diff --git a/config.tgz b/config.tgz
index 658efa9..27ce15b 100644
Binary files a/config.tgz and b/config.tgz differ
diff --git a/policy-F13.patch b/policy-F13.patch
index f934d09..3fdd0e3 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -822,7 +822,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.t
  dev_getattr_all_blk_files(quota_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.19/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/admin/readahead.te	2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/admin/readahead.te	2010-05-13 11:36:10.000000000 -0400
 @@ -52,6 +52,7 @@
  
  files_list_non_security(readahead_t)
@@ -835,7 +835,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
  fs_search_auto_mountpoints(readahead_t)
  fs_getattr_all_pipes(readahead_t)
  fs_getattr_all_files(readahead_t)
-+fs_read_cgroup_files(readahead_t)
++fs_read_cgroupfs_files(readahead_t)
 +fs_read_tmpfs_files(readahead_t)
  fs_read_tmpfs_symlinks(readahead_t)
  fs_list_inotifyfs(readahead_t)
@@ -3448,8 +3448,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.19/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/apps/gpg.te	2010-04-28 12:00:49.000000000 -0400
-@@ -20,6 +20,7 @@
++++ serefpolicy-3.7.19/policy/modules/apps/gpg.te	2010-05-13 10:54:06.000000000 -0400
+@@ -5,6 +5,7 @@
+ #
+ # Declarations
+ #
++attribute gpgdomain;
+ 
+ ## <desc>
+ ## <p>
+@@ -14,12 +15,13 @@
+ ## </desc>
+ gen_tunable(gpg_agent_env_file, false)
+ 
+-type gpg_t;
++type gpg_t, gpgdomain;
+ type gpg_exec_t;
+ typealias gpg_t alias { user_gpg_t staff_gpg_t sysadm_gpg_t };
  typealias gpg_t alias { auditadm_gpg_t secadm_gpg_t };
  application_domain(gpg_t, gpg_exec_t)
  ubac_constrained(gpg_t)
@@ -3457,7 +3472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  type gpg_agent_t;
  type gpg_agent_exec_t;
-@@ -45,6 +46,7 @@
+@@ -45,6 +47,7 @@
  typealias gpg_helper_t alias { auditadm_gpg_helper_t secadm_gpg_helper_t };
  application_domain(gpg_helper_t, gpg_helper_exec_t)
  ubac_constrained(gpg_helper_t)
@@ -3465,7 +3480,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  type gpg_pinentry_t;
  type pinentry_exec_t;
-@@ -53,14 +55,23 @@
+@@ -53,22 +56,33 @@
  application_domain(gpg_pinentry_t, pinentry_exec_t)
  ubac_constrained(gpg_pinentry_t)
  
@@ -3482,16 +3497,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  # GPG local policy
  #
  
- allow gpg_t self:capability { ipc_lock setuid };
+-allow gpg_t self:capability { ipc_lock setuid };
 -# setrlimit is for ulimit -c 0
 -allow gpg_t self:process { signal setrlimit getcap setcap setpgid };
-+allow gpg_t self:process { getsched setsched };
++allow gpgdomain self:capability { ipc_lock setuid };
++allow gpgdomain self:process { getsched setsched };
 +#at setrlimit is for ulimit -c 0
-+allow gpg_t self:process { signal signull setrlimit getcap setcap setpgid };
++allow gpgdomain self:process { signal signull setrlimit getcap setcap setpgid };
+ 
+-allow gpg_t self:fifo_file rw_fifo_file_perms;
+-allow gpg_t self:tcp_socket create_stream_socket_perms;
++allow gpgdomain self:fifo_file rw_fifo_file_perms;
++allow gpgdomain self:tcp_socket create_stream_socket_perms;
  
- allow gpg_t self:fifo_file rw_fifo_file_perms;
- allow gpg_t self:tcp_socket create_stream_socket_perms;
-@@ -69,6 +80,8 @@
+ manage_dirs_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
  manage_files_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
  files_tmp_filetrans(gpg_t, gpg_agent_tmp_t, { dir file })
  
@@ -3500,7 +3519,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  # transition from the gpg domain to the helper domain
  domtrans_pattern(gpg_t, gpg_helper_exec_t, gpg_helper_t)
  
-@@ -79,6 +92,9 @@
+@@ -79,6 +93,9 @@
  
  kernel_read_sysctl(gpg_t)
  
@@ -3510,7 +3529,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  corenet_all_recvfrom_unlabeled(gpg_t)
  corenet_all_recvfrom_netlabel(gpg_t)
  corenet_tcp_sendrecv_generic_if(gpg_t)
-@@ -95,6 +111,7 @@
+@@ -95,6 +112,7 @@
  dev_read_generic_usb_dev(gpg_t)
  
  fs_getattr_xattr_fs(gpg_t)
@@ -3518,7 +3537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  domain_use_interactive_fds(gpg_t)
  
-@@ -112,6 +129,8 @@
+@@ -112,6 +130,8 @@
  # sign/encrypt user files
  userdom_manage_user_tmp_files(gpg_t)
  userdom_manage_user_home_content_files(gpg_t)
@@ -3527,7 +3546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  mta_write_config(gpg_t)
  
-@@ -126,15 +145,20 @@
+@@ -126,15 +146,20 @@
  ')
  
  optional_policy(`
@@ -3552,7 +3571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  ########################################
  #
  # GPG helper local policy
-@@ -184,6 +208,7 @@
+@@ -184,6 +209,7 @@
  #
  # GPG agent local policy
  #
@@ -3560,7 +3579,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  # rlimit: gpg-agent wants to prevent coredumps
  allow gpg_agent_t self:process setrlimit;
-@@ -202,10 +227,16 @@
+@@ -202,10 +228,16 @@
  manage_sock_files_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
  files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
  
@@ -3577,7 +3596,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  domain_use_interactive_fds(gpg_agent_t)
  
-@@ -215,6 +246,10 @@
+@@ -215,6 +247,10 @@
  userdom_use_user_terminals(gpg_agent_t)
  # read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d )
  userdom_search_user_home_dirs(gpg_agent_t)
@@ -3588,7 +3607,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  tunable_policy(`gpg_agent_env_file',`
  	# write ~/.gpg-agent-info or a similar to the users home dir
-@@ -237,31 +272,74 @@
+@@ -237,31 +273,74 @@
  	fs_manage_cifs_symlinks(gpg_agent_t)
  ')
  
@@ -3664,7 +3683,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  tunable_policy(`use_nfs_home_dirs',`
  	fs_read_nfs_files(gpg_pinentry_t)
  ')
-@@ -271,5 +349,25 @@
+@@ -271,5 +350,25 @@
  ')
  
  optional_policy(`
@@ -5460,8 +5479,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  /var/run/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.if	2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if	2010-04-29 10:59:16.000000000 -0400
-@@ -186,6 +186,25 @@
++++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if	2010-05-13 11:25:28.000000000 -0400
+@@ -104,6 +104,24 @@
+ 	can_exec($1, pulseaudio_exec_t)
+ ')
+ 
++########################################
++## <summary>
++##	dontaudit attempts to execute a pulseaudio in the current domain.
++## </summary>
++## <param name="domain">
++## <summary>
++##	Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`pulseaudio_dontaudit_exec',`
++	gen_require(`
++		type pulseaudio_exec_t;
++	')
++
++	dontaudit $1 pulseaudio_exec_t:file execute;
++')
++
+ #####################################
+ ## <summary>
+ ##	Connect to pulseaudio over a unix domain
+@@ -186,6 +204,25 @@
  
  ########################################
  ## <summary>
@@ -5487,7 +5531,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  ##	Create, read, write, and delete pulseaudio
  ##	home directory files.
  ## </summary>
-@@ -202,4 +221,24 @@
+@@ -202,4 +239,24 @@
  
  	userdom_search_user_home_dirs($1)
  	manage_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
@@ -6071,7 +6115,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.19/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te	2010-05-12 12:47:41.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te	2010-05-13 11:45:38.000000000 -0400
 @@ -0,0 +1,379 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
@@ -6190,10 +6234,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +gen_require(`
 +	type usr_t, lib_t, locale_t;
 +	type var_t, var_run_t, rpm_log_t, locale_t;
-+	attribute exec_type;
++	attribute exec_type, configfile;
 +')
 +
-+files_rw_all_inherited_files(sandbox_domain, -exec_type -etc_t -usr_t -lib_t -locale_t -var_t -var_run_t -device_t -rpm_log_t )
++files_rw_all_inherited_files(sandbox_domain, -exec_type -configfile -usr_t -lib_t -locale_t -var_t -var_run_t -device_t -rpm_log_t )
 +files_entrypoint_all_files(sandbox_domain)
 +
 +files_read_etc_files(sandbox_domain)
@@ -7649,7 +7693,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.19/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/kernel/domain.te	2010-05-06 15:05:28.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/kernel/domain.te	2010-05-13 10:40:35.000000000 -0400
 @@ -5,6 +5,21 @@
  #
  # Declarations
@@ -7742,7 +7786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  # Act upon any other process.
  allow unconfined_domain_type domain:process ~{ transition dyntransition execmem execstack execheap };
  
-@@ -153,3 +187,75 @@
+@@ -153,3 +187,76 @@
  
  # receive from all domains over labeled networking
  domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -7770,6 +7814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +	abrt_read_pid_files(domain)
 +	abrt_read_state(domain)
 +	abrt_signull(domain)
++	abrt_stream_connect(domain)
 +')
 +
 +optional_policy(`
@@ -8806,10 +8851,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.19/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2010-03-12 11:48:14.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.if	2010-05-11 09:56:44.000000000 -0400
-@@ -569,10 +569,10 @@
++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.if	2010-05-13 11:18:14.000000000 -0400
+@@ -567,12 +567,12 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_mount_cgroup', `
+-interface(`fs_mount_cgroup', `
++interface(`fs_mount_cgroupfs', `
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -8820,9 +8868,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -588,10 +588,10 @@
+@@ -586,12 +586,12 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_remount_cgroup', `
+-interface(`fs_remount_cgroup', `
++interface(`fs_remount_cgroupfs', `
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -8833,9 +8884,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -606,10 +606,10 @@
+@@ -604,12 +604,12 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_unmount_cgroup', `
+-interface(`fs_unmount_cgroup', `
++interface(`fs_unmount_cgroupfs', `
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -8846,9 +8900,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -644,11 +644,11 @@
+@@ -623,7 +623,7 @@
+ ## </param>
+ ## <rolecap/>
  #
- interface(`fs_list_cgroup_dirs', `
+-interface(`fs_getattr_cgroup',`
++interface(`fs_getattr_cgroupfs',`
+ 	gen_require(`
+ 		type cifs_t;
+ 	')
+@@ -642,13 +642,13 @@
+ ##      </summary>
+ ## </param>
+ #
+-interface(`fs_list_cgroup_dirs', `
++interface(`fs_list_cgroupfs_dirs', `
          gen_require(`
 -                type cgroup_t;
 +                type cgroupfs_t;
@@ -8860,9 +8926,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -682,11 +682,11 @@
+@@ -680,13 +680,13 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_manage_cgroup_dirs',`
+-interface(`fs_manage_cgroup_dirs',`
++interface(`fs_manage_cgroupfs_dirs',`
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -8874,9 +8943,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -702,11 +702,11 @@
+@@ -700,13 +700,13 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_setattr_cgroup_files',`
+-interface(`fs_setattr_cgroup_files',`
++interface(`fs_setattr_cgroupfs_files',`
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -8888,9 +8960,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -722,11 +722,11 @@
+@@ -720,13 +720,13 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_read_cgroup_files',`
+-interface(`fs_read_cgroup_files',`
++interface(`fs_read_cgroupfs_files',`
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -8902,9 +8977,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -742,11 +742,11 @@
+@@ -740,13 +740,13 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_write_cgroup_files', `
+-interface(`fs_write_cgroup_files', `
++interface(`fs_write_cgroupfs_files', `
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -8916,9 +8994,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -762,11 +762,11 @@
+@@ -760,13 +760,13 @@
+ ##	</summary>
+ ## </param>
  #
- interface(`fs_rw_cgroup_files',`
+-interface(`fs_rw_cgroup_files',`
++interface(`fs_rw_cgroupfs_files',`
  	gen_require(`
 -		type cgroup_t;
 +		type cgroupfs_t;
@@ -9139,7 +9220,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.19/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2010-04-08 11:20:37.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.te	2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.te	2010-05-13 11:16:15.000000000 -0400
 @@ -53,6 +53,7 @@
  fs_type(anon_inodefs_t)
  files_mountpoint(anon_inodefs_t)
@@ -9158,7 +9239,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +
 +type cgroupfs_t;
 +fs_type(cgroupfs_t)
-+allow cgroupfs_t self:filesystem associate;
++files_type(cgroupfs_t)
 +genfscon cgroup / gen_context(system_u:object_r:cgroupfs_t,s0)
 +
  type configfs_t;
@@ -11513,7 +11594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
 +/var/run/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.19/policy/modules/services/abrt.if
 --- nsaserefpolicy/policy/modules/services/abrt.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/services/abrt.if	2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/abrt.if	2010-05-13 10:40:09.000000000 -0400
 @@ -19,6 +19,28 @@
  	domtrans_pattern($1, abrt_exec_t, abrt_t)
  ')
@@ -11576,7 +11657,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  ######################################
  ## <summary>
  ##	Read abrt logs.
-@@ -76,6 +124,101 @@
+@@ -76,6 +124,121 @@
  	read_files_pattern($1, abrt_var_log_t, abrt_var_log_t)
  ')
  
@@ -11601,6 +11682,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
 +
 +########################################
 +## <summary>
++##	Connect to abrt over an unix stream socket.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`abrt_stream_connect',`
++	gen_require(`
++		type abrt_t, abrt_var_run_t;
++	')
++
++	files_search_pids($1)
++	stream_connect_pattern($1, abrt_var_run_t, abrt_var_run_t, abrt_t)
++')
++
++
++########################################
++## <summary>
 +##	Allow the domain to read abrt state files in /proc.
 +## </summary>
 +## <param name="domain">
@@ -11680,7 +11781,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  ##	All of the rules required to administrate 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.19/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/services/abrt.te	2010-04-15 10:07:45.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/abrt.te	2010-05-13 10:01:09.000000000 -0400
 @@ -33,12 +33,24 @@
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
@@ -11707,7 +11808,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  allow abrt_t self:process { signal signull setsched getsched };
  
  allow abrt_t self:fifo_file rw_fifo_file_perms;
-@@ -58,15 +70,18 @@
+@@ -58,15 +70,19 @@
  manage_dirs_pattern(abrt_t, abrt_tmp_t, abrt_tmp_t)
  manage_files_pattern(abrt_t, abrt_tmp_t, abrt_tmp_t)
  files_tmp_filetrans(abrt_t, abrt_tmp_t, { file dir })
@@ -11724,11 +11825,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
 -manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
  manage_dirs_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
 +manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
++manage_sock_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
 +manage_lnk_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
  files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
  
  kernel_read_ring_buffer(abrt_t)
-@@ -75,25 +90,40 @@
+@@ -75,25 +91,40 @@
  
  corecmd_exec_bin(abrt_t)
  corecmd_exec_shell(abrt_t)
@@ -11776,7 +11878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  
  sysnet_read_config(abrt_t)
  
-@@ -103,22 +133,115 @@
+@@ -103,22 +134,116 @@
  miscfiles_read_certs(abrt_t)
  miscfiles_read_localization(abrt_t)
  
@@ -11899,6 +12001,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
 +	allow abrt_t domain:file write;
 +	allow abrt_t domain:process setrlimit;
 +')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.19/policy/modules/services/afs.te
 --- nsaserefpolicy/policy/modules/services/afs.te	2010-03-23 10:55:15.000000000 -0400
 +++ serefpolicy-3.7.19/policy/modules/services/afs.te	2010-04-14 10:48:18.000000000 -0400
@@ -14471,7 +14574,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.19/policy/modules/services/cgroup.te
 --- nsaserefpolicy/policy/modules/services/cgroup.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/services/cgroup.te	2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/cgroup.te	2010-05-13 11:37:22.000000000 -0400
 @@ -0,0 +1,87 @@
 +policy_module(cgroup, 1.0.0)
 +
@@ -14540,7 +14643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +miscfiles_read_localization(cgred_t)
 +
 +optional_policy(`
-+	fs_write_cgroup_files(cgred_t)
++	fs_write_cgroupfs_files(cgred_t)
 +')
 +
 +########################################
@@ -14556,10 +14659,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +
 +files_read_etc_files(cgconfigparser_t)
 +
-+fs_manage_cgroup_dirs(cgconfigparser_t)
-+fs_rw_cgroup_files(cgconfigparser_t)
-+fs_setattr_cgroup_files(cgconfigparser_t)
-+fs_mount_cgroup(cgconfigparser_t)
++fs_manage_cgroupfs_dirs(cgconfigparser_t)
++fs_rw_cgroupfs_files(cgconfigparser_t)
++fs_setattr_cgroupfs_files(cgconfigparser_t)
++fs_mount_cgroupfs(cgconfigparser_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.19/policy/modules/services/chronyd.if
 --- nsaserefpolicy/policy/modules/services/chronyd.if	2010-03-29 15:04:22.000000000 -0400
 +++ serefpolicy-3.7.19/policy/modules/services/chronyd.if	2010-05-07 09:36:10.000000000 -0400
@@ -15413,7 +15516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/log/mcelog.*		--	gen_context(system_u:object_r:cron_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.19/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/services/cron.if	2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/cron.if	2010-05-13 12:02:56.000000000 -0400
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -15478,15 +15581,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  	optional_policy(`
  		gen_require(`
  			class dbus send_msg;
-@@ -263,6 +259,7 @@
+@@ -259,9 +255,8 @@
+ 	gen_require(`
+ 		type crond_t, system_cronjob_t;
+ 	')
+-
  	domtrans_pattern(system_cronjob_t, $2, $1)
- 	domtrans_pattern(crond_t, $2, $1)
+-	domtrans_pattern(crond_t, $2, $1)
++	 domtrans_pattern(crond_t, $2, $1)
  
-+	userdom_dontaudit_list_admin_dir($1)
  	role system_r types $1;
  ')
- 
-@@ -408,7 +405,25 @@
+@@ -408,7 +403,25 @@
  		type crond_t;
  	')
  
@@ -15513,7 +15619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  ')
  
  ########################################
-@@ -554,7 +569,7 @@
+@@ -554,7 +567,7 @@
  		type system_cronjob_t;
  	')
  
@@ -15522,7 +15628,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  ')
  
  ########################################
-@@ -587,11 +602,14 @@
+@@ -587,11 +600,14 @@
  #
  interface(`cron_read_system_job_tmp_files',`
  	gen_require(`
@@ -15538,7 +15644,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  ')
  
  ########################################
-@@ -627,7 +645,48 @@
+@@ -627,7 +643,48 @@
  interface(`cron_dontaudit_write_system_job_tmp_files',`
  	gen_require(`
  		type system_cronjob_tmp_t;
@@ -28176,7 +28282,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.19/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/services/virt.te	2010-04-26 14:24:46.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/virt.te	2010-05-13 11:15:36.000000000 -0400
 @@ -36,13 +36,6 @@
  
  ## <desc>
@@ -28280,7 +28386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  allow virtd_t virt_image_type:file { relabelfrom relabelto };
  allow virtd_t virt_image_type:blk_file { relabelfrom relabelto };
  
-@@ -252,14 +248,20 @@
+@@ -252,21 +248,35 @@
  # Init script handling
  domain_use_interactive_fds(virtd_t)
  domain_read_all_domains_state(virtd_t)
@@ -28302,10 +28408,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
  fs_list_auto_mountpoints(virtd_t)
  fs_getattr_xattr_fs(virtd_t)
-@@ -268,6 +270,14 @@
- fs_manage_cgroup_dirs(virtd_t)
- fs_rw_cgroup_files(virtd_t)
- 
+ fs_rw_anon_inodefs_files(virtd_t)
+ fs_list_inotifyfs(virtd_t)
+-fs_manage_cgroup_dirs(virtd_t)
+-fs_rw_cgroup_files(virtd_t)
++fs_manage_cgroupfs_dirs(virtd_t)
++fs_rw_cgroupfs_files(virtd_t)
++
 +mls_fd_share_all_levels(virtd_t)
 +mls_file_read_to_clearance(virtd_t)
 +mls_file_write_to_clearance(virtd_t)
@@ -28313,10 +28422,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +mls_net_write_within_range(virtd_t)
 +mls_socket_write_to_clearance(virtd_t)
 +mls_rangetrans_source(virtd_t)
-+
+ 
  mcs_process_set_categories(virtd_t)
  
- storage_manage_fixed_disk(virtd_t)
 @@ -291,15 +301,22 @@
  
  logging_send_syslog_msg(virtd_t)
@@ -28380,7 +28488,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  term_use_all_terms(virt_domain)
  term_getattr_pty_fs(virt_domain)
  term_use_generic_ptys(virt_domain)
-@@ -467,3 +503,4 @@
+@@ -462,8 +498,13 @@
+ ')
+ 
+ optional_policy(`
++	pulseaudio_dontaudit_exec(virt_domain)
++')
++
++optional_policy(`
+ 	virt_read_config(virt_domain)
+ 	virt_read_lib_files(virt_domain)
  	virt_read_content(virt_domain)
  	virt_stream_connect(virt_domain)
  ')
@@ -30372,7 +30489,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.7.19/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/system/hostname.te	2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/system/hostname.te	2010-05-13 11:26:52.000000000 -0400
 @@ -27,15 +27,18 @@
  
  dev_read_sysfs(hostname_t)
@@ -30392,6 +30509,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
  fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
  
  term_dontaudit_use_console(hostname_t)
+@@ -54,6 +57,10 @@
+ sysnet_dns_name_resolve(hostname_t)
+ 
+ optional_policy(`
++	nis_use_ypbind(hostname_t)
++')
++
++optional_policy(`
+ 	xen_append_log(hostname_t)
+ 	xen_dontaudit_use_fds(hostname_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.19/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2010-03-18 10:35:11.000000000 -0400
 +++ serefpolicy-3.7.19/policy/modules/system/init.fc	2010-04-14 10:48:18.000000000 -0400
@@ -30658,7 +30786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.19/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/system/init.te	2010-05-07 09:54:35.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/system/init.te	2010-05-13 11:19:28.000000000 -0400
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart, false)
@@ -30842,9 +30970,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  fs_getattr_all_fs(initrc_t)
 +fs_search_all(initrc_t)
 +fs_getattr_nfsd_files(initrc_t)
-+fs_rw_cgroup_files(initrc_t)
-+fs_setattr_cgroup_files(initrc_t)
-+fs_manage_cgroup_dirs(initrc_t)
++fs_rw_cgroupfs_files(initrc_t)
++fs_setattr_cgroupfs_files(initrc_t)
++fs_manage_cgroupfs_dirs(initrc_t)
  
  # initrc_t needs to do a pidof which requires ptrace
  mcs_ptrace_all(initrc_t)
@@ -31363,7 +31491,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.19/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2010-03-23 11:19:40.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/system/libraries.fc	2010-04-19 09:16:53.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/system/libraries.fc	2010-05-13 09:03:06.000000000 -0400
+@@ -131,7 +131,7 @@
+ /usr/lib/vlc/codec/libdmo_plugin\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/vlc/codec/librealaudio_plugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib64/vlc/codec/librealvideo_plugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/lib64/vlc/codec/libdmo_plugin\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib64/vlc/.*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib64/vlc/codec/librealaudio_plugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libtfmessbsp\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/xorg/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 @@ -208,6 +208,7 @@
  
  /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -34786,7 +34923,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.19/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/system/userdomain.if	2010-05-11 10:03:28.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/system/userdomain.if	2010-05-13 11:47:27.000000000 -0400
 @@ -30,8 +30,9 @@
  	')
  
@@ -34916,7 +35053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +
 +	files_exec_usr_files($1_t)
 +
-+	fs_list_cgroup_dirs($1_usertype)
++	fs_list_cgroupfs_dirs($1_usertype)
  
 -	libs_exec_ld_so($1_t)
 +	storage_rw_fuse($1_usertype)
@@ -37183,7 +37320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.19/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2010-03-04 11:44:07.000000000 -0500
-+++ serefpolicy-3.7.19/policy/support/obj_perm_sets.spt	2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/support/obj_perm_sets.spt	2010-05-13 10:46:06.000000000 -0400
 @@ -28,7 +28,7 @@
  #
  # All socket classes.
@@ -37238,7 +37375,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
  define(`create_fifo_file_perms',`{ getattr create open }')
  define(`rename_fifo_file_perms',`{ getattr rename }')
  define(`delete_fifo_file_perms',`{ getattr unlink }')
-@@ -271,7 +274,8 @@
+@@ -254,7 +257,8 @@
+ define(`setattr_sock_file_perms',`{ setattr }')
+ define(`read_sock_file_perms',`{ getattr open read }')
+ define(`write_sock_file_perms',`{ getattr write open append }')
+-define(`rw_sock_file_perms',`{ getattr open read write append }')
++define(`rw_inherited_sock_file_perms',`{ getattr read write append }')
++define(`rw_sock_file_perms',`{ open rw_inherited_sock_file_perms }')
+ define(`create_sock_file_perms',`{ getattr create open }')
+ define(`rename_sock_file_perms',`{ getattr rename }')
+ define(`delete_sock_file_perms',`{ getattr unlink }')
+@@ -271,7 +275,8 @@
  define(`read_blk_file_perms',`{ getattr open read lock ioctl }')
  define(`append_blk_file_perms',`{ getattr open append lock ioctl }')
  define(`write_blk_file_perms',`{ getattr open write append lock ioctl }')
@@ -37248,7 +37395,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
  define(`create_blk_file_perms',`{ getattr create }')
  define(`rename_blk_file_perms',`{ getattr rename }')
  define(`delete_blk_file_perms',`{ getattr unlink }')
-@@ -288,7 +292,8 @@
+@@ -288,7 +293,8 @@
  define(`read_chr_file_perms',`{ getattr open read lock ioctl }')
  define(`append_chr_file_perms',`{ getattr open append lock ioctl }')
  define(`write_chr_file_perms',`{ getattr open write append lock ioctl }')
@@ -37258,7 +37405,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
  define(`create_chr_file_perms',`{ getattr create }')
  define(`rename_chr_file_perms',`{ getattr rename }')
  define(`delete_chr_file_perms',`{ getattr unlink }')
-@@ -305,7 +310,8 @@
+@@ -305,7 +311,8 @@
  #
  # Use (read and write) terminals
  #
@@ -37268,7 +37415,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
  
  #
  # Sockets
-@@ -317,3 +323,14 @@
+@@ -317,3 +324,14 @@
  # Keys
  #
  define(`manage_key_perms', `{ create link read search setattr view write } ')