diff --git a/policy/modules/services/lpd.fc b/policy/modules/services/lpd.fc
index a6704a2..5c9eb68 100644
--- a/policy/modules/services/lpd.fc
+++ b/policy/modules/services/lpd.fc
@@ -3,6 +3,8 @@
 #
 /dev/printer		-s	gen_context(system_u:object_r:printer_t,s0)
 
+/opt/gutenprint/s?bin(/.*)?	gen_context(system_u:object_r:lpr_exec_t,s0)
+
 #
 # /usr
 #
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index a37c4fe..eec9208 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
 
-policy_module(lpd, 1.10.2)
+policy_module(lpd, 1.10.3)
 
 ########################################
 #
@@ -233,7 +233,6 @@ allow lpr_t self:capability { setuid dac_override net_bind_service chown };
 allow lpr_t self:unix_stream_socket create_stream_socket_perms;
 allow lpr_t self:tcp_socket create_socket_perms;
 allow lpr_t self:udp_socket create_socket_perms;
-allow lpr_t self:netlink_route_socket r_netlink_socket_perms;
 
 can_exec(lpr_t, lpr_exec_t)
 
@@ -273,9 +272,9 @@ fs_getattr_xattr_fs(lpr_t)
 term_use_controlling_term(lpr_t)
 term_use_generic_ptys(lpr_t)
 
-miscfiles_read_localization(lpr_t)
+auth_use_nsswitch(lpr_t)
 
-sysnet_read_config(lpr_t)
+miscfiles_read_localization(lpr_t)
 
 userdom_read_user_tmp_symlinks(lpr_t)
 # Write to the user domain tty.
@@ -338,11 +337,3 @@ optional_policy(`
 optional_policy(`
 	logging_send_syslog_msg(lpr_t)
 ')
-
-optional_policy(`
-	nscd_socket_use(lpr_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(lpr_t)
-')
diff --git a/policy/modules/services/snmp.fc b/policy/modules/services/snmp.fc
index fbe30aa..2bc5cb9 100644
--- a/policy/modules/services/snmp.fc
+++ b/policy/modules/services/snmp.fc
@@ -1,3 +1,6 @@
+/etc/rc\.d/init\.d/snmpd --	gen_context(system_u:object_r:snmpd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/snmptrapd --	gen_context(system_u:object_r:snmpd_initrc_exec_t,s0)
+
 #
 # /usr
 #
@@ -8,6 +11,8 @@
 #
 # /var
 #
+/var/agentx(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+
 /var/lib/net-snmp(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
 /var/lib/snmp(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
 
diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if
index 58eb4ee..42f5ca6 100644
--- a/policy/modules/services/snmp.if
+++ b/policy/modules/services/snmp.if
@@ -95,23 +95,34 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the snmp domain.
+##	</summary>
+## </param>
 ## <rolecap/>
 #
 interface(`snmp_admin',`
 	gen_require(`
 		type snmpd_t, snmpd_log_t;
 		type snmpd_var_lib_t, snmpd_var_run_t;
+		type snmpd_initrc_exec_t;
 	')
 
 	allow $1 snmpd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, snmpd_t)
 
+	init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 snmpd_initrc_exec_t system_r;
+	allow $2 system_r;
+
 	logging_list_logs($1)
-	manage_files_pattern($1, snmpd_log_t, snmpd_log_t)
+	admin_pattern($1, snmpd_log_t)
 
 	files_list_var_lib($1)
-	manage_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
+	admin_pattern($1, snmpd_var_lib_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, snmpd_var_run_t, snmpd_var_run_t)
+	admin_pattern($1, snmpd_var_run_t)
 ')
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index 242e92f..23c8fad 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -1,5 +1,5 @@
 
-policy_module(snmp, 1.8.1)
+policy_module(snmp, 1.8.2)
 
 ########################################
 #
@@ -9,6 +9,9 @@ type snmpd_t;
 type snmpd_exec_t;
 init_daemon_domain(snmpd_t, snmpd_exec_t)
 
+type snmpd_initrc_exec_t;
+init_script_file(snmpd_initrc_exec_t)
+
 type snmpd_log_t;
 logging_log_file(snmpd_log_t)
 
@@ -22,8 +25,9 @@ files_type(snmpd_var_lib_t)
 #
 # Local policy
 #
-allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config };
+allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
 dontaudit snmpd_t self:capability { sys_module sys_tty_config };
+allow snmpd_t self:process { getsched setsched };
 allow snmpd_t self:fifo_file rw_fifo_file_perms;
 allow snmpd_t self:unix_dgram_socket create_socket_perms;
 allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
@@ -45,6 +49,7 @@ files_pid_filetrans(snmpd_t, snmpd_var_run_t, file)
 
 kernel_read_device_sysctls(snmpd_t)
 kernel_read_kernel_sysctls(snmpd_t)
+kernel_read_fs_sysctls(snmpd_t)
 kernel_read_net_sysctls(snmpd_t)
 kernel_read_proc_symlinks(snmpd_t)
 kernel_read_system_state(snmpd_t)
@@ -76,13 +81,13 @@ dev_getattr_usbfs_dirs(snmpd_t)
 domain_use_interactive_fds(snmpd_t)
 domain_signull_all_domains(snmpd_t)
 domain_read_all_domains_state(snmpd_t)
+domain_dontaudit_ptrace_all_domains(snmpd_t)
+domain_exec_all_entry_files(snmpd_t)
 
 files_read_etc_files(snmpd_t)
 files_read_usr_files(snmpd_t)
 files_read_etc_runtime_files(snmpd_t)
 files_search_home(snmpd_t)
-files_getattr_boot_dirs(snmpd_t)
-files_dontaudit_getattr_home_dir(snmpd_t)
 
 fs_getattr_all_dirs(snmpd_t)
 fs_getattr_all_fs(snmpd_t)
@@ -91,6 +96,9 @@ fs_search_auto_mountpoints(snmpd_t)
 storage_dontaudit_read_fixed_disk(snmpd_t)
 storage_dontaudit_read_removable_device(snmpd_t)
 
+auth_use_nsswitch(snmpd_t)
+auth_read_all_dirs_except_shadow(snmpd_t)
+
 init_read_utmp(snmpd_t)
 init_dontaudit_write_utmp(snmpd_t)
 
@@ -117,7 +125,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	auth_use_nsswitch(snmpd_t)
+	consoletype_exec(snmpd_t)
 ')
 
 optional_policy(`
@@ -148,3 +156,15 @@ optional_policy(`
 optional_policy(`
 	udev_read_db(snmpd_t)
 ')
+
+optional_policy(`
+	virt_stream_connect(snmpd_t)
+')
+
+optional_policy(`
+	kernel_read_xen_state(snmpd_t)
+	kernel_write_xen_state(snmpd_t)
+
+	xen_stream_connect(snmpd_t)
+	xen_stream_connect_xenstore(snmpd_t)
+')
diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc
index b30e11b..b6f5f5a 100644
--- a/policy/modules/services/virt.fc
+++ b/policy/modules/services/virt.fc
@@ -2,6 +2,7 @@
 /etc/libvirt/[^/]*	--	gen_context(system_u:object_r:virt_etc_t,s0)
 /etc/libvirt/[^/]*	-d	gen_context(system_u:object_r:virt_etc_rw_t,s0)
 /etc/libvirt/.*/.*		gen_context(system_u:object_r:virt_etc_rw_t,s0)
+/etc/rc\.d/init\.d/libvirtd --	gen_context(system_u:object_r:virtd_initrc_exec_t,s0)
 
 /usr/sbin/libvirtd	--	gen_context(system_u:object_r:virtd_exec_t,s0)
 
diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
index d4542a8..3ed1431 100644
--- a/policy/modules/services/virt.if
+++ b/policy/modules/services/virt.if
@@ -2,6 +2,28 @@
 
 ########################################
 ## <summary>
+##	Make the specified type usable as a virt image
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a virtual image
+##	</summary>
+## </param>
+#
+interface(`virt_image',`
+	gen_require(`
+		attribute virt_image_type;
+	')
+
+	typeattribute $1 virt_image_type;
+	files_type($1)
+
+	# virt images can be assigned to blk devices
+	dev_node($1)
+')
+
+########################################
+## <summary>
 ##	Execute a domain transition to run virt.
 ## </summary>
 ## <param name="domain">
@@ -18,6 +40,25 @@ interface(`virt_domtrans',`
 	domtrans_pattern($1, virtd_exec_t, virtd_t)
 ')
 
+#######################################
+## <summary>
+##	Connect to virt over an unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`virt_stream_connect',`
+	gen_require(`
+		type virtd_t, virt_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, virt_var_run_t, virt_var_run_t, virtd_t)
+')
+
 ########################################
 ## <summary>
 ##	Read virt config files.
@@ -41,6 +82,27 @@ interface(`virt_read_config',`
 
 ########################################
 ## <summary>
+##	manage virt config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`virt_manage_config',`
+	gen_require(`
+		type virt_etc_t;
+		type virt_etc_rw_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, virt_etc_t, virt_etc_t)
+	manage_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
+')
+
+########################################
+## <summary>
 ##	Read virt PID files.
 ## </summary>
 ## <param name="domain">
@@ -214,6 +276,7 @@ interface(`virt_manage_images',`
 	manage_dirs_pattern($1, virt_image_t, virt_image_t)
 	manage_files_pattern($1, virt_image_t, virt_image_t)
 	read_lnk_files_pattern($1, virt_image_t, virt_image_t)
+	rw_blk_files_pattern($1, virt_image_t, virt_image_t)
 
 	tunable_policy(`virt_use_nfs',`
 		fs_manage_nfs_dirs($1)
@@ -242,12 +305,17 @@ interface(`virt_manage_images',`
 #
 interface(`virt_admin',`
 	gen_require(`
-		type virtd_t;
+		type virtd_t, virtd_initrc_exec_t;
 	')
 
 	allow $1 virtd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, virtd_t)
 
+	init_labeled_script_domtrans($1, virtd_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 virtd_initrc_exec_t system_r;
+	allow $2 system_r;
+
 	virt_manage_pid_files($1)
 
 	virt_manage_lib_files($1)
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index 6aff9bd..fa5d7a9 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -1,5 +1,5 @@
 
-policy_module(virt, 1.0.1)
+policy_module(virt, 1.0.2)
 
 ########################################
 #
@@ -20,6 +20,8 @@ gen_tunable(virt_use_nfs, false)
 ## </desc>
 gen_tunable(virt_use_samba, false)
 
+attribute virt_image_type;
+
 type virt_etc_t;
 files_config_file(virt_etc_t)
 
@@ -27,10 +29,8 @@ type virt_etc_rw_t;
 files_type(virt_etc_rw_t)
 
 # virt Image files
-type virt_image_t; # customizable
-files_type(virt_image_t)
-# virt_image_t can be assigned to blk devices
-dev_node(virt_image_t)
+type virt_image_t, virt_image_type; # customizable
+virt_image(virt_image_t)
 
 type virt_log_t;
 logging_log_file(virt_log_t)
@@ -45,13 +45,16 @@ type virtd_t;
 type virtd_exec_t;
 init_daemon_domain(virtd_t, virtd_exec_t)
 
+type virtd_initrc_exec_t;
+init_script_file(virtd_initrc_exec_t)
+
 ########################################
 #
 # virtd local policy
 #
 
 allow virtd_t self:capability { dac_override kill net_admin setgid sys_nice sys_ptrace };
-allow virtd_t self:process { sigkill signal execmem };
+allow virtd_t self:process { getsched sigkill signal execmem };
 allow virtd_t self:fifo_file rw_file_perms;
 allow virtd_t self:unix_stream_socket create_stream_socket_perms;
 allow virtd_t self:tcp_socket create_stream_socket_perms;
@@ -64,7 +67,7 @@ manage_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
 manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
 filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
 
-manage_files_pattern(virtd_t, virt_image_t, virt_image_t)
+manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
 
 manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
 manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
@@ -109,6 +112,7 @@ files_read_usr_files(virtd_t)
 files_read_etc_files(virtd_t)
 files_read_etc_runtime_files(virtd_t)
 files_search_all(virtd_t)
+files_list_kernel_modules(virtd_t)
 
 fs_list_auto_mountpoints(virtd_t)
 
@@ -159,11 +163,11 @@ optional_policy(`
 	')
 ')
 
-#optional_policy(`
-#	dnsmasq_domtrans(virtd_t)
-#	dnsmasq_signal(virtd_t)
-#	dnsmasq_sigkill(virtd_t)
-#')
+optional_policy(`
+	dnsmasq_domtrans(virtd_t)
+	dnsmasq_signal(virtd_t)
+	dnsmasq_kill(virtd_t)
+')
 
 optional_policy(`
 	iptables_domtrans(virtd_t)
@@ -192,3 +196,7 @@ optional_policy(`
 	xen_stream_connect(virtd_t)
 	xen_stream_connect_xenstore(virtd_t)
 ')
+
+optional_policy(`
+	unconfined_domain(virtd_t)
+')