diff --git a/policy-20071130.patch b/policy-20071130.patch
index b321fe8..ede73b2 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -2096,8 +2096,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.3.1/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.te 2008-11-03 16:14:53.000000000 -0500
-@@ -0,0 +1,67 @@
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.te 2008-11-18 16:25:27.000000000 -0500
+@@ -0,0 +1,75 @@
+
+policy_module(kismet, 1.0.2)
+
@@ -2165,6 +2165,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+libs_use_shared_libs(kismet_t)
+
+miscfiles_read_localization(kismet_t)
++
++optional_policy(`
++ dbus_system_bus_client_template(kismet, kismet_t)
++
++ optional_policy(`
++ networkmanager_dbus_chat(kismet_t)
++ ')
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.3.1/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/admin/kudzu.te 2008-11-03 16:14:53.000000000 -0500
@@ -3554,7 +3562,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2008-11-03 16:14:53.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2008-11-17 10:38:18.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(vpn,1.7.1)
@@ -3569,7 +3577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te
-allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
-allow vpnc_t self:process getsched;
-allow vpnc_t self:fifo_file { getattr ioctl read write };
-+allow vpnc_t self:capability { dac_read_search dac_override net_admin ipc_lock net_raw };
++allow vpnc_t self:capability { dac_read_search dac_override net_admin ipc_lock net_raw setuid setgid };
+allow vpnc_t self:process { getsched signal };
+allow vpnc_t self:fifo_file rw_fifo_file_perms;
+allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
@@ -15432,14 +15440,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
+files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.fc serefpolicy-3.3.1/policy/modules/services/cyphesis.fc
--- nsaserefpolicy/policy/modules/services/cyphesis.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc 2008-11-04 09:01:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc 2008-11-19 14:16:57.000000000 -0500
@@ -0,0 +1,6 @@
+
+/usr/bin/cyphesis -- gen_context(system_u:object_r:cyphesis_exec_t,s0)
+
+/var/log/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_log_t,s0)
+
-+/var/run/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_run_t,s0)
++/var/run/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.if serefpolicy-3.3.1/policy/modules/services/cyphesis.if
--- nsaserefpolicy/policy/modules/services/cyphesis.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.if 2008-11-03 16:14:20.000000000 -0500
@@ -20881,7 +20889,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-11-17 15:45:13.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(networkmanager,1.9.0)
@@ -20985,7 +20993,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
libs_use_ld_so(NetworkManager_t)
libs_use_shared_libs(NetworkManager_t)
-@@ -98,26 +128,40 @@
+@@ -98,26 +128,41 @@
seutil_read_config(NetworkManager_t)
@@ -21000,6 +21008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+sysnet_read_dhcp_config(NetworkManager_t)
sysnet_read_dhcpc_pid(NetworkManager_t)
-sysnet_delete_dhcpc_pid(NetworkManager_t)
++sysnet_delete_dhcpc_state(NetworkManager_t)
sysnet_search_dhcp_state(NetworkManager_t)
-# in /etc created by NetworkManager will be labelled net_conf_t.
-sysnet_manage_config(NetworkManager_t)
@@ -21033,13 +21042,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -129,8 +173,19 @@
+@@ -129,8 +174,23 @@
')
optional_policy(`
- dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
- dbus_connect_system_bus(NetworkManager_t)
+ dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
++
++ optional_policy(`
++ consolekit_dbus_chat(NetworkManager_t)
++ ')
+')
+
+optional_policy(`
@@ -21055,7 +21068,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -138,39 +193,86 @@
+@@ -138,39 +198,86 @@
')
optional_policy(`
@@ -21082,14 +21095,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
openvpn_signal(NetworkManager_t)
+ openvpn_signull(NetworkManager_t)
+ openvpn_sigkill(NetworkManager_t)
-+')
-+
-+optional_policy(`
-+ polkit_domtrans_auth(NetworkManager_t)
-+ polkit_read_lib(NetworkManager_t)
')
optional_policy(`
++ polkit_domtrans_auth(NetworkManager_t)
++ polkit_read_lib(NetworkManager_t)
++')
++
++optional_policy(`
+ ppp_initrc_domtrans(NetworkManager_t)
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
@@ -30074,7 +30087,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.3.1/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2008-11-17 13:59:47.000000000 -0500
@@ -21,8 +21,10 @@
gen_tunable(spamd_enable_home_dirs,true)
@@ -30238,7 +30251,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+manage_lnk_files_pattern(spamassassin_t, user_spamassassin_home_t,user_spamassassin_home_t)
+manage_fifo_files_pattern(spamassassin_t, user_spamassassin_home_t,user_spamassassin_home_t)
+manage_sock_files_pattern(spamassassin_t, user_spamassassin_home_t,user_spamassassin_home_t)
-+userdom_user_home_dir_filetrans($1,spamassassin_t,user_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
++userdom_user_home_dir_filetrans(user,spamassassin_t,user_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
+
+manage_dirs_pattern(spamassassin_t, user_spamassassin_tmp_t,user_spamassassin_tmp_t)
+manage_files_pattern(spamassassin_t, user_spamassassin_tmp_t,user_spamassassin_tmp_t)
@@ -38156,7 +38169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2008-11-13 17:42:19.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2008-11-17 10:47:43.000000000 -0500
@@ -145,6 +145,25 @@
########################################
@@ -38183,7 +38196,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
## Send and receive messages from
## dhcpc over dbus.
##
-@@ -477,6 +496,7 @@
+@@ -198,7 +217,25 @@
+ type dhcpc_state_t;
+ ')
+
+- allow $1 dhcpc_state_t:file { getattr read };
++ read_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
++')
++
++#######################################
++##
++## Delete the dhcp client state files.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`sysnet_delete_dhcpc_state',`
++ gen_require(`
++ type dhcpc_state_t;
++ ')
++
++ delete_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
+ ')
+
+ #######################################
+@@ -477,6 +514,7 @@
type net_conf_t;
')
@@ -38191,7 +38231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
allow $1 self:tcp_socket create_socket_perms;
allow $1 self:udp_socket create_socket_perms;
-@@ -493,6 +513,14 @@
+@@ -493,6 +531,14 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
@@ -38206,7 +38246,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
')
########################################
-@@ -522,6 +550,8 @@
+@@ -522,6 +568,8 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
@@ -38215,7 +38255,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
')
########################################
-@@ -556,3 +586,49 @@
+@@ -556,3 +604,49 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 32b03f9..1219acb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 110%{?dist}
+Release: 111%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -382,6 +382,9 @@ exit 0
%endif
%changelog
+* Wed Nov 19 2008 Dan Walsh 3.3.1-111
+- Fix cyphesis policy
+
* Thu Nov 13 2008 Dan Walsh 3.3.1-110
- Allow openvpn to create /etc/openvpn/ipp.txt