diff --git a/README.md b/README.md
index febe1e9..e6f13c6 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib )
     origin/rawhide
 
     $ cd selinux-policy-contrib
-    $ git remote -v 
+    $ git remote -v
     origin	git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
 
     $ git branch -r
@@ -38,13 +38,13 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
 ## Build process
 
 1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
-	
+
 		$ cd ~/devel/github
 		$ git clone git@github.com:fedora-selinux/selinux-policy.git
 		$ cd selinux-policy
 
 2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
-	
+
 		$ cd ~/devel/github
 		$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
 		$ cd selinux-policy-contrib
@@ -54,7 +54,7 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
 4. clone **selinux-policy** dist-git repository
 
 		$ cd ~/devel/dist-git
-		$ fedpkg clone selinux-policy 
+		$ fedpkg clone selinux-policy
 		$ cd selinux-policy
 
 4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
@@ -63,6 +63,5 @@ Package sources in dist-git are generally composed from a _selinux-policy and _s
 
 5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
 6. build the package
-	
-         $ fedpkg build
 
+         $ fedpkg build
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1a575fc..0610d2c 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -79,12 +79,12 @@ Requires: selinux-policy-any = %{version}-%{release}
 Provides: selinux-policy-base = %{version}-%{release}
 Suggests: selinux-policy-targeted
 
-%description 
+%description
 SELinux core policy package.
 Originally based off of reference policy,
 the policy has been adjusted to provide support for Fedora.
 
-%files 
+%files
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %dir %{_datadir}/selinux
@@ -399,7 +399,7 @@ end
 
 %build
 
-%prep 
+%prep
 %setup -n %{name}-contrib-%{commit1} -q -b 29
 tar -xf %{SOURCE35}
 contrib_path=`pwd`
@@ -525,13 +525,13 @@ echo "
 SELINUX=enforcing
 # SELINUXTYPE= can take one of these three values:
 #     targeted - Targeted processes are protected,
-#     minimum - Modification of targeted policy. Only selected processes are protected. 
+#     minimum - Modification of targeted policy. Only selected processes are protected.
 #     mls - Multi Level Security protection.
 SELINUXTYPE=targeted
 
 " > %{_sysconfdir}/selinux/config
 
-     ln -sf ../selinux/config %{_sysconfdir}/sysconfig/selinux 
+     ln -sf ../selinux/config %{_sysconfdir}/sysconfig/selinux
      %{_sbindir}/restorecon %{_sysconfdir}/selinux/config 2> /dev/null || :
 else
      . %{_sysconfdir}/selinux/config
@@ -630,7 +630,7 @@ exit 0
 
 %files targeted -f %{buildroot}%{_datadir}/selinux/targeted/nonbasemodules.lst
 %config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
-%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/sysadm_u 
+%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/sysadm_u
 %fileList targeted
 %verify(not md5 size mtime) %{_sharedstatedir}/selinux/targeted/active/modules/100/permissivedomains
 %endif
@@ -733,12 +733,12 @@ exit 0
 
 %files minimum -f %{buildroot}%{_datadir}/selinux/minimum/nonbasemodules.lst
 %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
-%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u 
+%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u
 %fileList minimum
 %endif
 
 %if %{BUILD_MLS}
-%package mls 
+%package mls
 Summary: SELinux MLS policy
 Provides: selinux-policy-base = %{version}-%{release}
 Obsoletes: selinux-policy-mls-sources < 2
@@ -750,16 +750,16 @@ Requires: selinux-policy = %{version}-%{release}
 Conflicts:  seedit
 Conflicts: container-selinux <= 1.9.0-9
 
-%description mls 
+%description mls
 SELinux MLS (Multi Level Security) policy package.
 
 %pretrans mls -p <lua>
 %backupConfigLua
 
-%pre mls 
+%pre mls
 %preInstall mls
 
-%post mls 
+%post mls
 %checkConfigConsistency mls
 %postInstall $1 mls
 exit 0
@@ -2620,7 +2620,7 @@ Resolves: rhbz#1683365
 
 
 * Tue May 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-19
-- Increase dependency versions of policycoreutils and checkpolicy packages 
+- Increase dependency versions of policycoreutils and checkpolicy packages
 
 * Mon May 21 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.2-18
 - Disable secure mode environment cleansing for dirsrv_t
@@ -4883,7 +4883,7 @@ Resolves: rhbz#1314372
 - Fix neverallow assertion for sys_module capability for openvswitch.
 - kernel_load_module() needs to be called out of boolean for svirt_lxc_net_t.
 - Fix neverallow assertion for sys_module capability.
-- Add more attributes for sandbox domains to avoid neverallow assertion issues.  
+- Add more attributes for sandbox domains to avoid neverallow assertion issues.
 - Add neverallow asserition fixes related to storage.
 - Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS
 - Allow openhpid_t to read system state.
@@ -5171,7 +5171,7 @@ Resolves: rhbz#1314372
 
 * Tue Jun 09 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-128
 - Add ipsec_rw_inherited_pipes() interface.
-- Allow ibus-x11 running as xdm_t to connect uder session buses. We already allow to connect to userdomains over unix_stream_socket. 
+- Allow ibus-x11 running as xdm_t to connect uder session buses. We already allow to connect to userdomains over unix_stream_socket.
 - Label /usr/libexec/Xorg.wrap as xserver_exec_t.
 - Allow systemd-networkd to bind dhcpc ports if DHCP=yes in *.network conf file.
 - Add fixes for selinux userspace moving the policy store to /var/lib/selinux.
@@ -5179,13 +5179,13 @@ Resolves: rhbz#1314372
 - Label all gluster hooks in /var/lib/gluster as bin_t. They are not created on the fly.
 - Access required to run with unconfine.pp disabled
 - Fix selinux_search_fs() interface.
-- Update selinux_search_fs(domain) rule to have ability to search /etc/selinuc/ to check if /etc/selinux/config exists. 
+- Update selinux_search_fs(domain) rule to have ability to search /etc/selinuc/ to check if /etc/selinux/config exists.
 - Add seutil_search_config() interface.
 - Make ssh-keygen as nsswitch domain to access SSSD.
 - Label ctdb events scripts as bin_t.
 - Add support for /usr/sbin/lvmpolld.
 - Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint.
-- Add support for ~/.local/share/networkmanagement/certificates and update filename transitions rules. 
+- Add support for ~/.local/share/networkmanagement/certificates and update filename transitions rules.
 - Allow login_pgm domains to access kernel keyring for nsswitch domains.
 - Allow hypervkvp to read /dev/urandom and read  addition states/config files.
 - Add cgdcbxd policy.
@@ -5200,26 +5200,26 @@ Resolves: rhbz#1314372
 - Allow fowner capability for sssd because of selinux_child handling.
 - Allow pki-tomcat relabel pki_tomcat_etc_rw_t.
 - Allow cluster domain to dbus chat with systemd-logind.
-- Allow tmpreaper_t to manage ntp log content 
+- Allow tmpreaper_t to manage ntp log content
 - Allow openvswitch_t to communicate with sssd.
 - Allow isnsd_t to communicate with sssd.
 - Allow rwho_t to communicate with sssd.
 - Allow pkcs_slotd_t to communicate with sssd.
-- Add httpd_var_lib_t label for roundcubemail 
+- Add httpd_var_lib_t label for roundcubemail
 - Allow puppetagent_t to transfer firewalld messages over dbus.
 - Allow glusterd to have mknod capability. It creates a special file using mknod in a brick.
 - Update rules related to glusterd_brick_t.
 - Allow glusterd to execute lvm tools in the lvm_t target domain.
 - Allow glusterd to execute xfs_growfs in the target domain.
 - Allow sysctl to have running under hypervkvp_t domain.
-- Allow smartdnotify to use user terminals. 
-- Allow pcp domains to create root.socket in /var/lip/pcp directroy. 
+- Allow smartdnotify to use user terminals.
+- Allow pcp domains to create root.socket in /var/lip/pcp directroy.
 - Allow NM to execute dnssec-trigger-script in dnssec_trigger_t domain.
-- Allow rpcbind to create rpcbind.xdr as a temporary file. 
-- Allow dnssec-trigger connections to the system DBUS. It uses libnm-glib Python bindings. 
-- Allow hostapd net_admin capability. hostapd needs to able to set an interface flag. 
+- Allow rpcbind to create rpcbind.xdr as a temporary file.
+- Allow dnssec-trigger connections to the system DBUS. It uses libnm-glib Python bindings.
+- Allow hostapd net_admin capability. hostapd needs to able to set an interface flag.
 - rsync server can be setup to send mail
-- Make "ostree admin upgrade -r" command which suppose to upgrade the system and reboot working again. 
+- Make "ostree admin upgrade -r" command which suppose to upgrade the system and reboot working again.
 - Remove ctdbd_manage_var_files() interface which is not used and is declared for the wrong type.
 - Fix samba_load_libgfapi decl in samba.te.
 - Fix typo in nagios_run_sudo() boolean.
@@ -5255,19 +5255,19 @@ Resolves: rhbz#1314372
 - Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd.
 - Add glusterd_filetrans_named_pid() interface.
 - Allow antivirus_t to read system state info.
-- Dontaudit use console for chrome-sandbox. 
-- Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot. 
-- Clamd needs to have fsetid capability. 
-- Allow cinder-backup to dbus chat with systemd-logind. 
+- Dontaudit use console for chrome-sandbox.
+- Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot.
+- Clamd needs to have fsetid capability.
+- Allow cinder-backup to dbus chat with systemd-logind.
 - Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files.
 - Allow gssd to access kernel keyring for login_pgm domains.
 - Add more fixes related to timemaster+ntp+ptp4l.
 - Allow docker sandbox domains to search all mountpoiunts
 - update winbind_t rules to allow IPC for winbind.
 - Add rpm_exec_t labeling for /usr/bin/dnf-automatic,/usr/bin/dnf-2 and /usr/bin/dnf-3.
-- Allow inet_gethost called by couchdb to access /proc/net/unix. 
-- Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so 
-- Label /usr/bin/yum-deprecated as rpm_exec_t. 
+- Allow inet_gethost called by couchdb to access /proc/net/unix.
+- Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so
+- Label /usr/bin/yum-deprecated as rpm_exec_t.
 
 * Tue May 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-127
 - Add missing typealiases in apache_content_template() for script domain/executable.
@@ -5897,9 +5897,9 @@ Resolves: rhbz#1314372
 - Allow mdadm to connect to own socket created by mdadm running as kernel_t.
 - Fix pkcs, Remove pkcs_lock_filetrans and Add files_search_locks
 - Allow bacula manage bacula_log_t dirs
-- Allow pkcs_slotd_t read /etc/passwd, Label /var/lock/opencryptoki as pkcs_slotd_lock_t 
+- Allow pkcs_slotd_t read /etc/passwd, Label /var/lock/opencryptoki as pkcs_slotd_lock_t
 - Fix mistakes keystone and quantum
-- Label neutron var run dir 
+- Label neutron var run dir
 - Label keystone var run dir
 - Fix bad labeling for /usr/s?bin/(oo|rhc)-restorer-wrapper.sh in openshift.fc.
 - Dontaudit attempts to access check cert dirs/files for sssd.
@@ -5910,13 +5910,13 @@ Resolves: rhbz#1314372
 - Label also /var/run/glusterd.socket file as gluster_var_run_t
 - Fix policy for pkcsslotd from opencryptoki
 - Update cockpik policy from cockpit usptream.
-- Allow certmonger to exec ldconfig to make  ipa-server-install  working. 
-- Added support for Naemon policy 
+- Allow certmonger to exec ldconfig to make  ipa-server-install  working.
+- Added support for Naemon policy
 - Allow keepalived manage snmp files
 - Add setpgid process to mip6d
 - remove duplicate rule
-- Allow postfix_smtpd to stream connect to antivirus 
-- Dontaudit list /tmp for icecast 
+- Allow postfix_smtpd to stream connect to antivirus
+- Dontaudit list /tmp for icecast
 - Allow zabbix domains to access /proc//net/dev.
 
 * Wed Jul 23 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-67
@@ -5938,7 +5938,7 @@ Resolves: rhbz#1314372
 * Fri Jul 18 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-65
 - Allow sysadm to dbus chat with systemd
 - Add logging_dontaudit_search_audit_logs()
-- Add new files_read_all_mountpoint_symlinks() 
+- Add new files_read_all_mountpoint_symlinks()
 - Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo.
 - Allow ndc to read random and urandom device (#1110397)
 - Allow zabbix to read system network state
@@ -7176,7 +7176,7 @@ type in docker.te
 - Add new attribute to discover confined_admins
 - Fix labeling for /etc/strongswan/ipsec.d
 - systemd_logind seems to pass fd to anyone who dbus communicates with it
-- Dontaudit leaked write descriptor to dmesg 
+- Dontaudit leaked write descriptor to dmesg
 
 * Mon Oct 14 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-89
 - Fix gnome_read_generic_data_home_files()
@@ -7295,7 +7295,7 @@ type in docker.te
 - Match upstream labeling
 
 * Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-83
-- Do not build sanbox pkg on MLS 
+- Do not build sanbox pkg on MLS
 
 * Wed Sep 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-82
 - wine_tmp is no longer needed
@@ -7451,7 +7451,7 @@ type in docker.te
 - Add selinux-policy-sandbox pkg
 
 * Tue Aug 27 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-73
-0 
+0
 - Allow rhsmcertd to read init state
 - Allow fsetid for pkcsslotd
 - Fix labeling for /usr/lib/systemd/system/pkcsslotd.service
@@ -7742,17 +7742,17 @@ type in docker.te
 - fix selinuxuser_use_ssh_chroot boolean
 
 * Fri Jun 28 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-58
-- Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean. 
-- Allow bootloader to manage generic log files 
-- Allow ftp to bind to port 989 
-- Fix label of new gear directory 
-- Add support for new directory /var/lib/openshift/gears/ 
-- Add openshift_manage_lib_dirs() 
-- allow virtd domains to manage setrans_var_run_t 
-- Allow useradd to manage all openshift content 
-- Add support so that mozilla_plugin_t can use dri devices 
-- Allow chronyd to change the scheduler 
-- Allow apmd to shut downthe system 
+- Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean.
+- Allow bootloader to manage generic log files
+- Allow ftp to bind to port 989
+- Fix label of new gear directory
+- Add support for new directory /var/lib/openshift/gears/
+- Add openshift_manage_lib_dirs()
+- allow virtd domains to manage setrans_var_run_t
+- Allow useradd to manage all openshift content
+- Add support so that mozilla_plugin_t can use dri devices
+- Allow chronyd to change the scheduler
+- Allow apmd to shut downthe system
 - Devicekit_disk_t needs to manage /etc/fstab
 
 * Wed Jun 26 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-57
@@ -8143,7 +8143,7 @@ type in docker.te
 - label shared libraries in /opt/google/chrome as testrel_shlib_t
 
 * Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-34
-- Allow certmonger to dbus communicate with realmd 
+- Allow certmonger to dbus communicate with realmd
 - Make realmd working
 
 * Thu Apr 18 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-33
@@ -8162,7 +8162,7 @@ type in docker.te
 - Allow sandbox domains to use inherted terminals
 - Allow pscd to use devices labeled svirt_image_t in order to use cat cards.
 - Add label for new alsa pid
-- Alsa now uses a pid file and needs to setsched 
+- Alsa now uses a pid file and needs to setsched
 - Fix oracleasmfs_t definition
 - Add support for sshd_unit_file_t
 - Add oracleasmfs_t
@@ -8719,7 +8719,7 @@ type in docker.te
 - Allow certwatch to read meminfo
 - Fix nscd_dontaudit_write_sock_file() interfac
 - Fix gnome_filetrans_home_content() to include also "fontconfig" dir as cache_home_t
-- llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling 
+- llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling
 
 * Fri Jan 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3
 - Allow gnomeclock to talk to puppet over dbus
@@ -8878,7 +8878,7 @@ type in docker.te
 - Allow firewalld to dbus chat with devicekit_power
 - Allow tuned to call lsblk
 - Allow tor to read /proc/sys/kernel/random/uuid
-- Add tor_can_network_relay boolean  
+- Add tor_can_network_relay boolean
 
 * Wed Dec 5 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-60
 - Add openshift_initrc_signal() interface
@@ -8983,7 +8983,7 @@ type in docker.te
 - Fix filetrans interface definitions
 - Dontaudit xdm_t to getattr on BOINC lib files
 - Add systemd_reload_all_services() interface
-- Dontaudit write access on /var/lib/net-snmp/mib_indexes 
+- Dontaudit write access on /var/lib/net-snmp/mib_indexes
 - Only stop mcsuntrustedproc from relableing files
 - Allow accountsd to dbus chat with gdm
 - Allow realmd to getattr on all fs
@@ -9148,7 +9148,7 @@ type in docker.te
 - Clean up for tunable+optional statements
 - Add labeling for /usr/sbin/mkhomedir_helper
 - Allow antivirus domain to managa amavis spool files
-- Allow rpcbind_t to read passwd 
+- Allow rpcbind_t to read passwd
 - Allow pyzor running as spamc to manage amavis spool
 
 
@@ -9295,7 +9295,7 @@ type in docker.te
 - Stop using attributes form netlabel_peer and syslog, auth_use_nsswitch setsup netlabel_peer
 - Move netlable_peer check out of booleans
 - Remove call to recvfrom_netlabel for kerberos call
-- Remove use of attributes when calling syslog call 
+- Remove use of attributes when calling syslog call
 - Move -miscfiles_read_localization to domain.te to save hundreds of allow rules
 - Allow all domains to read locale files.  This eliminates around 1500 allow rules- Cleanup nis_use_ypbind_uncond interface
 - Allow rndc to block suspend
@@ -9375,7 +9375,7 @@ type in docker.te
 
 * Fri Aug 31 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-15
 - Separate sandbox policy into sandbox and sandboxX, and disable sandbox by default on fresh installs
-- Allow domains that can read etc_t to read etc_runtime_t 
+- Allow domains that can read etc_t to read etc_runtime_t
 - Allow all domains to use inherited tmpfiles
 
 * Wed Aug 29 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-14
@@ -9418,7 +9418,7 @@ type in docker.te
 - Allow xserver to communicate with secure_firmware
 - Allow fsadm tools (fsck) to read /run/mount contnet
 - Allow sysadm types to read /dev/kmsg
-- 
+-
 
 * Thu Aug 16 2012 Dan Walsh <dwalsh@redhat.com> 3.11.1-9
 - Allow postfix, sssd, rpcd to block_suspend
@@ -9775,7 +9775,7 @@ type in docker.te
 - Allow l2tpd_t to read system state
 - Allow tuned to run ls /dev
 - Allow sudo domains to read usr_t files
-- Add label to machine-id 
+- Add label to machine-id
 - Fix corecmd_read_bin_symlinks cut and paste error
 
 * Wed May 16 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-125
@@ -10094,7 +10094,7 @@ type in docker.te
 * Fri Mar 9 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-98
 - Add policy for nove-cert
 - Add labeling for nova-openstack  systemd unit files
-- Add policy for keystoke 
+- Add policy for keystoke
 
 * Thu Mar 8 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-97
 - Fix man pages fro domains
@@ -10266,7 +10266,7 @@ type in docker.te
 - Add support for selinux_avcstat munin plugin
 - Treat hearbeat with corosync policy
 - Allow corosync to read and write to qpidd shared mem
--  mozilla_plugin is trying to run pulseaudio 
+-  mozilla_plugin is trying to run pulseaudio
 - Fixes for new sshd patch for running priv sep domains as the users context
 - Turn off dontaudit rules when turning on allow_ypbind
 - udev now reads /etc/modules.d directory
@@ -10322,7 +10322,7 @@ type in docker.te
 - Add ubac_constrained rules for chrome_sandbox
 - Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra
 - Allow postgresql to be executed by the caller
-- Standardize interfaces of daemons 
+- Standardize interfaces of daemons
 - Add new labeling for mm-handler
 - Allow all matahari domains to read network state and etc_runtime_t files
 
@@ -10439,7 +10439,7 @@ type in docker.te
 
 * Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-57
 - Pulseaudio changes
-- Merge patches 
+- Merge patches
 
 * Thu Nov 10 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-56
 - Merge patches back into git repository.
@@ -10484,7 +10484,7 @@ type in docker.te
 - Check in fixed for Chrome nacl support
 
 * Thu Oct 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-51
--  Begin removing qemu_t domain, we really no longer need this domain.  
+-  Begin removing qemu_t domain, we really no longer need this domain.
 - systemd_passwd needs dac_overide to communicate with users TTY's
 - Allow svirt_lxc domains to send kill signals within their container
 
@@ -10492,7 +10492,7 @@ type in docker.te
 - Remove qemu.pp again without causing a crash
 
 * Wed Oct 26 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-50.1
-- Remove qemu.pp, everything should use svirt_t or stay in its current domain	
+- Remove qemu.pp, everything should use svirt_t or stay in its current domain
 
 * Wed Oct 26 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-50
 - Allow policykit to talk to the systemd via dbus
@@ -10572,7 +10572,7 @@ type in docker.te
 - Don't check md5 size or mtime on certain config files
 
 * Tue Oct 11 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.1
-- Remove allow_ptrace and replace it with deny_ptrace, which will remove all 
+- Remove allow_ptrace and replace it with deny_ptrace, which will remove all
 ptrace from the system
 - Remove 2000 dontaudit rules between confined domains on transition
 and replace with single
@@ -10799,7 +10799,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
 
 * Wed Aug 10 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-17
 - livecd fixes
-- spec file fixes 
+- spec file fixes
 
 * Thu Aug 4 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-16
 - fetchmail can use kerberos
@@ -10876,7 +10876,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
 - Allow asterisk to read /dev/random if it uses TLS
 - Allow colord to read ini files which are labeled as bin_t
 - Allow dirsrvadmin sys_resource and setrlimit to use ulimit
-- Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first.  
+- Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first.
 - Also lists /var and /var/spool directories
 - Add openl2tpd to l2tpd policy
 - qpidd is reading the sysfs file
@@ -10917,7 +10917,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
 * Wed Jun 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-27
 - Fixes for zabbix
 - init script needs to be able to manage sanlock_var_run_...
-- Allow sandlock and wdmd to create /var/run directories... 
+- Allow sandlock and wdmd to create /var/run directories...
 - mixclip.so has been compiled correctly
 - Fix passenger policy module name
 
@@ -11014,17 +11014,17 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
 - Virt_admin should be allowed to manage images and processes
 
 * Fri Apr 15 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-15
-- xdm_t needs getsession for switch user 
-- Every app that used to exec init is now execing systemdctl 
-- Allow squid to manage krb5_host_rcache_t files 
+- xdm_t needs getsession for switch user
+- Every app that used to exec init is now execing systemdctl
+- Allow squid to manage krb5_host_rcache_t files
 - Allow foghorn to connect to agentx port - Fixes for colord policy
 
 * Mon Apr 11 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-14
 - Add Dan's patch to remove 64 bit variants
-- Allow colord to use unix_dgram_socket 
-- Allow apps that search pids to read /var/run if it is a lnk_file 
-- iscsid_t creates its own directory 
-- Allow init to list var_lock_t dir 
+- Allow colord to use unix_dgram_socket
+- Allow apps that search pids to read /var/run if it is a lnk_file
+- iscsid_t creates its own directory
+- Allow init to list var_lock_t dir
 - apm needs to verify user accounts auth_use_nsswitch
 - Add labeling for systemd unit files
 - Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added
@@ -11074,7 +11074,7 @@ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
 * Wed Mar 23 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-6
 - Remove some unconfined domains
 - Remove permissive domains
-- Add policy-term.patch from Dan 
+- Add policy-term.patch from Dan
 
 * Thu Mar 17 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-5
 - Fix multiple specification for boot.log
@@ -11212,7 +11212,7 @@ assembled or disassembled.
 * Thu Jan 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-6
 - Fix xserver_dontaudit_read_xdm_pid
 - Change oracle_port_t to oracledb_port_t to prevent conflict with satellite
-- Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. 
+- Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file.
 	* These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t
 - Allow readahead to manage readahead pid dirs
 - Allow readahead to read all mcs levels
@@ -11305,7 +11305,7 @@ assembled or disassembled.
 - fix name of plymouth log file
 - teamviewer is a wine app
 - allow dmesg to read system state
-- Stop labeling files under /var/lib/mock so restorecon will not go into this 
+- Stop labeling files under /var/lib/mock so restorecon will not go into this
 - nsplugin needs to read network state for google talk
 
 * Thu Dec 23 2010 Dan Walsh <dwalsh@redhat.com> 3.9.12-3
@@ -11528,7 +11528,7 @@ assembled or disassembled.
 - Fix label on /var/log/wicd.log
 - Transition to initrc_t from init when executing bin_t
 - Add audit_access permissions to file
-- Make removable_t a device_node 
+- Make removable_t a device_node
 - Fix label on /lib/systemd/*
 
 * Fri Oct 22 2010 Dan Walsh <dwalsh@redhat.com> 3.9.7-6
@@ -11604,8 +11604,8 @@ assembled or disassembled.
 - Add /etc/localtime as locale file context
 
 * Thu Sep 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-9
-- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user 
-- Turn off iptables from unconfined user 
+- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user
+- Turn off iptables from unconfined user
 - Allow sudo to send signals to any domains the user could have transitioned to.
 - Passwd in single user mode needs to talk to console_device_t
 - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
@@ -11687,7 +11687,7 @@ Bz #637339
 Allow iptables to read shorewall tmp files
 Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
 intd
-label vlc as an execmem_exec_t 
+label vlc as an execmem_exec_t
 Lots of fixes for mozilla_plugin to run google vidio chat
 Allow telepath_msn to execute ldconfig and its own tmp files
 Fix labels on hugepages
@@ -11766,7 +11766,7 @@ Add boolean to allow icecast to connect to any port
 
 * Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-10
 - Allow pcscd to read sysfs
-- systemd fixes 
+- systemd fixes
 - Fix wine_mmap_zero_ignore boolean
 
 * Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-9
@@ -11967,7 +11967,7 @@ Resolves: #585963
 - Allow rlogind_t to search /root for .rhosts
 Resolves: #582760
 - Fix path for cached_var_t
-- Fix prelink paths /var/lib/prelink	
+- Fix prelink paths /var/lib/prelink
 - Allow confined users to direct_dri
 - Allow mls lvm/cryptosetup to work
 
@@ -12025,7 +12025,7 @@ Resolves: #582145
 - Fixes for labels during install from livecd
 
 * Thu Apr 1 2010 Dan Walsh <dwalsh@redhat.com> 3.7.17-4
-- Fix /cgroup file context 
+- Fix /cgroup file context
 - Fix broken afs use of unlabled_t
 - Allow getty to use the console for s390
 
@@ -12164,7 +12164,7 @@ Resolves: #582145
 - Merge with upstream
 
 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-11
-- Allow sandbox to work with MLS 
+- Allow sandbox to work with MLS
 
 * Tue Feb 9 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-9
 - Make Chrome work with staff user
@@ -12188,7 +12188,7 @@ Resolves: #582145
 
 * Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-3
 - Allow abrt_helper to getattr on all filesystems
-- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so     
+- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so
 
 * Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-2
 - Add gstreamer_home_t for ~/.gstreamer
@@ -12304,7 +12304,7 @@ Resolves: #582145
 - Fix request_module line to module_request
 
 * Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-3
-- Fix sandbox policy to allow it to run under firefox.  
+- Fix sandbox policy to allow it to run under firefox.
 - Dont audit leaks.
 
 * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-2
@@ -12342,7 +12342,7 @@ Resolves: #582145
 - Allow xserver to use  netlink_kobject_uevent_socket
 
 * Thu Sep 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-3
-- Fixes for sandbox 
+- Fixes for sandbox
 
 * Mon Aug 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.30-2
 - Dontaudit setroubleshootfix looking at /root directory
@@ -12390,7 +12390,7 @@ Resolves: #582145
 - Add policycoreutils-python to pre install
 
 * Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-11
-- Make all unconfined_domains permissive so we can see what AVC's happen 
+- Make all unconfined_domains permissive so we can see what AVC's happen
 
 * Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-10
 - Add pt_chown policy
@@ -12509,7 +12509,7 @@ Resolves: #582145
 - Allow setroubleshoot to run mlocate
 
 * Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.14-1
-- Update to upstream 
+- Update to upstream
 
 * Tue Jun 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.13-3
 - Add fish as a shell
@@ -12749,7 +12749,7 @@ Resolves: #582145
 - Add git web policy
 
 * Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-1
-- Add setrans contains from upstream 
+- Add setrans contains from upstream
 
 * Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-6
 - Do transitions outside of the booleans
@@ -12767,7 +12767,7 @@ Resolves: #582145
 - More fixes for devicekit
 
 * Tue Feb 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-1
-- Upgrade to latest upstream 
+- Upgrade to latest upstream
 
 * Mon Feb 2 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-13
 - Add boolean to disallow unconfined_t login
@@ -12782,7 +12782,7 @@ Resolves: #582145
 - Fixes for wicd daemon
 
 * Mon Jan 26 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-9
-- More mls/rpm fixes 
+- More mls/rpm fixes
 
 * Fri Jan 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-8
 - Add policy to make dbus/nm-applet work
@@ -12845,7 +12845,7 @@ Resolves: #582145
 * Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-7
 - Allow iptables to talk to terminals
 - Fixes for policy kit
-- lots of fixes for booting. 
+- lots of fixes for booting.
 
 * Wed Dec 3 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-4
 - Cleanup policy
@@ -12861,7 +12861,7 @@ Resolves: #582145
 
 * Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-17
 - Allow lvm to dbus chat with hal
-- Allow rlogind to read nfs_t 
+- Allow rlogind to read nfs_t
 
 * Wed Nov 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-16
 - Fix cyphesis file context
@@ -12884,7 +12884,7 @@ Resolves: #582145
 - Add certmaster policy
 
 * Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
-- Fix confined users 
+- Fix confined users
 - Allow xguest to read/write xguest_dbusd_t
 
 * Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9
@@ -12912,7 +12912,7 @@ Resolves: #582145
 - Fix dovecot access
 
 * Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-1
-- Policy cleanup 
+- Policy cleanup
 
 * Thu Oct 16 2008 Dan Walsh <dwalsh@redhat.com> 3.5.12-3
 - Remove Multiple spec
@@ -12929,7 +12929,7 @@ Resolves: #582145
 - Update to upstream policy
 
 * Mon Oct 6 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-3
-- Fixes for confined xwindows and xdm_t 
+- Fixes for confined xwindows and xdm_t
 
 * Fri Oct 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.10-2
 - Allow confined users and xdm to exec wm
@@ -12940,7 +12940,7 @@ Resolves: #582145
 - Allow domains to search other domains keys, coverup kernel bug
 
 * Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-4
-- Fix labeling for oracle 
+- Fix labeling for oracle
 
 * Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-3
 - Allow nsplugin to comminicate with xdm_tmp_t sock_file
@@ -13003,7 +13003,7 @@ Resolves: #582145
 - Update to upstream
 
 * Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 3.5.3-1
-- Update to upstream 
+- Update to upstream
 
 * Sat Aug 2 2008 Dan Walsh <dwalsh@redhat.com> 3.5.2-2
 - Allow system-config-selinux to work with policykit
@@ -13075,7 +13075,7 @@ Resolves: #582145
 - Add /var/lib/selinux context
 
 * Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-1
-- Update to upstream 
+- Update to upstream
 
 * Wed Jun 4 2008 Dan Walsh <dwalsh@redhat.com> 3.4.1-5
 - Add livecd policy
@@ -13152,7 +13152,7 @@ Resolves: #582145
 - dontaudit setfiles reading links
 - allow semanage sys_resource
 - add allow_httpd_mod_auth_ntlm_winbind boolean
-- Allow privhome apps including dovecot read on nfs and cifs home 
+- Allow privhome apps including dovecot read on nfs and cifs home
 dirs if the boolean is set
 
 * Tue Apr 1 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-27
@@ -13177,14 +13177,14 @@ dirs if the boolean is set
 
 * Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-22
 - Allow stunnel to transition to inetd children domains
-- Make unconfined_dbusd_t an unconfined domain 
+- Make unconfined_dbusd_t an unconfined domain
 
 * Mon Mar 17 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-21
 - Fixes for qemu/virtd
 
 * Fri Mar 14 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-20
 - Fix bug in mozilla policy to allow xguest transition
-- This will fix the 
+- This will fix the
 
 libsemanage.dbase_llist_query: could not find record value
 libsemanage.dbase_llist_query: could not query record value (No such file or
@@ -13211,7 +13211,7 @@ directory)
 - Allow syslog to connect to mysql
 - Allow lvm to manage its own fifo_files
 - Allow bugzilla to use ldap
-- More mls fixes 
+- More mls fixes
 
 * Tue Mar 11 2008 Bill Nottingham <notting@redhat.com> 3.3.1-14
 - fixes for init policy (#436988)
@@ -13243,7 +13243,7 @@ directory)
 * Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-5
 - Allow nsplugin_config execstack/execmem
 - Allow nsplugin_t to read alsa config
-- Change apache to use user content 
+- Change apache to use user content
 
 * Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-4
 - Add cyphesis policy
@@ -13454,7 +13454,7 @@ directory)
 - Fix xguest to be able to connect to sound port
 
 * Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-28
-- Fixes for hald_mac 
+- Fixes for hald_mac
 - Treat unconfined_home_dir_t as a home dir
 - dontaudit rhgb writes to fonts and root
 
@@ -13526,7 +13526,7 @@ directory)
 
 * Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-8
 - Allow also to search var_lib
-- New context for dbus launcher 
+- New context for dbus launcher
 
 * Fri Sep 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-7
 - Allow cupsd_config_t to read/write usb_device_t
@@ -13569,7 +13569,7 @@ directory)
 - Allow wine to run in system role
 
 * Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-5
-- Fix java labeling 
+- Fix java labeling
 
 * Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-4
 - Define user_home_type as home_type
@@ -13611,7 +13611,7 @@ directory)
 - Fix Makefile for building policy modules
 
 * Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-5
-- Fix dhcpc startup of service 
+- Fix dhcpc startup of service
 
 * Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-4
 - Fix dbus chat to not happen for xguest and guest users
@@ -13688,7 +13688,7 @@ directory)
 - Allow prelink to read kernel sysctls
 
 * Mon Jul 2 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-5
-- Default to user_u:system_r:unconfined_t 
+- Default to user_u:system_r:unconfined_t
 
 * Sun Jul 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-4
 - fix squid
@@ -13705,7 +13705,7 @@ directory)
 - Remove ifdef strict policy from upstream
 
 * Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-3
-- Remove ifdef strict to allow user_u to login 
+- Remove ifdef strict to allow user_u to login
 
 * Fri May 18 2007 Dan Walsh <dwalsh@redhat.com> 2.6.5-2
 - Fix for amands
@@ -13721,7 +13721,7 @@ directory)
 * Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-5
 - More fixes for alsactl
 - Transition from hal and modutils
-- Fixes for suspend resume.  
+- Fixes for suspend resume.
      - insmod domtrans to alsactl
      - insmod writes to hal log
 
@@ -13897,7 +13897,7 @@ Resolves: #227237
 
 * Sun Feb 4 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-5
 - Fix ssh_agent to be marked as an executable
-- Allow Hal to rw sound device 
+- Allow Hal to rw sound device
 
 * Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 2.5.2-4
 - Fix spamassisin so crond can update spam files
@@ -13919,7 +13919,7 @@ Resolves: #227237
 - Continue fixing, additional user domains
 
 * Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-4
-- Begin adding user confinement to targeted policy 
+- Begin adding user confinement to targeted policy
 
 * Wed Jan 10 2007 Dan Walsh <dwalsh@redhat.com> 2.5.1-2
 - Fixes for prelink, ktalkd, netlabel
@@ -13966,7 +13966,7 @@ Resolves: #220080
 Resolves: #219999
 
 * Thu Dec 14 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-14
-- Allow cron to polyinstatiate 
+- Allow cron to polyinstatiate
 - Fix creation of boot flags
 Resolves: #207433
 
@@ -14020,7 +14020,7 @@ Resolves: #216184
 Resolves: #212957
 
 * Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 2.4.6-1
-- Dontaudit appending hal_var_lib files 
+- Dontaudit appending hal_var_lib files
 Resolves: #217452
 Resolves: #217571
 Resolves: #217611
@@ -14068,7 +14068,7 @@ Resolves: #217725
 - Allow xen to search automount
 
 * Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-7
-- Fix spec of jre files 
+- Fix spec of jre files
 
 * Wed Nov 8 2006 Dan Walsh <dwalsh@redhat.com> 2.4.3-6
 - Fix unconfined access to shadow file
@@ -14129,7 +14129,7 @@ Resolves: #217725
 - Update xen to read nfs files
 
 * Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-4
-- Allow noxattrfs to associate with other noxattrfs 
+- Allow noxattrfs to associate with other noxattrfs
 
 * Mon Oct 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-3
 - Allow hal to use power_device_t
@@ -14222,10 +14222,10 @@ Resolves: #217725
 - Update with upstream
 
 * Mon Sep 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-2
-- mls fixes 
+- mls fixes
 
 * Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.15-1
-- Update from upstream 
+- Update from upstream
 
 * Fri Sep 22 2006 Dan Walsh <dwalsh@redhat.com> 2.3.14-8
 - More fixes for mls
@@ -14262,7 +14262,7 @@ Resolves: #217725
 
 * Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-3
 - Fix location of xel log files
-- Fix handling of sysadm_r -> rpm_exec_t 
+- Fix handling of sysadm_r -> rpm_exec_t
 
 * Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 2.3.13-2
 - Fixes for autofs, lp
@@ -14320,7 +14320,7 @@ Resolves: #217725
 - More java fixes
 
 * Fri Aug 11 2006 Dan Walsh <dwalsh@redhat.com> 2.3.6-4
-- Change allow_execstack to default to on, for RHEL5 Beta.  
+- Change allow_execstack to default to on, for RHEL5 Beta.
   This is required because of a Java compiler problem.
   Hope to turn off for next beta
 
@@ -14347,7 +14347,7 @@ Resolves: #217725
 
 * Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-18
 - yet more xen rules
- 
+
 * Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-17
 - more xen rules
 
@@ -14367,7 +14367,7 @@ Resolves: #217725
 -  fixes for setroubleshoot
 
 * Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
-- Added Paul Howarth patch to only load policy packages shipped 
+- Added Paul Howarth patch to only load policy packages shipped
   with this package
 - Allow pidof from initrc to ptrace higher level domains
 - Allow firstboot to communicate with hal via dbus
@@ -14763,7 +14763,7 @@ Resolves: #217725
 - Fix semoudle polcy
 
 * Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> 2.2.16-1
-- Update to upstream 
+- Update to upstream
 - fix sysconfig/selinux link
 
 * Wed Feb 15 2006 Dan Walsh <dwalsh@redhat.com> 2.2.15-4
@@ -14826,7 +14826,7 @@ Resolves: #217725
 - Put back in changes for pup/zen
 
 * Tue Jan 24 2006 Dan Walsh <dwalsh@redhat.com> 2.2.5-1
-- Many changes for MLS 
+- Many changes for MLS
 - Turn on strict policy
 
 * Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 2.2.4-1
@@ -14876,7 +14876,7 @@ Resolves: #217725
 
 * Mon Jan 9 2006 Dan Walsh <dwalsh@redhat.com> 2.1.8-1
 - Update to upstream
-- Apply 
+- Apply
 * Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 2.1.7-4
 - Add wine and fix hal problems
 
@@ -14947,7 +14947,7 @@ Resolves: #217725
 - Fixes to start kernel in s0-s15:c0.c255
 
 * Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-3
-- Add java unconfined/execmem policy 
+- Add java unconfined/execmem policy
 
 * Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.1.6-2
 - Add file context for /var/cvs
@@ -14976,7 +14976,7 @@ Resolves: #217725
 - Allow unconfined_t to execmod texrel_shlib_t
 
 * Sat Dec  10 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
-- Update to upstream 
+- Update to upstream
 - Turn off allow_execmem and allow_execmod booleans
 - Add tcpd and automount policies
 
@@ -15024,7 +15024,7 @@ Update from upstream
 - Fixes for dovecot and saslauthd
 
 * Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 2.0.5-4
-- Cleanup pegasus and named 
+- Cleanup pegasus and named
 - Fix spec file
 - Fix up passwd changing applications