diff --git a/policy-20100106.patch b/policy-20100106.patch
index 291f641..8e27314 100644
--- a/policy-20100106.patch
+++ b/policy-20100106.patch
@@ -166,7 +166,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.6.32/policy/modules/apps/sandbox.if
 --- nsaserefpolicy/policy/modules/apps/sandbox.if	2010-01-18 18:24:22.648539903 +0100
-+++ serefpolicy-3.6.32/policy/modules/apps/sandbox.if	2010-01-18 18:27:02.742545576 +0100
++++ serefpolicy-3.6.32/policy/modules/apps/sandbox.if	2010-01-22 15:41:50.752727640 +0100
 @@ -45,9 +45,10 @@
  	allow sandbox_x_domain $1:process { sigchld signal };
  	allow sandbox_x_domain sandbox_x_domain:process signal;
@@ -191,7 +191,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	type $1_t, sandbox_x_domain;
-@@ -163,10 +165,6 @@
+@@ -122,7 +124,7 @@
+ 	manage_sock_files_pattern($1_t, $1_file_t, $1_file_t)
+ 
+ 	# window manager
+-	miscfiles_setattr_fonts_dirs($1_t)
++	miscfiles_setattr_fonts_cache_dirs($1_t)
+ 	allow $1_t self:capability setuid;
+ 
+ 	type $1_client_t, sandbox_x_domain;
+@@ -156,6 +158,8 @@
+ 	ps_process_pattern(sandbox_xserver_t, $1_t)
+ 	allow sandbox_xserver_t $1_client_t:shm rw_shm_perms;
+ 	allow sandbox_xserver_t $1_t:shm rw_shm_perms;
++	allow $1_client_t $1_t:unix_stream_socket connectto;
++	allow $1_t $1_client_t:unix_stream_socket connectto;
+ 
+ 	can_exec($1_client_t, $1_file_t)
+ 	manage_dirs_pattern($1_client_t, $1_file_t, $1_file_t)
+@@ -163,10 +167,6 @@
  	manage_lnk_files_pattern($1_client_t, $1_file_t, $1_file_t)
  	manage_fifo_files_pattern($1_client_t, $1_file_t, $1_file_t)
  	manage_sock_files_pattern($1_client_t, $1_file_t, $1_file_t)
@@ -202,7 +220,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -187,3 +185,39 @@
+@@ -187,3 +187,39 @@
  
  	allow $1 sandbox_xserver_tmpfs_t:file rw_file_perms;
  ')
@@ -244,7 +262,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.32/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	2010-01-18 18:24:22.649539960 +0100
-+++ serefpolicy-3.6.32/policy/modules/apps/sandbox.te	2010-01-18 18:27:02.743530757 +0100
++++ serefpolicy-3.6.32/policy/modules/apps/sandbox.te	2010-01-22 15:41:56.778871235 +0100
 @@ -10,14 +10,15 @@
  #
  
@@ -282,7 +300,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  gen_require(`
  	type usr_t, lib_t, locale_t;
-@@ -161,7 +158,7 @@
+@@ -132,7 +129,7 @@
+ allow sandbox_x_domain self:process { signal_perms getsched setpgid execstack execmem };
+ allow sandbox_x_domain self:shm create_shm_perms;
+ allow sandbox_x_domain self:unix_stream_socket { connectto create_stream_socket_perms };
+-allow sandbox_x_domain self:unix_dgram_socket create_socket_perms;
++allow sandbox_x_domain self:unix_dgram_socket { sendto create_socket_perms };
+ allow sandbox_x_domain sandbox_xserver_t:unix_stream_socket connectto;
+ dontaudit sandbox_x_domain self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
+ 
+@@ -161,14 +158,14 @@
  
  auth_dontaudit_read_login_records(sandbox_x_domain)
  auth_dontaudit_write_login_records(sandbox_x_domain)
@@ -291,7 +318,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_search_pam_console_data(sandbox_x_domain)
  
  init_read_utmp(sandbox_x_domain)
-@@ -179,12 +176,20 @@
+ init_dontaudit_write_utmp(sandbox_x_domain)
+ 
+ miscfiles_read_localization(sandbox_x_domain)
+-miscfiles_dontaudit_setattr_fonts_dirs(sandbox_x_domain)
++miscfiles_dontaudit_setattr_fonts_cache_dirs(sandbox_x_domain)
+ 
+ term_getattr_pty_fs(sandbox_x_domain)
+ term_use_ptmx(sandbox_x_domain)
+@@ -179,12 +176,24 @@
  miscfiles_read_fonts(sandbox_x_domain)
  
  optional_policy(`
@@ -300,6 +335,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
++	dbus_system_bus_client(sandbox_x_domain)
++')
++
++optional_policy(`
  	gnome_read_gconf_config(sandbox_x_domain)
  ')
  
@@ -314,16 +353,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  userdom_dontaudit_use_user_terminals(sandbox_x_domain)
-@@ -207,7 +212,7 @@
+@@ -207,10 +216,8 @@
  
  corenet_tcp_connect_ipp_port(sandbox_x_client_t)
  
 -#auth_use_nsswitch(sandbox_x_client_t)
 +auth_use_nsswitch(sandbox_x_client_t)
  
- dbus_system_bus_client(sandbox_x_client_t)
- dbus_read_config(sandbox_x_client_t)
-@@ -267,7 +272,7 @@
+-dbus_system_bus_client(sandbox_x_client_t)
+-dbus_read_config(sandbox_x_client_t)
+ selinux_get_fs_mount(sandbox_x_client_t)
+ selinux_validate_context(sandbox_x_client_t)
+ selinux_compute_access_vector(sandbox_x_client_t)
+@@ -267,7 +274,7 @@
  corenet_dontaudit_tcp_bind_generic_port(sandbox_web_client_t)
  corenet_tcp_connect_speech_port(sandbox_web_client_t)
  
@@ -332,7 +374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dbus_system_bus_client(sandbox_web_client_t)
  dbus_read_config(sandbox_web_client_t)
-@@ -310,7 +315,7 @@
+@@ -310,7 +317,7 @@
  corenet_tcp_connect_all_ports(sandbox_net_client_t)
  corenet_sendrecv_all_client_packets(sandbox_net_client_t)
  
@@ -533,7 +575,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # AFS bossserver local policy
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.32/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2010-01-18 18:24:22.736530563 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/apache.if	2010-01-18 18:27:02.756530665 +0100
++++ serefpolicy-3.6.32/policy/modules/services/apache.if	2010-01-22 17:15:37.455855038 +0100
 @@ -16,6 +16,7 @@
  		attribute httpd_exec_scripts;
  		attribute httpd_script_exec_type;
@@ -551,6 +593,36 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	tunable_policy(`httpd_enable_cgi',`
+@@ -1167,6 +1170,29 @@
+ 	allow $1 httpd_bugzilla_content_t:dir search_dir_perms;
+ ')
+ 
++#######################################
++## <summary>
++## dontaudit read and write an leaked file descriptors
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`apache_dontaudit_leaks',`
++	gen_require(`
++		type httpd_t;
++	')
++
++	dontaudit $1 httpd_t:fifo_file rw_inherited_fifo_file_perms;
++	dontaudit $1 httpd_t:tcp_socket { read write };
++	dontaudit $1 httpd_t:unix_dgram_socket { read write };
++	dontaudit $1 httpd_t:unix_stream_socket { read write };
++')
++
++
++
+ ########################################
+ ## <summary>
+ ##	Do not audit attempts to read and write Apache
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.32/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2010-01-18 18:24:22.739530246 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/apache.te	2010-01-18 18:30:54.720781297 +0100
@@ -828,17 +900,59 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')   
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.6.32/policy/modules/services/git.fc
 --- nsaserefpolicy/policy/modules/services/git.fc	2010-01-18 18:24:22.788540040 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/git.fc	2010-01-21 18:32:44.930612521 +0100
-@@ -1,5 +1,6 @@
++++ serefpolicy-3.6.32/policy/modules/services/git.fc	2010-01-22 12:32:18.191604638 +0100
+@@ -1,6 +1,9 @@
  /var/cache/cgit(/.*)?		gen_context(system_u:object_r:httpd_git_script_rw_t,s0)
  /var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
-+/var/www/git/gitweb\.cgi --	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)   
  
++/var/www/git(/.*)?			gen_context(system_u:object_r:httpd_git_content_t,s0)
++/var/www/git/gitweb\.cgi --	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)   
++
  /srv/git(/.*)?					gen_context(system_u:object_r:git_data_t, s0)
  
+ /usr/libexec/git-core/git-daemon	--	gen_context(system_u:object_r:gitd_exec_t, s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.6.32/policy/modules/services/git.if
+--- nsaserefpolicy/policy/modules/services/git.if	2010-01-18 18:24:22.789540167 +0100
++++ serefpolicy-3.6.32/policy/modules/services/git.if	2010-01-22 12:30:50.923622237 +0100
+@@ -104,7 +104,7 @@
+ 	')
+ 
+ 	exec_files_pattern($1, git_data_t, git_data_t)
+-	files_search_var($1)
++	files_search_var_lib($1)
+ ')
+ 
+ ########################################
+@@ -126,7 +126,7 @@
+ 
+ 	manage_dirs_pattern($1, git_data_t, git_data_t)
+ 	manage_files_pattern($1, git_data_t, git_data_t)
+-	files_search_var($1)
++	files_search_var_lib($1)
+ ')
+ 
+ ########################################
+@@ -192,7 +192,7 @@
+ 
+ 	list_dirs_pattern($1, git_data_t, git_data_t)
+ 	read_files_pattern($1, git_data_t, git_data_t)
+-	files_search_var($1)
++	files_search_var_lib($1)
+ ')
+ 
+ ########################################
+@@ -214,7 +214,7 @@
+ 
+ 	relabel_dirs_pattern($1, git_data_t, git_data_t)
+ 	relabel_files_pattern($1, git_data_t, git_data_t)
+-	files_search_var($1)
++	files_search_var_lib($1)
+ ')
+ 
+ ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.6.32/policy/modules/services/git.te
 --- nsaserefpolicy/policy/modules/services/git.te	2010-01-18 18:24:22.790540016 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/git.te	2010-01-18 18:27:02.764531054 +0100
++++ serefpolicy-3.6.32/policy/modules/services/git.te	2010-01-22 12:32:35.787604988 +0100
 @@ -73,7 +73,7 @@
  #
  
@@ -848,17 +962,36 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow gitd_type self:udp_socket create_socket_perms;
  allow gitd_type self:unix_dgram_socket create_socket_perms;
  
+@@ -171,3 +171,6 @@
+ 
+ apache_content_template(git)
+ git_read_data_content(httpd_git_script_t)
++
++files_dontaudit_getattr_tmp_dirs(httpd_git_script_t) 
++
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.32/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2010-01-18 18:24:22.799531033 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/kerberos.if	2010-01-19 17:08:35.663632666 +0100
-@@ -86,6 +86,7 @@
++++ serefpolicy-3.6.32/policy/modules/services/kerberos.if	2010-01-22 17:08:10.300604739 +0100
+@@ -85,7 +85,7 @@
+ 	seutil_dontaudit_read_file_contexts($1)
  
  	optional_policy(`
- 		sssd_read_config_files($1)
+-		sssd_read_config_files($1)
 +		sssd_read_public_files($1)
  	')
  
  	tunable_policy(`allow_kerberos',`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.32/policy/modules/services/mailman.te
+--- nsaserefpolicy/policy/modules/services/mailman.te	2010-01-18 18:24:22.808530642 +0100
++++ serefpolicy-3.6.32/policy/modules/services/mailman.te	2010-01-22 17:16:41.576604913 +0100
+@@ -55,6 +55,7 @@
+ 	apache_search_sys_script_state(mailman_cgi_t)
+ 	apache_read_config(mailman_cgi_t)
+ 	apache_dontaudit_rw_stream_sockets(mailman_cgi_t)
++	apache_dontaudit_leaks(mailman_cgi_t)
+ ')
+ 
+ ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.6.32/policy/modules/services/memcached.te
 --- nsaserefpolicy/policy/modules/services/memcached.te	2010-01-18 18:24:22.809536705 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/memcached.te	2010-01-19 11:45:44.999857263 +0100
@@ -971,7 +1104,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.32/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2010-01-18 18:24:22.823530245 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/nagios.te	2010-01-18 18:27:02.766531099 +0100
++++ serefpolicy-3.6.32/policy/modules/services/nagios.te	2010-01-22 16:03:19.932604694 +0100
 @@ -118,6 +118,9 @@
  corenet_udp_sendrecv_all_ports(nagios_t)
  corenet_tcp_connect_all_ports(nagios_t)
@@ -982,6 +1115,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_sysfs(nagios_t)
  dev_read_urand(nagios_t)
  
+@@ -315,6 +318,10 @@
+ 	mysql_stream_connect(nagios_services_plugin_t)
+ ')
+ 
++optional_policy(`
++    snmp_read_snmp_var_lib_files(nagios_services_plugin_t)
++')
++
+ ######################################
+ #
+ # local policy for system check plugins 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.32/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2010-01-18 18:24:22.843530414 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/openvpn.te	2010-01-18 18:27:02.767531435 +0100
@@ -993,6 +1137,57 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_connect_openvpn_port(openvpn_t)
  corenet_tcp_connect_http_port(openvpn_t)
  corenet_tcp_connect_http_cache_port(openvpn_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.te serefpolicy-3.6.32/policy/modules/services/plymouth.te
+--- nsaserefpolicy/policy/modules/services/plymouth.te	2010-01-18 18:24:22.847540282 +0100
++++ serefpolicy-3.6.32/policy/modules/services/plymouth.te	2010-01-22 16:16:19.936882341 +0100
+@@ -41,6 +41,19 @@
+ allow plymouthd_t self:fifo_file rw_fifo_file_perms;
+ allow plymouthd_t self:unix_stream_socket create_stream_socket_perms;
+ 
++manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t,  plymouthd_var_run_t)
++manage_files_pattern(plymouthd_t, plymouthd_var_run_t,  plymouthd_var_run_t)
++files_pid_filetrans(plymouthd_t,plymouthd_var_run_t, { file dir })
++
++manage_dirs_pattern(plymouthd_t, plymouthd_var_lib_t,  plymouthd_var_lib_t)
++manage_files_pattern(plymouthd_t, plymouthd_var_lib_t,  plymouthd_var_lib_t)
++files_var_lib_filetrans(plymouthd_t, plymouthd_var_lib_t, { file dir })
++
++manage_dirs_pattern(plymouthd_t, plymouthd_spool_t,  plymouthd_spool_t)
++manage_files_pattern(plymouthd_t, plymouthd_spool_t,  plymouthd_spool_t)
++manage_sock_files_pattern(plymouthd_t, plymouthd_spool_t,  plymouthd_spool_t)
++files_spool_filetrans(plymouthd_t,plymouthd_spool_t, { file dir sock_file })
++
+ kernel_read_system_state(plymouthd_t)
+ kernel_request_load_module(plymouthd_t)
+ kernel_change_ring_buffer_level(plymouthd_t)
+@@ -58,18 +71,6 @@
+ miscfiles_read_localization(plymouthd_t)
+ miscfiles_read_fonts(plymouthd_t)
+ 
+-manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t,  plymouthd_var_run_t)
+-manage_files_pattern(plymouthd_t, plymouthd_var_run_t,  plymouthd_var_run_t)
+-files_pid_filetrans(plymouthd_t,plymouthd_var_run_t, { file dir })
+-
+-manage_dirs_pattern(plymouthd_t, plymouthd_var_lib_t,  plymouthd_var_lib_t)
+-manage_files_pattern(plymouthd_t, plymouthd_var_lib_t,  plymouthd_var_lib_t)
+-files_var_lib_filetrans(plymouthd_t, plymouthd_var_lib_t, { file dir })
+-
+-manage_dirs_pattern(plymouthd_t, plymouthd_spool_t,  plymouthd_spool_t)
+-manage_files_pattern(plymouthd_t, plymouthd_spool_t,  plymouthd_spool_t)
+-manage_sock_files_pattern(plymouthd_t, plymouthd_spool_t,  plymouthd_spool_t)
+-files_spool_filetrans(plymouthd_t,plymouthd_spool_t, { file dir sock_file })
+ 
+ ########################################
+ #
+@@ -82,6 +83,8 @@
+ 
+ kernel_stream_connect(plymouth_t)
+ 
++term_use_ptmx(plymouth_t)   
++
+ domain_use_interactive_fds(plymouth_t)
+ 
+ files_read_etc_files(plymouth_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.32/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2010-01-18 18:24:22.855540671 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/postfix.te	2010-01-18 18:27:02.768530934 +0100
@@ -1656,7 +1851,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  domain_read_all_domains_state(iscsid_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.32/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2010-01-18 18:24:22.945540594 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/libraries.fc	2010-01-19 12:16:16.415620342 +0100
++++ serefpolicy-3.6.32/policy/modules/system/libraries.fc	2010-01-22 12:18:15.477855412 +0100
 @@ -245,6 +245,7 @@
  # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
  /usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -1665,7 +1860,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  HOME_DIR/.*/plugins/nppdf\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -433,8 +434,14 @@
+@@ -433,8 +434,15 @@
  /usr/lib(64)?/octagaplayer/libapplication\.so		     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  /opt/AutoScan/usr/lib/libvte\.so.*			     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -1678,8 +1873,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/libGLcore\.so.*	     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
 +/usr/lib(64)?/libkmplayercommon\.so.*      --   gen_context(system_u:object_r:textrel_shlib_t,s0)  
++/usr/lib(64)?/vdpau/libvdpau_nvidia\.so.*  --	gen_context(system_u:object_r:textrel_shlib_t,s0)	
 +
-+/usr/local/MATHWORKS_R2009B/bin/glnxa64/libtbb.so.*	--   gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/local/MATHWORKS_R2009B/bin/glnxa(64)?/libtbb\.so.*	--   gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.32/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2010-01-18 18:24:22.948530849 +0100
 +++ serefpolicy-3.6.32/policy/modules/system/locallogin.te	2010-01-21 14:31:52.834862007 +0100
@@ -1704,8 +1900,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ',`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.32/policy/modules/system/miscfiles.if
 --- nsaserefpolicy/policy/modules/system/miscfiles.if	2010-01-18 18:24:22.955540050 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/miscfiles.if	2010-01-18 18:27:02.787531116 +0100
-@@ -618,3 +618,22 @@
++++ serefpolicy-3.6.32/policy/modules/system/miscfiles.if	2010-01-22 16:24:01.851857861 +0100
+@@ -618,3 +618,40 @@
  	manage_lnk_files_pattern($1, locale_t, locale_t)
  ')
  
@@ -1727,7 +1923,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +    allow $1 fonts_cache_t:dir setattr;    
 +')
-+     
++
++#######################################
++## <summary>
++##  Dontaudit attempts to set the attributes on a fonts cache directory.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++## <rolecap/>
++#
++interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
++    gen_require(`
++        type fonts_cache_t;
++    ')
++
++    allow $1 fonts_cache_t:dir setattr;
++')   
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.32/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2010-01-18 18:24:22.961540534 +0100
 +++ serefpolicy-3.6.32/policy/modules/system/mount.te	2010-01-18 18:27:02.788530824 +0100
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 9bdd6b6..53d21e4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.32
-Release: 75%{?dist}
+Release: 76%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -456,6 +456,12 @@ exit 0
 %endif
 
 %changelog
+* Fri Jan 22 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.32-76
+- Add labeling for gitweb
+- Allow plymouth to read and write the /dev/ptmx
+- Fixes for sanbox 
+- Allow nagios_services_plugin_t to read snmpd libraries
+
 * Thu Jan 21 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.32-75
 - Allow sulogin to talk to console and tty_device_t