diff --git a/policy-F16.patch b/policy-F16.patch
index f9e9883..f4b4dfe 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -3875,7 +3875,7 @@ index 00a19e3..55075f9 100644
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
-index f5afe78..3ca01ec 100644
+index f5afe78..c9f63b0 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -1,44 +1,623 @@
@@ -3981,7 +3981,7 @@ index f5afe78..3ca01ec 100644
+ allow $1_gkeyringd_t $3:dbus send_msg;
+ allow $3 $1_gkeyringd_t:dbus send_msg;
+ optional_policy(`
-+ dbus_session_domain($1_gkeyringd_t, gkeyringd_exec_t)
++ dbus_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t)
+ dbus_session_bus_client($1_gkeyringd_t)
+ gnome_home_dir_filetrans($1_gkeyringd_t)
+ gnome_manage_generic_home_dirs($1_gkeyringd_t)
@@ -9466,10 +9466,10 @@ index 0000000..8a7ed4f
+/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0)
diff --git a/policy/modules/apps/telepathy.if b/policy/modules/apps/telepathy.if
new file mode 100644
-index 0000000..6878d68
+index 0000000..f6acf24
--- /dev/null
+++ b/policy/modules/apps/telepathy.if
-@@ -0,0 +1,193 @@
+@@ -0,0 +1,191 @@
+
+## Telepathy framework.
+
@@ -9500,8 +9500,6 @@ index 0000000..6878d68
+ type telepathy_$1_tmp_t;
+ files_tmp_file(telepathy_$1_tmp_t)
+ ubac_constrained(telepathy_$1_tmp_t)
-+
-+ dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
+')
+
+#######################################
@@ -15378,7 +15376,7 @@ index 069d36c..8cbeefb 100644
+')
+
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 5001b89..e1fe78d 100644
+index 5001b89..c90e93e 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@@ -15403,7 +15401,7 @@ index 5001b89..e1fe78d 100644
dev_delete_generic_chr_files(kernel_t)
dev_mounton(kernel_t)
+dev_filetrans_all_named_dev(kernel_t)
-+storage_filetrans_all_named_dev(kernel_t)
++#storage_filetrans_all_named_dev(kernel_t)
+term_filetrans_all_named_dev(kernel_t)
# Mount root file system. Used when loading a policy
@@ -16818,7 +16816,7 @@ index be4de58..cce681a 100644
########################################
#
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index 2be17d2..ddb6f0a 100644
+index 2be17d2..1663532 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -8,12 +8,51 @@ policy_module(staff, 2.2.0)
@@ -16873,7 +16871,7 @@ index 2be17d2..ddb6f0a 100644
optional_policy(`
apache_role(staff_r, staff_t)
')
-@@ -27,25 +66,139 @@ optional_policy(`
+@@ -27,25 +66,138 @@ optional_policy(`
')
optional_policy(`
@@ -16895,7 +16893,6 @@ index 2be17d2..ddb6f0a 100644
+
+optional_policy(`
+ gnome_role(staff_r, staff_t)
-+ gnome_role_gkeyringd(staff, staff_r, staff_t)
+')
+
+optional_policy(`
@@ -17015,7 +17012,7 @@ index 2be17d2..ddb6f0a 100644
optional_policy(`
vlock_run(staff_t, staff_r)
-@@ -89,10 +242,6 @@ ifndef(`distro_redhat',`
+@@ -89,10 +241,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -17026,7 +17023,7 @@ index 2be17d2..ddb6f0a 100644
gpg_role(staff_r, staff_t)
')
-@@ -137,10 +286,6 @@ ifndef(`distro_redhat',`
+@@ -137,10 +285,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -17037,7 +17034,7 @@ index 2be17d2..ddb6f0a 100644
spamassassin_role(staff_r, staff_t)
')
-@@ -172,3 +317,7 @@ ifndef(`distro_redhat',`
+@@ -172,3 +316,7 @@ ifndef(`distro_redhat',`
wireshark_role(staff_r, staff_t)
')
')
@@ -18656,10 +18653,10 @@ index 0000000..4cf791b
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
-index e5bfdd4..dc6b88f 100644
+index e5bfdd4..425ea6f 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
-@@ -12,15 +12,75 @@ role user_r;
+@@ -12,15 +12,74 @@ role user_r;
userdom_unpriv_user_template(user)
@@ -18686,7 +18683,6 @@ index e5bfdd4..dc6b88f 100644
+
+optional_policy(`
+ gnome_role(user_r, user_t)
-+
+')
+
+optional_policy(`
@@ -18727,15 +18723,15 @@ index e5bfdd4..dc6b88f 100644
+ setroubleshoot_dontaudit_stream_connect(user_t)
+')
+
-+optional_policy(`
-+ telepathy_dbus_session_role(user_r, user_t)
-+')
++#optional_policy(`
++# telepathy_dbus_session_role(user_r, user_t)
++#')
+
+optional_policy(`
vlock_run(user_t, user_r)
')
-@@ -62,10 +122,6 @@ ifndef(`distro_redhat',`
+@@ -62,10 +121,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -18746,7 +18742,7 @@ index e5bfdd4..dc6b88f 100644
gpg_role(user_r, user_t)
')
-@@ -118,11 +174,7 @@ ifndef(`distro_redhat',`
+@@ -118,11 +173,7 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -18759,7 +18755,7 @@ index e5bfdd4..dc6b88f 100644
')
optional_policy(`
-@@ -157,3 +209,4 @@ ifndef(`distro_redhat',`
+@@ -157,3 +208,4 @@ ifndef(`distro_redhat',`
wireshark_role(user_r, user_t)
')
')
@@ -24810,7 +24806,7 @@ index 0000000..939d76e
+')
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
new file mode 100644
-index 0000000..13278c0
+index 0000000..d8c9b6e
--- /dev/null
+++ b/policy/modules/services/colord.te
@@ -0,0 +1,106 @@
@@ -24838,9 +24834,7 @@ index 0000000..13278c0
+#
+# colord local policy
+#
-+
+allow colord_t self:process signal;
-+
+allow colord_t self:fifo_file rw_fifo_file_perms;
+allow colord_t self:netlink_kobject_uevent_socket create_socket_perms;
+allow colord_t self:udp_socket create_socket_perms;
@@ -24858,6 +24852,7 @@ index 0000000..13278c0
+manage_files_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
+files_var_lib_filetrans(colord_t, colord_var_lib_t, { file dir })
+
++kernel_getattr_proc_files(colord_t)
+kernel_read_device_sysctls(colord_t)
+
+corenet_udp_bind_generic_node(colord_t)
@@ -24879,6 +24874,7 @@ index 0000000..13278c0
+
+domain_use_interactive_fds(colord_t)
+
++files_list_mnt(colord_t)
+files_read_etc_files(colord_t)
+files_read_usr_files(colord_t)
+
@@ -26521,7 +26517,7 @@ index 81eba14..d0ab56c 100644
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
-index 0d5711c..85a1dc0 100644
+index 0d5711c..a0c951e 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -41,9 +41,9 @@ interface(`dbus_stub',`
@@ -26683,6 +26679,24 @@ index 0d5711c..85a1dc0 100644
')
########################################
+@@ -335,13 +377,13 @@ interface(`dbus_connect_session_bus',`
+ #
+ interface(`dbus_session_domain',`
+ gen_require(`
+- attribute session_bus_type;
++ type $1_dbusd_t;
+ ')
+
+- domtrans_pattern(session_bus_type, $2, $1)
++ domtrans_pattern($1_dbusd_t, $2, $3)
+
+- dbus_session_bus_client($1)
+- dbus_connect_session_bus($1)
++ dbus_session_bus_client($3)
++ dbus_connect_session_bus($3)
+ ')
+
+ ########################################
@@ -431,14 +473,28 @@ interface(`dbus_system_domain',`
domtrans_pattern(system_dbusd_t, $2, $1)
@@ -28914,7 +28928,7 @@ index 6bef7f8..464669c 100644
+ admin_pattern($1, exim_var_run_t)
+')
diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te
-index f28f64b..18c3c33 100644
+index f28f64b..0b19f11 100644
--- a/policy/modules/services/exim.te
+++ b/policy/modules/services/exim.te
@@ -6,24 +6,24 @@ policy_module(exim, 1.5.0)
@@ -28925,7 +28939,7 @@ index f28f64b..18c3c33 100644
-## Allow exim to connect to databases (postgres, mysql)
-##
+##
-+## Allow exim to connect to databases (postgres, mysql)
++## Allow exim to connect to databases (PostgreSQL, MySQL)
+##
##
gen_tunable(exim_can_connect_db, false)
@@ -29196,7 +29210,7 @@ index 0000000..84d1768
+')
diff --git a/policy/modules/services/firewalld.te b/policy/modules/services/firewalld.te
new file mode 100644
-index 0000000..a63cabe
+index 0000000..8dcd6e4
--- /dev/null
+++ b/policy/modules/services/firewalld.te
@@ -0,0 +1,68 @@
@@ -29225,7 +29239,7 @@ index 0000000..a63cabe
+#
+# firewalld local policy
+#
-+
++dontaudit firewalld_t self:capability sys_tty_config;
+allow firewalld_t self:fifo_file rw_fifo_file_perms;
+allow firewalld_t self:unix_stream_socket create_stream_socket_perms;
+
@@ -34861,14 +34875,14 @@ index 64268e4..9ddac52 100644
+ exim_manage_log(user_mail_domain)
+')
diff --git a/policy/modules/services/munin.fc b/policy/modules/services/munin.fc
-index fd71d69..2e9f2a3 100644
+index fd71d69..bf90863 100644
--- a/policy/modules/services/munin.fc
+++ b/policy/modules/services/munin.fc
@@ -51,6 +51,7 @@
/usr/share/munin/plugins/irqstats -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
/usr/share/munin/plugins/load -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
/usr/share/munin/plugins/memory -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
-+/usr/share/munin/plugins/munin_* -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
++/usr/share/munin/plugins/munin_.* -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
/usr/share/munin/plugins/netstat -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
/usr/share/munin/plugins/nfs.* -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
/usr/share/munin/plugins/open_files -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
@@ -39522,7 +39536,7 @@ index 09aeffa..dd70b14 100644
postgresql_tcp_connect($1)
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
-index 8ed5067..f31634f 100644
+index 8ed5067..a5603cd 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -19,16 +19,16 @@ gen_require(`
@@ -39533,7 +39547,7 @@ index 8ed5067..f31634f 100644
-## Allow unprived users to execute DDL statement
-##
+##
-+## Allow unprived users to execute DDL statement
++## Allow unprivileged users to execute DDL statement
+##
##
gen_tunable(sepgsql_enable_users_ddl, true)
@@ -40250,7 +40264,7 @@ index 2855a44..0456b11 100644
type puppet_tmp_t;
')
diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
-index 64c5f95..69fa687 100644
+index 64c5f95..ebb9b4d 100644
--- a/policy/modules/services/puppet.te
+++ b/policy/modules/services/puppet.te
@@ -6,12 +6,19 @@ policy_module(puppet, 1.0.0)
@@ -40268,7 +40282,7 @@ index 64c5f95..69fa687 100644
##
-## Allow Puppet client to manage all file
-## types.
-+## Allow Puppet master to use connect to mysql and postgresql database
++## Allow Puppet master to use connect to MySQL and PostgreSQL database
##
##
-gen_tunable(puppet_manage_all_files, false)
@@ -50995,10 +51009,10 @@ index c26ecf5..b906c48 100644
diff --git a/policy/modules/services/zarafa.fc b/policy/modules/services/zarafa.fc
new file mode 100644
-index 0000000..72059b2
+index 0000000..28cd477
--- /dev/null
+++ b/policy/modules/services/zarafa.fc
-@@ -0,0 +1,29 @@
+@@ -0,0 +1,33 @@
+
+/etc/zarafa(/.*)? gen_context(system_u:object_r:zarafa_etc_t,s0)
+
@@ -51012,6 +51026,8 @@ index 0000000..72059b2
+
+/usr/bin/zarafa-ical -- gen_context(system_u:object_r:zarafa_ical_exec_t,s0)
+
++/usr/bin/zarafa-indexer -- gen_context(system_u:object_r:zarafa_indexer_exec_t,s0)
++
+/usr/bin/zarafa-monitor -- gen_context(system_u:object_r:zarafa_monitor_exec_t,s0)
+
+/var/lib/zarafa-.* gen_context(system_u:object_r:zarafa_var_lib_t,s0)
@@ -51020,6 +51036,7 @@ index 0000000..72059b2
+/var/log/zarafa/spooler\.log -- gen_context(system_u:object_r:zarafa_spooler_log_t,s0)
+/var/log/zarafa/gateway\.log -- gen_context(system_u:object_r:zarafa_gateway_log_t,s0)
+/var/log/zarafa/ical\.log -- gen_context(system_u:object_r:zarafa_ical_log_t,s0)
++/var/log/zarafa/indexer\.log -- gen_context(system_u:object_r:zarafa_indexer_log_t,s0)
+/var/log/zarafa/monitor\.log -- gen_context(system_u:object_r:zarafa_monitor_log_t,s0)
+
+/var/run/zarafa -s gen_context(system_u:object_r:zarafa_server_var_run_t,s0)
@@ -51027,6 +51044,7 @@ index 0000000..72059b2
+/var/run/zarafa-server\.pid -- gen_context(system_u:object_r:zarafa_server_var_run_t,s0)
+/var/run/zarafa-spooler\.pid -- gen_context(system_u:object_r:zarafa_spooler_var_run_t,s0)
+/var/run/zarafa-ical\.pid -- gen_context(system_u:object_r:zarafa_ical_var_run_t,s0)
++/var/run/zarafa-indexer -- gen_context(system_u:object_r:zarafa_indexer_var_run_t,s0)
+/var/run/zarafa-monitor\.pid -- gen_context(system_u:object_r:zarafa_monitor_var_run_t,s0)
diff --git a/policy/modules/services/zarafa.if b/policy/modules/services/zarafa.if
new file mode 100644
@@ -51158,10 +51176,10 @@ index 0000000..8a909f5
+')
diff --git a/policy/modules/services/zarafa.te b/policy/modules/services/zarafa.te
new file mode 100644
-index 0000000..fec9997
+index 0000000..850b8b5
--- /dev/null
+++ b/policy/modules/services/zarafa.te
-@@ -0,0 +1,141 @@
+@@ -0,0 +1,146 @@
+policy_module(zarafa, 1.0.0)
+
+########################################
@@ -51172,6 +51190,7 @@ index 0000000..fec9997
+attribute zarafa_domain;
+
+zarafa_domain_template(monitor)
++zarafa_domain_template(indexer)
+zarafa_domain_template(ical)
+zarafa_domain_template(server)
+zarafa_domain_template(spooler)
@@ -51193,6 +51212,8 @@ index 0000000..fec9997
+type zarafa_share_t;
+files_type(zarafa_share_t)
+
++permissive zarafa_indexer_t;
++
+########################################
+#
+# zarafa-deliver local policy
@@ -51221,6 +51242,8 @@ index 0000000..fec9997
+manage_files_pattern(zarafa_server_t, zarafa_var_lib_t, zarafa_var_lib_t)
+files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir })
+
++stream_connect_pattern(zarafa_server_t, zarafa_indexer_var_run_t, zarafa_indexer_var_run_t, zarafa_indexer_t)
++
+corenet_tcp_bind_zarafa_port(zarafa_server_t)
+
+files_read_usr_files(zarafa_server_t)
@@ -52473,10 +52496,10 @@ index 882c6a2..d0ff4ec 100644
')
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
-index 354ce93..f97fbb7 100644
+index 354ce93..b8b14b9 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
-@@ -33,6 +33,19 @@ ifdef(`distro_gentoo', `
+@@ -33,9 +33,24 @@ ifdef(`distro_gentoo', `
#
# /sbin
#
@@ -52496,7 +52519,12 @@ index 354ce93..f97fbb7 100644
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
# because nowadays, /sbin/init is often a symlink to /sbin/upstart
/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
-@@ -55,6 +68,9 @@ ifdef(`distro_gentoo', `
++# for Fedora
++/lib/upstart/init -- gen_context(system_u:object_r:init_exec_t,s0)
+
+ ifdef(`distro_gentoo', `
+ /sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
+@@ -55,6 +70,9 @@ ifdef(`distro_gentoo', `
/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -52506,7 +52534,7 @@ index 354ce93..f97fbb7 100644
#
# /var
-@@ -76,3 +92,4 @@ ifdef(`distro_suse', `
+@@ -76,3 +94,4 @@ ifdef(`distro_suse', `
/var/run/setleds-on -- gen_context(system_u:object_r:initrc_var_run_t,s0)
/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0)
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b6535a9..8ffc7dd 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.16
-Release: 19%{?dist}
+Release: 20%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -472,6 +472,14 @@ exit 0
%endif
%changelog
+* Thu May 5 2011 Miroslav Grepl 3.9.16-20
+- Fix label for /usr/share/munin/plugins/munin_* plugins
+- Add support for zarafa-indexer
+- Fix boolean description
+- Allow colord to getattr on /proc/scsi/scsi
+- Add label for /lib/upstart/init
+- Colord needs to list /mnt
+
* Tue May 3 2011 Miroslav Grepl 3.9.16-19
- Forard port changes from F15 for telepathy
- NetworkManager should be allowed to use /dev/rfkill