diff --git a/modules-mls.conf b/modules-mls.conf
index 89fc9e7..aeefd89 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1327,7 +1327,7 @@ wine = module
 #
 # X windows window manager
 # 
-wm = module
+#wm = module
 
 # Layer: admin
 # Module: tzdata
diff --git a/policy-20090105.patch b/policy-20090105.patch
index b1b0447..4af6e1b 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -1138,7 +1138,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		java_domtrans_unconfined(rpm_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.2/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/admin/sudo.if	2009-01-05 17:54:58.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/admin/sudo.if	2009-01-13 15:12:44.000000000 -0500
 @@ -51,7 +51,7 @@
  	#
  
@@ -1202,7 +1202,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	logging_send_syslog_msg($1_sudo_t)
  
  	miscfiles_read_localization($1_sudo_t)
-@@ -114,6 +120,31 @@
+@@ -114,6 +120,35 @@
  	userdom_manage_user_tmp_files($1_sudo_t)
  	userdom_manage_user_tmp_symlinks($1_sudo_t)
  	userdom_use_user_terminals($1_sudo_t)
@@ -1233,6 +1233,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	userdom_use_user_terminals($1_sudo_t)
 +	term_relabel_all_user_ttys($1_sudo_t)
 +	term_relabel_all_user_ptys($1_sudo_t)
++	
++	optional_policy(`
++		dbus_system_bus_client($1_sudo_t)
++	')
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.2/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-11-11 16:13:49.000000000 -0500
@@ -2929,8 +2933,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.2/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/apps/openoffice.if	2009-01-05 17:54:58.000000000 -0500
-@@ -0,0 +1,89 @@
++++ serefpolicy-3.6.2/policy/modules/apps/openoffice.if	2009-01-15 08:48:06.000000000 -0500
+@@ -0,0 +1,92 @@
 +## <summary>Openoffice</summary>
 +
 +#######################################
@@ -3019,6 +3023,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $3 $1_openoffice_t:process { signal sigkill };
 +	allow $1_openoffice_t $3:unix_stream_socket connectto;
++	optional_policy(`	
++		xserver_common_x_domain_template($1, $1_openoffice_t)
++	')
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.2/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1969-12-31 19:00:00.000000000 -0500
@@ -3084,7 +3091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.2/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/apps/podsleuth.te	2009-01-05 17:54:58.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/apps/podsleuth.te	2009-01-15 11:07:09.000000000 -0500
 @@ -11,21 +11,58 @@
  application_domain(podsleuth_t, podsleuth_exec_t)
  role system_r types podsleuth_t;
@@ -3102,7 +3109,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -
 -allow podsleuth_t self:process { signal getsched execheap execmem };
 +allow podsleuth_t self:capability { sys_admin sys_rawio };
-+allow podsleuth_t self:process { ptrace signal getsched execheap execmem };
++allow podsleuth_t self:process { ptrace signal getsched execheap execmem execstack };
  allow podsleuth_t self:fifo_file rw_file_perms;
  allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
 +allow podsleuth_t self:sem create_sem_perms;
@@ -3992,7 +3999,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +xserver_user_x_domain_template(user, wm_t, wm_tmpfs_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.2/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/kernel/corecommands.fc	2009-01-05 17:54:58.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/kernel/corecommands.fc	2009-01-16 09:03:35.000000000 -0500
 @@ -130,6 +130,8 @@
  /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -4002,7 +4009,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  # /usr
  #
-@@ -223,14 +225,15 @@
+@@ -203,6 +205,7 @@
+ /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/hal/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/mc/extfs/.*		--	gen_context(system_u:object_r:bin_t,s0)
++/usr/share/Modules/init(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/printconf/util/print\.py --	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
+@@ -223,14 +226,15 @@
  /usr/lib64/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/bluetooth(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib64/bluetooth(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
@@ -4020,7 +4035,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/share/fedora-usermgmt/wrapper --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hplip/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hwbrowser/hwbrowser --	gen_context(system_u:object_r:bin_t,s0)
-@@ -293,3 +296,8 @@
+@@ -293,3 +297,8 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -7478,7 +7493,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(xguest_u, user, xguest_r, s0, s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.2/policy/modules/services/afs.fc
 --- nsaserefpolicy/policy/modules/services/afs.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/afs.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/afs.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -1,3 +1,6 @@
 +/etc/rc\.d/init\.d/openafs-client	--	gen_context(system_u:object_r:afs_script_exec_t,s0)
 +/etc/rc\.d/init\.d/afs	--	gen_context(system_u:object_r:afs_script_exec_t,s0)
@@ -7502,7 +7517,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/afs(/.*)?		gen_context(system_u:object_r:afs_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.6.2/policy/modules/services/afs.if
 --- nsaserefpolicy/policy/modules/services/afs.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/afs.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/afs.if	2009-01-16 16:06:26.000000000 -0500
 @@ -1 +1,110 @@
  ## <summary>Andrew Filesystem server</summary>
 +
@@ -7616,7 +7631,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.2/policy/modules/services/afs.te
 --- nsaserefpolicy/policy/modules/services/afs.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/afs.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/afs.te	2009-01-16 16:06:26.000000000 -0500
 @@ -6,6 +6,16 @@
  # Declarations
  #
@@ -7683,7 +7698,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive afs_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.2/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/apache.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/apache.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -1,12 +1,13 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
 +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -7768,7 +7783,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/html/[^/]*/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.2/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/apache.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/apache.if	2009-01-16 16:06:26.000000000 -0500
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -8302,7 +8317,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.2/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/apache.te	2009-01-13 09:27:31.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/apache.te	2009-01-16 16:06:26.000000000 -0500
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -8975,7 +8990,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +typealias httpd_var_run_t         alias httpd_fastcgi_var_run_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.2/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/automount.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/automount.te	2009-01-16 16:06:26.000000000 -0500
 @@ -71,6 +71,7 @@
  files_mounton_all_mountpoints(automount_t)
  files_mount_all_file_type_fs(automount_t)
@@ -9011,7 +9026,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.6.2/policy/modules/services/avahi.if
 --- nsaserefpolicy/policy/modules/services/avahi.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/avahi.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/avahi.if	2009-01-16 16:06:26.000000000 -0500
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -9065,7 +9080,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.2/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/avahi.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/avahi.te	2009-01-16 16:06:26.000000000 -0500
 @@ -33,6 +33,7 @@
  allow avahi_t self:tcp_socket create_stream_socket_perms;
  allow avahi_t self:udp_socket create_socket_perms;
@@ -9084,7 +9099,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.2/policy/modules/services/bind.fc
 --- nsaserefpolicy/policy/modules/services/bind.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bind.fc	2009-01-07 15:44:12.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bind.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -1,17 +1,22 @@
  /etc/rc\.d/init\.d/named --	gen_context(system_u:object_r:named_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/unbound	--	gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -9118,7 +9133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.2/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bind.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bind.if	2009-01-16 16:06:26.000000000 -0500
 @@ -38,6 +38,42 @@
  
  ########################################
@@ -9217,7 +9232,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.2/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bind.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bind.te	2009-01-16 16:06:26.000000000 -0500
 @@ -169,7 +169,7 @@
  ')
  
@@ -9229,7 +9244,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.6.2/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bluetooth.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bluetooth.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -15,6 +15,7 @@
  /usr/bin/hidd		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
  /usr/bin/rfcomm		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
@@ -9240,7 +9255,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/hid2hci	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.6.2/policy/modules/services/bluetooth.if
 --- nsaserefpolicy/policy/modules/services/bluetooth.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bluetooth.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bluetooth.if	2009-01-16 16:06:26.000000000 -0500
 @@ -173,7 +173,7 @@
  interface(`bluetooth_admin',`
  	gen_require(`
@@ -9262,7 +9277,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.2/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bluetooth.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bluetooth.te	2009-01-16 16:06:26.000000000 -0500
 @@ -147,10 +147,10 @@
  	optional_policy(`
  		cups_dbus_chat(bluetooth_t)
@@ -9278,7 +9293,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.6.2/policy/modules/services/certmaster.fc
 --- nsaserefpolicy/policy/modules/services/certmaster.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/certmaster.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/certmaster.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -0,0 +1,9 @@
 +
 +/etc/rc\.d/init\.d/certmaster 		--   		gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
@@ -9291,7 +9306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/certmaster(/.*)?  				gen_context(system_u:object_r:certmaster_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.6.2/policy/modules/services/certmaster.if
 --- nsaserefpolicy/policy/modules/services/certmaster.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/certmaster.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/certmaster.if	2009-01-16 16:06:26.000000000 -0500
 @@ -0,0 +1,123 @@
 +## <summary>policy for certmaster</summary>
 +
@@ -9418,7 +9433,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.6.2/policy/modules/services/certmaster.te
 --- nsaserefpolicy/policy/modules/services/certmaster.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/certmaster.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/certmaster.te	2009-01-16 16:06:26.000000000 -0500
 @@ -0,0 +1,79 @@
 +policy_module(certmaster,1.0.0)
 +
@@ -9501,7 +9516,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive certmaster_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.6.2/policy/modules/services/clamav.fc
 --- nsaserefpolicy/policy/modules/services/clamav.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/clamav.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/clamav.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -1,20 +1,22 @@
  /etc/clamav(/.*)?			gen_context(system_u:object_r:clamd_etc_t,s0)
 +/etc/rc\.d/init\.d/clamd-wrapper	--	gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
@@ -9532,7 +9547,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/amavisd/clamd\.sock	-s	gen_context(system_u:object_r:clamd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.6.2/policy/modules/services/clamav.if
 --- nsaserefpolicy/policy/modules/services/clamav.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/clamav.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/clamav.if	2009-01-16 16:06:26.000000000 -0500
 @@ -38,6 +38,27 @@
  
  ########################################
@@ -9651,7 +9666,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.2/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/clamav.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/clamav.te	2009-01-16 16:06:26.000000000 -0500
 @@ -13,7 +13,10 @@
  
  # configuration files
@@ -9743,7 +9758,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.2/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/consolekit.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/consolekit.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -1,3 +1,6 @@
  /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
  
@@ -9753,7 +9768,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.2/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/consolekit.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/consolekit.if	2009-01-16 16:06:26.000000000 -0500
 @@ -38,3 +38,24 @@
  	allow $1 consolekit_t:dbus send_msg;
  	allow consolekit_t $1:dbus send_msg;
@@ -9781,7 +9796,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.2/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/consolekit.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/consolekit.te	2009-01-16 16:06:26.000000000 -0500
 @@ -13,6 +13,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -9864,7 +9879,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 +	polkit_domtrans_auth(consolekit_t)
-+	polkit_read_lib(consolekit_t)
++	polkit_read_reload(consolekit_t)
 +')
 +
 +optional_policy(`
@@ -9891,7 +9906,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.2/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/courier.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/courier.te	2009-01-16 16:06:26.000000000 -0500
 @@ -10,6 +10,7 @@
  
  type courier_etc_t;
@@ -9902,7 +9917,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.2/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cron.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cron.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -17,9 +17,9 @@
  /var/run/fcron\.fifo		-s	gen_context(system_u:object_r:crond_var_run_t,s0)
  /var/run/fcron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -9916,7 +9931,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /var/spool/cron			-d	gen_context(system_u:object_r:cron_spool_t,s0)
  #/var/spool/cron/root		--	gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
-@@ -41,7 +41,12 @@
+@@ -41,7 +41,11 @@
  #/var/spool/cron/crontabs/root	--	gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
  
  /var/spool/fcron		-d	gen_context(system_u:object_r:cron_spool_t,s0)
@@ -9925,14 +9940,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/fcron/systab\.orig	--	gen_context(system_u:object_r:system_cron_spool_t,s0)
  /var/spool/fcron/systab		--	gen_context(system_u:object_r:system_cron_spool_t,s0)
  /var/spool/fcron/new\.systab	--	gen_context(system_u:object_r:system_cron_spool_t,s0)
-+/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_cronjob_var_lib_t,s0)
 +
 +/var/lib/glpi/files(/.*)?		gen_context(system_u:object_r:cron_var_lib_t,s0)
 +
 +/var/log/rpmpkgs.*		--	gen_context(system_u:object_r:cron_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.2/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cron.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cron.if	2009-01-16 16:06:26.000000000 -0500
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -10029,7 +10043,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -506,3 +541,83 @@
+@@ -506,3 +541,82 @@
  
  	dontaudit $1 system_cronjob_tmp_t:file append;
  ')
@@ -10110,12 +10124,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		type crond_var_run_t;
 +	')
 +
-+
 +	manage_files_pattern($1, crond_var_run_t,  crond_var_run_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.2/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cron.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cron.te	2009-01-16 16:06:26.000000000 -0500
 @@ -38,6 +38,10 @@
  type cron_var_lib_t;
  files_type(cron_var_lib_t)
@@ -10373,7 +10386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow cronjob_t self:unix_stream_socket create_stream_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.2/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/cups.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cups.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -5,27 +5,38 @@
  /etc/cups/classes\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/cupsd\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -10449,7 +10462,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.6.2/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cups.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cups.if	2009-01-16 16:06:26.000000000 -0500
 @@ -20,6 +20,30 @@
  
  ########################################
@@ -10576,7 +10589,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.2/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cups.te	2009-01-12 11:25:36.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cups.te	2009-01-16 16:06:26.000000000 -0500
 @@ -20,9 +20,18 @@
  type cupsd_etc_t;
  files_config_file(cupsd_etc_t)
@@ -10983,7 +10996,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.2/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cvs.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cvs.te	2009-01-16 16:06:26.000000000 -0500
 @@ -112,4 +112,5 @@
  	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
  	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -10992,7 +11005,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.fc serefpolicy-3.6.2/policy/modules/services/cyphesis.fc
 --- nsaserefpolicy/policy/modules/services/cyphesis.fc	2008-09-03 11:05:02.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/cyphesis.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cyphesis.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -1 +1,6 @@
  /usr/bin/cyphesis	--	gen_context(system_u:object_r:cyphesis_exec_t,s0)
 +
@@ -11002,7 +11015,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.6.2/policy/modules/services/dbus.fc
 --- nsaserefpolicy/policy/modules/services/dbus.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dbus.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dbus.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -4,6 +4,9 @@
  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
@@ -11015,7 +11028,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.2/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dbus.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dbus.if	2009-01-16 16:06:26.000000000 -0500
 @@ -44,6 +44,7 @@
  
  		attribute session_bus_type;
@@ -11193,7 +11206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.2/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dbus.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dbus.te	2009-01-16 16:06:26.000000000 -0500
 @@ -9,14 +9,15 @@
  #
  # Delcarations
@@ -11321,7 +11334,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.2/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dcc.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dcc.te	2009-01-16 16:06:26.000000000 -0500
 @@ -137,6 +137,7 @@
  
  corenet_all_recvfrom_unlabeled(dcc_client_t)
@@ -11332,7 +11345,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_udp_sendrecv_all_ports(dcc_client_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.6.2/policy/modules/services/dhcp.if
 --- nsaserefpolicy/policy/modules/services/dhcp.if	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dhcp.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dhcp.if	2009-01-16 16:06:26.000000000 -0500
 @@ -22,6 +22,25 @@
  
  ########################################
@@ -11361,7 +11374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.6.2/policy/modules/services/dnsmasq.if
 --- nsaserefpolicy/policy/modules/services/dnsmasq.if	2008-11-18 18:57:21.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.if	2009-01-16 16:06:26.000000000 -0500
 @@ -22,6 +22,25 @@
  
  ########################################
@@ -11462,7 +11475,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.2/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.te	2009-01-16 16:06:26.000000000 -0500
 @@ -69,21 +69,22 @@
  
  # allow access to dnsmasq.conf
@@ -11491,7 +11504,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.6.2/policy/modules/services/dovecot.fc
 --- nsaserefpolicy/policy/modules/services/dovecot.fc	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dovecot.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dovecot.fc	2009-01-16 16:06:26.000000000 -0500
 @@ -6,6 +6,7 @@
  /etc/dovecot\.passwd.*			gen_context(system_u:object_r:dovecot_passwd_t,s0)
  
@@ -11527,7 +11540,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.2/policy/modules/services/dovecot.if
 --- nsaserefpolicy/policy/modules/services/dovecot.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dovecot.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dovecot.if	2009-01-16 16:06:26.000000000 -0500
 @@ -21,7 +21,46 @@
  
  ########################################
@@ -11639,7 +11652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.2/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dovecot.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dovecot.te	2009-01-16 16:06:26.000000000 -0500
 @@ -15,12 +15,21 @@
  domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -11820,7 +11833,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.6.2/policy/modules/services/exim.if
 --- nsaserefpolicy/policy/modules/services/exim.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/exim.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/exim.if	2009-01-16 16:06:26.000000000 -0500
 @@ -97,6 +97,26 @@
  
  ########################################
@@ -11874,7 +11887,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.2/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/exim.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/exim.te	2009-01-16 16:06:26.000000000 -0500
 @@ -21,9 +21,20 @@
  ## </desc>
  gen_tunable(exim_manage_user_files, false)
@@ -12031,7 +12044,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.2/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ftp.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ftp.te	2009-01-16 16:06:27.000000000 -0500
 @@ -160,6 +160,7 @@
  
  fs_search_auto_mountpoints(ftpd_t)
@@ -12079,14 +12092,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.2/policy/modules/services/gnomeclock.fc
 --- nsaserefpolicy/policy/modules/services/gnomeclock.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,3 @@
 +
 +/usr/libexec/gnome-clock-applet-mechanism	--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.2/policy/modules/services/gnomeclock.if
 --- nsaserefpolicy/policy/modules/services/gnomeclock.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,69 @@
 +
 +## <summary>policy for gnomeclock</summary>
@@ -12159,7 +12172,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.2/policy/modules/services/gnomeclock.te
 --- nsaserefpolicy/policy/modules/services/gnomeclock.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,50 @@
 +policy_module(gnomeclock, 1.0.0)
 +########################################
@@ -12208,12 +12221,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +optional_policy(`
 +	polkit_domtrans_auth(gnomeclock_t)
-+	polkit_read_lib(gnomeclock_t)
++	polkit_read_reload(gnomeclock_t)
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.2/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/hal.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/hal.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -5,6 +5,7 @@
  /usr/bin/hal-setup-keymap		--	gen_context(system_u:object_r:hald_keymap_exec_t,s0)
  
@@ -12224,7 +12237,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.2/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/hal.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/hal.if	2009-01-16 16:06:27.000000000 -0500
 @@ -51,10 +51,7 @@
  		type hald_t;
  	')
@@ -12239,7 +12252,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.2/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/hal.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/hal.te	2009-01-16 16:06:27.000000000 -0500
 @@ -49,6 +49,15 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -12287,7 +12300,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 +	polkit_domtrans_auth(hald_t)
 +	polkit_domtrans_resolve(hald_t)
-+	polkit_read_lib(hald_t)
++	polkit_read_reload(hald_t)
 +')
 +
 +optional_policy(`
@@ -12335,7 +12348,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 +optional_policy(`
 +	polkit_domtrans_auth(hald_acl_t)
-+	polkit_read_lib(hald_acl_t)
++	polkit_read_reload(hald_acl_t)
 +')
 +
  ########################################
@@ -12400,7 +12413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive hald_dccm_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.2/policy/modules/services/ifplugd.fc
 --- nsaserefpolicy/policy/modules/services/ifplugd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ifplugd.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ifplugd.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,9 @@
 +
 +/etc/ifplugd(/.*)?	                gen_context(system_u:object_r:ifplugd_etc_t,s0)
@@ -12413,7 +12426,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.2/policy/modules/services/ifplugd.if
 --- nsaserefpolicy/policy/modules/services/ifplugd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ifplugd.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ifplugd.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,194 @@
 +## <summary>policy for ifplugd</summary>
 +
@@ -12611,7 +12624,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.2/policy/modules/services/ifplugd.te
 --- nsaserefpolicy/policy/modules/services/ifplugd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ifplugd.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ifplugd.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,89 @@
 +policy_module(ifplugd,1.0.0)
 +
@@ -12704,7 +12717,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.2/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/kerberos.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerberos.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -21,6 +21,7 @@
  /var/kerberos/krb5kdc/from_master.*	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
  /var/kerberos/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -12715,7 +12728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/kadmin(d)?\.log		gen_context(system_u:object_r:kadmind_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.2/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/kerberos.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerberos.te	2009-01-16 16:06:27.000000000 -0500
 @@ -290,6 +290,7 @@
  corenet_tcp_sendrecv_all_nodes(kpropd_t)
  corenet_tcp_sendrecv_all_ports(kpropd_t)
@@ -12726,7 +12739,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.2/policy/modules/services/kerneloops.if
 --- nsaserefpolicy/policy/modules/services/kerneloops.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/kerneloops.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerneloops.if	2009-01-16 16:06:27.000000000 -0500
 @@ -63,6 +63,25 @@
  
  ########################################
@@ -12771,7 +12784,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.2/policy/modules/services/kerneloops.te
 --- nsaserefpolicy/policy/modules/services/kerneloops.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/kerneloops.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerneloops.te	2009-01-16 16:06:27.000000000 -0500
 @@ -13,6 +13,9 @@
  type kerneloops_initrc_exec_t;
  init_script_file(kerneloops_initrc_exec_t)
@@ -12794,7 +12807,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # Init script handling
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.6.2/policy/modules/services/ldap.te
 --- nsaserefpolicy/policy/modules/services/ldap.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ldap.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ldap.te	2009-01-16 16:06:27.000000000 -0500
 @@ -117,7 +117,11 @@
  userdom_dontaudit_search_user_home_dirs(slapd_t)
  
@@ -12810,7 +12823,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.2/policy/modules/services/mailman.fc
 --- nsaserefpolicy/policy/modules/services/mailman.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/mailman.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailman.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -31,3 +31,4 @@
  /var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
  /var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
@@ -12818,7 +12831,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.2/policy/modules/services/mailman.if
 --- nsaserefpolicy/policy/modules/services/mailman.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailman.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailman.if	2009-01-16 16:06:27.000000000 -0500
 @@ -31,6 +31,12 @@
  	allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
  	allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -12868,7 +12881,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.2/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailman.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailman.te	2009-01-16 16:06:27.000000000 -0500
 @@ -53,10 +53,8 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -12929,13 +12942,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.6.2/policy/modules/services/mailscanner.fc
 --- nsaserefpolicy/policy/modules/services/mailscanner.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailscanner.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailscanner.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,2 @@
 +/var/spool/MailScanner(/.*)?	gen_context(system_u:object_r:mailscanner_spool_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.6.2/policy/modules/services/mailscanner.if
 --- nsaserefpolicy/policy/modules/services/mailscanner.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailscanner.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailscanner.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,59 @@
 +## <summary>Anti-Virus and Anti-Spam Filter</summary>
 +
@@ -12998,7 +13011,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.6.2/policy/modules/services/mailscanner.te
 --- nsaserefpolicy/policy/modules/services/mailscanner.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailscanner.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailscanner.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,5 @@
 +
 +policy_module(mailscanner, 1.0.0)
@@ -13007,7 +13020,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +files_type(mailscanner_spool_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.2/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/mta.fc	2009-01-08 13:25:41.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mta.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,4 +1,4 @@
 -/bin/mail		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 +/bin/mail(x)?		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -13038,7 +13051,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -#')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.2/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mta.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mta.if	2009-01-16 16:06:27.000000000 -0500
 @@ -130,6 +130,15 @@
  		sendmail_create_log($1_mail_t)
  	')
@@ -13077,6 +13090,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
+@@ -591,8 +603,8 @@
+ 
+ 	files_search_spool($1)
+ 	allow $1 mail_spool_t:dir list_dir_perms;
+-	allow $1 mail_spool_t:lnk_file read;
+-	allow $1 mail_spool_t:file getattr;
++	getattr_files_pattern($1, mail_spool_t, mail_spool_t)
++	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
+ ')
+ 
+ ########################################
 @@ -612,7 +624,7 @@
  	')
  
@@ -13097,7 +13121,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.2/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mta.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mta.te	2009-01-16 16:06:27.000000000 -0500
 @@ -47,34 +47,48 @@
  #
  
@@ -13241,7 +13265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # User send mail local policy
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.2/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/munin.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/munin.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,4 +1,5 @@
  /etc/munin(/.*)?			gen_context(system_u:object_r:munin_etc_t,s0)
 +/etc/rc\.d/init\.d/munin-node	--	gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -13261,7 +13285,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.2/policy/modules/services/munin.if
 --- nsaserefpolicy/policy/modules/services/munin.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/munin.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/munin.if	2009-01-16 16:06:27.000000000 -0500
 @@ -80,3 +80,76 @@
  
  	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
@@ -13341,7 +13365,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.2/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/munin.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/munin.te	2009-01-16 16:06:27.000000000 -0500
 @@ -13,6 +13,9 @@
  type munin_etc_t alias lrrd_etc_t;
  files_config_file(munin_etc_t)
@@ -13478,7 +13502,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.2/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nagios.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nagios.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,16 +1,19 @@
  /etc/nagios(/.*)?			gen_context(system_u:object_r:nagios_etc_t,s0)
  /etc/nagios/nrpe\.cfg		--	gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -13505,7 +13529,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.2/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nagios.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nagios.if	2009-01-16 16:06:27.000000000 -0500
 @@ -44,7 +44,7 @@
  
  ########################################
@@ -13627,7 +13651,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.2/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nagios.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nagios.te	2009-01-16 16:06:27.000000000 -0500
 @@ -10,13 +10,12 @@
  type nagios_exec_t;
  init_daemon_domain(nagios_t, nagios_exec_t)
@@ -13725,7 +13749,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.2/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/networkmanager.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/networkmanager.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,8 +1,12 @@
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
 +
@@ -13746,7 +13770,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.2/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/networkmanager.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/networkmanager.if	2009-01-16 16:06:27.000000000 -0500
 @@ -118,6 +118,24 @@
  
  ########################################
@@ -13774,7 +13798,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.2/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/networkmanager.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/networkmanager.te	2009-01-16 16:06:27.000000000 -0500
 @@ -33,9 +33,9 @@
  
  # networkmanager will ptrace itself if gdb is installed
@@ -13948,7 +13972,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +optional_policy(`
 +	polkit_domtrans_auth(NetworkManager_t)
-+	polkit_read_lib(NetworkManager_t)
++	polkit_read_reload(NetworkManager_t)
  ')
  
  optional_policy(`
@@ -13980,7 +14004,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.2/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nis.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nis.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,9 +1,13 @@
 -
 +/etc/rc\.d/init\.d/ypbind	--	gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -13998,7 +14022,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/rpc\.ypxfrd	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.2/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nis.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nis.if	2009-01-16 16:06:27.000000000 -0500
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -14152,7 +14176,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.2/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nis.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nis.te	2009-01-16 16:06:27.000000000 -0500
 @@ -13,6 +13,9 @@
  type ypbind_exec_t;
  init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -14229,7 +14253,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_all_ports(ypxfr_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.2/policy/modules/services/nscd.fc
 --- nsaserefpolicy/policy/modules/services/nscd.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nscd.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nscd.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,3 +1,4 @@
 +/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
  
@@ -14237,7 +14261,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.2/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nscd.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nscd.if	2009-01-16 16:06:27.000000000 -0500
 @@ -58,6 +58,42 @@
  
  ########################################
@@ -14362,7 +14386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.2/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nscd.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nscd.te	2009-01-16 16:06:27.000000000 -0500
 @@ -20,6 +20,9 @@
  type nscd_exec_t;
  init_daemon_domain(nscd_t, nscd_exec_t)
@@ -14461,7 +14485,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.2/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/ntp.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ntp.if	2009-01-16 16:06:27.000000000 -0500
 @@ -56,6 +56,24 @@
  
  ########################################
@@ -14489,8 +14513,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.2/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ntp.te	2009-01-05 17:54:59.000000000 -0500
-@@ -42,6 +42,7 @@
++++ serefpolicy-3.6.2/policy/modules/services/ntp.te	2009-01-16 16:06:27.000000000 -0500
+@@ -38,10 +38,11 @@
+ 
+ # sys_resource and setrlimit is for locking memory
+ # ntpdate wants sys_nice
+-allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock sys_chroot sys_nice sys_resource };
++allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock ipc_owner sys_chroot sys_nice sys_resource };
  dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
  allow ntpd_t self:process { signal_perms getcap setcap setsched setrlimit };
  allow ntpd_t self:fifo_file rw_fifo_file_perms;
@@ -14498,7 +14527,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow ntpd_t self:unix_dgram_socket create_socket_perms;
  allow ntpd_t self:unix_stream_socket create_socket_perms;
  allow ntpd_t self:tcp_socket create_stream_socket_perms;
-@@ -90,6 +91,8 @@
+@@ -52,6 +53,7 @@
+ can_exec(ntpd_t,ntpd_exec_t)
+ 
+ read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
++read_lnk_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
+ 
+ allow ntpd_t ntpd_log_t:dir setattr;
+ manage_files_pattern(ntpd_t,ntpd_log_t,ntpd_log_t)
+@@ -90,6 +92,8 @@
  
  fs_getattr_all_fs(ntpd_t)
  fs_search_auto_mountpoints(ntpd_t)
@@ -14509,7 +14546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.2/policy/modules/services/nx.te
 --- nsaserefpolicy/policy/modules/services/nx.te	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nx.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nx.te	2009-01-16 16:06:27.000000000 -0500
 @@ -25,6 +25,9 @@
  type nx_server_var_run_t;
  files_pid_file(nx_server_var_run_t)
@@ -14532,7 +14569,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.2/policy/modules/services/oddjob.fc
 --- nsaserefpolicy/policy/modules/services/oddjob.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/oddjob.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/oddjob.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,4 +1,4 @@
 -/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 +/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -14541,7 +14578,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.2/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/oddjob.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/oddjob.if	2009-01-16 16:06:27.000000000 -0500
 @@ -44,6 +44,7 @@
  	')
  
@@ -14581,7 +14618,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.2/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/oddjob.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/oddjob.te	2009-01-16 16:06:27.000000000 -0500
 @@ -10,14 +10,21 @@
  type oddjob_exec_t;
  domain_type(oddjob_t)
@@ -14640,7 +14677,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.6.2/policy/modules/services/openvpn.fc
 --- nsaserefpolicy/policy/modules/services/openvpn.fc	2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/openvpn.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/openvpn.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -2,6 +2,7 @@
  # /etc
  #
@@ -14651,7 +14688,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.6.2/policy/modules/services/openvpn.if
 --- nsaserefpolicy/policy/modules/services/openvpn.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/openvpn.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/openvpn.if	2009-01-16 16:06:27.000000000 -0500
 @@ -46,6 +46,24 @@
  
  ########################################
@@ -14704,7 +14741,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.2/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/openvpn.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/openvpn.te	2009-01-16 16:06:27.000000000 -0500
 @@ -22,6 +22,9 @@
  type openvpn_etc_t;
  files_config_file(openvpn_etc_t)
@@ -14748,7 +14785,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.2/policy/modules/services/pads.fc
 --- nsaserefpolicy/policy/modules/services/pads.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pads.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pads.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,12 @@
 +
 +/etc/pads-ether-codes   --      gen_context(system_u:object_r:pads_config_t, s0)
@@ -14764,7 +14801,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.2/policy/modules/services/pads.if
 --- nsaserefpolicy/policy/modules/services/pads.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pads.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pads.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,10 @@
 +## <summary>SELinux policy for PADS daemon.</summary>
 +## <desc>
@@ -14778,7 +14815,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.2/policy/modules/services/pads.te
 --- nsaserefpolicy/policy/modules/services/pads.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pads.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pads.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,65 @@
 +
 +policy_module(pads, 0.0.1) 
@@ -14847,7 +14884,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.2/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pcscd.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pcscd.te	2009-01-16 16:06:27.000000000 -0500
 @@ -57,6 +57,14 @@
  sysnet_dns_name_resolve(pcscd_t)
  
@@ -14865,7 +14902,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	openct_signull(pcscd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.2/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pegasus.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pegasus.te	2009-01-16 16:06:27.000000000 -0500
 @@ -30,7 +30,7 @@
  # Local policy
  #
@@ -14939,7 +14976,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.2/policy/modules/services/pingd.fc
 --- nsaserefpolicy/policy/modules/services/pingd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pingd.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pingd.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,11 @@
 +
 +/etc/pingd.conf				--	gen_context(system_u:object_r:pingd_etc_t,s0)
@@ -14954,7 +14991,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.2/policy/modules/services/pingd.if
 --- nsaserefpolicy/policy/modules/services/pingd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pingd.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pingd.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,99 @@
 +## <summary>policy for pingd</summary>
 +
@@ -15057,7 +15094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.6.2/policy/modules/services/pingd.te
 --- nsaserefpolicy/policy/modules/services/pingd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pingd.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pingd.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,54 @@
 +policy_module(pingd,1.0.0)
 +
@@ -15115,7 +15152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.fc serefpolicy-3.6.2/policy/modules/services/pki.fc
 --- nsaserefpolicy/policy/modules/services/pki.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pki.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pki.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,46 @@
 +
 +/etc/rc\.d/init\.d/pki-ca	--	gen_context(system_u:object_r:pki_ca_script_exec_t,s0)
@@ -15165,7 +15202,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/pki-tps\.pid		--	gen_context(system_u:object_r:pki_tks_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.if serefpolicy-3.6.2/policy/modules/services/pki.if
 --- nsaserefpolicy/policy/modules/services/pki.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pki.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pki.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,643 @@
 +
 +## <summary>policy for pki</summary>
@@ -15812,7 +15849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.te serefpolicy-3.6.2/policy/modules/services/pki.te
 --- nsaserefpolicy/policy/modules/services/pki.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pki.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pki.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,91 @@
 +policy_module(pki,1.0.0)
 +
@@ -15907,8 +15944,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.2/policy/modules/services/polkit.fc
 --- nsaserefpolicy/policy/modules/services/polkit.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/polkit.fc	2009-01-05 17:54:59.000000000 -0500
-@@ -0,0 +1,9 @@
++++ serefpolicy-3.6.2/policy/modules/services/polkit.fc	2009-01-16 16:06:27.000000000 -0500
+@@ -0,0 +1,11 @@
 +
 +/usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:polkit_auth_exec_t,s0)
 +/usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:polkit_grant_exec_t,s0)
@@ -15918,10 +15955,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/PolicyKit(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 +/var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:polkit_var_run_t,s0)
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
++
++/var/lib/misc/PolicyKit.reload			gen_context(system_u:object_r:polkit_reload_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.2/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/polkit.if	2009-01-05 17:54:59.000000000 -0500
-@@ -0,0 +1,202 @@
++++ serefpolicy-3.6.2/policy/modules/services/polkit.if	2009-01-16 16:07:30.000000000 -0500
+@@ -0,0 +1,240 @@
 +
 +## <summary>policy for polkit_auth</summary>
 +
@@ -15987,6 +16026,44 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +########################################
 +## <summary>
++##	read polkit reload files
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`polkit_read_reload',`
++	gen_require(`
++		type polkit_reload_t;
++	')
++
++	files_search_var_lib($1)
++	read_files_pattern($1, polkit_reload_t,  polkit_reload_t)
++')
++
++########################################
++## <summary>
++##	rw polkit reload files
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`polkit_rw_reload',`
++	gen_require(`
++		type polkit_reload_t;
++	')
++
++	files_search_var_lib($1)
++	rw_files_pattern($1, polkit_reload_t,  polkit_reload_t)
++')
++
++########################################
++## <summary>
 +##	Execute a domain transition to run polkit_grant.
 +## </summary>
 +## <param name="domain">
@@ -16101,7 +16178,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +template(`polkit_role',`
 +	polkit_run_auth($2, $1)
 +	polkit_run_grant($2, $1)
-+	polkit_read_lib($2)
++	polkit_read_reload($2)
 +')
 +
 +########################################
@@ -16126,8 +16203,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.2/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/polkit.te	2009-01-05 17:54:59.000000000 -0500
-@@ -0,0 +1,229 @@
++++ serefpolicy-3.6.2/policy/modules/services/polkit.te	2009-01-16 16:06:27.000000000 -0500
+@@ -0,0 +1,237 @@
 +policy_module(polkit_auth, 1.0.0)
 +
 +########################################
@@ -16151,6 +16228,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type polkit_auth_exec_t;
 +init_daemon_domain(polkit_auth_t, polkit_auth_exec_t)
 +
++type polkit_reload_t;
++files_type(polkit_reload_t)
++
 +type polkit_var_lib_t;
 +files_type(polkit_var_lib_t)
 +
@@ -16192,6 +16272,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +manage_files_pattern(polkit_t, polkit_var_lib_t, polkit_var_lib_t)
 +
++rw_files_pattern(polkit_t, polkit_reload_t, polkit_reload_t)
++
 +# pid file
 +manage_dirs_pattern(polkit_t, polkit_var_run_t, polkit_var_run_t)
 +manage_files_pattern(polkit_t, polkit_var_run_t, polkit_var_run_t)
@@ -16234,6 +16316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +logging_send_syslog_msg(polkit_auth_t)
 +
 +manage_files_pattern(polkit_auth_t, polkit_var_lib_t, polkit_var_lib_t)
++rw_files_pattern(polkit_auth_t, polkit_reload_t, polkit_reload_t)
 +
 +# pid file
 +manage_dirs_pattern(polkit_auth_t, polkit_var_run_t, polkit_var_run_t)
@@ -16296,6 +16379,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +manage_files_pattern(polkit_grant_t, polkit_var_run_t, polkit_var_run_t)
 +
 +manage_files_pattern(polkit_grant_t, polkit_var_lib_t, polkit_var_lib_t)
++rw_files_pattern(polkit_grant_t, polkit_reload_t, polkit_reload_t)
 +userdom_read_all_users_state(polkit_grant_t)
 +
 +optional_policy(`
@@ -16322,6 +16406,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow polkit_resolve_t self:unix_stream_socket create_stream_socket_perms;
 +
 +read_files_pattern(polkit_resolve_t, polkit_var_lib_t, polkit_var_lib_t)
++read_files_pattern(polkit_resolve_t, polkit_reload_t, polkit_reload_t)
 +
 +can_exec(polkit_resolve_t, polkit_resolve_exec_t)
 +corecmd_search_bin(polkit_resolve_t)
@@ -16359,7 +16444,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.2/policy/modules/services/portreserve.fc
 --- nsaserefpolicy/policy/modules/services/portreserve.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/portreserve.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/portreserve.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,12 @@
 +# portreserve executable will have:
 +# label: system_u:object_r:portreserve_exec_t
@@ -16375,7 +16460,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.6.2/policy/modules/services/portreserve.if
 --- nsaserefpolicy/policy/modules/services/portreserve.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/portreserve.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/portreserve.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,66 @@
 +## <summary>policy for portreserve</summary>
 +
@@ -16445,7 +16530,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.2/policy/modules/services/portreserve.te
 --- nsaserefpolicy/policy/modules/services/portreserve.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/portreserve.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/portreserve.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,52 @@
 +policy_module(portreserve,1.0.0)
 +
@@ -16501,7 +16586,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#domain_use_interactive_fds(portreserve_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.2/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/postfix.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postfix.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -16517,7 +16602,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.2/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postfix.if	2009-01-07 13:21:46.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postfix.if	2009-01-16 16:06:27.000000000 -0500
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -16679,7 +16764,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.2/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postfix.te	2009-01-07 13:20:40.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postfix.te	2009-01-16 16:06:27.000000000 -0500
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -17006,7 +17091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corecmd_exec_bin(postfix_virtual_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.2/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/postgresql.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postgresql.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -2,6 +2,7 @@
  # /etc
  #
@@ -17017,7 +17102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /usr
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.2/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postgresql.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postgresql.if	2009-01-16 16:06:27.000000000 -0500
 @@ -351,3 +351,46 @@
  
  	typeattribute $1 sepgsql_unconfined_type;
@@ -17067,7 +17152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.2/policy/modules/services/postgresql.te
 --- nsaserefpolicy/policy/modules/services/postgresql.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postgresql.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postgresql.te	2009-01-16 16:06:27.000000000 -0500
 @@ -32,6 +32,9 @@
  type postgresql_etc_t;
  files_config_file(postgresql_etc_t)
@@ -17123,7 +17208,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.2/policy/modules/services/ppp.fc
 --- nsaserefpolicy/policy/modules/services/ppp.fc	2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/ppp.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ppp.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,7 +1,7 @@
  #
  # /etc
@@ -17146,7 +17231,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /sbin
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.2/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ppp.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ppp.if	2009-01-16 16:06:27.000000000 -0500
 @@ -58,6 +58,25 @@
  
  ########################################
@@ -17249,7 +17334,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.2/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ppp.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ppp.te	2009-01-16 16:06:27.000000000 -0500
 @@ -37,8 +37,8 @@
  type pppd_etc_rw_t;
  files_type(pppd_etc_rw_t)
@@ -17379,7 +17464,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.2/policy/modules/services/prelude.fc
 --- nsaserefpolicy/policy/modules/services/prelude.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/prelude.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/prelude.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,3 +1,9 @@
 +/etc/prelude-correlator(/.*)?   gen_context(system_u:object_r:prelude_correlator_config_t, s0)
 +
@@ -17408,7 +17493,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.2/policy/modules/services/prelude.if
 --- nsaserefpolicy/policy/modules/services/prelude.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/prelude.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/prelude.if	2009-01-16 16:06:27.000000000 -0500
 @@ -6,7 +6,7 @@
  ## </summary>
  ## <param name="domain">
@@ -17523,7 +17608,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.2/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/prelude.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/prelude.te	2009-01-16 16:06:27.000000000 -0500
 @@ -13,25 +13,57 @@
  type prelude_spool_t;
  files_type(prelude_spool_t)
@@ -17792,7 +17877,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		mysql_search_db(httpd_prewikka_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.2/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/procmail.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/procmail.te	2009-01-16 16:06:27.000000000 -0500
 @@ -128,6 +128,10 @@
  ')
  
@@ -17814,7 +17899,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.2/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pyzor.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pyzor.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,6 +1,8 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -17826,7 +17911,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.2/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pyzor.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pyzor.if	2009-01-16 16:06:27.000000000 -0500
 @@ -88,3 +88,50 @@
  	corecmd_search_bin($1)
  	can_exec($1, pyzor_exec_t)
@@ -17880,7 +17965,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.2/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pyzor.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pyzor.te	2009-01-16 16:06:27.000000000 -0500
 @@ -6,6 +6,38 @@
  # Declarations
  #
@@ -17939,7 +18024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.2/policy/modules/services/radvd.te
 --- nsaserefpolicy/policy/modules/services/radvd.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/radvd.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/radvd.te	2009-01-16 16:06:27.000000000 -0500
 @@ -22,7 +22,7 @@
  #
  # Local policy
@@ -17951,7 +18036,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow radvd_t self:unix_dgram_socket create_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.2/policy/modules/services/razor.if
 --- nsaserefpolicy/policy/modules/services/razor.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/razor.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/razor.if	2009-01-16 16:06:27.000000000 -0500
 @@ -157,3 +157,45 @@
  
  	domtrans_pattern($1, razor_exec_t, razor_t)
@@ -18000,7 +18085,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.2/policy/modules/services/razor.te
 --- nsaserefpolicy/policy/modules/services/razor.te	2008-11-19 18:10:07.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/razor.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/razor.te	2009-01-16 16:06:27.000000000 -0500
 @@ -6,6 +6,32 @@
  # Declarations
  #
@@ -18041,7 +18126,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.2/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ricci.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ricci.te	2009-01-16 16:06:27.000000000 -0500
 @@ -133,6 +133,8 @@
  
  dev_read_urand(ricci_t)
@@ -18148,7 +18233,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	ccs_read_config(ricci_modstorage_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.2/policy/modules/services/rlogin.te
 --- nsaserefpolicy/policy/modules/services/rlogin.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rlogin.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rlogin.te	2009-01-16 16:06:27.000000000 -0500
 @@ -91,10 +91,22 @@
  remotelogin_signal(rlogind_t)
  
@@ -18176,7 +18261,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.6.2/policy/modules/services/rpc.fc
 --- nsaserefpolicy/policy/modules/services/rpc.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/rpc.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rpc.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -13,6 +13,7 @@
  # /usr
  #
@@ -18187,7 +18272,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/rpc\.nfsd	--	gen_context(system_u:object_r:nfsd_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.2/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rpc.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rpc.if	2009-01-16 16:06:27.000000000 -0500
 @@ -88,8 +88,11 @@
  	# bind to arbitary unused ports
  	corenet_tcp_bind_generic_port($1_t)
@@ -18251,7 +18336,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.2/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rpc.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rpc.te	2009-01-16 16:06:27.000000000 -0500
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write, false)
  
@@ -18305,7 +18390,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.2/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rshd.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rshd.te	2009-01-16 16:06:27.000000000 -0500
 @@ -51,7 +51,7 @@
  
  files_list_home(rshd_t)
@@ -18315,9 +18400,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  auth_login_pgm_domain(rshd_t)
  auth_write_login_records(rshd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.2/policy/modules/services/rsync.te
+--- nsaserefpolicy/policy/modules/services/rsync.te	2009-01-05 15:39:43.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rsync.te	2009-01-16 16:06:27.000000000 -0500
+@@ -119,5 +119,8 @@
+ 
+ tunable_policy(`rsync_export_all_ro',`
+ 	fs_read_noxattr_fs_files(rsync_t) 
++	auth_read_all_dirs_except_shadow(rsync_t)
+ 	auth_read_all_files_except_shadow(rsync_t)
++	auth_tunable_read_shadow(rsync_t)
+ ')
++auth_can_read_shadow_passwords(rsync_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.2/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/samba.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/samba.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -2,6 +2,9 @@
  #
  # /etc
@@ -18346,7 +18443,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.2/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/samba.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/samba.if	2009-01-16 16:06:27.000000000 -0500
 @@ -4,6 +4,45 @@
  ##	from Windows NT servers.
  ## </summary>
@@ -18746,7 +18843,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.2/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/samba.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/samba.te	2009-01-16 16:06:27.000000000 -0500
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -19154,7 +19251,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow smbcontrol_t nmbd_var_run_t:file { read lock };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.2/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/sasl.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sasl.te	2009-01-16 16:06:27.000000000 -0500
 @@ -107,6 +107,10 @@
  ')
  
@@ -19168,7 +19265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.2/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/sendmail.if	2009-01-13 09:34:43.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sendmail.if	2009-01-16 16:06:27.000000000 -0500
 @@ -149,3 +149,92 @@
  
  	logging_log_filetrans($1, sendmail_log_t, file)
@@ -19264,7 +19361,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.2/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/sendmail.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sendmail.te	2009-01-16 16:06:27.000000000 -0500
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -19434,7 +19531,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.2/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,3 +1,5 @@
 +/etc/rc\.d/init\.d/setroubleshoot	--	gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
 +
@@ -19443,7 +19540,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.2/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.if	2009-01-16 16:06:27.000000000 -0500
 @@ -16,8 +16,8 @@
  	')
  
@@ -19455,7 +19552,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -36,6 +36,48 @@
+@@ -36,6 +36,69 @@
  		type setroubleshootd_t, setroubleshoot_var_run_t;
  	')
  
@@ -19466,6 +19563,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +########################################
 +## <summary>
++##	Send and receive messages from
++##	setroubleshoot over dbus.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`setroubleshoot_dbus_chat',`
++	gen_require(`
++		type setroubleshootd_t;
++		class dbus send_msg;
++	')
++
++	allow $1 setroubleshootd_t:dbus send_msg;
++	allow setroubleshootd_t $1:dbus send_msg;
++')
++
++########################################
++## <summary>
 +##	All of the rules required to administrate 
 +##	an setroubleshoot environment
 +## </summary>
@@ -19507,7 +19625,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.2/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.te	2009-01-16 16:06:27.000000000 -0500
 @@ -11,6 +11,9 @@
  domain_type(setroubleshootd_t)
  init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -19594,7 +19712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rpm_use_script_fds(setroubleshootd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.2/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/smartmon.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/smartmon.te	2009-01-16 16:06:27.000000000 -0500
 @@ -19,6 +19,10 @@
  type fsdaemon_tmp_t;
  files_tmp_file(fsdaemon_tmp_t)
@@ -19654,7 +19772,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.6.2/policy/modules/services/snmp.fc
 --- nsaserefpolicy/policy/modules/services/snmp.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/snmp.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/snmp.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -20,5 +20,5 @@
  
  /var/net-snmp(/.*)		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
@@ -19664,7 +19782,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.2/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/snmp.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/snmp.te	2009-01-16 16:06:27.000000000 -0500
 @@ -71,6 +71,7 @@
  corenet_tcp_bind_snmp_port(snmpd_t)
  corenet_udp_bind_snmp_port(snmpd_t)
@@ -19675,7 +19793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_sysfs(snmpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.6.2/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/snort.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/snort.te	2009-01-16 16:06:27.000000000 -0500
 @@ -56,6 +56,7 @@
  files_pid_filetrans(snort_t, snort_var_run_t, file)
  
@@ -19708,7 +19826,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.2/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/spamassassin.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/spamassassin.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -1,15 +1,24 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -19739,7 +19857,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/MIMEDefang(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.2/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/spamassassin.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/spamassassin.if	2009-01-16 16:06:27.000000000 -0500
 @@ -111,6 +111,7 @@
  	')
  
@@ -19828,7 +19946,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.2/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/spamassassin.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/spamassassin.te	2009-01-16 16:06:27.000000000 -0500
 @@ -20,6 +20,35 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs, true)
@@ -20088,7 +20206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.2/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/squid.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/squid.if	2009-01-16 16:06:27.000000000 -0500
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -20117,7 +20235,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.2/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/squid.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/squid.te	2009-01-16 16:06:27.000000000 -0500
 @@ -118,6 +118,8 @@
  
  fs_getattr_all_fs(squid_t)
@@ -20138,7 +20256,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.2/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ssh.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ssh.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -14,3 +14,5 @@
  /usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
  
@@ -20147,7 +20265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.2/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ssh.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ssh.if	2009-01-16 16:06:27.000000000 -0500
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -20215,16 +20333,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	dev_read_urand($1_ssh_t)
  
-@@ -133,6 +133,8 @@
+@@ -132,6 +132,10 @@
+ 	files_read_etc_runtime_files($1_ssh_t)
  	files_read_etc_files($1_ssh_t)
  	files_read_var_files($1_ssh_t)
- 
-+	auth_use_nsswitch($1_ssh_t)
++	# Required for FreeNX
++	files_read_var_lib_symlinks($1_t)
 +
++	auth_use_nsswitch($1_ssh_t)
+ 
  	logging_send_syslog_msg($1_ssh_t)
  	logging_read_generic_logs($1_ssh_t)
- 
-@@ -140,9 +142,6 @@
+@@ -140,9 +144,6 @@
  
  	seutil_read_config($1_ssh_t)
  
@@ -20234,7 +20354,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	tunable_policy(`read_default_t',`
  		files_list_default($1_ssh_t)
  		files_read_default_files($1_ssh_t)
-@@ -154,14 +153,6 @@
+@@ -154,14 +155,6 @@
  	optional_policy(`
  		kerberos_use($1_ssh_t)
  	')
@@ -20249,7 +20369,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  #######################################
-@@ -194,13 +185,14 @@
+@@ -194,13 +187,14 @@
  	type $1_var_run_t;
  	files_pid_file($1_var_run_t)
  
@@ -20265,7 +20385,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
  	term_create_pty($1_t,$1_devpts_t)
-@@ -229,7 +221,12 @@
+@@ -229,7 +223,12 @@
  	corenet_udp_bind_all_nodes($1_t)
  	corenet_tcp_bind_ssh_port($1_t)
  	corenet_tcp_connect_all_ports($1_t)
@@ -20278,7 +20398,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	fs_dontaudit_getattr_all_fs($1_t)
  
-@@ -254,9 +251,14 @@
+@@ -254,9 +253,14 @@
  
  	userdom_dontaudit_relabelfrom_user_ptys($1_t)
  	userdom_search_user_home_dirs($1_t)
@@ -20293,7 +20413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	tunable_policy(`use_samba_home_dirs',`
-@@ -265,11 +267,7 @@
+@@ -265,11 +269,7 @@
  
  	optional_policy(`
  		kerberos_use($1_t)
@@ -20306,7 +20426,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	optional_policy(`
-@@ -611,3 +609,42 @@
+@@ -611,3 +611,42 @@
  
  	dontaudit $1 sshd_key_t:file { getattr read };
  ')
@@ -20351,7 +20471,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.2/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ssh.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ssh.te	2009-01-16 16:06:27.000000000 -0500
 @@ -75,7 +75,7 @@
  ubac_constrained(ssh_tmpfs_t)
  
@@ -20462,7 +20582,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.6.2/policy/modules/services/stunnel.fc
 --- nsaserefpolicy/policy/modules/services/stunnel.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/stunnel.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/stunnel.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -2,5 +2,6 @@
  /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
  
@@ -20472,7 +20592,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.6.2/policy/modules/services/stunnel.te
 --- nsaserefpolicy/policy/modules/services/stunnel.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/stunnel.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/stunnel.te	2009-01-16 16:06:27.000000000 -0500
 @@ -54,6 +54,8 @@
  kernel_read_system_state(stunnel_t)
  kernel_read_network_state(stunnel_t)
@@ -20492,7 +20612,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.6.2/policy/modules/services/sysstat.te
 --- nsaserefpolicy/policy/modules/services/sysstat.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/sysstat.te	2009-01-12 15:45:05.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sysstat.te	2009-01-16 16:06:27.000000000 -0500
 @@ -26,6 +26,7 @@
  can_exec(sysstat_t, sysstat_exec_t)
  
@@ -20503,7 +20623,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # get info from /proc
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.6.2/policy/modules/services/telnet.te
 --- nsaserefpolicy/policy/modules/services/telnet.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/telnet.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/telnet.te	2009-01-16 16:06:27.000000000 -0500
 @@ -87,8 +87,8 @@
  userdom_search_user_home_dirs(telnetd_t)
  
@@ -20517,7 +20637,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`use_nfs_home_dirs',`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.6.2/policy/modules/services/tor.te
 --- nsaserefpolicy/policy/modules/services/tor.te	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/tor.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/tor.te	2009-01-16 16:06:27.000000000 -0500
 @@ -34,7 +34,7 @@
  # tor local policy
  #
@@ -20529,7 +20649,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow tor_t self:netlink_route_socket r_netlink_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.fc serefpolicy-3.6.2/policy/modules/services/ulogd.fc
 --- nsaserefpolicy/policy/modules/services/ulogd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ulogd.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ulogd.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,10 @@
 +
 +/etc/rc\.d/init\.d/ulogd                --              gen_context(system_u:object_r:ulogd_initrc_exec_t,s0)
@@ -20543,7 +20663,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/ulogd(/.*)?					gen_context(system_u:object_r:ulogd_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.6.2/policy/modules/services/ulogd.if
 --- nsaserefpolicy/policy/modules/services/ulogd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ulogd.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ulogd.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,127 @@
 +## <summary>policy for ulogd</summary>
 +
@@ -20674,7 +20794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.6.2/policy/modules/services/ulogd.te
 --- nsaserefpolicy/policy/modules/services/ulogd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ulogd.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ulogd.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,51 @@
 +policy_module(ulogd,1.0.0)
 +
@@ -20729,7 +20849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive ulogd_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.fc serefpolicy-3.6.2/policy/modules/services/uucp.fc
 --- nsaserefpolicy/policy/modules/services/uucp.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/uucp.fc	2009-01-13 09:34:09.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/uucp.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -7,3 +7,5 @@
  /var/spool/uucppublic(/.*)?	gen_context(system_u:object_r:uucpd_spool_t,s0)
  
@@ -20738,7 +20858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.2/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/uucp.te	2009-01-13 09:35:13.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/uucp.te	2009-01-16 16:06:27.000000000 -0500
 @@ -10,6 +10,9 @@
  inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
  role system_r types uucpd_t;
@@ -20770,7 +20890,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.2/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/virt.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/virt.te	2009-01-16 16:06:27.000000000 -0500
 @@ -96,7 +96,7 @@
  corenet_tcp_sendrecv_all_nodes(virtd_t)
  corenet_tcp_sendrecv_all_ports(virtd_t)
@@ -20812,7 +20932,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.2/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/w3c.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/w3c.te	2009-01-16 16:06:27.000000000 -0500
 @@ -8,11 +8,18 @@
  
  apache_content_template(w3c_validator)
@@ -20834,7 +20954,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.2/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/xserver.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/xserver.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -3,11 +3,14 @@
  #
  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -20901,7 +21021,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.2/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/xserver.if	2009-01-12 14:24:38.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/xserver.if	2009-01-16 16:06:27.000000000 -0500
 @@ -156,7 +156,7 @@
  	allow $1 xserver_t:process signal;
  
@@ -21309,7 +21429,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	display.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.2/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/xserver.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/xserver.te	2009-01-16 16:06:27.000000000 -0500
 @@ -34,6 +34,13 @@
  
  ## <desc>
@@ -21680,7 +21800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 +	polkit_domtrans_auth(xdm_t)
-+	polkit_read_lib(xdm_t)
++	polkit_read_reload(xdm_t)
 +')
 +
 +# On crash gdm execs gdb to dump stack
@@ -21849,13 +21969,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.6.2/policy/modules/services/zosremote.fc
 --- nsaserefpolicy/policy/modules/services/zosremote.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/zosremote.fc	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/zosremote.fc	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/sbin/audispd-zos-remote	--	gen_context(system_u:object_r:zos_remote_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.2/policy/modules/services/zosremote.if
 --- nsaserefpolicy/policy/modules/services/zosremote.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/zosremote.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/zosremote.if	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,46 @@
 +## <summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
 +
@@ -21905,7 +22025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.te serefpolicy-3.6.2/policy/modules/services/zosremote.te
 --- nsaserefpolicy/policy/modules/services/zosremote.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/zosremote.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/zosremote.te	2009-01-16 16:06:27.000000000 -0500
 @@ -0,0 +1,33 @@
 +policy_module(zosremote,1.0.0)
 +
@@ -21987,7 +22107,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.2/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/system/authlogin.if	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/system/authlogin.if	2009-01-16 10:23:40.000000000 -0500
 @@ -43,6 +43,7 @@
  interface(`auth_login_pgm_domain',`
  	gen_require(`
@@ -23439,7 +23559,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.2/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/system/logging.te	2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/system/logging.te	2009-01-16 14:54:05.000000000 -0500
 @@ -126,7 +126,7 @@
  allow auditd_t self:process { signal_perms setpgid setsched };
  allow auditd_t self:file rw_file_perms;
@@ -23463,14 +23583,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  
 -allow audisp_t self:capability sys_nice;
-+allow audisp_t self:capability { dac_override sys_nice };
- allow audisp_t self:process setsched;
+-allow audisp_t self:process setsched;
 -allow audisp_t self:fifo_file rw_file_perms;
++allow audisp_t self:capability { dac_override sys_nice };
++allow audisp_t self:process { signal_perms setsched };
 +allow audisp_t self:fifo_file rw_fifo_file_perms;
  allow audisp_t self:unix_stream_socket create_stream_socket_perms;
  allow audisp_t self:unix_dgram_socket create_socket_perms;
  
-@@ -231,9 +233,12 @@
+@@ -226,20 +228,32 @@
+ manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
+ files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
+ 
+-corecmd_search_bin(audisp_t)
++corecmd_exec_bin(audisp_t)
++corecmd_exec_shell(audisp_t)
+ 
  domain_use_interactive_fds(audisp_t)
  
  files_read_etc_files(audisp_t)
@@ -23483,7 +23611,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_send_syslog_msg(audisp_t)
  
  miscfiles_read_localization(audisp_t)
-@@ -253,11 +258,16 @@
+ 
+ sysnet_dns_name_resolve(audisp_t)
+ 
++optional_policy(`
++	dbus_system_bus_client(audisp_t)
++
++	optional_policy(`
++		setroubleshoot_dbus_chat(audisp_t)
++	')
++')
++
+ ########################################
+ #
+ # Audit remote logger local policy
+@@ -253,11 +267,16 @@
  corenet_tcp_sendrecv_all_nodes(audisp_remote_t)
  corenet_tcp_connect_audit_port(audisp_remote_t)
  corenet_sendrecv_audit_client_packets(audisp_remote_t)
@@ -23500,7 +23642,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(audisp_remote_t)
  
  sysnet_dns_name_resolve(audisp_remote_t)
-@@ -337,7 +347,7 @@
+@@ -337,7 +356,7 @@
  allow syslogd_t self:unix_dgram_socket create_socket_perms;
  allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
  allow syslogd_t self:unix_dgram_socket sendto;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3a4fea9..edec78e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -445,6 +445,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Jan 15 2009 Dan Walsh <dwalsh@redhat.com> 3.6.2-5
+- Define openoffice as an x_domain
+
 * Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> 3.6.2-4
 - Fixes for reading xserver_tmp_t