diff --git a/policy-20071130.patch b/policy-20071130.patch
index 8465ee9..fadb74c 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -703,8 +703,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.2.7/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/admin/kismet.te 2008-02-06 11:02:29.000000000 -0500
-@@ -0,0 +1,58 @@
++++ serefpolicy-3.2.7/policy/modules/admin/kismet.te 2008-02-08 14:32:32.000000000 -0500
+@@ -0,0 +1,55 @@
++
+policy_module(kismet,1.0.0)
+
+########################################
@@ -717,7 +718,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+application_domain(kismet_t, kismet_exec_t)
+role system_r types kismet_t;
+
-+
+type kismet_var_run_t;
+files_pid_file(kismet_var_run_t)
+
@@ -732,8 +732,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+# kismet local policy
+#
+
-+## internal communication is often done using fifo and unix sockets.
-+#============= kismet_t ==============
+allow kismet_t self:capability { net_admin setuid setgid };
+
+corecmd_exec_bin(kismet_t)
@@ -750,7 +748,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+
+miscfiles_read_localization(kismet_t)
+
-+
+allow kismet_t kismet_var_run_t:file manage_file_perms;
+allow kismet_t kismet_var_run_t:dir manage_dir_perms;
+files_pid_filetrans(kismet_t,kismet_var_run_t, { file dir })
@@ -2137,7 +2134,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.2.7/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2007-07-23 10:20:12.000000000 -0400
-+++ serefpolicy-3.2.7/policy/modules/apps/gpg.if 2008-02-06 11:02:29.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/apps/gpg.if 2008-02-11 14:15:31.000000000 -0500
@@ -38,6 +38,10 @@
gen_require(`
type gpg_exec_t, gpg_helper_exec_t;
@@ -2149,7 +2146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
')
########################################
-@@ -45,275 +49,51 @@
+@@ -45,275 +49,53 @@
# Declarations
#
@@ -2387,8 +2384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
- #
- # Pinentry local policy
- #
-+ userdom_use_user_terminals($1,gpg_agent_t)
-
+-
- allow $1_gpg_pinentry_t self:unix_stream_socket { connect create getattr read shutdown write };
- allow $1_gpg_pinentry_t self:fifo_file rw_fifo_file_perms;
-
@@ -2423,7 +2419,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
- optional_policy(`
- xserver_stream_connect_xdm_xserver($1_gpg_pinentry_t)
- ')
--
++ userdom_use_user_terminals($1,gpg_agent_t)
+
- ifdef(`TODO',`
- allow $1_gpg_pinentry_t tmp_t:dir { getattr search };
-
@@ -2435,14 +2432,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
- dontaudit $1_gpg_pinentry_t nfs_t:dir write;
- dontaudit $1_gpg_pinentry_t nfs_t:file write;
- ')
--
++ # communicate with the user
++ allow gpg_helper_t $2:fd use;
++ allow gpg_helper_t $2:fifo_file rw_fifo_file_perms;
+
- tunable_policy(`use_samba_home_dirs',`
- dontaudit $1_gpg_pinentry_t cifs_t:dir write;
- dontaudit $1_gpg_pinentry_t cifs_t:file write;
- ')
-+ # communicate with the user
-+ allow gpg_helper_t $2:fd use;
-+ allow gpg_helper_t $2:fifo_file write;
++ userdom_manage_user_home_content_files(user, gpg_helper_t)
- dontaudit $1_gpg_pinentry_t { sysctl_t sysctl_kernel_t }:dir { getattr search };
- ') dnl end TODO
@@ -2454,8 +2452,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.2.7/policy/modules/apps/gpg.te
--- nsaserefpolicy/policy/modules/apps/gpg.te 2007-12-19 05:32:09.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/apps/gpg.te 2008-02-06 11:02:29.000000000 -0500
-@@ -7,15 +7,225 @@
++++ serefpolicy-3.2.7/policy/modules/apps/gpg.te 2008-02-11 14:16:30.000000000 -0500
+@@ -7,15 +7,232 @@
#
# Type for gpg or pgp executables.
@@ -2551,6 +2549,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
+# GPG helper local policy
+#
+
++allow gpg_helper_t self:process getsched;
++
+# for helper programs (which automatically fetch keys)
+# Note: this is only tested with the hkp interface. If you use eg the
+# mail interface you will likely need additional permissions.
@@ -2575,17 +2575,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
+corenet_udp_bind_all_nodes(gpg_helper_t)
+corenet_tcp_connect_all_ports(gpg_helper_t)
+
-+dev_read_urand(gpg_helper_t)
-+
+files_read_etc_files(gpg_helper_t)
-+# for nscd
-+files_dontaudit_search_var(gpg_helper_t)
++
++fs_list_inotifyfs(gpg_helper_t)
++
++auth_use_nsswitch(gpg_helper_t)
+
+libs_use_ld_so(gpg_helper_t)
+libs_use_shared_libs(gpg_helper_t)
+
-+sysnet_read_config(gpg_helper_t)
-+
+tunable_policy(`use_nfs_home_dirs',`
+ fs_dontaudit_rw_nfs_files(gpg_helper_t)
+')
@@ -2616,8 +2614,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
+manage_lnk_files_pattern(gpg_agent_t,user_gpg_secret_t,user_gpg_secret_t)
+
+# allow gpg to connect to the gpg agent
++manage_dirs_pattern(gpg_agent_t,user_gpg_secret_t,user_gpg_secret_t)
++manage_files_pattern(gpg_agent_t,user_gpg_secret_t,user_gpg_secret_t)
++manage_lnk_files_pattern(gpg_agent_t,user_gpg_secret_t,user_gpg_secret_t)
++
+stream_connect_pattern(gpg_t,user_gpg_agent_tmp_t,user_gpg_agent_tmp_t,gpg_agent_t)
+
++manage_dirs_pattern(gpg_agent_t,user_gpg_agent_tmp_t,user_gpg_agent_tmp_t)
++manage_files_pattern(gpg_agent_t,user_gpg_agent_tmp_t,user_gpg_agent_tmp_t)
++manage_sock_files_pattern(gpg_agent_t,user_gpg_agent_tmp_t,user_gpg_agent_tmp_t)
+files_tmp_filetrans(gpg_agent_t, user_gpg_agent_tmp_t, { file sock_file dir })
+
+corecmd_search_bin(gpg_agent_t)
@@ -2762,7 +2767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.2.7/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2007-03-01 10:01:48.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/apps/java.fc 2008-02-06 11:02:29.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/apps/java.fc 2008-02-11 14:02:02.000000000 -0500
@@ -11,6 +11,7 @@
#
/usr/(.*/)?bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -2771,7 +2776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
/usr/bin/frysk -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:java_exec_t,s0)
-@@ -20,5 +21,11 @@
+@@ -20,5 +21,13 @@
/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -2783,7 +2788,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
+/opt/matlab(/.*)?/bin(/.*)?/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+
-+/usr/lib(64)?/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
++/usr/lib/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
++/usr/lib64/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
++
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.2.7/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-12 08:56:02.000000000 -0400
@@ -3801,7 +3808,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.2.7/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/apps/nsplugin.if 2008-02-06 11:02:29.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/apps/nsplugin.if 2008-02-08 14:05:36.000000000 -0500
@@ -0,0 +1,337 @@
+
+##
++## This template creates a derived domains which are used ++## for nsplugin web browser. ++##
++##++## This template is invoked automatically for each user, and ++## generally does not need to be invoked directly ++## by policy writers. ++##
++##++## Transition to confined qemu domains from unconfined user ++##
++##
@@ -26689,7 +27007,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## This template creates a user domain, types, and
## rules for the user's tty, pty, home directories,
## tmp, and tmpfs files.
-@@ -1187,12 +1180,11 @@
+@@ -1187,12 +1184,11 @@
# and may change other protocols
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_all_nodes($1_t)
@@ -26704,16 +27022,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
# Run pppd in pppd_t by default for user
-@@ -1201,7 +1193,7 @@
+@@ -1201,7 +1197,11 @@
')
optional_policy(`
- setroubleshoot_stream_connect($1_t)
+ nsplugin_per_role_template($1, $1_usertype, $1_r)
++ ')
++
++ optional_policy(`
++ polkit_per_role_template($1, $1_usertype, $1_r)
')
')
-@@ -1278,8 +1270,6 @@
+@@ -1278,8 +1278,6 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -26722,7 +27044,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1357,13 +1347,6 @@
+@@ -1357,13 +1355,6 @@
# But presently necessary for installing the file_contexts file.
seutil_manage_bin_policy($1_t)
@@ -26736,7 +27058,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
optional_policy(`
userhelper_exec($1_t)
')
-@@ -1416,6 +1399,7 @@
+@@ -1416,6 +1407,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -26744,7 +27066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1781,10 +1765,14 @@
+@@ -1781,10 +1773,14 @@
template(`userdom_user_home_content',`
gen_require(`
attribute $1_file_type;
@@ -26760,7 +27082,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1880,11 +1868,11 @@
+@@ -1880,11 +1876,11 @@
#
template(`userdom_search_user_home_dirs',`
gen_require(`
@@ -26774,7 +27096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1914,11 +1902,11 @@
+@@ -1914,11 +1910,11 @@
#
template(`userdom_list_user_home_dirs',`
gen_require(`
@@ -26788,7 +27110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1962,12 +1950,12 @@
+@@ -1962,12 +1958,12 @@
#
template(`userdom_user_home_domtrans',`
gen_require(`
@@ -26804,7 +27126,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1997,10 +1985,10 @@
+@@ -1997,10 +1993,10 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@@ -26817,7 +27139,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2032,11 +2020,47 @@
+@@ -2032,11 +2028,47 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@@ -26867,7 +27189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2068,10 +2092,10 @@
+@@ -2068,10 +2100,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@@ -26880,7 +27202,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2101,11 +2125,11 @@
+@@ -2101,11 +2133,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@@ -26894,7 +27216,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2135,11 +2159,11 @@
+@@ -2135,11 +2167,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -26909,7 +27231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2169,10 +2193,10 @@
+@@ -2169,10 +2201,14 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@@ -26919,10 +27241,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
- dontaudit $2 $1_home_t:file write;
+ dontaudit $2 user_home_t:file write;
++ fs_dontaudit_list_nfs($2)
++ fs_dontaudit_rw_nfs_files($2)
++ fs_dontaudit_list_cifs($2)
++ fs_dontaudit_rw_cifs_files($2)
')
########################################
-@@ -2202,11 +2226,11 @@
+@@ -2202,11 +2238,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@@ -26936,7 +27262,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2236,11 +2260,11 @@
+@@ -2236,11 +2272,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -26950,7 +27276,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2270,10 +2294,10 @@
+@@ -2270,10 +2306,10 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -26963,7 +27289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2305,12 +2329,12 @@
+@@ -2305,12 +2341,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -26979,7 +27305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2342,10 +2366,10 @@
+@@ -2342,10 +2378,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -26992,7 +27318,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2377,12 +2401,12 @@
+@@ -2377,12 +2413,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -27008,7 +27334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2414,12 +2438,12 @@
+@@ -2414,12 +2450,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -27024,7 +27350,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2451,12 +2475,12 @@
+@@ -2451,12 +2487,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -27040,7 +27366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2501,11 +2525,11 @@
+@@ -2501,11 +2537,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -27054,7 +27380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2550,11 +2574,11 @@
+@@ -2550,11 +2586,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -27068,7 +27394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2594,11 +2618,11 @@
+@@ -2594,11 +2630,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -27082,7 +27408,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2628,11 +2652,11 @@
+@@ -2628,11 +2664,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -27096,7 +27422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2662,11 +2686,11 @@
+@@ -2662,11 +2698,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -27110,7 +27436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2698,10 +2722,10 @@
+@@ -2698,10 +2734,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -27123,7 +27449,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2733,10 +2757,10 @@
+@@ -2733,10 +2769,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -27136,7 +27462,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2766,12 +2790,12 @@
+@@ -2766,12 +2802,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -27152,7 +27478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2803,10 +2827,10 @@
+@@ -2803,10 +2839,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -27165,7 +27491,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2838,10 +2862,48 @@
+@@ -2838,10 +2874,48 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -27216,7 +27542,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2871,12 +2933,12 @@
+@@ -2871,12 +2945,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -27232,7 +27558,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2908,10 +2970,10 @@
+@@ -2908,10 +2982,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -27245,7 +27571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2943,12 +3005,12 @@
+@@ -2943,12 +3017,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -27261,7 +27587,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2980,11 +3042,11 @@
+@@ -2980,11 +3054,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -27275,7 +27601,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3016,11 +3078,11 @@
+@@ -3016,11 +3090,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -27289,7 +27615,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3052,11 +3114,11 @@
+@@ -3052,11 +3126,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -27303,7 +27629,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3088,11 +3150,11 @@
+@@ -3088,11 +3162,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -27317,7 +27643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3124,11 +3186,11 @@
+@@ -3124,11 +3198,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -27331,7 +27657,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3173,10 +3235,10 @@
+@@ -3173,10 +3247,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -27344,7 +27670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_search_tmp($2)
')
-@@ -3217,10 +3279,10 @@
+@@ -3217,10 +3291,10 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -27357,7 +27683,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3248,6 +3310,42 @@
+@@ -3248,6 +3322,42 @@
##
##
#
@@ -27400,7 +27726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
type $1_tmpfs_t;
-@@ -4225,11 +4323,11 @@
+@@ -4225,11 +4335,11 @@
#
interface(`userdom_search_staff_home_dirs',`
gen_require(`
@@ -27414,7 +27740,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4245,10 +4343,10 @@
+@@ -4245,10 +4355,10 @@
#
interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
@@ -27427,7 +27753,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4264,11 +4362,11 @@
+@@ -4264,11 +4374,11 @@
#
interface(`userdom_manage_staff_home_dirs',`
gen_require(`
@@ -27441,7 +27767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4283,16 +4381,16 @@
+@@ -4283,16 +4393,16 @@
#
interface(`userdom_relabelto_staff_home_dirs',`
gen_require(`
@@ -27461,7 +27787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## users home directory.
##
##
-@@ -4301,38 +4399,32 @@
+@@ -4301,38 +4411,32 @@
##
##
#
@@ -27509,7 +27835,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##