diff --git a/.cvsignore b/.cvsignore
index 107ca45..7c484f7 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -193,3 +193,4 @@ serefpolicy-3.6.32.tgz
 serefpolicy-3.6.33.tgz
 serefpolicy-3.7.1.tgz
 serefpolicy-3.7.2.tgz
+serefpolicy-3.7.3.tgz
diff --git a/nsadiff b/nsadiff
index b1c3c22..9404411 100755
--- a/nsadiff
+++ b/nsadiff
@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.1 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.3 > /tmp/diff
diff --git a/policy-F13.patch b/policy-F13.patch
index 4a2d764..ac3e349 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -1,6 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.1/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.3/Makefile
 --- nsaserefpolicy/Makefile	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.7.1/Makefile	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/Makefile	2009-11-25 12:39:13.000000000 -0500
 @@ -244,7 +244,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -10,9 +10,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
  net_contexts := $(builddir)net_contexts
  
  all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.7.1/policy/global_tunables
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.7.3/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/global_tunables	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/global_tunables	2009-11-25 12:39:13.000000000 -0500
 @@ -61,15 +61,6 @@
  
  ## <desc>
@@ -48,9 +48,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +## </desc>
 +gen_tunable(mmap_low_allowed, false)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.7.1/policy/modules/admin/alsa.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.7.3/policy/modules/admin/alsa.te
 --- nsaserefpolicy/policy/modules/admin/alsa.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/alsa.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/alsa.te	2009-11-25 12:39:13.000000000 -0500
 @@ -51,6 +51,8 @@
  files_read_etc_files(alsa_t)
  files_read_usr_files(alsa_t)
@@ -60,9 +60,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_use_nsswitch(alsa_t)
  
  init_use_fds(alsa_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.7.1/policy/modules/admin/anaconda.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.7.3/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/anaconda.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/anaconda.te	2009-11-25 12:39:13.000000000 -0500
 @@ -31,6 +31,7 @@
  modutils_domtrans_insmod(anaconda_t)
  
@@ -80,9 +80,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.7.1/policy/modules/admin/brctl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.7.3/policy/modules/admin/brctl.te
 --- nsaserefpolicy/policy/modules/admin/brctl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/brctl.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/brctl.te	2009-11-25 12:39:13.000000000 -0500
 @@ -21,7 +21,7 @@
  allow brctl_t self:unix_dgram_socket create_socket_perms;
  allow brctl_t self:tcp_socket create_socket_perms;
@@ -92,9 +92,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_network_state(brctl_t)
  kernel_read_sysctl(brctl_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.7.1/policy/modules/admin/certwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.7.3/policy/modules/admin/certwatch.te
 --- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/certwatch.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/certwatch.te	2009-11-25 12:39:13.000000000 -0500
 @@ -36,7 +36,7 @@
  miscfiles_read_localization(certwatch_t)
  
@@ -104,9 +104,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	apache_exec_modules(certwatch_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.1/policy/modules/admin/consoletype.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.3/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/consoletype.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/consoletype.te	2009-11-25 12:39:13.000000000 -0500
 @@ -84,6 +84,7 @@
  optional_policy(`
  	hal_dontaudit_use_fds(consoletype_t)
@@ -115,17 +115,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.fc serefpolicy-3.7.1/policy/modules/admin/dmesg.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.fc serefpolicy-3.7.3/policy/modules/admin/dmesg.fc
 --- nsaserefpolicy/policy/modules/admin/dmesg.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/dmesg.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/dmesg.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,2 +1,4 @@
  
  /bin/dmesg		--		gen_context(system_u:object_r:dmesg_exec_t,s0)
 +
 +/usr/sbin/mcelog	--		gen_context(system_u:object_r:dmesg_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.7.1/policy/modules/admin/dmesg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.7.3/policy/modules/admin/dmesg.te
 --- nsaserefpolicy/policy/modules/admin/dmesg.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/dmesg.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/dmesg.te	2009-11-25 12:39:13.000000000 -0500
 @@ -9,6 +9,7 @@
  type dmesg_t;
  type dmesg_exec_t;
@@ -167,9 +167,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +#mcelog needs
 +dev_read_raw_memory(dmesg_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.7.1/policy/modules/admin/firstboot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.7.3/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/firstboot.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/firstboot.te	2009-11-25 12:39:13.000000000 -0500
 @@ -91,8 +91,12 @@
  userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
  
@@ -192,44 +192,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.fc serefpolicy-3.7.1/policy/modules/admin/kismet.fc
---- nsaserefpolicy/policy/modules/admin/kismet.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/kismet.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -1,3 +1,5 @@
-+HOME_DIR/\.kismet(/.*)?			gen_context(system_u:object_r:kismet_home_t,s0)
-+
- /usr/bin/kismet			--	gen_context(system_u:object_r:kismet_exec_t,s0)
- /var/lib/kismet(/.*)?			gen_context(system_u:object_r:kismet_var_lib_t,s0)
- /var/log/kismet(/.*)?			gen_context(system_u:object_r:kismet_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.7.1/policy/modules/admin/kismet.te
---- nsaserefpolicy/policy/modules/admin/kismet.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/kismet.te	2009-11-17 11:06:58.000000000 -0500
-@@ -26,6 +26,9 @@
- type kismet_var_run_t;
- files_pid_file(kismet_var_run_t)
- 
-+type kismet_home_t;
-+userdom_user_home_content(kismet_home_t)
-+
- ########################################
- #
- # kismet local policy
-@@ -59,6 +62,12 @@
- allow kismet_t kismet_var_run_t:dir manage_dir_perms;
- files_pid_filetrans(kismet_t, kismet_var_run_t, { file dir })
- 
-+manage_dirs_pattern(kismet_t, kismet_home_t, kismet_home_t)
-+manage_files_pattern(kismet_t, kismet_home_t, kismet_home_t)
-+manage_lnk_files_pattern(kismet_t, kismet_home_t, kismet_home_t)
-+userdom_search_user_home_dirs(kismet_t)
-+userdom_user_home_dir_filetrans(kismet_t, kismet_home_t, { file dir })
-+
- kernel_search_debugfs(kismet_t)
- kernel_read_system_state(kismet_t)
- 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.1/policy/modules/admin/logrotate.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.3/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/logrotate.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/logrotate.te	2009-11-25 12:39:13.000000000 -0500
 @@ -32,7 +32,7 @@
  # Change ownership on log files.
  allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -287,18 +252,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	slrnpull_manage_spool(logrotate_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.7.1/policy/modules/admin/logwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.7.3/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/logwatch.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/logwatch.te	2009-11-25 12:39:13.000000000 -0500
 @@ -136,4 +136,5 @@
  
  optional_policy(`
  	samba_read_log(logwatch_t)
 +	samba_read_share_files(logwatch_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.7.1/policy/modules/admin/mrtg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.7.3/policy/modules/admin/mrtg.te
 --- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/mrtg.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/mrtg.te	2009-11-25 12:39:13.000000000 -0500
 @@ -116,6 +116,7 @@
  userdom_use_user_terminals(mrtg_t)
  userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -307,9 +272,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  netutils_domtrans_ping(mrtg_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.1/policy/modules/admin/netutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.3/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/netutils.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/netutils.te	2009-11-25 12:39:13.000000000 -0500
 @@ -44,6 +44,7 @@
  allow netutils_t self:packet_socket create_socket_perms;
  allow netutils_t self:udp_socket create_socket_perms;
@@ -326,18 +291,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_use_user_terminals(netutils_t)
  userdom_use_all_users_fds(netutils_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.fc serefpolicy-3.7.1/policy/modules/admin/ntop.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.fc serefpolicy-3.7.3/policy/modules/admin/ntop.fc
 --- nsaserefpolicy/policy/modules/admin/ntop.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/ntop.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/ntop.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,5 @@
 +/etc/rc\.d/init\.d/ntop	--	gen_context(system_u:object_r:ntop_initrc_exec_t,s0)
 +
 +/usr/sbin/ntop		--	gen_context(system_u:object_r:ntop_exec_t,s0)
 +
 +/var/lib/ntop(/.*)?		gen_context(system_u:object_r:ntop_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.if serefpolicy-3.7.1/policy/modules/admin/ntop.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.if serefpolicy-3.7.3/policy/modules/admin/ntop.if
 --- nsaserefpolicy/policy/modules/admin/ntop.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/ntop.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/ntop.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,158 @@
 +
 +## <summary>policy for ntop</summary>
@@ -497,9 +462,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	ntop_manage_var_lib($1)
 +
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.te serefpolicy-3.7.1/policy/modules/admin/ntop.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.te serefpolicy-3.7.3/policy/modules/admin/ntop.te
 --- nsaserefpolicy/policy/modules/admin/ntop.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/ntop.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/ntop.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,40 @@
 +policy_module(ntop,1.0.0)
 +
@@ -541,9 +506,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +miscfiles_read_localization(ntop_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage.te serefpolicy-3.7.1/policy/modules/admin/portage.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage.te serefpolicy-3.7.3/policy/modules/admin/portage.te
 --- nsaserefpolicy/policy/modules/admin/portage.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/portage.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/portage.te	2009-11-25 12:39:13.000000000 -0500
 @@ -196,7 +196,7 @@
  # - for rsync and distfile fetching
  #
@@ -553,17 +518,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow portage_fetch_t self:process signal;
  allow portage_fetch_t self:unix_stream_socket create_socket_perms;
  allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.7.1/policy/modules/admin/prelink.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.7.3/policy/modules/admin/prelink.fc
 --- nsaserefpolicy/policy/modules/admin/prelink.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/prelink.fc	2009-11-18 10:28:50.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/prelink.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,3 +1,4 @@
 +/etc/cron\.daily/prelink	--      gen_context(system_u:object_r:prelink_cron_system_exec_t,s0)
  
  /etc/prelink\.cache		--	gen_context(system_u:object_r:prelink_cache_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.7.1/policy/modules/admin/prelink.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.7.3/policy/modules/admin/prelink.if
 --- nsaserefpolicy/policy/modules/admin/prelink.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/prelink.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/prelink.if	2009-11-25 12:39:13.000000000 -0500
 @@ -151,11 +151,11 @@
  ##	</summary>
  ## </param>
@@ -578,9 +543,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	relabelfrom_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
 +	relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.1/policy/modules/admin/prelink.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.3/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/prelink.te	2009-11-18 10:28:50.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/prelink.te	2009-11-25 12:39:13.000000000 -0500
 @@ -21,8 +21,23 @@
  type prelink_tmp_t;
  files_tmp_file(prelink_tmp_t)
@@ -700,9 +665,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	rpm_read_db(prelink_cron_system_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.1/policy/modules/admin/readahead.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.3/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/readahead.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/readahead.te	2009-11-25 12:39:13.000000000 -0500
 @@ -52,6 +52,7 @@
  
  files_list_non_security(readahead_t)
@@ -711,9 +676,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_create_boot_flag(readahead_t)
  files_getattr_all_pipes(readahead_t)
  files_dontaudit_getattr_all_sockets(readahead_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.7.1/policy/modules/admin/rpm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.7.3/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/rpm.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/rpm.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,18 +1,18 @@
  
  /bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -763,9 +728,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # SuSE
  ifdef(`distro_suse', `
  /usr/bin/online_update		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.1/policy/modules/admin/rpm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.3/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/rpm.if	2009-11-24 07:35:57.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/rpm.if	2009-11-25 12:39:13.000000000 -0500
 @@ -13,11 +13,34 @@
  interface(`rpm_domtrans',`
  	gen_require(`
@@ -1177,9 +1142,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 rpm_t:process signull;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.7.1/policy/modules/admin/rpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.7.3/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/rpm.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/rpm.te	2009-11-25 12:39:13.000000000 -0500
 @@ -15,6 +15,9 @@
  domain_interactive_fd(rpm_t)
  role system_r types rpm_t;
@@ -1454,9 +1419,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	optional_policy(`
  		java_domtrans_unconfined(rpm_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.7.1/policy/modules/admin/shorewall.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.7.3/policy/modules/admin/shorewall.fc
 --- nsaserefpolicy/policy/modules/admin/shorewall.fc	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/shorewall.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/shorewall.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -4,8 +4,9 @@
  /etc/shorewall(/.*)?				gen_context(system_u:object_r:shorewall_etc_t,s0)
  /etc/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_etc_t,s0)
@@ -1468,9 +1433,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/shorewall(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 +/var/lib/shorewall6(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
  /var/lib/shorewall-lite(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.7.1/policy/modules/admin/shorewall.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.7.3/policy/modules/admin/shorewall.if
 --- nsaserefpolicy/policy/modules/admin/shorewall.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/shorewall.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/shorewall.if	2009-11-25 12:39:13.000000000 -0500
 @@ -75,6 +75,46 @@
  	rw_files_pattern($1, shorewall_var_run_t, shorewall_var_run_t)
  ')
@@ -1518,9 +1483,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #######################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.1/policy/modules/admin/shorewall.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.3/policy/modules/admin/shorewall.te
 --- nsaserefpolicy/policy/modules/admin/shorewall.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/shorewall.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/shorewall.te	2009-11-25 12:39:13.000000000 -0500
 @@ -80,6 +80,8 @@
  
  sysnet_domtrans_ifconfig(shorewall_t)
@@ -1530,22 +1495,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	iptables_domtrans(shorewall_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.fc serefpolicy-3.7.1/policy/modules/admin/smoltclient.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.fc serefpolicy-3.7.3/policy/modules/admin/smoltclient.fc
 --- nsaserefpolicy/policy/modules/admin/smoltclient.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/smoltclient.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/smoltclient.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,4 @@
 +
 +/usr/share/smolt/client/sendProfile.py	--	gen_context(system_u:object_r:smoltclient_exec_t,s0)	
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.if serefpolicy-3.7.1/policy/modules/admin/smoltclient.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.if serefpolicy-3.7.3/policy/modules/admin/smoltclient.if
 --- nsaserefpolicy/policy/modules/admin/smoltclient.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/smoltclient.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/smoltclient.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1 @@
 +## <summary>The Fedora hardware profiler client</summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.7.1/policy/modules/admin/smoltclient.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.7.3/policy/modules/admin/smoltclient.te
 --- nsaserefpolicy/policy/modules/admin/smoltclient.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/smoltclient.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/smoltclient.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,66 @@
 +policy_module(smoltclient,1.0.0)
 +
@@ -1613,9 +1578,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +permissive smoltclient_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.7.1/policy/modules/admin/sudo.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.7.3/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/sudo.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/sudo.if	2009-11-25 12:39:13.000000000 -0500
 @@ -66,8 +66,8 @@
  	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
  	allow $1_sudo_t self:unix_dgram_socket sendto;
@@ -1660,9 +1625,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.7.1/policy/modules/admin/tmpreaper.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.7.3/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/tmpreaper.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/tmpreaper.te	2009-11-25 12:39:13.000000000 -0500
 @@ -42,6 +42,7 @@
  cron_system_entry(tmpreaper_t, tmpreaper_exec_t)
  
@@ -1692,21 +1657,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	unconfined_domain(tmpreaper_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.7.1/policy/modules/admin/tzdata.te
---- nsaserefpolicy/policy/modules/admin/tzdata.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/tzdata.te	2009-11-17 11:06:58.000000000 -0500
-@@ -19,6 +19,8 @@
- files_read_etc_files(tzdata_t)
- files_search_spool(tzdata_t)
- 
-+fs_getattr_xattr_fs(tzdata_t)
-+
- term_dontaudit_list_ptys(tzdata_t)
- 
- locallogin_dontaudit_use_fds(tzdata_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.7.1/policy/modules/admin/usermanage.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.7.3/policy/modules/admin/usermanage.if
 --- nsaserefpolicy/policy/modules/admin/usermanage.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/usermanage.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/usermanage.if	2009-11-25 12:39:13.000000000 -0500
 @@ -113,6 +113,12 @@
  	files_search_usr($1)
  	corecmd_search_bin($1)
@@ -1732,9 +1685,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	optional_policy(`
  		nscd_run(useradd_t, $2)
  	')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.7.1/policy/modules/admin/usermanage.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.7.3/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/usermanage.te	2009-11-23 11:11:28.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/usermanage.te	2009-11-25 12:39:13.000000000 -0500
 @@ -82,6 +82,7 @@
  selinux_compute_relabel_context(chfn_t)
  selinux_compute_user_contexts(chfn_t)
@@ -1864,9 +1817,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	puppet_rw_tmp(useradd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.1/policy/modules/admin/vbetool.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.3/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/admin/vbetool.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/vbetool.te	2009-11-25 12:39:13.000000000 -0500
 @@ -15,15 +15,20 @@
  # Local policy
  #
@@ -1899,9 +1852,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xserver_exec_pid(vbetool_t)
 +	xserver_write_pid(vbetool_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.7.1/policy/modules/admin/vpn.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.7.3/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/admin/vpn.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/admin/vpn.te	2009-11-25 12:39:13.000000000 -0500
 @@ -46,6 +46,7 @@
  kernel_read_system_state(vpnc_t)
  kernel_read_network_state(vpnc_t)
@@ -1910,17 +1863,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_rw_net_sysctls(vpnc_t)
  
  corenet_all_recvfrom_unlabeled(vpnc_t)
-@@ -98,6 +99,7 @@
- logging_dontaudit_search_logs(vpnc_t)
+@@ -105,8 +106,9 @@
+ sysnet_etc_filetrans_config(vpnc_t)
+ sysnet_manage_config(vpnc_t)
  
- miscfiles_read_localization(vpnc_t)
-+miscfiles_read_home_certs(vpnc_t)
+-userdom_use_all_users_fds(vpnc_t)
+ userdom_dontaudit_search_user_home_content(vpnc_t)
++userdom_read_home_certs(vpnc_t)
++userdom_use_all_users_fds(vpnc_t)
  
- seutil_dontaudit_search_config(vpnc_t)
- seutil_use_newrole_fds(vpnc_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/calamaris.te serefpolicy-3.7.1/policy/modules/apps/calamaris.te
+ optional_policy(`
+ 	dbus_system_bus_client(vpnc_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/calamaris.te serefpolicy-3.7.3/policy/modules/apps/calamaris.te
 --- nsaserefpolicy/policy/modules/apps/calamaris.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/calamaris.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/calamaris.te	2009-11-25 12:39:13.000000000 -0500
 @@ -59,12 +59,12 @@
  
  libs_read_lib_files(calamaris_t)
@@ -1943,15 +1899,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -optional_policy(`
 -	nis_use_ypbind(calamaris_t)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.7.1/policy/modules/apps/chrome.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.7.3/policy/modules/apps/chrome.fc
 --- nsaserefpolicy/policy/modules/apps/chrome.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/chrome.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/chrome.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/usr/lib(64)?/chromium-browser/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.7.1/policy/modules/apps/chrome.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.7.3/policy/modules/apps/chrome.if
 --- nsaserefpolicy/policy/modules/apps/chrome.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/chrome.if	2009-11-23 10:04:49.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/chrome.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,86 @@
 +
 +## <summary>policy for chrome</summary>
@@ -2039,9 +1995,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $2 chrome_sandbox_tmpfs_t:file rw_file_perms;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.1/policy/modules/apps/chrome.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.3/policy/modules/apps/chrome.te
 --- nsaserefpolicy/policy/modules/apps/chrome.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/chrome.te	2009-11-23 09:56:06.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/chrome.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,77 @@
 +policy_module(chrome,1.0.0)
 +
@@ -2120,9 +2076,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	fs_dontaudit_read_cifs_files(chrome_sandbox_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.7.1/policy/modules/apps/cpufreqselector.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.7.3/policy/modules/apps/cpufreqselector.te
 --- nsaserefpolicy/policy/modules/apps/cpufreqselector.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/cpufreqselector.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/cpufreqselector.te	2009-11-25 12:39:13.000000000 -0500
 @@ -26,7 +26,7 @@
  dev_rw_sysfs(cpufreqselector_t)
  
@@ -2132,10 +2088,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.7.1/policy/modules/apps/execmem.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.7.3/policy/modules/apps/execmem.fc
 --- nsaserefpolicy/policy/modules/apps/execmem.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/execmem.fc	2009-11-23 08:54:39.000000000 -0500
-@@ -0,0 +1,41 @@
++++ serefpolicy-3.7.3/policy/modules/apps/execmem.fc	2009-11-25 14:07:42.000000000 -0500
+@@ -0,0 +1,42 @@
 +/usr/bin/aticonfig	--	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/bin/darcs 		--	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/bin/haddock.*  	--	gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -2172,14 +2128,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/wingide-[^/]+/bin/PyCore/python -- gen_context(system_u:object_r:execmem_exec_t,s0)
 +
 +/opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Updater -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/opt/Adobe.*AIR/.*/Resources/Adobe.AIR.Application -- gen_context(system_u:object_r:execmem_exec_t,s0)
 +
 +/opt/likewise/bin/domainjoin-cli -- gen_context(system_u:object_r:execmem_exec_t,s0)
 +
 +/opt/google/chrome/chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
 +/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.7.1/policy/modules/apps/execmem.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.7.3/policy/modules/apps/execmem.if
 --- nsaserefpolicy/policy/modules/apps/execmem.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/execmem.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/execmem.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,104 @@
 +## <summary>execmem domain</summary>
 +
@@ -2285,9 +2242,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	domtrans_pattern($1, execmem_exec_t, $2)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.7.1/policy/modules/apps/execmem.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.7.3/policy/modules/apps/execmem.te
 --- nsaserefpolicy/policy/modules/apps/execmem.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/execmem.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/execmem.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,11 @@
 +
 +policy_module(execmem, 1.0.0)
@@ -2300,23 +2257,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type execmem_exec_t alias unconfined_execmem_exec_t;
 +application_executable_file(execmem_exec_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.7.1/policy/modules/apps/firewallgui.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.7.3/policy/modules/apps/firewallgui.fc
 --- nsaserefpolicy/policy/modules/apps/firewallgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/firewallgui.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/firewallgui.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,3 @@
 +
 +/usr/share/system-config-firewall/system-config-firewall-mechanism.py	--	gen_context(system_u:object_r:firewallgui_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.7.1/policy/modules/apps/firewallgui.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.7.3/policy/modules/apps/firewallgui.if
 --- nsaserefpolicy/policy/modules/apps/firewallgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/firewallgui.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/firewallgui.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,3 @@
 +
 +## <summary>policy for firewallgui</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.7.1/policy/modules/apps/firewallgui.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.7.3/policy/modules/apps/firewallgui.te
 --- nsaserefpolicy/policy/modules/apps/firewallgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/firewallgui.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/firewallgui.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,64 @@
 +
 +policy_module(firewallgui,1.0.0)
@@ -2382,9 +2339,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        policykit_dbus_chat(firewallgui_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.7.1/policy/modules/apps/gitosis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.7.3/policy/modules/apps/gitosis.if
 --- nsaserefpolicy/policy/modules/apps/gitosis.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/gitosis.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/gitosis.if	2009-11-25 12:39:13.000000000 -0500
 @@ -43,3 +43,48 @@
  	role $2 types gitosis_t;
  ')
@@ -2434,9 +2391,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +	manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.7.1/policy/modules/apps/gnome.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.7.3/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/gnome.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/gnome.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,8 +1,18 @@
 -HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:gnome_home_t,s0)
 +HOME_DIR/\.cache(/.*)?		gen_context(system_u:object_r:cache_home_t,s0)
@@ -2458,9 +2415,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/libexec/gconf-defaults-mechanism	    	--      gen_context(system_u:object_r:gconfdefaultsm_exec_t,s0)
 +
 +/usr/libexec/gnome-system-monitor-mechanism 	--      gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.7.1/policy/modules/apps/gnome.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.7.3/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/gnome.if	2009-11-19 15:02:40.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/gnome.if	2009-11-25 12:39:13.000000000 -0500
 @@ -84,10 +84,183 @@
  #
  interface(`gnome_manage_config',`
@@ -2648,9 +2605,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	# Connect to pulseaudit server
 +	stream_connect_pattern($1, gnome_home_type, gnome_home_type, $2)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.1/policy/modules/apps/gnome.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.3/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/gnome.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/gnome.te	2009-11-25 12:39:13.000000000 -0500
 @@ -7,18 +7,30 @@
  #
  
@@ -2792,9 +2749,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        policykit_read_lib(gnomesystemmm_t)
 +        policykit_read_reload(gnomesystemmm_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.1/policy/modules/apps/gpg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.3/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/gpg.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/gpg.te	2009-11-25 12:39:13.000000000 -0500
 @@ -104,12 +104,19 @@
  
  auth_use_nsswitch(gpg_t)
@@ -2839,9 +2796,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xserver_common_app(gpg_pinentry_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.7.1/policy/modules/apps/java.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.7.3/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/java.fc	2009-11-19 09:59:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/java.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -2,15 +2,17 @@
  # /opt
  #
@@ -2882,9 +2839,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins(/.*)?	--	gen_context(system_u:object_r:java_exec_t,s0)
 +
 +/usr/java/eclipse[^/]*/eclipse	--	gen_context(system_u:object_r:java_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.7.1/policy/modules/apps/java.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.7.3/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/java.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/java.if	2009-11-25 12:39:13.000000000 -0500
 @@ -30,6 +30,7 @@
  
  	allow java_t $2:unix_stream_socket connectto;
@@ -3028,9 +2985,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		xserver_role($1_r, $1_java_t)
 +	')
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.1/policy/modules/apps/java.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.3/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/java.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/java.te	2009-11-25 12:39:13.000000000 -0500
 @@ -20,6 +20,8 @@
  typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
  typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
@@ -3080,21 +3037,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	unconfined_domain_noaudit(unconfined_java_t)
 -	unconfined_dbus_chat(unconfined_java_t)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.7.1/policy/modules/apps/kdumpgui.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.7.3/policy/modules/apps/kdumpgui.fc
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/kdumpgui.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/kdumpgui.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/usr/share/system-config-kdump/system-config-kdump-backend.py -- gen_context(system_u:object_r:kdumpgui_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.7.1/policy/modules/apps/kdumpgui.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.7.3/policy/modules/apps/kdumpgui.if
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/kdumpgui.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/kdumpgui.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,2 @@
 +## <summary>system-config-kdump policy</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.7.1/policy/modules/apps/kdumpgui.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.7.3/policy/modules/apps/kdumpgui.te
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/kdumpgui.te	2009-11-23 09:53:25.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/kdumpgui.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,67 @@
 +policy_module(kdumpgui,1.0.0)
 +
@@ -3163,15 +3120,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +permissive kdumpgui_t;
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.7.1/policy/modules/apps/livecd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.7.3/policy/modules/apps/livecd.fc
 --- nsaserefpolicy/policy/modules/apps/livecd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/livecd.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/livecd.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.7.1/policy/modules/apps/livecd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.7.3/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/livecd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/livecd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,52 @@
 +
 +## <summary>policy for livecd</summary>
@@ -3225,9 +3182,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	usermanage_run_chfn(livecd_t, $2)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.7.1/policy/modules/apps/livecd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.7.3/policy/modules/apps/livecd.te
 --- nsaserefpolicy/policy/modules/apps/livecd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/livecd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/livecd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,27 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -3256,9 +3213,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +seutil_domtrans_setfiles_mac(livecd_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.7.1/policy/modules/apps/loadkeys.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.7.3/policy/modules/apps/loadkeys.te
 --- nsaserefpolicy/policy/modules/apps/loadkeys.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/loadkeys.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/loadkeys.te	2009-11-25 12:42:30.000000000 -0500
 @@ -40,8 +40,12 @@
  miscfiles_read_localization(loadkeys_t)
  
@@ -3271,17 +3228,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 +
 +ifdef(`hide_broken_symptoms',`
-+	dev_dontaudit_rw_lvm_control_dev(loadkeys_t)
++	dev_dontaudit_rw_lvm_control(loadkeys_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.fc serefpolicy-3.7.1/policy/modules/apps/mono.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.fc serefpolicy-3.7.3/policy/modules/apps/mono.fc
 --- nsaserefpolicy/policy/modules/apps/mono.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/mono.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/mono.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1 +1 @@
 -/usr/bin/mono	--	gen_context(system_u:object_r:mono_exec_t,s0)
 +/usr/bin/mono.*	--	gen_context(system_u:object_r:mono_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.7.1/policy/modules/apps/mono.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.7.3/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/mono.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/mono.if	2009-11-25 12:39:13.000000000 -0500
 @@ -21,6 +21,105 @@
  
  ########################################
@@ -3397,9 +3354,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	corecmd_search_bin($1)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.7.1/policy/modules/apps/mono.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.7.3/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/mono.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/mono.te	2009-11-25 12:39:13.000000000 -0500
 @@ -15,7 +15,7 @@
  # Local policy
  #
@@ -3423,9 +3380,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	xserver_rw_shm(mono_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.7.1/policy/modules/apps/mozilla.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.7.3/policy/modules/apps/mozilla.fc
 --- nsaserefpolicy/policy/modules/apps/mozilla.fc	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/mozilla.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/mozilla.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,6 +1,7 @@
  HOME_DIR/\.galeon(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
  HOME_DIR/\.java(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
@@ -3434,9 +3391,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  HOME_DIR/\.netscape(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
  HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.7.1/policy/modules/apps/mozilla.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.7.3/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/mozilla.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/mozilla.if	2009-11-25 12:39:13.000000000 -0500
 @@ -45,6 +45,18 @@
  	relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
  	relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
@@ -3526,9 +3483,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Run mozilla in the mozilla domain.
  ## </summary>
  ## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.7.1/policy/modules/apps/mozilla.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.7.3/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/mozilla.te	2009-11-20 08:13:05.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/mozilla.te	2009-11-25 12:58:28.000000000 -0500
 @@ -59,6 +59,7 @@
  manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
  manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
@@ -3570,7 +3527,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  logging_send_syslog_msg(mozilla_t)
  
-+miscfiles_dontaudit_setattr_fonts(mozilla_t)
++miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
  miscfiles_read_fonts(mozilla_t)
  miscfiles_read_localization(mozilla_t)
  
@@ -3614,9 +3571,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	thunderbird_domtrans(mozilla_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.7.1/policy/modules/apps/nsplugin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.7.3/policy/modules/apps/nsplugin.fc
 --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/nsplugin.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/nsplugin.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,11 @@
 +HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
 +HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -3629,9 +3586,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
 +/usr/lib(64)?/nspluginwrapper/plugin-config	--	gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.7.1/policy/modules/apps/nsplugin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.7.3/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/nsplugin.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/nsplugin.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,323 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -3956,9 +3913,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 nsplugin_home_t:fifo_file rw_fifo_file_perms; 
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.7.1/policy/modules/apps/nsplugin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.7.3/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/nsplugin.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/nsplugin.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,295 @@
 +
 +policy_module(nsplugin, 1.0.0)
@@ -4255,16 +4212,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.7.1/policy/modules/apps/openoffice.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.7.3/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/openoffice.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/openoffice.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,3 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.1/policy/modules/apps/openoffice.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.3/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/openoffice.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/openoffice.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,93 @@
 +## <summary>Openoffice</summary>
 +
@@ -4359,9 +4316,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		xserver_common_x_domain_template($1, $1_openoffice_t)
 +	')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.1/policy/modules/apps/openoffice.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.3/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/openoffice.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/openoffice.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,11 @@
 +
 +policy_module(openoffice, 1.0.0)
@@ -4374,9 +4331,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type openoffice_t;
 +type openoffice_exec_t;
 +application_domain(openoffice_t, openoffice_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.1/policy/modules/apps/podsleuth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.3/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/podsleuth.te	2009-11-24 18:08:28.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/podsleuth.te	2009-11-25 12:39:13.000000000 -0500
 @@ -66,11 +66,14 @@
  fs_search_dos(podsleuth_t)
  fs_getattr_tmpfs(podsleuth_t)
@@ -4392,9 +4349,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	dbus_system_bus_client(podsleuth_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.if serefpolicy-3.7.1/policy/modules/apps/ptchown.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.if serefpolicy-3.7.3/policy/modules/apps/ptchown.if
 --- nsaserefpolicy/policy/modules/apps/ptchown.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/ptchown.if	2009-11-24 14:56:10.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/ptchown.if	2009-11-25 12:39:13.000000000 -0500
 @@ -18,3 +18,27 @@
  	domtrans_pattern($1, ptchown_exec_t, ptchown_t)
  ')
@@ -4423,9 +4380,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	ptchown_domtrans($1)
 +	role $2 types ptchown_t;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.1/policy/modules/apps/pulseaudio.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.3/policy/modules/apps/pulseaudio.if
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/pulseaudio.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/pulseaudio.if	2009-11-25 12:39:13.000000000 -0500
 @@ -40,7 +40,7 @@
  	userdom_manage_tmpfs_role($1, pulseaudio_t)
  
@@ -4435,9 +4392,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.1/policy/modules/apps/pulseaudio.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.3/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/pulseaudio.te	2009-11-19 14:58:11.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/pulseaudio.te	2009-11-25 12:39:13.000000000 -0500
 @@ -18,7 +18,7 @@
  
  allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
@@ -4490,17 +4447,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xserver_read_xdm_lib_files(pulseaudio_t)
 +	xserver_common_app(pulseaudio_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.7.1/policy/modules/apps/qemu.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.7.3/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/qemu.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/qemu.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,2 +1,2 @@
 -/usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 -/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/bin/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/libexec/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.7.1/policy/modules/apps/qemu.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.7.3/policy/modules/apps/qemu.if
 --- nsaserefpolicy/policy/modules/apps/qemu.if	2009-08-31 13:44:40.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/qemu.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/qemu.if	2009-11-25 12:39:13.000000000 -0500
 @@ -40,6 +40,10 @@
  
  	qemu_domtrans($1)
@@ -4701,9 +4658,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.7.1/policy/modules/apps/qemu.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.7.3/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/qemu.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/qemu.te	2009-11-25 12:39:13.000000000 -0500
 @@ -13,15 +13,46 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
@@ -4811,20 +4768,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role unconfined_r types qemu_unconfined_t;
  	allow qemu_unconfined_t self:process { execstack execmem };
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.7.1/policy/modules/apps/sambagui.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.7.3/policy/modules/apps/sambagui.fc
 --- nsaserefpolicy/policy/modules/apps/sambagui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sambagui.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sambagui.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1 @@
 +/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.7.1/policy/modules/apps/sambagui.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.7.3/policy/modules/apps/sambagui.if
 --- nsaserefpolicy/policy/modules/apps/sambagui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sambagui.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sambagui.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,2 @@
 +## <summary>system-config-samba policy</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.7.1/policy/modules/apps/sambagui.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.7.3/policy/modules/apps/sambagui.te
 --- nsaserefpolicy/policy/modules/apps/sambagui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sambagui.te	2009-11-23 10:38:27.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sambagui.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,60 @@
 +policy_module(sambagui,1.0.0)
 +
@@ -4886,15 +4843,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	policykit_dbus_chat(sambagui_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.7.1/policy/modules/apps/sandbox.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.7.3/policy/modules/apps/sandbox.fc
 --- nsaserefpolicy/policy/modules/apps/sandbox.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sandbox.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sandbox.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1 @@
 +# No types are sandbox_exec_t
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.1/policy/modules/apps/sandbox.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.3/policy/modules/apps/sandbox.if
 --- nsaserefpolicy/policy/modules/apps/sandbox.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sandbox.if	2009-11-18 16:21:19.000000000 -0500
-@@ -0,0 +1,187 @@
++++ serefpolicy-3.7.3/policy/modules/apps/sandbox.if	2009-11-25 15:14:52.000000000 -0500
+@@ -0,0 +1,188 @@
 +
 +## <summary>policy for sandbox</summary>
 +
@@ -4937,6 +4894,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	dontaudit sandbox_xserver_t $1:fifo_file rw_fifo_file_perms;
 +	dontaudit sandbox_xserver_t $1:tcp_socket rw_socket_perms;
 +	dontaudit sandbox_xserver_t $1:udp_socket rw_socket_perms;
++	allow sandbox_xserver_t $1:unix_stream_socket { read write };
 +
 +	allow sandbox_x_domain $1:process { sigchld signal };
 +	allow sandbox_x_domain sandbox_x_domain:process signal;
@@ -5018,7 +4976,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_sock_files_pattern($1_t, $1_file_t, $1_file_t)
 +
 +	# window manager
-+	miscfiles_setattr_fonts($1_t)
++	miscfiles_setattr_fonts_dirs($1_t)
 +	allow $1_t self:capability setuid;
 +
 +	type $1_client_t, sandbox_x_domain;
@@ -5082,9 +5040,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 sandbox_xserver_tmpfs_t:file rw_file_perms;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.1/policy/modules/apps/sandbox.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.3/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sandbox.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sandbox.te	2009-11-25 12:59:23.000000000 -0500
 @@ -0,0 +1,331 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
@@ -5252,7 +5210,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +init_dontaudit_write_utmp(sandbox_x_domain)
 +
 +miscfiles_read_localization(sandbox_x_domain)
-+miscfiles_dontaudit_setattr_fonts(sandbox_x_domain)
++miscfiles_dontaudit_setattr_fonts_dirs(sandbox_x_domain)
 +
 +term_getattr_pty_fs(sandbox_x_domain)
 +term_use_ptmx(sandbox_x_domain)
@@ -5417,9 +5375,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	hal_dbus_chat(sandbox_net_client_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.7.1/policy/modules/apps/screen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.7.3/policy/modules/apps/screen.if
 --- nsaserefpolicy/policy/modules/apps/screen.if	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/screen.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/screen.if	2009-11-25 12:39:13.000000000 -0500
 @@ -80,6 +80,11 @@
  	relabel_files_pattern($3, screen_home_t, screen_home_t)
  	relabel_lnk_files_pattern($3, screen_home_t, screen_home_t)
@@ -5432,9 +5390,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_read_system_state($1_screen_t)
  	kernel_read_kernel_sysctls($1_screen_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.fc serefpolicy-3.7.1/policy/modules/apps/sectoolm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.fc serefpolicy-3.7.3/policy/modules/apps/sectoolm.fc
 --- nsaserefpolicy/policy/modules/apps/sectoolm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sectoolm.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sectoolm.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,6 @@
 +
 +/usr/libexec/sectool-mechanism\.py	--	gen_context(system_u:object_r:sectoolm_exec_t,s0)
@@ -5442,16 +5400,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/sectool(/.*)?				gen_context(system_u:object_r:sectool_var_lib_t,s0)
 +
 +/var/log/sectool\.log			--	gen_context(system_u:object_r:sectool_var_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.if serefpolicy-3.7.1/policy/modules/apps/sectoolm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.if serefpolicy-3.7.3/policy/modules/apps/sectoolm.if
 --- nsaserefpolicy/policy/modules/apps/sectoolm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sectoolm.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sectoolm.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,3 @@
 +
 +## <summary>policy for sectool-mechanism</summary>
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.te serefpolicy-3.7.1/policy/modules/apps/sectoolm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sectoolm.te serefpolicy-3.7.3/policy/modules/apps/sectoolm.te
 --- nsaserefpolicy/policy/modules/apps/sectoolm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/sectoolm.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/sectoolm.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,120 @@
 +
 +policy_module(sectoolm,1.0.0)
@@ -5573,9 +5531,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.1/policy/modules/apps/seunshare.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.3/policy/modules/apps/seunshare.if
 --- nsaserefpolicy/policy/modules/apps/seunshare.if	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/seunshare.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/seunshare.if	2009-11-25 12:39:13.000000000 -0500
 @@ -41,6 +41,16 @@
  
  	seunshare_domtrans($1)
@@ -5593,9 +5551,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.1/policy/modules/apps/seunshare.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.3/policy/modules/apps/seunshare.te
 --- nsaserefpolicy/policy/modules/apps/seunshare.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/seunshare.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/seunshare.te	2009-11-25 12:39:13.000000000 -0500
 @@ -15,9 +15,8 @@
  #
  # seunshare local policy
@@ -5624,9 +5582,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		mozilla_dontaudit_manage_user_home_files(seunshare_t)
 +	')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.1/policy/modules/apps/vmware.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.3/policy/modules/apps/vmware.te
 --- nsaserefpolicy/policy/modules/apps/vmware.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/apps/vmware.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/vmware.te	2009-11-25 12:39:13.000000000 -0500
 @@ -157,6 +157,7 @@
  optional_policy(`
  	xserver_read_tmp_files(vmware_host_t)
@@ -5635,9 +5593,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ifdef(`TODO',`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.7.1/policy/modules/apps/wine.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.7.3/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/wine.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/wine.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,4 +1,22 @@
 -/usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
 +/usr/bin/wine.*			--	gen_context(system_u:object_r:wine_exec_t,s0)
@@ -5664,9 +5622,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -/opt/cxoffice/bin/wine		--	gen_context(system_u:object_r:wine_exec_t,s0)
 -/opt/picasa/wine/bin/wine	--	gen_context(system_u:object_r:wine_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.1/policy/modules/apps/wine.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.3/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/wine.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/wine.if	2009-11-25 12:39:13.000000000 -0500
 @@ -43,3 +43,118 @@
  	wine_domtrans($1)
  	role $2 types wine_t;
@@ -5786,9 +5744,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		xserver_role($1_r, $1_wine_t)
 +	')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.7.1/policy/modules/apps/wine.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.7.3/policy/modules/apps/wine.te
 --- nsaserefpolicy/policy/modules/apps/wine.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/apps/wine.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/apps/wine.te	2009-11-25 12:39:13.000000000 -0500
 @@ -9,20 +9,46 @@
  type wine_t;
  type wine_exec_t;
@@ -5840,33 +5798,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        xserver_common_app(wine_t)
 +	xserver_rw_shm(wine_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.1/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-07-30 13:09:10.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/corecommands.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -54,6 +54,7 @@
- /etc/cron.weekly/.*		--	gen_context(system_u:object_r:bin_t,s0)
- /etc/cron.monthly/.*		--	gen_context(system_u:object_r:bin_t,s0)
- 
-+/etc/dhcp/dhclient\.d(/.*)?		gen_context(system_u:object_r:bin_t,s0)
- /etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
- /etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
- /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
-@@ -125,6 +126,7 @@
- /sbin/.*				gen_context(system_u:object_r:bin_t,s0)
- /sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:bin_t,s0)
- /sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:bin_t,s0)
-+/sbin/nologin			--	gen_context(system_u:object_r:shell_exec_t,s0)
- 
- #
- # /opt
-@@ -135,13 +137,15 @@
- 
- /opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
- 
--/opt/real/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
- ifdef(`distro_gentoo',`
- /opt/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
- /opt/RealPlayer/postint(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.3/policy/modules/kernel/corecommands.fc
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/corecommands.fc	2009-11-25 12:39:13.000000000 -0500
+@@ -144,6 +144,9 @@
  /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
  ')
  
@@ -5876,34 +5811,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  # /usr
  #
-@@ -211,6 +215,8 @@
- /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)
-+/usr/share/cluster/.*\.sh               gen_context(system_u:object_r:bin_t,s0)
-+/usr/share/cluster/svclib_nfslock  --   gen_context(system_u:object_r:bin_t,s0)
- /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -221,6 +227,9 @@
- /usr/share/PackageKit/pk-upgrade-distro\.sh -- 	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/PackageKit/helpers(/.*)?	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
-+/usr/share/sandbox/sandboxX.sh -- gen_context(system_u:object_r:bin_t,s0)
-+/usr/share/sectool/.*\.py       --      gen_context(system_u:object_r:bin_t,s0)
-+/usr/share/smolt/client(/.*)?	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/shorewall/configpath	--	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/shorewall-perl(/.*)?		gen_context(system_u:object_r:bin_t,s0)
- /usr/share/shorewall-shell(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-@@ -263,6 +272,7 @@
- /usr/share/ssl/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
- /usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
-+/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/system-config-httpd/system-config-httpd -- gen_context(system_u:object_r:bin_t,s0)
-@@ -315,3 +325,21 @@
+@@ -323,3 +326,21 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -5925,9 +5833,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)
 +
 +/usr/lib(64)?/gimp/.*/plug-ins(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.1/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/corecommands.if	2009-11-17 11:06:58.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.3/policy/modules/kernel/corecommands.if
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/corecommands.if	2009-11-25 12:39:13.000000000 -0500
 @@ -893,6 +893,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -5970,9 +5878,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	manage_files_pattern($1, bin_t, exec_type)
  	manage_lnk_files_pattern($1, bin_t, bin_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.1/policy/modules/kernel/corenetwork.te.in
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.3/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/corenetwork.te.in	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/corenetwork.te.in	2009-11-25 13:13:55.000000000 -0500
 @@ -65,6 +65,7 @@
  type server_packet_t, packet_type, server_packet_type;
  
@@ -5990,7 +5898,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(audit, tcp,60,s0)
  network_port(auth, tcp,113,s0)
  network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
-@@ -87,26 +88,33 @@
+@@ -87,32 +88,41 @@
  network_port(comsat, udp,512,s0)
  network_port(cvs, tcp,2401,s0, udp,2401,s0)
  network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, udp,32771,s0)
@@ -6027,7 +5935,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(i18n_input, tcp,9010,s0)
  network_port(imaze, tcp,5323,s0, udp,5323,s0)
  network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-@@ -129,7 +137,7 @@
+ network_port(innd, tcp,119,s0)
+ network_port(ipmi, udp,623,s0, udp,664,s0)
+ network_port(ipp, tcp,631,s0, udp,631,s0)
++portcon tcp 8610-8614 gen_context(system_u:object_r:ipp_port_t, s0)
++portcon udp 8610-8614 gen_context(system_u:object_r:ipp_port_t, s0)
+ network_port(ipsecnat, tcp,4500,s0, udp,4500,s0)
+ network_port(ircd, tcp,6667,s0)
+ network_port(isakmp, udp,500,s0)
+@@ -129,7 +139,7 @@
  network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
  network_port(lmtp, tcp,24,s0, udp,24,s0)
  type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
@@ -6036,7 +5952,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(memcache, tcp,11211,s0, udp,11211,s0)
  network_port(mmcc, tcp,5050,s0, udp,5050,s0)
  network_port(monopd, tcp,1234,s0)
-@@ -138,7 +146,7 @@
+@@ -138,7 +148,7 @@
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
  portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
  network_port(nessus, tcp,1241,s0)
@@ -6045,7 +5961,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(nmbd, udp,137,s0, udp,138,s0)
  network_port(ntp, udp,123,s0)
  network_port(ocsp, tcp,9080,s0)
-@@ -147,12 +155,19 @@
+@@ -147,12 +157,19 @@
  network_port(pegasus_https, tcp,5989,s0)
  network_port(pgpkeyserver, udp, 11371,s0, tcp,11371,s0)
  network_port(pingd, tcp,9125,s0)
@@ -6065,7 +5981,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pulseaudio, tcp,4713,s0)
-@@ -172,29 +187,37 @@
+@@ -172,29 +189,37 @@
  network_port(rsync, tcp,873,s0, udp,873,s0)
  network_port(rwho, udp,513,s0)
  network_port(sap, tcp,9875,s0, udp,9875,s0)
@@ -6107,7 +6023,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(xdmcp, udp,177,s0, tcp,177,s0)
  network_port(xen, tcp,8002,s0)
  network_port(xfs, tcp,7100,s0)
-@@ -223,6 +246,8 @@
+@@ -223,6 +248,8 @@
  type node_t, node_type;
  sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh)
  
@@ -6116,137 +6032,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # network_node examples:
  #network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255)
  #network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.1/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/devices.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -63,12 +63,10 @@
- /dev/midi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
- /dev/mixer.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
- /dev/mmetfgrab		-c	gen_context(system_u:object_r:scanner_device_t,s0)
--/dev/modem		-c	gen_context(system_u:object_r:modem_device_t,s0)
- /dev/mpu401.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
- /dev/msr.*		-c	gen_context(system_u:object_r:cpu_device_t,s0)
- /dev/network_latency	-c	gen_context(system_u:object_r:netcontrol_device_t,s0)
- /dev/network_throughput	-c	gen_context(system_u:object_r:netcontrol_device_t,s0)
--/dev/noz.* 		-c	gen_context(system_u:object_r:modem_device_t,s0)
- /dev/null		-c	gen_context(system_u:object_r:null_device_t,s0)
- /dev/nvidia.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
- /dev/nvram		-c	gen_context(system_u:object_r:nvram_device_t,mls_systemhigh)
-@@ -107,7 +105,6 @@
- ')
- /dev/vbi.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
- /dev/vbox.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
--/dev/vga_arbiter	-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
- /dev/vmmon		-c	gen_context(system_u:object_r:vmware_device_t,s0)
- /dev/vmnet.*		-c	gen_context(system_u:object_r:vmware_device_t,s0)
- /dev/video.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
-@@ -145,8 +142,11 @@
- 
- /dev/mapper/control	-c	gen_context(system_u:object_r:lvm_control_t,s0)
- 
-+/dev/modem -c	gen_context(system_u:object_r:modem_device_t,s0)
- /dev/mvideo/.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
- 
-+/dev/noz.* 		-c	gen_context(system_u:object_r:modem_device_t,s0)
-+
- /dev/pts(/.*)?			<<none>>
- 
- /dev/s(ou)?nd/.*	-c	gen_context(system_u:object_r:sound_device_t,s0)
-@@ -154,6 +154,8 @@
- /dev/touchscreen/ucb1x00 -c	gen_context(system_u:object_r:mouse_device_t,s0)
- /dev/touchscreen/mk712	-c	gen_context(system_u:object_r:mouse_device_t,s0)
- 
-+/dev/vga_arbiter	-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
-+
- /dev/usb/dc2xx.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
- /dev/usb/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
- /dev/usb/mdc800.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.1/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/devices.if	2009-11-17 11:06:58.000000000 -0500
-@@ -1927,7 +1927,7 @@
- 
- ########################################
- ## <summary>
--##	Do not audit attempts to read and write lvm control device.
-+##	Delete the lvm control device.
- ## </summary>
- ## <param name="domain">
- ##	<summary>
-@@ -1935,17 +1935,17 @@
- ##	</summary>
- ## </param>
- #
--interface(`dev_dontaudit_rw_lvm_control',`
-+interface(`dev_delete_lvm_control_dev',`
- 	gen_require(`
--		type lvm_control_t;
-+		type device_t, lvm_control_t;
- 	')
- 
--	dontaudit $1 lvm_control_t:chr_file rw_file_perms;
-+	delete_chr_files_pattern($1, device_t, lvm_control_t)
- ')
- 
- ########################################
- ## <summary>
--##	Delete the lvm control device.
-+##	Do not audit attempts to read and write lvm control device.
- ## </summary>
- ## <param name="domain">
- ##	<summary>
-@@ -1953,14 +1953,15 @@
- ##	</summary>
- ## </param>
- #
--interface(`dev_delete_lvm_control_dev',`
-+interface(`dev_dontaudit_rw_lvm_control_dev',`
- 	gen_require(`
--		type device_t, lvm_control_t;
-+		type lvm_control_t;
- 	')
- 
--	delete_chr_files_pattern($1, device_t, lvm_control_t)
-+	dontaudit $1 lvm_control_t:chr_file rw_file_perms;
- ')
- 
-+
- ########################################
- ## <summary>
- ##	dontaudit getattr raw memory devices (e.g. /dev/mem).
-@@ -2535,7 +2536,8 @@
- 		type device_t, null_device_t;
- 	')
- 
--	delete_chr_files_pattern($1, device_t, null_device_t)
-+	allow $1 device_t:dir del_entry_dir_perms;
-+	allow $1 null_device_t:chr_file unlink;
- ')
- 
- ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.1/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/devices.te	2009-11-17 11:06:58.000000000 -0500
-@@ -1,5 +1,5 @@
- 
--policy_module(devices, 1.9.1)
-+policy_module(devices, 1.9.0)
- 
- ########################################
- #
-@@ -84,7 +84,8 @@
- dev_node(kmsg_device_t)
- 
- #
--# ksm_device_t is the type of /dev/ksm
-+# ksm_device_t is the type of
-+# /dev/ksm
- #
- type ksm_device_t;
- dev_node(ksm_device_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.1/policy/modules/kernel/domain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.3/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/domain.if	2009-11-23 17:52:48.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/domain.if	2009-11-25 12:39:13.000000000 -0500
 @@ -44,34 +44,6 @@
  interface(`domain_type',`
  	# start with basic domain
@@ -6476,9 +6264,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	dontaudit $1 domain:socket_class_set { read write };
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.1/policy/modules/kernel/domain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.3/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/domain.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/domain.te	2009-11-25 12:39:13.000000000 -0500
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -6621,9 +6409,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	userdom_relabelto_user_home_dirs(polydomain)
 +	userdom_relabelto_user_home_files(polydomain)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.1/policy/modules/kernel/files.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.3/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/files.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/files.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -18,6 +18,7 @@
  /fsckoptions 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /halt			--	gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -6641,9 +6429,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib(/.*)?			gen_context(system_u:object_r:var_lib_t,s0)
  
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.1/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if	2009-11-12 13:24:12.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/files.if	2009-11-23 11:26:11.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.3/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/files.if	2009-11-25 12:39:13.000000000 -0500
 @@ -932,10 +932,8 @@
  	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
  	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -6657,34 +6445,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	# satisfy the assertions:
  	seutil_relabelto_bin_policy($1)
-@@ -1154,6 +1152,26 @@
- 	allow $1 file_type:filesystem unmount;
- ')
- 
-+########################################
-+## <summary>
-+##	Read config files in /etc.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`files_read_config_files',`
-+	gen_require(`
-+		attribute configfile;
-+	')
-+
-+	allow $1 configfile:dir list_dir_perms;
-+	read_files_pattern($1, configfile, configfile)
-+	read_lnk_files_pattern($1, configfile, configfile)
-+')
-+
- #############################################
- ## <summary>
- ##	Manage all configuration directories on filesystem
-@@ -1411,6 +1429,24 @@
+@@ -1431,6 +1429,24 @@
  
  ########################################
  ## <summary>
@@ -6709,59 +6470,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Remove entries from the root directory.
  ## </summary>
  ## <param name="domain">
-@@ -1567,6 +1603,25 @@
- 
- ########################################
- ## <summary>
-+##	read files in the /boot directory.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`files_read_boot_files',`
-+	gen_require(`
-+		type boot_t;
-+	')
-+
-+	manage_files_pattern($1, boot_t, boot_t)
-+')
-+
-+########################################
-+## <summary>
- ##	Create, read, write, and delete files
- ##	in the /boot directory.
- ## </summary>
-@@ -1795,6 +1850,25 @@
- 
- ########################################
- ## <summary>
-+##	Manage a filesystem on a directory with the default file type.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`files_manage_default',`
-+	gen_require(`
-+		type default_t;
-+	')
-+
-+	manage_dirs_pattern($1, default_t, default_t)
-+	manage_files_pattern($1, default_t, default_t)
-+')
-+
-+########################################
-+## <summary>
- ##	Mount a filesystem on a directory with the default file type.
- ## </summary>
- ## <param name="domain">
-@@ -2030,6 +2104,8 @@
+@@ -2107,6 +2123,8 @@
  	allow $1 etc_t:dir list_dir_perms;
  	read_files_pattern($1, etc_t, etc_t)
  	read_lnk_files_pattern($1, etc_t, etc_t)
@@ -6770,7 +6479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -2517,6 +2593,11 @@
+@@ -2594,6 +2612,11 @@
  	')
  
  	delete_files_pattern($1, file_t, file_t)
@@ -6782,7 +6491,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -3419,6 +3500,32 @@
+@@ -3496,6 +3519,32 @@
  
  ########################################
  ## <summary>
@@ -6815,32 +6524,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Manage temporary files and directories in /tmp.
  ## </summary>
  ## <param name="domain">
-@@ -3548,6 +3655,24 @@
- 
- ########################################
- ## <summary>
-+##	List all tmp directories.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`files_list_all_tmp',`
-+	gen_require(`
-+		attribute tmpfile;
-+	')
-+
-+	allow $1 tmppfile:dir list_dir_perms;
-+')
-+
-+########################################
-+## <summary>
- ##	Read all tmp files.
- ## </summary>
- ## <param name="domain">
-@@ -3614,6 +3739,8 @@
+@@ -3709,6 +3758,8 @@
  	delete_lnk_files_pattern($1, tmpfile, tmpfile)
  	delete_fifo_files_pattern($1, tmpfile, tmpfile)
  	delete_sock_files_pattern($1, tmpfile, tmpfile)
@@ -6849,7 +6533,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -3722,7 +3849,12 @@
+@@ -3817,7 +3868,12 @@
  		type usr_t;
  	')
  
@@ -6863,7 +6547,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -3761,6 +3893,7 @@
+@@ -3856,6 +3912,7 @@
  	allow $1 usr_t:dir list_dir_perms;
  	read_files_pattern($1, usr_t, usr_t)
  	read_lnk_files_pattern($1, usr_t, usr_t)
@@ -6871,7 +6555,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -4405,6 +4538,24 @@
+@@ -4500,6 +4557,24 @@
  	read_lnk_files_pattern($1, { var_t var_lib_t }, var_lib_t)
  ')
  
@@ -6896,7 +6580,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # cjp: the next two interfaces really need to be fixed
  # in some way.  They really neeed their own types.
  
-@@ -4785,6 +4936,24 @@
+@@ -4880,6 +4955,24 @@
  
  ########################################
  ## <summary>
@@ -6921,7 +6605,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Do not audit attempts to write to daemon runtime data files.
  ## </summary>
  ## <param name="domain">
-@@ -4906,6 +5075,24 @@
+@@ -5001,6 +5094,24 @@
  
  ########################################
  ## <summary>
@@ -6946,16 +6630,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Search the contents of generic spool
  ##	directories (/var/spool).
  ## </summary>
-@@ -5072,7 +5259,7 @@
- 	selinux_compute_member($1)
- 
- 	# Need sys_admin capability for mounting
--	allow $1 self:capability { chown fsetid sys_admin };
-+	allow $1 self:capability { chown fsetid sys_admin fowner };
- 
- 	# Need to give access to the directories to be polyinstantiated
- 	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
-@@ -5094,12 +5281,15 @@
+@@ -5189,12 +5300,15 @@
  	allow $1 poly_t:dir { create mounton };
  	fs_unmount_xattr_fs($1)
  
@@ -6972,7 +6647,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -5120,3 +5310,173 @@
+@@ -5215,3 +5329,173 @@
  
  	typeattribute $1 files_unconfined_type;
  ')
@@ -7146,9 +6821,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +	allow $1 file_type:file entrypoint;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.1/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/files.te	2009-11-17 11:06:58.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.3/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/files.te	2009-11-25 12:39:13.000000000 -0500
 @@ -43,6 +43,7 @@
  #
  type boot_t;
@@ -7157,15 +6832,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # default_t is the default type for files that do not
  # match any specification in the file_contexts configuration
-@@ -53,7 +54,7 @@
- #
- # etc_t is the type of the system etc directories.
- #
--type etc_t;
-+type etc_t, configfile;
- files_type(etc_t)
- # compatibility aliases for removed types:
- typealias etc_t alias automount_etc_t;
 @@ -194,6 +195,7 @@
  fs_associate_noxattr(file_type)
  fs_associate_tmpfs(file_type)
@@ -7174,122 +6840,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
  #
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.7.1/policy/modules/kernel/filesystem.fc
---- nsaserefpolicy/policy/modules/kernel/filesystem.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/filesystem.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -1 +1 @@
--# This module currently does not have any file contexts.
-+/dev/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.1/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/filesystem.if	2009-11-18 07:50:05.000000000 -0500
-@@ -290,7 +290,7 @@
- 
- ########################################
- ## <summary>
--##	Read and write files on anon_inodefs
-+##	Dontaudit Read and write files on anon_inodefs
- ##	file systems.
- ## </summary>
- ## <param name="domain">
-@@ -310,6 +310,26 @@
- 
- ########################################
- ## <summary>
-+##	Dontaudit Read and write files on anon_inodefs
-+##	file systems.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`fs_dontaudit_rw_anon_inodefs_files',`
-+	gen_require(`
-+		type anon_inodefs_t;
-+
-+	')
-+
-+	dontaudit $1 anon_inodefs_t:file { read write };  
-+')
-+
-+########################################
-+## <summary>
- ##	Mount an automount pseudo filesystem.
- ## </summary>
- ## <param name="domain">
-@@ -1149,6 +1169,44 @@
- 	domain_auto_transition_pattern($1, cifs_t, $2)
- ')
- 
-+#######################################
-+## <summary>
-+##      Create, read, write, and delete dirs
-+##      on a configfs filesystem.
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      Domain allowed access.
-+##      </summary>
-+## </param>
-+#
-+interface(`fs_manage_configfs_dirs',`
-+        gen_require(`
-+                type configfs_t;
-+        ')
-+
-+        manage_dirs_pattern($1,configfs_t,configfs_t)
-+')
-+
-+#######################################
-+## <summary>
-+##      Create, read, write, and delete files
-+##      on a configfs filesystem.
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      Domain allowed access.
-+##      </summary>
-+## </param>
-+#
-+interface(`fs_manage_configfs_files',`
-+        gen_require(`
-+                type configfs_t;
-+        ')
-+
-+        manage_files_pattern($1,configfs_t,configfs_t)
-+')
-+
- ########################################
- ## <summary>
- ##	Mount a DOS filesystem, such as
-@@ -1537,6 +1595,24 @@
- 
- ########################################
- ## <summary>
-+##	Allow the type to associate to hugetlbfs filesystems.
-+## </summary>
-+## <param name="type">
-+##	<summary>
-+##	The type of the object to be associated.
-+##	</summary>
-+## </param>
-+#
-+interface(`fs_associate_hugetlbfs',`
-+	gen_require(`
-+		type hugetlbfs_t;
-+	')
-+
-+	allow $1 hugetlbfs_t:filesystem associate;
-+')
-+
-+########################################
-+## <summary>
- ##	Search inotifyfs filesystem. 
- ## </summary>
- ## <param name="domain">
-@@ -1993,6 +2069,25 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.3/policy/modules/kernel/filesystem.if
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/filesystem.if	2009-11-25 12:39:13.000000000 -0500
+@@ -2069,6 +2069,25 @@
  	read_lnk_files_pattern($1, nfs_t, nfs_t)
  ')
  
@@ -7315,50 +6869,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #########################################
  ## <summary>
  ##	Read named sockets on a NFS filesystem.
-@@ -2542,6 +2637,42 @@
- 
- ########################################
- ## <summary>
-+##	List NFS server directories.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`fs_list_nfsd_fs',`
-+	gen_require(`
-+		type nfsd_fs_t;
-+	')
-+
-+	allow $1 nfsd_fs_t:dir list_dir_perms;
-+')
-+
-+########################################
-+## <summary>
-+##	Getattr files on an nfsd filesystem
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`fs_getattr_nfsd_files',`
-+	gen_require(`
-+		type nfsd_fs_t;
-+	')
-+
-+	allow $1 nfsd_fs_t:file getattr;
-+')
-+
-+########################################
-+## <summary>
- ##	Read and write NFS server files.
- ## </summary>
- ## <param name="domain">
-@@ -3971,3 +4102,122 @@
+@@ -4181,3 +4200,22 @@
  	relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
  	relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
  ')
@@ -7381,109 +6892,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	dontaudit $1 cifs_t:dir list_dir_perms;
 +')
-+
-+
-+########################################
-+## <summary>
-+##	Mount a XENFS filesystem.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`fs_mount_xenfs',`
-+	gen_require(`
-+		type xenfs_t;
-+	')
-+
-+	allow $1 xenfs_t:filesystem mount;
-+')
-+
-+########################################
-+## <summary>
-+##	Create, read, write, and delete directories
-+##	on a XENFS filesystem.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`fs_manage_xenfs_dirs',`
-+	gen_require(`
-+		type xenfs_t;
-+	')
-+
-+	allow $1 xenfs_t:dir manage_dir_perms;
-+')
-+
-+########################################
-+## <summary>
-+##	Do not audit attempts to create, read,
-+##	write, and delete directories
-+##	on a XENFS filesystem.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain to not audit.
-+##	</summary>
-+## </param>
-+#
-+interface(`fs_dontaudit_manage_xenfs_dirs',`
-+	gen_require(`
-+		type xenfs_t;
-+	')
-+
-+	dontaudit $1 xenfs_t:dir manage_dir_perms;
-+')
-+
-+########################################
-+## <summary>
-+##	Create, read, write, and delete files
-+##	on a XENFS filesystem.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`fs_manage_xenfs_files',`
-+	gen_require(`
-+		type xenfs_t;
-+	')
-+
-+	manage_files_pattern($1, xenfs_t, xenfs_t)
-+')
-+
-+########################################
-+## <summary>
-+##	Do not audit attempts to create,
-+##	read, write, and delete files
-+##	on a XENFS filesystem.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain to not audit.
-+##	</summary>
-+## </param>
-+#
-+interface(`fs_dontaudit_manage_xenfs_files',`
-+	gen_require(`
-+		type xenfs_t;
-+	')
-+
-+	dontaudit $1 xenfs_t:file manage_file_perms;
-+')
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.1/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/filesystem.te	2009-11-17 11:06:58.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.3/policy/modules/kernel/filesystem.te
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/filesystem.te	2009-11-25 12:39:13.000000000 -0500
 @@ -29,6 +29,7 @@
  fs_use_xattr ext4dev gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr gfs gen_context(system_u:object_r:fs_t,s0);
@@ -7492,17 +6903,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
-@@ -93,7 +94,9 @@
+@@ -93,6 +94,8 @@
  type hugetlbfs_t;
  fs_type(hugetlbfs_t)
  files_mountpoint(hugetlbfs_t)
--genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0)
 +files_type(hugetlbfs_t)
 +files_poly_parent(hugetlbfs_t)
-+fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
+ fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
  
  type ibmasmfs_t;
- fs_type(ibmasmfs_t)
 @@ -171,6 +174,7 @@
  fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
  fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
@@ -7511,7 +6920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow tmpfs_t noxattrfs:filesystem associate;
  
-@@ -200,6 +204,7 @@
+@@ -205,6 +209,7 @@
  #
  type dosfs_t;
  fs_noxattr_type(dosfs_t)
@@ -7519,7 +6928,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow dosfs_t fs_t:filesystem associate;
  genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
  genfscon hfs / gen_context(system_u:object_r:dosfs_t,s0)
-@@ -223,6 +228,7 @@
+@@ -216,6 +221,7 @@
+ 
+ type fusefs_t;
+ fs_noxattr_type(fusefs_t)
++files_mountpoint(fusefs_t)
+ allow fusefs_t self:filesystem associate;
+ allow fusefs_t fs_t:filesystem associate;
+ genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0)
+@@ -228,6 +234,7 @@
  #
  type iso9660_t;
  fs_noxattr_type(iso9660_t)
@@ -7527,93 +6944,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
  genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
  
-@@ -250,9 +256,13 @@
- genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
- genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
- genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
--genfscon xenfs / gen_context(system_u:object_r:nfs_t,s0)
- genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
- 
-+type xenfs_t;
-+fs_noxattr_type(xenfs_t)
-+files_mountpoint(xenfs_t)
-+genfscon xenfs / gen_context(system_u:object_r:xenfs_t,s0)
-+
- ########################################
- #
- # Rules for all filesystem types
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.1/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/kernel.if	2009-11-19 14:06:58.000000000 -0500
-@@ -508,7 +508,7 @@
- ## </summary>
- ## <param name="domain">
- ##	<summary>
--##	Domain allowed access.
-+##	
- ##	</summary>
- ## </param>
- #
-@@ -941,43 +941,43 @@
- 
- ########################################
- ## <summary>
--##	Do not audit attempts to get the attributes of
--##	core kernel interfaces.
-+##	Allows caller to read th core kernel interface.
- ## </summary>
- ## <param name="domain">
- ##	<summary>
--##	The process type to not audit.
-+##	The process type getting the attibutes.
- ##	</summary>
- ## </param>
- #
--interface(`kernel_dontaudit_getattr_core_if',`
-+interface(`kernel_read_core_if',`
- 	gen_require(`
--		type proc_kcore_t;
-+		type proc_t, proc_kcore_t;
-+		attribute can_dump_kernel;
- 	')
- 
--	dontaudit $1 proc_kcore_t:file getattr;
-+	read_files_pattern($1, proc_t, proc_kcore_t)
-+	list_dirs_pattern($1, proc_t, proc_t)
-+
-+	typeattribute $1 can_dump_kernel;
- ')
+@@ -238,6 +245,7 @@
+ allow removable_t noxattrfs:filesystem associate;
+ fs_noxattr_type(removable_t)
+ files_type(removable_t)
++files_mountpoint(removable_t)
  
- ########################################
- ## <summary>
--##	Allows caller to read the core kernel interface.
-+##	Do not audit attempts to get the attributes of
-+##	core kernel interfaces.
- ## </summary>
- ## <param name="domain">
- ##	<summary>
--##	Domain allowed access.
-+##	The process type to not audit.
- ##	</summary>
- ## </param>
  #
--interface(`kernel_read_core_if',`
-+interface(`kernel_dontaudit_getattr_core_if',`
- 	gen_require(`
--		type proc_t, proc_kcore_t;
--		attribute can_dump_kernel;
-+		type proc_kcore_t;
- 	')
- 
--	read_files_pattern($1, proc_t, proc_kcore_t)
--	list_dirs_pattern($1, proc_t, proc_t)
--
--	typeattribute $1 can_dump_kernel;
-+	dontaudit $1 proc_kcore_t:file getattr;
- ')
- 
- ########################################
-@@ -1848,7 +1848,7 @@
+ # nfs_t is the default type for NFS file systems
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.3/policy/modules/kernel/kernel.if
+--- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/kernel.if	2009-11-25 12:39:13.000000000 -0500
+@@ -1849,7 +1849,7 @@
  	')
  
  	dontaudit $1 sysctl_type:dir list_dir_perms;
@@ -7622,7 +6964,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -1919,6 +1919,25 @@
+@@ -1920,6 +1920,25 @@
  
  ########################################
  ## <summary>
@@ -7648,7 +6990,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Send general signals to unlabeled processes.
  ## </summary>
  ## <param name="domain">
-@@ -2662,6 +2681,24 @@
+@@ -2663,6 +2682,24 @@
  
  ########################################
  ## <summary>
@@ -7673,7 +7015,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Unconfined access to kernel module resources.
  ## </summary>
  ## <param name="domain">
-@@ -2677,3 +2714,22 @@
+@@ -2678,3 +2715,22 @@
  
  	typeattribute $1 kern_unconfined;
  ')
@@ -7696,16 +7038,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 kernel_t:unix_stream_socket connectto;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.7.1/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/kernel.te	2009-11-17 11:06:58.000000000 -0500
-@@ -1,5 +1,5 @@
- 
--policy_module(kernel, 1.11.1)
-+policy_module(kernel, 1.11.0)
- 
- ########################################
- #
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.7.3/policy/modules/kernel/kernel.te
+--- nsaserefpolicy/policy/modules/kernel/kernel.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/kernel.te	2009-11-25 12:39:13.000000000 -0500
 @@ -64,6 +64,15 @@
  genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
  
@@ -7785,9 +7120,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
 +
 +files_boot(kernel_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.7.1/policy/modules/kernel/selinux.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.7.3/policy/modules/kernel/selinux.if
 --- nsaserefpolicy/policy/modules/kernel/selinux.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/selinux.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/selinux.if	2009-11-25 12:39:13.000000000 -0500
 @@ -40,7 +40,7 @@
  
  	# because of this statement, any module which
@@ -7845,9 +7180,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	fs_type($1)
 +	mls_trusted_object($1)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.7.1/policy/modules/kernel/storage.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.7.3/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/storage.fc	2009-11-24 09:55:13.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/storage.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -14,6 +14,7 @@
  /dev/dasd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/dm-[0-9]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -7856,9 +7191,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/fd[^/]+		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/flash[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/gscd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.7.1/policy/modules/kernel/storage.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.7.3/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/storage.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/storage.if	2009-11-25 12:39:13.000000000 -0500
 @@ -266,6 +266,7 @@
  
  	dev_list_all_dev_nodes($1)
@@ -7867,39 +7202,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.te serefpolicy-3.7.1/policy/modules/kernel/storage.te
---- nsaserefpolicy/policy/modules/kernel/storage.te	2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/kernel/storage.te	2009-11-17 10:55:11.000000000 -0500
-@@ -1,5 +1,5 @@
- 
--policy_module(storage, 1.7.1)
-+policy_module(storage, 1.7.0)
- 
- ########################################
- #
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.7.1/policy/modules/kernel/terminal.fc
---- nsaserefpolicy/policy/modules/kernel/terminal.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/terminal.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -13,6 +13,7 @@
- /dev/ip2[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
- /dev/isdn.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
- /dev/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
-+/dev/pts/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
- /dev/rfcomm[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
- /dev/slamr[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
- /dev/tty		-c	gen_context(system_u:object_r:devtty_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.1/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/terminal.if	2009-11-23 11:38:32.000000000 -0500
-@@ -196,7 +196,7 @@
- 
- 	dev_list_all_dev_nodes($1)
- 	allow $1 devpts_t:dir list_dir_perms;
--	allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
-+	allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
- ')
- 
- ########################################
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.3/policy/modules/kernel/terminal.if
+--- nsaserefpolicy/policy/modules/kernel/terminal.if	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/kernel/terminal.if	2009-11-25 12:39:13.000000000 -0500
 @@ -273,9 +273,11 @@
  interface(`term_dontaudit_use_console',`
  	gen_require(`
@@ -7912,57 +7217,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -474,6 +476,23 @@
- 
- ########################################
- ## <summary>
-+##	dontaudit getattr of generic pty devices.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the process to not audit.
-+##	</summary>
-+## </param>
-+#
-+interface(`term_dontaudit_getattr_generic_ptys',`
-+	gen_require(`
-+		type devpts_t;
-+	')
-+
-+	dontaudit $1 devpts_t:chr_file getattr;
-+')
-+########################################
-+## <summary>
- ##	ioctl of generic pty devices.
- ## </summary>
- ## <param name="domain">
-@@ -575,6 +594,25 @@
- 	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
- ')
- 
-+#######################################
-+## <summary>
-+##      Set the attributes of the tty device
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      Domain allowed access.
-+##      </summary>
-+## </param>
-+#
-+interface(`term_setattr_controlling_term',`
-+       gen_require(`
-+               type devtty_t;
-+       ')
-+
-+	dev_list_all_dev_nodes($1)
-+	allow $1 devtty_t:chr_file setattr;
-+')
-+
- ########################################
- ## <summary>
- ##	Read and write the controlling
-@@ -991,10 +1029,12 @@
+@@ -1028,10 +1030,12 @@
  interface(`term_use_unallocated_ttys',`
  	gen_require(`
  		type tty_device_t;
@@ -7975,7 +7230,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -1011,8 +1051,10 @@
+@@ -1048,8 +1052,10 @@
  interface(`term_dontaudit_use_unallocated_ttys',`
  	gen_require(`
  		type tty_device_t;
@@ -7986,20 +7241,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	dontaudit $1 tty_device_t:chr_file rw_chr_file_perms;
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-3.7.1/policy/modules/kernel/terminal.te
---- nsaserefpolicy/policy/modules/kernel/terminal.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/kernel/terminal.te	2009-11-17 11:06:58.000000000 -0500
-@@ -44,6 +44,7 @@
- type ptmx_t;
- dev_node(ptmx_t)
- mls_trusted_object(ptmx_t)
-+allow ptmx_t devpts_t:filesystem associate;
- 
- #
- # tty_device_t is the type of /dev/*tty*
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.7.1/policy/modules/roles/guest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.7.3/policy/modules/roles/guest.te
 --- nsaserefpolicy/policy/modules/roles/guest.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/roles/guest.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/roles/guest.te	2009-11-25 12:39:13.000000000 -0500
 @@ -16,7 +16,11 @@
  #
  
@@ -8014,9 +7258,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +gen_user(guest_u, user, guest_r, s0, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.1/policy/modules/roles/staff.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.3/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/roles/staff.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/roles/staff.te	2009-11-25 12:39:13.000000000 -0500
 @@ -10,161 +10,117 @@
  
  userdom_unpriv_user_template(staff)
@@ -8220,9 +7464,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	xserver_role(staff_r, staff_t)
 +	virt_stream_connect(staff_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.1/policy/modules/roles/sysadm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.3/policy/modules/roles/sysadm.te
 --- nsaserefpolicy/policy/modules/roles/sysadm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/roles/sysadm.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/roles/sysadm.te	2009-11-25 12:39:13.000000000 -0500
 @@ -15,7 +15,7 @@
  
  role sysadm_r;
@@ -8532,9 +7776,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +init_script_role_transition(sysadm_r)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.7.1/policy/modules/roles/unconfineduser.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.7.3/policy/modules/roles/unconfineduser.fc
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/roles/unconfineduser.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/roles/unconfineduser.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,8 @@
 +# Add programs here which should not be confined by SELinux
 +# e.g.:
@@ -8544,9 +7788,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/mock			    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +/usr/sbin/sysreport	 	    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.7.1/policy/modules/roles/unconfineduser.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.7.3/policy/modules/roles/unconfineduser.if
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/roles/unconfineduser.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/roles/unconfineduser.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,638 @@
 +## <summary>Unconfiend user role</summary>
 +
@@ -9186,10 +8430,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 unconfined_r;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.1/policy/modules/roles/unconfineduser.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.3/policy/modules/roles/unconfineduser.te
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/roles/unconfineduser.te	2009-11-24 14:57:49.000000000 -0500
-@@ -0,0 +1,431 @@
++++ serefpolicy-3.7.3/policy/modules/roles/unconfineduser.te	2009-11-25 12:39:13.000000000 -0500
+@@ -0,0 +1,449 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -9307,34 +8551,55 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		attribute unconfined_usertype;
 +	')
 +
++	nsplugin_role_notrans(unconfined_r, unconfined_usertype)
++	optional_policy(`
++		tunable_policy(`allow_unconfined_nsplugin_transition',`
++		      nsplugin_domtrans(unconfined_usertype)
++		      nsplugin_domtrans_config(unconfined_usertype)
++		')
++	')
++
++	userdom_execmod_user_home_files(unconfined_usertype)
++
 +	optional_policy(`
 +		abrt_dbus_chat(unconfined_usertype)
 +		abrt_run_helper(unconfined_usertype, unconfined_r)
 +	')
 +
-+	nsplugin_role_notrans(unconfined_r, unconfined_usertype)
-+	tunable_policy(`allow_unconfined_nsplugin_transition',`
-+	      nsplugin_domtrans(unconfined_usertype)
-+	      nsplugin_domtrans_config(unconfined_usertype)
++	optional_policy(`
++		avahi_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		rtkit_daemon_system_domain(unconfined_usertype)
++		devicekit_dbus_chat(unconfined_usertype)
++		devicekit_dbus_chat_disk(unconfined_usertype)
++		devicekit_dbus_chat_power(unconfined_usertype)
 +	')
 +
-+	userdom_execmod_user_home_files(unconfined_usertype)
++	optional_policy(`
++		hal_dbus_chat(unconfined_usertype)
++	')
 +
 +	optional_policy(`
-+		sandbox_transition(unconfined_usertype, unconfined_r)
++		networkmanager_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		avahi_dbus_chat(unconfined_usertype)
++		policykit_role(unconfined_r, unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		hal_dbus_chat(unconfined_usertype)
++		rtkit_daemon_system_domain(unconfined_usertype)
++	')
++
++	optional_policy(`
++		setroubleshoot_dbus_chat(unconfined_usertype)
++	')
++
++	optional_policy(`
++		sandbox_transition(unconfined_usertype, unconfined_r)
 +	')
++
 +')
 +
 +ifdef(`distro_gentoo',`
@@ -9496,6 +8761,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	rpm_run(unconfined_t, unconfined_r)
 +	# Allow SELinux aware applications to request rpm_script execution
 +	rpm_transition_script(unconfined_t)
++	rpm_dbus_chat(unconfined_t)
 +')
 +
 +optional_policy(`
@@ -9606,10 +8872,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +domain_ptrace_all_domains(unconfined_notrans_t)
 +
 +optional_policy(`
-+	policykit_role(unconfined_r, unconfined_notrans_t)
-+')
-+
-+optional_policy(`
 +	rtkit_daemon_system_domain(unconfined_notrans_t)
 +')
 +
@@ -9621,9 +8883,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.7.1/policy/modules/roles/unprivuser.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.7.3/policy/modules/roles/unprivuser.te
 --- nsaserefpolicy/policy/modules/roles/unprivuser.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/roles/unprivuser.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/roles/unprivuser.te	2009-11-25 12:39:13.000000000 -0500
 @@ -14,96 +14,19 @@
  userdom_unpriv_user_template(user)
  
@@ -9772,9 +9034,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	xserver_role(user_r, user_t)
 +	setroubleshoot_dontaudit_stream_connect(user_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.7.1/policy/modules/roles/xguest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.7.3/policy/modules/roles/xguest.te
 --- nsaserefpolicy/policy/modules/roles/xguest.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/roles/xguest.te	2009-11-24 18:10:12.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/roles/xguest.te	2009-11-25 12:39:13.000000000 -0500
 @@ -31,16 +31,38 @@
  
  userdom_restricted_xwindows_user_template(xguest)
@@ -9890,9 +9152,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -#gen_user(xguest_u,, xguest_r, s0, s0)
 +gen_user(xguest_u, user, xguest_r, s0, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.1/policy/modules/services/abrt.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.3/policy/modules/services/abrt.fc
 --- nsaserefpolicy/policy/modules/services/abrt.fc	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/abrt.fc	2009-11-18 16:55:18.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/abrt.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,11 +1,15 @@
  /etc/abrt(/.*)?			 gen_context(system_u:object_r:abrt_etc_t,s0)
  /etc/rc\.d/init\.d/abrt		--	gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
@@ -9910,9 +9172,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/abrt\.pid		--	gen_context(system_u:object_r:abrt_var_run_t,s0)	
  /var/run/abrt\.lock		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
 +/var/run/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.1/policy/modules/services/abrt.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.3/policy/modules/services/abrt.if
 --- nsaserefpolicy/policy/modules/services/abrt.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/abrt.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/abrt.if	2009-11-25 12:39:13.000000000 -0500
 @@ -19,6 +19,24 @@
  	domtrans_pattern($1, abrt_exec_t, abrt_t)
  ')
@@ -10036,9 +9298,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #####################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.1/policy/modules/services/abrt.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.3/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/abrt.te	2009-11-24 10:12:04.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/abrt.te	2009-11-25 12:39:13.000000000 -0500
 @@ -33,12 +33,25 @@
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
@@ -10196,9 +9458,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_dontaudit_use_user_terminals(abrt_helper_t)
 +
 +permissive abrt_helper_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.7.1/policy/modules/services/afs.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.7.3/policy/modules/services/afs.fc
 --- nsaserefpolicy/policy/modules/services/afs.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/afs.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/afs.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -25,6 +25,7 @@
  /usr/vice/etc/afsd	--	gen_context(system_u:object_r:afs_exec_t,s0)
  
@@ -10207,9 +9469,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /vicepa				gen_context(system_u:object_r:afs_files_t,s0)
  /vicepb				gen_context(system_u:object_r:afs_files_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.1/policy/modules/services/afs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.3/policy/modules/services/afs.te
 --- nsaserefpolicy/policy/modules/services/afs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/afs.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/afs.te	2009-11-25 12:39:13.000000000 -0500
 @@ -71,7 +71,7 @@
  # afs client local policy
  #
@@ -10227,9 +9489,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_rw_etc_runtime_files(afs_t)
  
  fs_getattr_xattr_fs(afs_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.7.1/policy/modules/services/aisexec.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.7.3/policy/modules/services/aisexec.fc
 --- nsaserefpolicy/policy/modules/services/aisexec.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/aisexec.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/aisexec.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,12 @@
 +
 +/etc/rc\.d/init\.d/openais             --      gen_context(system_u:object_r:aisexec_initrc_exec_t,s0)
@@ -10243,9 +9505,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/aisexec\.pid                  --      gen_context(system_u:object_r:aisexec_var_run_t,s0)
 +
 +/var/run/cman_.*                       -s      gen_context(system_u:object_r:aisexec_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.7.1/policy/modules/services/aisexec.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.7.3/policy/modules/services/aisexec.if
 --- nsaserefpolicy/policy/modules/services/aisexec.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/aisexec.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/aisexec.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,106 @@
 +## <summary>SELinux policy for Aisexec Cluster Engine</summary>
 +
@@ -10353,9 +9615,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +        admin_pattern($1, aisexec_tmpfs_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.7.1/policy/modules/services/aisexec.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.7.3/policy/modules/services/aisexec.te
 --- nsaserefpolicy/policy/modules/services/aisexec.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/aisexec.te	2009-11-20 10:04:14.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/aisexec.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,112 @@
 +
 +policy_module(aisexec,1.0.0)
@@ -10469,9 +9731,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +groupd_rw_semaphores(aisexec_t)
 +groupd_rw_shm(aisexec_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.7.1/policy/modules/services/amavis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.7.3/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/amavis.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/amavis.te	2009-11-25 12:39:13.000000000 -0500
 @@ -103,6 +103,8 @@
  kernel_dontaudit_read_proc_symlinks(amavis_t)
  kernel_dontaudit_read_system_state(amavis_t)
@@ -10481,9 +9743,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # find perl
  corecmd_exec_bin(amavis_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.7.1/policy/modules/services/apache.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.7.3/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/apache.fc	2009-11-19 15:03:04.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/apache.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -2,11 +2,15 @@
  
  /etc/apache(2)?(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
@@ -10599,9 +9861,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/svn/hooks(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 +/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.1/policy/modules/services/apache.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.3/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2009-07-28 15:51:13.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/apache.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/apache.if	2009-11-25 12:39:13.000000000 -0500
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -11205,9 +10467,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +	typeattribute $1  httpd_rw_content;
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.1/policy/modules/services/apache.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.3/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/apache.te	2009-11-23 11:25:41.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/apache.te	2009-11-25 12:39:13.000000000 -0500
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -12017,9 +11279,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +typealias httpd_sys_script_t      alias httpd_fastcgi_script_t;
 +typealias httpd_var_run_t         alias httpd_fastcgi_var_run_t;
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.7.1/policy/modules/services/apm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.7.3/policy/modules/services/apm.te
 --- nsaserefpolicy/policy/modules/services/apm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/apm.te	2009-11-17 16:29:03.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/apm.te	2009-11-25 12:39:13.000000000 -0500
 @@ -60,7 +60,7 @@
  # mknod: controlling an orderly resume of PCMCIA requires creating device
  # nodes 254,{0,1,2} for some reason.
@@ -12040,9 +11302,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # cjp: related to sleep/resume (?)
  optional_policy(`
  	xserver_domtrans(apmd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.7.1/policy/modules/services/arpwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.7.3/policy/modules/services/arpwatch.te
 --- nsaserefpolicy/policy/modules/services/arpwatch.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/arpwatch.te	2009-11-23 18:39:44.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/arpwatch.te	2009-11-25 12:39:13.000000000 -0500
 @@ -34,6 +34,7 @@
  allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
  allow arpwatch_t self:udp_socket create_socket_perms;
@@ -12059,9 +11321,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_kernel_sysctls(arpwatch_t)
  kernel_list_proc(arpwatch_t)
  kernel_read_proc_symlinks(arpwatch_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.7.1/policy/modules/services/asterisk.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.7.3/policy/modules/services/asterisk.if
 --- nsaserefpolicy/policy/modules/services/asterisk.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/asterisk.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/asterisk.if	2009-11-25 12:39:13.000000000 -0500
 @@ -1,5 +1,26 @@
  ## <summary>Asterisk IP telephony server</summary>
  
@@ -12089,9 +11351,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.1/policy/modules/services/asterisk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.3/policy/modules/services/asterisk.te
 --- nsaserefpolicy/policy/modules/services/asterisk.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/asterisk.te	2009-11-23 13:38:30.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/asterisk.te	2009-11-25 12:39:13.000000000 -0500
 @@ -34,6 +34,8 @@
  type asterisk_var_run_t;
  files_pid_file(asterisk_var_run_t)
@@ -12117,9 +11379,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domain_use_interactive_fds(asterisk_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.7.1/policy/modules/services/automount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.7.3/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/automount.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/automount.te	2009-11-25 12:39:13.000000000 -0500
 @@ -75,6 +75,7 @@
  
  fs_mount_all_fs(automount_t)
@@ -12136,9 +11398,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  storage_rw_fuse(automount_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.1/policy/modules/services/avahi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.3/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/avahi.te	2009-11-18 16:51:04.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/avahi.te	2009-11-25 12:39:13.000000000 -0500
 @@ -24,7 +24,7 @@
  # Local policy
  #
@@ -12156,9 +11418,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_dirs_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
  manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.7.1/policy/modules/services/bind.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.7.3/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/bind.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/bind.if	2009-11-25 12:39:13.000000000 -0500
 @@ -235,7 +235,7 @@
  
  ########################################
@@ -12220,9 +11482,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an bind environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.7.1/policy/modules/services/bitlbee.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.7.3/policy/modules/services/bitlbee.te
 --- nsaserefpolicy/policy/modules/services/bitlbee.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/bitlbee.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/bitlbee.te	2009-11-25 12:39:13.000000000 -0500
 @@ -68,6 +68,8 @@
  # MSN can use passport auth, which is over http:
  corenet_tcp_connect_http_port(bitlbee_t)
@@ -12232,9 +11494,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_read_rand(bitlbee_t)
  dev_read_urand(bitlbee_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.7.1/policy/modules/services/bluetooth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.7.3/policy/modules/services/bluetooth.if
 --- nsaserefpolicy/policy/modules/services/bluetooth.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/bluetooth.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/bluetooth.if	2009-11-25 12:39:13.000000000 -0500
 @@ -153,6 +153,27 @@
  	dontaudit $1 bluetooth_helper_t:file { read getattr };
  ')
@@ -12263,9 +11525,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.1/policy/modules/services/bluetooth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.3/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/bluetooth.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/bluetooth.te	2009-11-25 12:39:13.000000000 -0500
 @@ -54,9 +54,9 @@
  # Bluetooth services local policy
  #
@@ -12313,9 +11575,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		pulseaudio_dbus_chat(bluetooth_t)
  	')
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-3.7.1/policy/modules/services/ccs.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-3.7.3/policy/modules/services/ccs.fc
 --- nsaserefpolicy/policy/modules/services/ccs.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ccs.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ccs.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -2,9 +2,5 @@
  
  /sbin/ccsd		--	gen_context(system_u:object_r:ccs_exec_t,s0)
@@ -12328,9 +11590,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/var/run/cman_.*	-s	gen_context(system_u:object_r:ccs_var_run_t,s0)
 +/var/run/cluster/ccsd\.pid      --      gen_context(system_u:object_r:ccs_var_run_t,s0)
 +/var/run/cluster/ccsd\.sock     -s      gen_context(system_u:object_r:ccs_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.7.1/policy/modules/services/ccs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.7.3/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ccs.te	2009-11-20 16:30:47.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ccs.te	2009-11-25 12:39:13.000000000 -0500
 @@ -10,23 +10,21 @@
  type ccs_exec_t;
  init_daemon_domain(ccs_t, ccs_exec_t)
@@ -12414,9 +11676,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`hide_broken_symptoms', `
  	corecmd_dontaudit_write_bin_dirs(ccs_t)
  	files_manage_isid_type_files(ccs_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.7.1/policy/modules/services/certmaster.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.7.3/policy/modules/services/certmaster.te
 --- nsaserefpolicy/policy/modules/services/certmaster.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/certmaster.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/certmaster.te	2009-11-25 12:39:13.000000000 -0500
 @@ -30,7 +30,7 @@
  # certmaster local policy 
  #
@@ -12426,9 +11688,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow certmaster_t self:tcp_socket create_stream_socket_perms;
  
  # config files
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.fc serefpolicy-3.7.1/policy/modules/services/chronyd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.fc serefpolicy-3.7.3/policy/modules/services/chronyd.fc
 --- nsaserefpolicy/policy/modules/services/chronyd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/chronyd.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/chronyd.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,11 @@
 +
 +/etc/rc\.d/init\.d/chronyd         --      gen_context(system_u:object_r:chronyd_initrc_exec_t,s0)
@@ -12441,9 +11703,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/run/chronyd\.pid              --      gen_context(system_u:object_r:chronyd_var_run_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.1/policy/modules/services/chronyd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.3/policy/modules/services/chronyd.if
 --- nsaserefpolicy/policy/modules/services/chronyd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/chronyd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/chronyd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,105 @@
 +## <summary>chrony background daemon</summary>
 +
@@ -12550,9 +11812,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.7.1/policy/modules/services/chronyd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.7.3/policy/modules/services/chronyd.te
 --- nsaserefpolicy/policy/modules/services/chronyd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/chronyd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/chronyd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,67 @@
 +policy_module(chronyd,1.0.0)
 +
@@ -12621,9 +11883,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +miscfiles_read_localization(chronyd_t)
 +
 +permissive chronyd_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.1/policy/modules/services/clamav.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.3/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/clamav.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/clamav.te	2009-11-25 12:39:13.000000000 -0500
 @@ -117,9 +117,9 @@
  
  logging_send_syslog_msg(clamd_t)
@@ -12665,17 +11927,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	apache_read_sys_content(clamscan_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.7.1/policy/modules/services/clogd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.7.3/policy/modules/services/clogd.fc
 --- nsaserefpolicy/policy/modules/services/clogd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/clogd.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/clogd.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,4 @@
 +
 +/usr/sbin/clogd			--	gen_context(system_u:object_r:clogd_exec_t,s0)
 +
 +/var/run/clogd\.pid             --      gen_context(system_u:object_r:clogd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.7.1/policy/modules/services/clogd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.7.3/policy/modules/services/clogd.if
 --- nsaserefpolicy/policy/modules/services/clogd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/clogd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/clogd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,98 @@
 +## <summary>clogd - clustered mirror log server</summary>
 +
@@ -12775,9 +12037,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        allow $1 clogd_t:shm { rw_shm_perms destroy };
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.7.1/policy/modules/services/clogd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.7.3/policy/modules/services/clogd.te
 --- nsaserefpolicy/policy/modules/services/clogd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/clogd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/clogd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,62 @@
 +
 +policy_module(clogd,1.0.0)
@@ -12841,15 +12103,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.7.1/policy/modules/services/cobbler.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.7.3/policy/modules/services/cobbler.fc
 --- nsaserefpolicy/policy/modules/services/cobbler.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/cobbler.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cobbler.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,2 @@
 +
 +/var/lib/cobbler(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.1/policy/modules/services/cobbler.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.3/policy/modules/services/cobbler.if
 --- nsaserefpolicy/policy/modules/services/cobbler.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/cobbler.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cobbler.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,44 @@
 +## <summary>
 +##	Cobbler var_lib_t
@@ -12895,18 +12157,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_search_var_lib($1)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.7.1/policy/modules/services/cobbler.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.7.3/policy/modules/services/cobbler.te
 --- nsaserefpolicy/policy/modules/services/cobbler.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/cobbler.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cobbler.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,5 @@
 +
 +policy_module(cobbler, 1.10.0)
 +
 +type cobbler_var_lib_t;
 +files_type(cobbler_var_lib_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.7.1/policy/modules/services/consolekit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.7.3/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/consolekit.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/consolekit.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -2,4 +2,5 @@
  
  /var/log/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_log_t,s0)
@@ -12914,9 +12176,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/var/run/ConsoleKit(/.*)?	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
 +
 +/var/run/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.7.1/policy/modules/services/consolekit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.7.3/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/consolekit.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/consolekit.if	2009-11-25 12:39:13.000000000 -0500
 @@ -57,3 +57,42 @@
  	read_files_pattern($1, consolekit_log_t, consolekit_log_t)
  	files_search_pids($1)
@@ -12960,9 +12222,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.1/policy/modules/services/consolekit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.3/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/consolekit.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/consolekit.te	2009-11-25 12:39:13.000000000 -0500
 @@ -21,7 +21,7 @@
  # consolekit local policy
  #
@@ -13036,9 +12298,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_stream_connect(consolekit_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.7.1/policy/modules/services/corosync.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.7.3/policy/modules/services/corosync.fc
 --- nsaserefpolicy/policy/modules/services/corosync.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/corosync.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/corosync.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,13 @@
 +
 +/etc/rc\.d/init\.d/corosync     --      gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
@@ -13053,9 +12315,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/run/corosync\.pid          --      gen_context(system_u:object_r:corosync_var_run_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.7.1/policy/modules/services/corosync.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.7.3/policy/modules/services/corosync.if
 --- nsaserefpolicy/policy/modules/services/corosync.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/corosync.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/corosync.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,108 @@
 +## <summary>SELinux policy for Corosync Cluster Engine</summary>
 +
@@ -13165,9 +12427,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.1/policy/modules/services/corosync.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.3/policy/modules/services/corosync.te
 --- nsaserefpolicy/policy/modules/services/corosync.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/corosync.te	2009-11-23 13:51:04.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/corosync.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,109 @@
 +
 +policy_module(corosync,1.0.0)
@@ -13278,9 +12540,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +permissive corosync_t;
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.7.1/policy/modules/services/courier.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.7.3/policy/modules/services/courier.if
 --- nsaserefpolicy/policy/modules/services/courier.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/courier.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/courier.if	2009-11-25 12:39:13.000000000 -0500
 @@ -179,6 +179,24 @@
  
  ########################################
@@ -13306,9 +12568,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read and write to courier spool pipes.
  ## </summary>
  ## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.7.1/policy/modules/services/courier.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.7.3/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/courier.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/courier.te	2009-11-25 12:39:13.000000000 -0500
 @@ -10,6 +10,7 @@
  
  type courier_etc_t;
@@ -13317,9 +12579,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  courier_domain_template(pcp)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.7.1/policy/modules/services/cron.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.7.3/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/cron.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cron.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -14,7 +14,7 @@
  /var/run/anacron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
  /var/run/atd\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -13337,9 +12599,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/glpi/files(/.*)?		gen_context(system_u:object_r:cron_var_lib_t,s0)
 +
 +/var/log/mcelog.*		--	gen_context(system_u:object_r:cron_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.1/policy/modules/services/cron.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.3/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/cron.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cron.if	2009-11-25 12:39:13.000000000 -0500
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -13481,9 +12743,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	manage_files_pattern($1, system_cronjob_var_lib_t,  system_cronjob_var_lib_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.1/policy/modules/services/cron.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.3/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/cron.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cron.te	2009-11-25 12:39:13.000000000 -0500
 @@ -38,6 +38,7 @@
  type cron_var_lib_t;
  files_type(cron_var_lib_t)
@@ -13740,9 +13002,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_domain(system_cronjob_t)
  	userdom_user_home_dir_filetrans_user_home_content(system_cronjob_t, { dir file lnk_file fifo_file sock_file })
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.7.1/policy/modules/services/cups.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.7.3/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2009-07-28 15:51:13.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/cups.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cups.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -13,10 +13,14 @@
  /etc/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/rc\.d/init\.d/cups	--	gen_context(system_u:object_r:cupsd_initrc_exec_t,s0)
@@ -13786,9 +13048,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/local/Printer/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +
 +/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.1/policy/modules/services/cups.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.3/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/cups.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cups.te	2009-11-25 12:51:50.000000000 -0500
 @@ -23,6 +23,9 @@
  type cupsd_initrc_exec_t;
  init_script_file(cupsd_initrc_exec_t)
@@ -13816,7 +13078,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  type hplip_var_run_t;
  files_pid_file(hplip_var_run_t)
-@@ -116,6 +122,9 @@
+@@ -105,6 +111,7 @@
+ allow cupsd_t self:unix_dgram_socket create_socket_perms;
+ allow cupsd_t self:netlink_selinux_socket create_socket_perms;
+ allow cupsd_t self:shm create_shm_perms;
++allow cupsd_t self:sem create_sem_perms;
+ allow cupsd_t self:tcp_socket create_stream_socket_perms;
+ allow cupsd_t self:udp_socket create_socket_perms;
+ allow cupsd_t self:appletalk_socket create_socket_perms;
+@@ -116,6 +123,9 @@
  read_lnk_files_pattern(cupsd_t, cupsd_etc_t, cupsd_etc_t)
  files_search_etc(cupsd_t)
  
@@ -13826,7 +13096,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_dirs_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t)
  manage_files_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t)
  filetrans_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t, file)
-@@ -156,6 +165,7 @@
+@@ -156,6 +166,7 @@
  kernel_read_system_state(cupsd_t)
  kernel_read_network_state(cupsd_t)
  kernel_read_all_sysctls(cupsd_t)
@@ -13834,7 +13104,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(cupsd_t)
  corenet_all_recvfrom_netlabel(cupsd_t)
-@@ -171,6 +181,7 @@
+@@ -171,6 +182,7 @@
  corenet_udp_bind_generic_node(cupsd_t)
  corenet_tcp_bind_ipp_port(cupsd_t)
  corenet_udp_bind_ipp_port(cupsd_t)
@@ -13842,15 +13112,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_bind_reserved_port(cupsd_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
  corenet_tcp_bind_all_rpc_ports(cupsd_t)
-@@ -250,6 +261,7 @@
+@@ -250,6 +262,7 @@
  miscfiles_read_localization(cupsd_t)
  # invoking ghostscript needs to read fonts
  miscfiles_read_fonts(cupsd_t)
-+miscfiles_setattr_fonts(cupsd_t)
++miscfiles_setattr_fonts_dirs(cupsd_t)
  
  seutil_read_config(cupsd_t)
  sysnet_exec_ifconfig(cupsd_t)
-@@ -317,6 +329,10 @@
+@@ -317,6 +330,10 @@
  ')
  
  optional_policy(`
@@ -13861,7 +13131,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	udev_read_db(cupsd_t)
  ')
  
-@@ -327,7 +343,7 @@
+@@ -327,7 +344,7 @@
  
  allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
  dontaudit cupsd_config_t self:capability sys_tty_config;
@@ -13870,7 +13140,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
  allow cupsd_config_t self:unix_stream_socket create_socket_perms;
  allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
-@@ -407,6 +423,7 @@
+@@ -407,6 +424,7 @@
  
  userdom_dontaudit_use_unpriv_user_fds(cupsd_config_t)
  userdom_dontaudit_search_user_home_dirs(cupsd_config_t)
@@ -13878,7 +13148,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  cups_stream_connect(cupsd_config_t)
  
-@@ -419,12 +436,15 @@
+@@ -419,12 +437,15 @@
  ')
  
  optional_policy(`
@@ -13896,7 +13166,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	optional_policy(`
  		hal_dbus_chat(cupsd_config_t)
-@@ -446,6 +466,10 @@
+@@ -446,6 +467,10 @@
  ')
  
  optional_policy(`
@@ -13907,7 +13177,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rpm_read_db(cupsd_config_t)
  ')
  
-@@ -542,6 +566,8 @@
+@@ -542,6 +567,8 @@
  manage_dirs_pattern(cups_pdf_t, cups_pdf_tmp_t, cups_pdf_tmp_t)
  files_tmp_filetrans(cups_pdf_t, cups_pdf_tmp_t, { file dir })
  
@@ -13916,7 +13186,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_system_state(cups_pdf_t)
  
  files_read_etc_files(cups_pdf_t)
-@@ -556,11 +582,15 @@
+@@ -556,11 +583,15 @@
  miscfiles_read_fonts(cups_pdf_t)
  
  userdom_home_filetrans_user_home_dir(cups_pdf_t)
@@ -13932,7 +13202,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  tunable_policy(`use_nfs_home_dirs',`
  	fs_manage_nfs_dirs(cups_pdf_t)
-@@ -601,6 +631,9 @@
+@@ -601,6 +632,9 @@
  read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
  files_search_etc(hplip_t)
  
@@ -13942,7 +13212,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
  files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file )
  
-@@ -627,6 +660,7 @@
+@@ -627,6 +661,7 @@
  corenet_tcp_connect_ipp_port(hplip_t)
  corenet_sendrecv_hplip_client_packets(hplip_t)
  corenet_receive_hplip_server_packets(hplip_t)
@@ -13950,18 +13220,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_read_sysfs(hplip_t)
  dev_rw_printer(hplip_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.1/policy/modules/services/cvs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.3/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/cvs.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cvs.te	2009-11-25 12:39:13.000000000 -0500
 @@ -112,4 +112,5 @@
  	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
  	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
  	manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
 +	files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.7.1/policy/modules/services/cyrus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.7.3/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/cyrus.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/cyrus.te	2009-11-25 12:39:13.000000000 -0500
 @@ -137,6 +137,7 @@
  optional_policy(`
  	snmp_read_snmp_var_lib_files(cyrus_t)
@@ -13970,9 +13240,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.1/policy/modules/services/dbus.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.3/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/dbus.if	2009-11-24 18:53:39.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/dbus.if	2009-11-25 12:39:13.000000000 -0500
 @@ -42,8 +42,10 @@
  	gen_require(`
  		class dbus { send_msg acquire_svc };
@@ -14097,9 +13367,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.7.1/policy/modules/services/dbus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.7.3/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/dbus.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/dbus.te	2009-11-25 12:39:13.000000000 -0500
 @@ -86,6 +86,7 @@
  dev_read_sysfs(system_dbusd_t)
  
@@ -14152,9 +13422,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow dbusd_unconfined session_bus_type:dbus all_dbus_perms;
 +allow dbusd_unconfined dbusd_unconfined:dbus all_dbus_perms;
 +allow session_bus_type dbusd_unconfined:dbus send_msg;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.7.1/policy/modules/services/dcc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.7.3/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/dcc.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/dcc.te	2009-11-25 12:39:13.000000000 -0500
 @@ -130,11 +130,13 @@
  
  # Access files in /var/dcc. The map file can be updated
@@ -14181,9 +13451,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	spamassassin_read_spamd_tmp_files(dcc_client_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.7.1/policy/modules/services/ddclient.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.7.3/policy/modules/services/ddclient.if
 --- nsaserefpolicy/policy/modules/services/ddclient.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ddclient.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ddclient.if	2009-11-25 12:39:13.000000000 -0500
 @@ -21,6 +21,31 @@
  
  ########################################
@@ -14216,18 +13486,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an ddclient environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.7.1/policy/modules/services/devicekit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.7.3/policy/modules/services/devicekit.fc
 --- nsaserefpolicy/policy/modules/services/devicekit.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/devicekit.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/devicekit.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -5,4 +5,4 @@
  /var/lib/DeviceKit-.*			gen_context(system_u:object_r:devicekit_var_lib_t,s0)
  
  /var/run/devkit(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
 -/var/run/DeviceKit-disk(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
 +/var/run/DeviceKit-disks(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.7.1/policy/modules/services/devicekit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.7.3/policy/modules/services/devicekit.if
 --- nsaserefpolicy/policy/modules/services/devicekit.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/devicekit.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/devicekit.if	2009-11-25 12:39:13.000000000 -0500
 @@ -139,6 +139,26 @@
  
  ########################################
@@ -14264,9 +13534,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	allow $1 devicekit_t:process { ptrace signal_perms getattr };
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.1/policy/modules/services/devicekit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.3/policy/modules/services/devicekit.te
 --- nsaserefpolicy/policy/modules/services/devicekit.te	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/devicekit.te	2009-11-19 16:38:18.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/devicekit.te	2009-11-25 12:39:13.000000000 -0500
 @@ -36,12 +36,15 @@
  manage_dirs_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
  manage_files_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
@@ -14451,9 +13721,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	vbetool_domtrans(devicekit_power_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.7.1/policy/modules/services/dnsmasq.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.7.3/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/dnsmasq.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/dnsmasq.te	2009-11-25 12:39:13.000000000 -0500
 @@ -83,6 +83,18 @@
  userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
  
@@ -14473,9 +13743,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(dnsmasq_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.1/policy/modules/services/dovecot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.3/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/dovecot.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/dovecot.te	2009-11-25 12:39:13.000000000 -0500
 @@ -56,7 +56,7 @@
  
  allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot };
@@ -14541,9 +13811,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	fs_manage_cifs_symlinks(dovecot_deliver_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.1/policy/modules/services/exim.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.3/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/exim.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/exim.te	2009-11-25 12:39:13.000000000 -0500
 @@ -111,6 +111,7 @@
  files_search_var(exim_t)
  files_read_etc_files(exim_t)
@@ -14563,9 +13833,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	spamassassin_exec(exim_t)
  	spamassassin_exec_client(exim_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.7.1/policy/modules/services/fail2ban.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.7.3/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/fail2ban.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/fail2ban.te	2009-11-25 12:39:13.000000000 -0500
 @@ -33,6 +33,7 @@
  allow fail2ban_t self:process signal;
  allow fail2ban_t self:fifo_file rw_fifo_file_perms;
@@ -14582,9 +13852,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  miscfiles_read_localization(fail2ban_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.7.1/policy/modules/services/fetchmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.7.3/policy/modules/services/fetchmail.te
 --- nsaserefpolicy/policy/modules/services/fetchmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/fetchmail.te	2009-11-18 08:45:23.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/fetchmail.te	2009-11-25 12:39:13.000000000 -0500
 @@ -47,6 +47,9 @@
  kernel_read_proc_symlinks(fetchmail_t)
  kernel_dontaudit_read_system_state(fetchmail_t)
@@ -14595,9 +13865,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_all_recvfrom_unlabeled(fetchmail_t)
  corenet_all_recvfrom_netlabel(fetchmail_t)
  corenet_tcp_sendrecv_generic_if(fetchmail_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.7.1/policy/modules/services/fprintd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.7.3/policy/modules/services/fprintd.te
 --- nsaserefpolicy/policy/modules/services/fprintd.te	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/fprintd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/fprintd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -37,6 +37,8 @@
  files_read_etc_files(fprintd_t)
  files_read_usr_files(fprintd_t)
@@ -14615,9 +13885,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	policykit_domtrans_auth(fprintd_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.1/policy/modules/services/ftp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.3/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ftp.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ftp.te	2009-11-25 12:39:13.000000000 -0500
 @@ -41,6 +41,13 @@
  
  ## <desc>
@@ -14741,9 +14011,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(ftpd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.1/policy/modules/services/git.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.3/policy/modules/services/git.fc
 --- nsaserefpolicy/policy/modules/services/git.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/git.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/git.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,3 +1,9 @@
  /var/cache/cgit(/.*)?		gen_context(system_u:object_r:httpd_git_script_rw_t,s0)
 -/var/lib/git(/.*)?		gen_context(system_u:object_r:httpd_git_content_t,s0)
@@ -14755,9 +14025,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +# Conflict with Fedora cgit fc spec.
 +/var/lib/git(/.*)?				gen_context(system_u:object_r:git_data_t, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.1/policy/modules/services/git.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.3/policy/modules/services/git.if
 --- nsaserefpolicy/policy/modules/services/git.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/git.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/git.if	2009-11-25 12:39:13.000000000 -0500
 @@ -1 +1,285 @@
 -## <summary>GIT revision control system</summary>
 +## <summary>Git daemon is a really simple server for Git repositories.</summary>
@@ -15045,9 +14315,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	seutil_domtrans_setfiles($1)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.1/policy/modules/services/git.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.3/policy/modules/services/git.te
 --- nsaserefpolicy/policy/modules/services/git.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/git.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/git.te	2009-11-25 12:39:13.000000000 -0500
 @@ -1,9 +1,173 @@
  
  policy_module(git, 1.0)
@@ -15223,9 +14493,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  apache_content_template(git)
 +git_read_data_content(httpd_git_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.7.1/policy/modules/services/gpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.7.3/policy/modules/services/gpm.te
 --- nsaserefpolicy/policy/modules/services/gpm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/gpm.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/gpm.te	2009-11-25 12:39:13.000000000 -0500
 @@ -27,7 +27,8 @@
  # Local policy
  #
@@ -15236,9 +14506,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow gpm_t self:unix_stream_socket create_stream_socket_perms;
  
  allow gpm_t gpm_conf_t:dir list_dir_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.7.1/policy/modules/services/gpsd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.7.3/policy/modules/services/gpsd.fc
 --- nsaserefpolicy/policy/modules/services/gpsd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/gpsd.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/gpsd.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1 +1,6 @@
 +/etc/rc\.d/init\.d/gpsd         --      gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
 +
@@ -15246,9 +14516,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/run/gpsd\.pid               --      gen_context(system_u:object_r:gpsd_var_run_t,s0)
 +/var/run/gpsd\.sock              -s      gen_context(system_u:object_r:gpsd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.7.1/policy/modules/services/gpsd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.7.3/policy/modules/services/gpsd.if
 --- nsaserefpolicy/policy/modules/services/gpsd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/gpsd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/gpsd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -33,11 +33,6 @@
  ##	The role to be allowed the gpsd domain.
  ##	</summary>
@@ -15294,9 +14564,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
 +        read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.1/policy/modules/services/gpsd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.3/policy/modules/services/gpsd.te
 --- nsaserefpolicy/policy/modules/services/gpsd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/gpsd.te	2009-11-23 11:58:28.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/gpsd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -11,15 +11,21 @@
  application_domain(gpsd_t, gpsd_exec_t)
  init_daemon_domain(gpsd_t, gpsd_exec_t)
@@ -15338,9 +14608,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	ntpd_rw_shm(gpsd_t)
 +	ntp_rw_shm(gpsd_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.7.1/policy/modules/services/hal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.7.3/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/hal.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/hal.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -26,6 +26,7 @@
  /var/run/pm(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
  /var/run/pm-utils(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
@@ -15349,9 +14619,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ifdef(`distro_gentoo',`
  /var/lib/cache/hald(/.*)?			gen_context(system_u:object_r:hald_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.7.1/policy/modules/services/hal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.7.3/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/hal.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/hal.if	2009-11-25 12:39:13.000000000 -0500
 @@ -413,3 +413,21 @@
  	files_search_pids($1)
  	manage_files_pattern($1, hald_var_run_t, hald_var_run_t)
@@ -15374,9 +14644,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	dontaudit $1 hald_t:unix_dgram_socket { read write };
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.1/policy/modules/services/hal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.3/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/hal.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/hal.te	2009-11-25 12:39:13.000000000 -0500
 @@ -55,6 +55,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -15529,9 +14799,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	dbus_system_bus_client(hald_dccm_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/howl.te serefpolicy-3.7.1/policy/modules/services/howl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/howl.te serefpolicy-3.7.3/policy/modules/services/howl.te
 --- nsaserefpolicy/policy/modules/services/howl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/howl.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/howl.te	2009-11-25 12:39:13.000000000 -0500
 @@ -30,7 +30,7 @@
  
  kernel_read_network_state(howl_t)
@@ -15541,18 +14811,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_list_proc(howl_t)
  kernel_read_proc_symlinks(howl_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.7.1/policy/modules/services/inetd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.7.3/policy/modules/services/inetd.fc
 --- nsaserefpolicy/policy/modules/services/inetd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/inetd.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/inetd.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -9,4 +9,4 @@
  
  /var/log/(x)?inetd\.log	--	gen_context(system_u:object_r:inetd_log_t,s0)
  
 -/var/run/inetd\.pid	--	gen_context(system_u:object_r:inetd_var_run_t,s0)
 +/var/run/(x)?inetd\.pid	--	gen_context(system_u:object_r:inetd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.7.1/policy/modules/services/inetd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.7.3/policy/modules/services/inetd.te
 --- nsaserefpolicy/policy/modules/services/inetd.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/inetd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/inetd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -104,6 +104,8 @@
  corenet_tcp_bind_telnetd_port(inetd_t)
  corenet_udp_bind_tftp_port(inetd_t)
@@ -15571,9 +14841,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_send_syslog_msg(inetd_t)
  
  miscfiles_read_localization(inetd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-3.7.1/policy/modules/services/irqbalance.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-3.7.3/policy/modules/services/irqbalance.te
 --- nsaserefpolicy/policy/modules/services/irqbalance.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/irqbalance.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/irqbalance.te	2009-11-25 12:39:13.000000000 -0500
 @@ -18,11 +18,11 @@
  # Local policy
  #
@@ -15588,9 +14858,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
  files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.1/policy/modules/services/kerberos.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.3/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/kerberos.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/kerberos.if	2009-11-25 12:39:13.000000000 -0500
 @@ -74,7 +74,7 @@
  	')
  
@@ -15611,9 +14881,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	tunable_policy(`allow_kerberos',`
  		allow $1 self:tcp_socket create_socket_perms;
  		allow $1 self:udp_socket create_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.1/policy/modules/services/kerberos.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.3/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/kerberos.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/kerberos.te	2009-11-25 12:39:13.000000000 -0500
 @@ -110,8 +110,9 @@
  manage_files_pattern(kadmind_t, kadmind_var_run_t, kadmind_var_run_t)
  files_pid_filetrans(kadmind_t, kadmind_var_run_t, file)
@@ -15664,9 +14934,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  sysnet_dns_name_resolve(kpropd_t)
  
  kerberos_use(kpropd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.7.1/policy/modules/services/kerneloops.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.7.3/policy/modules/services/kerneloops.te
 --- nsaserefpolicy/policy/modules/services/kerneloops.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/kerneloops.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/kerneloops.te	2009-11-25 12:39:13.000000000 -0500
 @@ -22,7 +22,7 @@
  #
  
@@ -15676,9 +14946,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow kerneloops_t self:fifo_file rw_file_perms;
  
  manage_files_pattern(kerneloops_t, kerneloops_tmp_t, kerneloops_tmp_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.7.1/policy/modules/services/ktalk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.7.3/policy/modules/services/ktalk.te
 --- nsaserefpolicy/policy/modules/services/ktalk.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ktalk.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ktalk.te	2009-11-25 12:39:13.000000000 -0500
 @@ -69,6 +69,7 @@
  files_read_etc_files(ktalkd_t)
  
@@ -15687,18 +14957,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  auth_use_nsswitch(ktalkd_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.7.1/policy/modules/services/lircd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.7.3/policy/modules/services/lircd.fc
 --- nsaserefpolicy/policy/modules/services/lircd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/lircd.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/lircd.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -6,3 +6,5 @@
  /usr/sbin/lircd		--	gen_context(system_u:object_r:lircd_exec_t,s0)
  
  /var/run/lircd\.pid		gen_context(system_u:object_r:lircd_var_run_t,s0)
 +/var/run/lircd(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
 +/var/run/lirc(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.7.1/policy/modules/services/lircd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.7.3/policy/modules/services/lircd.if
 --- nsaserefpolicy/policy/modules/services/lircd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/lircd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/lircd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -32,12 +32,11 @@
  #
  interface(`lircd_stream_connect',`
@@ -15730,9 +15000,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -
 -	admin_pattern($1, lircd_sock_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.7.1/policy/modules/services/lircd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.7.3/policy/modules/services/lircd.te
 --- nsaserefpolicy/policy/modules/services/lircd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/lircd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/lircd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -16,13 +16,9 @@
  type lircd_etc_t;
  files_type(lircd_etc_t)
@@ -15778,9 +15048,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
  miscfiles_read_localization(lircd_t)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.7.1/policy/modules/services/mailman.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.7.3/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/mailman.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/mailman.te	2009-11-25 12:39:13.000000000 -0500
 @@ -78,6 +78,10 @@
  mta_dontaudit_rw_queue(mailman_mail_t)
  
@@ -15792,9 +15062,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	cron_read_pipes(mailman_mail_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.7.1/policy/modules/services/memcached.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.7.3/policy/modules/services/memcached.te
 --- nsaserefpolicy/policy/modules/services/memcached.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/memcached.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/memcached.te	2009-11-25 12:39:13.000000000 -0500
 @@ -44,6 +44,8 @@
  
  files_read_etc_files(memcached_t)
@@ -15804,9 +15074,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(memcached_t)
  
  sysnet_dns_name_resolve(memcached_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.7.1/policy/modules/services/milter.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.7.3/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/milter.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/milter.if	2009-11-25 12:39:13.000000000 -0500
 @@ -35,6 +35,8 @@
  	# Create other data files and directories in the data directory
  	manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
@@ -15816,9 +15086,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	miscfiles_read_localization($1_milter_t)
  
  	logging_send_syslog_msg($1_milter_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.1/policy/modules/services/modemmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.3/policy/modules/services/modemmanager.te
 --- nsaserefpolicy/policy/modules/services/modemmanager.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/modemmanager.te	2009-11-24 07:19:22.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/modemmanager.te	2009-11-25 12:39:13.000000000 -0500
 @@ -16,7 +16,8 @@
  #
  # ModemManager local policy
@@ -15837,18 +15107,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(modemmanager_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.7.1/policy/modules/services/mta.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.7.3/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/mta.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/mta.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -26,3 +26,5 @@
  /var/spool/imap(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
  /var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
  /var/spool/mail(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
 +HOME_DIR/\.forward	--	gen_context(system_u:object_r:mail_forward_t,s0)
 +/root/\.forward		--	gen_context(system_u:object_r:mail_forward_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.7.1/policy/modules/services/mta.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.7.3/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/mta.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/mta.if	2009-11-25 12:39:13.000000000 -0500
 @@ -69,6 +69,7 @@
  	can_exec($1_mail_t, sendmail_exec_t)
  	allow $1_mail_t sendmail_exec_t:lnk_file read_lnk_file_perms;
@@ -15910,9 +15180,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.1/policy/modules/services/mta.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.3/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/mta.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/mta.te	2009-11-25 12:39:13.000000000 -0500
 @@ -27,6 +27,9 @@
  type mail_spool_t;
  files_mountpoint(mail_spool_t)
@@ -16002,9 +15272,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # User send mail local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.7.1/policy/modules/services/munin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.7.3/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/munin.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/munin.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -9,3 +9,6 @@
  /var/lib/munin(/.*)?			gen_context(system_u:object_r:munin_var_lib_t,s0)
  /var/log/munin.*			gen_context(system_u:object_r:munin_log_t,s0)
@@ -16012,9 +15282,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/html/munin(/.*)?		gen_context(system_u:object_r:httpd_munin_content_t,s0)
 +/var/www/html/munin/cgi(/.*)?		gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.1/policy/modules/services/munin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.3/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/munin.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/munin.te	2009-11-25 12:39:13.000000000 -0500
 @@ -33,7 +33,7 @@
  # Local policy
  #
@@ -16032,9 +15302,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.1/policy/modules/services/mysql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.3/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/mysql.te	2009-11-18 16:52:13.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/mysql.te	2009-11-25 12:39:13.000000000 -0500
 @@ -136,10 +136,17 @@
  
  domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t)
@@ -16062,9 +15332,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  mysql_read_config(mysqld_safe_t)
  mysql_search_pid_files(mysqld_safe_t)
  mysql_write_log(mysqld_safe_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.1/policy/modules/services/nagios.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.3/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nagios.fc	2009-11-23 14:12:37.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nagios.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,16 +1,26 @@
  /etc/nagios(/.*)?			gen_context(system_u:object_r:nagios_etc_t,s0)
  /etc/nagios/nrpe\.cfg		--	gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -16097,9 +15367,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 +/usr/lib(64)?/cgi-bin/nagios(/.+)?	gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
 +/usr/lib(64)?/nagios/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.1/policy/modules/services/nagios.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.3/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nagios.if	2009-11-23 14:12:16.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nagios.if	2009-11-25 12:39:13.000000000 -0500
 @@ -64,7 +64,7 @@
  
  ########################################
@@ -16218,9 +15488,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	admin_pattern($1, nrpe_etc_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.1/policy/modules/services/nagios.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.3/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nagios.te	2009-11-23 14:23:43.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nagios.te	2009-11-25 12:39:13.000000000 -0500
 @@ -10,13 +10,12 @@
  type nagios_exec_t;
  init_daemon_domain(nagios_t, nagios_exec_t)
@@ -16420,9 +15690,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
 +
 +miscfiles_read_localization(nagios_checkdisk_plugin_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.1/policy/modules/services/networkmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.3/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/networkmanager.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/networkmanager.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,12 +1,28 @@
 +/etc/rc\.d/init\.d/wicd		--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -16452,9 +15722,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 +/var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.1/policy/modules/services/networkmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.3/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/networkmanager.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/networkmanager.if	2009-11-25 12:39:13.000000000 -0500
 @@ -118,6 +118,24 @@
  
  ########################################
@@ -16531,9 +15801,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role $2 types NetworkManager_t;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.1/policy/modules/services/networkmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.3/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/networkmanager.te	2009-11-24 07:18:48.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/networkmanager.te	2009-11-25 12:39:13.000000000 -0500
 @@ -19,6 +19,9 @@
  type NetworkManager_tmp_t;
  files_tmp_file(NetworkManager_tmp_t)
@@ -16774,9 +16044,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.1/policy/modules/services/nis.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.3/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nis.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nis.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,4 +1,7 @@
 -
 +/etc/rc\.d/init\.d/ypbind	--	gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -16786,9 +16056,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/ypserv\.conf	--	gen_context(system_u:object_r:ypserv_conf_t,s0)
  
  /sbin/ypbind		--	gen_context(system_u:object_r:ypbind_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.1/policy/modules/services/nis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.3/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nis.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nis.if	2009-11-25 12:39:13.000000000 -0500
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -16930,9 +16200,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role $2 types ypbind_t;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.1/policy/modules/services/nis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.3/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nis.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nis.te	2009-11-25 12:39:13.000000000 -0500
 @@ -13,6 +13,9 @@
  type ypbind_exec_t;
  init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -16982,9 +16252,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_bind_all_rpc_ports(ypxfr_t)
  corenet_udp_bind_all_rpc_ports(ypxfr_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.1/policy/modules/services/nscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.3/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nscd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nscd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -121,6 +121,24 @@
  
  ########################################
@@ -17010,9 +16280,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Use NSCD services by mapping the database from
  ##	an inherited NSCD file descriptor.
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.1/policy/modules/services/nscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.3/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/nscd.te	2009-11-17 11:08:16.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nscd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -1,10 +1,17 @@
  
 -policy_module(nscd, 1.10.0)
@@ -17053,9 +16323,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	samba_read_config(nscd_t)
 +	samba_read_var_files(nscd_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.7.1/policy/modules/services/nslcd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.7.3/policy/modules/services/nslcd.if
 --- nsaserefpolicy/policy/modules/services/nslcd.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nslcd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nslcd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -94,6 +94,7 @@
  interface(`nslcd_admin',`
  	gen_require(`
@@ -17076,9 +16346,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	manage_lnk_files_pattern($1,nslcd_var_run_t,nslcd_var_run_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.7.1/policy/modules/services/ntp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.7.3/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ntp.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ntp.if	2009-11-25 12:39:13.000000000 -0500
 @@ -37,6 +37,32 @@
  
  ########################################
@@ -17146,9 +16416,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an ntp environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.1/policy/modules/services/ntp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.3/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ntp.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ntp.te	2009-11-25 12:39:13.000000000 -0500
 @@ -41,10 +41,11 @@
  
  # sys_resource and setrlimit is for locking memory
@@ -17195,9 +16465,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.fc serefpolicy-3.7.1/policy/modules/services/nut.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.fc serefpolicy-3.7.3/policy/modules/services/nut.fc
 --- nsaserefpolicy/policy/modules/services/nut.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/nut.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nut.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,8 @@
 +
 +/usr/sbin/upsd			--	gen_context(system_u:object_r:upsd_exec_t,s0)		
@@ -17207,9 +16477,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/sbin/upsdrvctl			--	 gen_context(system_u:object_r:upsdrvctl_exec_t,s0)
 +
 +/var/run/nut(/.*)? 			 gen_context(system_u:object_r:nut_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.if serefpolicy-3.7.1/policy/modules/services/nut.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.if serefpolicy-3.7.3/policy/modules/services/nut.if
 --- nsaserefpolicy/policy/modules/services/nut.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/nut.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nut.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,82 @@
 +## <summary>SELinux policy for nut - Network UPS Tools </summary>
 +
@@ -17293,9 +16563,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        stream_connect_pattern($1, nut_var_run_t, nut_var_run_t, upsdrvctl_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.1/policy/modules/services/nut.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.3/policy/modules/services/nut.te
 --- nsaserefpolicy/policy/modules/services/nut.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/nut.te	2009-11-24 15:02:15.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nut.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,127 @@
 +
 +policy_module(nut,1.0.0)
@@ -17309,7 +16579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type upsd_exec_t;
 +init_daemon_domain(upsd_t,upsd_exec_t)
 +
-+type nut_var_run_t
++type nut_var_run_t;
 +files_pid_file(nut_var_run_t)
 +typealias nut_var_run_t alias { upsd_var_run_t upsmon_var_run_t upsdrvctl_var_run_t };
 +
@@ -17424,9 +16694,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +logging_send_syslog_msg(upsdrvctl_t)
 +
 +miscfiles_read_localization(upsdrvctl_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.1/policy/modules/services/nx.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.3/policy/modules/services/nx.fc
 --- nsaserefpolicy/policy/modules/services/nx.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nx.fc	2009-11-23 10:16:14.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nx.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,6 +1,9 @@
  /opt/NX/bin/nxserver		--	gen_context(system_u:object_r:nx_server_exec_t,s0)
  
@@ -17437,9 +16707,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /opt/NX/var(/.*)?			gen_context(system_u:object_r:nx_server_var_run_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.1/policy/modules/services/nx.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.3/policy/modules/services/nx.if
 --- nsaserefpolicy/policy/modules/services/nx.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nx.if	2009-11-20 10:16:07.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nx.if	2009-11-25 12:39:13.000000000 -0500
 @@ -17,3 +17,70 @@
  
  	spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
@@ -17511,9 +16781,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	filetrans_pattern($1, nx_server_var_lib_t, $2, $3)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.1/policy/modules/services/nx.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.3/policy/modules/services/nx.te
 --- nsaserefpolicy/policy/modules/services/nx.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/nx.te	2009-11-20 10:15:44.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/nx.te	2009-11-25 12:39:13.000000000 -0500
 @@ -25,6 +25,12 @@
  type nx_server_var_run_t;
  files_pid_file(nx_server_var_run_t)
@@ -17548,9 +16818,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_system_state(nx_server_t)
  kernel_read_kernel_sysctls(nx_server_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.1/policy/modules/services/oddjob.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.3/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/oddjob.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/oddjob.if	2009-11-25 12:39:13.000000000 -0500
 @@ -44,6 +44,7 @@
  	')
  
@@ -17559,9 +16829,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.1/policy/modules/services/openvpn.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.3/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/openvpn.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/openvpn.te	2009-11-25 12:39:13.000000000 -0500
 @@ -100,6 +100,8 @@
  files_read_etc_files(openvpn_t)
  files_read_etc_runtime_files(openvpn_t)
@@ -17571,9 +16841,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_send_syslog_msg(openvpn_t)
  
  miscfiles_read_localization(openvpn_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.1/policy/modules/services/pcscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.3/policy/modules/services/pcscd.if
 --- nsaserefpolicy/policy/modules/services/pcscd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/pcscd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/pcscd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -53,6 +53,5 @@
  	')
  
@@ -17582,9 +16852,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	allow $1 pcscd_t:unix_stream_socket connectto;
 +	stream_connect_pattern($1, pcscd_var_run_t, pcscd_var_run_t, pcscd_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.7.1/policy/modules/services/pcscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.7.3/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/pcscd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/pcscd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -29,6 +29,7 @@
  
  manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
@@ -17609,9 +16879,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  term_use_unallocated_ttys(pcscd_t)
  term_dontaudit_getattr_pty_dirs(pcscd_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.7.1/policy/modules/services/pegasus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.7.3/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/pegasus.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/pegasus.te	2009-11-25 12:39:13.000000000 -0500
 @@ -30,7 +30,7 @@
  # Local policy
  #
@@ -17683,18 +16953,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xen_stream_connect(pegasus_t)
 +	xen_stream_connect_xenstore(pegasus_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.fc serefpolicy-3.7.1/policy/modules/services/plymouth.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.fc serefpolicy-3.7.3/policy/modules/services/plymouth.fc
 --- nsaserefpolicy/policy/modules/services/plymouth.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/plymouth.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/plymouth.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,5 @@
 +/sbin/plymouthd				--	gen_context(system_u:object_r:plymouthd_exec_t, s0)
 +/bin/plymouth				--	gen_context(system_u:object_r:plymouth_exec_t, s0)
 +/var/spool/plymouth(/.*)?			gen_context(system_u:object_r:plymouthd_spool_t, s0)
 +/var/lib/plymouth(/.*)?				gen_context(system_u:object_r:plymouthd_var_lib_t, s0)
 +/var/run/plymouth(/.*)?				gen_context(system_u:object_r:plymouthd_var_run_t, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.if serefpolicy-3.7.1/policy/modules/services/plymouth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.if serefpolicy-3.7.3/policy/modules/services/plymouth.if
 --- nsaserefpolicy/policy/modules/services/plymouth.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/plymouth.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/plymouth.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,286 @@
 +## <summary>policy for plymouthd</summary>
 +
@@ -17982,9 +17252,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 plymouthd_t:unix_stream_socket connectto;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.te serefpolicy-3.7.1/policy/modules/services/plymouth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.te serefpolicy-3.7.3/policy/modules/services/plymouth.te
 --- nsaserefpolicy/policy/modules/services/plymouth.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/plymouth.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/plymouth.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,101 @@
 +policy_module(plymouthd, 1.0.0)
 +
@@ -18087,9 +17357,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hal_dontaudit_rw_pipes(plymouth_t)
 +')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.7.1/policy/modules/services/policykit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.7.3/policy/modules/services/policykit.fc
 --- nsaserefpolicy/policy/modules/services/policykit.fc	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/policykit.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/policykit.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -6,10 +6,13 @@
  /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
  /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
@@ -18105,9 +17375,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
  /var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.7.1/policy/modules/services/policykit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.7.3/policy/modules/services/policykit.if
 --- nsaserefpolicy/policy/modules/services/policykit.if	2009-08-18 18:39:50.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/policykit.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/policykit.if	2009-11-25 12:39:13.000000000 -0500
 @@ -17,6 +17,8 @@
  		class dbus send_msg;
  	')
@@ -18175,9 +17445,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 policykit_auth_t:process signal;
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.1/policy/modules/services/policykit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.3/policy/modules/services/policykit.te
 --- nsaserefpolicy/policy/modules/services/policykit.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/policykit.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/policykit.te	2009-11-25 12:39:13.000000000 -0500
 @@ -36,11 +36,12 @@
  # policykit local policy
  #
@@ -18327,9 +17597,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow policykit_resolve_t self:unix_dgram_socket create_socket_perms;
  allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms;
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.7.1/policy/modules/services/postfix.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.7.3/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/postfix.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/postfix.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -18343,9 +17613,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/postdrop	--	gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
  /usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.7.1/policy/modules/services/postfix.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.7.3/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/postfix.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/postfix.if	2009-11-25 12:39:13.000000000 -0500
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -18592,9 +17862,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	role $2 types postfix_postdrop_t;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.7.1/policy/modules/services/postfix.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.7.3/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/postfix.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/postfix.te	2009-11-25 12:39:13.000000000 -0500
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -18987,9 +18257,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_manage_user_home_content(postfix_virtual_t)
 +userdom_home_filetrans_user_home_dir(postfix_virtual_t)
 +userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.7.1/policy/modules/services/postgresql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.7.3/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/postgresql.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/postgresql.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -2,6 +2,8 @@
  # /etc
  #
@@ -19027,9 +18297,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_var_run_t,s0)
 +
 +/var/run/postmaster.*			gen_context(system_u:object_r:postgresql_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.7.1/policy/modules/services/postgresql.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.7.3/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/postgresql.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/postgresql.if	2009-11-25 12:39:13.000000000 -0500
 @@ -384,3 +384,46 @@
  
  	typeattribute $1 sepgsql_unconfined_type;
@@ -19077,9 +18347,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	admin_pattern($1, postgresql_tmp_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.7.1/policy/modules/services/postgresql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.7.3/policy/modules/services/postgresql.te
 --- nsaserefpolicy/policy/modules/services/postgresql.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/postgresql.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/postgresql.te	2009-11-25 12:39:13.000000000 -0500
 @@ -32,6 +32,9 @@
  type postgresql_etc_t;
  files_config_file(postgresql_etc_t)
@@ -19124,9 +18394,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  miscfiles_read_localization(postgresql_t)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.7.1/policy/modules/services/ppp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.7.3/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ppp.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ppp.if	2009-11-25 12:39:13.000000000 -0500
 @@ -177,10 +177,16 @@
  interface(`ppp_run',`
  	gen_require(`
@@ -19144,9 +18414,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.1/policy/modules/services/ppp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.3/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ppp.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ppp.te	2009-11-25 12:39:13.000000000 -0500
 @@ -38,7 +38,7 @@
  files_type(pppd_etc_rw_t)
  
@@ -19198,9 +18468,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	hostname_exec(pptp_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.1/policy/modules/services/prelude.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.3/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/prelude.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/prelude.te	2009-11-25 12:39:13.000000000 -0500
 @@ -122,7 +122,8 @@
  #
  # prelude_audisp local policy
@@ -19211,9 +18481,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow prelude_audisp_t self:fifo_file rw_file_perms;
  allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
  allow prelude_audisp_t self:unix_dgram_socket create_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.7.1/policy/modules/services/privoxy.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.7.3/policy/modules/services/privoxy.fc
 --- nsaserefpolicy/policy/modules/services/privoxy.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/privoxy.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/privoxy.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,6 +1,5 @@
  
 -/etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -19222,9 +18492,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/rc\.d/init\.d/privoxy --	gen_context(system_u:object_r:privoxy_initrc_exec_t,s0)
  
  /usr/sbin/privoxy	--	gen_context(system_u:object_r:privoxy_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.7.1/policy/modules/services/privoxy.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.7.3/policy/modules/services/privoxy.te
 --- nsaserefpolicy/policy/modules/services/privoxy.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/privoxy.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/privoxy.te	2009-11-25 12:39:13.000000000 -0500
 @@ -47,9 +47,8 @@
  manage_files_pattern(privoxy_t, privoxy_var_run_t, privoxy_var_run_t)
  files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
@@ -19236,9 +18506,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(privoxy_t)
  corenet_all_recvfrom_netlabel(privoxy_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.7.1/policy/modules/services/procmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.7.3/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/procmail.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/procmail.te	2009-11-25 12:39:13.000000000 -0500
 @@ -22,7 +22,7 @@
  # Local policy
  #
@@ -19286,9 +18556,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.7.1/policy/modules/services/pyzor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.7.3/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/pyzor.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/pyzor.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,6 +1,10 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -19300,9 +18570,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.7.1/policy/modules/services/pyzor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.7.3/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/pyzor.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/pyzor.if	2009-11-25 12:39:13.000000000 -0500
 @@ -88,3 +88,50 @@
  	corecmd_search_bin($1)
  	can_exec($1, pyzor_exec_t)
@@ -19354,9 +18624,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.7.1/policy/modules/services/pyzor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.7.3/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/pyzor.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/pyzor.te	2009-11-25 12:39:13.000000000 -0500
 @@ -6,6 +6,38 @@
  # Declarations
  #
@@ -19421,9 +18691,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_search_user_home_dirs(pyzor_t)
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.7.1/policy/modules/services/radvd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.7.3/policy/modules/services/radvd.te
 --- nsaserefpolicy/policy/modules/services/radvd.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/radvd.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/radvd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -41,6 +41,7 @@
  kernel_rw_net_sysctls(radvd_t)
  kernel_read_network_state(radvd_t)
@@ -19432,17 +18702,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(radvd_t)
  corenet_all_recvfrom_netlabel(radvd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.7.1/policy/modules/services/razor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.7.3/policy/modules/services/razor.fc
 --- nsaserefpolicy/policy/modules/services/razor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/razor.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/razor.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,3 +1,4 @@
 +/root/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  
  /etc/razor(/.*)?		gen_context(system_u:object_r:razor_etc_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.7.1/policy/modules/services/razor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.7.3/policy/modules/services/razor.if
 --- nsaserefpolicy/policy/modules/services/razor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/razor.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/razor.if	2009-11-25 12:39:13.000000000 -0500
 @@ -157,3 +157,45 @@
  
  	domtrans_pattern($1, razor_exec_t, razor_t)
@@ -19489,9 +18759,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.7.1/policy/modules/services/razor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.7.3/policy/modules/services/razor.te
 --- nsaserefpolicy/policy/modules/services/razor.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/razor.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/razor.te	2009-11-25 12:39:13.000000000 -0500
 @@ -6,6 +6,32 @@
  # Declarations
  #
@@ -19543,9 +18813,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.7.1/policy/modules/services/rgmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.7.3/policy/modules/services/rgmanager.fc
 --- nsaserefpolicy/policy/modules/services/rgmanager.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/rgmanager.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rgmanager.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,8 @@
 +
 +/usr/sbin/rgmanager                    --      gen_context(system_u:object_r:rgmanager_exec_t,s0)
@@ -19555,9 +18825,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/rgmanager\.pid                --      gen_context(system_u:object_r:rgmanager_var_run_t,s0)
 +
 +/var/run/cluster/rgmanager\.sk        -s      gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.1/policy/modules/services/rgmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.3/policy/modules/services/rgmanager.if
 --- nsaserefpolicy/policy/modules/services/rgmanager.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/rgmanager.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rgmanager.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,59 @@
 +## <summary>SELinux policy for rgmanager</summary>
 +
@@ -19618,9 +18888,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	stream_connect_pattern($1, rgmanager_var_run_t, rgmanager_var_run_t, rgmanager_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.1/policy/modules/services/rgmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.3/policy/modules/services/rgmanager.te
 --- nsaserefpolicy/policy/modules/services/rgmanager.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/rgmanager.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rgmanager.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,83 @@
 +
 +policy_module(rgmanager,1.0.0)
@@ -19705,9 +18975,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	ccs_stream_connect(rgmanager_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.1/policy/modules/services/rhcs.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.3/policy/modules/services/rhcs.fc
 --- nsaserefpolicy/policy/modules/services/rhcs.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/rhcs.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rhcs.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,22 @@
 +
 +/sbin/dlm_controld                     --      gen_context(system_u:object_r:dlm_controld_exec_t,s0)
@@ -19731,9 +19001,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/qdiskd(/.*)?                          gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
 +/var/log/cluster/qdiskd\.log.*         --      gen_context(system_u:object_r:qdiskd_var_log_t,s0)
 +/var/run/qdiskd\.pid                   --      gen_context(system_u:object_r:qdiskd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.7.1/policy/modules/services/rhcs.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.7.3/policy/modules/services/rhcs.if
 --- nsaserefpolicy/policy/modules/services/rhcs.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/rhcs.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rhcs.if	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,348 @@
 +## <summary>SELinux policy for RHCS - Red Hat Cluster Suite </summary>
 +
@@ -20083,9 +19353,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.7.1/policy/modules/services/rhcs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.7.3/policy/modules/services/rhcs.te
 --- nsaserefpolicy/policy/modules/services/rhcs.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/rhcs.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rhcs.te	2009-11-25 12:39:13.000000000 -0500
 @@ -0,0 +1,394 @@
 +
 +policy_module(rhcs,1.0.0)
@@ -20481,9 +19751,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.1/policy/modules/services/ricci.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.3/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ricci.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ricci.te	2009-11-25 13:13:44.000000000 -0500
 @@ -194,10 +194,13 @@
  # ricci_modcluster local policy
  #
@@ -20550,18 +19820,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_use_fds(ricci_modclusterd_t)
  ')
  
-@@ -440,6 +460,10 @@
+@@ -440,6 +460,11 @@
  files_read_usr_files(ricci_modstorage_t)
  files_read_kernel_modules(ricci_modstorage_t)
  
 +files_create_default_dir(ricci_modstorage_t)
 +files_mounton_default(ricci_modstorage_t)
-+files_manage_default(ricci_modstorage_t)
++files_manage_default_dirs(ricci_modstorage_t)
++files_manage_default_files(ricci_modstorage_t)
 +
  storage_raw_read_fixed_disk(ricci_modstorage_t)
  
  term_dontaudit_use_console(ricci_modstorage_t)
-@@ -457,6 +481,10 @@
+@@ -457,6 +482,10 @@
  mount_domtrans(ricci_modstorage_t)
  
  optional_policy(`
@@ -20572,9 +19843,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	ccs_stream_connect(ricci_modstorage_t)
  	ccs_read_config(ricci_modstorage_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.7.1/policy/modules/services/rpcbind.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.7.3/policy/modules/services/rpcbind.if
 --- nsaserefpolicy/policy/modules/services/rpcbind.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/rpcbind.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rpcbind.if	2009-11-25 12:39:13.000000000 -0500
 @@ -97,6 +97,26 @@
  
  ########################################
@@ -20602,9 +19873,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an rpcbind environment
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.7.1/policy/modules/services/rpcbind.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.7.3/policy/modules/services/rpcbind.te
 --- nsaserefpolicy/policy/modules/services/rpcbind.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/rpcbind.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rpcbind.te	2009-11-25 12:39:13.000000000 -0500
 @@ -42,6 +42,7 @@
  
  kernel_read_system_state(rpcbind_t)
@@ -20613,9 +19884,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(rpcbind_t)
  corenet_all_recvfrom_netlabel(rpcbind_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.1/policy/modules/services/rpc.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.3/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/rpc.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rpc.if	2009-11-25 12:39:13.000000000 -0500
 @@ -54,7 +54,7 @@
  	allow $1_t self:unix_dgram_socket create_socket_perms;
  	allow $1_t self:unix_stream_socket create_stream_socket_perms;
@@ -20644,9 +19915,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		seutil_sigchld_newrole($1_t)
  	')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.1/policy/modules/services/rpc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.3/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/rpc.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rpc.te	2009-11-25 12:39:13.000000000 -0500
 @@ -53,7 +53,7 @@
  # RPC local policy
  #
@@ -20733,9 +20004,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.7.1/policy/modules/services/rsync.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.7.3/policy/modules/services/rsync.te
 --- nsaserefpolicy/policy/modules/services/rsync.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/rsync.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rsync.te	2009-11-25 12:39:13.000000000 -0500
 @@ -8,6 +8,13 @@
  
  ## <desc>
@@ -20778,9 +20049,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
  auth_can_read_shadow_passwords(rsync_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.7.1/policy/modules/services/rtkit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.7.3/policy/modules/services/rtkit.if
 --- nsaserefpolicy/policy/modules/services/rtkit.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/rtkit.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rtkit.if	2009-11-25 12:39:13.000000000 -0500
 @@ -38,3 +38,23 @@
  	allow $1 rtkit_daemon_t:dbus send_msg;
  	allow rtkit_daemon_t $1:dbus send_msg;
@@ -20805,9 +20076,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow rtkit_daemon_t $1:process { getsched setsched };
 +	rtkit_daemon_dbus_chat($1)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.7.1/policy/modules/services/rtkit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.7.3/policy/modules/services/rtkit.te
 --- nsaserefpolicy/policy/modules/services/rtkit.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/rtkit.te	2009-11-23 11:53:29.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/rtkit.te	2009-11-25 12:39:13.000000000 -0500
 @@ -17,9 +17,11 @@
  
  allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
@@ -20829,9 +20100,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	policykit_dbus_chat(rtkit_daemon_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.7.1/policy/modules/services/samba.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.7.3/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/samba.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/samba.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -51,3 +51,7 @@
  /var/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
  
@@ -20840,9 +20111,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +ifndef(`enable_mls',`
 +/var/lib/samba/scripts(/.*)?		gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.7.1/policy/modules/services/samba.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.7.3/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/samba.if	2009-11-23 10:38:07.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/samba.if	2009-11-25 12:39:13.000000000 -0500
 @@ -62,6 +62,25 @@
  
  ########################################
@@ -21015,9 +20286,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	admin_pattern($1, winbind_var_run_t)
 +	admin_pattern($1, samba_unconfined_script_exec_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.1/policy/modules/services/samba.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.3/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/samba.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/samba.te	2009-11-25 12:39:13.000000000 -0500
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -21249,9 +20520,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +',`
 +	can_exec(smbd_t, samba_unconfined_script_exec_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.7.1/policy/modules/services/sasl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.7.3/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/sasl.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/sasl.te	2009-11-25 12:39:13.000000000 -0500
 @@ -31,7 +31,7 @@
  # Local policy
  #
@@ -21314,9 +20585,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(saslauthd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.1/policy/modules/services/sendmail.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.3/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/sendmail.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/sendmail.if	2009-11-25 12:39:13.000000000 -0500
 @@ -59,20 +59,20 @@
  
  ########################################
@@ -21489,9 +20760,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 sendmail_t:fifo_file rw_fifo_file_perms; 
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.1/policy/modules/services/sendmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.3/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/sendmail.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/sendmail.te	2009-11-25 12:39:13.000000000 -0500
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -21667,18 +20938,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
 -') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.7.1/policy/modules/services/setroubleshoot.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.7.3/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/setroubleshoot.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/setroubleshoot.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -5,3 +5,5 @@
  /var/log/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
  
  /var/lib/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
 +
 +/usr/share/setroubleshoot/SetroubleshootFixit\.py* 	--	gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.7.1/policy/modules/services/setroubleshoot.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.7.3/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/setroubleshoot.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/setroubleshoot.if	2009-11-25 12:39:13.000000000 -0500
 @@ -16,8 +16,8 @@
  	')
  
@@ -21815,9 +21086,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_list_pids($1)
 +	admin_pattern($1, setroubleshoot_var_run_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.7.1/policy/modules/services/setroubleshoot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.7.3/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/setroubleshoot.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/setroubleshoot.te	2009-11-25 12:39:13.000000000 -0500
 @@ -22,13 +22,19 @@
  type setroubleshoot_var_run_t;
  files_pid_file(setroubleshoot_var_run_t)
@@ -21958,9 +21229,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +        policykit_dbus_chat(setroubleshoot_fixit_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.7.1/policy/modules/services/smartmon.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.7.3/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/smartmon.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/smartmon.te	2009-11-25 12:39:13.000000000 -0500
 @@ -19,14 +19,18 @@
  type fsdaemon_tmp_t;
  files_tmp_file(fsdaemon_tmp_t)
@@ -22021,9 +21292,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.7.1/policy/modules/services/snmp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.7.3/policy/modules/services/snmp.if
 --- nsaserefpolicy/policy/modules/services/snmp.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/snmp.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/snmp.if	2009-11-25 12:39:13.000000000 -0500
 @@ -50,6 +50,24 @@
  
  ########################################
@@ -22076,9 +21347,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.7.1/policy/modules/services/snmp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.7.3/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/snmp.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/snmp.te	2009-11-25 12:39:13.000000000 -0500
 @@ -27,7 +27,7 @@
  #
  allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
@@ -22097,9 +21368,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_list_sysfs(snmpd_t)
  dev_read_sysfs(snmpd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.7.1/policy/modules/services/snort.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.7.3/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/snort.te	2009-11-23 10:22:33.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/snort.te	2009-11-25 12:39:13.000000000 -0500
 @@ -37,6 +37,7 @@
  allow snort_t self:tcp_socket create_stream_socket_perms;
  allow snort_t self:udp_socket create_socket_perms;
@@ -22108,9 +21379,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # Snort IPS node. unverified.
  allow snort_t self:netlink_firewall_socket { bind create getattr };
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.7.1/policy/modules/services/spamassassin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.7.3/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/spamassassin.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/spamassassin.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,15 +1,26 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -22140,9 +21411,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/spamd(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
 +/var/spool/MD-Quarantine(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
 +/var/spool/MIMEDefang(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.7.1/policy/modules/services/spamassassin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.7.3/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/spamassassin.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/spamassassin.if	2009-11-25 12:39:13.000000000 -0500
 @@ -111,6 +111,27 @@
  	')
  
@@ -22251,9 +21522,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_list_pids($1)
 +	admin_pattern($1, spamd_var_run_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.7.1/policy/modules/services/spamassassin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.7.3/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/spamassassin.te	2009-11-24 18:16:01.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/spamassassin.te	2009-11-25 12:39:13.000000000 -0500
 @@ -20,6 +20,35 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs, true)
@@ -22556,9 +21827,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
  	udev_read_db(spamd_t)
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.7.1/policy/modules/services/squid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.7.3/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/squid.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/squid.te	2009-11-25 12:39:13.000000000 -0500
 @@ -67,7 +67,9 @@
  
  can_exec(squid_t, squid_exec_t)
@@ -22587,18 +21858,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -#squid requires the following when run in diskd mode, the recommended setting
 -allow squid_t tmpfs_t:file { read write };
 -') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.7.1/policy/modules/services/ssh.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.7.3/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ssh.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ssh.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -14,3 +14,5 @@
  /usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
  
  /var/run/sshd\.init\.pid	--	gen_context(system_u:object_r:sshd_var_run_t,s0)
 +
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.1/policy/modules/services/ssh.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.3/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ssh.if	2009-11-18 16:54:14.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ssh.if	2009-11-25 12:39:13.000000000 -0500
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -22945,9 +22216,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_search_pids($1)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.1/policy/modules/services/ssh.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.3/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/ssh.te	2009-11-18 16:54:37.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/ssh.te	2009-11-25 12:39:13.000000000 -0500
 @@ -8,6 +8,31 @@
  
  ## <desc>
@@ -23234,9 +22505,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +    fs_manage_cifs_dirs(sftpd_t)
 +    fs_manage_cifs_files(sftpd_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.7.1/policy/modules/services/sssd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.7.3/policy/modules/services/sssd.fc
 --- nsaserefpolicy/policy/modules/services/sssd.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/sssd.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/sssd.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,6 +1,9 @@
 -/etc/rc.d/init.d/sssd	--	gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/sssd	--	gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
@@ -23248,9 +22519,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/sssd(/.*)?		gen_context(system_u:object_r:sssd_var_lib_t,s0)
 +
  /var/run/sssd.pid	--	gen_context(system_u:object_r:sssd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.7.1/policy/modules/services/sssd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.7.3/policy/modules/services/sssd.if
 --- nsaserefpolicy/policy/modules/services/sssd.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/sssd.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/sssd.if	2009-11-25 12:39:13.000000000 -0500
 @@ -12,12 +12,32 @@
  #
  interface(`sssd_domtrans',`
@@ -23339,9 +22610,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Send and receive messages from
  ##	sssd over dbus.
  ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.1/policy/modules/services/sssd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.3/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/sssd.te	2009-11-23 17:38:47.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/sssd.te	2009-11-25 12:39:13.000000000 -0500
 @@ -16,6 +16,9 @@
  type sssd_var_lib_t;
  files_type(sssd_var_lib_t)
@@ -23394,9 +22665,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	dbus_system_bus_client(sssd_t)
  	dbus_connect_system_bus(sssd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.7.1/policy/modules/services/sysstat.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.7.3/policy/modules/services/sysstat.te
 --- nsaserefpolicy/policy/modules/services/sysstat.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/sysstat.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/sysstat.te	2009-11-25 12:39:13.000000000 -0500
 @@ -19,14 +19,15 @@
  # Local policy
  #
@@ -23415,18 +22686,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
  
  # get info from /proc
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.7.1/policy/modules/services/tftp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.7.3/policy/modules/services/tftp.fc
 --- nsaserefpolicy/policy/modules/services/tftp.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/tftp.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/tftp.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -5,4 +5,4 @@
  /tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
  /tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
  
 -/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_t,s0)
 +/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_rw_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.1/policy/modules/services/tuned.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.3/policy/modules/services/tuned.te
 --- nsaserefpolicy/policy/modules/services/tuned.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/tuned.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/tuned.te	2009-11-25 12:39:13.000000000 -0500
 @@ -16,12 +16,14 @@
  type tuned_var_run_t;
  files_pid_file(tuned_var_run_t)
@@ -23443,9 +22714,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_files_pattern(tuned_t, tuned_var_run_t, tuned_var_run_t)
  files_pid_filetrans(tuned_t, tuned_var_run_t, file)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.7.1/policy/modules/services/uucp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.7.3/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/uucp.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/uucp.te	2009-11-25 12:39:13.000000000 -0500
 @@ -90,17 +90,26 @@
  fs_getattr_xattr_fs(uucpd_t)
  
@@ -23481,9 +22752,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.7.1/policy/modules/services/virt.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.7.3/policy/modules/services/virt.fc
 --- nsaserefpolicy/policy/modules/services/virt.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/virt.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/virt.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -8,5 +8,18 @@
  
  /var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
@@ -23503,9 +22774,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/libvirt(/.*)?	gen_context(system_u:object_r:svirt_cache_t,s0)
 +
 +/var/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:svirt_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.7.1/policy/modules/services/virt.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.7.3/policy/modules/services/virt.if
 --- nsaserefpolicy/policy/modules/services/virt.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/virt.if	2009-11-24 14:56:33.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/virt.if	2009-11-25 12:39:13.000000000 -0500
 @@ -136,7 +136,7 @@
  	')
  
@@ -23758,9 +23029,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		ptchown_run(svirt_t, $2)
 +	')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.1/policy/modules/services/virt.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.3/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/virt.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/virt.te	2009-11-25 12:39:13.000000000 -0500
 @@ -20,6 +20,28 @@
  ## </desc>
  gen_tunable(virt_use_samba, false)
@@ -24003,7 +23274,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -196,8 +300,150 @@
+@@ -196,8 +300,152 @@
  
  	xen_stream_connect(virtd_t)
  	xen_stream_connect_xenstore(virtd_t)
@@ -24047,6 +23318,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +corenet_udp_sendrecv_all_ports(svirt_t)
 +corenet_udp_bind_generic_node(svirt_t)
 +corenet_udp_bind_all_ports(svirt_t)
++corenet_tcp_bind_all_ports(svirt_t)
++corenet_tcp_connect_all_ports(svirt_t)
 +
 +tunable_policy(`virt_use_comm',`
 +	term_use_unallocated_ttys(svirt_t)
@@ -24154,9 +23427,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	virt_read_content(virt_domain)
 +	virt_stream_connect(virt_domain)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.7.1/policy/modules/services/w3c.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.7.3/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/w3c.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/w3c.te	2009-11-25 12:39:13.000000000 -0500
 @@ -8,11 +8,18 @@
  
  apache_content_template(w3c_validator)
@@ -24176,9 +23449,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
  corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
  corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.7.1/policy/modules/services/xserver.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.7.3/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/xserver.fc	2009-11-20 10:11:53.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/xserver.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -3,12 +3,19 @@
  #
  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -24273,9 +23546,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/lib/nxserver/home/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 +/var/lib/nxserver/home/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.1/policy/modules/services/xserver.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.3/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2009-09-09 15:37:17.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/services/xserver.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/xserver.if	2009-11-25 12:39:13.000000000 -0500
 @@ -74,6 +74,12 @@
  
  	domtrans_pattern($2, iceauth_exec_t, iceauth_t)
@@ -25146,9 +24419,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow xdm_t $1:dbus send_msg;
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.1/policy/modules/services/xserver.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.3/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/services/xserver.te	2009-11-20 16:23:57.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/services/xserver.te	2009-11-25 12:39:13.000000000 -0500
 @@ -34,6 +34,13 @@
  
  ## <desc>
@@ -25952,44 +25225,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -#
 -allow xdm_t user_home_type:file unlink;
 -') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.7.1/policy/modules/system/application.if
---- nsaserefpolicy/policy/modules/system/application.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/application.if	2009-11-17 11:06:58.000000000 -0500
-@@ -2,7 +2,7 @@
- 
- ########################################
- ## <summary>
--##	Make the specified type usable as an application domain.
-+##	Send signull to application domains
- ## </summary>
- ## <param name="type">
- ##	<summary>
-@@ -101,3 +101,21 @@
- 	application_executable_file($2)
- 	domain_entry_file($1,$2)
- ')
-+
-+########################################
-+## <summary>
-+##	Send signull to unprivileged user domains.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`application_signull',`
-+	gen_require(`
-+		attribute application_domain_type;
-+	')
-+
-+	allow $1 application_domain_type:process signull;
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.1/policy/modules/system/application.te
---- nsaserefpolicy/policy/modules/system/application.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/application.te	2009-11-17 11:06:58.000000000 -0500
-@@ -7,7 +7,18 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.3/policy/modules/system/application.te
+--- nsaserefpolicy/policy/modules/system/application.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/application.te	2009-11-25 12:39:13.000000000 -0500
+@@ -7,6 +7,12 @@
  # Executables to be run by user
  attribute application_exec_type;
  
@@ -26002,15 +25241,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	ssh_sigchld(application_domain_type)
  	ssh_rw_stream_sockets(application_domain_type)
- ')
-+
-+optional_policy(`
-+	sudo_sigchld(application_domain_type)
-+')
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.7.1/policy/modules/system/authlogin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.7.3/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/authlogin.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/authlogin.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -7,12 +7,10 @@
  /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
  /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
@@ -26036,9 +25269,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
 +/var/run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.1/policy/modules/system/authlogin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.3/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/authlogin.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/authlogin.if	2009-11-25 12:39:13.000000000 -0500
 @@ -40,17 +40,76 @@
  ##	</summary>
  ## </param>
@@ -26349,9 +25582,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.7.1/policy/modules/system/authlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.7.3/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/authlogin.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/authlogin.te	2009-11-25 12:39:13.000000000 -0500
 @@ -103,6 +103,7 @@
  
  fs_dontaudit_getattr_xattr_fs(chkpwd_t)
@@ -26379,23 +25612,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # PAM local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.1/policy/modules/system/fstools.fc
---- nsaserefpolicy/policy/modules/system/fstools.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/fstools.fc	2009-11-17 11:06:58.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.3/policy/modules/system/fstools.fc
+--- nsaserefpolicy/policy/modules/system/fstools.fc	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/fstools.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blockdev		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/cfdisk		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-@@ -6,6 +5,7 @@
- /sbin/dump		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/dumpe2fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/e2fsck		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/sbin/e4fsck		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/e2label		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/fdisk		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/findfs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-@@ -21,7 +21,6 @@
+@@ -22,7 +21,6 @@
  /sbin/mkfs.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/mkraid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/mkreiserfs	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -26403,9 +25628,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /sbin/parted		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partprobe		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.1/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/fstools.te	2009-11-17 11:06:58.000000000 -0500
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.3/policy/modules/system/fstools.te
+--- nsaserefpolicy/policy/modules/system/fstools.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/fstools.te	2009-11-25 12:39:13.000000000 -0500
 @@ -118,6 +118,8 @@
  fs_search_tmpfs(fsadm_t)
  fs_getattr_tmpfs_dirs(fsadm_t)
@@ -26415,11 +25640,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # Recreate /mnt/cdrom.
  files_manage_mnt_dirs(fsadm_t)
  # for tune2fs
-@@ -144,11 +146,11 @@
- miscfiles_read_localization(fsadm_t)
- 
- modutils_read_module_config(fsadm_t)
-+modutils_read_module_deps(fsadm_t)
+@@ -148,8 +150,7 @@
  
  seutil_read_config(fsadm_t)
  
@@ -26429,15 +25650,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ifdef(`distro_redhat',`
  	optional_policy(`
-@@ -177,4 +179,5 @@
- 
- optional_policy(`
- 	xen_append_log(fsadm_t)
-+	xen_rw_image_files(fsadm_t)
- ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.1/policy/modules/system/init.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.3/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/init.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/init.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -4,10 +4,10 @@
  /etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
  
@@ -26461,9 +25676,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  #
  # /var
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.7.1/policy/modules/system/init.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.7.3/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/system/init.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/init.if	2009-11-25 12:39:13.000000000 -0500
 @@ -162,6 +162,7 @@
  	gen_require(`
  		attribute direct_run_init, direct_init, direct_init_entry;
@@ -26718,9 +25933,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 init_t:unix_dgram_socket sendto;
 +	allow init_t $1:unix_dgram_socket sendto;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.1/policy/modules/system/init.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.3/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/system/init.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/init.te	2009-11-25 12:39:13.000000000 -0500
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart, false)
@@ -27305,17 +26520,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	fail2ban_read_lib_files(daemon)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.7.1/policy/modules/system/ipsec.fc
---- nsaserefpolicy/policy/modules/system/ipsec.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/ipsec.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -1,3 +1,6 @@
-+/etc/rc\.d/init\.d/ipsec	--	gen_context(system_u:object_r:ipsec_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/racoon	--	gen_context(system_u:object_r:ipsec_initrc_exec_t,s0)
-+
- /etc/ipsec\.secrets		--	gen_context(system_u:object_r:ipsec_key_file_t,s0)
- /etc/ipsec\.conf		--	gen_context(system_u:object_r:ipsec_conf_file_t,s0)
- /etc/racoon/psk\.txt		--	gen_context(system_u:object_r:ipsec_key_file_t,s0)
-@@ -34,6 +37,8 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.7.3/policy/modules/system/ipsec.fc
+--- nsaserefpolicy/policy/modules/system/ipsec.fc	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/ipsec.fc	2009-11-25 12:39:13.000000000 -0500
+@@ -37,6 +37,8 @@
  
  /var/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
  
@@ -27325,66 +26533,104 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/racoon\.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
  
 -/var/run/racoon.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.7.1/policy/modules/system/ipsec.if
---- nsaserefpolicy/policy/modules/system/ipsec.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/ipsec.if	2009-11-17 11:06:58.000000000 -0500
-@@ -229,3 +229,28 @@
- 	ipsec_domtrans_setkey($1)
- 	role $2 types setkey_t;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.7.3/policy/modules/system/ipsec.if
+--- nsaserefpolicy/policy/modules/system/ipsec.if	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/ipsec.if	2009-11-25 12:39:13.000000000 -0500
+@@ -189,50 +189,50 @@
+ 
+ ########################################
+ ## <summary>
+-##	Execute racoon and allow the specified role the domain.
++##	Execute setkey in the setkey domain.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+-##	Domain allowed access.
+-##	</summary>
+-## </param>
+-## <param name="role">
+-##	<summary>
+-##	Role allowed access.
++##	The type of the process performing this action.
+ ##	</summary>
+ ## </param>
+-## <rolecap/>
+ #
+-interface(`ipsec_run_racoon',`
++interface(`ipsec_domtrans_setkey',`
+ 	gen_require(`
+-		type racoon_t;
++		type setkey_t, setkey_exec_t;
+ 	')
+ 
+-	ipsec_domtrans_racoon($1)
+-	role $2 types racoon_t;
++	domtrans_pattern($1, setkey_exec_t, setkey_t)
  ')
-+
-+########################################
-+## <summary>
-+##	Execute racoon and allow the specified role the domains.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
+ 
+ ########################################
+ ## <summary>
+-##	Execute setkey in the setkey domain.
++##	Execute setkey and allow the specified role the domains.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+-##	The type of the process performing this action.
 +##	Domain allowed access.
 +##	</summary>
 +## </param>
 +## <param name="role">
 +##	<summary>
-+##	The role to be allowed the racoon and racoon domains.
-+##	</summary>
-+## </param>
++##	The role to be allowed the racoon and setkey domains.
+ ##	</summary>
+ ## </param>
 +## <rolecap/>
-+#
+ #
+-interface(`ipsec_domtrans_setkey',`
++interface(`ipsec_run_setkey',`
+ 	gen_require(`
+-		type setkey_t, setkey_exec_t;
++		type setkey_t;
+ 	')
+ 
+-	domtrans_pattern($1, setkey_exec_t, setkey_t)
++	ipsec_domtrans_setkey($1)
++	role $2 types setkey_t;
+ ')
+ 
+ ########################################
+ ## <summary>
+-##	Execute setkey and allow the specified role the domains.
++##	Execute racoon and allow the specified role the domains.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+@@ -241,16 +241,16 @@
+ ## </param>
+ ## <param name="role">
+ ##	<summary>
+-##	The role to be allowed the racoon and setkey domains.
++##	The role to be allowed the racoon and racoon domains.
+ ##	</summary>
+ ## </param>
+ ## <rolecap/>
+ #
+-interface(`ipsec_run_setkey',`
 +interface(`ipsec_run_racoon',`
-+	gen_require(`
+ 	gen_require(`
+-		type setkey_t;
 +		type racoon_t;
-+	')
-+
+ 	')
+ 
+-	ipsec_domtrans_setkey($1)
+-	role $2 types setkey_t;
 +	ipsec_domtrans_racoon($1)
 +	role $2 types racoon_t;
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.1/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/ipsec.te	2009-11-19 09:40:34.000000000 -0500
-@@ -6,6 +6,13 @@
- # Declarations
- #
- 
-+## <desc>
-+## <p>
-+## Allow racoon to read shadow
-+## </p>
-+## </desc>
-+gen_tunable(racoon_read_shadow, false)
-+
- type ipsec_t;
- type ipsec_exec_t;
- init_daemon_domain(ipsec_t, ipsec_exec_t)
-@@ -15,6 +22,9 @@
- type ipsec_conf_file_t;
- files_type(ipsec_conf_file_t)
- 
-+type ipsec_initrc_exec_t;
-+init_script_file(ipsec_initrc_exec_t)
-+
- # type for file(s) containing ipsec keys - RSA or preshared
- type ipsec_key_file_t;
- files_type(ipsec_key_file_t)
-@@ -22,6 +32,9 @@
+ ')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.3/policy/modules/system/ipsec.te
+--- nsaserefpolicy/policy/modules/system/ipsec.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/ipsec.te	2009-11-25 12:39:13.000000000 -0500
+@@ -32,6 +32,9 @@
  # Default type for IPSEC SPD entries
  type ipsec_spd_t;
  
@@ -27394,74 +26640,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # type for runtime files, including pluto.ctl
  type ipsec_var_run_t;
  files_pid_file(ipsec_var_run_t)
-@@ -43,6 +56,9 @@
- init_daemon_domain(racoon_t, racoon_exec_t)
- role system_r types racoon_t;
- 
-+type racoon_tmp_t;
-+files_tmp_file(racoon_tmp_t)
-+
- type setkey_t;
- type setkey_exec_t;
- init_system_domain(setkey_t, setkey_exec_t)
-@@ -53,21 +69,23 @@
+@@ -66,7 +69,7 @@
  # ipsec Local policy
  #
  
--allow ipsec_t self:capability { net_admin dac_override dac_read_search };
-+allow ipsec_t self:capability { net_admin dac_override dac_read_search sys_nice };
+-allow ipsec_t self:capability { net_admin dac_override dac_read_search sys_nice };
++allow ipsec_t self:capability { setpcap net_admin dac_override dac_read_search sys_nice };
  dontaudit ipsec_t self:capability sys_tty_config;
--allow ipsec_t self:process { signal setsched };
-+allow ipsec_t self:process { getcap setcap getsched signal setsched };
+ allow ipsec_t self:process { getcap setcap getsched signal setsched };
  allow ipsec_t self:tcp_socket create_stream_socket_perms;
- allow ipsec_t self:udp_socket create_socket_perms;
- allow ipsec_t self:key_socket create_socket_perms;
- allow ipsec_t self:fifo_file read_fifo_file_perms;
- allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write };
- 
-+allow ipsec_t ipsec_initrc_exec_t:file read_file_perms;
-+
- allow ipsec_t ipsec_conf_file_t:dir list_dir_perms;
- read_files_pattern(ipsec_t, ipsec_conf_file_t, ipsec_conf_file_t)
- read_lnk_files_pattern(ipsec_t, ipsec_conf_file_t, ipsec_conf_file_t)
- 
- allow ipsec_t ipsec_key_file_t:dir list_dir_perms;
--read_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
-+manage_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
- read_lnk_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
- 
- manage_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
-@@ -82,16 +100,17 @@
- # so try flipping back into the ipsec_mgmt_t domain
- corecmd_shell_domtrans(ipsec_t, ipsec_mgmt_t)
- allow ipsec_mgmt_t ipsec_t:fd use;
--allow ipsec_mgmt_t ipsec_t:fifo_file rw_file_perms;
-+allow ipsec_mgmt_t ipsec_t:fifo_file rw_fifo_file_perms;
- allow ipsec_mgmt_t ipsec_t:process sigchld;
- 
--kernel_read_kernel_sysctls(ipsec_t)
- kernel_list_proc(ipsec_t)
-+kernel_read_kernel_sysctls(ipsec_t)
- kernel_read_proc_symlinks(ipsec_t)
- # allow pluto to access /proc/net/ipsec_eroute;
- kernel_read_system_state(ipsec_t)
- kernel_read_network_state(ipsec_t)
- kernel_read_software_raid_state(ipsec_t)
-+kernel_request_load_module(ipsec_t)
- kernel_getattr_core_if(ipsec_t)
- kernel_getattr_message_if(ipsec_t)
- 
-@@ -120,7 +139,9 @@
- 
- domain_use_interactive_fds(ipsec_t)
- 
-+files_list_tmp(ipsec_t)
- files_read_etc_files(ipsec_t)
-+files_read_usr_files(ipsec_t)
- 
- fs_getattr_all_fs(ipsec_t)
- fs_search_auto_mountpoints(ipsec_t)
-@@ -154,16 +175,19 @@
+@@ -172,7 +175,7 @@
  #
  
  allow ipsec_mgmt_t self:capability { net_admin sys_tty_config dac_override dac_read_search };
@@ -27470,10 +26658,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow ipsec_mgmt_t self:unix_stream_socket create_stream_socket_perms;
  allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
  allow ipsec_mgmt_t self:udp_socket create_socket_perms;
- allow ipsec_mgmt_t self:key_socket create_socket_perms;
--allow ipsec_mgmt_t self:fifo_file rw_file_perms;
-+allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms;
- 
+@@ -182,6 +185,9 @@
  allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
  files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file)
  
@@ -27483,7 +26668,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file manage_file_perms;
  files_pid_filetrans(ipsec_mgmt_t, ipsec_mgmt_var_run_t, file)
  
-@@ -241,6 +265,7 @@
+@@ -259,6 +265,7 @@
  init_use_script_ptys(ipsec_mgmt_t)
  init_exec_script_files(ipsec_mgmt_t)
  init_use_fds(ipsec_mgmt_t)
@@ -27491,60 +26676,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  logging_send_syslog_msg(ipsec_mgmt_t)
  
-@@ -280,6 +305,13 @@
- allow racoon_t self:netlink_selinux_socket { bind create read };
- allow racoon_t self:udp_socket create_socket_perms;
- allow racoon_t self:key_socket create_socket_perms;
-+allow racoon_t self:fifo_file rw_fifo_file_perms;
-+
-+manage_dirs_pattern(racoon_t, racoon_tmp_t, racoon_tmp_t)
-+manage_files_pattern(racoon_t, racoon_tmp_t, racoon_tmp_t)
-+files_tmp_filetrans(racoon_t, racoon_tmp_t, { dir file }) 
-+
-+can_exec(racoon_t, setkey_exec_t)
- 
- # manage pid file
- manage_files_pattern(racoon_t, ipsec_var_run_t, ipsec_var_run_t)
-@@ -296,6 +328,14 @@
+@@ -323,6 +330,7 @@
  
  kernel_read_system_state(racoon_t)
  kernel_read_network_state(racoon_t)
 +kernel_request_load_module(racoon_t)
-+
-+can_exec(racoon_t, racoon_exec_t)
-+
-+corecmd_exec_shell(racoon_t)
-+corecmd_exec_bin(racoon_t)
-+
-+sysnet_exec_ifconfig(racoon_t)
  
- corenet_all_recvfrom_unlabeled(racoon_t)
- corenet_tcp_sendrecv_all_if(racoon_t)
-@@ -314,6 +354,8 @@
+ corecmd_exec_shell(racoon_t)
+ corecmd_exec_bin(racoon_t)
+@@ -362,6 +370,8 @@
  
- files_read_etc_files(racoon_t)
- 
-+fs_dontaudit_getattr_xattr_fs(racoon_t) 
-+
- # allow racoon to use avc_has_perm to check context on proposed SA
- selinux_compute_access_vector(racoon_t)
- 
-@@ -328,6 +370,14 @@
- 
- miscfiles_read_localization(racoon_t)
+ sysnet_exec_ifconfig(racoon_t)
  
 +auth_use_pam(racoon_t)
 +
-+
-+auth_can_read_shadow_passwords(racoon_t)
-+tunable_policy(`racoon_read_shadow',`
-+	auth_tunable_read_shadow(racoon_t) 
-+')
-+
- ########################################
- #
- # Setkey local policy
-@@ -341,12 +391,15 @@
+ auth_can_read_shadow_passwords(racoon_t)
+ tunable_policy(`racoon_read_shadow',`
+ 	auth_tunable_read_shadow(racoon_t)
+@@ -380,12 +390,15 @@
  read_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
  read_lnk_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
  
@@ -27560,9 +26709,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # allow setkey to set the context for ipsec SAs and policy.
  ipsec_setcontext_default_spd(setkey_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.7.1/policy/modules/system/iptables.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.7.3/policy/modules/system/iptables.fc
 --- nsaserefpolicy/policy/modules/system/iptables.fc	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/iptables.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/iptables.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,7 +1,16 @@
 -/sbin/ip6tables.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
 +
@@ -27584,9 +26733,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/iptables-restore 	--	gen_context(system_u:object_r:iptables_exec_t,s0)
 +/usr/sbin/iptables-multi 	--	gen_context(system_u:object_r:iptables_exec_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.1/policy/modules/system/iptables.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.3/policy/modules/system/iptables.if
 --- nsaserefpolicy/policy/modules/system/iptables.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/iptables.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/iptables.if	2009-11-25 12:39:13.000000000 -0500
 @@ -19,6 +19,24 @@
  	domtrans_pattern($1, iptables_exec_t, iptables_t)
  ')
@@ -27695,9 +26844,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        manage_files_pattern($1, iptables_conf_t, iptables_conf_t)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.1/policy/modules/system/iptables.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.3/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/system/iptables.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/iptables.te	2009-11-25 12:39:13.000000000 -0500
 @@ -11,6 +11,12 @@
  init_system_domain(iptables_t, iptables_exec_t)
  role system_r types iptables_t;
@@ -27759,106 +26908,29 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	udev_read_db(iptables_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.7.1/policy/modules/system/iscsi.if
---- nsaserefpolicy/policy/modules/system/iscsi.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/iscsi.if	2009-11-17 11:06:58.000000000 -0500
-@@ -17,3 +17,43 @@
- 
- 	domtrans_pattern($1, iscsid_exec_t, iscsid_t)
- ')
-+
-+########################################
-+## <summary>
-+##	Read iscsi lib files.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`iscsi_read_lib_files',`
-+	gen_require(`
-+		type iscsi_var_lib_t;
-+	')
-+
-+	read_files_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t)
-+	allow $1 iscsi_var_lib_t:dir list_dir_perms;
-+	files_search_var_lib($1)
-+')
-+
-+########################################
-+## <summary>
-+##	Connect to ISCSI using a unix domain stream socket.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the process performing this action.
-+##	</summary>
-+## </param>
-+#
-+interface(`iscsi_stream_connect',`
-+	gen_require(`
-+		type iscsid_t, iscsi_var_lib_t;
-+	')
-+
-+	files_search_pids($1)
-+	stream_connect_pattern($1,iscsi_var_lib_t,iscsi_var_lib_t,iscsid_t)
-+')
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.1/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/iscsi.te	2009-11-17 11:06:58.000000000 -0500
-@@ -55,6 +55,7 @@
- files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
- 
- kernel_read_system_state(iscsid_t)
-+kernel_search_debugfs(iscsid_t)
- 
- corenet_all_recvfrom_unlabeled(iscsid_t)
- corenet_all_recvfrom_netlabel(iscsid_t)
-@@ -68,11 +69,12 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.3/policy/modules/system/iscsi.te
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/iscsi.te	2009-11-25 12:39:13.000000000 -0500
+@@ -69,6 +69,7 @@
  dev_rw_sysfs(iscsid_t)
  
  domain_use_interactive_fds(iscsid_t)
-+domain_read_all_domains_state(iscsid_t)
++domain_dontaudit_read_all_domains_state(iscsid_t)
  
  files_read_etc_files(iscsid_t)
  
- logging_send_syslog_msg(iscsid_t)
- 
--miscfiles_read_localization(iscsid_t)
-+auth_use_nsswitch(iscsid_t)
- 
--sysnet_dns_name_resolve(iscsid_t)
-+miscfiles_read_localization(iscsid_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.7.1/policy/modules/system/kdump.te
---- nsaserefpolicy/policy/modules/system/kdump.te	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/kdump.te	2009-11-17 11:06:58.000000000 -0500
-@@ -21,7 +21,7 @@
- # kdump local policy
- #
- 
--allow kdump_t self:capability { sys_boot dac_override };
-+allow kdump_t self:capability { sys_boot sys_rawio dac_override };
- 
- read_files_pattern(kdump_t, kdump_etc_t, kdump_etc_t)
- 
-@@ -29,8 +29,11 @@
- files_read_kernel_img(kdump_t)
- 
- kernel_read_system_state(kdump_t)
-+kernel_read_core_if(kdump_t)
- 
- dev_read_framebuffer(kdump_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.7.3/policy/modules/system/kdump.te
+--- nsaserefpolicy/policy/modules/system/kdump.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/kdump.te	2009-11-25 12:39:13.000000000 -0500
+@@ -35,3 +35,5 @@
  dev_read_sysfs(kdump_t)
  
  term_use_console(kdump_t)
 +
 +permissive kdump_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.1/policy/modules/system/libraries.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.3/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/libraries.fc	2009-11-25 06:13:34.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/libraries.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -28173,9 +27245,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 +')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.1/policy/modules/system/libraries.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.3/policy/modules/system/libraries.if
 --- nsaserefpolicy/policy/modules/system/libraries.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/libraries.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/libraries.if	2009-11-25 12:39:13.000000000 -0500
 @@ -17,6 +17,7 @@
  
  	corecmd_search_bin($1)
@@ -28202,9 +27274,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1 lib_t:dir list_dir_perms;
  	read_lnk_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
  	mmap_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.1/policy/modules/system/libraries.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.3/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/system/libraries.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/libraries.te	2009-11-25 12:39:13.000000000 -0500
 @@ -58,11 +58,11 @@
  # ldconfig local policy
  #
@@ -28266,9 +27338,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	unconfined_domain(ldconfig_t) 
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.1/policy/modules/system/locallogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.3/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/locallogin.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/locallogin.te	2009-11-25 12:39:13.000000000 -0500
 @@ -33,7 +33,7 @@
  # Local login local policy
  #
@@ -28357,9 +27429,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -optional_policy(`
 -	nscd_socket_use(sulogin_t)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.7.1/policy/modules/system/logging.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.7.3/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/logging.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/logging.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -51,17 +51,21 @@
  
  ifdef(`distro_redhat',`
@@ -28386,9 +27458,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /var/tinydns/log/main(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.7.1/policy/modules/system/logging.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.7.3/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/logging.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/logging.if	2009-11-25 12:39:13.000000000 -0500
 @@ -69,6 +69,20 @@
  
  ########################################
@@ -28428,9 +27500,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.1/policy/modules/system/logging.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.3/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/system/logging.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/logging.te	2009-11-25 12:39:13.000000000 -0500
 @@ -123,10 +123,10 @@
  
  allow auditd_t self:capability { chown fsetid sys_nice sys_resource };
@@ -28538,81 +27610,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	inn_manage_log(syslogd_t)
  ')
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.7.1/policy/modules/system/lvm.if
---- nsaserefpolicy/policy/modules/system/lvm.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/lvm.if	2009-11-17 11:06:58.000000000 -0500
-@@ -21,6 +21,26 @@
- 
- ########################################
- ## <summary>
-+##      Execute lvm programs in the caller domain.
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      The type of the process performing this action.
-+##      </summary>
-+## </param>
-+#
-+interface(`lvm_exec',`
-+        gen_require(`
-+                type lvm_exec_t;
-+        ')
-+
-+        corecmd_search_sbin($1)
-+        can_exec($1, lvm_exec_t)
-+
-+')
-+  
-+########################################
-+## <summary>
- ##	Execute lvm programs in the lvm domain.
- ## </summary>
- ## <param name="domain">
-@@ -85,3 +105,22 @@
- 	manage_dirs_pattern($1, lvm_etc_t, lvm_etc_t)
- 	manage_files_pattern($1, lvm_etc_t, lvm_etc_t)
- ')
-+
-+######################################
-+## <summary>
-+##      Execute a domain transition to run clvmd.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+##      Domain allowed to transition.
-+## </summary>
-+## </param>
-+#
-+interface(`lvm_clvmd_domtrans',`
-+        gen_require(`
-+                type clvmd_t, clvmd_exec_t;
-+        ')
-+
-+        corecmd_search_bin($1)
-+        domtrans_pattern($1,clvmd_exec_t,clvmd_t)
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.7.1/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/lvm.te	2009-11-17 11:06:58.000000000 -0500
-@@ -10,6 +10,9 @@
- type clvmd_exec_t;
- init_daemon_domain(clvmd_t, clvmd_exec_t)
- 
-+type clvmd_initrc_exec_t;
-+init_script_file(clvmd_initrc_exec_t)
-+
- type clvmd_var_run_t;
- files_pid_file(clvmd_var_run_t)
- 
-@@ -102,6 +105,7 @@
- fs_search_auto_mountpoints(clvmd_t)
- fs_dontaudit_list_tmpfs(clvmd_t)
- fs_dontaudit_read_removable_files(clvmd_t)
-+fs_rw_anon_inodefs_files(clvmd_t)
- 
- storage_dontaudit_getattr_removable_dev(clvmd_t)
- storage_manage_fixed_disk(clvmd_t)
-@@ -138,6 +142,10 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.7.3/policy/modules/system/lvm.te
+--- nsaserefpolicy/policy/modules/system/lvm.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/lvm.te	2009-11-25 12:39:13.000000000 -0500
+@@ -142,6 +142,10 @@
  ')
  
  optional_policy(`
@@ -28623,24 +27624,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	ccs_stream_connect(clvmd_t)
  ')
  
-@@ -168,7 +176,7 @@
- # LVM will complain a lot if it cannot set its priority.
- allow lvm_t self:process setsched;
- allow lvm_t self:file rw_file_perms;
--allow lvm_t self:fifo_file rw_fifo_file_perms;
-+allow lvm_t self:fifo_file manage_fifo_file_perms;
- allow lvm_t self:unix_dgram_socket create_socket_perms;
- allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
- 
-@@ -214,6 +222,7 @@
- # it has no reason to need this
- kernel_dontaudit_getattr_core_if(lvm_t)
- kernel_use_fds(lvm_t)
-+kernel_search_debugfs(lvm_t)
- 
- corecmd_exec_bin(lvm_t)
- corecmd_exec_shell(lvm_t)
-@@ -239,6 +248,7 @@
+@@ -244,6 +248,7 @@
  dev_dontaudit_getattr_generic_blk_files(lvm_t)
  dev_dontaudit_getattr_generic_pipes(lvm_t)
  dev_create_generic_dirs(lvm_t)
@@ -28648,7 +27632,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domain_use_interactive_fds(lvm_t)
  domain_read_all_domains_state(lvm_t)
-@@ -248,6 +258,7 @@
+@@ -253,6 +258,7 @@
  files_read_etc_runtime_files(lvm_t)
  # for when /usr is not mounted:
  files_dontaudit_search_isid_type_dirs(lvm_t)
@@ -28656,31 +27640,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  fs_getattr_xattr_fs(lvm_t)
  fs_search_auto_mountpoints(lvm_t)
-@@ -255,6 +266,7 @@
- fs_read_tmpfs_symlinks(lvm_t)
- fs_dontaudit_read_removable_files(lvm_t)
- fs_dontaudit_getattr_tmpfs_files(lvm_t)
-+fs_rw_anon_inodefs_files(lvm_t)
- 
- selinux_get_fs_mount(lvm_t)
- selinux_validate_context(lvm_t)
-@@ -273,10 +285,15 @@
- storage_dev_filetrans_fixed_disk(lvm_t)
- # Access raw devices and old /dev/lvm (c 109,0).  Is this needed?
- storage_manage_fixed_disk(lvm_t)
-+mls_file_read_all_levels(lvm_t)
-+mls_file_write_to_clearance(lvm_t)
-+
-+term_use_all_terms(lvm_t)
- 
- init_use_fds(lvm_t)
- init_dontaudit_getattr_initctl(lvm_t)
- init_use_script_ptys(lvm_t)
-+init_read_script_state(lvm_t)
- 
- logging_send_syslog_msg(lvm_t)
- 
-@@ -299,6 +316,10 @@
+@@ -311,6 +317,10 @@
  ')
  
  optional_policy(`
@@ -28691,164 +27651,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	bootloader_rw_tmp_files(lvm_t)
  ')
  
-@@ -313,8 +334,10 @@
- optional_policy(`
- 	dbus_system_bus_client(lvm_t)
- 
-+	optional_policy(`
- 	hal_dbus_chat(lvm_t)
- ')
-+')
- 
- optional_policy(`
- 	modutils_domtrans_insmod(lvm_t)
-@@ -329,6 +352,10 @@
- ')
- 
- optional_policy(`
-+	virt_manage_images(lvm_t)
-+')
-+
-+optional_policy(`
- 	xen_append_log(lvm_t)
- 	xen_dontaudit_rw_unix_stream_sockets(lvm_t)
- ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.7.1/policy/modules/system/miscfiles.fc
---- nsaserefpolicy/policy/modules/system/miscfiles.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/miscfiles.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -85,3 +85,5 @@
- /var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
- /var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
- ')
-+
-+HOME_DIR/\.cert(/.*)?		gen_context(system_u:object_r:home_cert_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.1/policy/modules/system/miscfiles.if
---- nsaserefpolicy/policy/modules/system/miscfiles.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/miscfiles.if	2009-11-17 11:06:58.000000000 -0500
-@@ -23,6 +23,28 @@
- 
- ########################################
- ## <summary>
-+##	Read system SSL certificates in the users homedir.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`miscfiles_read_home_certs',`
-+	gen_require(`
-+		type home_cert_t;
-+	')
-+
-+	userdom_search_user_home_dirs($1)
-+	allow $1 home_cert_t:dir list_dir_perms;
-+	read_files_pattern($1, home_cert_t, home_cert_t)
-+	read_lnk_files_pattern($1, home_cert_t, home_cert_t)
-+')
-+
-+########################################
-+## <summary>
- ##	manange system SSL certificates.
- ## </summary>
- ## <param name="domain">
-@@ -87,6 +109,44 @@
- 
- ########################################
- ## <summary>
-+##	dontaudit domain setattr on fonts dir
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`miscfiles_dontaudit_setattr_fonts',`
-+	gen_require(`
-+		type fonts_t;
-+	')
-+
-+	dontaudit $1 fonts_t:dir setattr;
-+')
-+
-+########################################
-+## <summary>
-+##	Allow domain to setattr on fonts dir
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`miscfiles_setattr_fonts',`
-+	gen_require(`
-+		type fonts_t;
-+	')
-+
-+	allow $1 fonts_t:dir setattr;
-+')
-+
-+########################################
-+## <summary>
- ##	Do not audit attempts to write fonts.
- ## </summary>
- ## <param name="domain">
-@@ -255,6 +315,24 @@
- 
- ########################################
- ## <summary>
-+##	Allow process to search man pages.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain to not audit.
-+##	</summary>
-+## </param>
-+#
-+interface(`miscfiles_search_man_pages',`
-+	gen_require(`
-+		type man_t;
-+	')
-+
-+	allow $1 man_t:dir search_dir_perms;
-+')
-+
-+########################################
-+## <summary>
- ##	Do not audit attempts to search man pages.
- ## </summary>
- ## <param name="domain">
-@@ -268,7 +346,7 @@
- 		type man_t;
- 	')
- 
--	dontaudit $1 man_t:dir search;
-+	dontaudit $1 man_t:dir search_dir_perms;
- ')
- 
- ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.7.1/policy/modules/system/miscfiles.te
---- nsaserefpolicy/policy/modules/system/miscfiles.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/miscfiles.te	2009-11-17 11:06:58.000000000 -0500
-@@ -12,6 +12,9 @@
- type cert_t;
- files_type(cert_t)
- 
-+type home_cert_t;
-+userdom_user_home_content(home_cert_t)
-+
- #
- # fonts_t is the type of various font
- # files in /usr
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.fc serefpolicy-3.7.1/policy/modules/system/modutils.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.fc serefpolicy-3.7.3/policy/modules/system/modutils.fc
 --- nsaserefpolicy/policy/modules/system/modutils.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/modutils.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/modutils.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,6 +1,7 @@
  
  /etc/modules\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
@@ -28857,9 +27662,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ifdef(`distro_gentoo',`
  # gentoo init scripts still manage this file
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.7.1/policy/modules/system/modutils.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.7.3/policy/modules/system/modutils.if
 --- nsaserefpolicy/policy/modules/system/modutils.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/modutils.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/modutils.if	2009-11-25 12:39:13.000000000 -0500
 @@ -1,5 +1,24 @@
  ## <summary>Policy for kernel module utilities</summary>
  
@@ -28933,9 +27738,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.7.1/policy/modules/system/modutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.7.3/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/modutils.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/modutils.te	2009-11-25 12:39:13.000000000 -0500
 @@ -19,6 +19,7 @@
  type insmod_exec_t;
  application_domain(insmod_t, insmod_exec_t)
@@ -29102,9 +27907,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_kernel_modules_filetrans(update_modules_t, modules_conf_t, file)
  files_etc_filetrans(update_modules_t, modules_conf_t, file)
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.7.1/policy/modules/system/mount.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.7.3/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/mount.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/mount.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,4 +1,9 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -29116,9 +27921,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/cache/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 +/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.1/policy/modules/system/mount.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.3/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/mount.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/mount.if	2009-11-25 12:39:13.000000000 -0500
 @@ -84,9 +84,11 @@
  interface(`mount_signal',`
  	gen_require(`
@@ -29131,9 +27936,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.7.1/policy/modules/system/mount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.7.3/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/mount.te	2009-11-19 14:07:23.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/mount.te	2009-11-25 12:39:13.000000000 -0500
 @@ -18,8 +18,12 @@
  init_system_domain(mount_t, mount_exec_t)
  role system_r types mount_t;
@@ -29342,36 +28147,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	rpc_domtrans_rpcd(unconfined_mount_t)
  ')
 +
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.fc serefpolicy-3.7.1/policy/modules/system/raid.fc
---- nsaserefpolicy/policy/modules/system/raid.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/raid.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -3,3 +3,5 @@
- /sbin/mdmpd		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
- 
- /var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0)
-+
-+/dev/.mdadm.map		--	gen_context(system_u:object_r:mdadm_map_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.7.1/policy/modules/system/raid.te
---- nsaserefpolicy/policy/modules/system/raid.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/raid.te	2009-11-17 11:06:58.000000000 -0500
-@@ -14,6 +14,9 @@
- type mdadm_var_run_t;
- files_pid_file(mdadm_var_run_t)
- 
-+type mdadm_map_t;
-+files_type(mdadm_map_t)
-+
- ########################################
- #
- # Local policy
-@@ -44,11 +47,16 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.7.3/policy/modules/system/raid.te
+--- nsaserefpolicy/policy/modules/system/raid.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/raid.te	2009-11-25 12:39:13.000000000 -0500
+@@ -51,11 +51,13 @@
  dev_dontaudit_getattr_generic_chr_files(mdadm_t)
  dev_dontaudit_getattr_generic_blk_files(mdadm_t)
  dev_read_realtime_clock(mdadm_t)
 +dev_read_raw_memory(mdadm_t)
-+# create .mdadm files in /dev
-+allow mdadm_t mdadm_map_t:file manage_file_perms;
-+dev_filetrans(mdadm_t, mdadm_map_t, file)
  
  domain_use_interactive_fds(mdadm_t)
  
@@ -29381,9 +28164,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  fs_search_auto_mountpoints(mdadm_t)
  fs_dontaudit_list_tmpfs(mdadm_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.7.1/policy/modules/system/selinuxutil.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.7.3/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/selinuxutil.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/selinuxutil.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -6,13 +6,13 @@
  /etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
  /etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
@@ -29423,9 +28206,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/etc/share/selinux/targeted(/.*)?	gen_context(system_u:object_r:semanage_store_t,s0)
 +/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.1/policy/modules/system/selinuxutil.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.3/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/selinuxutil.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/selinuxutil.if	2009-11-25 12:39:13.000000000 -0500
 @@ -351,6 +351,27 @@
  
  ########################################
@@ -29781,9 +28564,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hotplug_use_fds($1)
 +')
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.1/policy/modules/system/selinuxutil.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.3/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/selinuxutil.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/selinuxutil.te	2009-11-25 12:39:13.000000000 -0500
 @@ -23,6 +23,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -30146,48 +28929,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +kernel_relabelto_unlabeled(setfiles_mac_t)
  
 -	# cjp: cover up stray file descriptors.
- 	optional_policy(`
--		unconfined_dontaudit_read_pipes(setfiles_t)
--		unconfined_dontaudit_rw_tcp_sockets(setfiles_t)
--	')
-+	setroubleshoot_dontaudit_rw_dgram_sockets(setfiles_t)
-+	setroubleshoot_dontaudit_rw_dgram_sockets(setsebool_t)
- ')
- 
- optional_policy(`
--	hotplug_use_fds(setfiles_t)
-+	unconfined_domain(setfiles_mac_t)
- ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.7.1/policy/modules/system/setrans.if
---- nsaserefpolicy/policy/modules/system/setrans.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/setrans.if	2009-11-17 11:06:58.000000000 -0500
-@@ -21,3 +21,23 @@
- 	stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t)
- 	files_list_pids($1)
- ')
-+
-+########################################
-+## <summary>
-+##	Execute setrans server in the setrans domain.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the process performing this action.
-+##	</summary>
-+## </param>
-+#
-+#
-+interface(`setrans_initrc_domtrans',`
-+	gen_require(`
-+		type setrans_initrc_exec_t;
-+	')
-+
-+	init_labeled_script_domtrans($1, setrans_initrc_exec_t)
-+')
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.7.1/policy/modules/system/sysnetwork.fc
+ 	optional_policy(`
+-		unconfined_dontaudit_read_pipes(setfiles_t)
+-		unconfined_dontaudit_rw_tcp_sockets(setfiles_t)
+-	')
++	setroubleshoot_dontaudit_rw_dgram_sockets(setfiles_t)
++	setroubleshoot_dontaudit_rw_dgram_sockets(setsebool_t)
+ ')
+ 
+ optional_policy(`
+-	hotplug_use_fds(setfiles_t)
++	unconfined_domain(setfiles_mac_t)
+ ')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.7.3/policy/modules/system/sysnetwork.fc
 --- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/sysnetwork.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/sysnetwork.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -11,15 +11,20 @@
  /etc/dhclient-script	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
  /etc/dhcpc.*			gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -30216,9 +28972,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 +
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.1/policy/modules/system/sysnetwork.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.3/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/sysnetwork.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/sysnetwork.if	2009-11-25 12:39:13.000000000 -0500
 @@ -43,6 +43,39 @@
  
  	sysnet_domtrans_dhcpc($1)
@@ -30396,9 +29152,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	role_transition $1 dhcpc_exec_t system_r;
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.1/policy/modules/system/sysnetwork.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.3/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/sysnetwork.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/sysnetwork.te	2009-11-25 12:39:13.000000000 -0500
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t, dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -30611,69 +29367,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hal_dontaudit_rw_pipes(ifconfig_t)
 +	hal_dontaudit_rw_dgram_sockets(ifconfig_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.7.1/policy/modules/system/udev.fc
---- nsaserefpolicy/policy/modules/system/udev.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/udev.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -7,6 +7,9 @@
- /etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
- 
- /etc/udev/scripts/.+ --	gen_context(system_u:object_r:udev_helper_exec_t,s0)
-+/etc/udev/rules.d(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
-+
-+/lib/udev/udev-acl   -- gen_context(system_u:object_r:udev_exec_t,s0)
- 
- /sbin/start_udev --	gen_context(system_u:object_r:udev_exec_t,s0)
- /sbin/udev	--	gen_context(system_u:object_r:udev_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.7.1/policy/modules/system/udev.if
---- nsaserefpolicy/policy/modules/system/udev.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/udev.if	2009-11-17 11:06:58.000000000 -0500
-@@ -168,4 +168,43 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.7.3/policy/modules/system/udev.if
+--- nsaserefpolicy/policy/modules/system/udev.if	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/udev.if	2009-11-25 12:39:13.000000000 -0500
+@@ -186,6 +186,7 @@
  
  	dev_list_all_dev_nodes($1)
  	allow $1 udev_tbl_t:file rw_file_perms;
 +	allow $1 udev_tbl_t:file unlink;
-+')
-+
-+########################################
-+## <summary>
-+##	Create, read, write, and delete
-+##	udev pid files.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`udev_manage_pid_files',`
-+	gen_require(`
-+		type udev_var_run_t;
-+	')
-+
-+	files_search_var_lib($1)
-+	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
-+')
-+
-+########################################
-+## <summary>
-+##	Send signal to udev process
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`udev_signal',`
-+	gen_require(`
-+		type udev_t;
-+	')
-+
-+	allow $1 udev_t:process signal;
  ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.1/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/udev.te	2009-11-17 11:06:58.000000000 -0500
+ 
+ ########################################
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.3/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/udev.te	2009-11-25 12:39:13.000000000 -0500
 @@ -50,6 +50,7 @@
  allow udev_t self:unix_stream_socket connectto;
  allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -30682,46 +29389,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow udev_t udev_exec_t:file write;
  can_exec(udev_t, udev_exec_t)
-@@ -66,9 +67,11 @@
- 
- manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t)
- manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
-+manage_lnk_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
- files_pid_filetrans(udev_t, udev_var_run_t, { dir file })
- 
- kernel_read_system_state(udev_t)
-+kernel_request_load_module(udev_t)
- kernel_getattr_core_if(udev_t)
- kernel_use_fds(udev_t)
- kernel_read_device_sysctls(udev_t)
-@@ -111,6 +114,7 @@
- 
- fs_getattr_all_fs(udev_t)
- fs_list_inotifyfs(udev_t)
-+fs_rw_anon_inodefs_files(udev_t)
- 
- mcs_ptrace_all(udev_t)
- 
-@@ -140,6 +144,7 @@
- logging_send_audit_msgs(udev_t)
- 
- miscfiles_read_localization(udev_t)
-+miscfiles_read_hwdata(udev_t)
- 
- modutils_domtrans_insmod(udev_t)
- # read modules.inputmap:
-@@ -194,6 +199,10 @@
- ')
- 
- optional_policy(`
-+	bluetooth_domtrans(udev_t)
-+')
-+
-+optional_policy(`
- 	brctl_domtrans(udev_t)
- ')
- 
-@@ -202,14 +211,27 @@
+@@ -210,6 +211,10 @@
  ')
  
  optional_policy(`
@@ -30732,24 +29400,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	consoletype_exec(udev_t)
  ')
  
- optional_policy(`
-+	cups_domtrans_config(udev_t)
-+')
-+
-+optional_policy(`
- 	dbus_system_bus_client(udev_t)
- ')
- 
- optional_policy(`
-+	devicekit_read_pid_files(udev_t)
-+	devicekit_dgram_send(udev_t)
-+')
-+
-+optional_policy(`
- 	lvm_domtrans(udev_t)
- ')
- 
-@@ -219,6 +241,7 @@
+@@ -236,6 +241,7 @@
  
  optional_policy(`
  	hal_dgram_send(udev_t)
@@ -30757,29 +29408,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -228,6 +251,10 @@
+@@ -263,7 +269,7 @@
  ')
  
  optional_policy(`
-+	mount_domtrans(udev_t)
-+')
-+
-+optional_policy(`
- 	openct_read_pid_files(udev_t)
- 	openct_domtrans(udev_t)
+-	unconfined_signal(udev_t)
++	rpm_search_log(udev_t)
  ')
-@@ -242,6 +269,18 @@
+ 
+ optional_policy(`
+@@ -271,6 +277,10 @@
  ')
  
  optional_policy(`
-+	rpm_search_log(udev_t)
-+')
-+
-+optional_policy(`
-+	vbetool_domtrans(udev_t)
-+')
-+
-+optional_policy(`
 +	unconfined_signal(udev_t)
 +')
 +
@@ -30787,9 +29428,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_write_xen_state(udev_t)
  	kernel_read_xen_state(udev_t)
  	xen_manage_log(udev_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.7.1/policy/modules/system/unconfined.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.7.3/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/unconfined.fc	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/unconfined.fc	2009-11-25 12:39:13.000000000 -0500
 @@ -1,16 +1 @@
  # Add programs here which should not be confined by SELinux
 -# e.g.:
@@ -30807,9 +29448,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -ifdef(`distro_gentoo',`
 -/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.1/policy/modules/system/unconfined.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.3/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/unconfined.if	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/unconfined.if	2009-11-25 12:39:13.000000000 -0500
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -31313,9 +29954,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -
 -	allow $1 unconfined_t:dbus acquire_svc;
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.7.1/policy/modules/system/unconfined.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.7.3/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/system/unconfined.te	2009-11-17 11:08:37.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/unconfined.te	2009-11-25 12:39:13.000000000 -0500
 @@ -5,227 +5,5 @@
  #
  # Declarations
@@ -31545,10 +30186,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -		hal_dbus_chat(unconfined_execmem_t)
 -	')
 -')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.7.1/policy/modules/system/userdomain.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.7.3/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/userdomain.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -1,4 +1,8 @@
++++ serefpolicy-3.7.3/policy/modules/system/userdomain.fc	2009-11-25 12:39:13.000000000 -0500
+@@ -1,4 +1,9 @@
  HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
 +HOME_DIR	-l	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
  HOME_DIR/.+		gen_context(system_u:object_r:user_home_t,s0)
@@ -31557,10 +30198,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 +/dev/shm/pulse-shm.*	gen_context(system_u:object_r:user_tmpfs_t,s0)
 +/dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
++HOME_DIR/\.cert(/.*)?	gen_context(system_u:object_r:home_cert_t,s0)
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.1/policy/modules/system/userdomain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.3/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/userdomain.if	2009-11-23 14:09:57.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/userdomain.if	2009-11-25 12:39:13.000000000 -0500
 @@ -30,8 +30,9 @@
  	')
  
@@ -32478,7 +31120,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		loadkeys_run($1_t,$1_r)
  	')
  ')
-@@ -865,51 +950,97 @@
+@@ -865,51 +950,93 @@
  
  	userdom_restricted_user_template($1)
  
@@ -32535,7 +31177,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	optional_policy(`
 +		alsa_read_rw_config($1_usertype)
 +	')
-+
+ 
+-	xserver_restricted_role($1_r, $1_t)
 +	optional_policy(`
 +		apache_role($1_r, $1_usertype)
 +	')
@@ -32546,14 +31189,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		devicekit_dbus_chat_power($1_usertype)
 +	')
  
--	xserver_restricted_role($1_r, $1_t)
-+	optional_policy(`
-+		fprintd_dbus_chat($1_t)
-+	')
- 
  	optional_policy(`
 -		alsa_read_rw_config($1_t)
-+		gnomeclock_dbus_chat($1_t)
++		fprintd_dbus_chat($1_t)
  	')
  
  	optional_policy(`
@@ -32589,7 +31227,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -943,8 +1074,8 @@
+@@ -943,8 +1070,8 @@
  	# Declarations
  	#
  
@@ -32599,7 +31237,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	userdom_common_user_template($1)
  
  	##############################
-@@ -953,58 +1084,67 @@
+@@ -953,58 +1080,71 @@
  	#
  
  	# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -32633,10 +31271,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -			storage_raw_read_removable_device($1_t)
 +	optional_policy(`
 +		cdrecord_role($1_r, $1_t)
- 		')
++		')
 +
 +	optional_policy(`
 +		cron_role($1_r, $1_t)
+ 		')
++
++	optional_policy(`
++		games_rw_data($1_usertype)
  	')
  
 -	tunable_policy(`user_dmesg',`
@@ -32644,7 +31286,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	',`
 -		kernel_dontaudit_read_ring_buffer($1_t)
 +	optional_policy(`
-+		games_rw_data($1_usertype)
++		gpg_role($1_r, $1_usertype)
  	')
  
 -	# Allow users to run TCP servers (bind to ports and accept connection from
@@ -32654,7 +31296,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -		corenet_tcp_bind_generic_node($1_t)
 -		corenet_tcp_bind_generic_port($1_t)
 +	optional_policy(`
-+		gpg_role($1_r, $1_usertype)
++		gnomeclock_dbus_chat($1_t)
  	')
  
  	optional_policy(`
@@ -33259,7 +31901,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_search_proc($1)
  ')
  
-@@ -3064,3 +3395,597 @@
+@@ -3064,3 +3395,619 @@
  
  	allow $1 userdomain:dbus send_msg;
  ')
@@ -33857,9 +32499,31 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 user_tmp_t:file { getattr append };
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.7.1/policy/modules/system/userdomain.te
++
++########################################
++## <summary>
++##	Read system SSL certificates in the users homedir.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`userdom_read_home_certs',`
++	gen_require(`
++		type home_cert_t;
++	')
++
++	userdom_search_user_home_dirs($1)
++	allow $1 home_cert_t:dir list_dir_perms;
++	read_files_pattern($1, home_cert_t, home_cert_t)
++	read_lnk_files_pattern($1, home_cert_t, home_cert_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.7.3/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/policy/modules/system/userdomain.te	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/userdomain.te	2009-11-25 12:39:13.000000000 -0500
 @@ -8,13 +8,6 @@
  
  ## <desc>
@@ -33918,11 +32582,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_user_home_content(user_home_t)
  fs_associate_tmpfs(user_home_t)
  files_associate_tmp(user_home_t)
-@@ -97,3 +100,25 @@
+@@ -97,3 +100,29 @@
  type user_tty_device_t alias { staff_tty_device_t sysadm_tty_device_t secadm_tty_device_t auditadm_tty_device_t unconfined_tty_device_t };
  dev_node(user_tty_device_t)
  ubac_constrained(user_tty_device_t)
 +
++type home_cert_t, user_home_type;
++files_type(home_cert_t)
++ubac_constrained(home_cert_t)
++
 +tunable_policy(`allow_console_login',`
 +	term_use_console(userdomain)
 +')
@@ -33944,206 +32612,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +allow userdomain userdomain:process signull;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.7.1/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/xen.fc	2009-11-17 11:06:58.000000000 -0500
-@@ -1,5 +1,7 @@
- /dev/xen/tapctrl.*	-p	gen_context(system_u:object_r:xenctl_t,s0)
- 
-+/usr/sbin/evtchnd       --      gen_context(system_u:object_r:evtchnd_exec_t,s0)
-+
- /usr/bin/virsh		--	gen_context(system_u:object_r:xm_exec_t,s0)
- 
- ifdef(`distro_debian',`
-@@ -19,14 +21,18 @@
- /var/lib/xend(/.*)?		gen_context(system_u:object_r:xend_var_lib_t,s0)
- /var/lib/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_lib_t,s0)
- 
-+/var/log/evtchnd\.log   --      gen_context(system_u:object_r:evtchnd_var_log_t,s0)
- /var/log/xen(/.*)?		gen_context(system_u:object_r:xend_var_log_t,s0)
- /var/log/xen-hotplug\.log --	gen_context(system_u:object_r:xend_var_log_t,s0)
- /var/log/xend\.log	--	gen_context(system_u:object_r:xend_var_log_t,s0)
- /var/log/xend-debug\.log --	gen_context(system_u:object_r:xend_var_log_t,s0)
- 
-+/var/run/evtchnd\.pid   --      gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-+/var/run/evtchnd        -s      gen_context(system_u:object_r:evtchnd_var_run_t,s0)
- /var/run/xenconsoled\.pid --	gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
- /var/run/xend(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
- /var/run/xend\.pid	--	gen_context(system_u:object_r:xend_var_run_t,s0)
-+/var/run/xenner(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
- /var/run/xenstore\.pid	--	gen_context(system_u:object_r:xenstored_var_run_t,s0)
- /var/run/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_run_t,s0)
- 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.7.1/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/xen.if	2009-11-17 11:06:58.000000000 -0500
-@@ -71,6 +71,8 @@
- 	')
- 
- 	files_list_var_lib($1)
-+
-+	list_dirs_pattern($1, xend_var_lib_t, xend_var_lib_t)
- 	read_files_pattern($1,{ xend_var_lib_t xen_image_t },xen_image_t)
- ')
- 
-@@ -167,11 +169,14 @@
- #
- interface(`xen_stream_connect',`
- 	gen_require(`
--		type xend_t, xend_var_run_t;
-+		type xend_t, xend_var_run_t,  xend_var_lib_t;
- 	')
- 
- 	files_search_pids($1)
- 	stream_connect_pattern($1, xend_var_run_t, xend_var_run_t, xend_t)
-+
-+	files_search_var_lib($1)
-+	stream_connect_pattern($1, xend_var_lib_t, xend_var_lib_t, xend_t)
- ')
- 
- ########################################
-@@ -191,3 +196,24 @@
- 
- 	domtrans_pattern($1, xm_exec_t, xm_t)
- ')
-+
-+########################################
-+## <summary>
-+##	Allow the specified domain to read/write
-+##	xend image files.
-+## </summary>
-+## <param name="domain">
-+## 	<summary>
-+##	Domain allowed to transition.
-+## 	</summary>
-+## </param>
-+#
-+interface(`xen_rw_image_files',`
-+	gen_require(`
-+		type xen_image_t, xend_var_lib_t;
-+	')
-+
-+	files_list_var_lib($1)
-+	allow $1 xend_var_lib_t:dir search_dir_perms;
-+	rw_files_pattern($1, xen_image_t, xen_image_t)
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.7.1/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.1/policy/modules/system/xen.te	2009-11-17 11:06:58.000000000 -0500
-@@ -6,6 +6,13 @@
- # Declarations
- #
- 
-+## <desc>
-+## <p>
-+## Allow xen to manage nfs files
-+## </p>
-+## </desc>
-+gen_tunable(xen_use_nfs, false)
-+
- # console ptys
- type xen_devpts_t;
- term_pty(xen_devpts_t)
-@@ -42,25 +49,31 @@
- # pid files
- type xend_var_run_t;
- files_pid_file(xend_var_run_t)
-+files_mountpoint(xend_var_run_t)
- 
- type xenstored_t;
- type xenstored_exec_t;
--domain_type(xenstored_t)
--domain_entry_file(xenstored_t, xenstored_exec_t)
--role system_r types xenstored_t;
-+init_daemon_domain(xenstored_t, xenstored_exec_t)
-+
-+# tmp files
-+type xenstored_tmp_t;
-+files_tmp_file(xenstored_tmp_t)
- 
- # var/lib files
- type xenstored_var_lib_t;
- files_type(xenstored_var_lib_t)
- 
-+# log files
-+type xenstored_var_log_t;
-+logging_log_file(xenstored_var_log_t)
-+
- # pid files
- type xenstored_var_run_t;
- files_pid_file(xenstored_var_run_t)
- 
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.7.3/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/modules/system/xen.te	2009-11-25 12:39:13.000000000 -0500
+@@ -85,6 +85,7 @@
  type xenconsoled_t;
  type xenconsoled_exec_t;
--domain_type(xenconsoled_t)
--domain_entry_file(xenconsoled_t, xenconsoled_exec_t)
-+init_daemon_domain(xenconsoled_t, xenconsoled_exec_t)
- role system_r types xenconsoled_t;
+ init_daemon_domain(xenconsoled_t, xenconsoled_exec_t)
++role system_r types xenconsoled_t;
  
  # pid files
-@@ -72,6 +85,18 @@
- domain_type(xm_t)
- init_system_domain(xm_t, xm_exec_t)
- 
-+type evtchnd_t;
-+type evtchnd_exec_t;
-+init_daemon_domain(evtchnd_t, evtchnd_exec_t)
-+
-+# log files
-+type evtchnd_var_log_t;
-+logging_log_file(evtchnd_var_log_t)
-+
-+# pid files
-+type evtchnd_var_run_t;
-+files_pid_file(evtchnd_var_run_t)
-+
- ########################################
- #
- # xend local policy
-@@ -95,7 +120,7 @@
- read_lnk_files_pattern(xend_t, xen_image_t, xen_image_t)
- rw_blk_files_pattern(xend_t, xen_image_t, xen_image_t)
- 
--allow xend_t xenctl_t:fifo_file manage_file_perms;
-+allow xend_t xenctl_t:fifo_file manage_fifo_file_perms;
- dev_filetrans(xend_t, xenctl_t, fifo_file)
- 
- manage_files_pattern(xend_t, xend_tmp_t, xend_tmp_t)
-@@ -103,14 +128,14 @@
- files_tmp_filetrans(xend_t, xend_tmp_t, { file dir })
- 
- # pid file
--allow xend_t xend_var_run_t:dir setattr;
-+manage_dirs_pattern(xend_t, xend_var_run_t, xend_var_run_t)
- manage_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
- manage_sock_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
- manage_fifo_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
--files_pid_filetrans(xend_t, xend_var_run_t, { file sock_file fifo_file })
-+files_pid_filetrans(xend_t, xend_var_run_t, { file sock_file fifo_file dir })
- 
- # log files
--allow xend_t xend_var_log_t:dir setattr;
-+manage_dirs_pattern(xend_t, xend_var_log_t, xend_var_log_t)
- manage_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
- manage_sock_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
- logging_log_filetrans(xend_t, xend_var_log_t,{ sock_file file dir })
-@@ -122,12 +147,13 @@
- manage_fifo_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
- files_var_lib_filetrans(xend_t, xend_var_lib_t,{ file dir })
- 
-+init_stream_connect_script(xend_t)
-+
- # transition to store
- domtrans_pattern(xend_t, xenstored_exec_t, xenstored_t)
- 
- # transition to console
--domain_auto_trans(xend_t, xenconsoled_exec_t, xenconsoled_t)
--allow xenconsoled_t xend_t:fd use;
-+domtrans_pattern(xend_t, xenconsoled_exec_t, xenconsoled_t)
- 
- kernel_read_kernel_sysctls(xend_t)
- kernel_read_system_state(xend_t)
-@@ -173,6 +199,7 @@
+ type xenconsoled_var_run_t;
+@@ -209,6 +210,7 @@
  files_manage_etc_runtime_files(xend_t)
  files_etc_filetrans_etc_runtime(xend_t, file)
  files_read_usr_files(xend_t)
@@ -34151,208 +32631,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  storage_raw_read_fixed_disk(xend_t)
  storage_raw_write_fixed_disk(xend_t)
-@@ -208,6 +235,10 @@
- netutils_domtrans(xend_t)
- 
- optional_policy(`
-+	brctl_domtrans(xend_t)
-+')
-+
-+optional_policy(`
- 	consoletype_exec(xend_t)
- ')
- 
-@@ -239,6 +270,10 @@
- 
- files_read_usr_files(xenconsoled_t)
- 
-+fs_list_tmpfs(xenconsoled_t)
-+fs_manage_xenfs_dirs(xenconsoled_t)
-+fs_manage_xenfs_files(xenconsoled_t)
-+
- term_create_pty(xenconsoled_t, xen_devpts_t)
- term_use_generic_ptys(xenconsoled_t)
- term_use_console(xenconsoled_t)
-@@ -248,7 +283,7 @@
- 
- miscfiles_read_localization(xenconsoled_t)
+@@ -438,6 +440,8 @@
+ 	fs_manage_xenfs_dirs(xm_ssh_t)
+ 	fs_manage_xenfs_files(xm_ssh_t)
  
--xen_append_log(xenconsoled_t)
-+xen_manage_log(xenconsoled_t)
- xen_stream_connect_xenstore(xenconsoled_t)
- 
- ########################################
-@@ -256,21 +291,33 @@
- # Xen store local policy
- #
- 
--allow xenstored_t self:capability { dac_override mknod ipc_lock };
-+allow xenstored_t self:capability { dac_override mknod ipc_lock sys_resource };
- allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
- allow xenstored_t self:unix_dgram_socket create_socket_perms;
- 
-+manage_files_pattern(xenstored_t, xenstored_tmp_t, xenstored_tmp_t)
-+manage_dirs_pattern(xenstored_t, xenstored_tmp_t, xenstored_tmp_t)
-+files_tmp_filetrans(xenstored_t, xenstored_tmp_t, { file dir })
-+
- # pid file
- manage_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
- manage_sock_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
- files_pid_filetrans(xenstored_t, xenstored_var_run_t, { file sock_file })
- 
-+# log files
-+manage_dirs_pattern(xenstored_t, xenstored_var_log_t, xenstored_var_log_t)
-+manage_files_pattern(xenstored_t, xenstored_var_log_t, xenstored_var_log_t)
-+manage_sock_files_pattern(xenstored_t, xenstored_var_log_t, xenstored_var_log_t)
-+logging_log_filetrans(xenstored_t, xenstored_var_log_t, { sock_file file dir })
-+
- # var/lib files for xenstored
- manage_dirs_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
- manage_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
- manage_sock_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
- files_var_lib_filetrans(xenstored_t, xenstored_var_lib_t,{ file dir sock_file })
- 
-+stream_connect_pattern(xenstored_t, evtchnd_var_run_t, evtchnd_var_run_t, evtchnd_t)
++userdom_search_admin_dir(xm_ssh_t)
 +
- kernel_write_xen_state(xenstored_t)
- kernel_read_xen_state(xenstored_t)
- 
-@@ -304,6 +351,7 @@
+ 	#Should have a boolean wrapping these
+ 	fs_list_auto_mountpoints(xend_t)
+ 	files_search_mnt(xend_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.3/policy/support/obj_perm_sets.spt
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt	2009-11-25 11:47:19.000000000 -0500
++++ serefpolicy-3.7.3/policy/support/obj_perm_sets.spt	2009-11-25 12:39:13.000000000 -0500
+@@ -317,3 +317,15 @@
+ # Keys
  #
- 
- allow xm_t self:capability { dac_override ipc_lock sys_tty_config };
-+allow xm_t self:process { getsched signal };
- 
- # internal communication is often done using fifo and unix sockets.
- allow xm_t self:fifo_file rw_fifo_file_perms;
-@@ -312,24 +360,28 @@
- 
- manage_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
- manage_fifo_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
-+manage_sock_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
- files_search_var_lib(xm_t)
- 
- allow xm_t xen_image_t:dir rw_dir_perms;
- allow xm_t xen_image_t:file read_file_perms;
- allow xm_t xen_image_t:blk_file read_blk_file_perms;
- 
--kernel_read_system_state(xm_t)
- kernel_read_kernel_sysctls(xm_t)
-+kernel_read_sysctl(xm_t)
-+kernel_read_system_state(xm_t)
- kernel_read_xen_state(xm_t)
- kernel_write_xen_state(xm_t)
- 
- corecmd_exec_bin(xm_t)
-+corecmd_exec_shell(xm_t)
- 
- corenet_tcp_sendrecv_generic_if(xm_t)
- corenet_tcp_sendrecv_generic_node(xm_t)
- corenet_tcp_connect_soundd_port(xm_t)
- 
- dev_read_urand(xm_t)
-+dev_read_sysfs(xm_t)
- 
- files_read_etc_runtime_files(xm_t)
- files_read_usr_files(xm_t)
-@@ -339,15 +391,70 @@
- 
- storage_raw_read_fixed_disk(xm_t)
- 
-+fs_getattr_all_fs(xm_t)
-+fs_manage_xenfs_dirs(xm_t)
-+fs_manage_xenfs_files(xm_t)
-+
- term_use_all_terms(xm_t)
- 
-+init_stream_connect_script(xm_t)
- init_rw_script_stream_sockets(xm_t)
- init_use_fds(xm_t)
- 
- miscfiles_read_localization(xm_t)
- 
--sysnet_read_config(xm_t)
-+sysnet_dns_name_resolve(xm_t)
- 
- xen_append_log(xm_t)
- xen_stream_connect(xm_t)
- xen_stream_connect_xenstore(xm_t)
-+
-+optional_policy(`
-+	virt_manage_images(xm_t)
-+	virt_stream_connect(xm_t)
-+')
+ define(`manage_key_perms', `{ create link read search setattr view write } ')
 +
-+########################################
-+#
-+# SSH component local policy
 +#
-+ssh_basic_client_template(xm,xm_t,system_r)
-+kernel_read_xen_state(xm_ssh_t)
-+kernel_write_xen_state(xm_ssh_t)
-+
-+fs_manage_xenfs_dirs(xm_ssh_t)
-+fs_manage_xenfs_files(xm_ssh_t)
-+
-+userdom_search_admin_dir(xm_ssh_t)
-+
-+#Should have a boolean wrapping these
-+fs_list_auto_mountpoints(xend_t)
-+files_search_mnt(xend_t)
-+fs_getattr_all_fs(xend_t)
-+fs_read_dos_files(xend_t)
-+fs_manage_xenfs_dirs(xend_t)
-+fs_manage_xenfs_files(xend_t)
-+
-+tunable_policy(`xen_use_nfs',`
-+	fs_manage_nfs_files(xend_t)
-+	fs_read_nfs_symlinks(xend_t)
-+')
-+
-+optional_policy(`
-+	unconfined_domain(xend_t)
-+')
-+
-+#######################################
++# All 
 +#
-+# evtchnd local policy
-+#
-+
-+manage_dirs_pattern(evtchnd_t, evtchnd_var_log_t, evtchnd_var_log_t)
-+manage_files_pattern(evtchnd_t,evtchnd_var_log_t,evtchnd_var_log_t)
-+logging_log_filetrans(evtchnd_t,evtchnd_var_log_t,{ file dir })
-+
-+manage_dirs_pattern(evtchnd_t, evtchnd_var_run_t, evtchnd_var_run_t)
-+manage_files_pattern(evtchnd_t,evtchnd_var_run_t,evtchnd_var_run_t)
-+manage_sock_files_pattern(evtchnd_t,evtchnd_var_run_t,evtchnd_var_run_t)
-+files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir })
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.1/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.1/policy/support/obj_perm_sets.spt	2009-11-17 11:06:58.000000000 -0500
-@@ -201,7 +201,7 @@
- define(`setattr_file_perms',`{ setattr }')
- define(`read_file_perms',`{ getattr open read lock ioctl }')
- define(`mmap_file_perms',`{ getattr open read execute ioctl }')
--define(`exec_file_perms',`{ getattr open read execute execute_no_trans }')
-+define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
- define(`append_file_perms',`{ getattr open append lock ioctl }')
- define(`write_file_perms',`{ getattr open write append lock ioctl }')
- define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
-@@ -225,7 +225,7 @@
- define(`create_lnk_file_perms',`{ create getattr }')
- define(`rename_lnk_file_perms',`{ getattr rename }')
- define(`delete_lnk_file_perms',`{ getattr unlink }')
--define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
-+define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
- define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
- define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
- define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
-@@ -312,3 +312,13 @@
- #
- define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
- define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
-+
 +define(`all_capabilities', `{ chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap }
 +')
 +
@@ -34361,10 +32659,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
 +define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
 +
-+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.7.1/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.7.3/policy/users
 --- nsaserefpolicy/policy/users	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.1/policy/users	2009-11-17 11:06:58.000000000 -0500
++++ serefpolicy-3.7.3/policy/users	2009-11-25 12:39:13.000000000 -0500
 @@ -25,11 +25,8 @@
  # permit any access to such users, then remove this entry.
  #
@@ -34389,9 +32686,3 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 -')
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/VERSION serefpolicy-3.7.1/VERSION
---- nsaserefpolicy/VERSION	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.1/VERSION	2009-11-17 11:06:58.000000000 -0500
-@@ -1 +1 @@
--2.20091117
-+2.20090730
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e844528..27c7f2a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.7.2
+Version: 3.7.3
 Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
@@ -449,8 +449,9 @@ exit 0
 %endif
 
 %changelog
-* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 3.7.2-1
+* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 3.7.3-1
 - Add asterisk policy back in
+- Update to upstream release 2.20091117
 
 * Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 3.7.1-1
 - Update to upstream release 2.20091117
diff --git a/sources b/sources
index 881f21d..ddfc333 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 3651679c4b12a31d2ba5f4305bba5540  config.tgz
-7caf1e23a7c13a97f49d83c82b042c27  serefpolicy-3.7.2.tgz
+ae593cb93bcd26546be99064d16b372a  serefpolicy-3.7.3.tgz