diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 6201dbf..fd3cb66 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -2,8 +2,14 @@
 ## <summary>Policy for filesystems.</summary>
 
 ########################################
-#
-# fs_make_fs(type)
+## <interface name="fs_make_fs">
+##	<description>
+##		Transform specified type into a filesystem type.
+##	</description>
+##	<parameter name="domain">
+##		The type of the process performing this action.
+##	</parameter>
+## </interface>
 #
 define(`fs_make_fs',`
 	requires_block_template(`$0'_depend)
@@ -16,8 +22,17 @@ define(`fs_make_fs_depend',`
 ')
 
 ########################################
-#
-# fs_associate(type)
+## <interface name="fs_associate">
+##	<description>
+##		Associate the specified file type to persistent
+##		filesystems with extended attributes.  This
+##		allows a file of this type to be created on
+##		a filesystem such as ext3, JFS, and XFS.
+##	</description>
+##	<parameter name="file_type">
+##		The type of the to be associated.
+##	</parameter>
+## </interface>
 #
 define(`fs_associate',`
 	requires_block_template(`$0'_depend)
@@ -32,126 +47,187 @@ define(`fs_associate_depend',`
 ')
 
 ########################################
+## <interface name="fs_associate_noxattr">
+##	<description>
+##		Associate the specified file type to
+##		filesystems which lack extended attributes
+##		support.  This allows a file of this type
+##		to be created on a filesystem such as
+##		FAT32, and NFS.
+##	</description>
+##	<parameter name="file_type">
+##		The type of the to be associated.
+##	</parameter>
+## </interface>
 #
-# fs_noxattr_associate(type)
-#
-define(`fs_noxattr_associate',`
+define(`fs_associate_noxattr',`
 	requires_block_template(`$0'_depend)
 
-	allow $1 autofs_t:filesystem associate;
-	allow $1 cifs_t:filesystem associate;
-	allow $1 dosfs_t:filesystem associate;
-	allow $1 iso9660_t:filesystem associate;
-	allow $1 nfs_t:filesystem associate;
-	allow $1 removable_t:filesystem associate;
-	allow $1 usbfs_t:filesystem associate;
+	allow $1 noxattrfs:filesystem associate;
 ')
 
-define(`fs_noxattr_associate_depend',`
-	type fs_t, nfs_t, cifs_t, dosfs_t, iso9660_t, autofs_t, usbfs_t, removable_t;
+define(`fs_associate_noxattr_depend',`
+	attribute noxattrfs;
 
 	class filesystem associate;
 ')
 
 ########################################
+## <interface name="fs_mount_xattr_fs">
+##	<description>
+##		Mount a persistent filesystem which
+##		has extended attributes, such as
+##		ext3, JFS, or XFS.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_mount_persistent_fs(domain)
-#
-define(`fs_mount_persistent_fs',`
+define(`fs_mount_xattr_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 fs_t:filesystem mount;
 ')
 
-define(`fs_mount_persistent_fs_depend',`
+define(`fs_mount_xattr_fs_depend',`
 	type fs_t;
 
 	class filesystem mount;
 ')
 
 ########################################
+## <interface name="fs_remount_xattr_fs">
+##	<description>
+##		Remount a persistent filesystem which
+##		has extended attributes, such as
+##		ext3, JFS, or XFS.  This allows
+##		some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_remount_persistent_fs(domain)
-#
-define(`fs_remount_persistent_fs',`
+define(`fs_remount_xattr_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 fs_t:filesystem remount;
 ')
 
-define(`fs_remount_persistent_fs_depend',`
+define(`fs_remount_xattr_fs_depend',`
 	type fs_t;
 
 	class filesystem remount;
 ')
 
 ########################################
+## <interface name="fs_unmount_xattr_fs">
+##	<description>
+##		Unmount a persistent filesystem which
+##		has extended attributes, such as
+##		ext3, JFS, or XFS.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_unmount_persistent_fs(domain)
-#
-define(`fs_unmount_persistent_fs',`
+define(`fs_unmount_xattr_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 fs_t:filesystem mount;
 ')
 
-define(`fs_unmount_persistent_fs_depend',`
+define(`fs_unmount_xattr_fs_depend',`
 	type fs_t;
 
 	class filesystem unmount;
 ')
 
 ########################################
+## <interface name="fs_getattr_xattr_fs">
+##	<description>
+##		Get the attributes of a persistent
+##		filesystem which has extended
+##		attributes, such as ext3, JFS, or XFS.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_getattr_persistent_fs(domain)
-#
-define(`fs_getattr_persistent_fs',`
+define(`fs_getattr_xattr_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 fs_t:filesystem getattr;
 ')
 
-define(`fs_getattr_persistent_fs_depend',`
+define(`fs_getattr_xattr_fs_depend',`
 	type fs_t;
 
 	class filesystem getattr;
 ')
 
 ########################################
+## <interface name="fs_dontaudit_getattr_xattr_fs">
+##	<description>
+##		Do not audit attempts to
+##		get the attributes of a persistent
+##		filesystem which has extended
+##		attributes, such as ext3, JFS, or XFS.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain to not audit.
+##	</parameter>
+## </interface>
 #
-# fs_ignore_getattr_persistent_fs(domain)
-#
-define(`fs_ignore_getattr_persistent_fs',`
+define(`fs_ignore_getattr_xattr_fs',`
 	requires_block_template(`$0'_depend)
 
 	dontaudit $1 fs_t:filesystem getattr;
 ')
 
-define(`fs_ignore_getattr_persistent_fs_depend',`
+define(`fs_ignore_getattr_xattr_fs_depend',`
 	type fs_t;
 
 	class filesystem getattr;
 ')
 
 ########################################
+## <interface name="fs_relabelfrom_xattr_fs">
+##	<description>
+##		Allow changing of the label of a
+##		filesystem with extended attributes
+##		using the context= mount option.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_relabelfrom_persistent_fs(domain)
-#
-define(`fs_relabelfrom_persistent_fs',`
+define(`fs_relabelfrom_xattr_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 fs_t:filesystem relabelfrom;
 ')
 
-define(`fs_relabelfrom_persistent_fs_depend',`
+define(`fs_relabelfrom_xattr_fs_depend',`
 	type fs_t;
 
 	class filesystem relabelfrom;
 ')
 
 ########################################
-#
-# fs_mount_autofs(domain)
+## <interface name="fs_mount_autofs">
+##	<description>
+##		Mount an automount pseudo filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_autofs',`
 	requires_block_template(`$0'_depend)
@@ -164,9 +240,17 @@ define(`fs_mount_autofs_depend',`
 	class filesystem mount;
 ')
 
+
 ########################################
-#
-# fs_remount_autofs(domain)
+## <interface name="fs_remount_autofs">
+##	<description>
+##		Remount an automount pseudo filesystem
+##		This allows some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_autofs',`
 	requires_block_template(`$0'_depend)
@@ -181,8 +265,14 @@ define(`fs_remount_autofs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_autofs(domain)
+## <interface name="fs_unmount_autofs">
+##	<description>
+##		Unmount an automount pseudo filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_autofs',`
 	requires_block_template(`$0'_depend)
@@ -197,8 +287,16 @@ define(`fs_unmount_autofs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_autofs(domain)
+## <interface name="fs_getattr_autofs">
+##	<description>
+##		Get the attributes of an automount
+##		pseudo filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_autofs',`
 	requires_block_template(`$0'_depend)
@@ -213,8 +311,21 @@ define(`fs_getattr_autofs_depend',`
 ')
 
 ########################################
-#
-# fs_register_binary_executable_type(domain)
+## <interface name="fs_register_binary_executable_type">
+##	<description>
+##		Register an interpreter for new binary
+##		file types, using the kernel binfmt_misc
+##		support.  A common use for this is to
+##		register a JVM as an interpreter for
+##		Java byte code.  Registered binaries
+##		can be directly executed on a command line
+##		without specifying the interpreter.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain registering
+##		the interpreter.
+##	</parameter>
+## </interface>
 #
 define(`fs_register_binary_executable_type',`
 	requires_block_template(`$0'_depend)
@@ -231,8 +342,14 @@ define(`fs_register_binary_executable_type_depend',`
 ')
 
 ########################################
-#
-# fs_mount_cifs(domain)
+## <interface name="fs_mount_cifs">
+##	<description>
+##		Mount a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_cifs',`
 	requires_block_template(`$0'_depend)
@@ -247,8 +364,15 @@ define(`fs_mount_cifs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_cifs(domain)
+## <interface name="fs_remount_cifs">
+##	<description>
+##		Remount a CIFS or SMB network filesystem.
+##		This allows some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_cifs',`
 	requires_block_template(`$0'_depend)
@@ -263,8 +387,14 @@ define(`fs_remount_cifs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_cifs(domain)
+## <interface name="fs_unmount_cifs">
+##	<description>
+##		Unmount a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_cifs',`
 	requires_block_template(`$0'_depend)
@@ -279,8 +409,16 @@ define(`fs_unmount_cifs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_cifs(domain)
+## <interface name="fs_getattr_cifs">
+##	<description>
+##		Get the attributes of a CIFS or
+##		SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_cifs',`
 	requires_block_template(`$0'_depend)
@@ -295,8 +433,16 @@ define(`fs_getattr_cifs_depend',`
 ')
 
 ########################################
-#
-# fs_execute_cifs_files(domain)
+## <interface name="fs_execute_cifs_files">
+##	<description>
+##		Execute files on a CIFS or SMB
+##		network filesystem, in the caller
+##		domain.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain executing the files.
+##	</parameter>
+## </interface>
 #
 define(`fs_execute_cifs_files',`
 	requires_block_template(`$0'_depend)
@@ -313,24 +459,38 @@ define(`fs_execute_cifs_files_depend',`
 ')
 
 ########################################
+## <interface name="fs_manage_cifs_dirs">
+##	<description>
+##		Create, read, write, and delete directories
+##		on a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the directories.
+##	</parameter>
+## </interface>
 #
-# fs_manage_cifs_directories(domain)
-#
-define(`fs_manage_cifs_directories',`
+define(`fs_manage_cifs_dirs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 cifs_t:dir create_file_perms;
 ')
 
-define(`fs_manage_cifs_directories_depend',`
+define(`fs_manage_cifs_dirs_depend',`
 	type cifs_t;
 
 	class dir create_file_perms;
 ')
 
 ########################################
-#
-# fs_manage_cifs_files(domain)
+## <interface name="fs_manage_cifs_files">
+##	<description>
+##		Create, read, write, and delete files
+##		on a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the files.
+##	</parameter>
+## </interface>
 #
 define(`fs_manage_cifs_files',`
 	requires_block_template(`$0'_depend)
@@ -347,17 +507,24 @@ define(`fs_manage_cifs_files_depend',`
 ')
 
 ########################################
+## <interface name="fs_manage_cifs_symlinks">
+##	<description>
+##		Create, read, write, and delete symbolic links
+##		on a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the symbolic links.
+##	</parameter>
+## </interface>
 #
-# fs_manage_cifs_symbolic_links(domain)
-#
-define(`fs_manage_cifs_symbolic_links',`
+define(`fs_manage_cifs_symlinks',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 cifs_t:dir rw_dir_perms;
 	allow $1 cifs_t:lnk_file create_lnk_perms;
 ')
 
-define(`fs_manage_cifs_symbolic_links_depend',`
+define(`fs_manage_cifs_symlinks_depend',`
 	type cifs_t;
 
 	class dir rw_dir_perms;
@@ -365,8 +532,15 @@ define(`fs_manage_cifs_symbolic_links_depend',`
 ')
 
 ########################################
-#
-# fs_manage_cifs_named_pipes(domain)
+## <interface name="fs_manage_cifs_named_pipes">
+##	<description>
+##		Create, read, write, and delete named pipes
+##		on a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the pipes.
+##	</parameter>
+## </interface>
 #
 define(`fs_manage_cifs_named_pipes',`
 	requires_block_template(`$0'_depend)
@@ -383,8 +557,15 @@ define(`fs_manage_cifs_named_pipes_depend',`
 ')
 
 ########################################
-#
-# fs_manage_cifs_named_sockets(domain)
+## <interface name="fs_manage_cifs_named_sockets">
+##	<description>
+##		Create, read, write, and delete named sockets
+##		on a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the sockets.
+##	</parameter>
+## </interface>
 #
 define(`fs_manage_cifs_named_sockets',`
 	requires_block_template(`$0'_depend)
@@ -401,8 +582,15 @@ define(`fs_manage_cifs_named_sockets_depend',`
 ')
 
 ########################################
-#
-# fs_mount_dos_fs(domain)
+## <interface name="fs_mount_dos_fs">
+##	<description>
+##		Mount a DOS filesystem, such as
+##		FAT32 or NTFS.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_dos_fs',`
 	requires_block_template(`$0'_depend)
@@ -417,8 +605,16 @@ define(`fs_mount_dos_fs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_dos_fs(domain)
+## <interface name="fs_remount_dos_fs">
+##	<description>
+##		Remount a DOS filesystem, such as
+##		FAT32 or NTFS.  This allows
+##		some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_dos_fs',`
 	requires_block_template(`$0'_depend)
@@ -433,8 +629,15 @@ define(`fs_remount_dos_fs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_dos_fs(domain)
+## <interface name="fs_unmount_dos_fs">
+##	<description>
+##		Unmount a DOS filesystem, such as
+##		FAT32 or NTFS.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_dos_fs',`
 	requires_block_template(`$0'_depend)
@@ -449,8 +652,16 @@ define(`fs_unmount_dos_fs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_dos_fs(domain)
+## <interface name="fs_getattr_dos_fs">
+##	<description>
+##		Get the attributes of a DOS
+##		filesystem, such as FAT32 or NTFS.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_dos_fs',`
 	requires_block_template(`$0'_depend)
@@ -465,8 +676,15 @@ define(`fs_getattr_dos_fs_depend',`
 ')
 
 ########################################
-#
-# fs_relabelfrom_dos_fs(domain)
+## <interface name="fs_relabelfrom_dos_fs">
+##	<description>
+##		Allow changing of the label of a
+##		DOS filesystem using the context= mount option.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_relabelfrom_dos_fs',`
 	requires_block_template(`$0'_depend)
@@ -481,72 +699,108 @@ define(`fs_relabelfrom_dos_fs_depend',`
 ')
 
 ########################################
+## <interface name="fs_mount_iso9660_fs">
+##	<description>
+##		Mount an iso9660 filesystem, which
+##		is usually used on CDs.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_mount_cd_fs(domain)
-#
-define(`fs_mount_cd_fs',`
+define(`fs_mount_iso9660_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 iso9660_t:filesystem mount;
 ')
 
-define(`fs_mount_cd_fs_depend',`
+define(`fs_mount_iso9660_fs_depend',`
 	type iso9660_t;
 
 	class filesystem mount;
 ')
 
 ########################################
+## <interface name="fs_remount_iso9660_fs">
+##	<description>
+##		Remount an iso9660 filesystem, which
+##		is usually used on CDs.  This allows
+##		some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_remount_cd_fs(domain)
-#
-define(`fs_remount_cd_fs',`
+define(`fs_remount_iso9660_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 iso9660_t:filesystem remount;
 ')
 
-define(`fs_remount_cd_fs_depend',`
+define(`fs_remount_iso9660_fs_depend',`
 	type iso9660_t;
 
 	class filesystem remount;
 ')
 
 ########################################
+## <interface name="fs_unmount_iso9660_fs">
+##	<description>
+##		Unmount an iso9660 filesystem, which
+##		is usually used on CDs.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_unmount_cd_fs(domain)
-#
-define(`fs_unmount_cd_fs',`
+define(`fs_unmount_iso9660_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 iso9660_t:filesystem mount;
 ')
 
-define(`fs_unmount_cd_fs_depend',`
+define(`fs_unmount_iso9660_fs_depend',`
 	type iso9660_t;
 
 	class filesystem unmount;
 ')
 
 ########################################
+## <interface name="fs_mount_iso9660_fs">
+##	<description>
+##		Get the attributes of an iso9660
+##		filesystem, which is usually used on CDs.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
-# fs_getattr_cd_fs(domain)
-#
-define(`fs_getattr_cd_fs',`
+define(`fs_getattr_iso9660_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 iso9660_t:filesystem getattr;
 ')
 
-define(`fs_getattr_cd_fs_depend',`
+define(`fs_getattr_iso9660_fs_depend',`
 	type iso9660_t;
 
 	class filesystem getattr;
 ')
 
 ########################################
-#
-# fs_mount_nfs(domain)
+## <interface name="fs_mount_nfs">
+##	<description>
+##		Mount a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_nfs',`
 	requires_block_template(`$0'_depend)
@@ -561,8 +815,15 @@ define(`fs_mount_nfs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_nfs(domain)
+## <interface name="fs_remount_nfs">
+##	<description>
+##		Remount a NFS filesystem.  This allows
+##		some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_nfs',`
 	requires_block_template(`$0'_depend)
@@ -577,8 +838,14 @@ define(`fs_remount_nfs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_nfs(domain)
+## <interface name="fs_mount_nfs">
+##	<description>
+##		Unmount a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_nfs',`
 	requires_block_template(`$0'_depend)
@@ -593,8 +860,15 @@ define(`fs_unmount_nfs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_nfs(domain)
+## <interface name="fs_getattr_nfs">
+##	<description>
+##		Get the attributes of a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_nfs',`
 	requires_block_template(`$0'_depend)
@@ -609,8 +883,14 @@ define(`fs_getattr_nfs_depend',`
 ')
 
 ########################################
-#
-# fs_execute_nfs_files(domain)
+## <interface name="fs_execute_nfs_files">
+##	<description>
+##		Execute files on a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain executing the files.
+##	</parameter>
+## </interface>
 #
 define(`fs_execute_nfs_files',`
 	requires_block_template(`$0'_depend)
@@ -627,24 +907,38 @@ define(`fs_execute_nfs_files_depend',`
 ')
 
 ########################################
+## <interface name="fs_manage_nfs_dirs">
+##	<description>
+##		Create, read, write, and delete directories
+##		on a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the directories.
+##	</parameter>
+## </interface>
 #
-# fs_manage_nfs_directories(domain)
-#
-define(`fs_manage_nfs_directories',`
+define(`fs_manage_nfs_dirs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 nfs_t:dir create_dir_perms;
 ')
 
-define(`fs_manage_nfs_directories_depend',`
+define(`fs_manage_nfs_dirs_depend',`
 	type nfs_t;
 
 	class dir create_dir_perms;
 ')
 
 ########################################
-#
-# fs_manage_nfs_files(domain)
+## <interface name="fs_manage_nfs_files">
+##	<description>
+##		Create, read, write, and delete files
+##		on a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the files.
+##	</parameter>
+## </interface>
 #
 define(`fs_manage_nfs_files',`
 	requires_block_template(`$0'_depend)
@@ -660,27 +954,41 @@ define(`fs_manage_nfs_files_depend',`
 	class file create_file_perms;
 ')
 
-########################################
-#
-# fs_manage_nfs_symbolic_links(domain)
+#########################################
+## <interface name="fs_manage_nfs_symlinks">
+##	<description>
+##		Create, read, write, and delete symbolic links
+##		on a CIFS or SMB network filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the symbolic links.
+##	</parameter>
+## </interface>
 #
-define(`fs_manage_nfs_symbolic_links',`
+define(`fs_manage_nfs_symlinks',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 nfs_t:dir rw_dir_perms;
 	allow $1 nfs_t:lnk_file create_lnk_perms;
 ')
 
-define(`fs_manage_nfs_symbolic_links_depend',`
+define(`fs_manage_nfs_symlinks_depend',`
 	type nfs_t;
 
 	class dir r_dir_perms;
 	class lnk_file create_lnk_perms;
 ')
 
-########################################
-#
-# fs_manage_nfs_named_pipes(domain)
+#########################################
+## <interface name="fs_manage_nfs_named_pipes">
+##	<description>
+##		Create, read, write, and delete named pipes
+##		on a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the pipes.
+##	</parameter>
+## </interface>
 #
 define(`fs_manage_nfs_named_pipes',`
 	requires_block_template(`$0'_depend)
@@ -696,9 +1004,16 @@ define(`fs_manage_nfs_named_pipes_depend',`
 	class fifo_file create_file_perms;
 ')
 
-########################################
-#
-# fs_manage_nfs_named_sockets(domain)
+#########################################
+## <interface name="fs_manage_nfs_named_sockets">
+##	<description>
+##		Create, read, write, and delete named sockets
+##		on a NFS filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain managing the sockets.
+##	</parameter>
+## </interface>
 #
 define(`fs_manage_nfs_named_sockets',`
 	requires_block_template(`$0'_depend)
@@ -715,8 +1030,14 @@ define(`fs_manage_nfs_named_sockets_depend',`
 ')
 
 ########################################
-#
-# fs_mount_nfsd_fs(domain)
+## <interface name="fs_mount_nfsd_fs">
+##	<description>
+##		Mount a NFS server pseudo filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_nfsd_fs',`
 	requires_block_template(`$0'_depend)
@@ -731,8 +1052,15 @@ define(`fs_mount_nfsd_fs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_nfsd_fs(domain)
+## <interface name="fs_remount_nfsd_fs">
+##	<description>
+##		Mount a NFS server pseudo filesystem.
+##		This allows some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_nfsd_fs',`
 	requires_block_template(`$0'_depend)
@@ -747,8 +1075,14 @@ define(`fs_remount_nfsd_fs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_nfsd_fs(domain)
+## <interface name="fs_unmount_nfsd_fs">
+##	<description>
+##		Unmount a NFS server pseudo filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_nfsd_fs',`
 	requires_block_template(`$0'_depend)
@@ -763,8 +1097,16 @@ define(`fs_unmount_nfsd_fs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_nfsd_fs(domain)
+## <interface name="fs_getattr_nfsd_fs">
+##	<description>
+##		Get the attributes of a NFS server
+##		pseudo filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_nfsd_fs',`
 	requires_block_template(`$0'_depend)
@@ -779,8 +1121,14 @@ define(`fs_getattr_nfsd_fs_depend',`
 ')
 
 ########################################
-#
-# fs_mount_ramfs(domain)
+## <interface name="fs_mount_ramfs">
+##	<description>
+##		Mount a RAM filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_ramfs',`
 	requires_block_template(`$0'_depend)
@@ -795,8 +1143,15 @@ define(`fs_mount_ramfs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_ramfs(domain)
+## <interface name="fs_remount_ramfs">
+##	<description>
+##		Remount a RAM filesystem.  This allows
+##		some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_ramfs',`
 	requires_block_template(`$0'_depend)
@@ -811,8 +1166,14 @@ define(`fs_remount_ramfs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_ramfs(domain)
+## <interface name="fs_unmount_ramfs">
+##	<description>
+##		Unmount a RAM filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_ramfs',`
 	requires_block_template(`$0'_depend)
@@ -827,8 +1188,15 @@ define(`fs_unmount_ramfs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_ramfs(domain)
+## <interface name="fs_getattr_ramfs">
+##	<description>
+##		Get the attributes of a RAM filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_ramfs',`
 	requires_block_template(`$0'_depend)
@@ -843,8 +1211,14 @@ define(`fs_getattr_ramfs_depend',`
 ')
 
 ########################################
-#
-# fs_mount_romfs(domain)
+## <interface name="fs_mount_romfs">
+##	<description>
+##		Mount a ROM filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_romfs',`
 	requires_block_template(`$0'_depend)
@@ -859,8 +1233,15 @@ define(`fs_mount_romfs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_romfs(domain)
+## <interface name="fs_remount_romfs">
+##	<description>
+##		Remount a ROM filesystem.  This allows
+##		some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_romfs',`
 	requires_block_template(`$0'_depend)
@@ -875,8 +1256,14 @@ define(`fs_remount_romfs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_romfs(domain)
+## <interface name="fs_unmount_romfs">
+##	<description>
+##		Unmount a ROM filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_romfs',`
 	requires_block_template(`$0'_depend)
@@ -891,8 +1278,16 @@ define(`fs_unmount_romfs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_romfs(domain)
+## <interface name="fs_getattr_romfs">
+##	<description>
+##		Get the attributes of a ROM
+##		filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_romfs',`
 	requires_block_template(`$0'_depend)
@@ -907,8 +1302,14 @@ define(`fs_getattr_romfs_depend',`
 ')
 
 ########################################
-#
-# fs_mount_rpc_pipefs(domain)
+## <interface name="fs_mount_rpc_pipefs">
+##	<description>
+##		Mount a RPC pipe filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_rpc_pipefs',`
 	requires_block_template(`$0'_depend)
@@ -923,8 +1324,15 @@ define(`fs_mount_rpc_pipefs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_rpc_pipefs(domain)
+## <interface name="fs_remount_rpc_pipefs">
+##	<description>
+##		Remount a RPC pipe filesystem.  This
+##		allows some mount option to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_rpc_pipefs',`
 	requires_block_template(`$0'_depend)
@@ -939,8 +1347,14 @@ define(`fs_remount_rpc_pipefs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_rpc_pipefs(domain)
+## <interface name="fs_unmount_rpc_pipefs">
+##	<description>
+##		Unmount a RPC pipe filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_rpc_pipefs',`
 	requires_block_template(`$0'_depend)
@@ -955,8 +1369,16 @@ define(`fs_unmount_rpc_pipefs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_rpc_pipefs(domain)
+## <interface name="fs_getattr_rpc_pipefs">
+##	<description>
+##		Get the attributes of a RPC pipe
+##		filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_rpc_pipefs',`
 	requires_block_template(`$0'_depend)
@@ -971,8 +1393,14 @@ define(`fs_getattr_rpc_pipefs_depend',`
 ')
 
 ########################################
-#
-# fs_mount_tmpfs(domain)
+## <interface name="fs_mount_tmpfs">
+##	<description>
+##		Mount a tmpfs filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_tmpfs',`
 	requires_block_template(`$0'_depend)
@@ -987,8 +1415,14 @@ define(`fs_mount_tmpfs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_tmpfs(domain)
+## <interface name="fs_remount_tmpfs">
+##	<description>
+##		Remount a tmpfs filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain remounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_tmpfs',`
 	requires_block_template(`$0'_depend)
@@ -1003,8 +1437,14 @@ define(`fs_remount_tmpfs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_tmpfs(domain)
+## <interface name="fs_unmount_tmpfs">
+##	<description>
+##		Unmount a tmpfs filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_tmpfs',`
 	requires_block_template(`$0'_depend)
@@ -1019,8 +1459,16 @@ define(`fs_unmount_tmpfs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_tmpfs(domain)
+## <interface name="fs_getattr_tmpfs">
+##	<description>
+##		Get the attributes of a tmpfs
+##		filesystem.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_tmpfs',`
 	requires_block_template(`$0'_depend)
@@ -1035,7 +1483,7 @@ define(`fs_getattr_tmpfs_depend',`
 ')
 
 ########################################
-## <interface name="fs_tmpfs_associate">
+## <interface name="fs_associate_tmpfs">
 ##	<description>
 ##		Allow the type to associate to tmpfs filesystems.
 ##	</description>
@@ -1045,13 +1493,13 @@ define(`fs_getattr_tmpfs_depend',`
 ##	<infoflow type="none"/>
 ## </interface>
 #
-define(`fs_tmpfs_associate',`
+define(`fs_associate_tmpfs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 tmpfs_t:filesystem associate;
 ')
 
-define(`fs_tmpfs_associate_depend',`
+define(`fs_associate_tmpfs_depend',`
 	type tmpfs_t;
 
 	class filesystem associate;
@@ -1234,8 +1682,14 @@ define(`fs_manage_tmpfs_block_devices_depend',`
 ')
 
 ########################################
-#
-# fs_mount_all_fs(type)
+## <interface name="fs_mount_all_fs">
+##	<description>
+##		Mount all filesystems.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_mount_all_fs',`
 	requires_block_template(`$0'_depend)
@@ -1250,8 +1704,15 @@ define(`fs_mount_all_fs_depend',`
 ')
 
 ########################################
-#
-# fs_remount_all_fs(type)
+## <interface name="fs_remount_all_fs">
+##	<description>
+##		Remount all filesystems.  This
+##		allows some mount options to be changed.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain mounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_remount_all_fs',`
 	requires_block_template(`$0'_depend)
@@ -1266,8 +1727,14 @@ define(`fs_remount_all_fs_depend',`
 ')
 
 ########################################
-#
-# fs_unmount_all_fs(type)
+## <interface name="fs_unmount_all_fs">
+##	<description>
+##		Unmount all filesystems.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain unmounting the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_unmount_all_fs',`
 	requires_block_template(`$0'_depend)
@@ -1282,8 +1749,16 @@ define(`fs_mount_all_fs_depend',`
 ')
 
 ########################################
-#
-# fs_getattr_all_fs(type)
+## <interface name="fs_getattr_all_fs">
+##	<description>
+##		Get the attributes of all persistent
+##		filesystems.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain doing the
+##		getattr on the filesystem.
+##	</parameter>
+## </interface>
 #
 define(`fs_getattr_all_fs',`
 	requires_block_template(`$0'_depend)
@@ -1298,8 +1773,14 @@ define(`fs_getattr_all_fs_depend',`
 ')
 
 ########################################
-#
-# fs_get_all_fs_quotas(type)
+## <interface name="fs_get_all_fs_quotas">
+##	<description>
+##		Get the quotas of all filesystems.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain getting quotas.
+##	</parameter>
+## </interface>
 #
 define(`fs_get_all_fs_quotas',`
 	requires_block_template(`$0'_depend)
@@ -1314,8 +1795,14 @@ define(`fs_get_all_fs_quotas_depend',`
 ')
 
 ########################################
-#
-# fs_set_all_quotas(type)
+## <interface name="fs_set_all_fs_quotas">
+##	<description>
+##		Set the quotas of all filesystems.
+##	</description>
+##	<parameter name="domain">
+##		The type of the domain setting quotas.
+##	</parameter>
+## </interface>
 #
 define(`fs_set_all_quotas',`
 	requires_block_template(`$0'_depend)
diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te
index 49a1893..3f46cbb 100644
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@@ -2,6 +2,7 @@
 policy_module(filesystem,1.0)
 
 attribute fs_type;
+attribute noxattrfs;
 
 ########################################
 #
@@ -72,19 +73,13 @@ fs_use_trans tmpfs context_template(system_u:object_r:tmpfs_t,s0);
 fs_use_trans shm context_template(system_u:object_r:tmpfs_t,s0);
 
 allow tmpfs_t self:filesystem associate;
-allow tmpfs_t autofs_t:filesystem associate;
-allow tmpfs_t cifs_t:filesystem associate;
-allow tmpfs_t dosfs_t:filesystem associate;
-allow tmpfs_t iso9660_t:filesystem associate;
-allow tmpfs_t nfs_t:filesystem associate;
-allow tmpfs_t removable_t:filesystem associate;
-allow tmpfs_t usbfs_t:filesystem associate;
+allow tmpfs_t noxattrfs:filesystem associate;
 
 ########################################
 #
 # Filesystems without extended attribute support
 #
-type autofs_t, fs_type;
+type autofs_t, fs_type, noxattrfs;
 allow autofs_t self:filesystem associate;
 genfscon autofs / context_template(system_u:object_r:autofs_t,s0)
 genfscon automount / context_template(system_u:object_r:autofs_t,s0)
@@ -93,7 +88,7 @@ genfscon automount / context_template(system_u:object_r:autofs_t,s0)
 # cifs_t is the type for filesystems and their
 # files shared from Windows servers
 #
-type cifs_t alias sambafs_t, fs_type;
+type cifs_t alias sambafs_t, fs_type, noxattrfs;
 allow cifs_t self:filesystem associate;
 genfscon cifs / context_template(system_u:object_r:cifs_t,s0)
 genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
@@ -102,7 +97,7 @@ genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
 # dosfs_t is the type for fat and vfat
 # filesystems and their files.
 #
-type dosfs_t, fs_type;
+type dosfs_t, fs_type, noxattrfs;
 allow dosfs_t self:filesystem associate;
 genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)
 genfscon msdos / context_template(system_u:object_r:dosfs_t,s0)
@@ -113,7 +108,7 @@ genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0)
 # iso9660_t is the type for CD filesystems
 # and their files.
 #
-type iso9660_t, fs_type;
+type iso9660_t, fs_type, noxattrfs;
 allow iso9660_t self:filesystem associate;
 genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0)
 genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
@@ -121,20 +116,14 @@ genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
 #
 # removable_t is the default type of all removable media
 #
-type removable_t, fs_type;
-allow removable_t self:filesystem associate;
-allow removable_t autofs_t:filesystem associate;
-allow removable_t cifs_t:filesystem associate;
-allow removable_t dosfs_t:filesystem associate;
-allow removable_t iso9660_t:filesystem associate;
-allow removable_t nfs_t:filesystem associate;
-allow removable_t usbfs_t:filesystem associate;
+type removable_t, fs_type, noxattrfs;
+allow removable_t noxattrfs:filesystem associate;
 
 #
 # nfs_t is the default type for NFS file systems
 # and their files.
 #
-type nfs_t, fs_type;
+type nfs_t, fs_type, noxattrfs;
 files_make_mountpoint(nfs_t)
 allow nfs_t self:filesystem associate;
 genfscon nfs / context_template(system_u:object_r:nfs_t,s0)