diff --git a/policy-20090105.patch b/policy-20090105.patch
index 91e057f..f9f32c5 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -1,6 +1,6 @@
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.12/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mcs/default_contexts	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/default_contexts	2009-05-12 15:30:13.000000000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -24,13 +24,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.6.12/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.12/config/appconfig-mcs/failsafe_context	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/failsafe_context	2009-05-12 15:30:13.000000000 -0400
 @@ -1 +1 @@
 -sysadm_r:sysadm_t:s0
 +system_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.6.12/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mcs/root_default_contexts	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/root_default_contexts	2009-05-12 15:30:13.000000000 -0400
 @@ -1,11 +1,7 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -47,7 +47,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.12/config/appconfig-mcs/seusers
 --- nsaserefpolicy/config/appconfig-mcs/seusers	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.12/config/appconfig-mcs/seusers	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/seusers	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,3 @@
  system_u:system_u:s0-mcs_systemhigh
 -root:root:s0-mcs_systemhigh
@@ -56,7 +56,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +__default__:unconfined_u:s0-mcs_systemhigh
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.12/config/appconfig-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mcs/staff_u_default_contexts	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/staff_u_default_contexts	2009-05-12 15:30:13.000000000 -0400
 @@ -1,10 +1,12 @@
  system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
  system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -73,7 +73,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.6.12/config/appconfig-mcs/unconfined_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mcs/unconfined_u_default_contexts	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/unconfined_u_default_contexts	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,4 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0
@@ -89,13 +89,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.6.12/config/appconfig-mcs/userhelper_context
 --- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.12/config/appconfig-mcs/userhelper_context	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/userhelper_context	2009-05-12 15:30:13.000000000 -0400
 @@ -1 +1 @@
 -system_u:sysadm_r:sysadm_t:s0
 +system_u:system_r:unconfined_t:s0	
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.6.12/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mcs/user_u_default_contexts	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/user_u_default_contexts	2009-05-12 15:30:13.000000000 -0400
 @@ -1,8 +1,9 @@
  system_r:local_login_t:s0	user_r:user_t:s0
  system_r:remote_login_t:s0	user_r:user_t:s0
@@ -110,18 +110,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +user_r:user_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.12/config/appconfig-mcs/virtual_domain_context
 --- nsaserefpolicy/config/appconfig-mcs/virtual_domain_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mcs/virtual_domain_context	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/virtual_domain_context	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1 @@
 +system_u:system_r:svirt_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.12/config/appconfig-mcs/virtual_image_context
 --- nsaserefpolicy/config/appconfig-mcs/virtual_image_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mcs/virtual_image_context	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mcs/virtual_image_context	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,2 @@
 +system_u:object_r:svirt_image_t:s0
 +system_u:object_r:virt_content_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.6.12/config/appconfig-mls/default_contexts
 --- nsaserefpolicy/config/appconfig-mls/default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mls/default_contexts	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mls/default_contexts	2009-05-12 15:30:13.000000000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -145,7 +145,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.6.12/config/appconfig-mls/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/root_default_contexts	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mls/root_default_contexts	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mls/root_default_contexts	2009-05-12 15:30:13.000000000 -0400
 @@ -1,11 +1,11 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
 -system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -166,7 +166,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +#system_r:sshd_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/securetty_types serefpolicy-3.6.12/config/appconfig-mls/securetty_types
 --- nsaserefpolicy/config/appconfig-mls/securetty_types	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.12/config/appconfig-mls/securetty_types	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mls/securetty_types	2009-05-12 15:30:13.000000000 -0400
 @@ -1,6 +1 @@
 -auditadm_tty_device_t
 -secadm_tty_device_t
@@ -176,18 +176,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  user_tty_device_t
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.12/config/appconfig-mls/virtual_domain_context
 --- nsaserefpolicy/config/appconfig-mls/virtual_domain_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mls/virtual_domain_context	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mls/virtual_domain_context	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1 @@
 +system_u:system_r:qemu_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.12/config/appconfig-mls/virtual_image_context
 --- nsaserefpolicy/config/appconfig-mls/virtual_image_context	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/config/appconfig-mls/virtual_image_context	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/config/appconfig-mls/virtual_image_context	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,2 @@
 +system_u:object_r:virt_image_t:s0
 +system_u:object_r:virt_content_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.12/Makefile
 --- nsaserefpolicy/Makefile	2009-01-19 11:07:35.000000000 -0500
-+++ serefpolicy-3.6.12/Makefile	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/Makefile	2009-05-12 15:30:13.000000000 -0400
 @@ -241,7 +241,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -252,7 +252,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
  	$(verbose) $(INSTALL) -m 644 $< $@
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.6.12/man/man8/httpd_selinux.8
 --- nsaserefpolicy/man/man8/httpd_selinux.8	2009-03-05 09:22:34.000000000 -0500
-+++ serefpolicy-3.6.12/man/man8/httpd_selinux.8	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/man/man8/httpd_selinux.8	2009-05-12 15:30:13.000000000 -0400
 @@ -22,7 +22,7 @@
  .EX
  httpd_sys_content_t 
@@ -324,7 +324,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-3.6.12/man/man8/kerberos_selinux.8
 --- nsaserefpolicy/man/man8/kerberos_selinux.8	2009-03-05 09:22:34.000000000 -0500
-+++ serefpolicy-3.6.12/man/man8/kerberos_selinux.8	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/man/man8/kerberos_selinux.8	2009-05-12 15:30:13.000000000 -0400
 @@ -12,7 +12,7 @@
  .SH "DESCRIPTION"
  
@@ -336,7 +336,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
  You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-3.6.12/man/man8/nfs_selinux.8
 --- nsaserefpolicy/man/man8/nfs_selinux.8	2009-03-05 09:22:34.000000000 -0500
-+++ serefpolicy-3.6.12/man/man8/nfs_selinux.8	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/man/man8/nfs_selinux.8	2009-05-12 15:30:13.000000000 -0400
 @@ -6,7 +6,7 @@
  Security Enhanced Linux secures the NFS server via flexible mandatory access
  control.  
@@ -348,7 +348,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
  setsebool -P nfs_export_all_ro 1
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ypbind_selinux.8 serefpolicy-3.6.12/man/man8/ypbind_selinux.8
 --- nsaserefpolicy/man/man8/ypbind_selinux.8	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.12/man/man8/ypbind_selinux.8	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/man/man8/ypbind_selinux.8	2009-05-12 15:30:13.000000000 -0400
 @@ -4,7 +4,7 @@
  .SH "DESCRIPTION"
  
@@ -360,7 +360,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
  You must set the allow_ypbind boolean to allow your system to work properly in a NIS environment.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.12/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/policy/global_tunables	2009-04-28 11:36:39.000000000 -0400
++++ serefpolicy-3.6.12/policy/global_tunables	2009-05-12 15:30:13.000000000 -0400
 @@ -61,15 +61,6 @@
  
  ## <desc>
@@ -398,7 +398,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.12/policy/mcs
 --- nsaserefpolicy/policy/mcs	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.12/policy/mcs	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/mcs	2009-05-12 15:30:13.000000000 -0400
 @@ -67,7 +67,7 @@
  # Note that getattr on files is always permitted.
  #
@@ -432,7 +432,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	(( h1 dom h2 ) or ( t1 == mcssetcats ));
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.6.12/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/anaconda.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/anaconda.te	2009-05-12 15:30:13.000000000 -0400
 @@ -31,6 +31,7 @@
  modutils_domtrans_insmod(anaconda_t)
  
@@ -441,9 +441,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
  
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.6.12/policy/modules/admin/brctl.te
+--- nsaserefpolicy/policy/modules/admin/brctl.te	2008-11-11 16:13:49.000000000 -0500
++++ serefpolicy-3.6.12/policy/modules/admin/brctl.te	2009-05-12 16:37:57.000000000 -0400
+@@ -21,6 +21,8 @@
+ allow brctl_t self:unix_dgram_socket create_socket_perms;
+ allow brctl_t self:tcp_socket create_socket_perms;
+ 
++corenet_rw_tun_tap_dev(brctl_t)
++
+ kernel_load_module(brctl_t)
+ kernel_read_network_state(brctl_t)
+ kernel_read_sysctl(brctl_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.12/policy/modules/admin/certwatch.te
 --- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te	2009-05-12 15:30:13.000000000 -0400
 @@ -27,15 +27,20 @@
  
  fs_list_inotifyfs(certwatch_t)
@@ -467,7 +479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.fc serefpolicy-3.6.12/policy/modules/admin/dmesg.fc
 --- nsaserefpolicy/policy/modules/admin/dmesg.fc	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/dmesg.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/dmesg.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,2 +1,4 @@
  
  /bin/dmesg		--		gen_context(system_u:object_r:dmesg_exec_t,s0)
@@ -475,7 +487,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/mcelog	--		gen_context(system_u:object_r:dmesg_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.6.12/policy/modules/admin/dmesg.te
 --- nsaserefpolicy/policy/modules/admin/dmesg.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/dmesg.te	2009-05-07 14:53:23.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/dmesg.te	2009-05-12 15:30:13.000000000 -0400
 @@ -9,6 +9,7 @@
  type dmesg_t;
  type dmesg_exec_t;
@@ -512,7 +524,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.6.12/policy/modules/admin/kismet.if
 --- nsaserefpolicy/policy/modules/admin/kismet.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/kismet.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/kismet.if	2009-05-12 15:30:13.000000000 -0400
 @@ -16,6 +16,7 @@
  	')
  
@@ -523,7 +535,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.12/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/kismet.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/kismet.te	2009-05-12 15:30:13.000000000 -0400
 @@ -14,27 +14,36 @@
  type kismet_var_run_t;
  files_pid_file(kismet_var_run_t)
@@ -591,7 +603,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_read_user_tmpfs_files(kismet_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.12/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2009-04-07 15:53:36.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/logrotate.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/logrotate.te	2009-05-12 15:30:13.000000000 -0400
 @@ -116,8 +116,9 @@
  seutil_dontaudit_read_config(logrotate_t)
  
@@ -616,7 +628,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.6.12/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2009-03-20 12:39:40.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/logwatch.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/logwatch.te	2009-05-12 15:30:13.000000000 -0400
 @@ -62,10 +62,9 @@
  files_read_usr_files(logwatch_t)
  files_search_spool(logwatch_t)
@@ -646,7 +658,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.12/policy/modules/admin/mrtg.te
 --- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/mrtg.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/mrtg.te	2009-05-12 15:30:13.000000000 -0400
 @@ -116,6 +116,7 @@
  userdom_use_user_terminals(mrtg_t)
  userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -657,7 +669,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	corenet_udp_sendrecv_lo_if(mrtg_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.12/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/netutils.te	2009-05-04 11:25:11.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/netutils.te	2009-05-12 15:30:13.000000000 -0400
 @@ -50,7 +50,7 @@
  files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
  
@@ -680,7 +692,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.6.12/policy/modules/admin/prelink.fc
 --- nsaserefpolicy/policy/modules/admin/prelink.fc	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/prelink.fc	2009-04-27 08:28:48.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/prelink.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -5,3 +5,5 @@
  
  /var/log/prelink\.log		--	gen_context(system_u:object_r:prelink_log_t,s0)
@@ -689,7 +701,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/misc/prelink.*		--	gen_context(system_u:object_r:prelink_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.6.12/policy/modules/admin/prelink.if
 --- nsaserefpolicy/policy/modules/admin/prelink.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/prelink.if	2009-04-27 09:47:06.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/prelink.if	2009-05-12 15:30:13.000000000 -0400
 @@ -120,3 +120,23 @@
  	logging_search_logs($1)
  	manage_files_pattern($1, prelink_log_t, prelink_log_t)
@@ -716,7 +728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.12/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/prelink.te	2009-04-27 08:32:37.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/prelink.te	2009-05-12 15:30:13.000000000 -0400
 @@ -21,12 +21,15 @@
  type prelink_tmp_t;
  files_tmp_file(prelink_tmp_t)
@@ -788,7 +800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.fc serefpolicy-3.6.12/policy/modules/admin/readahead.fc
 --- nsaserefpolicy/policy/modules/admin/readahead.fc	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc	2009-04-24 15:26:39.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,5 @@
 -/etc/readahead.d(/.*)?		gen_context(system_u:object_r:readahead_etc_rw_t,s0)
 +/usr/sbin/readahead.*	--	gen_context(system_u:object_r:readahead_exec_t,s0)
@@ -799,7 +811,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/usr/sbin/readahead	--	gen_context(system_u:object_r:readahead_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.12/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.te	2009-05-08 11:49:07.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.te	2009-05-14 08:50:26.000000000 -0400
 @@ -11,8 +11,8 @@
  init_daemon_domain(readahead_t, readahead_exec_t)
  application_domain(readahead_t, readahead_exec_t)
@@ -833,7 +845,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_system_state(readahead_t)
  kernel_dontaudit_getattr_core_if(readahead_t)
  
-@@ -46,10 +48,12 @@
+@@ -46,10 +48,13 @@
  storage_raw_read_fixed_disk(readahead_t)
  
  domain_use_interactive_fds(readahead_t)
@@ -842,11 +854,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_dontaudit_getattr_all_sockets(readahead_t)
  files_list_non_security(readahead_t)
  files_read_non_security_files(readahead_t)
++files_dontaudit_read_security_files(readahead_t)
 +files_dontaudit_getattr_non_security_blk_files(readahead_t)
  
  fs_getattr_all_fs(readahead_t)
  fs_search_auto_mountpoints(readahead_t)
-@@ -58,6 +62,7 @@
+@@ -58,6 +63,7 @@
  fs_dontaudit_search_ramfs(readahead_t)
  fs_dontaudit_read_ramfs_pipes(readahead_t)
  fs_dontaudit_read_ramfs_files(readahead_t)
@@ -854,7 +867,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_read_tmpfs_symlinks(readahead_t)
  fs_list_inotifyfs(readahead_t)
  
-@@ -72,6 +77,7 @@
+@@ -72,6 +78,7 @@
  init_getattr_initctl(readahead_t)
  
  logging_send_syslog_msg(readahead_t)
@@ -864,7 +877,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(readahead_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.12/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -3,15 +3,12 @@
  /usr/bin/smart 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  
@@ -907,7 +920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`distro_suse', `
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.12/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.if	2009-04-23 23:59:46.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.if	2009-05-12 15:30:13.000000000 -0400
 @@ -66,6 +66,11 @@
  	rpm_domtrans($1)
  	role $2 types rpm_t;
@@ -1250,7 +1263,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.12/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.te	2009-05-07 14:59:51.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.te	2009-05-12 15:30:13.000000000 -0400
 @@ -9,6 +9,8 @@
  type rpm_t;
  type rpm_exec_t;
@@ -1486,7 +1499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		java_domtrans_unconfined(rpm_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.12/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/sudo.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/sudo.if	2009-05-14 10:29:24.000000000 -0400
 @@ -32,6 +32,7 @@
  
  	gen_require(`
@@ -1544,7 +1557,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	fs_getattr_xattr_fs($1_sudo_t)
  
 -	auth_domtrans_chk_passwd($1_sudo_t)
-+	auth_run_chk_passwd($1_sudo_t, $3)
++	auth_run_chk_passwd($1_sudo_t, $2)
  	# sudo stores a token in the pam_pid directory
  	auth_manage_pam_pid($1_sudo_t)
  	auth_use_nsswitch($1_sudo_t)
@@ -1624,7 +1637,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.6.12/policy/modules/admin/sudo.te
 --- nsaserefpolicy/policy/modules/admin/sudo.te	2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/sudo.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/sudo.te	2009-05-12 15:30:13.000000000 -0400
 @@ -4,6 +4,7 @@
  ########################################
  #
@@ -1635,7 +1648,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  application_executable_file(sudo_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.12/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/su.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/su.if	2009-05-12 15:30:13.000000000 -0400
 @@ -90,15 +90,6 @@
  
  	miscfiles_read_localization($1_su_t)
@@ -1670,7 +1683,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		domain_subj_id_change_exemption($1_su_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.12/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/tmpreaper.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/tmpreaper.te	2009-05-12 15:30:13.000000000 -0400
 @@ -22,12 +22,16 @@
  dev_read_urand(tmpreaper_t)
  
@@ -1717,7 +1730,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.12/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2009-03-20 12:39:40.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te	2009-05-12 15:30:13.000000000 -0400
 @@ -326,6 +326,7 @@
  # user generally runs this from their home directory, so do not audit a search
  # on user home dir
@@ -1741,7 +1754,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.6.12/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/vbetool.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/vbetool.te	2009-05-12 15:30:13.000000000 -0400
 @@ -23,6 +23,7 @@
  dev_rwx_zero(vbetool_t)
  dev_read_sysfs(vbetool_t)
@@ -1762,7 +1775,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ada.te serefpolicy-3.6.12/policy/modules/apps/ada.te
 --- nsaserefpolicy/policy/modules/apps/ada.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/ada.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/ada.te	2009-05-12 15:30:13.000000000 -0400
 @@ -21,5 +21,5 @@
  userdom_use_user_terminals(ada_t)
  
@@ -1772,7 +1785,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.6.12/policy/modules/apps/awstats.te
 --- nsaserefpolicy/policy/modules/apps/awstats.te	2009-02-16 08:44:12.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/awstats.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/awstats.te	2009-05-12 15:30:13.000000000 -0400
 @@ -51,6 +51,8 @@
  
  libs_read_lib_files(awstats_t)
@@ -1784,7 +1797,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  sysnet_dns_name_resolve(awstats_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.fc serefpolicy-3.6.12/policy/modules/apps/cdrecord.fc
 --- nsaserefpolicy/policy/modules/apps/cdrecord.fc	2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/cdrecord.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/cdrecord.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -2,4 +2,5 @@
  # /usr
  #
@@ -1793,18 +1806,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.fc serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.fc
 --- nsaserefpolicy/policy/modules/apps/cpufreqselector.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1 @@
 +/usr/bin/cpufreq-selector       --      gen_context(system_u:object_r:cpufreqselector_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.if serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.if
 --- nsaserefpolicy/policy/modules/apps/cpufreqselector.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,2 @@
 +## <summary>cpufreq-selector policy</summary>
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.te
 --- nsaserefpolicy/policy/modules/apps/cpufreqselector.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/cpufreqselector.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,44 @@
 +policy_module(cpufreqselector,1.0.0)
 +
@@ -1852,7 +1865,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive cpufreqselector_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.12/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gnome.fc	2009-04-30 07:42:25.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/gnome.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,8 +1,16 @@
 -HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:gnome_home_t,s0)
 +HOME_DIR/\.config(/.*)?		gen_context(system_u:object_r:gnome_home_t,s0)
@@ -1874,8 +1887,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/libexec/gnome-system-monitor-mechanism 	--      gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.6.12/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gnome.if	2009-04-23 09:44:57.000000000 -0400
-@@ -89,5 +89,173 @@
++++ serefpolicy-3.6.12/policy/modules/apps/gnome.if	2009-05-14 10:31:02.000000000 -0400
+@@ -89,5 +89,175 @@
  
  	allow $1 gnome_home_t:dir manage_dir_perms;
  	allow $1 gnome_home_t:file manage_file_perms;
@@ -1922,7 +1935,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		type gnome_home_t;
 +	')
 +
++	list_dirs_pattern($1, gnome_home_t, gnome_home_t)
 +	read_files_pattern($1, gnome_home_t, gnome_home_t)
++	read_lnk_files_pattern($1, gnome_home_t, gnome_home_t)
 +')
 +
 +########################################
@@ -2051,7 +2066,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.12/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gnome.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/gnome.te	2009-05-12 15:30:13.000000000 -0400
 @@ -9,16 +9,18 @@
  attribute gnomedomain;
  
@@ -2184,7 +2199,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.6.12/policy/modules/apps/gpg.fc
 --- nsaserefpolicy/policy/modules/apps/gpg.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gpg.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/gpg.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -5,5 +5,5 @@
  /usr/bin/kgpg		--	gen_context(system_u:object_r:gpg_exec_t,s0)
  /usr/bin/pinentry.*	--	gen_context(system_u:object_r:pinentry_exec_t,s0)
@@ -2195,7 +2210,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/gnupg/gpgkeys.* --	gen_context(system_u:object_r:gpg_helper_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.6.12/policy/modules/apps/gpg.if
 --- nsaserefpolicy/policy/modules/apps/gpg.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gpg.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/gpg.if	2009-05-12 15:30:13.000000000 -0400
 @@ -30,7 +30,7 @@
  
  	# allow ps to show gpg
@@ -2225,7 +2240,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.12/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gpg.te	2009-05-08 12:51:11.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/gpg.te	2009-05-12 15:30:13.000000000 -0400
 @@ -60,7 +60,7 @@
  
  allow gpg_t self:capability { ipc_lock setuid };
@@ -2332,7 +2347,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.6.12/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/java.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/java.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -2,15 +2,16 @@
  # /opt
  #
@@ -2369,7 +2384,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/opera(/.*)?/opera	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.12/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/java.if	2009-05-08 12:53:35.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/java.if	2009-05-12 15:30:13.000000000 -0400
 @@ -30,6 +30,7 @@
  
  	allow java_t $2:unix_stream_socket connectto;
@@ -2512,7 +2527,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.12/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/java.te	2009-05-08 12:53:24.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/java.te	2009-05-12 15:30:13.000000000 -0400
 @@ -20,6 +20,8 @@
  typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
  typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
@@ -2577,13 +2592,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.6.12/policy/modules/apps/livecd.fc
 --- nsaserefpolicy/policy/modules/apps/livecd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/livecd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/livecd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.6.12/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/livecd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/livecd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,50 @@
 +
 +## <summary>policy for livecd</summary>
@@ -2637,7 +2652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.6.12/policy/modules/apps/livecd.te
 --- nsaserefpolicy/policy/modules/apps/livecd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/livecd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/livecd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,26 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -2667,7 +2682,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +seutil_domtrans_setfiles_mac(livecd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.12/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/mono.if	2009-05-12 13:53:34.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/mono.if	2009-05-12 15:30:13.000000000 -0400
 @@ -21,6 +21,105 @@
  
  ########################################
@@ -2785,7 +2800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	corecmd_search_bin($1)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.6.12/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/mono.te	2009-05-12 13:53:03.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/mono.te	2009-05-12 15:30:13.000000000 -0400
 @@ -15,7 +15,7 @@
  # Local policy
  #
@@ -2811,7 +2826,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.6.12/policy/modules/apps/mozilla.fc
 --- nsaserefpolicy/policy/modules/apps/mozilla.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -17,7 +17,6 @@
  #
  # /etc
@@ -2828,7 +2843,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.12/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.if	2009-05-12 15:30:13.000000000 -0400
 @@ -82,8 +82,7 @@
  		type mozilla_home_t;
  	')
@@ -2841,7 +2856,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.12/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te	2009-05-12 15:30:13.000000000 -0400
 @@ -105,6 +105,7 @@
  # Should not need other ports
  corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
@@ -2880,7 +2895,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.6.12/policy/modules/apps/mplayer.fc
 --- nsaserefpolicy/policy/modules/apps/mplayer.fc	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/mplayer.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/mplayer.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,9 +1,4 @@
  #
 -# /etc
@@ -2893,7 +2908,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.6.12/policy/modules/apps/nsplugin.fc
 --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,12 @@
 +HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
 +HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -2909,8 +2924,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.12/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if	2009-04-23 09:44:57.000000000 -0400
-@@ -0,0 +1,274 @@
++++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if	2009-05-14 10:36:27.000000000 -0400
+@@ -0,0 +1,313 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@@ -3151,6 +3166,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +########################################
 +## <summary>
++##	Read nsplugin home files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`nsplugin_read_home',`
++	gen_require(`
++		type nsplugin_home_t;
++	')
++
++	list_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
++	read_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
++	read_lnk_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
++')
++
++########################################
++## <summary>
 +##	Exec nsplugin rw files.
 +## </summary>
 +## <param name="domain">
@@ -3185,9 +3220,28 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	manage_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
 +')
++
++########################################
++## <summary>
++##	Allow attempts to read and write to
++##	nsplugin named pipes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`nsplugin_rw_pipes',`
++	gen_require(`
++		type nsplugin_home_t;
++	')
++
++	allow $1 nsplugin_home_t:fifo_file rw_fifo_file_perms; 
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.6.12/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.te	2009-05-12 13:51:52.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,288 @@
 +
 +policy_module(nsplugin, 1.0.0)
@@ -3479,14 +3533,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.6.12/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/openoffice.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/openoffice.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,3 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.12/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/openoffice.if	2009-05-08 12:53:55.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/openoffice.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,93 @@
 +## <summary>Openoffice</summary>
 +
@@ -3583,7 +3637,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.12/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/openoffice.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/openoffice.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,14 @@
 +
 +policy_module(openoffice, 1.0.0)
@@ -3601,7 +3655,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.6.12/policy/modules/apps/podsleuth.fc
 --- nsaserefpolicy/policy/modules/apps/podsleuth.fc	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/podsleuth.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/podsleuth.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,2 +1,4 @@
  
  /usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
@@ -3609,7 +3663,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/podsleuth(/.*)?		gen_context(system_u:object_r:podsleuth_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.6.12/policy/modules/apps/podsleuth.if
 --- nsaserefpolicy/policy/modules/apps/podsleuth.if	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/podsleuth.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/podsleuth.if	2009-05-12 15:30:13.000000000 -0400
 @@ -16,4 +16,32 @@
  	')
  
@@ -3645,7 +3699,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.12/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/podsleuth.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/podsleuth.te	2009-05-12 15:30:13.000000000 -0400
 @@ -11,25 +11,80 @@
  application_domain(podsleuth_t, podsleuth_exec_t)
  role system_r types podsleuth_t;
@@ -3733,13 +3787,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.fc serefpolicy-3.6.12/policy/modules/apps/pulseaudio.fc
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/pulseaudio.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/pulseaudio.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/pulseaudio	--	gen_context(system_u:object_r:pulseaudio_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.12/policy/modules/apps/pulseaudio.if
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/pulseaudio.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/pulseaudio.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,148 @@
 +
 +## <summary>policy for pulseaudio</summary>
@@ -3891,7 +3945,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.12/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/pulseaudio.te	2009-05-08 12:51:50.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/pulseaudio.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,111 @@
 +policy_module(pulseaudio,1.0.0)
 +
@@ -4006,7 +4060,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.12/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,2 +1,2 @@
 -/usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 -/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
@@ -4014,7 +4068,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.12/policy/modules/apps/qemu.if
 --- nsaserefpolicy/policy/modules/apps/qemu.if	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.if	2009-05-12 15:30:13.000000000 -0400
 @@ -40,6 +40,93 @@
  
  	qemu_domtrans($1)
@@ -4323,7 +4377,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.12/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.te	2009-05-12 13:52:29.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.te	2009-05-12 15:30:13.000000000 -0400
 @@ -13,28 +13,96 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
@@ -4441,7 +4495,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.6.12/policy/modules/apps/sambagui.fc
 --- nsaserefpolicy/policy/modules/apps/sambagui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/sambagui.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/sambagui.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,4 @@
 +/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
 +
@@ -4449,13 +4503,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.6.12/policy/modules/apps/sambagui.if
 --- nsaserefpolicy/policy/modules/apps/sambagui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/sambagui.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/sambagui.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,2 @@
 +## <summary>system-config-samba policy</summary>
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.12/policy/modules/apps/sambagui.te
 --- nsaserefpolicy/policy/modules/apps/sambagui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/sambagui.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/sambagui.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,59 @@
 +policy_module(sambagui,1.0.0)
 +
@@ -4518,7 +4572,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive sambagui_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.6.12/policy/modules/apps/screen.fc
 --- nsaserefpolicy/policy/modules/apps/screen.fc	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/screen.fc	2009-05-07 10:29:37.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/screen.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -11,5 +11,5 @@
  #
  # /var
@@ -4528,7 +4582,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/screen(/.*)?			gen_context(system_u:object_r:screen_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.12/policy/modules/apps/screen.if
 --- nsaserefpolicy/policy/modules/apps/screen.if	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/screen.if	2009-05-04 11:30:29.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/screen.if	2009-05-12 15:30:13.000000000 -0400
 @@ -165,3 +165,24 @@
  		nscd_socket_use($1_screen_t)
  	')
@@ -4556,7 +4610,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.te serefpolicy-3.6.12/policy/modules/apps/screen.te
 --- nsaserefpolicy/policy/modules/apps/screen.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/screen.te	2009-05-07 10:30:00.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/screen.te	2009-05-12 15:30:13.000000000 -0400
 @@ -6,9 +6,6 @@
  # Declarations
  #
@@ -4578,7 +4632,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ubac_constrained(screen_var_run_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.te serefpolicy-3.6.12/policy/modules/apps/uml.te
 --- nsaserefpolicy/policy/modules/apps/uml.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/uml.te	2009-04-28 11:42:33.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/uml.te	2009-05-12 15:30:13.000000000 -0400
 @@ -16,14 +16,12 @@
  type uml_ro_t;
  typealias uml_ro_t alias { user_uml_ro_t staff_uml_ro_t sysadm_uml_ro_t };
@@ -4598,7 +4652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  typealias uml_tmp_t alias { user_uml_tmp_t staff_uml_tmp_t sysadm_uml_tmp_t };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.12/policy/modules/apps/vmware.te
 --- nsaserefpolicy/policy/modules/apps/vmware.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/vmware.te	2009-05-08 12:51:38.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.te	2009-05-12 15:30:13.000000000 -0400
 @@ -29,6 +29,10 @@
  type vmware_host_exec_t;
  init_daemon_domain(vmware_host_t, vmware_host_exec_t)
@@ -4689,7 +4743,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  storage_raw_read_removable_device(vmware_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.6.12/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/wine.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/wine.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,21 @@
 -/usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
 +/usr/bin/wine.*			--	gen_context(system_u:object_r:wine_exec_t,s0)
@@ -4717,7 +4771,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/opt/picasa/wine/bin/wine	--	gen_context(system_u:object_r:wine_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.6.12/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/wine.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/wine.if	2009-05-12 15:30:13.000000000 -0400
 @@ -43,3 +43,63 @@
  	wine_domtrans($1)
  	role $2 types wine_t;
@@ -4784,7 +4838,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.12/policy/modules/apps/wine.te
 --- nsaserefpolicy/policy/modules/apps/wine.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/wine.te	2009-05-08 12:51:26.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/wine.te	2009-05-12 15:30:13.000000000 -0400
 @@ -9,6 +9,7 @@
  type wine_t;
  type wine_exec_t;
@@ -4817,14 +4871,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.fc serefpolicy-3.6.12/policy/modules/apps/wm.fc
 --- nsaserefpolicy/policy/modules/apps/wm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/wm.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/wm.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,3 @@
 +/usr/bin/twm		--	gen_context(system_u:object_r:wm_exec_t,s0)
 +/usr/bin/openbox	--	gen_context(system_u:object_r:wm_exec_t,s0)
 +/usr/bin/metacity	--	gen_context(system_u:object_r:wm_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.6.12/policy/modules/apps/wm.if
 --- nsaserefpolicy/policy/modules/apps/wm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/wm.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/wm.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,108 @@
 +## <summary>Window Manager.</summary>
 +
@@ -4936,7 +4990,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.12/policy/modules/apps/wm.te
 --- nsaserefpolicy/policy/modules/apps/wm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/wm.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/wm.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,9 @@
 +policy_module(wm,0.0.4)
 +
@@ -4949,7 +5003,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +corecmd_executable_file(wm_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-03-05 10:34:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc	2009-05-07 15:02:13.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -32,6 +32,8 @@
  #
  # /etc
@@ -5003,7 +5057,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.12/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.if	2009-05-12 15:30:13.000000000 -0400
 @@ -893,6 +893,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -5014,7 +5068,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.6.12/policy/modules/kernel/corenetwork.if.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.if.in	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.if.in	2009-05-12 16:34:51.000000000 -0400
 @@ -1612,6 +1612,24 @@
  
  ########################################
@@ -5067,7 +5121,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-03-23 13:47:10.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in	2009-05-12 15:30:13.000000000 -0400
 @@ -65,10 +65,12 @@
  type server_packet_t, packet_type, server_packet_type;
  
@@ -5202,7 +5256,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.12/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2009-03-05 14:09:51.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc	2009-05-13 09:24:04.000000000 -0400
 @@ -91,6 +91,7 @@
  /dev/sndstat		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/sonypi		-c	gen_context(system_u:object_r:v4l_device_t,s0)
@@ -5211,9 +5265,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
  /dev/ub[a-c]		-c	gen_context(system_u:object_r:usb_device_t,s0)
  /dev/usb.+		-c	gen_context(system_u:object_r:usb_device_t,s0)
+@@ -113,7 +114,9 @@
+ 
+ /dev/bus/usb/.*/[0-9]+	-c	gen_context(system_u:object_r:usb_device_t,s0)
+ 
++/dev/card.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
+ /dev/cmx.*		-c	gen_context(system_u:object_r:smartcard_device_t,s0)
++/dev/controlD64		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
+ 
+ /dev/cpu_dma_latency	-c	gen_context(system_u:object_r:netcontrol_device_t,s0)
+ /dev/cpu.*		-c	gen_context(system_u:object_r:cpu_device_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.12/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2009-03-05 12:28:56.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.if	2009-05-05 16:42:47.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.if	2009-05-12 15:30:13.000000000 -0400
 @@ -2268,6 +2268,25 @@
  
  ########################################
@@ -5250,7 +5314,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.12/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2009-03-05 12:28:57.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.te	2009-05-12 15:30:13.000000000 -0400
 @@ -188,6 +188,12 @@
  genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
  
@@ -5266,7 +5330,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  type urandom_device_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.12/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.if	2009-05-08 11:33:48.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.if	2009-05-12 15:30:13.000000000 -0400
 @@ -525,7 +525,7 @@
  	')
  
@@ -5349,7 +5413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.12/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.te	2009-04-29 10:47:24.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.te	2009-05-12 15:30:13.000000000 -0400
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -5473,7 +5537,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.6.12/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/files.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -8,6 +8,8 @@
  /initrd\.img.*		-l	gen_context(system_u:object_r:boot_t,s0)
  /vmlinuz.*		-l	gen_context(system_u:object_r:boot_t,s0)
@@ -5502,7 +5566,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.12/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.if	2009-05-08 13:00:36.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/files.if	2009-05-14 08:50:17.000000000 -0400
 @@ -110,6 +110,11 @@
  ## </param>
  #
@@ -5784,7 +5848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -4921,3 +5078,114 @@
+@@ -4921,3 +5078,132 @@
  
  	typeattribute $1 files_unconfined_type;
  ')
@@ -5899,9 +5963,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 tmpfsfile:file getattr;
 +')
++
++########################################
++## <summary>
++##	Do not audit attempts to read security files 
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`files_dontaudit_read_security_files',`
++	gen_require(`
++		attribute security_file_type;
++	')
++
++	dontaudit $1 security_file_type:file read_file_perms;
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.6.12/policy/modules/kernel/files.te
 --- nsaserefpolicy/policy/modules/kernel/files.te	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/files.te	2009-05-12 15:30:13.000000000 -0400
 @@ -52,7 +52,9 @@
  #
  # etc_t is the type of the system etc directories.
@@ -5927,13 +6009,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.6.12/policy/modules/kernel/filesystem.fc
 --- nsaserefpolicy/policy/modules/kernel/filesystem.fc	2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1 +1 @@
 -# This module currently does not have any file contexts.
 +/dev/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.12/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-03-04 16:49:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.if	2009-05-12 13:59:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.if	2009-05-12 15:30:13.000000000 -0400
 @@ -723,6 +723,24 @@
  
  ########################################
@@ -5993,7 +6075,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.6.12/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2009-03-04 15:43:10.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.te	2009-05-12 15:30:13.000000000 -0400
 @@ -206,6 +206,10 @@
  genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
  genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
@@ -6022,7 +6104,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if	2009-05-11 08:03:38.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if	2009-05-12 15:30:13.000000000 -0400
 @@ -157,7 +157,7 @@
  		type kernel_t;
  	')
@@ -6157,7 +6239,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.12/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.te	2009-05-01 13:41:10.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.te	2009-05-12 15:30:13.000000000 -0400
 @@ -63,6 +63,15 @@
  genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
  
@@ -6271,7 +6353,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive kernel_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.6.12/policy/modules/kernel/selinux.if
 --- nsaserefpolicy/policy/modules/kernel/selinux.if	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/selinux.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/selinux.if	2009-05-12 15:30:13.000000000 -0400
 @@ -40,7 +40,7 @@
  
  	# because of this statement, any module which
@@ -6331,7 +6413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.6.12/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2009-03-05 12:28:57.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/storage.fc	2009-05-07 14:55:19.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/storage.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -57,7 +57,7 @@
  
  /dev/cciss/[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -6343,7 +6425,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/i2o/hd[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.6.12/policy/modules/kernel/terminal.fc
 --- nsaserefpolicy/policy/modules/kernel/terminal.fc	2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/terminal.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/terminal.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -13,6 +13,7 @@
  /dev/ip2[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
  /dev/isdn.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
@@ -6354,7 +6436,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/tty		-c	gen_context(system_u:object_r:devtty_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.12/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if	2009-05-12 08:30:38.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if	2009-05-12 15:30:13.000000000 -0400
 @@ -173,7 +173,7 @@
  
  	dev_list_all_dev_nodes($1)
@@ -6402,7 +6484,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.6.12/policy/modules/roles/guest.te
 --- nsaserefpolicy/policy/modules/roles/guest.te	2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/guest.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/guest.te	2009-05-14 10:28:40.000000000 -0400
+@@ -6,7 +6,7 @@
+ # Declarations
+ #
+ 
+-role xguest_r;
++role guest_r;
+ 
+ userdom_restricted_user_template(guest)
+ 
 @@ -16,7 +16,11 @@
  #
  
@@ -6419,7 +6510,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(guest_u, user, guest_r, s0, s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.12/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/staff.te	2009-05-02 07:50:07.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/staff.te	2009-05-12 15:30:13.000000000 -0400
 @@ -15,156 +15,95 @@
  # Local policy
  #
@@ -6613,7 +6704,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.12/policy/modules/roles/sysadm.if
 --- nsaserefpolicy/policy/modules/roles/sysadm.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if	2009-05-12 15:30:13.000000000 -0400
 @@ -116,41 +116,6 @@
  
  ########################################
@@ -6658,7 +6749,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	requiring the caller to use setexeccon().
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.12/policy/modules/roles/sysadm.te
 --- nsaserefpolicy/policy/modules/roles/sysadm.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te	2009-04-27 09:47:43.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te	2009-05-12 15:30:13.000000000 -0400
 @@ -15,7 +15,7 @@
  
  role sysadm_r;
@@ -6947,8 +7038,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +init_script_role_transition(sysadm_r)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.6.12/policy/modules/roles/unconfineduser.fc
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.fc	2009-04-23 09:44:57.000000000 -0400
-@@ -0,0 +1,32 @@
++++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.fc	2009-05-13 09:38:36.000000000 -0400
+@@ -0,0 +1,34 @@
 +# Add programs here which should not be confined by SELinux
 +# e.g.:
 +# /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -6966,6 +7057,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/mock			    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +/usr/sbin/sysreport	 	    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +
++/usr/lib64/R/bin/exec/R	   	--	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/lib/R/bin/exec/R	   	--	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/lib64/erlang/erts-[^/]+/bin/beam.smp --	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/lib/erlang/erts-[^/]+/bin/beam.smp --	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/lib/opera/[^/]*/works -- gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -6983,7 +7076,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.6.12/policy/modules/roles/unconfineduser.if
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.if	2009-04-23 09:45:14.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,638 @@
 +## <summary>Unconfiend user role</summary>
 +
@@ -7625,7 +7718,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te	2009-04-28 12:10:25.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,397 @@
 +policy_module(unconfineduser, 1.0.0)
 +
@@ -8026,7 +8119,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.12/policy/modules/roles/unprivuser.te
 --- nsaserefpolicy/policy/modules/roles/unprivuser.te	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te	2009-05-12 15:30:13.000000000 -0400
 @@ -14,142 +14,13 @@
  userdom_unpriv_user_template(user)
  
@@ -8175,7 +8268,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.6.12/policy/modules/roles/webadm.te
 --- nsaserefpolicy/policy/modules/roles/webadm.te	2009-04-07 15:53:36.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/webadm.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/webadm.te	2009-05-12 15:30:13.000000000 -0400
 @@ -42,7 +42,7 @@
  
  userdom_dontaudit_search_user_home_dirs(webadm_t)
@@ -8187,7 +8280,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	userdom_manage_user_home_content_files(webadm_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.12/policy/modules/roles/xguest.te
 --- nsaserefpolicy/policy/modules/roles/xguest.te	2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/xguest.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/xguest.te	2009-05-12 15:30:13.000000000 -0400
 @@ -67,7 +67,11 @@
  ')
  
@@ -8218,7 +8311,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(xguest_u, user, xguest_r, s0, s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.12/policy/modules/services/afs.fc
 --- nsaserefpolicy/policy/modules/services/afs.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/afs.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/afs.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,6 @@
 +/etc/rc\.d/init\.d/openafs-client	--	gen_context(system_u:object_r:afs_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/afs	--	gen_context(system_u:object_r:afs_initrc_exec_t,s0)
@@ -8242,7 +8335,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/afs(/.*)?		gen_context(system_u:object_r:afs_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.6.12/policy/modules/services/afs.if
 --- nsaserefpolicy/policy/modules/services/afs.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/afs.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/afs.if	2009-05-12 15:30:13.000000000 -0400
 @@ -1 +1,110 @@
  ## <summary>Andrew Filesystem server</summary>
 +
@@ -8356,7 +8449,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.12/policy/modules/services/afs.te
 --- nsaserefpolicy/policy/modules/services/afs.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/afs.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/afs.te	2009-05-12 15:30:13.000000000 -0400
 @@ -6,6 +6,16 @@
  # Declarations
  #
@@ -8423,7 +8516,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive afs_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.12/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/apache.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/apache.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,12 +1,13 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
 +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -8517,7 +8610,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/svn(/.*)?		gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.12/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/apache.if	2009-04-29 14:18:52.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/apache.if	2009-05-12 15:30:13.000000000 -0400
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -9059,7 +9152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.12/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/apache.te	2009-05-06 08:47:58.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/apache.te	2009-05-12 15:30:13.000000000 -0400
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -9771,7 +9864,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.6.12/policy/modules/services/apm.te
 --- nsaserefpolicy/policy/modules/services/apm.te	2009-02-16 08:44:12.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/apm.te	2009-05-07 14:35:37.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/apm.te	2009-05-12 15:30:13.000000000 -0400
 @@ -123,6 +123,7 @@
  libs_exec_lib_files(apmd_t)
  
@@ -9782,7 +9875,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_hwdata(apmd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.te serefpolicy-3.6.12/policy/modules/services/audioentropy.te
 --- nsaserefpolicy/policy/modules/services/audioentropy.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/audioentropy.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/audioentropy.te	2009-05-12 15:30:13.000000000 -0400
 @@ -40,6 +40,9 @@
  # and sample rate.
  dev_write_sound(entropyd_t)
@@ -9807,7 +9900,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.12/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/automount.te	2009-05-06 08:47:22.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/automount.te	2009-05-12 15:30:13.000000000 -0400
 @@ -71,6 +71,7 @@
  files_mounton_all_mountpoints(automount_t)
  files_mount_all_file_type_fs(automount_t)
@@ -9851,7 +9944,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.12/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/avahi.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/avahi.te	2009-05-12 15:30:13.000000000 -0400
 @@ -33,6 +33,7 @@
  allow avahi_t self:tcp_socket create_stream_socket_perms;
  allow avahi_t self:udp_socket create_socket_perms;
@@ -9870,7 +9963,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.12/policy/modules/services/bind.fc
 --- nsaserefpolicy/policy/modules/services/bind.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/bind.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/bind.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,17 +1,22 @@
  /etc/rc\.d/init\.d/named --	gen_context(system_u:object_r:named_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/unbound	--	gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -9910,7 +10003,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.12/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/bind.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/bind.if	2009-05-12 15:30:13.000000000 -0400
 @@ -38,6 +38,42 @@
  
  ########################################
@@ -10009,7 +10102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.12/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/bind.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/bind.te	2009-05-12 15:30:13.000000000 -0400
 @@ -123,6 +123,7 @@
  corenet_sendrecv_dns_client_packets(named_t)
  corenet_sendrecv_rndc_server_packets(named_t)
@@ -10037,7 +10130,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  init_use_script_ptys(ndc_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.6.12/policy/modules/services/bitlbee.te
 --- nsaserefpolicy/policy/modules/services/bitlbee.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/bitlbee.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/bitlbee.te	2009-05-12 15:30:13.000000000 -0400
 @@ -75,6 +75,8 @@
  # grant read-only access to the user help files
  files_read_usr_files(bitlbee_t)
@@ -10049,7 +10142,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(bitlbee_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.12/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te	2009-05-12 15:30:13.000000000 -0400
 @@ -152,6 +152,10 @@
  	optional_policy(`
  		hal_dbus_chat(bluetooth_t)
@@ -10063,7 +10156,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.6.12/policy/modules/services/certmaster.fc
 --- nsaserefpolicy/policy/modules/services/certmaster.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/certmaster.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/certmaster.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,9 @@
 +
 +/etc/rc\.d/init\.d/certmaster 		--   		gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
@@ -10076,7 +10169,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/certmaster(/.*)?  				gen_context(system_u:object_r:certmaster_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.6.12/policy/modules/services/certmaster.if
 --- nsaserefpolicy/policy/modules/services/certmaster.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/certmaster.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/certmaster.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,123 @@
 +## <summary>policy for certmaster</summary>
 +
@@ -10203,7 +10296,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.6.12/policy/modules/services/certmaster.te
 --- nsaserefpolicy/policy/modules/services/certmaster.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/certmaster.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/certmaster.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,79 @@
 +policy_module(certmaster,1.0.0)
 +
@@ -10286,7 +10379,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive certmaster_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.6.12/policy/modules/services/clamav.fc
 --- nsaserefpolicy/policy/modules/services/clamav.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/clamav.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/clamav.fc	2009-05-13 10:32:30.000000000 -0400
 @@ -1,20 +1,23 @@
  /etc/clamav(/.*)?			gen_context(system_u:object_r:clamd_etc_t,s0)
 +/etc/rc\.d/init\.d/clamd-wrapper	--	gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
@@ -10318,7 +10411,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/MailScanner(/.*)?	gen_context(system_u:object_r:clamd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.6.12/policy/modules/services/clamav.if
 --- nsaserefpolicy/policy/modules/services/clamav.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/clamav.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/clamav.if	2009-05-13 10:35:11.000000000 -0400
 @@ -38,6 +38,27 @@
  
  ########################################
@@ -10347,7 +10440,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read clamav configuration files.
  ## </summary>
  ## <param name="domain">
-@@ -91,3 +112,87 @@
+@@ -91,3 +112,86 @@
  
  	domtrans_pattern($1, clamscan_exec_t, clamscan_t)
  ')
@@ -10434,10 +10527,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	admin_pattern($1, freshclam_var_log_t)
 +')
-+
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.12/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/clamav.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/clamav.te	2009-05-13 10:40:53.000000000 -0400
 @@ -13,7 +13,10 @@
  
  # configuration files
@@ -10450,6 +10542,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # tmp files
  type clamd_tmp_t;
+@@ -55,7 +58,7 @@
+ 
+ allow clamd_t self:capability { kill setgid setuid dac_override };
+ allow clamd_t self:fifo_file rw_fifo_file_perms;
+-allow clamd_t self:unix_stream_socket create_stream_socket_perms;
++allow clamd_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow clamd_t self:unix_dgram_socket create_socket_perms;
+ allow clamd_t self:tcp_socket { listen accept };
+ 
 @@ -87,6 +90,9 @@
  kernel_dontaudit_list_proc(clamd_t)
  kernel_read_sysctl(clamd_t)
@@ -10525,7 +10626,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.12/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/consolekit.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/consolekit.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,6 @@
  /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
  
@@ -10535,7 +10636,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.12/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/consolekit.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/consolekit.if	2009-05-12 15:30:13.000000000 -0400
 @@ -38,3 +38,24 @@
  	allow $1 consolekit_t:dbus send_msg;
  	allow consolekit_t $1:dbus send_msg;
@@ -10563,7 +10664,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.12/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/consolekit.te	2009-05-08 12:52:48.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/consolekit.te	2009-05-12 15:30:13.000000000 -0400
 @@ -13,6 +13,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -10679,7 +10780,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.12/policy/modules/services/courier.if
 --- nsaserefpolicy/policy/modules/services/courier.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/courier.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/courier.if	2009-05-12 15:30:13.000000000 -0400
 @@ -179,6 +179,24 @@
  
  ########################################
@@ -10707,7 +10808,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.12/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/courier.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/courier.te	2009-05-12 15:30:13.000000000 -0400
 @@ -10,6 +10,7 @@
  
  type courier_etc_t;
@@ -10718,7 +10819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.12/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/cron.fc	2009-05-07 15:06:38.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cron.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,4 @@
 +/etc/rc\.d/init\.d/atd		--	gen_context(system_u:object_r:crond_initrc_exec_t,s0)
  
@@ -10753,7 +10854,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/mcelog.*		--	gen_context(system_u:object_r:cron_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.12/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/cron.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cron.if	2009-05-12 15:30:13.000000000 -0400
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -11061,7 +11162,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.12/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/cron.te	2009-05-07 15:05:29.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cron.te	2009-05-12 15:30:13.000000000 -0400
 @@ -38,6 +38,10 @@
  type cron_var_lib_t;
  files_type(cron_var_lib_t)
@@ -11417,7 +11518,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.12/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/cups.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cups.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -5,27 +5,38 @@
  /etc/cups/classes\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/cupsd\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -11493,7 +11594,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.6.12/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/cups.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cups.if	2009-05-12 15:30:13.000000000 -0400
 @@ -20,6 +20,30 @@
  
  ########################################
@@ -11620,7 +11721,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.12/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/cups.te	2009-05-05 14:06:36.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cups.te	2009-05-12 15:30:13.000000000 -0400
 @@ -20,9 +20,18 @@
  type cupsd_etc_t;
  files_config_file(cupsd_etc_t)
@@ -12058,7 +12159,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.12/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/cvs.te	2009-04-29 12:56:25.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cvs.te	2009-05-12 15:30:13.000000000 -0400
 @@ -112,4 +112,5 @@
  	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
  	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -12067,7 +12168,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.6.12/policy/modules/services/dbus.fc
 --- nsaserefpolicy/policy/modules/services/dbus.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dbus.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dbus.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -4,6 +4,9 @@
  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
@@ -12080,7 +12181,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.12/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dbus.if	2009-04-24 13:45:56.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dbus.if	2009-05-12 15:30:13.000000000 -0400
 @@ -44,6 +44,7 @@
  
  		attribute session_bus_type;
@@ -12307,7 +12408,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.12/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dbus.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dbus.te	2009-05-12 15:30:13.000000000 -0400
 @@ -9,14 +9,15 @@
  #
  # Delcarations
@@ -12441,7 +12542,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow session_bus_type dbusd_unconfined:dbus send_msg;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.fc serefpolicy-3.6.12/policy/modules/services/dcc.fc
 --- nsaserefpolicy/policy/modules/services/dcc.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/dcc.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dcc.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -12,6 +12,8 @@
  
  /var/dcc(/.*)?				gen_context(system_u:object_r:dcc_var_t,s0)
@@ -12453,7 +12554,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/dcc/map		--	gen_context(system_u:object_r:dcc_client_map_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dcc.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dcc.te	2009-05-12 15:30:13.000000000 -0400
 @@ -137,6 +137,7 @@
  
  corenet_all_recvfrom_unlabeled(dcc_client_t)
@@ -12464,7 +12565,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_udp_sendrecv_all_ports(dcc_client_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.12/policy/modules/services/devicekit.fc
 --- nsaserefpolicy/policy/modules/services/devicekit.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,9 @@
 +
 +/usr/libexec/devkit-daemon	--	gen_context(system_u:object_r:devicekit_exec_t,s0)
@@ -12477,7 +12578,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/DeviceKit-disk(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.12/policy/modules/services/devicekit.if
 --- nsaserefpolicy/policy/modules/services/devicekit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.if	2009-05-02 07:48:49.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,197 @@
 +
 +## <summary>policy for devicekit</summary>
@@ -12678,7 +12779,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
 --- nsaserefpolicy/policy/modules/services/devicekit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,237 @@
 +policy_module(devicekit,1.0.0)
 +
@@ -12919,7 +13020,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.6.12/policy/modules/services/dhcp.if
 --- nsaserefpolicy/policy/modules/services/dhcp.if	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dhcp.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dhcp.if	2009-05-12 15:30:13.000000000 -0400
 @@ -22,6 +22,25 @@
  
  ########################################
@@ -12948,7 +13049,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.6.12/policy/modules/services/dnsmasq.if
 --- nsaserefpolicy/policy/modules/services/dnsmasq.if	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.if	2009-05-12 15:30:13.000000000 -0400
 @@ -22,6 +22,25 @@
  
  ########################################
@@ -12977,7 +13078,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.12/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te	2009-05-12 15:30:13.000000000 -0400
 @@ -42,8 +42,7 @@
  files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
  
@@ -13005,7 +13106,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.6.12/policy/modules/services/dovecot.fc
 --- nsaserefpolicy/policy/modules/services/dovecot.fc	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dovecot.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dovecot.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -6,6 +6,7 @@
  /etc/dovecot\.passwd.*			gen_context(system_u:object_r:dovecot_passwd_t,s0)
  
@@ -13041,7 +13142,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.12/policy/modules/services/dovecot.if
 --- nsaserefpolicy/policy/modules/services/dovecot.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dovecot.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dovecot.if	2009-05-12 15:30:13.000000000 -0400
 @@ -21,7 +21,46 @@
  
  ########################################
@@ -13153,7 +13254,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.12/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dovecot.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dovecot.te	2009-05-12 15:30:13.000000000 -0400
 @@ -15,12 +15,21 @@
  domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -13338,7 +13439,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.6.12/policy/modules/services/exim.if
 --- nsaserefpolicy/policy/modules/services/exim.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/exim.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/exim.if	2009-05-12 15:30:13.000000000 -0400
 @@ -97,6 +97,26 @@
  
  ########################################
@@ -13392,7 +13493,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.12/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/exim.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/exim.te	2009-05-12 15:30:13.000000000 -0400
 @@ -21,9 +21,20 @@
  ## </desc>
  gen_tunable(exim_manage_user_files, false)
@@ -13549,7 +13650,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-3.6.12/policy/modules/services/fail2ban.fc
 --- nsaserefpolicy/policy/modules/services/fail2ban.fc	2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/fail2ban.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/fail2ban.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -2,5 +2,9 @@
  
  /usr/bin/fail2ban	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
@@ -13562,7 +13663,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/fail2ban.*		gen_context(system_u:object_r:fail2ban_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.6.12/policy/modules/services/fail2ban.if
 --- nsaserefpolicy/policy/modules/services/fail2ban.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/fail2ban.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/fail2ban.if	2009-05-12 15:30:13.000000000 -0400
 @@ -20,6 +20,25 @@
  
  ########################################
@@ -13591,7 +13692,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.6.12/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/fail2ban.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/fail2ban.te	2009-05-12 15:30:13.000000000 -0400
 @@ -17,6 +17,9 @@
  type fail2ban_log_t;
  logging_log_file(fail2ban_log_t)
@@ -13623,7 +13724,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.6.12/policy/modules/services/fetchmail.te
 --- nsaserefpolicy/policy/modules/services/fetchmail.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/fetchmail.te	2009-05-04 15:58:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/fetchmail.te	2009-05-12 15:30:13.000000000 -0400
 @@ -9,6 +9,7 @@
  type fetchmail_t;
  type fetchmail_exec_t;
@@ -13634,7 +13735,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_pid_file(fetchmail_var_run_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.fc serefpolicy-3.6.12/policy/modules/services/fprintd.fc
 --- nsaserefpolicy/policy/modules/services/fprintd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/fprintd.fc	2009-05-08 11:59:23.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/fprintd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,4 @@
 +
 +/usr/libexec/fprintd	--	gen_context(system_u:object_r:fprintd_exec_t,s0)
@@ -13642,7 +13743,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/fprint(/.*)?		gen_context(system_u:object_r:fprintd_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.if serefpolicy-3.6.12/policy/modules/services/fprintd.if
 --- nsaserefpolicy/policy/modules/services/fprintd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/fprintd.if	2009-05-07 10:09:49.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/fprintd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,43 @@
 +
 +## <summary>policy for fprintd</summary>
@@ -13689,7 +13790,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.12/policy/modules/services/fprintd.te
 --- nsaserefpolicy/policy/modules/services/fprintd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/fprintd.te	2009-05-07 10:09:32.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/fprintd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,48 @@
 +policy_module(fprintd,1.0.0)
 +
@@ -13741,7 +13842,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.12/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ftp.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ftp.te	2009-05-12 15:30:13.000000000 -0400
 @@ -26,7 +26,7 @@
  ## <desc>
  ## <p>
@@ -13859,7 +13960,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.6.12/policy/modules/services/git.te
 --- nsaserefpolicy/policy/modules/services/git.te	2009-04-07 15:53:35.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/git.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/git.te	2009-05-12 15:30:13.000000000 -0400
 @@ -7,3 +7,4 @@
  #
  
@@ -13867,14 +13968,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive httpd_git_script_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.12/policy/modules/services/gnomeclock.fc
 --- nsaserefpolicy/policy/modules/services/gnomeclock.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,3 @@
 +
 +/usr/libexec/gnome-clock-applet-mechanism	--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.12/policy/modules/services/gnomeclock.if
 --- nsaserefpolicy/policy/modules/services/gnomeclock.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,69 @@
 +
 +## <summary>policy for gnomeclock</summary>
@@ -13947,7 +14048,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.12/policy/modules/services/gnomeclock.te
 --- nsaserefpolicy/policy/modules/services/gnomeclock.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,51 @@
 +policy_module(gnomeclock, 1.0.0)
 +########################################
@@ -14002,7 +14103,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.if serefpolicy-3.6.12/policy/modules/services/gpm.if
 --- nsaserefpolicy/policy/modules/services/gpm.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/gpm.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gpm.if	2009-05-12 15:30:13.000000000 -0400
 @@ -16,7 +16,7 @@
  		type gpmctl_t, gpm_t;
  	')
@@ -14014,7 +14115,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.12/policy/modules/services/gpm.te
 --- nsaserefpolicy/policy/modules/services/gpm.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpm.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gpm.te	2009-05-12 15:30:13.000000000 -0400
 @@ -54,6 +54,8 @@
  dev_rw_input_dev(gpm_t)
  dev_rw_mouse(gpm_t)
@@ -14026,14 +14127,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.12/policy/modules/services/gpsd.fc
 --- nsaserefpolicy/policy/modules/services/gpsd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,3 @@
 +
 +/usr/sbin/gpsd                 --      gen_context(system_u:object_r:gpsd_exec_t,s0)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.12/policy/modules/services/gpsd.if
 --- nsaserefpolicy/policy/modules/services/gpsd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,83 @@
 +## <summary>gpsd monitor daemon</summary>
 +
@@ -14120,7 +14221,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.12/policy/modules/services/gpsd.te
 --- nsaserefpolicy/policy/modules/services/gpsd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,52 @@
 +policy_module(gpsd,1.0.0)
 +
@@ -14176,7 +14277,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.12/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/hal.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/hal.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -5,6 +5,7 @@
  /usr/bin/hal-setup-keymap		--	gen_context(system_u:object_r:hald_keymap_exec_t,s0)
  
@@ -14187,7 +14288,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.12/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/hal.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/hal.if	2009-05-14 10:34:08.000000000 -0400
 @@ -20,6 +20,24 @@
  
  ########################################
@@ -14315,7 +14416,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.12/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/hal.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/hal.te	2009-05-12 15:30:13.000000000 -0400
 @@ -49,6 +49,15 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -14501,7 +14602,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive hald_dccm_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.12/policy/modules/services/ifplugd.fc
 --- nsaserefpolicy/policy/modules/services/ifplugd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ifplugd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ifplugd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,9 @@
 +
 +/etc/ifplugd(/.*)?	                gen_context(system_u:object_r:ifplugd_etc_t,s0)
@@ -14514,7 +14615,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.12/policy/modules/services/ifplugd.if
 --- nsaserefpolicy/policy/modules/services/ifplugd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ifplugd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ifplugd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,194 @@
 +## <summary>policy for ifplugd</summary>
 +
@@ -14712,7 +14813,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.12/policy/modules/services/ifplugd.te
 --- nsaserefpolicy/policy/modules/services/ifplugd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ifplugd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ifplugd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,89 @@
 +policy_module(ifplugd,1.0.0)
 +
@@ -14805,7 +14906,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.6.12/policy/modules/services/inetd.if
 --- nsaserefpolicy/policy/modules/services/inetd.if	2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/inetd.if	2009-04-29 14:44:12.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/inetd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -36,8 +36,7 @@
  	role system_r types $1;
  
@@ -14816,9 +14917,28 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.12/policy/modules/services/kerberos.fc
+--- nsaserefpolicy/policy/modules/services/kerberos.fc	2009-03-23 13:47:11.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.fc	2009-05-14 08:39:20.000000000 -0400
+@@ -6,13 +6,14 @@
+ /etc/krb5kdc/principal.*		gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+ 
+ /etc/rc\.d/init\.d/kadmind	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+-/etc/rc\.d/init\.d/kpropd	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/kprop	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/krb524d	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/krb5kdc	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+ 
+ /usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
+ /usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
+ /usr/kerberos/sbin/kadmin\.local --	gen_context(system_u:object_r:kadmind_exec_t,s0)
++/usr/kerberos/sbin/kpropd	  --	gen_context(system_u:object_r:kpropd_exec_t,s0)
+ 
+ /usr/local/var/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+ /usr/local/var/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.12/policy/modules/services/kerneloops.if
 --- nsaserefpolicy/policy/modules/services/kerneloops.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/kerneloops.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/kerneloops.if	2009-05-12 15:30:13.000000000 -0400
 @@ -63,6 +63,25 @@
  
  ########################################
@@ -14863,7 +14983,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.12/policy/modules/services/kerneloops.te
 --- nsaserefpolicy/policy/modules/services/kerneloops.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/kerneloops.te	2009-05-01 13:21:26.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/kerneloops.te	2009-05-12 15:30:13.000000000 -0400
 @@ -13,6 +13,9 @@
  type kerneloops_initrc_exec_t;
  init_script_file(kerneloops_initrc_exec_t)
@@ -14910,7 +15030,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.12/policy/modules/services/ktalk.te
 --- nsaserefpolicy/policy/modules/services/ktalk.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ktalk.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ktalk.te	2009-05-12 15:30:13.000000000 -0400
 @@ -69,6 +69,7 @@
  files_read_etc_files(ktalkd_t)
  
@@ -14921,7 +15041,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.6.12/policy/modules/services/lircd.fc
 --- nsaserefpolicy/policy/modules/services/lircd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/lircd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,9 @@
 +
 +/dev/lircd             			-s      	gen_context(system_u:object_r:lircd_sock_t,s0)
@@ -14934,7 +15054,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/lircd\.pid					gen_context(system_u:object_r:lircd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.6.12/policy/modules/services/lircd.if
 --- nsaserefpolicy/policy/modules/services/lircd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/lircd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,100 @@
 +## <summary>Lirc daemon</summary>
 +
@@ -15038,7 +15158,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
 --- nsaserefpolicy/policy/modules/services/lircd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/lircd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,58 @@
 +policy_module(lircd,1.0.0)
 +
@@ -15100,7 +15220,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.6.12/policy/modules/services/lpd.if
 --- nsaserefpolicy/policy/modules/services/lpd.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lpd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/lpd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -134,6 +134,7 @@
  	files_search_spool($1)
  	manage_dirs_pattern($1, print_spool_t, print_spool_t)
@@ -15111,7 +15231,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.12/policy/modules/services/mailman.fc
 --- nsaserefpolicy/policy/modules/services/mailman.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mailman.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -31,3 +31,4 @@
  /var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
  /var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
@@ -15119,7 +15239,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.12/policy/modules/services/mailman.if
 --- nsaserefpolicy/policy/modules/services/mailman.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mailman.if	2009-05-12 15:30:13.000000000 -0400
 @@ -31,6 +31,12 @@
  	allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
  	allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -15185,7 +15305,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.12/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mailman.te	2009-05-12 15:30:13.000000000 -0400
 @@ -53,10 +53,8 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -15254,7 +15374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.6.12/policy/modules/services/milter.fc
 --- nsaserefpolicy/policy/modules/services/milter.fc	2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/milter.fc	2009-04-30 17:48:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/milter.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,6 +1,15 @@
 -/usr/sbin/milter-regex				--	gen_context(system_u:object_r:regex_milter_exec_t,s0)
 -/var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
@@ -15275,7 +15395,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/milter-greylist\.pid			--	gen_context(system_u:object_r:greylist_milter_data_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.12/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/milter.if	2009-04-24 13:45:41.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/milter.if	2009-05-12 15:30:13.000000000 -0400
 @@ -24,7 +24,7 @@
  
  	# Type for the milter data (e.g. the socket used to communicate with the MTA)
@@ -15312,7 +15432,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.6.12/policy/modules/services/milter.te
 --- nsaserefpolicy/policy/modules/services/milter.te	2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/milter.te	2009-04-30 18:09:54.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/milter.te	2009-05-12 15:30:13.000000000 -0400
 @@ -14,6 +14,12 @@
  milter_template(regex)
  milter_template(spamass)
@@ -15380,7 +15500,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.12/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mta.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mta.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,4 @@
 -/bin/mail		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 +/bin/mail(x)?		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -15413,7 +15533,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root/\.forward		--	gen_context(system_u:object_r:mail_forward_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.12/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mta.if	2009-05-07 14:39:20.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mta.if	2009-05-12 15:30:13.000000000 -0400
 @@ -130,6 +130,15 @@
  		sendmail_create_log($1_mail_t)
  	')
@@ -15517,7 +15637,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.12/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mta.te	2009-04-24 07:24:07.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mta.te	2009-05-12 15:30:13.000000000 -0400
 @@ -27,6 +27,9 @@
  type mail_spool_t;
  files_mountpoint(mail_spool_t)
@@ -15665,7 +15785,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # User send mail local policy
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.12/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/munin.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/munin.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,5 @@
  /etc/munin(/.*)?			gen_context(system_u:object_r:munin_etc_t,s0)
 +/etc/rc\.d/init\.d/munin-node	--	gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -15685,7 +15805,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.12/policy/modules/services/munin.if
 --- nsaserefpolicy/policy/modules/services/munin.if	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/munin.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/munin.if	2009-05-12 15:30:13.000000000 -0400
 @@ -59,8 +59,9 @@
  		type munin_log_t;
  	')
@@ -15755,7 +15875,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.12/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/munin.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/munin.te	2009-05-12 15:30:13.000000000 -0400
 @@ -13,6 +13,9 @@
  type munin_etc_t alias lrrd_etc_t;
  files_config_file(munin_etc_t)
@@ -15892,7 +16012,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.6.12/policy/modules/services/mysql.fc
 --- nsaserefpolicy/policy/modules/services/mysql.fc	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mysql.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -12,6 +12,8 @@
  #
  /usr/libexec/mysqld	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
@@ -15904,7 +16024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.6.12/policy/modules/services/mysql.if
 --- nsaserefpolicy/policy/modules/services/mysql.if	2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mysql.if	2009-05-12 15:30:13.000000000 -0400
 @@ -121,6 +121,44 @@
  	allow $1 mysqld_db_t:dir rw_dir_perms;
  ')
@@ -16013,7 +16133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.12/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/mysql.te	2009-05-12 15:30:13.000000000 -0400
 @@ -10,6 +10,10 @@
  type mysqld_exec_t;
  init_daemon_domain(mysqld_t, mysqld_exec_t)
@@ -16064,7 +16184,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive mysqld_safe_t; 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.12/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nagios.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nagios.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,16 +1,19 @@
  /etc/nagios(/.*)?			gen_context(system_u:object_r:nagios_etc_t,s0)
  /etc/nagios/nrpe\.cfg		--	gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -16091,7 +16211,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.12/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nagios.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nagios.if	2009-05-12 15:30:13.000000000 -0400
 @@ -44,7 +44,7 @@
  
  ########################################
@@ -16213,7 +16333,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.12/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nagios.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nagios.te	2009-05-12 15:30:13.000000000 -0400
 @@ -10,13 +10,12 @@
  type nagios_exec_t;
  init_daemon_domain(nagios_t, nagios_exec_t)
@@ -16311,7 +16431,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.12/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/networkmanager.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,12 +1,25 @@
 +/etc/rc\.d/init\.d/wicd		--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -16340,7 +16460,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.12/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/networkmanager.if	2009-05-12 15:30:13.000000000 -0400
 @@ -118,6 +118,24 @@
  
  ########################################
@@ -16399,7 +16519,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.12/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/networkmanager.te	2009-05-12 15:30:13.000000000 -0400
 @@ -19,6 +19,9 @@
  type NetworkManager_tmp_t;
  files_tmp_file(NetworkManager_tmp_t)
@@ -16631,7 +16751,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.12/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nis.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nis.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,9 +1,13 @@
 -
 +/etc/rc\.d/init\.d/ypbind	--	gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -16649,7 +16769,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/rpc\.ypxfrd	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.12/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nis.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nis.if	2009-05-12 15:30:13.000000000 -0400
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -16829,7 +16949,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.12/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nis.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nis.te	2009-05-12 15:30:13.000000000 -0400
 @@ -13,6 +13,9 @@
  type ypbind_exec_t;
  init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -16906,7 +17026,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_all_ports(ypxfr_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.12/policy/modules/services/nscd.fc
 --- nsaserefpolicy/policy/modules/services/nscd.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nscd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nscd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,4 @@
 +/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
  
@@ -16914,7 +17034,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.12/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nscd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nscd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -58,6 +58,42 @@
  
  ########################################
@@ -17039,7 +17159,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.12/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nscd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nscd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -20,6 +20,9 @@
  type nscd_exec_t;
  init_daemon_domain(nscd_t, nscd_exec_t)
@@ -17139,7 +17259,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.12/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/ntp.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ntp.if	2009-05-12 15:30:13.000000000 -0400
 @@ -37,6 +37,32 @@
  
  ########################################
@@ -17239,7 +17359,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.12/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ntp.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ntp.te	2009-05-12 15:30:13.000000000 -0400
 @@ -25,6 +25,9 @@
  type ntpd_tmp_t;
  files_tmp_file(ntpd_tmp_t)
@@ -17306,7 +17426,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	firstboot_dontaudit_rw_stream_sockets(ntpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.12/policy/modules/services/nx.te
 --- nsaserefpolicy/policy/modules/services/nx.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nx.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/nx.te	2009-05-12 15:30:13.000000000 -0400
 @@ -25,6 +25,9 @@
  type nx_server_var_run_t;
  files_pid_file(nx_server_var_run_t)
@@ -17329,7 +17449,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.12/policy/modules/services/oddjob.fc
 --- nsaserefpolicy/policy/modules/services/oddjob.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/oddjob.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/oddjob.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,4 @@
 -/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 +/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -17338,7 +17458,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.12/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/oddjob.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/oddjob.if	2009-05-12 15:30:13.000000000 -0400
 @@ -44,6 +44,7 @@
  	')
  
@@ -17378,7 +17498,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.12/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/oddjob.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/oddjob.te	2009-05-12 15:30:13.000000000 -0400
 @@ -10,14 +10,21 @@
  type oddjob_exec_t;
  domain_type(oddjob_t)
@@ -17437,7 +17557,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.12/policy/modules/services/pads.fc
 --- nsaserefpolicy/policy/modules/services/pads.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pads.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pads.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,12 @@
 +
 +/etc/pads-ether-codes   --      gen_context(system_u:object_r:pads_config_t, s0)
@@ -17453,7 +17573,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.12/policy/modules/services/pads.if
 --- nsaserefpolicy/policy/modules/services/pads.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pads.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pads.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,10 @@
 +## <summary>SELinux policy for PADS daemon.</summary>
 +## <desc>
@@ -17467,7 +17587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.12/policy/modules/services/pads.te
 --- nsaserefpolicy/policy/modules/services/pads.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pads.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pads.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,65 @@
 +
 +policy_module(pads, 0.0.1) 
@@ -17536,7 +17656,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.12/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pegasus.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pegasus.te	2009-05-12 15:30:13.000000000 -0400
 @@ -30,7 +30,7 @@
  # Local policy
  #
@@ -17610,7 +17730,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.12/policy/modules/services/pingd.fc
 --- nsaserefpolicy/policy/modules/services/pingd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pingd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pingd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,11 @@
 +
 +/etc/pingd.conf				--	gen_context(system_u:object_r:pingd_etc_t,s0)
@@ -17625,7 +17745,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.12/policy/modules/services/pingd.if
 --- nsaserefpolicy/policy/modules/services/pingd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pingd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pingd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,99 @@
 +## <summary>policy for pingd</summary>
 +
@@ -17728,7 +17848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.6.12/policy/modules/services/pingd.te
 --- nsaserefpolicy/policy/modules/services/pingd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pingd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pingd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,54 @@
 +policy_module(pingd,1.0.0)
 +
@@ -17786,7 +17906,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.12/policy/modules/services/polkit.fc
 --- nsaserefpolicy/policy/modules/services/polkit.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/polkit.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,11 @@
 +
 +/usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -17801,7 +17921,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/misc/PolicyKit.reload			gen_context(system_u:object_r:polkit_reload_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.12/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.if	2009-04-28 16:05:38.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/polkit.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,241 @@
 +
 +## <summary>policy for polkit_auth</summary>
@@ -18046,7 +18166,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.12/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/polkit.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,237 @@
 +policy_module(polkit_auth, 1.0.0)
 +
@@ -18287,7 +18407,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.12/policy/modules/services/portreserve.fc
 --- nsaserefpolicy/policy/modules/services/portreserve.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/portreserve.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/portreserve.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,12 @@
 +# portreserve executable will have:
 +# label: system_u:object_r:portreserve_exec_t
@@ -18303,7 +18423,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.6.12/policy/modules/services/portreserve.if
 --- nsaserefpolicy/policy/modules/services/portreserve.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/portreserve.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/portreserve.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,66 @@
 +## <summary>policy for portreserve</summary>
 +
@@ -18373,7 +18493,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.12/policy/modules/services/portreserve.te
 --- nsaserefpolicy/policy/modules/services/portreserve.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/portreserve.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/portreserve.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,51 @@
 +policy_module(portreserve,1.0.0)
 +
@@ -18428,7 +18548,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#domain_use_interactive_fds(portreserve_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.12/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/postfix.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -18444,7 +18564,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.12/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/postfix.if	2009-05-12 15:30:13.000000000 -0400
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -18660,7 +18780,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.12/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/postfix.te	2009-05-12 15:30:13.000000000 -0400
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -19040,7 +19160,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.12/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/postgresql.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -2,6 +2,7 @@
  # /etc
  #
@@ -19051,7 +19171,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /usr
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.12/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/postgresql.if	2009-05-12 15:30:13.000000000 -0400
 @@ -351,3 +351,46 @@
  
  	typeattribute $1 sepgsql_unconfined_type;
@@ -19101,7 +19221,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.12/policy/modules/services/postgresql.te
 --- nsaserefpolicy/policy/modules/services/postgresql.te	2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/postgresql.te	2009-05-12 15:30:13.000000000 -0400
 @@ -32,6 +32,9 @@
  type postgresql_etc_t;
  files_config_file(postgresql_etc_t)
@@ -19157,7 +19277,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.12/policy/modules/services/ppp.fc
 --- nsaserefpolicy/policy/modules/services/ppp.fc	2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ppp.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,7 +1,7 @@
  #
  # /etc
@@ -19180,7 +19300,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /sbin
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.12/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ppp.if	2009-05-12 15:30:13.000000000 -0400
 @@ -58,6 +58,25 @@
  
  ########################################
@@ -19283,7 +19403,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.12/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ppp.te	2009-05-12 15:30:13.000000000 -0400
 @@ -37,8 +37,8 @@
  type pppd_etc_rw_t;
  files_type(pppd_etc_rw_t)
@@ -19421,7 +19541,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.12/policy/modules/services/prelude.fc
 --- nsaserefpolicy/policy/modules/services/prelude.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/prelude.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/prelude.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,9 @@
 +/etc/prelude-correlator(/.*)?   gen_context(system_u:object_r:prelude_correlator_config_t, s0)
 +
@@ -19450,7 +19570,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.12/policy/modules/services/prelude.if
 --- nsaserefpolicy/policy/modules/services/prelude.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/prelude.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/prelude.if	2009-05-12 15:30:13.000000000 -0400
 @@ -6,7 +6,7 @@
  ## </summary>
  ## <param name="domain">
@@ -19565,7 +19685,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.12/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/prelude.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/prelude.te	2009-05-12 15:30:13.000000000 -0400
 @@ -13,25 +13,57 @@
  type prelude_spool_t;
  files_type(prelude_spool_t)
@@ -19837,7 +19957,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		mysql_search_db(httpd_prewikka_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.12/policy/modules/services/privoxy.te
 --- nsaserefpolicy/policy/modules/services/privoxy.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/privoxy.te	2009-04-28 11:45:58.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/privoxy.te	2009-05-12 15:30:13.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -19882,7 +20002,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.12/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/procmail.te	2009-05-12 08:59:00.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/procmail.te	2009-05-12 15:30:13.000000000 -0400
 @@ -77,6 +77,7 @@
  files_read_usr_files(procmail_t)
  
@@ -19921,7 +20041,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.fc serefpolicy-3.6.12/policy/modules/services/psad.fc
 --- nsaserefpolicy/policy/modules/services/psad.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/psad.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/psad.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,17 @@
 +
 +
@@ -19942,7 +20062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/psad(/.*)?  					gen_context(system_u:object_r:psad_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.6.12/policy/modules/services/psad.if
 --- nsaserefpolicy/policy/modules/services/psad.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/psad.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/psad.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,304 @@
 +## <summary>Psad SELinux policy</summary>
 +
@@ -20250,7 +20370,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.6.12/policy/modules/services/psad.te
 --- nsaserefpolicy/policy/modules/services/psad.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/psad.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/psad.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,107 @@
 +policy_module(psad,1.0.0) 
 +
@@ -20361,7 +20481,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.12/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,6 +1,8 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -20373,7 +20493,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.12/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.if	2009-05-12 15:30:13.000000000 -0400
 @@ -88,3 +88,50 @@
  	corecmd_search_bin($1)
  	can_exec($1, pyzor_exec_t)
@@ -20427,7 +20547,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.12/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.te	2009-05-12 15:30:13.000000000 -0400
 @@ -6,6 +6,38 @@
  # Declarations
  #
@@ -20486,7 +20606,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.12/policy/modules/services/razor.fc
 --- nsaserefpolicy/policy/modules/services/razor.fc	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/razor.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/razor.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,4 @@
 +/root/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
@@ -20494,7 +20614,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/razor(/.*)?		gen_context(system_u:object_r:razor_etc_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.12/policy/modules/services/razor.if
 --- nsaserefpolicy/policy/modules/services/razor.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/razor.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/razor.if	2009-05-12 15:30:13.000000000 -0400
 @@ -157,3 +157,45 @@
  
  	domtrans_pattern($1, razor_exec_t, razor_t)
@@ -20543,7 +20663,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.12/policy/modules/services/razor.te
 --- nsaserefpolicy/policy/modules/services/razor.te	2009-01-19 11:07:32.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/razor.te	2009-04-24 08:32:37.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/razor.te	2009-05-12 15:30:13.000000000 -0400
 @@ -6,6 +6,32 @@
  # Declarations
  #
@@ -20597,7 +20717,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.6.12/policy/modules/services/rhgb.te
 --- nsaserefpolicy/policy/modules/services/rhgb.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/rhgb.te	2009-05-08 12:53:02.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rhgb.te	2009-05-12 15:30:13.000000000 -0400
 @@ -118,7 +118,7 @@
  xserver_domtrans(rhgb_t)
  xserver_signal(rhgb_t)
@@ -20609,7 +20729,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	consoletype_exec(rhgb_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.12/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ricci.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ricci.te	2009-05-12 15:30:13.000000000 -0400
 @@ -133,6 +133,8 @@
  
  dev_read_urand(ricci_t)
@@ -20716,7 +20836,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	ccs_read_config(ricci_modstorage_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.6.12/policy/modules/services/rpcbind.te
 --- nsaserefpolicy/policy/modules/services/rpcbind.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/rpcbind.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rpcbind.te	2009-05-12 15:30:13.000000000 -0400
 @@ -40,6 +40,8 @@
  manage_sock_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
  files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
@@ -20728,7 +20848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-05-12 14:00:28.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-05-12 15:30:13.000000000 -0400
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write, false)
  
@@ -20829,7 +20949,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	userdom_read_user_tmp_files(gssd_t) 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.12/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/rshd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rshd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -51,7 +51,7 @@
  
  files_list_home(rshd_t)
@@ -20841,7 +20961,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_write_login_records(rshd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.12/policy/modules/services/rsync.te
 --- nsaserefpolicy/policy/modules/services/rsync.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rsync.te	2009-05-11 20:42:00.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rsync.te	2009-05-12 15:30:13.000000000 -0400
 @@ -8,6 +8,13 @@
  
  ## <desc>
@@ -20871,7 +20991,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_can_read_shadow_passwords(rsync_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.12/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/samba.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/samba.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -2,6 +2,9 @@
  #
  # /etc
@@ -20900,7 +21020,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.12/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/samba.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/samba.if	2009-05-12 15:30:13.000000000 -0400
 @@ -4,6 +4,45 @@
  ##	from Windows NT servers.
  ## </summary>
@@ -21300,7 +21420,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.12/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/samba.te	2009-04-27 08:59:49.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/samba.te	2009-05-12 15:30:13.000000000 -0400
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -21769,7 +21889,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow smbcontrol_t nmbd_var_run_t:file { read lock };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.12/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/sasl.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/sasl.te	2009-05-12 15:30:13.000000000 -0400
 @@ -99,6 +99,7 @@
  
  optional_policy(`
@@ -21791,7 +21911,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.12/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.if	2009-05-12 08:58:39.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/sendmail.if	2009-05-12 15:30:13.000000000 -0400
 @@ -59,20 +59,20 @@
  
  ########################################
@@ -21921,7 +22041,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.12/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/sendmail.te	2009-05-12 15:30:13.000000000 -0400
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -22095,7 +22215,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.12/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,3 +1,5 @@
 +/etc/rc\.d/init\.d/setroubleshoot	--	gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
 +
@@ -22104,7 +22224,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.12/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.if	2009-05-12 15:30:13.000000000 -0400
 @@ -16,8 +16,8 @@
  	')
  
@@ -22189,7 +22309,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te	2009-05-12 15:30:13.000000000 -0400
 @@ -11,6 +11,9 @@
  domain_type(setroubleshootd_t)
  init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -22279,7 +22399,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rpm_use_script_fds(setroubleshootd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.fc serefpolicy-3.6.12/policy/modules/services/shorewall.fc
 --- nsaserefpolicy/policy/modules/services/shorewall.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/shorewall.fc	2009-04-30 08:33:41.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/shorewall.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,12 @@
 +
 +/etc/rc\.d/init\.d/shorewall        	--      gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
@@ -22295,7 +22415,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/shorewall-lite(/.*)?           	gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.if serefpolicy-3.6.12/policy/modules/services/shorewall.if
 --- nsaserefpolicy/policy/modules/services/shorewall.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/shorewall.if	2009-04-30 08:29:56.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/shorewall.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,166 @@
 +## <summary>policy for shorewall</summary>
 +
@@ -22465,7 +22585,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.te serefpolicy-3.6.12/policy/modules/services/shorewall.te
 --- nsaserefpolicy/policy/modules/services/shorewall.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/shorewall.te	2009-04-30 08:29:56.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/shorewall.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,102 @@
 +policy_module(shorewall,1.0.0)
 +
@@ -22571,7 +22691,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.12/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/smartmon.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/smartmon.te	2009-05-12 15:30:13.000000000 -0400
 @@ -19,6 +19,10 @@
  type fsdaemon_tmp_t;
  files_tmp_file(fsdaemon_tmp_t)
@@ -22631,7 +22751,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.6.12/policy/modules/services/snmp.fc
 --- nsaserefpolicy/policy/modules/services/snmp.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/snmp.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/snmp.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -20,5 +20,5 @@
  
  /var/net-snmp(/.*)		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
@@ -22641,7 +22761,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.12/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/snmp.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/snmp.te	2009-05-12 15:30:13.000000000 -0400
 @@ -71,6 +71,7 @@
  corenet_tcp_bind_snmp_port(snmpd_t)
  corenet_udp_bind_snmp_port(snmpd_t)
@@ -22652,7 +22772,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_sysfs(snmpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.6.12/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/snort.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/snort.te	2009-05-12 15:30:13.000000000 -0400
 @@ -56,6 +56,7 @@
  files_pid_filetrans(snort_t, snort_var_run_t, file)
  
@@ -22685,7 +22805,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,15 +1,24 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -22716,7 +22836,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/MIMEDefang(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.12/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.if	2009-05-12 15:30:13.000000000 -0400
 @@ -111,6 +111,7 @@
  	')
  
@@ -22805,7 +22925,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.12/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te	2009-05-12 09:01:37.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te	2009-05-12 15:30:13.000000000 -0400
 @@ -20,6 +20,35 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs, true)
@@ -23103,7 +23223,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.12/policy/modules/services/squid.fc
 --- nsaserefpolicy/policy/modules/services/squid.fc	2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/squid.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/squid.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -6,7 +6,11 @@
  /usr/sbin/squid		--	gen_context(system_u:object_r:squid_exec_t,s0)
  /usr/share/squid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
@@ -23118,7 +23238,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/spool/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.12/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/squid.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/squid.if	2009-05-12 15:30:13.000000000 -0400
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -23147,7 +23267,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.12/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/squid.te	2009-04-28 11:44:05.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/squid.te	2009-05-12 15:30:13.000000000 -0400
 @@ -118,6 +118,9 @@
  
  fs_getattr_all_fs(squid_t)
@@ -23169,7 +23289,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.12/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ssh.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ssh.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -14,3 +14,5 @@
  /usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
  
@@ -23178,7 +23298,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.12/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ssh.if	2009-04-29 10:46:37.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ssh.if	2009-05-12 15:30:13.000000000 -0400
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -23448,7 +23568,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.12/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ssh.te	2009-05-08 12:48:13.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ssh.te	2009-05-12 15:30:13.000000000 -0400
 @@ -41,6 +41,9 @@
  files_tmp_file(sshd_tmp_t)
  files_poly_parent(sshd_tmp_t)
@@ -23618,7 +23738,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.12/policy/modules/services/sssd.fc
 --- nsaserefpolicy/policy/modules/services/sssd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/sssd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,6 @@
 +
 +/usr/sbin/sssd	--	gen_context(system_u:object_r:sssd_exec_t,s0)
@@ -23628,7 +23748,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/sss(/.*)?			gen_context(system_u:object_r:sssd_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.12/policy/modules/services/sssd.if
 --- nsaserefpolicy/policy/modules/services/sssd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/sssd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,249 @@
 +
 +## <summary>policy for sssd</summary>
@@ -23881,7 +24001,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.12/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.te	2009-04-29 10:01:55.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/sssd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,74 @@
 +policy_module(sssd,1.0.0)
 +
@@ -23959,7 +24079,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.6.12/policy/modules/services/tftp.if
 --- nsaserefpolicy/policy/modules/services/tftp.if	2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/tftp.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/tftp.if	2009-05-12 15:30:13.000000000 -0400
 @@ -2,6 +2,24 @@
  
  ########################################
@@ -23987,7 +24107,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.6.12/policy/modules/services/tor.te
 --- nsaserefpolicy/policy/modules/services/tor.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/tor.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/tor.te	2009-05-12 15:30:13.000000000 -0400
 @@ -34,7 +34,7 @@
  # tor local policy
  #
@@ -23999,7 +24119,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow tor_t self:netlink_route_socket r_netlink_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.fc serefpolicy-3.6.12/policy/modules/services/ulogd.fc
 --- nsaserefpolicy/policy/modules/services/ulogd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ulogd.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ulogd.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,10 @@
 +
 +/etc/rc\.d/init\.d/ulogd                --              gen_context(system_u:object_r:ulogd_initrc_exec_t,s0)
@@ -24013,7 +24133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/ulogd(/.*)?					gen_context(system_u:object_r:ulogd_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.6.12/policy/modules/services/ulogd.if
 --- nsaserefpolicy/policy/modules/services/ulogd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ulogd.if	2009-04-30 08:29:56.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ulogd.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,146 @@
 +## <summary>policy for ulogd</summary>
 +
@@ -24163,7 +24283,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.6.12/policy/modules/services/ulogd.te
 --- nsaserefpolicy/policy/modules/services/ulogd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ulogd.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/ulogd.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,51 @@
 +policy_module(ulogd,1.0.0)
 +
@@ -24218,7 +24338,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive ulogd_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.12/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/uucp.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/uucp.te	2009-05-12 15:30:13.000000000 -0400
 @@ -129,6 +129,7 @@
  optional_policy(`
  	mta_send_mail(uux_t)
@@ -24229,7 +24349,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.12/policy/modules/services/virt.fc
 --- nsaserefpolicy/policy/modules/services/virt.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/virt.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/virt.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -8,5 +8,16 @@
  
  /var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
@@ -24249,7 +24369,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:svirt_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.12/policy/modules/services/virt.if
 --- nsaserefpolicy/policy/modules/services/virt.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/virt.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/virt.if	2009-05-12 15:30:13.000000000 -0400
 @@ -2,28 +2,6 @@
  
  ########################################
@@ -24413,7 +24533,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-05-08 12:01:14.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-05-12 15:30:13.000000000 -0400
 @@ -8,19 +8,31 @@
  
  ## <desc>
@@ -24726,7 +24846,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.12/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/w3c.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/w3c.te	2009-05-12 15:30:13.000000000 -0400
 @@ -8,11 +8,18 @@
  
  apache_content_template(w3c_validator)
@@ -24748,7 +24868,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.12/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/xserver.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -3,12 +3,16 @@
  #
  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -24818,7 +24938,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.12/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.if	2009-05-08 12:47:46.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/xserver.if	2009-05-12 15:30:13.000000000 -0400
 @@ -90,7 +90,7 @@
  	allow $2 xauth_home_t:file manage_file_perms;
  	allow $2 xauth_home_t:file { relabelfrom relabelto };
@@ -25468,7 +25588,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.12/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.te	2009-05-12 13:45:25.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/xserver.te	2009-05-12 15:30:13.000000000 -0400
 @@ -34,6 +34,13 @@
  
  ## <desc>
@@ -26200,7 +26320,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.12/policy/modules/services/zosremote.if
 --- nsaserefpolicy/policy/modules/services/zosremote.if	2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/zosremote.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/zosremote.if	2009-05-12 15:30:13.000000000 -0400
 @@ -12,7 +12,7 @@
  #
  interface(`zosremote_domtrans',`
@@ -26212,7 +26332,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
          domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.6.12/policy/modules/system/application.if
 --- nsaserefpolicy/policy/modules/system/application.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/application.if	2009-05-12 13:54:23.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/application.if	2009-05-12 15:30:13.000000000 -0400
 @@ -2,7 +2,7 @@
  
  ########################################
@@ -26246,7 +26366,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.12/policy/modules/system/application.te
 --- nsaserefpolicy/policy/modules/system/application.te	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/application.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/application.te	2009-05-12 15:30:13.000000000 -0400
 @@ -7,8 +7,18 @@
  # Executables to be run by user
  attribute application_exec_type;
@@ -26268,7 +26388,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.12/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -7,12 +7,10 @@
  /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
  /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
@@ -26297,7 +26417,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.12/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.if	2009-05-01 09:46:46.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.if	2009-05-13 13:51:40.000000000 -0400
 @@ -43,20 +43,38 @@
  interface(`auth_login_pgm_domain',`
  	gen_require(`
@@ -26638,7 +26758,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.12/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.te	2009-05-12 15:30:13.000000000 -0400
 @@ -12,7 +12,7 @@
  
  type chkpwd_t, can_read_shadow_passwords;
@@ -26720,7 +26840,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  mls_file_read_all_levels(pam_console_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.12/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/fstools.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/fstools.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -26736,7 +26856,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.12/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/fstools.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/fstools.te	2009-05-12 15:30:13.000000000 -0400
 @@ -97,6 +97,10 @@
  fs_getattr_tmpfs_dirs(fsadm_t)
  fs_read_tmpfs_symlinks(fsadm_t)
@@ -26767,7 +26887,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.6.12/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/hostname.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/hostname.te	2009-05-12 15:30:13.000000000 -0400
 @@ -8,7 +8,9 @@
  
  type hostname_t;
@@ -26781,7 +26901,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.12/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/init.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/init.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -4,8 +4,7 @@
  /etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
  
@@ -26803,7 +26923,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.12/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/init.if	2009-04-29 14:42:44.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/init.if	2009-05-12 15:30:13.000000000 -0400
 @@ -174,6 +174,7 @@
  	role system_r types $1;
  
@@ -27014,7 +27134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/init.te	2009-05-07 14:39:32.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/init.te	2009-05-12 15:30:13.000000000 -0400
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart,false)
@@ -27404,7 +27524,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.12/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/ipsec.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/ipsec.te	2009-05-12 15:30:13.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(ipsec, 1.9.1)
@@ -27489,7 +27609,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_urand(racoon_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.12/policy/modules/system/iptables.fc
 --- nsaserefpolicy/policy/modules/system/iptables.fc	2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/iptables.fc	2009-04-30 18:57:54.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/iptables.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,9 +1,10 @@
 -/sbin/ip6tables.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /sbin/ipchains.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
@@ -27508,7 +27628,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/var/lib/shorewall(/.*)? --	gen_context(system_u:object_r:iptables_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.12/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/iptables.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/iptables.te	2009-05-12 15:30:13.000000000 -0400
 @@ -53,6 +53,7 @@
  mls_file_read_all_levels(iptables_t)
  
@@ -27519,7 +27639,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.6.12/policy/modules/system/iscsi.if
 --- nsaserefpolicy/policy/modules/system/iscsi.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/iscsi.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/iscsi.if	2009-05-12 15:30:13.000000000 -0400
 @@ -17,3 +17,43 @@
  
  	domtrans_pattern($1,iscsid_exec_t,iscsid_t)
@@ -27566,7 +27686,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.12/policy/modules/system/iscsi.te
 --- nsaserefpolicy/policy/modules/system/iscsi.te	2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/iscsi.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/iscsi.te	2009-05-12 15:30:13.000000000 -0400
 @@ -55,6 +55,7 @@
  files_pid_filetrans(iscsid_t,iscsi_var_run_t,file)
  
@@ -27586,7 +27706,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +miscfiles_read_localization(iscsid_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/libraries.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -27784,7 +27904,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.12/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/libraries.te	2009-05-12 15:30:13.000000000 -0400
 @@ -52,11 +52,11 @@
  # ldconfig local policy
  #
@@ -27843,7 +27963,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.12/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/locallogin.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/locallogin.te	2009-05-12 15:30:13.000000000 -0400
 @@ -67,6 +67,7 @@
  dev_setattr_power_mgmt_dev(local_login_t)
  dev_getattr_sound_dev(local_login_t)
@@ -27920,7 +28040,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.12/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/logging.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/logging.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -53,15 +53,18 @@
  /var/named/chroot/var/log -d	gen_context(system_u:object_r:var_log_t,s0)
  ')
@@ -27946,7 +28066,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.12/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/logging.if	2009-04-24 09:01:14.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/logging.if	2009-05-12 15:30:13.000000000 -0400
 @@ -623,7 +623,7 @@
  	')
  
@@ -27967,7 +28087,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.12/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/logging.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/logging.te	2009-05-12 15:30:13.000000000 -0400
 @@ -126,7 +126,7 @@
  allow auditd_t self:process { signal_perms setpgid setsched };
  allow auditd_t self:file rw_file_perms;
@@ -28062,7 +28182,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.6.12/policy/modules/system/lvm.fc
 --- nsaserefpolicy/policy/modules/system/lvm.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/lvm.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/lvm.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -55,6 +55,7 @@
  /sbin/lvs		--	gen_context(system_u:object_r:lvm_exec_t,s0)
  /sbin/lvscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -28078,7 +28198,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.12/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/lvm.te	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/lvm.te	2009-05-12 15:30:13.000000000 -0400
 @@ -10,6 +10,9 @@
  type clvmd_exec_t;
  init_daemon_domain(clvmd_t,clvmd_exec_t)
@@ -28301,7 +28421,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.12/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/modutils.te	2009-05-08 12:50:09.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/modutils.te	2009-05-12 15:30:13.000000000 -0400
 @@ -42,7 +42,7 @@
  # insmod local policy
  #
@@ -28416,7 +28536,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.12/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/mount.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/mount.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,9 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -28430,7 +28550,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.12/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/mount.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/mount.if	2009-05-12 15:30:13.000000000 -0400
 @@ -43,9 +43,11 @@
  
  	mount_domtrans($1)
@@ -28468,7 +28588,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.12/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/mount.te	2009-05-06 07:59:38.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/mount.te	2009-05-12 15:30:13.000000000 -0400
 @@ -18,17 +18,22 @@
  init_system_domain(mount_t,mount_exec_t)
  role system_r types mount_t;
@@ -28694,7 +28814,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.12/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/selinuxutil.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/selinuxutil.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -6,13 +6,13 @@
  /etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
  /etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
@@ -28735,7 +28855,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.12/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/selinuxutil.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/selinuxutil.if	2009-05-12 15:30:13.000000000 -0400
 @@ -535,6 +535,53 @@
  
  ########################################
@@ -29126,7 +29246,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.12/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/selinuxutil.te	2009-04-23 23:08:07.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/selinuxutil.te	2009-05-12 15:30:13.000000000 -0400
 @@ -23,6 +23,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -29500,7 +29620,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.12/policy/modules/system/setrans.if
 --- nsaserefpolicy/policy/modules/system/setrans.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/setrans.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/setrans.if	2009-05-12 15:30:13.000000000 -0400
 @@ -21,3 +21,23 @@
  	stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
  	files_list_pids($1)
@@ -29527,7 +29647,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.12/policy/modules/system/sysnetwork.fc
 --- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.fc	2009-04-23 10:45:08.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -11,15 +11,20 @@
  /etc/dhclient-script	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
  /etc/dhcpc.*			gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -29558,7 +29678,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.12/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.if	2009-04-30 18:03:37.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.if	2009-05-12 15:30:13.000000000 -0400
 @@ -43,6 +43,39 @@
  
  	sysnet_domtrans_dhcpc($1)
@@ -29729,7 +29849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.12/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te	2009-04-30 18:03:46.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te	2009-05-12 15:30:13.000000000 -0400
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -29916,7 +30036,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xen_append_log(ifconfig_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.12/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2009-04-07 15:53:36.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/udev.te	2009-05-04 14:18:49.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/udev.te	2009-05-12 15:30:13.000000000 -0400
 @@ -50,6 +50,7 @@
  allow udev_t self:unix_stream_socket connectto;
  allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -29977,7 +30097,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xen_manage_log(udev_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.12/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/unconfined.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/unconfined.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,16 +1 @@
  # Add programs here which should not be confined by SELinux
 -# e.g.:
@@ -29997,7 +30117,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.12/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/unconfined.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/unconfined.if	2009-05-12 15:30:13.000000000 -0400
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -30493,7 +30613,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.12/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/unconfined.te	2009-04-28 09:51:35.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/unconfined.te	2009-05-12 15:30:13.000000000 -0400
 @@ -1,231 +1,9 @@
  
 -policy_module(unconfined, 3.0.0)
@@ -30730,7 +30850,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.12/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,4 +1,7 @@
  HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
 +HOME_DIR	-l	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -30742,7 +30862,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if	2009-05-12 13:51:30.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.if	2009-05-12 15:30:13.000000000 -0400
 @@ -30,8 +30,9 @@
  	')
  
@@ -32672,7 +32792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.12/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.te	2009-05-05 08:21:50.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.te	2009-05-12 15:30:13.000000000 -0400
 @@ -8,13 +8,6 @@
  
  ## <desc>
@@ -32760,12 +32880,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow userdomain userdomain:process signull;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.fc serefpolicy-3.6.12/policy/modules/system/virtual.fc
 --- nsaserefpolicy/policy/modules/system/virtual.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/virtual.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/virtual.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1 @@
 +# No application file contexts.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.if serefpolicy-3.6.12/policy/modules/system/virtual.if
 --- nsaserefpolicy/policy/modules/system/virtual.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/virtual.if	2009-05-08 13:09:00.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/virtual.if	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,119 @@
 +## <summary>Virtual machine emulator and virtualizer</summary>
 +
@@ -32888,7 +33008,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.12/policy/modules/system/virtual.te
 --- nsaserefpolicy/policy/modules/system/virtual.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/virtual.te	2009-05-08 13:08:19.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/virtual.te	2009-05-12 15:30:13.000000000 -0400
 @@ -0,0 +1,79 @@
 +
 +policy_module(virtualization, 1.1.2)
@@ -32971,7 +33091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.12/policy/modules/system/xen.fc
 --- nsaserefpolicy/policy/modules/system/xen.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/xen.fc	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/xen.fc	2009-05-12 15:30:13.000000000 -0400
 @@ -1,32 +1,31 @@
  /dev/xen/tapctrl.*	-p	gen_context(system_u:object_r:xenctl_t,s0)
  
@@ -33013,7 +33133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.12/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/xen.if	2009-04-30 18:08:14.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/xen.if	2009-05-12 15:30:13.000000000 -0400
 @@ -71,6 +71,8 @@
  	')
  
@@ -33088,7 +33208,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.12/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/xen.te	2009-05-05 14:42:25.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/xen.te	2009-05-14 08:26:03.000000000 -0400
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -33275,7 +33395,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_write_xen_state(xenstored_t)
  kernel_read_xen_state(xenstored_t)
  
-@@ -312,24 +358,28 @@
+@@ -304,6 +350,7 @@
+ #
+ 
+ allow xm_t self:capability { dac_override ipc_lock sys_tty_config };
++allow xm_t self:process signal;
+ 
+ # internal communication is often done using fifo and unix sockets.
+ allow xm_t self:fifo_file rw_fifo_file_perms;
+@@ -312,24 +359,28 @@
  
  manage_files_pattern(xm_t,xend_var_lib_t,xend_var_lib_t)
  manage_fifo_files_pattern(xm_t,xend_var_lib_t,xend_var_lib_t)
@@ -33301,11 +33429,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_soundd_port(xm_t)
  
  dev_read_urand(xm_t)
-+dev_search_sysfs(xm_t)
++dev_read_sysfs(xm_t)
  
  files_read_etc_runtime_files(xm_t)
  files_read_usr_files(xm_t)
-@@ -339,15 +389,58 @@
+@@ -339,15 +390,64 @@
  
  storage_raw_read_fixed_disk(xm_t)
  
@@ -33331,6 +33459,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	virt_stream_connect(xm_t)
 +')
 +
++########################################
++#
++# SSH component local policy
++#
++ssh_basic_client_template(xm,xm_t,system_r)
++
 +#Should have a boolean wrapping these
 +fs_list_auto_mountpoints(xend_t)
 +files_search_mnt(xend_t)
@@ -33367,7 +33501,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/ipc_patterns.spt serefpolicy-3.6.12/policy/support/ipc_patterns.spt
 --- nsaserefpolicy/policy/support/ipc_patterns.spt	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/support/ipc_patterns.spt	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/support/ipc_patterns.spt	2009-05-12 15:30:13.000000000 -0400
 @@ -3,12 +3,12 @@
  #
  define(`stream_connect_pattern',`
@@ -33385,7 +33519,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.12/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/support/obj_perm_sets.spt	2009-05-07 10:32:41.000000000 -0400
++++ serefpolicy-3.6.12/policy/support/obj_perm_sets.spt	2009-05-12 15:30:13.000000000 -0400
 @@ -201,7 +201,7 @@
  define(`setattr_file_perms',`{ setattr }')
  define(`read_file_perms',`{ getattr open read lock ioctl }')
@@ -33420,7 +33554,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.12/policy/users
 --- nsaserefpolicy/policy/users	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.12/policy/users	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/users	2009-05-12 15:30:13.000000000 -0400
 @@ -25,11 +25,8 @@
  # permit any access to such users, then remove this entry.
  #
@@ -33447,7 +33581,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.12/Rules.modular
 --- nsaserefpolicy/Rules.modular	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/Rules.modular	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/Rules.modular	2009-05-12 15:30:13.000000000 -0400
 @@ -73,8 +73,8 @@
  $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
  	@echo "Compliling $(NAME) $(@F) module"
@@ -33479,7 +33613,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
  $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.12/support/Makefile.devel
 --- nsaserefpolicy/support/Makefile.devel	2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.12/support/Makefile.devel	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/support/Makefile.devel	2009-05-12 15:30:13.000000000 -0400
 @@ -185,8 +185,7 @@
  tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
  	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 94eba3d..41bc6b8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 35%{?dist}
+Release: 36%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -473,6 +473,9 @@ exit 0
 %endif
 
 %changelog
+* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-36
+- Allow brctl to r/w tun_tap_device_t
+
 * Mon May 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-35
 - Add /usr/share/selinux/packages
 - Turn on nsplugin boolean