diff --git a/policy-20071130.patch b/policy-20071130.patch
index 8936673..d6723bf 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -3102,7 +3102,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-07-28 08:40:30.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-07-31 07:05:47.000000000 -0400
 @@ -26,8 +26,12 @@
  files_read_etc_files(tmpreaper_t)
  files_read_var_lib_files(tmpreaper_t)
@@ -3116,7 +3116,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
  
  mls_file_read_all_levels(tmpreaper_t)
  mls_file_write_all_levels(tmpreaper_t)
-@@ -42,6 +46,26 @@
+@@ -42,6 +46,29 @@
  
  cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
  
@@ -3127,6 +3127,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
 +files_manage_isid_type_dirs(tmpreaper_t)
 +files_delete_isid_type_files(tmpreaper_t)
 +
++files_delete_usr_dirs(tmpreaper_t)
++files_delete_usr_files(tmpreaper_t)
++
 +optional_policy(`
 +	amavis_manage_spool_files(tmpreaper_t)
 +')
@@ -8189,7 +8192,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  # /emul
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2008-07-28 08:38:24.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2008-07-31 07:05:40.000000000 -0400
 @@ -110,6 +110,11 @@
  ## </param>
  #
@@ -8378,7 +8381,55 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -3510,6 +3620,24 @@
+@@ -3492,6 +3602,47 @@
+ 
+ ########################################
+ ## <summary>
++##	Delete generic directories in /usr in the caller domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`files_delete_usr_dirs',`
++	gen_require(`
++		type usr_t;
++	')
++
++	delete_dirs_pattern($1, usr_t, usr_t)
++')
++
++########################################
++## <summary>
++##	Delete generic files in /usr in the caller domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`files_delete_usr_files',`
++	gen_require(`
++		type usr_t;
++	')
++
++	delete_files_pattern($1, usr_t, usr_t)
++	delete_lnk_files_pattern($1, usr_t, usr_t)
++	delete_fifo_files_pattern($1, usr_t, usr_t)
++	delete_sock_files_pattern($1, usr_t, usr_t)
++	delete_blk_files_pattern($1, usr_t, usr_t)
++	delete_chr_files_pattern($1, usr_t, usr_t)
++')
++
++########################################
++## <summary>
+ ##	Create, read, write, and delete files in the /usr directory.
+ ## </summary>
+ ## <param name="domain">
+@@ -3510,6 +3661,24 @@
  
  ########################################
  ## <summary>
@@ -8403,7 +8454,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Relabel a file to the type used in /usr.
  ## </summary>
  ## <param name="domain">
-@@ -4712,12 +4840,14 @@
+@@ -4712,12 +4881,14 @@
  	allow $1 poly_t:dir { create mounton };
  	fs_unmount_xattr_fs($1)
  
@@ -8419,7 +8470,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  	')
  ')
  
-@@ -4756,3 +4886,53 @@
+@@ -4756,3 +4927,53 @@
  
  	allow $1 { file_type -security_file_type }:dir manage_dir_perms;
  ')
@@ -12002,18 +12053,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.3.1/policy/modules/services/clamav.fc
 --- nsaserefpolicy/policy/modules/services/clamav.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.fc	2008-07-15 14:02:52.000000000 -0400
-@@ -5,16 +5,20 @@
++++ serefpolicy-3.3.1/policy/modules/services/clamav.fc	2008-07-30 15:20:35.000000000 -0400
+@@ -5,16 +5,18 @@
  /usr/bin/freshclam		--	gen_context(system_u:object_r:freshclam_exec_t,s0)
  
  /usr/sbin/clamd			--	gen_context(system_u:object_r:clamd_exec_t,s0)
 +/usr/sbin/clamav-milter		--	gen_context(system_u:object_r:clamd_exec_t,s0)
  
  /var/run/amavis(d)?/clamd\.pid	--	gen_context(system_u:object_r:clamd_var_run_t,s0)
- /var/run/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_run_t,s0)
- /var/run/clamd\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
- /var/run/clamav\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
-+/var/run/clamav-milter(/.*)?		gen_context(system_u:object_r:clamd_var_run_t,s0)
+-/var/run/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_run_t,s0)
+-/var/run/clamd\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
+-/var/run/clamav\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
++/var/run/clamd.*			gen_context(system_u:object_r:clamd_var_run_t,s0)
++/var/run/clamav.*			gen_context(system_u:object_r:clamd_var_run_t,s0)
  
  /var/lib/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_lib_t,s0)
  
@@ -13173,7 +13225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 -') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.3.1/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/cups.fc	2008-07-29 15:03:03.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cups.fc	2008-07-30 11:32:46.000000000 -0400
 @@ -8,24 +8,28 @@
  /etc/cups/ppd/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -13217,12 +13269,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  /var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /var/cache/foomatic(/.*)? 	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -50,3 +54,12 @@
+@@ -50,3 +54,13 @@
  /var/run/hp.*\.port	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
  /var/run/ptal-printd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
  /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
 +
 +/usr/local/Brother/inf(/.*)?	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
++/usr/local/Brother/[^/]*/inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +/usr/local/Printer/[^/]*/inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +
 +/etc/rc.d/init.d/cups	--	gen_context(system_u:object_r:cups_script_exec_t,s0)
@@ -15465,7 +15518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.3.1/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2008-07-30 16:18:10.000000000 -0400
 @@ -15,6 +15,15 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -18227,7 +18280,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-07-28 08:35:21.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-07-30 09:59:41.000000000 -0400
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -18237,7 +18290,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  attribute mta_user_agent;
  attribute mailserver_delivery;
  attribute mailserver_domain;
-@@ -27,6 +29,7 @@
+@@ -20,13 +22,14 @@
+ files_config_file(etc_mail_t)
+ 
+ type mqueue_spool_t;
+-files_type(mqueue_spool_t)
++files_mountpoint(mqueue_spool_t)
+ 
+ type mail_spool_t;
+-files_type(mail_spool_t)
++files_mountpoint(mail_spool_t)
  
  type sendmail_exec_t;
  application_executable_file(sendmail_exec_t)
@@ -22240,7 +22302,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.3.1/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2008-07-30 16:18:25.000000000 -0400
 @@ -14,6 +14,10 @@
  type procmail_tmp_t;
  files_tmp_file(procmail_tmp_t)
@@ -22274,7 +22336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
  
  files_read_etc_files(procmail_t)
  files_read_etc_runtime_files(procmail_t)
-@@ -102,6 +114,10 @@
+@@ -102,6 +114,15 @@
  ')
  
  optional_policy(`
@@ -22282,10 +22344,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +')
 +
 +optional_policy(`
++	dovecot_domtrans_deliver(procmail_t)
++')
++
++
++optional_policy(`
  	munin_dontaudit_search_lib(procmail_t)
  ')
  
-@@ -116,11 +132,13 @@
+@@ -116,11 +137,13 @@
  
  optional_policy(`
  	pyzor_domtrans(procmail_t)
@@ -22299,7 +22366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
  	sendmail_rw_tcp_sockets(procmail_t)
  	sendmail_rw_unix_stream_sockets(procmail_t)
  ')
-@@ -129,7 +147,11 @@
+@@ -129,7 +152,11 @@
  	corenet_udp_bind_generic_port(procmail_t)
  	corenet_dontaudit_udp_bind_all_ports(procmail_t)
  
@@ -31996,7 +32063,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
 +HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.3.1/policy/modules/system/miscfiles.if
 --- nsaserefpolicy/policy/modules/system/miscfiles.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if	2008-07-30 10:04:13.000000000 -0400
 @@ -489,3 +489,65 @@
  	manage_lnk_files_pattern($1,locale_t,locale_t)
  ')
@@ -34885,7 +34952,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-07-29 11:04:46.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-07-30 10:07:48.000000000 -0400
 @@ -29,9 +29,14 @@
  	')
  
@@ -34902,7 +34969,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	corecmd_shell_entry_type($1_t)
  	corecmd_bin_entry_type($1_t)
  	domain_user_exemption_target($1_t)
-@@ -45,66 +50,80 @@
+@@ -45,66 +50,82 @@
  	type $1_tty_device_t; 
  	term_user_tty($1_t,$1_tty_device_t)
  
@@ -35028,10 +35095,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +
 +	miscfiles_read_localization($1_usertype)
 +	miscfiles_read_certs($1_usertype)
++	miscfiles_read_public_files($1_usertype)
++	miscfiles_read_man_pages($1_usertype)
  
  	tunable_policy(`allow_execmem',`
  		# Allow loading DSOs that require executable stack.
-@@ -115,6 +134,10 @@
+@@ -115,6 +136,10 @@
  		# Allow making the stack executable via mprotect.
  		allow $1_t self:process execstack;
  	')
@@ -35042,7 +35111,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -141,33 +164,13 @@
+@@ -141,33 +166,13 @@
  #
  template(`userdom_ro_home_template',`
  	gen_require(`
@@ -35081,7 +35150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	##############################
  	#
-@@ -175,13 +178,14 @@
+@@ -175,13 +180,14 @@
  	#
  
  	# read-only home directory
@@ -35103,7 +35172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_list_home($1_t)
  
  	tunable_policy(`use_nfs_home_dirs',`
-@@ -190,9 +194,6 @@
+@@ -190,9 +196,6 @@
  		fs_read_nfs_symlinks($1_t)
  		fs_read_nfs_named_sockets($1_t)
  		fs_read_nfs_named_pipes($1_t)
@@ -35113,7 +35182,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	tunable_policy(`use_samba_home_dirs',`
-@@ -201,9 +202,6 @@
+@@ -201,9 +204,6 @@
  		fs_read_cifs_symlinks($1_t)
  		fs_read_cifs_named_sockets($1_t)
  		fs_read_cifs_named_pipes($1_t)
@@ -35123,7 +35192,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -231,30 +229,14 @@
+@@ -231,30 +231,14 @@
  #
  template(`userdom_manage_home_template',`
  	gen_require(`
@@ -35160,7 +35229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	##############################
  	#
-@@ -262,43 +244,44 @@
+@@ -262,43 +246,44 @@
  	#
  
  	# full control of the home directory
@@ -35235,7 +35304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -316,14 +299,20 @@
+@@ -316,14 +301,20 @@
  ## <rolebase/>
  #
  template(`userdom_exec_home_template',`
@@ -35261,7 +35330,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -341,11 +330,10 @@
+@@ -341,11 +332,10 @@
  ## <rolebase/>
  #
  template(`userdom_poly_home_template',`
@@ -35277,7 +35346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -369,18 +357,18 @@
+@@ -369,18 +359,18 @@
  #
  template(`userdom_manage_tmp_template',`
  	gen_require(`
@@ -35306,7 +35375,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -396,7 +384,13 @@
+@@ -396,7 +386,13 @@
  ## <rolebase/>
  #
  template(`userdom_exec_tmp_template',`
@@ -35321,7 +35390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -445,12 +439,12 @@
+@@ -445,12 +441,12 @@
  	type $1_tmpfs_t, $1_file_type;
  	files_tmpfs_file($1_tmpfs_t)
  
@@ -35340,7 +35409,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -510,10 +504,6 @@
+@@ -510,10 +506,6 @@
  ## <rolebase/>
  #
  template(`userdom_exec_generic_pgms_template',`
@@ -35351,17 +35420,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	corecmd_exec_bin($1_t)
  ')
  
-@@ -531,27 +521,20 @@
+@@ -531,27 +523,20 @@
  ## <rolebase/>
  #
  template(`userdom_basic_networking_template',`
 -	gen_require(`
 -		type $1_t;
 -	')
- 
+-
 -	allow $1_t self:tcp_socket create_stream_socket_perms;
 -	allow $1_t self:udp_socket create_socket_perms;
--
+ 
 -	corenet_all_recvfrom_unlabeled($1_t)
 -	corenet_all_recvfrom_netlabel($1_t)
 -	corenet_tcp_sendrecv_all_if($1_t)
@@ -35391,7 +35460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -568,30 +551,33 @@
+@@ -568,30 +553,33 @@
  #
  template(`userdom_xwindows_client_template',`
  	gen_require(`
@@ -35441,7 +35510,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -622,13 +608,7 @@
+@@ -622,13 +610,7 @@
  ## <summary>
  ##	The template for allowing the user to change roles.
  ## </summary>
@@ -35456,7 +35525,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	<summary>
  ##	The prefix of the user domain (e.g., user
  ##	is the prefix for user_t).
-@@ -692,187 +672,201 @@
+@@ -692,187 +674,201 @@
  	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
  	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
  
@@ -35610,36 +35679,36 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	optional_policy(`
 -		dbus_system_bus_client_template($1,$1_t)
 +		dbus_system_bus_client_template($1,$1_usertype)
++
++		optional_policy(`
++			avahi_dbus_chat($1_usertype)
++		')
  
  		optional_policy(`
 -			bluetooth_dbus_chat($1_t)
-+			avahi_dbus_chat($1_usertype)
++			bluetooth_dbus_chat($1_usertype)
  		')
  
  		optional_policy(`
 -			evolution_dbus_chat($1,$1_t)
 -			evolution_alarm_dbus_chat($1,$1_t)
-+			bluetooth_dbus_chat($1_usertype)
++			consolekit_dbus_chat($1_usertype)
++			consolekit_read_log($1_usertype)
  		')
  
  		optional_policy(`
 -			cups_dbus_chat_config($1_t)
-+			consolekit_dbus_chat($1_usertype)
-+			consolekit_read_log($1_usertype)
++			evolution_dbus_chat($1,$1_usertype)
++			evolution_alarm_dbus_chat($1,$1_usertype)
  		')
  
  		optional_policy(`
 -			hal_dbus_chat($1_t)
-+			evolution_dbus_chat($1,$1_usertype)
-+			evolution_alarm_dbus_chat($1,$1_usertype)
++			networkmanager_dbus_chat($1_usertype)
  		')
  
  		optional_policy(`
 -			networkmanager_dbus_chat($1_t)
-+			networkmanager_dbus_chat($1_usertype)
-+		')
-+
-+		optional_policy(`
 +			vpnc_dbus_chat($1_usertype)
 +		')
 +		optional_policy(`
@@ -35742,7 +35811,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -895,6 +889,8 @@
+@@ -895,6 +891,8 @@
  ## </param>
  #
  template(`userdom_login_user_template', `
@@ -35751,7 +35820,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_base_user_template($1)
  
  	userdom_manage_home_template($1)
-@@ -923,70 +919,73 @@
+@@ -923,70 +921,72 @@
  
  	allow $1_t self:context contains;
  
@@ -35812,7 +35881,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +	logging_dontaudit_getattr_all_logs($1_usertype)
  
 -	miscfiles_read_man_pages($1_t)
-+	miscfiles_read_man_pages($1_usertype)
  	# for running TeX programs
 -	miscfiles_read_tetex_data($1_t)
 -	miscfiles_exec_tetex_data($1_t)
@@ -35858,7 +35926,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1020,9 +1019,6 @@
+@@ -1020,9 +1020,6 @@
  	domain_interactive_fd($1_t)
  
  	typeattribute $1_devpts_t user_ptynode;
@@ -35868,7 +35936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	typeattribute $1_tty_device_t user_ttynode;
  
  	##############################
-@@ -1031,16 +1027,29 @@
+@@ -1031,16 +1028,29 @@
  	#
  
  	# privileged home directory writers
@@ -35905,7 +35973,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -1068,6 +1077,13 @@
+@@ -1068,6 +1078,13 @@
  
  	userdom_restricted_user_template($1)
  
@@ -35919,7 +35987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_xwindows_client_template($1)
  
  	##############################
-@@ -1076,14 +1092,16 @@
+@@ -1076,14 +1093,16 @@
  	#
  
  	authlogin_per_role_template($1, $1_t, $1_r)
@@ -35941,7 +36009,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	logging_dontaudit_send_audit_msgs($1_t)
  
  	# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1091,32 +1109,29 @@
+@@ -1091,32 +1110,29 @@
  	selinux_get_enforce_mode($1_t)
  
  	optional_policy(`
@@ -35985,7 +36053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1127,10 +1142,10 @@
+@@ -1127,10 +1143,10 @@
  ## </summary>
  ## <desc>
  ##	<p>
@@ -36000,7 +36068,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	This template creates a user domain, types, and
  ##	rules for the user's tty, pty, home directories,
  ##	tmp, and tmpfs files.
-@@ -1164,7 +1179,6 @@
+@@ -1164,7 +1180,6 @@
  	# Need the following rule to allow users to run vpnc
  	corenet_tcp_bind_xserver_port($1_t)
  
@@ -36008,7 +36076,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	# cjp: why?
  	files_read_kernel_symbol_table($1_t)
  
-@@ -1182,32 +1196,45 @@
+@@ -1182,32 +1197,45 @@
  		')
  	')
  
@@ -36066,7 +36134,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1284,8 +1311,6 @@
+@@ -1284,8 +1312,6 @@
  	# Manipulate other users crontab.
  	allow $1_t self:passwd crontab;
  
@@ -36075,7 +36143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
  	kernel_getattr_message_if($1_t)
-@@ -1307,8 +1332,6 @@
+@@ -1307,8 +1333,6 @@
  
  	dev_getattr_generic_blk_files($1_t)
  	dev_getattr_generic_chr_files($1_t)
@@ -36084,7 +36152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	# Allow MAKEDEV to work
  	dev_create_all_blk_files($1_t)
  	dev_create_all_chr_files($1_t)
-@@ -1363,13 +1386,6 @@
+@@ -1363,13 +1387,6 @@
  	# But presently necessary for installing the file_contexts file.
  	seutil_manage_bin_policy($1_t)
  
@@ -36098,7 +36166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	optional_policy(`
  		userhelper_exec($1_t)
  	')
-@@ -1422,6 +1438,7 @@
+@@ -1422,6 +1439,7 @@
  	dev_relabel_all_dev_nodes($1)
  
  	files_create_boot_flag($1)
@@ -36106,7 +36174,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	# Necessary for managing /boot/efi
  	fs_manage_dos_files($1)
-@@ -1787,10 +1804,14 @@
+@@ -1787,10 +1805,14 @@
  template(`userdom_user_home_content',`
  	gen_require(`
  		attribute $1_file_type;
@@ -36122,7 +36190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1886,11 +1907,11 @@
+@@ -1886,11 +1908,11 @@
  #
  template(`userdom_search_user_home_dirs',`
  	gen_require(`
@@ -36136,7 +36204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1920,11 +1941,11 @@
+@@ -1920,11 +1942,11 @@
  #
  template(`userdom_list_user_home_dirs',`
  	gen_require(`
@@ -36150,7 +36218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1968,12 +1989,12 @@
+@@ -1968,12 +1990,12 @@
  #
  template(`userdom_user_home_domtrans',`
  	gen_require(`
@@ -36166,7 +36234,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2003,10 +2024,11 @@
+@@ -2003,10 +2025,11 @@
  #
  template(`userdom_dontaudit_list_user_home_dirs',`
  	gen_require(`
@@ -36180,7 +36248,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2038,11 +2060,48 @@
+@@ -2038,11 +2061,48 @@
  #
  template(`userdom_manage_user_home_content_dirs',`
  	gen_require(`
@@ -36231,7 +36299,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2074,10 +2133,10 @@
+@@ -2074,10 +2134,10 @@
  #
  template(`userdom_dontaudit_setattr_user_home_content_files',`
  	gen_require(`
@@ -36244,7 +36312,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2107,11 +2166,11 @@
+@@ -2107,11 +2167,11 @@
  #
  template(`userdom_read_user_home_content_files',`
  	gen_require(`
@@ -36258,7 +36326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2141,11 +2200,11 @@
+@@ -2141,11 +2201,11 @@
  #
  template(`userdom_dontaudit_read_user_home_content_files',`
  	gen_require(`
@@ -36273,7 +36341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2175,10 +2234,14 @@
+@@ -2175,10 +2235,14 @@
  #
  template(`userdom_dontaudit_write_user_home_content_files',`
  	gen_require(`
@@ -36290,7 +36358,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2208,11 +2271,11 @@
+@@ -2208,11 +2272,11 @@
  #
  template(`userdom_read_user_home_content_symlinks',`
  	gen_require(`
@@ -36304,7 +36372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2242,11 +2305,11 @@
+@@ -2242,11 +2306,11 @@
  #
  template(`userdom_exec_user_home_content_files',`
  	gen_require(`
@@ -36318,7 +36386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2276,10 +2339,10 @@
+@@ -2276,10 +2340,10 @@
  #
  template(`userdom_dontaudit_exec_user_home_content_files',`
  	gen_require(`
@@ -36331,7 +36399,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2311,12 +2374,12 @@
+@@ -2311,12 +2375,12 @@
  #
  template(`userdom_manage_user_home_content_files',`
  	gen_require(`
@@ -36347,7 +36415,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2348,10 +2411,10 @@
+@@ -2348,10 +2412,10 @@
  #
  template(`userdom_dontaudit_manage_user_home_content_dirs',`
  	gen_require(`
@@ -36360,7 +36428,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2383,12 +2446,12 @@
+@@ -2383,12 +2447,12 @@
  #
  template(`userdom_manage_user_home_content_symlinks',`
  	gen_require(`
@@ -36376,7 +36444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2420,12 +2483,12 @@
+@@ -2420,12 +2484,12 @@
  #
  template(`userdom_manage_user_home_content_pipes',`
  	gen_require(`
@@ -36392,7 +36460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2457,12 +2520,12 @@
+@@ -2457,12 +2521,12 @@
  #
  template(`userdom_manage_user_home_content_sockets',`
  	gen_require(`
@@ -36408,7 +36476,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2507,11 +2570,11 @@
+@@ -2507,11 +2571,11 @@
  #
  template(`userdom_user_home_dir_filetrans',`
  	gen_require(`
@@ -36422,7 +36490,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2556,11 +2619,11 @@
+@@ -2556,11 +2620,11 @@
  #
  template(`userdom_user_home_content_filetrans',`
  	gen_require(`
@@ -36436,7 +36504,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2600,11 +2663,11 @@
+@@ -2600,11 +2664,11 @@
  #
  template(`userdom_user_home_dir_filetrans_user_home_content',`
  	gen_require(`
@@ -36450,7 +36518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2634,11 +2697,11 @@
+@@ -2634,11 +2698,11 @@
  #
  template(`userdom_write_user_tmp_sockets',`
  	gen_require(`
@@ -36464,7 +36532,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2668,11 +2731,11 @@
+@@ -2668,11 +2732,11 @@
  #
  template(`userdom_list_user_tmp',`
  	gen_require(`
@@ -36478,7 +36546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2704,10 +2767,10 @@
+@@ -2704,10 +2768,10 @@
  #
  template(`userdom_dontaudit_list_user_tmp',`
  	gen_require(`
@@ -36491,7 +36559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2739,10 +2802,10 @@
+@@ -2739,10 +2803,10 @@
  #
  template(`userdom_dontaudit_manage_user_tmp_dirs',`
  	gen_require(`
@@ -36504,7 +36572,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2772,12 +2835,12 @@
+@@ -2772,12 +2836,12 @@
  #
  template(`userdom_read_user_tmp_files',`
  	gen_require(`
@@ -36520,7 +36588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2809,20 +2872,20 @@
+@@ -2809,20 +2873,20 @@
  #
  template(`userdom_dontaudit_read_user_tmp_files',`
  	gen_require(`
@@ -36545,7 +36613,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	temporary files.
  ##	</p>
  ##	<p>
-@@ -2842,21 +2905,23 @@
+@@ -2842,21 +2906,23 @@
  ##	</summary>
  ## </param>
  #
@@ -36574,7 +36642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	</p>
  ##	<p>
  ##	This is a templated interface, and should only
-@@ -2871,66 +2936,137 @@
+@@ -2871,67 +2937,138 @@
  ## </param>
  ## <param name="domain">
  ##	<summary>
@@ -36649,6 +36717,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 -##	temporary symbolic links.
 -##	</p>
 -##	<p>
+-##	This is a templated interface, and should only
 +## <param name="domain">
 +##	<summary>
 +##	Domain allowed access.
@@ -36745,10 +36814,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +##	temporary symbolic links.
 +##	</p>
 +##	<p>
- ##	This is a templated interface, and should only
++##	This is a templated interface, and should only
  ##	be called from a per-userdomain template.
  ##	</p>
-@@ -2949,12 +3085,12 @@
+ ## </desc>
+@@ -2949,12 +3086,12 @@
  #
  template(`userdom_read_user_tmp_symlinks',`
  	gen_require(`
@@ -36764,7 +36834,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2986,11 +3122,11 @@
+@@ -2986,11 +3123,11 @@
  #
  template(`userdom_manage_user_tmp_dirs',`
  	gen_require(`
@@ -36778,7 +36848,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3022,11 +3158,11 @@
+@@ -3022,11 +3159,11 @@
  #
  template(`userdom_manage_user_tmp_files',`
  	gen_require(`
@@ -36792,7 +36862,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3058,11 +3194,11 @@
+@@ -3058,11 +3195,11 @@
  #
  template(`userdom_manage_user_tmp_symlinks',`
  	gen_require(`
@@ -36806,7 +36876,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3094,11 +3230,11 @@
+@@ -3094,11 +3231,11 @@
  #
  template(`userdom_manage_user_tmp_pipes',`
  	gen_require(`
@@ -36820,7 +36890,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3130,11 +3266,11 @@
+@@ -3130,11 +3267,11 @@
  #
  template(`userdom_manage_user_tmp_sockets',`
  	gen_require(`
@@ -36834,7 +36904,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3179,10 +3315,10 @@
+@@ -3179,10 +3316,10 @@
  #
  template(`userdom_user_tmp_filetrans',`
  	gen_require(`
@@ -36847,7 +36917,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_search_tmp($2)
  ')
  
-@@ -3223,10 +3359,10 @@
+@@ -3223,10 +3360,10 @@
  #
  template(`userdom_tmp_filetrans_user_tmp',`
  	gen_require(`
@@ -36860,7 +36930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3254,6 +3390,42 @@
+@@ -3254,6 +3391,42 @@
  ##	</summary>
  ## </param>
  #
@@ -36903,7 +36973,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  template(`userdom_rw_user_tmpfs_files',`
  	gen_require(`
  		type $1_tmpfs_t;
-@@ -3267,6 +3439,42 @@
+@@ -3267,6 +3440,42 @@
  
  ########################################
  ## <summary>
@@ -36946,7 +37016,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	List users untrusted directories.
  ## </summary>
  ## <desc>
-@@ -3962,6 +4170,24 @@
+@@ -3962,6 +4171,24 @@
  
  ########################################
  ## <summary>
@@ -36971,7 +37041,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Manage unpriviledged user SysV shared
  ##	memory segments.
  ## </summary>
-@@ -4231,11 +4457,11 @@
+@@ -4231,11 +4458,11 @@
  #
  interface(`userdom_search_staff_home_dirs',`
  	gen_require(`
@@ -36985,7 +37055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4251,10 +4477,10 @@
+@@ -4251,10 +4478,10 @@
  #
  interface(`userdom_dontaudit_search_staff_home_dirs',`
  	gen_require(`
@@ -36998,7 +37068,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4270,11 +4496,11 @@
+@@ -4270,11 +4497,11 @@
  #
  interface(`userdom_manage_staff_home_dirs',`
  	gen_require(`
@@ -37012,7 +37082,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4289,16 +4515,16 @@
+@@ -4289,16 +4516,16 @@
  #
  interface(`userdom_relabelto_staff_home_dirs',`
  	gen_require(`
@@ -37032,7 +37102,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	users home directory.
  ## </summary>
  ## <param name="domain">
-@@ -4307,12 +4533,35 @@
+@@ -4307,12 +4534,35 @@
  ##	</summary>
  ## </param>
  #
@@ -37071,7 +37141,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4327,13 +4576,13 @@
+@@ -4327,13 +4577,13 @@
  #
  interface(`userdom_read_staff_home_content_files',`
  	gen_require(`
@@ -37089,7 +37159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4531,10 +4780,10 @@
+@@ -4531,10 +4781,10 @@
  #
  interface(`userdom_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -37102,7 +37172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4551,10 +4800,10 @@
+@@ -4551,10 +4801,10 @@
  #
  interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -37115,7 +37185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4569,10 +4818,10 @@
+@@ -4569,10 +4819,10 @@
  #
  interface(`userdom_search_sysadm_home_dirs',`
  	gen_require(`
@@ -37128,7 +37198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4588,10 +4837,10 @@
+@@ -4588,10 +4838,10 @@
  #
  interface(`userdom_dontaudit_search_sysadm_home_dirs',`
  	gen_require(`
@@ -37141,7 +37211,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4606,10 +4855,10 @@
+@@ -4606,10 +4856,10 @@
  #
  interface(`userdom_list_sysadm_home_dirs',`
  	gen_require(`
@@ -37154,7 +37224,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4625,10 +4874,10 @@
+@@ -4625,10 +4875,10 @@
  #
  interface(`userdom_dontaudit_list_sysadm_home_dirs',`
  	gen_require(`
@@ -37167,7 +37237,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4644,12 +4893,29 @@
+@@ -4644,12 +4894,29 @@
  #
  interface(`userdom_dontaudit_read_sysadm_home_content_files',`
  	gen_require(`
@@ -37201,7 +37271,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4676,10 +4942,10 @@
+@@ -4676,10 +4943,10 @@
  #
  interface(`userdom_sysadm_home_dir_filetrans',`
  	gen_require(`
@@ -37214,7 +37284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4694,10 +4960,10 @@
+@@ -4694,10 +4961,10 @@
  #
  interface(`userdom_search_sysadm_home_content_dirs',`
  	gen_require(`
@@ -37227,7 +37297,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4712,13 +4978,13 @@
+@@ -4712,13 +4979,13 @@
  #
  interface(`userdom_read_sysadm_home_content_files',`
  	gen_require(`
@@ -37245,7 +37315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4754,11 +5020,49 @@
+@@ -4754,11 +5021,49 @@
  #
  interface(`userdom_search_all_users_home_dirs',`
  	gen_require(`
@@ -37296,7 +37366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4778,6 +5082,14 @@
+@@ -4778,6 +5083,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -37311,7 +37381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4815,6 +5127,8 @@
+@@ -4815,6 +5128,8 @@
  	')
  
  	dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -37320,7 +37390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4839,7 +5153,7 @@
+@@ -4839,7 +5154,7 @@
  
  ########################################
  ## <summary>
@@ -37329,7 +37399,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	in all users home directories.
  ## </summary>
  ## <param name="domain">
-@@ -4848,18 +5162,57 @@
+@@ -4848,13 +5163,52 @@
  ##	</summary>
  ## </param>
  #
@@ -37342,11 +37412,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_list_home($1)
 -	allow $1 home_type:dir manage_dir_perms;
 +	delete_dirs_pattern($1, home_type, home_type)
- ')
- 
- ########################################
- ## <summary>
--##	Create, read, write, and delete all files
++')
++
++########################################
++## <summary>
 +##	Create, read, write, and delete all directories
 +##	in all users home directories.
 +## </summary>
@@ -37382,15 +37451,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +	')
 +
 +	delete_files_pattern($1,home_type,home_type)
-+')
-+
-+########################################
-+## <summary>
-+##	Create, read, write, and delete all files
- ##	in all users home directories.
- ## </summary>
- ## <param name="domain">
-@@ -4879,6 +5232,26 @@
+ ')
+ 
+ ########################################
+@@ -4879,6 +5233,26 @@
  
  ########################################
  ## <summary>
@@ -37417,7 +37481,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all symlinks
  ##	in all users home directories.
  ## </summary>
-@@ -5115,7 +5488,7 @@
+@@ -5115,7 +5489,7 @@
  #
  interface(`userdom_relabelto_generic_user_home_dirs',`
  	gen_require(`
@@ -37426,7 +37490,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	files_search_home($1)
-@@ -5304,6 +5677,63 @@
+@@ -5304,6 +5678,63 @@
  
  ########################################
  ## <summary>
@@ -37490,7 +37554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete directories in
  ##	unprivileged users home directories.
  ## </summary>
-@@ -5509,6 +5939,43 @@
+@@ -5509,6 +5940,43 @@
  
  ########################################
  ## <summary>
@@ -37534,7 +37598,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Read and write unprivileged user ttys.
  ## </summary>
  ## <param name="domain">
-@@ -5559,7 +6026,7 @@
+@@ -5559,7 +6027,7 @@
  		attribute userdomain;
  	')
  
@@ -37543,7 +37607,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_search_proc($1)
  ')
  
-@@ -5674,6 +6141,42 @@
+@@ -5674,6 +6142,42 @@
  
  ########################################
  ## <summary>
@@ -37586,7 +37650,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5704,3 +6207,408 @@
+@@ -5704,3 +6208,408 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index dda05a5..4e5ff77 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 81%{?dist}
+Release: 82%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Jul 30 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-82
+- Change mail_spool to be a files_mountpoint
+
 * Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-81
 - Add boolean httpd_execmem
 - Add dontaudit for leaky pam_nssldap