diff --git a/modules-minimum.conf b/modules-minimum.conf
index c669727..4e489a2 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -1700,6 +1700,13 @@ vhostmd = module
 # 
 wine = module
 
+# Layer: apps
+# Module: telepathy_sofiasip
+#
+# telepathy-sofiasip -  Telepathy connection manager for SIP
+# 
+telepathysofiasip = module
+
 # Layer: admin
 # Module: tzdata
 #
diff --git a/modules-mls.conf b/modules-mls.conf
index 5b37bad..914cb73 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1503,7 +1503,6 @@ sudo = base
 # 
 sysnetwork = base
 
-
 # Layer: services
 # Module: sysstat
 #
@@ -1793,6 +1792,13 @@ portreserve = module
 rpcbind = module
 
 # Layer: apps
+# Module: telepathy_sofiasip
+#
+# telepathy-sofiasip -  Telepathy connection manager for SIP
+# 
+telepathysofiasip = module
+
+# Layer: apps
 # Module: vmware
 #
 # VMWare Workstation virtual machines
diff --git a/modules-targeted.conf b/modules-targeted.conf
index c669727..4e489a2 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1700,6 +1700,13 @@ vhostmd = module
 # 
 wine = module
 
+# Layer: apps
+# Module: telepathy_sofiasip
+#
+# telepathy-sofiasip -  Telepathy connection manager for SIP
+# 
+telepathysofiasip = module
+
 # Layer: admin
 # Module: tzdata
 #
diff --git a/policy-F13.patch b/policy-F13.patch
index f66b7b1..8556e40 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -1607,13 +1607,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  		java_domtrans_unconfined(rpm_script_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.18/policy/modules/admin/shorewall.te
 --- nsaserefpolicy/policy/modules/admin/shorewall.te	2010-03-08 14:49:44.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/admin/shorewall.te	2010-04-08 15:25:24.000000000 -0400
-@@ -87,7 +87,7 @@
++++ serefpolicy-3.7.18/policy/modules/admin/shorewall.te	2010-04-12 13:05:59.000000000 -0400
+@@ -87,7 +87,11 @@
  
  sysnet_domtrans_ifconfig(shorewall_t)
  
 -userdom_dontaudit_list_user_home_dirs(shorewall_t)
 +userdom_dontaudit_list_admin_dir(shorewall_t)
++
++optional_policy(`
++	hostname_exec(shorewall_t)
++')
  
  optional_policy(`
  	iptables_domtrans(shorewall_t)
@@ -2215,8 +2219,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.18/policy/modules/apps/chrome.te
 --- nsaserefpolicy/policy/modules/apps/chrome.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/apps/chrome.te	2010-04-08 15:25:24.000000000 -0400
-@@ -0,0 +1,85 @@
++++ serefpolicy-3.7.18/policy/modules/apps/chrome.te	2010-04-12 13:31:36.000000000 -0400
+@@ -0,0 +1,86 @@
 +policy_module(chrome,1.0.0)
 +
 +########################################
@@ -2266,6 +2270,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
 +dev_rwx_zero(chrome_sandbox_t)
 +
 +files_read_etc_files(chrome_sandbox_t)
++files_read_usr_files(chrome_sandbox_t)
 +
 +fs_dontaudit_getattr_all_fs(chrome_sandbox_t)
 +
@@ -3363,7 +3368,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.18/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/apps/gpg.te	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/apps/gpg.te	2010-04-11 08:33:43.000000000 -0400
 @@ -20,6 +20,7 @@
  typealias gpg_t alias { auditadm_gpg_t secadm_gpg_t };
  application_domain(gpg_t, gpg_exec_t)
@@ -3474,7 +3479,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  # rlimit: gpg-agent wants to prevent coredumps
  allow gpg_agent_t self:process setrlimit;
-@@ -202,10 +226,15 @@
+@@ -202,10 +226,16 @@
  manage_sock_files_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
  files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
  
@@ -3483,6 +3488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  # allow gpg to connect to the gpg agent
  stream_connect_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
  
++corecmd_read_bin_symlinks(gpg_agent_t)
  corecmd_search_bin(gpg_agent_t)
 +corecmd_exec_shell(gpg_agent_t)
 +
@@ -3490,7 +3496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  domain_use_interactive_fds(gpg_agent_t)
  
-@@ -237,31 +266,72 @@
+@@ -237,31 +267,72 @@
  	fs_manage_cifs_symlinks(gpg_agent_t)
  ')
  
@@ -3564,7 +3570,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  tunable_policy(`use_nfs_home_dirs',`
  	fs_read_nfs_files(gpg_pinentry_t)
  ')
-@@ -271,5 +341,24 @@
+@@ -271,5 +342,24 @@
  ')
  
  optional_policy(`
@@ -5904,8 +5910,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.18/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/apps/sandbox.te	2010-04-08 15:25:24.000000000 -0400
-@@ -0,0 +1,367 @@
++++ serefpolicy-3.7.18/policy/modules/apps/sandbox.te	2010-04-12 14:47:39.000000000 -0400
+@@ -0,0 +1,368 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
 +attribute sandbox_domain;
@@ -6027,6 +6033,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +
 +files_read_etc_files(sandbox_domain)
 +files_read_usr_files(sandbox_domain)
++files_dontaudit_search_all_dirs(sandbox_domain)
 +
 +miscfiles_read_localization(sandbox_domain)
 +
@@ -6463,6 +6470,134 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
  
  # getpwnam
  auth_use_nsswitch(locate_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc serefpolicy-3.7.18/policy/modules/apps/telepathysofiasip.fc
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.7.18/policy/modules/apps/telepathysofiasip.fc	2010-04-12 12:27:20.000000000 -0400
+@@ -0,0 +1,2 @@
++
++/usr/libexec/telepathy-sofiasip	--	gen_context(system_u:object_r:telepathysofiasip_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.if serefpolicy-3.7.18/policy/modules/apps/telepathysofiasip.if
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.if	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.7.18/policy/modules/apps/telepathysofiasip.if	2010-04-12 12:27:20.000000000 -0400
+@@ -0,0 +1,69 @@
++
++## <summary>policy for telepathy-sofiasip</summary>
++
++########################################
++## <summary>
++##	Execute a domain transition to run telepathy-sofiasip.
++## </summary>
++## <param name="domain">
++## <summary>
++##	Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`telepathysofiasip_domtrans',`
++	gen_require(`
++		type telepathysofiasip_t, telepathysofiasip_exec_t;
++	')
++
++	domtrans_pattern($1, telepathysofiasip_exec_t, telepathysofiasip_t)
++')
++
++########################################
++## <summary>
++##	Send and receive messages from
++##	telepathy-sofiasip over dbus.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`telepathysofiasip_dbus_chat',`
++	gen_require(`
++		type telepathysofiasip_t;
++		class dbus send_msg;
++	')
++
++	allow $1 telepathysofiasip_t:dbus send_msg;
++	allow telepathysofiasip_t $1:dbus send_msg;
++')
++
++#######################################
++## <summary>
++##  Role access for telepathy-sofiasip
++## 	that executes via dbus-session
++## </summary>
++## <param name="role">
++##  <summary>
++##  Role allowed access
++##  </summary>
++## </param>
++## <param name="domain">
++##  <summary>
++##  User domain for the role
++##  </summary>
++## </param>
++#
++interface(`telepathysofiasip_role',`
++    gen_require(`
++        type telepathysofiasip_t;
++		type telepathysofiasip_exec_t;
++    ')
++
++	dbus_session_domain(telepathysofiasip_t, telepathysofiasip_exec_t)
++	role $1 types telepathysofiasip_t;
++
++	telepathysofiasip_dbus_chat($2)
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.te serefpolicy-3.7.18/policy/modules/apps/telepathysofiasip.te
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.te	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.7.18/policy/modules/apps/telepathysofiasip.te	2010-04-12 12:27:20.000000000 -0400
+@@ -0,0 +1,45 @@
++
++policy_module(telepathysofiasip,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type telepathysofiasip_t;
++type telepathysofiasip_exec_t;
++application_domain(telepathysofiasip_t, telepathysofiasip_exec_t)
++
++permissive telepathysofiasip_t;
++
++########################################
++#
++# telepathy-sofiasip local policy
++#
++
++allow telepathysofiasip_t self:process signal;
++
++allow telepathysofiasip_t self:netlink_route_socket r_netlink_socket_perms;
++allow telepathysofiasip_t self:tcp_socket create_stream_socket_perms;
++allow telepathysofiasip_t self:udp_socket create_socket_perms;
++allow telepathysofiasip_t self:rawip_socket { create_socket_perms listen };
++
++kernel_request_load_module(telepathysofiasip_t)
++
++corenet_all_recvfrom_unlabeled(telepathysofiasip_t)
++corenet_all_recvfrom_netlabel(telepathysofiasip_t)
++corenet_tcp_sendrecv_generic_if(telepathysofiasip_t)
++corenet_udp_sendrecv_generic_if(telepathysofiasip_t)
++corenet_raw_sendrecv_generic_if(telepathysofiasip_t)
++corenet_tcp_sendrecv_generic_node(telepathysofiasip_t)
++corenet_udp_sendrecv_generic_node(telepathysofiasip_t)
++corenet_raw_sendrecv_generic_node(telepathysofiasip_t)
++corenet_tcp_sendrecv_all_ports(telepathysofiasip_t)
++corenet_udp_sendrecv_all_ports(telepathysofiasip_t)
++corenet_tcp_bind_generic_node(telepathysofiasip_t)
++corenet_udp_bind_generic_node(telepathysofiasip_t)
++corenet_raw_bind_generic_node(telepathysofiasip_t)
++
++dev_read_urand(telepathysofiasip_t)
++
++sysnet_read_config(telepathysofiasip_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.7.18/policy/modules/apps/userhelper.fc
 --- nsaserefpolicy/policy/modules/apps/userhelper.fc	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.7.18/policy/modules/apps/userhelper.fc	2010-04-08 15:25:24.000000000 -0400
@@ -6609,7 +6744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.18/policy/modules/apps/vmware.te
 --- nsaserefpolicy/policy/modules/apps/vmware.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/apps/vmware.te	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/apps/vmware.te	2010-04-11 08:28:03.000000000 -0400
 @@ -29,6 +29,10 @@
  type vmware_host_exec_t;
  init_daemon_domain(vmware_host_t, vmware_host_exec_t)
@@ -6634,6 +6769,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t
  
  manage_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
  manage_sock_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
+@@ -87,6 +97,8 @@
+ manage_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t)	
+ logging_log_filetrans(vmware_host_t, vmware_log_t, { file dir })
+ 
++can_exec(vmware_host_t, vmware_host_exec_t)
++
+ kernel_read_kernel_sysctls(vmware_host_t)
+ kernel_read_system_state(vmware_host_t)
+ 
+@@ -114,6 +126,7 @@
+ dev_read_sysfs(vmware_host_t)
+ dev_read_urand(vmware_host_t)
+ dev_rw_vmware(vmware_host_t)
++dev_rw_generic_chr_files(vmware_host_t)
+ 
+ domain_use_interactive_fds(vmware_host_t)
+ domain_dontaudit_read_all_domains_state(vmware_host_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.18/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2010-02-22 08:30:53.000000000 -0500
 +++ serefpolicy-3.7.18/policy/modules/apps/wine.if	2010-04-08 15:25:24.000000000 -0400
@@ -6762,7 +6914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.18/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2010-03-05 17:14:56.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/kernel/corecommands.fc	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/kernel/corecommands.fc	2010-04-13 09:57:32.000000000 -0400
 @@ -49,7 +49,8 @@
  /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -6797,7 +6949,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -331,3 +338,21 @@
+@@ -297,6 +304,7 @@
+ /usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/system-config-services/gui\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-services/serviceconf\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-services/system-config-services -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-soundcard/system-config-soundcard -- gen_context(system_u:object_r:bin_t,s0)
+@@ -331,3 +339,21 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -6821,7 +6981,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +/usr/lib(64)?/gimp/.*/plug-ins(/.*)?  gen_context(system_u:object_r:bin_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.18/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2010-03-05 17:14:56.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/kernel/corecommands.if	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/kernel/corecommands.if	2010-04-11 08:33:32.000000000 -0400
 @@ -931,6 +931,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -6840,7 +7000,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.18/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2010-04-05 14:44:26.000000000 -0400
-+++ serefpolicy-3.7.18/policy/modules/kernel/corenetwork.te.in	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/kernel/corenetwork.te.in	2010-04-13 11:37:10.000000000 -0400
 @@ -25,6 +25,7 @@
  #
  type tun_tap_device_t;
@@ -6890,7 +7050,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
  network_port(ftp_data, tcp,20,s0)
  network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -132,6 +139,7 @@
+@@ -111,6 +118,7 @@
+ network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
+ network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
+ network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
++
+ network_port(i18n_input, tcp,9010,s0)
+ network_port(imaze, tcp,5323,s0, udp,5323,s0)
+ network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
+@@ -132,6 +140,7 @@
  network_port(ktalkd, udp,517,s0, udp,518,s0)
  network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
  network_port(lmtp, tcp,24,s0, udp,24,s0)
@@ -6898,8 +7066,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
  network_port(mail, tcp,2000,s0, tcp,3905,s0)
  network_port(memcache, tcp,11211,s0, udp,11211,s0)
-@@ -144,21 +152,30 @@
- portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
+@@ -140,25 +149,33 @@
+ network_port(msnp, tcp,1863,s0, udp,1863,s0)
+ network_port(mssql, tcp,1433,s0, tcp,1434,s0, udp,1433,s0, udp,1434,s0)
+ network_port(munin, tcp,4949,s0, udp,4949,s0)
+-network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
+-portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
++network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
  network_port(mysqlmanagerd, tcp,2273,s0)
  network_port(nessus, tcp,1241,s0)
 +network_port(netport, tcp,3129,s0, udp,3129,s0)
@@ -6949,15 +7122,50 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
  network_port(swat, tcp,901,s0)
  network_port(syslogd, udp,514,s0)
-@@ -202,7 +221,7 @@
+@@ -201,8 +220,8 @@
+ network_port(uucpd, tcp,540,s0)
  network_port(varnishd, tcp,6081,s0, tcp,6082,s0)
  network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
- network_port(virt_migration, tcp,49152-49216,s0)
+-network_port(virt_migration, tcp,49152-49216,s0)
 -network_port(vnc, tcp,5900,s0)
++network_port(virt_migration, tcp,49152-492169,s0)
 +network_port(vnc, tcp,5900-5999,s0)
  network_port(wccp, udp,2048,s0)
  network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 )
  network_port(xdmcp, udp,177,s0, tcp,177,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 serefpolicy-3.7.18/policy/modules/kernel/corenetwork.te.m4
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4	2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/kernel/corenetwork.te.m4	2010-04-13 11:25:25.000000000 -0400
+@@ -6,6 +6,16 @@
+ define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
+ 
+ #
++# range_start(num)
++#
++# return the low port in a range.
++#
++# range_start(600) returns "600"
++# range_start(1200-1600) returns "1200"
++#
++define(`range_start',`ifelse(`-1',index(`$1', `-'),$1,substr($1,0,index(`$1', `-')))')
++
++#
+ # build_option(option_name,true,[false])
+ #
+ # makes an ifdef.  hacky quoting changes because with
+@@ -68,10 +78,10 @@
+ ')
+ 
+ define(`declare_ports',`dnl
+-ifelse(eval($3 < 1024),1,`
++ifelse(eval(range_start($3) < 1024),1,`
+ typeattribute $1 reserved_port_type;
+ #bindresvport in glibc starts searching for reserved ports at 600
+-ifelse(eval($3 >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
++ifelse(eval(range_start($3) >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
+ ',`dnl')
+ portcon $2 $3 gen_context(system_u:object_r:$1,$4)
+ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.18/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2010-03-05 10:46:32.000000000 -0500
 +++ serefpolicy-3.7.18/policy/modules/kernel/devices.fc	2010-04-08 15:25:24.000000000 -0400
@@ -6971,7 +7179,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/usbscanner		-c	gen_context(system_u:object_r:scanner_device_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.18/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/kernel/devices.if	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/kernel/devices.if	2010-04-13 08:41:17.000000000 -0400
 @@ -934,6 +934,42 @@
  
  ########################################
@@ -7015,7 +7223,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  ##	Delete all block device files.
  ## </summary>
  ## <param name="domain">
-@@ -2597,6 +2633,7 @@
+@@ -2042,6 +2078,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Get the attributes of the lvm comtrol device.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dev_getattr_lvm_control',`
++	gen_require(`
++		type device_t, lvm_control_t;
++	')
++
++	getattr_chr_files_pattern($1, device_t, lvm_control_t)
++')
++
++########################################
++## <summary>
+ ##	Read the lvm comtrol device.
+ ## </summary>
+ ## <param name="domain">
+@@ -2597,6 +2651,7 @@
  		type mtrr_device_t;
  	')
  
@@ -7023,7 +7256,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  	dontaudit $1 mtrr_device_t:chr_file write;
  ')
  
-@@ -3440,6 +3477,24 @@
+@@ -3440,6 +3495,24 @@
  
  ########################################
  ## <summary>
@@ -7048,7 +7281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  ##	Get the attributes of sysfs directories.
  ## </summary>
  ## <param name="domain">
-@@ -3733,6 +3788,24 @@
+@@ -3733,6 +3806,24 @@
  
  ########################################
  ## <summary>
@@ -7395,7 +7628,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.18/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.18/policy/modules/kernel/files.fc	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/kernel/files.fc	2010-04-12 12:34:25.000000000 -0400
 @@ -18,6 +18,7 @@
  /fsckoptions 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /halt			--	gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -7477,9 +7710,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  /var/lib(/.*)?			gen_context(system_u:object_r:var_lib_t,s0)
  
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
+@@ -254,3 +268,5 @@
+ ifdef(`distro_debian',`
+ /var/run/motd		--	gen_context(system_u:object_r:etc_runtime_t,s0)
+ ')
++/nsr(/.*)?						gen_context(system_u:object_r:var_t,s0)
++/nsr/logs(/.*)?						gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.18/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2010-04-05 14:44:26.000000000 -0400
-+++ serefpolicy-3.7.18/policy/modules/kernel/files.if	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/kernel/files.if	2010-04-12 14:46:57.000000000 -0400
 @@ -1053,10 +1053,8 @@
  	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
  	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -9099,7 +9338,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
 +gen_user(guest_u, user, guest_r, s0, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.18/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2010-03-10 15:27:26.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/roles/staff.te	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/roles/staff.te	2010-04-12 12:27:20.000000000 -0400
 @@ -9,25 +9,52 @@
  role staff_r;
  
@@ -9200,15 +9439,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
  
  optional_policy(`
  	sudo_role_template(staff, staff_r, staff_t)
-@@ -145,6 +183,7 @@
- 	userdom_dontaudit_use_user_terminals(staff_t)
+@@ -146,6 +184,11 @@
  ')
  
-+ifndef(`distro_redhat',`
  optional_policy(`
++    telepathysofiasip_role(staff_r, staff_t)
++')
++
++ifndef(`distro_redhat',`
++optional_policy(`
  	thunderbird_role(staff_r, staff_t)
  ')
-@@ -169,6 +208,77 @@
+ 
+@@ -169,6 +212,77 @@
  	wireshark_role(staff_r, staff_t)
  ')
  
@@ -13942,7 +14185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +fs_mount_cgroup(cgconfigparser_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.18/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/services/clamav.te	2010-04-08 15:25:23.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/services/clamav.te	2010-04-12 13:24:57.000000000 -0400
 @@ -1,6 +1,13 @@
  
  policy_module(clamav, 1.7.1)
@@ -13965,7 +14208,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
  allow clamd_t self:fifo_file rw_fifo_file_perms;
  allow clamd_t self:unix_stream_socket { create_stream_socket_perms connectto };
  allow clamd_t self:unix_dgram_socket create_socket_perms;
-@@ -189,10 +197,14 @@
+@@ -177,6 +185,7 @@
+ corenet_tcp_sendrecv_all_ports(freshclam_t)
+ corenet_tcp_sendrecv_clamd_port(freshclam_t)
+ corenet_tcp_connect_http_port(freshclam_t)
++corenet_tcp_connect_clamd_port(freshclam_t)
+ corenet_sendrecv_http_client_packets(freshclam_t)
+ 
+ dev_read_rand(freshclam_t)
+@@ -189,10 +198,14 @@
  
  auth_use_nsswitch(freshclam_t)
  
@@ -13980,7 +14231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
  optional_policy(`
  	cron_system_entry(freshclam_t, freshclam_exec_t)
  ')
-@@ -246,6 +258,12 @@
+@@ -246,6 +259,12 @@
  
  mta_send_mail(clamscan_t)
  
@@ -17960,8 +18211,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.7.18/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.18/policy/modules/services/milter.if	2010-04-08 15:25:24.000000000 -0400
-@@ -82,6 +82,24 @@
++++ serefpolicy-3.7.18/policy/modules/services/milter.if	2010-04-12 07:47:34.000000000 -0400
+@@ -37,6 +37,8 @@
+ 
+ 	files_read_etc_files($1_milter_t)
+ 
++	kernel_dontaudit_read_system_state($1_milter_t)
++
+ 	miscfiles_read_localization($1_milter_t)
+ 
+ 	logging_send_syslog_msg($1_milter_t)
+@@ -82,6 +84,24 @@
  
  ########################################
  ## <summary>
@@ -17986,6 +18246,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
  ##	Manage spamassassin milter state
  ## </summary>
  ## <param name="domain">
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.7.18/policy/modules/services/milter.te
+--- nsaserefpolicy/policy/modules/services/milter.te	2009-12-18 11:38:25.000000000 -0500
++++ serefpolicy-3.7.18/policy/modules/services/milter.te	2010-04-12 07:47:34.000000000 -0400
+@@ -81,13 +81,11 @@
+ allow spamass_milter_t spamass_milter_state_t:dir search_dir_perms;
+ files_search_var_lib(spamass_milter_t)
+ 
+-kernel_read_system_state(spamass_milter_t)
+-
+ # When used with -b or -B options, the milter invokes sendmail to send mail
+-# to a spamtrap address, using popen()
+-corecmd_exec_shell(spamass_milter_t)
++# to a spamtrap address, and with the -x option, it invokes sendmail to do
++# alias expansion. Since the sendmail binary is managed using alternatives,
++# it's a symlink that we need to be able to read.
+ corecmd_read_bin_symlinks(spamass_milter_t)
+-corecmd_search_bin(spamass_milter_t)
+ 
+ mta_send_mail(spamass_milter_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.18/policy/modules/services/modemmanager.te
 --- nsaserefpolicy/policy/modules/services/modemmanager.te	2009-12-18 11:38:25.000000000 -0500
 +++ serefpolicy-3.7.18/policy/modules/services/modemmanager.te	2010-04-08 15:25:24.000000000 -0400
@@ -18388,7 +18668,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  ##	All of the rules required to administrate 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.18/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.18/policy/modules/services/munin.te	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/services/munin.te	2010-04-12 13:32:55.000000000 -0400
 @@ -28,12 +28,26 @@
  type munin_var_run_t alias lrrd_var_run_t;
  files_pid_file(munin_var_run_t)
@@ -18449,7 +18729,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  ')
  
  optional_policy(`
-@@ -164,3 +185,146 @@
+@@ -164,3 +185,147 @@
  optional_policy(`
  	udev_read_db(munin_t)
  ')
@@ -18472,6 +18752,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +
 +fs_getattr_all_fs(munin_disk_plugin_t)
 +
++dev_getattr_lvm_control(munin_disk_plugin_t)
 +dev_read_sysfs(munin_disk_plugin_t)
 +dev_read_urand(munin_disk_plugin_t)
 +
@@ -28780,7 +29061,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.18/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2010-03-23 11:19:40.000000000 -0400
-+++ serefpolicy-3.7.18/policy/modules/system/libraries.fc	2010-04-08 15:25:24.000000000 -0400
++++ serefpolicy-3.7.18/policy/modules/system/libraries.fc	2010-04-12 12:35:07.000000000 -0400
 @@ -208,6 +208,7 @@
  
  /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28805,7 +29086,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  ') dnl end distro_redhat
  
  #
-@@ -319,14 +315,144 @@
+@@ -319,14 +315,146 @@
  /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
  
@@ -28952,6 +29233,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +
 +/usr/lib(64)?/libGTL.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
++/usr/lib/nsr/(.*/)?.*\.so		-- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/opt/lgtonmc/bin/.*\.so(\.[0-9])?  	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.18/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2010-03-23 10:55:15.000000000 -0400
 +++ serefpolicy-3.7.18/policy/modules/system/libraries.te	2010-04-08 15:25:24.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f4b9910..1198303 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.18
-Release: 1%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,12 @@ exit 0
 %endif
 
 %changelog
+* Tue Apr 13 2010 Dan Walsh <dwalsh@redhat.com> 3.7.18-3
+- Fix reserved port desination
+
+* Mon Apr 12 2010 Dan Walsh <dwalsh@redhat.com> 3.7.18-2
+- Add telepathysofiasip policy
+
 * Mon Apr 5 2010 Dan Walsh <dwalsh@redhat.com> 3.7.18-1
 - Update to upstream
 - Fix label for  /opt/google/chrome/chrome-sandbox