/mcs	2009-02-09 12:15:17.000000000 -0500
++++ serefpolicy-3.6.8/policy/mcs	2009-03-09 17:56:08.507572000 -0400
 @@ -67,7 +67,8 @@
  # Note that getattr on files is always permitted.
  #
@@ -365,7 +365,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	(( h1 dom h2 ) or ( t1 == mcssetcats ));
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.6.8/policy/modules/admin/alsa.te
 --- nsaserefpolicy/policy/modules/admin/alsa.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/alsa.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/alsa.te	2009-03-09 17:56:08.509572000 -0400
 @@ -43,6 +43,7 @@
  
  dev_read_sound(alsa_t)
@@ -376,7 +376,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.6.8/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/anaconda.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/anaconda.te	2009-03-09 17:56:08.511573000 -0400
 @@ -31,6 +31,7 @@
  modutils_domtrans_insmod(anaconda_t)
  
@@ -386,8 +386,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.8/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/certwatch.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/certwatch.te	2009-03-09 17:56:08.513577000 -0400
 @@ -27,15 +27,20 @@
  
  fs_list_inotifyfs(certwatch_t)
@@ -411,7 +411,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.6.8/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/consoletype.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/consoletype.te	2009-03-09 17:56:08.516572000 -0400
 @@ -18,7 +18,7 @@
  # Local declarations
  #
@@ -431,7 +431,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  mls_file_write_all_levels(consoletype_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.6.8/policy/modules/admin/kismet.if
 --- nsaserefpolicy/policy/modules/admin/kismet.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/kismet.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/kismet.if	2009-03-09 17:56:08.518572000 -0400
 @@ -16,6 +16,7 @@
  	')
  
@@ -442,7 +442,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.8/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/kismet.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/kismet.te	2009-03-09 17:56:08.520573000 -0400
 @@ -14,27 +14,36 @@
  type kismet_var_run_t;
  files_pid_file(kismet_var_run_t)
@@ -510,7 +510,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_read_user_tmpfs_files(kismet_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.8/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/logrotate.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/logrotate.te	2009-03-09 17:56:08.522575000 -0400
 @@ -116,8 +116,9 @@
  seutil_dontaudit_read_config(logrotate_t)
  
@@ -531,7 +531,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.6.8/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/logwatch.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/logwatch.te	2009-03-09 17:56:08.525572000 -0400
 @@ -43,6 +43,8 @@
  kernel_read_fs_sysctls(logwatch_t)
  kernel_read_kernel_sysctls(logwatch_t)
@@ -602,8 +602,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	samba_read_share_files(logwatch_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.8/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/mrtg.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/mrtg.te	2009-03-09 17:56:08.527572000 -0400
 @@ -116,6 +116,7 @@
  userdom_use_user_terminals(mrtg_t)
  userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -613,8 +613,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`enable_mls',`
  	corenet_udp_sendrecv_lo_if(mrtg_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.8/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/netutils.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/netutils.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/netutils.te	2009-03-09 17:56:08.529573000 -0400
 @@ -128,6 +128,8 @@
  files_read_etc_files(ping_t)
  files_dontaudit_search_var(ping_t)
@@ -641,7 +641,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.6.8/policy/modules/admin/prelink.fc
 --- nsaserefpolicy/policy/modules/admin/prelink.fc	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/admin/prelink.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/prelink.fc	2009-03-09 17:56:08.536572000 -0400
 @@ -5,3 +5,5 @@
  
  /var/log/prelink\.log		--	gen_context(system_u:object_r:prelink_log_t,s0)
@@ -650,7 +650,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/misc/prelink\*		--	gen_context(system_u:object_r:prelink_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.6.8/policy/modules/admin/prelink.if
 --- nsaserefpolicy/policy/modules/admin/prelink.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/prelink.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/prelink.if	2009-03-09 17:56:08.538572000 -0400
 @@ -120,3 +120,23 @@
  	logging_search_logs($1)
  	manage_files_pattern($1, prelink_log_t, prelink_log_t)
@@ -677,7 +677,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.8/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/prelink.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/prelink.te	2009-03-09 17:56:08.540573000 -0400
 @@ -21,12 +21,15 @@
  type prelink_tmp_t;
  files_tmp_file(prelink_tmp_t)
@@ -748,7 +748,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.8/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/admin/rpm.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/rpm.fc	2009-03-09 17:56:08.542575000 -0400
 @@ -3,6 +3,7 @@
  /usr/bin/smart 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  
@@ -790,7 +790,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`distro_suse', `
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.8/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/rpm.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/rpm.if	2009-03-09 17:56:08.545572000 -0400
 @@ -146,6 +146,24 @@
  
  ########################################
@@ -1122,8 +1122,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.8/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/rpm.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/rpm.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/rpm.te	2009-03-09 17:56:08.547575000 -0400
 @@ -31,6 +31,9 @@
  files_type(rpm_var_lib_t)
  typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -1341,7 +1341,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		java_domtrans_unconfined(rpm_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.8/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/sudo.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/sudo.if	2009-03-09 17:56:08.550572000 -0400
 @@ -32,6 +32,7 @@
  
  	gen_require(`
@@ -1479,7 +1479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.6.8/policy/modules/admin/sudo.te
 --- nsaserefpolicy/policy/modules/admin/sudo.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/sudo.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/sudo.te	2009-03-09 17:56:08.552573000 -0400
 @@ -4,6 +4,7 @@
  ########################################
  #
@@ -1489,8 +1489,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  type sudo_exec_t;
  application_executable_file(sudo_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.8/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/su.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/su.if	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/su.if	2009-03-09 17:56:08.554573000 -0400
 @@ -90,15 +90,6 @@
  
  	miscfiles_read_localization($1_su_t)
@@ -1525,7 +1525,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		domain_subj_id_change_exemption($1_su_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.8/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/tmpreaper.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/tmpreaper.te	2009-03-09 17:56:08.556577000 -0400
 @@ -22,12 +22,16 @@
  dev_read_urand(tmpreaper_t)
  
@@ -1572,7 +1572,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.8/policy/modules/admin/usermanage.if
 --- nsaserefpolicy/policy/modules/admin/usermanage.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/usermanage.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/usermanage.if	2009-03-09 17:56:08.559572000 -0400
 @@ -117,6 +117,24 @@
  
  ########################################
@@ -1608,7 +1608,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.8/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/usermanage.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/usermanage.te	2009-03-09 17:56:08.561573000 -0400
 @@ -288,6 +288,7 @@
  term_use_all_user_ttys(passwd_t)
  term_use_all_user_ptys(passwd_t)
@@ -1656,7 +1656,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.if serefpolicy-3.6.8/policy/modules/admin/vbetool.if
 --- nsaserefpolicy/policy/modules/admin/vbetool.if	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/admin/vbetool.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/vbetool.if	2009-03-09 17:56:08.563579000 -0400
 @@ -18,3 +18,28 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, vbetool_exec_t, vbetool_t)
@@ -1688,7 +1688,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.6.8/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/vbetool.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/vbetool.te	2009-03-09 17:56:08.566572000 -0400
 @@ -23,6 +23,9 @@
  dev_rwx_zero(vbetool_t)
  dev_read_sysfs(vbetool_t)
@@ -1711,7 +1711,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.6.8/policy/modules/admin/vpn.if
 --- nsaserefpolicy/policy/modules/admin/vpn.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/vpn.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/admin/vpn.if	2009-03-09 17:56:08.568572000 -0400
 @@ -47,6 +47,24 @@
  
  ########################################
@@ -1764,7 +1764,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.fc serefpolicy-3.6.8/policy/modules/apps/cdrecord.fc
 --- nsaserefpolicy/policy/modules/apps/cdrecord.fc	2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/cdrecord.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/cdrecord.fc	2009-03-09 17:56:08.570573000 -0400
 @@ -2,4 +2,5 @@
  # /usr
  #
@@ -1773,7 +1773,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.6.8/policy/modules/apps/games.if
 --- nsaserefpolicy/policy/modules/apps/games.if	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/games.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/games.if	2009-03-09 17:56:08.572575000 -0400
 @@ -30,3 +30,22 @@
  	ps_process_pattern($2, games_t)
  	allow $2 games_t:process signal_perms;
@@ -1799,19 +1799,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.fc serefpolicy-3.6.8/policy/modules/apps/git.fc
 --- nsaserefpolicy/policy/modules/apps/git.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/git.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/git.fc	2009-03-09 17:56:08.575575000 -0400
 @@ -0,0 +1,3 @@
 +/var/cache/cgit(/.*)?		gen_context(system_u:object_r:httpd_git_content_rw_t,s0)
 +/var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
 +/var/lib/git(/.*)?		gen_context(system_u:object_r:httpd_git_content_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.if serefpolicy-3.6.8/policy/modules/apps/git.if
 --- nsaserefpolicy/policy/modules/apps/git.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/git.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/git.if	2009-03-09 17:56:08.577575000 -0400
 @@ -0,0 +1 @@
 +## <summary></summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.te serefpolicy-3.6.8/policy/modules/apps/git.te
 --- nsaserefpolicy/policy/modules/apps/git.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/git.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/git.te	2009-03-09 17:56:08.579575000 -0400
 @@ -0,0 +1,4 @@
 +policy_module(git, 1.0)
 +
@@ -1819,7 +1819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive httpd_git_script_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.8/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gnome.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/gnome.fc	2009-03-09 17:56:08.581575000 -0400
 @@ -1,8 +1,12 @@
  HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:gnome_home_t,s0)
  HOME_DIR/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:gconf_home_t,s0)
@@ -1836,7 +1836,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#/usr/libexec/gconfd-2 	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.6.8/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gnome.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/gnome.if	2009-03-09 17:56:08.583577000 -0400
 @@ -89,5 +89,154 @@
  
  	allow $1 gnome_home_t:dir manage_dir_perms;
@@ -1994,7 +1994,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.8/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gnome.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/gnome.te	2009-03-09 17:56:08.594572000 -0400
 @@ -9,16 +9,18 @@
  attribute gnomedomain;
  
@@ -2025,7 +2025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##############################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.6.8/policy/modules/apps/gpg.fc
 --- nsaserefpolicy/policy/modules/apps/gpg.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gpg.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/gpg.fc	2009-03-09 17:56:08.596573000 -0400
 @@ -5,5 +5,5 @@
  /usr/bin/kgpg		--	gen_context(system_u:object_r:gpg_exec_t,s0)
  /usr/bin/pinentry.*	--	gen_context(system_u:object_r:pinentry_exec_t,s0)
@@ -2036,7 +2036,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/gnupg/gpgkeys.* --	gen_context(system_u:object_r:gpg_helper_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.6.8/policy/modules/apps/gpg.if
 --- nsaserefpolicy/policy/modules/apps/gpg.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gpg.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/gpg.if	2009-03-09 17:56:08.598575000 -0400
 @@ -30,7 +30,7 @@
  
  	# allow ps to show gpg
@@ -2065,8 +2065,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.8/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gpg.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/gpg.te	2009-02-09 12:15:12.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/gpg.te	2009-03-09 17:56:08.601572000 -0400
 @@ -60,7 +60,7 @@
  
  allow gpg_t self:capability { ipc_lock setuid };
@@ -2166,7 +2166,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # GPG agent local policy
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.6.8/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/java.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/java.fc	2009-03-09 17:56:08.603575000 -0400
 @@ -2,15 +2,16 @@
  # /opt
  #
@@ -2203,7 +2203,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/opera(/.*)?/opera	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.8/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/java.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/java.if	2009-03-09 17:56:08.605577000 -0400
 @@ -30,6 +30,7 @@
  
  	allow java_t $2:unix_stream_socket connectto;
@@ -2336,8 +2336,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	corecmd_bin_domtrans($1_java_t, $1_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.8/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/java.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/java.te	2009-02-09 12:15:12.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/java.te	2009-03-09 17:56:08.608572000 -0400
 @@ -40,7 +40,7 @@
  # Local policy
  #
@@ -2384,13 +2384,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.6.8/policy/modules/apps/livecd.fc
 --- nsaserefpolicy/policy/modules/apps/livecd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/livecd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/livecd.fc	2009-03-09 17:56:08.610575000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.6.8/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/livecd.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/livecd.if	2009-03-09 17:56:08.612575000 -0400
 @@ -0,0 +1,50 @@
 +
 +## <summary>policy for livecd</summary>
@@ -2444,7 +2444,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.6.8/policy/modules/apps/livecd.te
 --- nsaserefpolicy/policy/modules/apps/livecd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/livecd.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/livecd.te	2009-03-09 17:56:08.614575000 -0400
 @@ -0,0 +1,26 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -2474,7 +2474,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +seutil_domtrans_setfiles_mac(livecd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.6.8/policy/modules/apps/loadkeys.te
 --- nsaserefpolicy/policy/modules/apps/loadkeys.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/loadkeys.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/loadkeys.te	2009-03-09 17:56:08.616575000 -0400
 @@ -40,6 +40,7 @@
  miscfiles_read_localization(loadkeys_t)
  
@@ -2485,7 +2485,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	nscd_dontaudit_search_pid(loadkeys_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.8/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/mono.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/mono.if	2009-03-09 17:56:08.618577000 -0400
 @@ -21,6 +21,103 @@
  
  ########################################
@@ -2601,7 +2601,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	corecmd_search_bin($1)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.6.8/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mono.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/mono.te	2009-03-09 17:56:08.621572000 -0400
 @@ -15,7 +15,7 @@
  # Local policy
  #
@@ -2621,7 +2621,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.6.8/policy/modules/apps/mozilla.fc
 --- nsaserefpolicy/policy/modules/apps/mozilla.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mozilla.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/mozilla.fc	2009-03-09 17:56:08.623572000 -0400
 @@ -17,7 +17,6 @@
  #
  # /etc
@@ -2638,7 +2638,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.8/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mozilla.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/mozilla.if	2009-03-09 17:56:08.625573000 -0400
 @@ -82,8 +82,7 @@
  		type mozilla_home_t;
  	')
@@ -2650,8 +2650,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.8/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mozilla.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/mozilla.te	2009-02-09 12:15:12.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/mozilla.te	2009-03-09 17:56:08.627575000 -0400
 @@ -105,6 +105,7 @@
  # Should not need other ports
  corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
@@ -2690,7 +2690,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.6.8/policy/modules/apps/mplayer.fc
 --- nsaserefpolicy/policy/modules/apps/mplayer.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mplayer.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/mplayer.fc	2009-03-09 17:56:08.630572000 -0400
 @@ -1,11 +1,7 @@
  #
 -# /etc
@@ -2706,7 +2706,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.6.8/policy/modules/apps/mplayer.if
 --- nsaserefpolicy/policy/modules/apps/mplayer.if	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mplayer.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/mplayer.if	2009-03-09 17:56:08.632572000 -0400
 @@ -83,3 +83,23 @@
  	read_files_pattern($1, mplayer_home_t, mplayer_home_t)
  	userdom_search_user_home_dirs($1)
@@ -2733,7 +2733,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.6.8/policy/modules/apps/nsplugin.fc
 --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.fc	2009-03-09 17:56:08.634575000 -0400
 @@ -0,0 +1,12 @@
 +HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
 +HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -2749,7 +2749,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.8/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.if	2009-03-09 17:56:08.639574000 -0400
 @@ -0,0 +1,272 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -3025,7 +3025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.6.8/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.te	2009-03-09 17:56:08.642571000 -0400
 @@ -0,0 +1,288 @@
 +
 +policy_module(nsplugin, 1.0.0)
@@ -3317,14 +3317,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.6.8/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/openoffice.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/openoffice.fc	2009-03-09 17:56:08.644572000 -0400
 @@ -0,0 +1,3 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.8/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/openoffice.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/openoffice.if	2009-03-09 17:56:08.646572000 -0400
 @@ -0,0 +1,92 @@
 +## <summary>Openoffice</summary>
 +
@@ -3420,7 +3420,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.8/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/openoffice.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/openoffice.te	2009-03-09 17:56:08.648572000 -0400
 @@ -0,0 +1,14 @@
 +
 +policy_module(openoffice, 1.0.0)
@@ -3438,7 +3438,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.6.8/policy/modules/apps/podsleuth.fc
 --- nsaserefpolicy/policy/modules/apps/podsleuth.fc	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.fc	2009-03-09 17:56:08.650571000 -0400
 @@ -1,2 +1,4 @@
  
  /usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
@@ -3446,7 +3446,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/podsleuth(/.*)?		gen_context(system_u:object_r:podsleuth_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.6.8/policy/modules/apps/podsleuth.if
 --- nsaserefpolicy/policy/modules/apps/podsleuth.if	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.if	2009-03-09 17:56:08.652572000 -0400
 @@ -16,4 +16,32 @@
  	')
  
@@ -3482,7 +3482,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.8/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.te	2009-03-09 17:56:08.654573000 -0400
 @@ -11,21 +11,59 @@
  application_domain(podsleuth_t, podsleuth_exec_t)
  role system_r types podsleuth_t;
@@ -3547,13 +3547,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dbus_system_bus_client(podsleuth_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.fc serefpolicy-3.6.8/policy/modules/apps/pulseaudio.fc
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.fc	2009-03-07 12:34:57.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.fc	2009-03-09 17:56:08.656577000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/pulseaudio	--	gen_context(system_u:object_r:pulseaudio_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.8/policy/modules/apps/pulseaudio.if
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.if	2009-03-09 16:50:20.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.if	2009-03-09 17:56:08.658577000 -0400
 @@ -0,0 +1,86 @@
 +
 +## <summary>policy for pulseaudio</summary>
@@ -3643,7 +3643,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.8/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.te	2009-03-09 16:49:50.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.te	2009-03-09 17:56:08.661572000 -0400
 @@ -0,0 +1,88 @@
 +policy_module(pulseaudio,1.0.0)
 +
@@ -3735,15 +3735,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.8/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/qemu.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/qemu.fc	2009-03-09 17:56:08.662577000 -0400
 @@ -1,2 +1,2 @@
 -/usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 -/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/bin/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.8/policy/modules/apps/qemu.if
---- nsaserefpolicy/policy/modules/apps/qemu.if	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/qemu.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/qemu.if	2009-02-09 12:15:12.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/qemu.if	2009-03-09 17:56:08.665572000 -0400
 @@ -40,6 +40,93 @@
  
  	qemu_domtrans($1)
@@ -4051,8 +4051,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.8/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/qemu.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/qemu.te	2009-02-09 12:15:12.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/qemu.te	2009-03-09 17:56:08.667573000 -0400
 @@ -13,28 +13,83 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
@@ -4147,7 +4147,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # qemu_unconfined local policy
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.6.8/policy/modules/apps/sambagui.fc
 --- nsaserefpolicy/policy/modules/apps/sambagui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/sambagui.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/sambagui.fc	2009-03-09 17:56:08.670571000 -0400
 @@ -0,0 +1,4 @@
 +/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
 +
@@ -4155,13 +4155,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.6.8/policy/modules/apps/sambagui.if
 --- nsaserefpolicy/policy/modules/apps/sambagui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/sambagui.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/sambagui.if	2009-03-09 17:56:08.672572000 -0400
 @@ -0,0 +1,2 @@
 +## <summary>system-config-samba policy</summary>
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.8/policy/modules/apps/sambagui.te
 --- nsaserefpolicy/policy/modules/apps/sambagui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/sambagui.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/sambagui.te	2009-03-09 17:56:08.674572000 -0400
 @@ -0,0 +1,59 @@
 +policy_module(sambagui,1.0.0)
 +
@@ -4224,7 +4224,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive sambagui_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.6.8/policy/modules/apps/slocate.te
 --- nsaserefpolicy/policy/modules/apps/slocate.te	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/slocate.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/slocate.te	2009-03-09 17:56:08.676571000 -0400
 @@ -22,7 +22,7 @@
  #
  
@@ -4245,7 +4245,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.6.8/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/wine.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/wine.fc	2009-03-09 17:56:08.678572000 -0400
 @@ -1,4 +1,12 @@
 -/usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
 +/usr/bin/wine.*			--	gen_context(system_u:object_r:wine_exec_t,s0)
@@ -4264,7 +4264,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/opt/picasa/wine/bin/wine	--	gen_context(system_u:object_r:wine_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.6.8/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wine.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/wine.if	2009-03-09 17:56:08.686572000 -0400
 @@ -43,3 +43,62 @@
  	wine_domtrans($1)
  	role $2 types wine_t;
@@ -4330,7 +4330,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.8/policy/modules/apps/wine.te
 --- nsaserefpolicy/policy/modules/apps/wine.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wine.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/wine.te	2009-03-09 17:56:08.688573000 -0400
 @@ -9,6 +9,7 @@
  type wine_t;
  type wine_exec_t;
@@ -4359,14 +4359,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.fc serefpolicy-3.6.8/policy/modules/apps/wm.fc
 --- nsaserefpolicy/policy/modules/apps/wm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wm.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/wm.fc	2009-03-09 17:56:08.690577000 -0400
 @@ -0,0 +1,3 @@
 +/usr/bin/twm		--	gen_context(system_u:object_r:wm_exec_t,s0)
 +/usr/bin/openbox	--	gen_context(system_u:object_r:wm_exec_t,s0)
 +/usr/bin/metacity	--	gen_context(system_u:object_r:wm_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.6.8/policy/modules/apps/wm.if
 --- nsaserefpolicy/policy/modules/apps/wm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wm.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/wm.if	2009-03-09 17:56:08.693572000 -0400
 @@ -0,0 +1,108 @@
 +## <summary>Window Manager.</summary>
 +
@@ -4478,7 +4478,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.8/policy/modules/apps/wm.te
 --- nsaserefpolicy/policy/modules/apps/wm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wm.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/apps/wm.te	2009-03-09 17:56:08.695572000 -0400
 @@ -0,0 +1,9 @@
 +policy_module(wm,0.0.4)
 +
@@ -4490,8 +4490,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type wm_exec_t;
 +corecmd_executable_file(wm_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.8/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-03-05 10:34:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corecommands.fc	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-03-09 17:54:21.322239000 -0400
++++ serefpolicy-3.6.8/policy/modules/kernel/corecommands.fc	2009-03-09 17:56:08.697572000 -0400
 @@ -134,6 +134,8 @@
  /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -4518,7 +4518,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/nspluginwrapper/np.*	gen_context(system_u:object_r:bin_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.8/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corecommands.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/corecommands.if	2009-03-09 17:56:08.700572000 -0400
 @@ -893,6 +893,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -4528,8 +4528,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.6.8/policy/modules/kernel/corenetwork.if.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.if.in	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2009-02-09 12:15:11.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.if.in	2009-03-09 17:56:08.703572000 -0400
 @@ -1612,6 +1612,24 @@
  
  ########################################
@@ -4581,8 +4581,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-03-03 15:55:58.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in	2009-03-09 17:56:08.706572000 -0400
 @@ -65,10 +65,12 @@
  type server_packet_t, packet_type, server_packet_type;
  
@@ -4706,7 +4706,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(xfs, tcp,7100,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.8/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/domain.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/domain.if	2009-03-09 17:56:08.709572000 -0400
 @@ -629,6 +629,7 @@
  
  	dontaudit $1 unconfined_domain_type:dir search_dir_perms;
@@ -4780,7 +4780,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.8/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/domain.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/domain.te	2009-03-09 17:56:08.711573000 -0400
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -4897,7 +4897,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.6.8/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/files.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/files.fc	2009-03-09 17:56:08.714571000 -0400
 @@ -8,6 +8,8 @@
  /initrd\.img.*		-l	gen_context(system_u:object_r:boot_t,s0)
  /vmlinuz.*		-l	gen_context(system_u:object_r:boot_t,s0)
@@ -4926,7 +4926,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.8/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/files.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/files.if	2009-03-09 17:56:08.718575000 -0400
 @@ -110,6 +110,11 @@
  ## </param>
  #
@@ -5244,7 +5244,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.6.8/policy/modules/kernel/files.te
 --- nsaserefpolicy/policy/modules/kernel/files.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/files.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/files.te	2009-03-09 17:56:08.720575000 -0400
 @@ -52,7 +52,9 @@
  #
  # etc_t is the type of the system etc directories.
@@ -5270,13 +5270,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.6.8/policy/modules/kernel/filesystem.fc
 --- nsaserefpolicy/policy/modules/kernel/filesystem.fc	2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/kernel/filesystem.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/filesystem.fc	2009-03-09 17:56:08.723572000 -0400
 @@ -1 +1 @@
 -# This module currently does not have any file contexts.
 +/dev/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.8/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-03-04 16:49:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/filesystem.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-03-09 17:54:21.350242000 -0400
++++ serefpolicy-3.6.8/policy/modules/kernel/filesystem.if	2009-03-09 17:56:08.726575000 -0400
 @@ -754,6 +754,7 @@
  		attribute noxattrfs;
  	')
@@ -5285,7 +5285,123 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	read_files_pattern($1, noxattrfs, noxattrfs)
  ')
  
-@@ -2173,6 +2174,7 @@
+@@ -796,7 +797,7 @@
+ ########################################
+ ## <summary>
+ ##	Do not audit attempts to read
+-##	files on a CIFS or SMB filesystem.
++##	dirs on a CIFS or SMB filesystem.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+@@ -804,52 +805,31 @@
+ ##	</summary>
+ ## </param>
+ #
+-interface(`fs_dontaudit_read_cifs_files',`
++interface(`fs_dontaudit_list_cifs_dirs',`
+ 	gen_require(`
+ 		type cifs_t;
+ 	')
+ 
+-	dontaudit $1 cifs_t:file read_file_perms;
++	dontaudit $1 cifs_t:dir list_dir_perms;
+ ')
+ 
+ ########################################
+ ## <summary>
+-##	Append files
+-##	on a CIFS filesystem.
+-## </summary>
+-## <param name="domain">
+-##	<summary>
+-##	Domain allowed access.
+-##	</summary>
+-## </param>
+-## <rolecap/>
+-#
+-interface(`fs_append_cifs_files',`
+-	gen_require(`
+-		type cifs_t;
+-	')
+-
+-	append_files_pattern($1, cifs_t, cifs_t)
+-')
+-
+-########################################
+-## <summary>
+-##	dontaudit Append files
+-##	on a CIFS filesystem.
++##	Do not audit attempts to read
++##	files on a CIFS or SMB filesystem.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+-##	Domain allowed access.
++##	Domain to not audit.
+ ##	</summary>
+ ## </param>
+-## <rolecap/>
+ #
+-interface(`fs_dontaudit_append_cifs_files',`
++interface(`fs_dontaudit_read_cifs_files',`
+ 	gen_require(`
+ 		type cifs_t;
+ 	')
+ 
+-	dontaudit $1 cifs_t:file append_file_perms;
++	dontaudit $1 cifs_t:file read_file_perms;
+ ')
+ 
+ ########################################
+@@ -1012,6 +992,46 @@
+ 
+ ########################################
+ ## <summary>
++##	Append files
++##	on a CIFS filesystem.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`fs_append_cifs_files',`
++	gen_require(`
++		type cifs_t;
++	')
++
++	append_files_pattern($1, cifs_t, cifs_t)
++')
++
++########################################
++## <summary>
++##	dontaudit Append files
++##	on a CIFS filesystem.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`fs_dontaudit_append_cifs_files',`
++	gen_require(`
++		type cifs_t;
++	')
++
++	dontaudit $1 cifs_t:file append_file_perms;
++')
++
++########################################
++## <summary>
+ ##	Do not audit attempts to create, read,
+ ##	write, and delete files
+ ##	on a CIFS or SMB network filesystem.
+@@ -2154,6 +2174,7 @@
  		type removable_t;
  	')
  
@@ -5293,7 +5409,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rw_blk_files_pattern($1, removable_t, removable_t)
  ')
  
-@@ -3322,6 +3324,7 @@
+@@ -3303,6 +3324,7 @@
  		type tmpfs_t;
  	')
  
@@ -5301,7 +5417,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	dontaudit $1 tmpfs_t:file rw_file_perms;
  ')
  
-@@ -3643,6 +3646,7 @@
+@@ -3624,6 +3646,7 @@
  	')
  
  	allow $1 filesystem_type:filesystem getattr;
@@ -5311,7 +5427,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.8/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/kernel.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/kernel.if	2009-03-09 17:56:08.730572000 -0400
 @@ -1197,6 +1197,26 @@
  	')
  
@@ -5436,8 +5552,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.8/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/kernel.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/kernel.te	2009-02-09 12:15:11.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/kernel.te	2009-03-09 17:56:08.733571000 -0400
 @@ -63,6 +63,15 @@
  genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
  
@@ -5538,8 +5654,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +files_boot(kernel_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.6.8/policy/modules/kernel/selinux.if
---- nsaserefpolicy/policy/modules/kernel/selinux.if	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/selinux.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/selinux.if	2009-02-09 12:15:11.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/selinux.if	2009-03-09 17:56:08.735572000 -0400
 @@ -40,7 +40,7 @@
  
  	# because of this statement, any module which
@@ -5599,7 +5715,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.8/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/terminal.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/terminal.if	2009-03-09 17:56:08.738572000 -0400
 @@ -173,7 +173,7 @@
  
  	dev_list_all_dev_nodes($1)
@@ -5623,7 +5739,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.6.8/policy/modules/roles/auditadm.te
 --- nsaserefpolicy/policy/modules/roles/auditadm.te	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/auditadm.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/auditadm.te	2009-03-09 17:56:08.740573000 -0400
 @@ -17,6 +17,8 @@
  
  allow auditadm_t self:capability { dac_read_search dac_override };
@@ -5794,12 +5910,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.6.8/policy/modules/roles/guest.fc
 --- nsaserefpolicy/policy/modules/roles/guest.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/guest.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/guest.fc	2009-03-09 17:56:08.743573000 -0400
 @@ -0,0 +1 @@
 +# file contexts handled by userdomain and genhomedircon
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.6.8/policy/modules/roles/guest.if
 --- nsaserefpolicy/policy/modules/roles/guest.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/guest.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/guest.if	2009-03-09 17:56:08.745573000 -0400
 @@ -0,0 +1,50 @@
 +## <summary>Least privledge terminal user role</summary>
 +
@@ -5853,7 +5969,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.6.8/policy/modules/roles/guest.te
 --- nsaserefpolicy/policy/modules/roles/guest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/guest.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/guest.te	2009-03-09 17:56:08.747575000 -0400
 @@ -0,0 +1,26 @@
 +
 +policy_module(guest, 1.0.0)
@@ -5883,12 +5999,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(guest_u, user, guest_r, s0, s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.6.8/policy/modules/roles/logadm.fc
 --- nsaserefpolicy/policy/modules/roles/logadm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/logadm.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/logadm.fc	2009-03-09 17:56:08.756572000 -0400
 @@ -0,0 +1 @@
 +# file contexts handled by userdomain and genhomedircon
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.if serefpolicy-3.6.8/policy/modules/roles/logadm.if
 --- nsaserefpolicy/policy/modules/roles/logadm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/logadm.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/logadm.if	2009-03-09 17:56:08.758572000 -0400
 @@ -0,0 +1,50 @@
 +## <summary>Log administrator role</summary>
 +
@@ -5942,7 +6058,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.te serefpolicy-3.6.8/policy/modules/roles/logadm.te
 --- nsaserefpolicy/policy/modules/roles/logadm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/logadm.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/logadm.te	2009-03-09 17:56:08.760572000 -0400
 @@ -0,0 +1,20 @@
 +
 +policy_module(logadm, 1.0.0)
@@ -5966,7 +6082,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +logging_admin(logadm_t, logadm_r)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.6.8/policy/modules/roles/secadm.te
 --- nsaserefpolicy/policy/modules/roles/secadm.te	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/secadm.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/secadm.te	2009-03-09 17:56:08.762572000 -0400
 @@ -45,154 +45,18 @@
  ')
  
@@ -6124,7 +6240,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.8/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/staff.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/staff.te	2009-03-09 17:56:08.764573000 -0400
 @@ -15,156 +15,88 @@
  # Local policy
  #
@@ -6315,8 +6431,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	virt_stream_connect(staff_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.8/policy/modules/roles/sysadm.if
---- nsaserefpolicy/policy/modules/roles/sysadm.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/sysadm.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/roles/sysadm.if	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/sysadm.if	2009-03-09 17:56:08.766575000 -0400
 @@ -116,41 +116,6 @@
  
  ########################################
@@ -6360,8 +6476,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	a specified domain.  This is an explicit transition,
  ##	requiring the caller to use setexeccon().
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.8/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/sysadm.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/roles/sysadm.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/sysadm.te	2009-03-09 17:56:08.769572000 -0400
 @@ -15,7 +15,7 @@
  
  role sysadm_r;
@@ -6650,7 +6766,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.8/policy/modules/roles/unprivuser.te
 --- nsaserefpolicy/policy/modules/roles/unprivuser.te	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/unprivuser.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/unprivuser.te	2009-03-09 17:56:08.771573000 -0400
 @@ -14,142 +14,13 @@
  userdom_unpriv_user_template(user)
  
@@ -6799,12 +6915,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.6.8/policy/modules/roles/webadm.fc
 --- nsaserefpolicy/policy/modules/roles/webadm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/webadm.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/webadm.fc	2009-03-09 17:56:08.773575000 -0400
 @@ -0,0 +1 @@
 +# No webadm file contexts.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.if serefpolicy-3.6.8/policy/modules/roles/webadm.if
 --- nsaserefpolicy/policy/modules/roles/webadm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/webadm.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/webadm.if	2009-03-09 17:56:08.775575000 -0400
 @@ -0,0 +1,50 @@
 +## <summary>Web administrator role</summary>
 +
@@ -6858,7 +6974,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.6.8/policy/modules/roles/webadm.te
 --- nsaserefpolicy/policy/modules/roles/webadm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/webadm.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/webadm.te	2009-03-09 17:56:08.777577000 -0400
 @@ -0,0 +1,64 @@
 +
 +policy_module(webadm, 1.0.0)
@@ -6926,12 +7042,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.fc serefpolicy-3.6.8/policy/modules/roles/xguest.fc
 --- nsaserefpolicy/policy/modules/roles/xguest.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/xguest.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/xguest.fc	2009-03-09 17:56:08.779577000 -0400
 @@ -0,0 +1 @@
 +# file contexts handled by userdomain and genhomedircon
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.if serefpolicy-3.6.8/policy/modules/roles/xguest.if
 --- nsaserefpolicy/policy/modules/roles/xguest.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/xguest.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/xguest.if	2009-03-09 17:56:08.782572000 -0400
 @@ -0,0 +1,50 @@
 +## <summary>Least privledge xwindows user role</summary>
 +
@@ -6985,7 +7101,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.8/policy/modules/roles/xguest.te
 --- nsaserefpolicy/policy/modules/roles/xguest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/xguest.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/roles/xguest.te	2009-03-09 17:56:08.784573000 -0400
 @@ -0,0 +1,87 @@
 +
 +policy_module(xguest, 1.0.0)
@@ -7076,7 +7192,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(xguest_u, user, xguest_r, s0, s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.8/policy/modules/services/afs.fc
 --- nsaserefpolicy/policy/modules/services/afs.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/afs.fc	2009-03-07 12:12:42.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/afs.fc	2009-03-09 17:56:08.786573000 -0400
 @@ -1,3 +1,6 @@
 +/etc/rc\.d/init\.d/openafs-client	--	gen_context(system_u:object_r:afs_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/afs	--	gen_context(system_u:object_r:afs_initrc_exec_t,s0)
@@ -7100,7 +7216,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/afs(/.*)?		gen_context(system_u:object_r:afs_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.6.8/policy/modules/services/afs.if
 --- nsaserefpolicy/policy/modules/services/afs.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/afs.if	2009-03-07 12:13:19.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/afs.if	2009-03-09 17:56:08.788575000 -0400
 @@ -1 +1,110 @@
  ## <summary>Andrew Filesystem server</summary>
 +
@@ -7213,8 +7329,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.8/policy/modules/services/afs.te
---- nsaserefpolicy/policy/modules/services/afs.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/afs.te	2009-03-07 12:12:29.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/afs.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/afs.te	2009-03-09 17:56:08.791572000 -0400
 @@ -6,6 +6,16 @@
  # Declarations
  #
@@ -7281,7 +7397,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive afs_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.8/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/apache.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/apache.fc	2009-03-09 17:56:08.793575000 -0400
 @@ -1,12 +1,13 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
 +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -7369,8 +7485,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/lib/rt3/data/RT-Shredder(/.*)?	gen_context(system_u:object_r:httpd_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.8/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/apache.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/apache.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/apache.if	2009-03-09 17:56:08.796573000 -0400
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -7904,8 +8020,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	typeattribute $1  httpd_rw_content;
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.8/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/apache.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/apache.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/apache.te	2009-03-09 17:56:08.800572000 -0400
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -8613,7 +8729,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +typealias httpd_var_run_t         alias httpd_fastcgi_var_run_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.6.8/policy/modules/services/apcupsd.fc
 --- nsaserefpolicy/policy/modules/services/apcupsd.fc	2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/apcupsd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/apcupsd.fc	2009-03-09 17:56:08.802575000 -0400
 @@ -5,6 +5,7 @@
  ')
  
@@ -8623,8 +8739,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/apcupsd\.events.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
  /var/log/apcupsd\.status.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.8/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/automount.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/automount.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/automount.te	2009-03-09 17:56:08.805572000 -0400
 @@ -71,6 +71,7 @@
  files_mounton_all_mountpoints(automount_t)
  files_mount_all_file_type_fs(automount_t)
@@ -8668,7 +8784,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.6.8/policy/modules/services/avahi.if
 --- nsaserefpolicy/policy/modules/services/avahi.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/avahi.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/avahi.if	2009-03-09 17:56:08.807572000 -0400
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -8721,8 +8837,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	avahi over dbus.
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.8/policy/modules/services/avahi.te
---- nsaserefpolicy/policy/modules/services/avahi.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/avahi.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/avahi.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/avahi.te	2009-03-09 17:56:08.809573000 -0400
 @@ -33,6 +33,7 @@
  allow avahi_t self:tcp_socket create_stream_socket_perms;
  allow avahi_t self:udp_socket create_socket_perms;
@@ -8741,7 +8857,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.8/policy/modules/services/bind.fc
 --- nsaserefpolicy/policy/modules/services/bind.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bind.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/bind.fc	2009-03-09 17:56:08.811577000 -0400
 @@ -1,17 +1,22 @@
  /etc/rc\.d/init\.d/named --	gen_context(system_u:object_r:named_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/unbound	--	gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -8775,7 +8891,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.8/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bind.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/bind.if	2009-03-09 17:56:08.814572000 -0400
 @@ -38,6 +38,42 @@
  
  ########################################
@@ -8873,8 +8989,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	admin_pattern($1, named_var_run_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.8/policy/modules/services/bind.te
---- nsaserefpolicy/policy/modules/services/bind.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bind.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/bind.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/bind.te	2009-03-09 17:56:08.816573000 -0400
 @@ -169,7 +169,7 @@
  ')
  
@@ -8886,7 +9002,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.6.8/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bluetooth.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/bluetooth.fc	2009-03-09 17:56:08.818577000 -0400
 @@ -15,6 +15,7 @@
  /usr/bin/hidd		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
  /usr/bin/rfcomm		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
@@ -8897,7 +9013,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/hid2hci	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.6.8/policy/modules/services/bluetooth.if
 --- nsaserefpolicy/policy/modules/services/bluetooth.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bluetooth.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/bluetooth.if	2009-03-09 17:56:08.821572000 -0400
 @@ -173,7 +173,7 @@
  interface(`bluetooth_admin',`
  	gen_require(`
@@ -8918,8 +9034,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	admin_pattern($1, bluetooth_var_lib_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.8/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bluetooth.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/bluetooth.te	2009-03-09 17:56:08.823573000 -0400
 @@ -93,6 +93,7 @@
  
  kernel_read_kernel_sysctls(bluetooth_t)
@@ -8943,7 +9059,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.6.8/policy/modules/services/certmaster.fc
 --- nsaserefpolicy/policy/modules/services/certmaster.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/certmaster.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/certmaster.fc	2009-03-09 17:56:08.826573000 -0400
 @@ -0,0 +1,9 @@
 +
 +/etc/rc\.d/init\.d/certmaster 		--   		gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
@@ -8956,7 +9072,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/certmaster(/.*)?  				gen_context(system_u:object_r:certmaster_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.6.8/policy/modules/services/certmaster.if
 --- nsaserefpolicy/policy/modules/services/certmaster.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/certmaster.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/certmaster.if	2009-03-09 17:56:08.828573000 -0400
 @@ -0,0 +1,123 @@
 +## <summary>policy for certmaster</summary>
 +
@@ -9083,7 +9199,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.6.8/policy/modules/services/certmaster.te
 --- nsaserefpolicy/policy/modules/services/certmaster.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/certmaster.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/certmaster.te	2009-03-09 17:56:08.830575000 -0400
 @@ -0,0 +1,79 @@
 +policy_module(certmaster,1.0.0)
 +
@@ -9166,7 +9282,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive certmaster_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.6.8/policy/modules/services/clamav.fc
 --- nsaserefpolicy/policy/modules/services/clamav.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/clamav.fc	2009-03-09 17:56:08.832575000 -0400
 @@ -1,20 +1,23 @@
  /etc/clamav(/.*)?			gen_context(system_u:object_r:clamd_etc_t,s0)
 +/etc/rc\.d/init\.d/clamd-wrapper	--	gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
@@ -9198,7 +9314,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/MailScanner(/.*)?	gen_context(system_u:object_r:clamd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.6.8/policy/modules/services/clamav.if
 --- nsaserefpolicy/policy/modules/services/clamav.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/clamav.if	2009-03-09 17:56:08.834577000 -0400
 @@ -38,6 +38,27 @@
  
  ########################################
@@ -9316,8 +9432,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.8/policy/modules/services/clamav.te
---- nsaserefpolicy/policy/modules/services/clamav.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/clamav.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/clamav.te	2009-03-09 17:56:08.837572000 -0400
 @@ -13,7 +13,10 @@
  
  # configuration files
@@ -9405,7 +9521,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.8/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/consolekit.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/consolekit.fc	2009-03-09 17:56:08.839573000 -0400
 @@ -1,3 +1,6 @@
  /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
  
@@ -9415,7 +9531,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.8/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/consolekit.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/consolekit.if	2009-03-09 17:56:08.841575000 -0400
 @@ -38,3 +38,24 @@
  	allow $1 consolekit_t:dbus send_msg;
  	allow consolekit_t $1:dbus send_msg;
@@ -9443,7 +9559,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.8/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/consolekit.te	2009-03-08 07:48:30.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/services/consolekit.te	2009-03-09 17:56:08.844571000 -0400
 @@ -13,6 +13,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -9554,8 +9670,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.8/policy/modules/services/courier.if
---- nsaserefpolicy/policy/modules/services/courier.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/courier.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/courier.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/courier.if	2009-03-09 17:56:08.846572000 -0400
 @@ -179,6 +179,24 @@
  
  ########################################
@@ -9582,8 +9698,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.8/policy/modules/services/courier.te
---- nsaserefpolicy/policy/modules/services/courier.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/courier.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/courier.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/courier.te	2009-03-09 17:56:08.848573000 -0400
 @@ -10,6 +10,7 @@
  
  type courier_etc_t;
@@ -9594,7 +9710,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.8/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cron.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cron.fc	2009-03-09 17:56:08.850575000 -0400
 @@ -1,3 +1,4 @@
 +/etc/rc\.d/init\.d/atd		--	gen_context(system_u:object_r:crond_initrc_exec_t,s0)
  
@@ -9628,7 +9744,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/rpmpkgs.*		--	gen_context(system_u:object_r:cron_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.8/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cron.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cron.if	2009-03-09 17:56:08.853572000 -0400
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -9930,8 +10046,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.8/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cron.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/cron.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cron.te	2009-03-09 17:56:08.856572000 -0400
 @@ -38,6 +38,10 @@
  type cron_var_lib_t;
  files_type(cron_var_lib_t)
@@ -10260,7 +10376,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.8/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/cups.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cups.fc	2009-03-09 17:56:08.858573000 -0400
 @@ -5,27 +5,38 @@
  /etc/cups/classes\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/cupsd\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -10336,7 +10452,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.6.8/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cups.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cups.if	2009-03-09 17:56:08.860575000 -0400
 @@ -20,6 +20,30 @@
  
  ########################################
@@ -10462,8 +10578,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	admin_pattern($1, hplip_var_run_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.8/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cups.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/cups.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cups.te	2009-03-09 17:56:08.863575000 -0400
 @@ -20,9 +20,18 @@
  type cupsd_etc_t;
  files_config_file(cupsd_etc_t)
@@ -10870,7 +10986,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.6.8/policy/modules/services/cvs.if
 --- nsaserefpolicy/policy/modules/services/cvs.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cvs.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cvs.if	2009-03-09 17:56:08.866572000 -0400
 @@ -15,7 +15,9 @@
  		type cvs_data_t;
  	')
@@ -10883,8 +10999,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.8/policy/modules/services/cvs.te
---- nsaserefpolicy/policy/modules/services/cvs.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cvs.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/cvs.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/cvs.te	2009-03-09 17:56:08.868572000 -0400
 @@ -112,4 +112,5 @@
  	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
  	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -10893,7 +11009,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.6.8/policy/modules/services/dbus.fc
 --- nsaserefpolicy/policy/modules/services/dbus.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dbus.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dbus.fc	2009-03-09 17:56:08.870573000 -0400
 @@ -4,6 +4,9 @@
  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
@@ -10905,8 +11021,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.8/policy/modules/services/dbus.if
---- nsaserefpolicy/policy/modules/services/dbus.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dbus.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/dbus.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dbus.if	2009-03-09 17:56:08.873571000 -0400
 @@ -44,6 +44,7 @@
  
  		attribute session_bus_type;
@@ -11092,8 +11208,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 system_dbusd_t:fd use;
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.8/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dbus.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/dbus.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dbus.te	2009-03-09 17:56:08.875572000 -0400
 @@ -9,14 +9,15 @@
  #
  # Delcarations
@@ -11222,8 +11338,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.8/policy/modules/services/dcc.te
---- nsaserefpolicy/policy/modules/services/dcc.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dcc.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/dcc.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dcc.te	2009-03-09 17:56:08.877573000 -0400
 @@ -137,6 +137,7 @@
  
  corenet_all_recvfrom_unlabeled(dcc_client_t)
@@ -11234,7 +11350,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_udp_sendrecv_all_ports(dcc_client_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.8/policy/modules/services/devicekit.fc
 --- nsaserefpolicy/policy/modules/services/devicekit.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/devicekit.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/devicekit.fc	2009-03-09 17:56:08.880572000 -0400
 @@ -0,0 +1,7 @@
 +
 +/usr/libexec/devkit-daemon	--	gen_context(system_u:object_r:devicekit_exec_t,s0)
@@ -11245,7 +11361,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/devkit(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.8/policy/modules/services/devicekit.if
 --- nsaserefpolicy/policy/modules/services/devicekit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/devicekit.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/devicekit.if	2009-03-09 17:56:08.882572000 -0400
 @@ -0,0 +1,177 @@
 +
 +## <summary>policy for devicekit</summary>
@@ -11426,7 +11542,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.8/policy/modules/services/devicekit.te
 --- nsaserefpolicy/policy/modules/services/devicekit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/devicekit.te	2009-03-09 12:17:01.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/services/devicekit.te	2009-03-09 17:56:08.884573000 -0400
 @@ -0,0 +1,138 @@
 +policy_module(devicekit,1.0.0)
 +
@@ -11568,7 +11684,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.6.8/policy/modules/services/dhcp.if
 --- nsaserefpolicy/policy/modules/services/dhcp.if	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dhcp.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dhcp.if	2009-03-09 17:56:08.886573000 -0400
 @@ -22,6 +22,25 @@
  
  ########################################
@@ -11597,7 +11713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.6.8/policy/modules/services/dnsmasq.fc
 --- nsaserefpolicy/policy/modules/services/dnsmasq.fc	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.fc	2009-03-09 17:56:08.888575000 -0400
 @@ -5,3 +5,4 @@
  /var/lib/misc/dnsmasq\.leases	--	gen_context(system_u:object_r:dnsmasq_lease_t,s0)
  /var/lib/dnsmasq(/.*)?			gen_context(system_u:object_r:dnsmasq_lease_t,s0)
@@ -11605,7 +11721,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.6.8/policy/modules/services/dnsmasq.if
 --- nsaserefpolicy/policy/modules/services/dnsmasq.if	2008-11-18 18:57:21.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.if	2009-03-09 17:56:08.890577000 -0400
 @@ -22,6 +22,25 @@
  
  ########################################
@@ -11705,8 +11821,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	an dnsmasq environment
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.8/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.te	2009-03-09 17:56:08.893572000 -0400
 @@ -69,21 +69,22 @@
  
  # allow access to dnsmasq.conf
@@ -11741,7 +11857,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.6.8/policy/modules/services/dovecot.fc
 --- nsaserefpolicy/policy/modules/services/dovecot.fc	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dovecot.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dovecot.fc	2009-03-09 17:56:08.895573000 -0400
 @@ -6,6 +6,7 @@
  /etc/dovecot\.passwd.*			gen_context(system_u:object_r:dovecot_passwd_t,s0)
  
@@ -11777,7 +11893,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.8/policy/modules/services/dovecot.if
 --- nsaserefpolicy/policy/modules/services/dovecot.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dovecot.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dovecot.if	2009-03-09 17:56:08.897575000 -0400
 @@ -21,7 +21,46 @@
  
  ########################################
@@ -11888,8 +12004,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.8/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dovecot.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/dovecot.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/dovecot.te	2009-03-09 17:56:08.900572000 -0400
 @@ -15,12 +15,21 @@
  domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -12074,7 +12190,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.6.8/policy/modules/services/exim.if
 --- nsaserefpolicy/policy/modules/services/exim.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/exim.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/exim.if	2009-03-09 17:56:08.909574000 -0400
 @@ -97,6 +97,26 @@
  
  ########################################
@@ -12127,8 +12243,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_search_spool($1)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.8/policy/modules/services/exim.te
---- nsaserefpolicy/policy/modules/services/exim.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/exim.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/exim.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/exim.te	2009-03-09 17:56:08.912572000 -0400
 @@ -21,9 +21,20 @@
  ## </desc>
  gen_tunable(exim_manage_user_files, false)
@@ -12284,8 +12400,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	spamassassin_exec_client(exim_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.8/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ftp.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/ftp.te	2009-02-09 12:15:17.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ftp.te	2009-03-09 17:56:08.914573000 -0400
 @@ -26,7 +26,7 @@
  ## <desc>
  ## <p>
@@ -12395,14 +12511,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.8/policy/modules/services/gnomeclock.fc
 --- nsaserefpolicy/policy/modules/services/gnomeclock.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.fc	2009-03-09 17:56:08.917572000 -0400
 @@ -0,0 +1,3 @@
 +
 +/usr/libexec/gnome-clock-applet-mechanism	--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.8/policy/modules/services/gnomeclock.if
 --- nsaserefpolicy/policy/modules/services/gnomeclock.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.if	2009-03-09 17:56:08.919572000 -0400
 @@ -0,0 +1,69 @@
 +
 +## <summary>policy for gnomeclock</summary>
@@ -12475,7 +12591,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.8/policy/modules/services/gnomeclock.te
 --- nsaserefpolicy/policy/modules/services/gnomeclock.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.te	2009-03-09 17:56:08.921572000 -0400
 @@ -0,0 +1,51 @@
 +policy_module(gnomeclock, 1.0.0)
 +########################################
@@ -12530,14 +12646,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.8/policy/modules/services/gpsd.fc
 --- nsaserefpolicy/policy/modules/services/gpsd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gpsd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.fc	2009-03-09 17:56:08.923573000 -0400
 @@ -0,0 +1,3 @@
 +
 +/usr/sbin/gpsd                 --      gen_context(system_u:object_r:gpsd_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.8/policy/modules/services/gpsd.if
 --- nsaserefpolicy/policy/modules/services/gpsd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gpsd.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.if	2009-03-09 17:56:08.925573000 -0400
 @@ -0,0 +1,83 @@
 +## <summary>gpsd monitor daemon</summary>
 +
@@ -12624,7 +12740,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.8/policy/modules/services/gpsd.te
 --- nsaserefpolicy/policy/modules/services/gpsd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gpsd.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.te	2009-03-09 17:56:08.927573000 -0400
 @@ -0,0 +1,52 @@
 +policy_module(gpsd,1.0.0)
 +
@@ -12680,7 +12796,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.8/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/hal.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/hal.fc	2009-03-09 17:56:08.929573000 -0400
 @@ -5,6 +5,7 @@
  /usr/bin/hal-setup-keymap		--	gen_context(system_u:object_r:hald_keymap_exec_t,s0)
  
@@ -12691,7 +12807,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.8/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/hal.if	2009-03-09 16:17:22.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/services/hal.if	2009-03-09 17:56:08.931575000 -0400
 @@ -20,6 +20,24 @@
  
  ########################################
@@ -12793,8 +12909,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.8/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/hal.te	2009-03-09 12:14:34.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hal.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/hal.te	2009-03-09 17:56:08.934572000 -0400
 @@ -49,6 +49,15 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -12966,7 +13082,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive hald_dccm_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.8/policy/modules/services/ifplugd.fc
 --- nsaserefpolicy/policy/modules/services/ifplugd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ifplugd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ifplugd.fc	2009-03-09 17:56:08.936577000 -0400
 @@ -0,0 +1,9 @@
 +
 +/etc/ifplugd(/.*)?	                gen_context(system_u:object_r:ifplugd_etc_t,s0)
@@ -12979,7 +13095,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.8/policy/modules/services/ifplugd.if
 --- nsaserefpolicy/policy/modules/services/ifplugd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ifplugd.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ifplugd.if	2009-03-09 17:56:08.939572000 -0400
 @@ -0,0 +1,194 @@
 +## <summary>policy for ifplugd</summary>
 +
@@ -13177,7 +13293,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.8/policy/modules/services/ifplugd.te
 --- nsaserefpolicy/policy/modules/services/ifplugd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ifplugd.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ifplugd.te	2009-03-09 17:56:08.941572000 -0400
 @@ -0,0 +1,89 @@
 +policy_module(ifplugd,1.0.0)
 +
@@ -13270,7 +13386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.8/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/kerberos.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/kerberos.fc	2009-03-09 17:56:08.943574000 -0400
 @@ -21,6 +21,7 @@
  /var/kerberos/krb5kdc/from_master.*	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
  /var/kerberos/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -13280,8 +13396,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/krb5kdc\.log			gen_context(system_u:object_r:krb5kdc_log_t,s0)
  /var/log/kadmin(d)?\.log		gen_context(system_u:object_r:kadmind_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.8/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/kerberos.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/kerberos.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/kerberos.te	2009-03-09 17:56:08.945577000 -0400
 @@ -290,6 +290,7 @@
  corenet_tcp_sendrecv_generic_node(kpropd_t)
  corenet_tcp_sendrecv_all_ports(kpropd_t)
@@ -13292,7 +13408,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.8/policy/modules/services/kerneloops.if
 --- nsaserefpolicy/policy/modules/services/kerneloops.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/kerneloops.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/kerneloops.if	2009-03-09 17:56:08.948572000 -0400
 @@ -63,6 +63,25 @@
  
  ########################################
@@ -13336,8 +13452,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.8/policy/modules/services/kerneloops.te
---- nsaserefpolicy/policy/modules/services/kerneloops.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/kerneloops.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/kerneloops.te	2009-02-09 12:15:17.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/kerneloops.te	2009-03-09 17:56:08.950572000 -0400
 @@ -13,6 +13,9 @@
  type kerneloops_initrc_exec_t;
  init_script_file(kerneloops_initrc_exec_t)
@@ -13371,8 +13487,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	dbus_system_domain(kerneloops_t, kerneloops_exec_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.8/policy/modules/services/ktalk.te
---- nsaserefpolicy/policy/modules/services/ktalk.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ktalk.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/ktalk.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ktalk.te	2009-03-09 17:56:08.952581000 -0400
 @@ -69,6 +69,7 @@
  files_read_etc_files(ktalkd_t)
  
@@ -13383,15 +13499,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.8/policy/modules/services/mailman.fc
 --- nsaserefpolicy/policy/modules/services/mailman.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/mailman.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mailman.fc	2009-03-09 17:56:08.955571000 -0400
 @@ -31,3 +31,4 @@
  /var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
  /var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
  ')
 +/usr/lib/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.8/policy/modules/services/mailman.if
---- nsaserefpolicy/policy/modules/services/mailman.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mailman.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/mailman.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mailman.if	2009-03-09 17:56:08.966574000 -0400
 @@ -31,6 +31,12 @@
  	allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
  	allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -13456,8 +13572,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.8/policy/modules/services/mailman.te
---- nsaserefpolicy/policy/modules/services/mailman.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mailman.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/mailman.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mailman.te	2009-03-09 17:56:08.968582000 -0400
 @@ -53,10 +53,8 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -13526,7 +13642,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.8/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/mta.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mta.fc	2009-03-09 17:56:08.970583000 -0400
 @@ -1,4 +1,4 @@
 -/bin/mail		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 +/bin/mail(x)?		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -13556,8 +13672,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -#/var/spool/postfix(/.*)?	gen_context(system_u:object_r:mail_spool_t,s0)
 -#')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.8/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mta.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/mta.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mta.if	2009-03-09 17:56:08.973576000 -0400
 @@ -130,6 +130,15 @@
  		sendmail_create_log($1_mail_t)
  	')
@@ -13626,8 +13742,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.8/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mta.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/mta.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mta.te	2009-03-09 17:56:08.976571000 -0400
 @@ -47,34 +47,49 @@
  #
  
@@ -13772,7 +13888,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # User send mail local policy
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.8/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/munin.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/munin.fc	2009-03-09 17:56:08.978574000 -0400
 @@ -1,4 +1,5 @@
  /etc/munin(/.*)?			gen_context(system_u:object_r:munin_etc_t,s0)
 +/etc/rc\.d/init\.d/munin-node	--	gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -13792,7 +13908,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.8/policy/modules/services/munin.if
 --- nsaserefpolicy/policy/modules/services/munin.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/munin.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/munin.if	2009-03-09 17:56:08.980576000 -0400
 @@ -80,3 +80,76 @@
  
  	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
@@ -13871,8 +13987,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.8/policy/modules/services/munin.te
---- nsaserefpolicy/policy/modules/services/munin.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/munin.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/munin.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/munin.te	2009-03-09 17:56:08.982577000 -0400
 @@ -13,6 +13,9 @@
  type munin_etc_t alias lrrd_etc_t;
  files_config_file(munin_etc_t)
@@ -14009,7 +14125,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.6.8/policy/modules/services/mysql.fc
 --- nsaserefpolicy/policy/modules/services/mysql.fc	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mysql.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mysql.fc	2009-03-09 17:56:08.985572000 -0400
 @@ -12,6 +12,8 @@
  #
  /usr/libexec/mysqld	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
@@ -14021,7 +14137,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.6.8/policy/modules/services/mysql.if
 --- nsaserefpolicy/policy/modules/services/mysql.if	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mysql.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mysql.if	2009-03-09 17:56:08.987572000 -0400
 @@ -161,6 +161,25 @@
  	allow $1 mysqld_db_t:sock_file rw_sock_file_perms;
  ')
@@ -14058,8 +14174,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.8/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mysql.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/mysql.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/mysql.te	2009-03-09 17:56:08.989575000 -0400
 @@ -10,6 +10,10 @@
  type mysqld_exec_t;
  init_daemon_domain(mysqld_t, mysqld_exec_t)
@@ -14119,7 +14235,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.8/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nagios.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nagios.fc	2009-03-09 17:56:08.991576000 -0400
 @@ -1,16 +1,19 @@
  /etc/nagios(/.*)?			gen_context(system_u:object_r:nagios_etc_t,s0)
  /etc/nagios/nrpe\.cfg		--	gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -14146,7 +14262,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.8/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nagios.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nagios.if	2009-03-09 17:56:08.994572000 -0400
 @@ -44,7 +44,7 @@
  
  ########################################
@@ -14267,8 +14383,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	admin_pattern($1, nrpe_etc_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.8/policy/modules/services/nagios.te
---- nsaserefpolicy/policy/modules/services/nagios.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nagios.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/nagios.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nagios.te	2009-03-09 17:56:08.996573000 -0400
 @@ -10,13 +10,12 @@
  type nagios_exec_t;
  init_daemon_domain(nagios_t, nagios_exec_t)
@@ -14366,7 +14482,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.8/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/networkmanager.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/networkmanager.fc	2009-03-09 17:56:08.998575000 -0400
 @@ -1,12 +1,25 @@
 +/etc/rc\.d/init\.d/wicd		--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -14395,7 +14511,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.8/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/networkmanager.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/networkmanager.if	2009-03-09 17:56:09.000577000 -0400
 @@ -118,6 +118,24 @@
  
  ########################################
@@ -14453,8 +14569,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.8/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/networkmanager.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/networkmanager.te	2009-03-09 17:56:13.927172000 -0400
 @@ -19,6 +19,9 @@
  type NetworkManager_tmp_t;
  files_tmp_file(NetworkManager_tmp_t)
@@ -14668,7 +14784,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -184,7 +259,9 @@
+@@ -179,12 +254,15 @@
+ ')
+ 
+ optional_policy(`
++	udev_exec(NetworkManager_t)
+ 	udev_read_db(NetworkManager_t)
+ ')
  
  optional_policy(`
  	vpn_domtrans(NetworkManager_t)
@@ -14680,7 +14802,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.8/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nis.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nis.fc	2009-03-09 17:56:09.005575000 -0400
 @@ -1,9 +1,13 @@
 -
 +/etc/rc\.d/init\.d/ypbind	--	gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -14697,8 +14819,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/rpc\.yppasswdd --	gen_context(system_u:object_r:yppasswdd_exec_t,s0)
  /usr/sbin/rpc\.ypxfrd	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.8/policy/modules/services/nis.if
---- nsaserefpolicy/policy/modules/services/nis.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nis.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/nis.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nis.if	2009-03-09 17:56:09.008571000 -0400
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -14877,8 +14999,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.8/policy/modules/services/nis.te
---- nsaserefpolicy/policy/modules/services/nis.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nis.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/nis.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nis.te	2009-03-09 17:56:09.010572000 -0400
 @@ -13,6 +13,9 @@
  type ypbind_exec_t;
  init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -14955,7 +15077,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_all_ports(ypxfr_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.8/policy/modules/services/nscd.fc
 --- nsaserefpolicy/policy/modules/services/nscd.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nscd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nscd.fc	2009-03-09 17:56:09.012575000 -0400
 @@ -1,3 +1,4 @@
 +/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
  
@@ -14963,7 +15085,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.8/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nscd.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nscd.if	2009-03-09 17:56:09.031572000 -0400
 @@ -58,6 +58,42 @@
  
  ########################################
@@ -15087,8 +15209,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.8/policy/modules/services/nscd.te
---- nsaserefpolicy/policy/modules/services/nscd.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nscd.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/nscd.te	2009-02-09 12:15:17.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nscd.te	2009-03-09 17:56:09.033575000 -0400
 @@ -20,6 +20,9 @@
  type nscd_exec_t;
  init_daemon_domain(nscd_t, nscd_exec_t)
@@ -15187,7 +15309,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.8/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ntp.if	2009-03-09 17:56:09.035577000 -0400
 @@ -37,6 +37,32 @@
  
  ########################################
@@ -15286,8 +15408,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	an ntp environment
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.8/policy/modules/services/ntp.te
---- nsaserefpolicy/policy/modules/services/ntp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/ntp.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ntp.te	2009-03-09 17:56:09.038572000 -0400
 @@ -25,6 +25,9 @@
  type ntpd_tmp_t;
  files_tmp_file(ntpd_tmp_t)
@@ -15353,8 +15475,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	firstboot_dontaudit_rw_pipes(ntpd_t)
  	firstboot_dontaudit_rw_stream_sockets(ntpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.8/policy/modules/services/nx.te
---- nsaserefpolicy/policy/modules/services/nx.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nx.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/nx.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/nx.te	2009-03-09 17:56:09.040572000 -0400
 @@ -25,6 +25,9 @@
  type nx_server_var_run_t;
  files_pid_file(nx_server_var_run_t)
@@ -15377,7 +15499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.8/policy/modules/services/oddjob.fc
 --- nsaserefpolicy/policy/modules/services/oddjob.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/oddjob.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/oddjob.fc	2009-03-09 17:56:09.042573000 -0400
 @@ -1,4 +1,4 @@
 -/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 +/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -15386,7 +15508,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.8/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/oddjob.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/oddjob.if	2009-03-09 17:56:09.044575000 -0400
 @@ -44,6 +44,7 @@
  	')
  
@@ -15426,7 +15548,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.8/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/oddjob.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/oddjob.te	2009-03-09 17:56:09.047572000 -0400
 @@ -10,14 +10,21 @@
  type oddjob_exec_t;
  domain_type(oddjob_t)
@@ -15485,7 +15607,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.6.8/policy/modules/services/openvpn.fc
 --- nsaserefpolicy/policy/modules/services/openvpn.fc	2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/openvpn.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/openvpn.fc	2009-03-09 17:56:09.049573000 -0400
 @@ -2,6 +2,7 @@
  # /etc
  #
@@ -15496,7 +15618,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.6.8/policy/modules/services/openvpn.if
 --- nsaserefpolicy/policy/modules/services/openvpn.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/openvpn.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/openvpn.if	2009-03-09 17:56:09.051573000 -0400
 @@ -46,6 +46,24 @@
  
  ########################################
@@ -15548,8 +15670,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	OpenVPN configuration files.
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.8/policy/modules/services/openvpn.te
---- nsaserefpolicy/policy/modules/services/openvpn.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/openvpn.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/openvpn.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/openvpn.te	2009-03-09 17:56:09.053575000 -0400
 @@ -22,6 +22,9 @@
  type openvpn_etc_t;
  files_config_file(openvpn_etc_t)
@@ -15593,7 +15715,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.8/policy/modules/services/pads.fc
 --- nsaserefpolicy/policy/modules/services/pads.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pads.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pads.fc	2009-03-09 17:56:09.056572000 -0400
 @@ -0,0 +1,12 @@
 +
 +/etc/pads-ether-codes   --      gen_context(system_u:object_r:pads_config_t, s0)
@@ -15609,7 +15731,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.8/policy/modules/services/pads.if
 --- nsaserefpolicy/policy/modules/services/pads.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pads.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pads.if	2009-03-09 17:56:09.058573000 -0400
 @@ -0,0 +1,10 @@
 +## <summary>SELinux policy for PADS daemon.</summary>
 +## <desc>
@@ -15623,7 +15745,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.8/policy/modules/services/pads.te
 --- nsaserefpolicy/policy/modules/services/pads.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pads.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pads.te	2009-03-09 17:56:09.060573000 -0400
 @@ -0,0 +1,65 @@
 +
 +policy_module(pads, 0.0.1) 
@@ -15692,7 +15814,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.fc serefpolicy-3.6.8/policy/modules/services/pcscd.fc
 --- nsaserefpolicy/policy/modules/services/pcscd.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/pcscd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pcscd.fc	2009-03-09 17:56:09.062572000 -0400
 @@ -1,5 +1,6 @@
  /var/run/pcscd\.comm	-s	gen_context(system_u:object_r:pcscd_var_run_t,s0)
  /var/run/pcscd\.pid	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
@@ -15701,8 +15823,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/sbin/pcscd		--	gen_context(system_u:object_r:pcscd_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.8/policy/modules/services/pcscd.te
---- nsaserefpolicy/policy/modules/services/pcscd.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pcscd.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/pcscd.te	2009-02-09 12:15:17.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pcscd.te	2009-03-09 17:56:09.064573000 -0400
 @@ -27,9 +27,10 @@
  allow pcscd_t self:unix_dgram_socket create_socket_perms;
  allow pcscd_t self:tcp_socket create_stream_socket_perms;
@@ -15731,8 +15853,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	openct_read_pid_files(pcscd_t)
  	openct_signull(pcscd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.8/policy/modules/services/pegasus.te
---- nsaserefpolicy/policy/modules/services/pegasus.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pegasus.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/pegasus.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pegasus.te	2009-03-09 17:56:09.066575000 -0400
 @@ -30,7 +30,7 @@
  # Local policy
  #
@@ -15806,7 +15928,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.8/policy/modules/services/pingd.fc
 --- nsaserefpolicy/policy/modules/services/pingd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pingd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pingd.fc	2009-03-09 17:56:09.069572000 -0400
 @@ -0,0 +1,11 @@
 +
 +/etc/pingd.conf				--	gen_context(system_u:object_r:pingd_etc_t,s0)
@@ -15821,7 +15943,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.8/policy/modules/services/pingd.if
 --- nsaserefpolicy/policy/modules/services/pingd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pingd.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pingd.if	2009-03-09 17:56:09.071572000 -0400
 @@ -0,0 +1,99 @@
 +## <summary>policy for pingd</summary>
 +
@@ -15924,7 +16046,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.6.8/policy/modules/services/pingd.te
 --- nsaserefpolicy/policy/modules/services/pingd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pingd.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pingd.te	2009-03-09 17:56:09.073573000 -0400
 @@ -0,0 +1,54 @@
 +policy_module(pingd,1.0.0)
 +
@@ -15982,7 +16104,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.8/policy/modules/services/polkit.fc
 --- nsaserefpolicy/policy/modules/services/polkit.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/polkit.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/polkit.fc	2009-03-09 17:56:09.075573000 -0400
 @@ -0,0 +1,11 @@
 +
 +/usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -15997,7 +16119,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/misc/PolicyKit.reload			gen_context(system_u:object_r:polkit_reload_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.8/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/polkit.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/polkit.if	2009-03-09 17:56:09.084568000 -0400
 @@ -0,0 +1,241 @@
 +
 +## <summary>policy for polkit_auth</summary>
@@ -16242,7 +16364,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.8/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/polkit.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/polkit.te	2009-03-09 17:56:09.086567000 -0400
 @@ -0,0 +1,237 @@
 +policy_module(polkit_auth, 1.0.0)
 +
@@ -16483,7 +16605,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.8/policy/modules/services/portreserve.fc
 --- nsaserefpolicy/policy/modules/services/portreserve.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/portreserve.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/portreserve.fc	2009-03-09 17:56:09.088567000 -0400
 @@ -0,0 +1,12 @@
 +# portreserve executable will have:
 +# label: system_u:object_r:portreserve_exec_t
@@ -16499,7 +16621,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.6.8/policy/modules/services/portreserve.if
 --- nsaserefpolicy/policy/modules/services/portreserve.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/portreserve.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/portreserve.if	2009-03-09 17:56:09.090565000 -0400
 @@ -0,0 +1,66 @@
 +## <summary>policy for portreserve</summary>
 +
@@ -16569,7 +16691,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.8/policy/modules/services/portreserve.te
 --- nsaserefpolicy/policy/modules/services/portreserve.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/portreserve.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/portreserve.te	2009-03-09 17:56:09.092565000 -0400
 @@ -0,0 +1,51 @@
 +policy_module(portreserve,1.0.0)
 +
@@ -16624,7 +16746,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#domain_use_interactive_fds(portreserve_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.8/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/postfix.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/postfix.fc	2009-03-09 17:56:09.094561000 -0400
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -16639,8 +16761,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.8/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postfix.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/postfix.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/postfix.if	2009-03-09 17:56:09.097555000 -0400
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -16835,8 +16957,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.8/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postfix.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/postfix.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/postfix.te	2009-03-09 17:56:09.100552000 -0400
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -17186,7 +17308,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.8/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/postgresql.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/postgresql.fc	2009-03-09 17:56:09.102551000 -0400
 @@ -2,6 +2,7 @@
  # /etc
  #
@@ -17197,7 +17319,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /usr
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.8/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postgresql.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/postgresql.if	2009-03-09 17:56:09.104551000 -0400
 @@ -351,3 +351,46 @@
  
  	typeattribute $1 sepgsql_unconfined_type;
@@ -17246,8 +17368,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	admin_pattern($1, postgresql_tmp_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.8/policy/modules/services/postgresql.te
---- nsaserefpolicy/policy/modules/services/postgresql.te	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postgresql.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/postgresql.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/postgresql.te	2009-03-09 17:56:09.107545000 -0400
 @@ -32,6 +32,9 @@
  type postgresql_etc_t;
  files_config_file(postgresql_etc_t)
@@ -17303,7 +17425,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.8/policy/modules/services/ppp.fc
 --- nsaserefpolicy/policy/modules/services/ppp.fc	2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/ppp.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ppp.fc	2009-03-09 17:56:09.109544000 -0400
 @@ -1,7 +1,7 @@
  #
  # /etc
@@ -17326,7 +17448,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /sbin
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.8/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ppp.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ppp.if	2009-03-09 17:56:09.112539000 -0400
 @@ -58,6 +58,25 @@
  
  ########################################
@@ -17428,8 +17550,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	admin_pattern($1, pptp_var_run_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.8/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ppp.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/ppp.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ppp.te	2009-03-09 17:56:09.114539000 -0400
 @@ -37,8 +37,8 @@
  type pppd_etc_rw_t;
  files_type(pppd_etc_rw_t)
@@ -17567,7 +17689,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.8/policy/modules/services/prelude.fc
 --- nsaserefpolicy/policy/modules/services/prelude.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/prelude.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/prelude.fc	2009-03-09 17:56:09.116539000 -0400
 @@ -1,3 +1,9 @@
 +/etc/prelude-correlator(/.*)?   gen_context(system_u:object_r:prelude_correlator_config_t, s0)
 +
@@ -17596,7 +17718,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.8/policy/modules/services/prelude.if
 --- nsaserefpolicy/policy/modules/services/prelude.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/prelude.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/prelude.if	2009-03-09 17:56:09.119533000 -0400
 @@ -6,7 +6,7 @@
  ## </summary>
  ## <param name="domain">
@@ -17710,8 +17832,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	admin_pattern($1, prelude_lml_var_run_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.8/policy/modules/services/prelude.te
---- nsaserefpolicy/policy/modules/services/prelude.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/prelude.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/prelude.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/prelude.te	2009-03-09 17:56:09.121532000 -0400
 @@ -13,25 +13,57 @@
  type prelude_spool_t;
  files_type(prelude_spool_t)
@@ -17982,8 +18104,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	optional_policy(`
  		mysql_search_db(httpd_prewikka_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.8/policy/modules/services/procmail.te
---- nsaserefpolicy/policy/modules/services/procmail.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/procmail.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/procmail.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/procmail.te	2009-03-09 17:56:09.123533000 -0400
 @@ -77,6 +77,7 @@
  files_read_usr_files(procmail_t)
  
@@ -18013,7 +18135,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.fc serefpolicy-3.6.8/policy/modules/services/psad.fc
 --- nsaserefpolicy/policy/modules/services/psad.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/psad.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/psad.fc	2009-03-09 17:56:09.126527000 -0400
 @@ -0,0 +1,17 @@
 +
 +
@@ -18034,7 +18156,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/psad(/.*)?  					gen_context(system_u:object_r:psad_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.6.8/policy/modules/services/psad.if
 --- nsaserefpolicy/policy/modules/services/psad.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/psad.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/psad.if	2009-03-09 17:56:09.128527000 -0400
 @@ -0,0 +1,304 @@
 +## <summary>Psad SELinux policy</summary>
 +
@@ -18342,7 +18464,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.6.8/policy/modules/services/psad.te
 --- nsaserefpolicy/policy/modules/services/psad.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/psad.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/psad.te	2009-03-09 17:56:09.131521000 -0400
 @@ -0,0 +1,107 @@
 +policy_module(psad,1.0.0) 
 +
@@ -18453,7 +18575,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.8/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pyzor.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pyzor.fc	2009-03-09 17:56:09.132525000 -0400
 @@ -1,6 +1,8 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -18465,7 +18587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.8/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pyzor.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pyzor.if	2009-03-09 17:56:09.135517000 -0400
 @@ -88,3 +88,50 @@
  	corecmd_search_bin($1)
  	can_exec($1, pyzor_exec_t)
@@ -18518,8 +18640,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.8/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pyzor.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/pyzor.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/pyzor.te	2009-03-09 17:56:09.137515000 -0400
 @@ -6,6 +6,38 @@
  # Declarations
  #
@@ -18577,8 +18699,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.8/policy/modules/services/radvd.te
---- nsaserefpolicy/policy/modules/services/radvd.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/radvd.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/radvd.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/radvd.te	2009-03-09 17:56:09.139515000 -0400
 @@ -22,7 +22,7 @@
  #
  # Local policy
@@ -18589,8 +18711,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow radvd_t self:process signal_perms;
  allow radvd_t self:unix_dgram_socket create_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.8/policy/modules/services/razor.if
---- nsaserefpolicy/policy/modules/services/razor.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/razor.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/razor.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/razor.if	2009-03-09 17:56:09.141514000 -0400
 @@ -157,3 +157,45 @@
  
  	domtrans_pattern($1, razor_exec_t, razor_t)
@@ -18638,8 +18760,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.8/policy/modules/services/razor.te
---- nsaserefpolicy/policy/modules/services/razor.te	2009-01-19 11:07:32.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/razor.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/razor.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/razor.te	2009-03-09 17:56:09.144508000 -0400
 @@ -6,6 +6,32 @@
  # Declarations
  #
@@ -18680,8 +18802,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.8/policy/modules/services/ricci.te
---- nsaserefpolicy/policy/modules/services/ricci.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ricci.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/ricci.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ricci.te	2009-03-09 17:56:09.146508000 -0400
 @@ -133,6 +133,8 @@
  
  dev_read_urand(ricci_t)
@@ -18787,8 +18909,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	ccs_stream_connect(ricci_modstorage_t)
  	ccs_read_config(ricci_modstorage_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.8/policy/modules/services/rlogin.te
---- nsaserefpolicy/policy/modules/services/rlogin.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rlogin.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/rlogin.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/rlogin.te	2009-03-09 17:56:09.149502000 -0400
 @@ -91,10 +91,22 @@
  remotelogin_signal(rlogind_t)
  
@@ -18816,7 +18938,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.6.8/policy/modules/services/rpc.fc
 --- nsaserefpolicy/policy/modules/services/rpc.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/rpc.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/rpc.fc	2009-03-09 17:56:09.151501000 -0400
 @@ -13,6 +13,7 @@
  # /usr
  #
@@ -18826,8 +18948,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/rpc\.mountd	--	gen_context(system_u:object_r:nfsd_exec_t,s0)
  /usr/sbin/rpc\.nfsd	--	gen_context(system_u:object_r:nfsd_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.8/policy/modules/services/rpc.if
---- nsaserefpolicy/policy/modules/services/rpc.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rpc.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/rpc.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/rpc.if	2009-03-09 17:56:09.153500000 -0400
 @@ -88,8 +88,11 @@
  	# bind to arbitary unused ports
  	corenet_tcp_bind_generic_port($1_t)
@@ -18891,8 +19013,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_files_pattern($1,var_lib_nfs_t,var_lib_nfs_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.8/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te	2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rpc.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/rpc.te	2009-03-03 15:55:58.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/rpc.te	2009-03-09 17:56:09.155502000 -0400
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write, false)
  
@@ -18957,8 +19079,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.8/policy/modules/services/rshd.te
---- nsaserefpolicy/policy/modules/services/rshd.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rshd.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/rshd.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/rshd.te	2009-03-09 17:56:09.158494000 -0400
 @@ -51,7 +51,7 @@
  
  files_list_home(rshd_t)
@@ -18969,8 +19091,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_login_pgm_domain(rshd_t)
  auth_write_login_records(rshd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.8/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rsync.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/rsync.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/rsync.te	2009-03-09 17:56:09.160492000 -0400
 @@ -119,5 +119,9 @@
  
  tunable_policy(`rsync_export_all_ro',`
@@ -18983,7 +19105,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +auth_can_read_shadow_passwords(rsync_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.8/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/samba.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/samba.fc	2009-03-09 17:56:09.162492000 -0400
 @@ -2,6 +2,9 @@
  #
  # /etc
@@ -19012,7 +19134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.8/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/samba.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/samba.if	2009-03-09 17:56:09.172491000 -0400
 @@ -4,6 +4,45 @@
  ##	from Windows NT servers.
  ## </summary>
@@ -19411,8 +19533,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.8/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/samba.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/samba.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/samba.te	2009-03-09 17:56:09.175491000 -0400
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -19873,8 +19995,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +allow smbcontrol_t nmbd_var_run_t:file { read lock };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.8/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sasl.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/sasl.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/sasl.te	2009-03-09 17:56:09.177494000 -0400
 @@ -107,6 +107,10 @@
  ')
  
@@ -19888,7 +20010,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.8/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/sendmail.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/sendmail.if	2009-03-09 17:56:09.179496000 -0400
 @@ -149,3 +149,92 @@
  
  	logging_log_filetrans($1, sendmail_log_t, file)
@@ -19983,8 +20105,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 sendmail_t:fifo_file rw_fifo_file_perms; 
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.8/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sendmail.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/sendmail.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/sendmail.te	2009-03-09 17:56:09.182491000 -0400
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -20154,7 +20276,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.8/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.fc	2009-03-09 17:56:09.184494000 -0400
 @@ -1,3 +1,5 @@
 +/etc/rc\.d/init\.d/setroubleshoot	--	gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
 +
@@ -20163,7 +20285,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.8/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.if	2009-03-09 17:56:09.186494000 -0400
 @@ -16,8 +16,8 @@
  	')
  
@@ -20247,8 +20369,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	admin_pattern($1, setroubleshoot_var_run_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.8/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-02-09 12:15:17.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.te	2009-03-09 17:56:09.189491000 -0400
 @@ -11,6 +11,9 @@
  domain_type(setroubleshootd_t)
  init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -20335,8 +20457,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rpm_dontaudit_manage_db(setroubleshootd_t)
  	rpm_use_script_fds(setroubleshootd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.8/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/smartmon.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/smartmon.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/smartmon.te	2009-03-09 17:56:09.191491000 -0400
 @@ -19,6 +19,10 @@
  type fsdaemon_tmp_t;
  files_tmp_file(fsdaemon_tmp_t)
@@ -20396,7 +20518,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.6.8/policy/modules/services/snmp.fc
 --- nsaserefpolicy/policy/modules/services/snmp.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/snmp.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/snmp.fc	2009-03-09 17:56:09.193493000 -0400
 @@ -20,5 +20,5 @@
  
  /var/net-snmp(/.*)		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
@@ -20405,8 +20527,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/snmpd(/.*)?		gen_context(system_u:object_r:snmpd_var_run_t,s0)
  /var/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.8/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/snmp.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/snmp.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/snmp.te	2009-03-09 17:56:09.195494000 -0400
 @@ -71,6 +71,7 @@
  corenet_tcp_bind_snmp_port(snmpd_t)
  corenet_udp_bind_snmp_port(snmpd_t)
@@ -20416,8 +20538,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_list_sysfs(snmpd_t)
  dev_read_sysfs(snmpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.6.8/policy/modules/services/snort.te
---- nsaserefpolicy/policy/modules/services/snort.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/snort.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/snort.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/snort.te	2009-03-09 17:56:09.198491000 -0400
 @@ -56,6 +56,7 @@
  files_pid_filetrans(snort_t, snort_var_run_t, file)
  
@@ -20450,7 +20572,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.8/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/spamassassin.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/spamassassin.fc	2009-03-09 17:56:09.200491000 -0400
 @@ -1,15 +1,24 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -20481,7 +20603,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/MIMEDefang(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.8/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/spamassassin.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/spamassassin.if	2009-03-09 17:56:09.202494000 -0400
 @@ -111,6 +111,7 @@
  	')
  
@@ -20569,8 +20691,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	admin_pattern($1, spamd_var_run_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.8/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/spamassassin.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/spamassassin.te	2009-03-09 17:56:09.205491000 -0400
 @@ -20,6 +20,35 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs, true)
@@ -20831,7 +20953,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.8/policy/modules/services/squid.fc
 --- nsaserefpolicy/policy/modules/services/squid.fc	2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/squid.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/squid.fc	2009-03-09 17:56:09.207494000 -0400
 @@ -6,7 +6,11 @@
  /usr/sbin/squid		--	gen_context(system_u:object_r:squid_exec_t,s0)
  /usr/share/squid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
@@ -20846,7 +20968,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.8/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/squid.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/squid.if	2009-03-09 17:56:09.209496000 -0400
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -20874,8 +20996,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.8/policy/modules/services/squid.te
---- nsaserefpolicy/policy/modules/services/squid.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/squid.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/squid.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/squid.te	2009-03-09 17:56:09.212491000 -0400
 @@ -118,6 +118,9 @@
  
  fs_getattr_all_fs(squid_t)
@@ -20897,7 +21019,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.8/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ssh.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ssh.fc	2009-03-09 17:56:09.214492000 -0400
 @@ -14,3 +14,5 @@
  /usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
  
@@ -20905,8 +21027,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.8/policy/modules/services/ssh.if
---- nsaserefpolicy/policy/modules/services/ssh.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ssh.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/ssh.if	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ssh.if	2009-03-09 17:56:09.217491000 -0400
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -21136,8 +21258,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.8/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ssh.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/ssh.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ssh.te	2009-03-09 17:56:09.219494000 -0400
 @@ -41,6 +41,9 @@
  files_tmp_file(sshd_tmp_t)
  files_poly_parent(sshd_tmp_t)
@@ -21265,7 +21387,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.8/policy/modules/services/sssd.fc
 --- nsaserefpolicy/policy/modules/services/sssd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sssd.fc	2009-03-09 15:47:38.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/services/sssd.fc	2009-03-09 17:56:09.225493000 -0400
 @@ -0,0 +1,6 @@
 +
 +/usr/sbin/sssd	--	gen_context(system_u:object_r:sssd_exec_t,s0)
@@ -21275,7 +21397,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/sss(/.*)?			gen_context(system_u:object_r:sssd_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.8/policy/modules/services/sssd.if
 --- nsaserefpolicy/policy/modules/services/sssd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sssd.if	2009-03-09 15:49:56.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/services/sssd.if	2009-03-09 17:56:09.227496000 -0400
 @@ -0,0 +1,249 @@
 +
 +## <summary>policy for sssd</summary>
@@ -21528,7 +21650,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.8/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sssd.te	2009-03-09 15:47:36.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/services/sssd.te	2009-03-09 17:56:09.230491000 -0400
 @@ -0,0 +1,55 @@
 +policy_module(sssd,1.0.0)
 +
@@ -21587,7 +21709,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.6.8/policy/modules/services/stunnel.fc
 --- nsaserefpolicy/policy/modules/services/stunnel.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/stunnel.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/stunnel.fc	2009-03-09 17:56:09.231496000 -0400
 @@ -2,5 +2,6 @@
  /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
  
@@ -21596,8 +21718,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.6.8/policy/modules/services/stunnel.te
---- nsaserefpolicy/policy/modules/services/stunnel.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/stunnel.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/stunnel.te	2009-02-09 12:15:17.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/stunnel.te	2009-03-09 17:56:09.234491000 -0400
 @@ -54,6 +54,8 @@
  kernel_read_system_state(stunnel_t)
  kernel_read_network_state(stunnel_t)
@@ -21617,7 +21739,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.fc serefpolicy-3.6.8/policy/modules/services/sysstat.fc
 --- nsaserefpolicy/policy/modules/services/sysstat.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/sysstat.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/sysstat.fc	2009-03-09 17:56:09.236491000 -0400
 @@ -1,6 +1,6 @@
  
  /usr/lib(64)?/atsar/atsa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
@@ -21628,7 +21750,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/atsar(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.6.8/policy/modules/services/sysstat.te
 --- nsaserefpolicy/policy/modules/services/sysstat.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sysstat.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/sysstat.te	2009-03-09 17:56:09.238491000 -0400
 @@ -19,13 +19,14 @@
  # Local policy
  #
@@ -21646,8 +21768,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # get info from /proc
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.6.8/policy/modules/services/tor.te
---- nsaserefpolicy/policy/modules/services/tor.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/tor.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/tor.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/tor.te	2009-03-09 17:56:09.240492000 -0400
 @@ -34,7 +34,7 @@
  # tor local policy
  #
@@ -21659,7 +21781,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow tor_t self:netlink_route_socket r_netlink_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.fc serefpolicy-3.6.8/policy/modules/services/ulogd.fc
 --- nsaserefpolicy/policy/modules/services/ulogd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ulogd.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ulogd.fc	2009-03-09 17:56:09.243490000 -0400
 @@ -0,0 +1,10 @@
 +
 +/etc/rc\.d/init\.d/ulogd                --              gen_context(system_u:object_r:ulogd_initrc_exec_t,s0)
@@ -21673,7 +21795,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/ulogd(/.*)?					gen_context(system_u:object_r:ulogd_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.6.8/policy/modules/services/ulogd.if
 --- nsaserefpolicy/policy/modules/services/ulogd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ulogd.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ulogd.if	2009-03-09 17:56:09.245491000 -0400
 @@ -0,0 +1,127 @@
 +## <summary>policy for ulogd</summary>
 +
@@ -21804,7 +21926,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.6.8/policy/modules/services/ulogd.te
 --- nsaserefpolicy/policy/modules/services/ulogd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ulogd.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ulogd.te	2009-03-09 17:56:09.247491000 -0400
 @@ -0,0 +1,51 @@
 +policy_module(ulogd,1.0.0)
 +
@@ -21859,7 +21981,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive ulogd_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.fc serefpolicy-3.6.8/policy/modules/services/uucp.fc
 --- nsaserefpolicy/policy/modules/services/uucp.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/uucp.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/uucp.fc	2009-03-09 17:56:09.249491000 -0400
 @@ -7,3 +7,5 @@
  /var/spool/uucppublic(/.*)?	gen_context(system_u:object_r:uucpd_spool_t,s0)
  
@@ -21867,8 +21989,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.8/policy/modules/services/uucp.te
---- nsaserefpolicy/policy/modules/services/uucp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/uucp.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/uucp.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/uucp.te	2009-03-09 17:56:09.251494000 -0400
 @@ -10,6 +10,9 @@
  inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
  role system_r types uucpd_t;
@@ -21900,7 +22022,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.8/policy/modules/services/virt.fc
 --- nsaserefpolicy/policy/modules/services/virt.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/virt.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/virt.fc	2009-03-09 17:56:09.253494000 -0400
 @@ -8,5 +8,14 @@
  
  /var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
@@ -21918,7 +22040,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:svirt_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.8/policy/modules/services/virt.if
 --- nsaserefpolicy/policy/modules/services/virt.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/virt.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/virt.if	2009-03-09 17:56:09.256491000 -0400
 @@ -2,28 +2,6 @@
  
  ########################################
@@ -22065,8 +22187,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.8/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/virt.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/virt.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/virt.te	2009-03-09 17:56:09.258492000 -0400
 @@ -8,20 +8,18 @@
  
  ## <desc>
@@ -22315,7 +22437,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.8/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/w3c.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/w3c.te	2009-03-09 17:56:09.260496000 -0400
 @@ -8,11 +8,18 @@
  
  apache_content_template(w3c_validator)
@@ -22337,7 +22459,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.8/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/xserver.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/xserver.fc	2009-03-09 17:56:09.263493000 -0400
 @@ -3,12 +3,16 @@
  #
  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -22407,7 +22529,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.8/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/xserver.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/xserver.if	2009-03-09 17:56:09.266491000 -0400
 @@ -90,7 +90,7 @@
  	allow $2 xauth_home_t:file manage_file_perms;
  	allow $2 xauth_home_t:file { relabelfrom relabelto };
@@ -23034,8 +23156,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.8/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/xserver.te	2009-03-09 16:07:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.te	2009-02-09 12:15:50.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/xserver.te	2009-03-09 17:56:09.277493000 -0400
 @@ -34,6 +34,13 @@
  
  ## <desc>
@@ -23748,13 +23870,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.6.8/policy/modules/services/zosremote.fc
 --- nsaserefpolicy/policy/modules/services/zosremote.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/zosremote.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/zosremote.fc	2009-03-09 17:56:09.280494000 -0400
 @@ -0,0 +1,2 @@
 +
 +/sbin/audispd-zos-remote	--	gen_context(system_u:object_r:zos_remote_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.8/policy/modules/services/zosremote.if
 --- nsaserefpolicy/policy/modules/services/zosremote.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/zosremote.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/zosremote.if	2009-03-09 17:56:09.282494000 -0400
 @@ -0,0 +1,46 @@
 +## <summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
 +
@@ -23804,7 +23926,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.te serefpolicy-3.6.8/policy/modules/services/zosremote.te
 --- nsaserefpolicy/policy/modules/services/zosremote.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/zosremote.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/zosremote.te	2009-03-09 17:56:09.284494000 -0400
 @@ -0,0 +1,33 @@
 +policy_module(zosremote,1.0.0)
 +
@@ -23841,7 +23963,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +logging_send_syslog_msg(zos_remote_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.8/policy/modules/system/application.te
 --- nsaserefpolicy/policy/modules/system/application.te	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/application.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/application.te	2009-03-09 17:56:09.286494000 -0400
 @@ -7,8 +7,18 @@
  # Executables to be run by user
  attribute application_exec_type;
@@ -23863,7 +23985,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.8/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/authlogin.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/authlogin.fc	2009-03-09 17:56:09.289490000 -0400
 @@ -7,12 +7,10 @@
  /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
  /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
@@ -23892,7 +24014,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.8/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/authlogin.if	2009-03-09 15:51:16.000000000 -0400
++++ serefpolicy-3.6.8/policy/modules/system/authlogin.if	2009-03-09 17:56:09.292491000 -0400
 @@ -43,20 +43,38 @@
  interface(`auth_login_pgm_domain',`
  	gen_require(`
@@ -24231,7 +24353,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.8/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/authlogin.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/authlogin.te	2009-03-09 17:56:09.294492000 -0400
 @@ -12,7 +12,7 @@
  
  type chkpwd_t, can_read_shadow_passwords;
@@ -24313,7 +24435,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  mls_file_read_all_levels(pam_console_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.8/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/fstools.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/fstools.fc	2009-03-09 17:56:09.296494000 -0400
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -24329,7 +24451,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.8/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/fstools.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/fstools.te	2009-03-09 17:56:09.298497000 -0400
 @@ -97,6 +97,10 @@
  fs_getattr_tmpfs_dirs(fsadm_t)
  fs_read_tmpfs_symlinks(fsadm_t)
@@ -24363,7 +24485,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.6.8/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/hostname.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/hostname.te	2009-03-09 17:56:09.301491000 -0400
 @@ -8,7 +8,9 @@
  
  type hostname_t;
@@ -24377,7 +24499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.8/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/init.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/init.fc	2009-03-09 17:56:09.303492000 -0400
 @@ -4,8 +4,7 @@
  /etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
  
@@ -24399,7 +24521,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.8/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/init.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/init.if	2009-03-09 17:56:09.306491000 -0400
 @@ -280,6 +280,27 @@
  			kernel_dontaudit_use_fds($1)
  		')
@@ -24588,8 +24710,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow init_t $1:unix_dgram_socket sendto;
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.8/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/init.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/init.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/init.te	2009-03-09 17:56:09.316491000 -0400
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart,false)
@@ -24877,7 +24999,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.6.8/policy/modules/system/ipsec.fc
 --- nsaserefpolicy/policy/modules/system/ipsec.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/ipsec.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/ipsec.fc	2009-03-09 17:56:09.318494000 -0400
 @@ -16,6 +16,8 @@
  /usr/lib(64)?/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/lib(64)?/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -24897,7 +25019,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.8/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/ipsec.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/ipsec.te	2009-03-09 17:56:09.321491000 -0400
 @@ -55,11 +55,12 @@
  
  allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -25016,7 +25138,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.8/policy/modules/system/iptables.fc
 --- nsaserefpolicy/policy/modules/system/iptables.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/iptables.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/iptables.fc	2009-03-09 17:56:09.323492000 -0400
 @@ -6,3 +6,4 @@
  /usr/sbin/ip6tables.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /usr/sbin/ipchains.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
@@ -25024,7 +25146,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/shorewall(/.*)? --	gen_context(system_u:object_r:iptables_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.8/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/iptables.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/iptables.te	2009-03-09 17:56:09.325494000 -0400
 @@ -22,12 +22,12 @@
  # Iptables local policy
  #
@@ -25049,8 +25171,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  domain_use_interactive_fds(iptables_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.8/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/iscsi.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/iscsi.te	2009-03-09 17:56:09.327496000 -0400
 @@ -28,7 +28,7 @@
  # iscsid local policy
  #
@@ -25071,7 +25193,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.8/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/libraries.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/libraries.fc	2009-03-09 17:56:09.330492000 -0400
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -25253,7 +25375,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/local/matlab.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.8/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/libraries.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/libraries.te	2009-03-09 17:56:09.333490000 -0400
 @@ -52,11 +52,11 @@
  # ldconfig local policy
  #
@@ -25312,7 +25434,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.8/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/locallogin.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/locallogin.te	2009-03-09 17:56:09.335491000 -0400
 @@ -67,6 +67,7 @@
  dev_setattr_power_mgmt_dev(local_login_t)
  dev_getattr_sound_dev(local_login_t)
@@ -25389,7 +25511,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.8/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/logging.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/logging.fc	2009-03-09 17:56:09.337494000 -0400
 @@ -53,15 +53,18 @@
  /var/named/chroot/var/log -d	gen_context(system_u:object_r:var_log_t,s0)
  ')
@@ -25415,7 +25537,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.8/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/logging.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/logging.if	2009-03-09 17:56:09.340491000 -0400
 @@ -623,7 +623,7 @@
  	')
  
@@ -25435,8 +25557,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.8/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/logging.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/logging.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/logging.te	2009-03-09 17:56:09.342492000 -0400
 @@ -126,7 +126,7 @@
  allow auditd_t self:process { signal_perms setpgid setsched };
  allow auditd_t self:file rw_file_perms;
@@ -25531,7 +25653,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.6.8/policy/modules/system/lvm.fc
 --- nsaserefpolicy/policy/modules/system/lvm.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/lvm.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/lvm.fc	2009-03-09 17:56:09.345490000 -0400
 @@ -55,6 +55,7 @@
  /sbin/lvs		--	gen_context(system_u:object_r:lvm_exec_t,s0)
  /sbin/lvscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -25546,8 +25668,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/multipath(/.*)?	gen_context(system_u:object_r:lvm_var_lib_t,s0)
 +/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.8/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/lvm.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/lvm.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/lvm.te	2009-03-09 17:56:09.347492000 -0400
 @@ -10,6 +10,9 @@
  type clvmd_exec_t;
  init_daemon_domain(clvmd_t,clvmd_exec_t)
@@ -25756,7 +25878,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.6.8/policy/modules/system/miscfiles.fc
 --- nsaserefpolicy/policy/modules/system/miscfiles.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/miscfiles.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/miscfiles.fc	2009-03-09 17:56:09.349494000 -0400
 @@ -35,6 +35,7 @@
  /usr/lib(64)?/perl5/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
  
@@ -25767,7 +25889,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.8/policy/modules/system/miscfiles.if
 --- nsaserefpolicy/policy/modules/system/miscfiles.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/miscfiles.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/miscfiles.if	2009-03-09 17:56:09.352491000 -0400
 @@ -23,6 +23,45 @@
  
  ########################################
@@ -25825,7 +25947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.8/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/modutils.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/modutils.te	2009-03-09 17:56:09.354492000 -0400
 @@ -42,7 +42,7 @@
  # insmod local policy
  #
@@ -25940,7 +26062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.8/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/mount.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/mount.fc	2009-03-09 17:56:09.356495000 -0400
 @@ -1,4 +1,6 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -25951,7 +26073,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.8/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/mount.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/mount.if	2009-03-09 17:56:09.363493000 -0400
 @@ -43,9 +43,11 @@
  
  	mount_domtrans($1)
@@ -25989,7 +26111,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.8/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/mount.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/mount.te	2009-03-09 17:56:09.375492000 -0400
 @@ -18,17 +18,18 @@
  init_system_domain(mount_t,mount_exec_t)
  role system_r types mount_t;
@@ -26211,7 +26333,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.8/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/raid.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/raid.te	2009-03-09 17:56:09.393495000 -0400
 @@ -39,6 +39,7 @@
  dev_dontaudit_getattr_generic_files(mdadm_t)
  dev_dontaudit_getattr_generic_chr_files(mdadm_t)
@@ -26222,7 +26344,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_dontaudit_list_tmpfs(mdadm_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.8/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.fc	2009-03-09 17:56:09.415491000 -0400
 @@ -6,13 +6,13 @@
  /etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
  /etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
@@ -26263,7 +26385,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.8/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.if	2009-03-09 17:56:09.433494000 -0400
 @@ -535,6 +535,53 @@
  
  ########################################
@@ -26653,8 +26775,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.8/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.te	2009-03-09 17:56:09.452492000 -0400
 @@ -23,6 +23,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -27028,7 +27150,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.8/policy/modules/system/setrans.if
 --- nsaserefpolicy/policy/modules/system/setrans.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/setrans.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/setrans.if	2009-03-09 17:56:09.474495000 -0400
 @@ -21,3 +21,23 @@
  	stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
  	files_list_pids($1)
@@ -27055,7 +27177,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.8/policy/modules/system/sysnetwork.fc
 --- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.fc	2009-03-09 17:56:09.478491000 -0400
 @@ -11,8 +11,12 @@
  /etc/dhclient-script	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
  /etc/dhcpc.*			gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -27085,8 +27207,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.8/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.if	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.if	2009-03-09 17:56:09.480494000 -0400
 @@ -43,6 +43,39 @@
  
  	sysnet_domtrans_dhcpc($1)
@@ -27256,8 +27378,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role_transition $1 dhcpc_exec_t system_r;
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.8/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.te	2009-03-09 17:56:09.483491000 -0400
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -27443,7 +27565,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xen_append_log(ifconfig_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.8/policy/modules/system/udev.fc
 --- nsaserefpolicy/policy/modules/system/udev.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/udev.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/udev.fc	2009-03-09 17:56:09.487491000 -0400
 @@ -17,3 +17,5 @@
  /sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
  
@@ -27452,8 +27574,33 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/PackageKit/udev(/.*)?		gen_context(system_u:object_r:udev_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.6.8/policy/modules/system/udev.if
 --- nsaserefpolicy/policy/modules/system/udev.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/udev.if	2009-03-07 12:11:40.000000000 -0500
-@@ -96,6 +96,24 @@
++++ serefpolicy-3.6.8/policy/modules/system/udev.if	2009-03-09 17:56:18.984762000 -0400
+@@ -20,6 +20,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Execute udev in the caller domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`udev_exec',`
++	gen_require(`
++		type udev_exec_t;
++	')
++
++	can_exec($1, udev_exec_t)
++')
++
++########################################
++## <summary>
+ ##	Execute a udev helper in the udev domain.
+ ## </summary>
+ ## <param name="domain">
+@@ -96,6 +114,24 @@
  
  ########################################
  ## <summary>
@@ -27478,7 +27625,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Allow process to read list of devices.
  ## </summary>
  ## <param name="domain">
-@@ -106,11 +124,13 @@
+@@ -106,11 +142,13 @@
  #
  interface(`udev_read_db',`
  	gen_require(`
@@ -27494,7 +27641,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -125,9 +145,9 @@
+@@ -125,9 +163,9 @@
  #
  interface(`udev_rw_db',`
  	gen_require(`
@@ -27507,8 +27654,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 udev_tbl_t:file rw_file_perms;
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.8/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te	2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/udev.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/udev.te	2009-03-03 15:55:59.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/udev.te	2009-03-09 17:56:09.491492000 -0400
 @@ -55,6 +55,7 @@
  can_exec(udev_t, udev_exec_t)
  
@@ -27595,7 +27742,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.8/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/unconfined.fc	2009-03-09 17:56:09.493496000 -0400
 @@ -2,15 +2,28 @@
  # e.g.:
  # /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -27636,7 +27783,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:execmem_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.8/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/unconfined.if	2009-03-09 17:56:09.496492000 -0400
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -27916,7 +28063,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.8/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/unconfined.te	2009-03-09 17:56:09.499491000 -0400
 @@ -5,6 +5,35 @@
  #
  # Declarations
@@ -28271,7 +28418,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.8/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/userdomain.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/userdomain.fc	2009-03-09 17:56:09.501491000 -0400
 @@ -1,4 +1,7 @@
  HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
 +HOME_DIR	-l	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -28282,8 +28429,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/dev/shm/pulse-shm.*	gen_context(system_u:object_r:user_tmpfs_t,s0)
 +/dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.8/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/userdomain.if	2009-03-09 16:06:34.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.if	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/userdomain.if	2009-03-09 17:56:09.506492000 -0400
 @@ -30,8 +30,9 @@
  	')
  
@@ -30131,8 +30278,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.8/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/userdomain.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/userdomain.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/userdomain.te	2009-03-09 17:56:09.508492000 -0400
 @@ -8,13 +8,6 @@
  
  ## <desc>
@@ -30218,12 +30365,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.fc serefpolicy-3.6.8/policy/modules/system/virtual.fc
 --- nsaserefpolicy/policy/modules/system/virtual.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/virtual.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/virtual.fc	2009-03-09 17:56:09.511492000 -0400
 @@ -0,0 +1 @@
 +# No application file contexts.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.if serefpolicy-3.6.8/policy/modules/system/virtual.if
 --- nsaserefpolicy/policy/modules/system/virtual.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/virtual.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/virtual.if	2009-03-09 17:56:09.513493000 -0400
 @@ -0,0 +1,99 @@
 +## <summary>Virtual machine emulator and virtualizer</summary>
 +
@@ -30326,7 +30473,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.8/policy/modules/system/virtual.te
 --- nsaserefpolicy/policy/modules/system/virtual.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/virtual.te	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/virtual.te	2009-03-09 17:56:09.515494000 -0400
 @@ -0,0 +1,78 @@
 +
 +policy_module(virtualization, 1.1.2)
@@ -30408,7 +30555,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.8/policy/modules/system/xen.fc
 --- nsaserefpolicy/policy/modules/system/xen.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/xen.fc	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/xen.fc	2009-03-09 17:56:09.517492000 -0400
 @@ -2,17 +2,10 @@
  
  /usr/bin/virsh		--	gen_context(system_u:object_r:xm_exec_t,s0)
@@ -30437,7 +30584,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.8/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/xen.if	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/xen.if	2009-03-09 17:56:09.519494000 -0400
 @@ -167,11 +167,14 @@
  #
  interface(`xen_stream_connect',`
@@ -30480,8 +30627,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	rw_files_pattern($1, xen_image_t, xen_image_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.8/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/xen.te	2009-03-07 12:11:40.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/xen.te	2009-02-09 12:15:51.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/xen.te	2009-03-09 17:56:09.522491000 -0400
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -30705,7 +30852,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.8/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.6.8/policy/support/obj_perm_sets.spt	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/support/obj_perm_sets.spt	2009-03-09 17:56:09.524494000 -0400
 @@ -179,20 +179,20 @@
  #
  # Directory (dir)
@@ -30780,7 +30927,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.8/policy/users
 --- nsaserefpolicy/policy/users	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/users	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/policy/users	2009-03-09 17:56:09.527491000 -0400
 @@ -25,11 +25,8 @@
  # permit any access to such users, then remove this entry.
  #
@@ -30807,7 +30954,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.8/Rules.modular
 --- nsaserefpolicy/Rules.modular	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/Rules.modular	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/Rules.modular	2009-03-09 17:56:09.529491000 -0400
 @@ -73,8 +73,8 @@
  $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
  	@echo "Compliling $(NAME) $(@F) module"
@@ -30839,7 +30986,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
  $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.8/support/Makefile.devel
 --- nsaserefpolicy/support/Makefile.devel	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/support/Makefile.devel	2009-03-07 12:11:40.000000000 -0500
++++ serefpolicy-3.6.8/support/Makefile.devel	2009-03-09 17:56:09.531494000 -0400
 @@ -185,8 +185,7 @@
  tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
  	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 86c1830..f872b20 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.8
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -447,6 +447,10 @@ exit 0
 %endif
 
 %changelog
+* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.8-3
+- Add pulseaudio, sssd policy
+- Allow networkmanager to exec udevadm
+
 * Sat Mar 7 2009 Dan Walsh <dwalsh@redhat.com> 3.6.8-2
 - Add pulseaudio context