diff --git a/policy-F13.patch b/policy-F13.patch
index ca9c034..ba935e4 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -6357,8 +6357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.19/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te	2010-05-28 09:42:00.005610977 +0200
-@@ -0,0 +1,385 @@
++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te	2010-06-09 13:14:00.641506056 +0200
+@@ -0,0 +1,386 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
 +attribute sandbox_domain;
@@ -6700,6 +6700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +
 +optional_policy(`
 +	nsplugin_read_rw_files(sandbox_web_type)
++	nsplugin_manage_rw(sandbox_web_type)
 +	nsplugin_rw_exec(sandbox_web_type)
 +')
 +
@@ -7707,7 +7708,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +/sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.19/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/devices.if	2010-06-08 15:56:44.863609937 +0200
++++ serefpolicy-3.7.19/policy/modules/kernel/devices.if	2010-06-09 13:30:20.497756418 +0200
 @@ -407,7 +407,7 @@
  
  ########################################
@@ -7978,7 +7979,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  ##	Mount a usbfs filesystem.
  ## </summary>
  ## <param name="domain">
-@@ -3905,6 +4095,26 @@
+@@ -3905,6 +4095,24 @@
  
  ########################################
  ## <summary>
@@ -7992,12 +7993,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +#
 +interface(`dev_rw_vhost',`
 +	gen_require(`
-+		type vhost_device_t;
++		type device_t, vhost_device_t;
 +	')
 +
-+	list_dirs_pattern($1, vhost_device_t, vhost_device_t)
-+	rw_files_pattern($1, vhost_device_t, vhost_device_t)
-+	read_lnk_files_pattern($1, vhost_device_t, vhost_device_t)
++	rw_chr_files_pattern($1, device_t, vhost_device_t)
 +')
 +
 +########################################
@@ -12208,8 +12207,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.
 +gen_user(xguest_u, user, xguest_r, s0, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.19/policy/modules/services/abrt.fc
 --- nsaserefpolicy/policy/modules/services/abrt.fc	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/abrt.fc	2010-05-28 09:42:00.051610544 +0200
-@@ -1,11 +1,20 @@
++++ serefpolicy-3.7.19/policy/modules/services/abrt.fc	2010-06-09 16:26:51.087757629 +0200
+@@ -1,11 +1,21 @@
 -/etc/abrt(/.*)?			 gen_context(system_u:object_r:abrt_etc_t,s0)
 +/etc/abrt(/.*)?				gen_context(system_u:object_r:abrt_etc_t,s0)
  /etc/rc\.d/init\.d/abrt		--	gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
@@ -12231,6 +12230,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
 -/var/run/abrt\.lock		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
 +/var/run/abrt\.pid		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
 +/var/run/abrtd?\.lock		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
++/var/run/abrtd?\.socket	--  gen_context(system_u:object_r:abrt_var_run_t,s0)
 +/var/run/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_run_t,s0)
 +
 +/var/spool/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_cache_t,s0)
@@ -12484,7 +12484,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  	admin_pattern($1, abrt_var_cache_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.19/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/abrt.te	2010-06-03 16:30:53.967160939 +0200
++++ serefpolicy-3.7.19/policy/modules/services/abrt.te	2010-06-09 16:27:06.470757212 +0200
 @@ -1,5 +1,5 @@
  
 -policy_module(abrt, 1.0.1)
@@ -12518,7 +12518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  allow abrt_t self:process { signal signull setsched getsched };
  
  allow abrt_t self:fifo_file rw_fifo_file_perms;
-@@ -54,19 +66,24 @@
+@@ -54,20 +66,25 @@
  manage_files_pattern(abrt_t, abrt_var_log_t, abrt_var_log_t)
  logging_log_filetrans(abrt_t, abrt_var_log_t, file)
  
@@ -12539,11 +12539,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  # abrt pid files
  manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
  manage_dirs_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
+-files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
 +manage_sock_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
 +manage_lnk_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
- files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
++files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir sock_file })
  
  kernel_read_ring_buffer(abrt_t)
+ kernel_read_system_state(abrt_t)
 @@ -75,25 +92,46 @@
  
  corecmd_exec_bin(abrt_t)
@@ -13222,7 +13224,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.19/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/apache.if	2010-05-28 09:42:00.059610718 +0200
++++ serefpolicy-3.7.19/policy/modules/services/apache.if	2010-06-09 16:37:21.838505993 +0200
 @@ -13,17 +13,13 @@
  #
  template(`apache_content_template',`
@@ -13523,7 +13525,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -1086,6 +1174,25 @@
+@@ -985,6 +1073,24 @@
+ 	allow $1 httpd_sys_content_t:dir search_dir_perms;
+ ')
+ 
++#######################################
++## <summary>
++##  Getattr apache system content.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain to not audit.
++##  </summary>
++## </param>
++#
++interface(`apache_getattr_sys_content',`
++    gen_require(`
++        type httpd_sys_content_t;
++    ')
++
++    getattr_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	Read apache system content.
+@@ -1086,6 +1192,25 @@
  	read_files_pattern($1, httpd_tmp_t, httpd_tmp_t)
  ')
  
@@ -13549,7 +13576,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ########################################
  ## <summary>
  ##	Dontaudit attempts to write
-@@ -1102,7 +1209,7 @@
+@@ -1102,7 +1227,7 @@
  		type httpd_tmp_t;
  	')
  
@@ -13558,7 +13585,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -1172,7 +1279,7 @@
+@@ -1172,7 +1297,7 @@
  		type httpd_modules_t, httpd_lock_t;
  		type httpd_var_run_t, httpd_php_tmp_t;
  		type httpd_suexec_tmp_t, httpd_tmp_t;
@@ -13567,7 +13594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	')
  
  	allow $1 httpd_t:process { getattr ptrace signal_perms };
-@@ -1202,12 +1309,44 @@
+@@ -1202,12 +1327,44 @@
  
  	kernel_search_proc($1)
  	allow $1 httpd_t:dir list_dir_perms;
@@ -19950,7 +19977,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.19/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/hal.te	2010-05-28 09:42:00.116610713 +0200
++++ serefpolicy-3.7.19/policy/modules/services/hal.te	2010-06-09 13:12:04.850507212 +0200
 @@ -55,6 +55,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -20011,13 +20038,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  auth_use_nsswitch(hald_t)
  
-@@ -209,10 +216,12 @@
+@@ -209,10 +216,13 @@
  seutil_read_default_contexts(hald_t)
  seutil_read_file_contexts(hald_t)
  
 -sysnet_read_config(hald_t)
 +sysnet_delete_dhcpc_pid(hald_t)
  sysnet_domtrans_dhcpc(hald_t)
++sysnet_signal_dhcpc(hald_t)
  sysnet_domtrans_ifconfig(hald_t)
 +sysnet_read_config(hald_t)
  sysnet_read_dhcp_config(hald_t)
@@ -20025,7 +20053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  userdom_dontaudit_use_unpriv_user_fds(hald_t)
  userdom_dontaudit_search_user_home_dirs(hald_t)
-@@ -266,6 +275,10 @@
+@@ -266,6 +276,10 @@
  ')
  
  optional_policy(`
@@ -20036,7 +20064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	gpm_dontaudit_getattr_gpmctl(hald_t)
  ')
  
-@@ -295,6 +308,7 @@
+@@ -295,6 +309,7 @@
  ')
  
  optional_policy(`
@@ -20044,7 +20072,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	ppp_read_rw_config(hald_t)
  ')
  
-@@ -315,11 +329,19 @@
+@@ -315,11 +330,19 @@
  ')
  
  optional_policy(`
@@ -20064,7 +20092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	updfstab_domtrans(hald_t)
  ')
  
-@@ -331,6 +353,10 @@
+@@ -331,6 +354,10 @@
  	virt_manage_images(hald_t)
  ')
  
@@ -20075,7 +20103,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ########################################
  #
  # Hal acl local policy
-@@ -351,6 +377,7 @@
+@@ -351,6 +378,7 @@
  manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -20083,7 +20111,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  corecmd_exec_bin(hald_acl_t)
  
-@@ -463,6 +490,10 @@
+@@ -463,6 +491,10 @@
  
  miscfiles_read_localization(hald_keymap_t)
  
@@ -20094,6 +20122,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ########################################
  #
  # Local hald dccm policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.7.19/policy/modules/services/icecast.te
+--- nsaserefpolicy/policy/modules/services/icecast.te	2010-04-13 20:44:37.000000000 +0200
++++ serefpolicy-3.7.19/policy/modules/services/icecast.te	2010-06-09 16:38:02.472756824 +0200
+@@ -38,6 +38,8 @@
+ manage_files_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)
+ files_pid_filetrans(icecast_t, icecast_var_run_t, { file dir })
+ 
++kernel_read_system_state(icecast_t)
++
+ corenet_tcp_bind_soundd_port(icecast_t)
+ 
+ # Init script handling
+@@ -52,5 +54,9 @@
+ sysnet_dns_name_resolve(icecast_t)
+ 
+ optional_policy(`
++	apache_getattr_sys_content(icecast_t)
++')
++
++optional_policy(`
+ 	rtkit_scheduled(icecast_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.7.19/policy/modules/services/inn.te
 --- nsaserefpolicy/policy/modules/services/inn.te	2010-04-13 20:44:37.000000000 +0200
 +++ serefpolicy-3.7.19/policy/modules/services/inn.te	2010-05-28 09:42:00.117610715 +0200
@@ -20130,7 +20180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  		allow $1 self:udp_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.19/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/kerberos.te	2010-05-28 09:42:00.118610789 +0200
++++ serefpolicy-3.7.19/policy/modules/services/kerberos.te	2010-06-09 13:08:36.336506784 +0200
 @@ -112,6 +112,7 @@
  
  kernel_read_kernel_sysctls(kadmind_t)
@@ -20149,6 +20199,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  corenet_tcp_bind_reserved_port(kadmind_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(kadmind_t)
  corenet_sendrecv_kerberos_admin_server_packets(kadmind_t)
+@@ -198,7 +201,7 @@
+ allow krb5kdc_t krb5kdc_log_t:file manage_file_perms;
+ logging_log_filetrans(krb5kdc_t, krb5kdc_log_t, file)
+ 
+-allow krb5kdc_t krb5kdc_principal_t:file read_file_perms;
++allow krb5kdc_t krb5kdc_principal_t:file rw_file_perms;
+ dontaudit krb5kdc_t krb5kdc_principal_t:file write;
+ 
+ manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
 @@ -283,7 +286,7 @@
  allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
  allow kpropd_t self:tcp_socket create_stream_socket_perms;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5d510e5..97ad98b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,12 @@ exit 0
 %endif
 
 %changelog
+* Wed Jun 9 2010 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-26
+- Allow krb5kdc to write krb5kdc_principal_t file
+- Allow hald to send generic signal to dhcp client
+- Fix dev_rw_vhost interface
+- Add /var/run/abrt.socket label
+
 * Tue Jun 8 2010 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-25
 - Fixes for cmirrord policy
 - Dontaudit xauth to list inotifyfs filesystem.