From 5947905ef9e6e4ce19bca5ab8bc12e3e1a35fed3 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Mar 04 2008 21:38:18 +0000
Subject: - Allow bitlebee to read locale_t


---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index dbef272..bc10dad 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -2613,7 +2613,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  #######################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2007-10-02 09:54:52.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-03-04 16:24:35.000000000 -0500
 @@ -28,6 +28,7 @@
  files_purge_tmp(tmpreaper_t)
  # why does it need setattr?
@@ -2622,7 +2622,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
  
  mls_file_read_all_levels(tmpreaper_t)
  mls_file_write_all_levels(tmpreaper_t)
-@@ -42,6 +43,19 @@
+@@ -42,6 +43,22 @@
  
  cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
  
@@ -2630,6 +2630,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
 +userdom_delete_all_users_home_content_files(tmpreaper_t)
 +userdom_delete_all_users_home_content_symlinks(tmpreaper_t)
 +
++files_delete_isid_type_dirs(tmpreaper_t)
++files_delete_isid_type_files(tmpreaper_t)
++
 +optional_policy(`
 +	amavis_manage_spool_files(tmpreaper_t)
 +')
@@ -2698,6 +2701,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  	rpm_use_fds(useradd_t)
  	rpm_rw_pipes(useradd_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.3.1/policy/modules/admin/vbetool.te
+--- nsaserefpolicy/policy/modules/admin/vbetool.te	2007-12-19 05:32:18.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te	2008-03-04 16:04:15.000000000 -0500
+@@ -23,6 +23,8 @@
+ dev_rwx_zero(vbetool_t)
+ dev_read_sysfs(vbetool_t)
+ 
++domain_mmap_low(vbetool_t)
++
+ term_use_unallocated_ttys(vbetool_t)
+ 
+ libs_use_ld_so(vbetool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2008-02-18 14:30:19.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2008-02-26 08:29:22.000000000 -0500
@@ -3924,7 +3939,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
 +/usr/bin/octave-[^/]*  	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2007-10-12 08:56:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if	2008-02-26 21:21:39.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/java.if	2008-03-03 08:25:05.000000000 -0500
 @@ -32,7 +32,7 @@
  ##	</summary>
  ## </param>
@@ -4019,7 +4034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
  	userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
  	userdom_manage_user_home_content_files($1,$1_javaplugin_t)
  	userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
-@@ -156,15 +162,67 @@
+@@ -156,16 +162,63 @@
  	')
  
  	optional_policy(`
@@ -4029,8 +4044,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
  
 -	optional_policy(`
 -		nscd_socket_use($1_javaplugin_t)
+-	')
 +')
-+
+ 
+-	optional_policy(`
+-		xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
 +#######################################
 +## <summary>
 +##	The per role template for the java module.
@@ -4062,7 +4080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
 +	gen_require(`
 +		type java_exec_t;
  	')
- 
++
 +	type $1_java_t;
 +	domain_type($1_java_t)
 +	domain_entry_file($1_java_t,java_exec_t)
@@ -4083,15 +4101,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
 +	dev_read_rand($1_java_t)
 +
 +	fs_dontaudit_rw_tmpfs_files($1_java_t)
-+
- 	optional_policy(`
--		xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
-+		xserver_user_x_domain_template($1,$1_java,$1_java_t,$1_tmpfs_t)
-+		xserver_xdm_rw_shm($1_java_t)
- 	')
  ')
  
-@@ -219,3 +277,67 @@
+ ########################################
+@@ -219,3 +272,67 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, java_exec_t, java_t)
  ')
@@ -4223,8 +4236,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
 +userdom_dontaudit_write_unpriv_user_home_content_files(loadkeys_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2008-02-26 08:29:22.000000000 -0500
-@@ -18,3 +18,109 @@
++++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2008-03-03 08:24:51.000000000 -0500
+@@ -18,3 +18,101 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, mono_exec_t, mono_t)
  ')
@@ -4325,14 +4338,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if 
 +	domtrans_pattern($2, mono_exec_t, $1_mono_t)
 +
 +	fs_dontaudit_rw_tmpfs_files($1_mono_t)
-+
-+	optional_policy(`
-+		gen_require(`
-+			type $1_tmpfs_t;
-+		')
-+		xserver_user_x_domain_template($1,$1_mono,$1_mono_t,$1_tmpfs_t)
-+		xserver_xdm_rw_shm($1_mono_t)
-+	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.3.1/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2007-12-19 05:32:09.000000000 -0500
@@ -4373,7 +4378,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  # /bin
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.3.1/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2007-10-29 07:52:48.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2008-02-27 13:16:07.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2008-03-04 10:33:57.000000000 -0500
 @@ -35,7 +35,10 @@
  template(`mozilla_per_role_template',`
  	gen_require(`
@@ -4417,7 +4422,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	allow $1_mozilla_t self:fifo_file rw_fifo_file_perms;
  	allow $1_mozilla_t self:shm { unix_read unix_write read write destroy create };
  	allow $1_mozilla_t self:sem create_sem_perms;
-@@ -71,10 +80,15 @@
+@@ -66,15 +75,19 @@
+ 	allow $1_mozilla_t self:unix_stream_socket { listen accept };
+ 	# Browse the web, connect to printer
+ 	allow $1_mozilla_t self:tcp_socket create_socket_perms;
+-	allow $1_mozilla_t self:netlink_route_socket r_netlink_socket_perms;
+ 
  	# for bash - old mozilla binary
  	can_exec($1_mozilla_t, mozilla_exec_t)
  
@@ -4436,7 +4446,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	userdom_search_user_home_dirs($1,$1_mozilla_t)
  
  	# Mozpluggerrc
-@@ -89,22 +103,48 @@
+@@ -89,22 +102,48 @@
  	allow $2 $1_mozilla_t:unix_stream_socket connectto;
  
  	# X access, Home files
@@ -4498,7 +4508,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	# Unrestricted inheritance from the caller.
  	allow $2 $1_mozilla_t:process { noatsecure siginh rlimitinh };
  
-@@ -112,11 +152,13 @@
+@@ -112,11 +151,13 @@
  	ps_process_pattern($2,$1_mozilla_t)
  	allow $2 $1_mozilla_t:process signal_perms;
  	
@@ -4514,7 +4524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	# Look for plugins 
  	corecmd_list_bin($1_mozilla_t)
-@@ -165,10 +207,23 @@
+@@ -165,13 +206,28 @@
  	files_read_var_files($1_mozilla_t)
  	files_read_var_symlinks($1_mozilla_t)
   	files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -4538,9 +4548,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	term_dontaudit_getattr_pty_dirs($1_mozilla_t)
  	
-@@ -184,14 +239,10 @@
- 	sysnet_dns_name_resolve($1_mozilla_t)
- 	sysnet_read_config($1_mozilla_t)
++	auth_use_nsswitch($1_mozilla_t)
++
+ 	libs_use_ld_so($1_mozilla_t)
+ 	libs_use_shared_libs($1_mozilla_t)
+ 
+@@ -180,18 +236,10 @@
+ 	miscfiles_read_fonts($1_mozilla_t)
+ 	miscfiles_read_localization($1_mozilla_t)
+ 
+-	# Browse the web, connect to printer
+-	sysnet_dns_name_resolve($1_mozilla_t)
+-	sysnet_read_config($1_mozilla_t)
++	userdom_dontaudit_read_user_tmp_files($1,$1_mozilla_t)
++	userdom_dontaudit_use_user_terminals($1,$1_mozilla_t)
  	
 -	userdom_manage_user_home_content_dirs($1,$1_mozilla_t)
 -	userdom_manage_user_home_content_files($1,$1_mozilla_t)
@@ -4548,15 +4569,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 -	userdom_manage_user_tmp_dirs($1,$1_mozilla_t)
 -	userdom_manage_user_tmp_files($1,$1_mozilla_t)
 -	userdom_manage_user_tmp_sockets($1,$1_mozilla_t)
-+	userdom_dontaudit_read_user_tmp_files($1,$1_mozilla_t)
-+	userdom_dontaudit_use_user_terminals($1,$1_mozilla_t)
- 	
+-	
 -	xserver_user_client_template($1,$1_mozilla_t,$1_mozilla_tmpfs_t)
 +	xserver_user_x_domain_template($1,$1_mozilla,$1_mozilla_t,$1_mozilla_tmpfs_t)
  	xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
  	xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t)
  
-@@ -211,131 +262,8 @@
+@@ -211,131 +259,8 @@
  		fs_manage_cifs_symlinks($1_mozilla_t)
  	')
  
@@ -4690,7 +4709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
-@@ -350,19 +278,27 @@
+@@ -350,19 +275,27 @@
  	optional_policy(`
  		cups_read_rw_config($1_mozilla_t)
  		cups_dbus_chat($1_mozilla_t)
@@ -4720,18 +4739,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
-@@ -370,6 +306,10 @@
+@@ -370,37 +303,18 @@
  	')
  
  	optional_policy(`
+-		mplayer_domtrans_user_mplayer($1, $1_mozilla_t)
+-		mplayer_read_user_home_files($1, $1_mozilla_t)
 +		nsplugin_per_role_template($1, $1_mozilla_t, $1_r)
-+	')
-+
-+	optional_policy(`
- 		mplayer_domtrans_user_mplayer($1, $1_mozilla_t)
- 		mplayer_read_user_home_files($1, $1_mozilla_t)
  	')
-@@ -382,25 +322,6 @@
+ 
+ 	optional_policy(`
+-		nscd_socket_use($1_mozilla_t)
++		mplayer_domtrans_user_mplayer($1, $1_mozilla_t)
++		mplayer_read_user_home_files($1, $1_mozilla_t)
+ 	')
+ 
+ 	optional_policy(`
  		thunderbird_domtrans_user_thunderbird($1, $1_mozilla_t)
  	')
  
@@ -4757,7 +4780,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -430,11 +351,11 @@
+@@ -430,11 +344,11 @@
  #
  template(`mozilla_read_user_home_files',`
  	gen_require(`
@@ -4772,7 +4795,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -464,11 +385,10 @@
+@@ -464,11 +378,10 @@
  #
  template(`mozilla_write_user_home_files',`
  	gen_require(`
@@ -4786,7 +4809,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -573,3 +493,27 @@
+@@ -573,3 +486,27 @@
  
  	allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
  ')
@@ -4973,8 +4996,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +HOME_DIR/\.macromedia(/.*)?			gen_context(system_u:object_r:user_nsplugin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2008-02-26 16:13:57.000000000 -0500
-@@ -0,0 +1,339 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2008-03-04 14:46:08.000000000 -0500
+@@ -0,0 +1,344 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@@ -5188,6 +5211,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +		type nsplugin_rw_t;
 +	')
 +	nsplugin_use($1, $2)
++
++	optional_policy(`
++		xserver_common_app_template($2, nsplugin_t)
++	')
++
 +	role $3 types nsplugin_t;
 +	role $3 types nsplugin_config_t;
 +')
@@ -5316,7 +5344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-02-27 12:47:03.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-03-04 10:03:36.000000000 -0500
 @@ -0,0 +1,154 @@
 +
 +policy_module(nsplugin,1.0.0)
@@ -5383,6 +5411,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +domain_dontaudit_read_all_domains_state(nsplugin_t)
 +
 +dev_read_rand(nsplugin_t)
++dev_read_sound(nsplugin_t)
 +
 +kernel_read_kernel_sysctls(nsplugin_t)
 +kernel_read_system_state(nsplugin_t)
@@ -5423,7 +5452,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +	xserver_stream_connect_xdm_xserver(nsplugin_t)
 +	xserver_xdm_rw_shm(nsplugin_t)
 +	xserver_read_xdm_tmp_files(nsplugin_t)
-+	xserver_xdm_x_domain_template(nsplugin,nsplugin_t)
 +')
 +
 +########################################
@@ -6199,7 +6227,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-02-01 09:12:53.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-03-04 15:06:28.000000000 -0500
 @@ -82,6 +82,7 @@
  network_port(clockspeed, udp,4041,s0)
  network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0)
@@ -6255,7 +6283,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(rsh, tcp,514,s0)
  network_port(rsync, tcp,873,s0, udp,873,s0)
  network_port(rwho, udp,513,s0)
-@@ -170,7 +177,11 @@
+@@ -170,7 +177,12 @@
  network_port(transproxy, tcp,8081,s0)
  type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
  network_port(uucpd, tcp,540,s0)
@@ -6264,6 +6292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(vnc, tcp,5900,s0)
 +# Reserve 100 ports for vnc/virt machines
 +portcon tcp 5901-5999 gen_context(system_u:object_r:vnc_port_t, s0)
++network_port(whois, tcp,43,s0, udp,43,s0)
  network_port(wccp, udp,2048,s0)
  network_port(xdmcp, udp,177,s0, tcp,177,s0)
  network_port(xen, tcp,8002,s0)
@@ -6849,7 +6878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2008-02-26 16:54:46.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2008-03-04 16:23:38.000000000 -0500
 @@ -1266,6 +1266,24 @@
  
  ########################################
@@ -6875,7 +6904,57 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Unmount a rootfs filesystem.
  ## </summary>
  ## <param name="domain">
-@@ -2707,6 +2725,24 @@
+@@ -2187,6 +2205,49 @@
+ 
+ ########################################
+ ## <summary>
++##	Delete directories on new filesystems
++##	that have not yet been labeled.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`files_delete_isid_type_dirs',`
++	gen_require(`
++		type file_t;
++	')
++
++	delete_dirs_pattern($1, file_t, file_t)
++')
++
++########################################
++## <summary>
++##	Delete files on new filesystems
++##	that have not yet been labeled.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`files_delete_isid_type_files',`
++	gen_require(`
++		type file_t;
++	')
++
++	delete_files_pattern($1, file_t, file_t)
++	delete_lnk_files_pattern($1, file_t, file_t)
++	delete_fifo_files_pattern($1, file_t, file_t)
++	delete_sock_files_pattern($1, file_t, file_t)
++	delete_blk_files_pattern($1, file_t, file_t)
++	delete_chr_files_pattern($1, file_t, file_t)
++')
++
++########################################
++## <summary>
+ ##	Do not audit attempts to search directories on new filesystems
+ ##	that have not yet been labeled.
+ ## </summary>
+@@ -2707,6 +2768,24 @@
  
  ########################################
  ## <summary>
@@ -6900,7 +6979,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Create, read, write, and delete symbolic links in /mnt.
  ## </summary>
  ## <param name="domain">
-@@ -4717,7 +4753,6 @@
+@@ -4717,7 +4796,6 @@
  		files_search_home($1)
  		corecmd_exec_bin($1)
  		seutil_domtrans_setfiles($1)
@@ -6908,7 +6987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  	')
  ')
  
-@@ -4756,3 +4791,54 @@
+@@ -4756,3 +4834,54 @@
  
  	allow $1 { file_type -security_file_type }:dir manage_dir_perms;
  ')
@@ -6977,7 +7056,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  # etc_runtime_t is the type of various
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2007-10-24 15:00:24.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2008-02-29 09:10:51.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2008-03-04 08:35:34.000000000 -0500
 @@ -310,6 +310,25 @@
  
  ########################################
@@ -7073,13 +7152,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ')
  
  ########################################
-@@ -3551,3 +3609,103 @@
+@@ -3551,3 +3609,123 @@
  	relabelfrom_blk_files_pattern($1,noxattrfs,noxattrfs)
  	relabelfrom_chr_files_pattern($1,noxattrfs,noxattrfs)
  ')
 +
 +########################################
 +## <summary>
++##	Search directories
++##	on a FUSEFS filesystem.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`fs_search_fusefs_dirs',`
++	gen_require(`
++		type fusefs_t;
++	')
++
++	allow $1 fusefs_t:dir search_dir_perms;
++')
++
++########################################
++## <summary>
 +##	Create, read, write, and delete directories
 +##	on a FUSEFS filesystem.
 +## </summary>
@@ -9695,7 +9794,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
 --- nsaserefpolicy/policy/modules/services/bitlbee.te	2007-09-17 15:56:47.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2008-02-26 16:46:31.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2008-03-03 11:03:16.000000000 -0500
 @@ -17,6 +17,9 @@
  type bitlbee_var_t;
  files_type(bitlbee_var_t)
@@ -9719,6 +9818,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
  files_read_etc_files(bitlbee_t)
  files_search_pids(bitlbee_t)
  # grant read-only access to the user help files
+@@ -62,6 +71,8 @@
+ libs_legacy_use_shared_libs(bitlbee_t)
+ libs_use_ld_so(bitlbee_t)
+ 
++miscfiles_read_localization(bitlbee_t)
++
+ sysnet_dns_name_resolve(bitlbee_t)
+ 
+ optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.3.1/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2006-11-16 17:15:20.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/bluetooth.fc	2008-02-26 08:29:22.000000000 -0500
@@ -10131,7 +10239,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.3.1/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2008-02-29 09:36:56.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2008-03-03 09:52:23.000000000 -0500
 @@ -48,6 +48,9 @@
  type freshclam_var_log_t;
  logging_log_file(freshclam_var_log_t)
@@ -10148,20 +10256,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
  kernel_read_kernel_sysctls(clamd_t)
 +kernel_read_system_state(clamd_t)
 +
-+corecmd_search_bin(clamd_t)
++corecmd_exec_shell(clamd_t)
  
  corenet_all_recvfrom_unlabeled(clamd_t)
  corenet_all_recvfrom_netlabel(clamd_t)
-@@ -120,6 +126,8 @@
+@@ -120,6 +126,9 @@
  cron_use_system_job_fds(clamd_t)
  cron_rw_pipes(clamd_t)
  
 +mta_read_config(clamd_t)
++mta_send_mail(clamd_t)
 +
  optional_policy(`
  	amavis_read_lib_files(clamd_t)
  	amavis_read_spool_files(clamd_t)
-@@ -127,6 +135,10 @@
+@@ -127,6 +136,10 @@
  	amavis_create_pid_files(clamd_t)
  ')
  
@@ -10172,7 +10281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
  ########################################
  #
  # Freshclam local policy
-@@ -233,3 +245,7 @@
+@@ -233,3 +246,7 @@
  optional_policy(`
  	apache_read_sys_content(clamscan_t)
  ')
@@ -11095,7 +11204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.3.1/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/cups.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/cups.te	2008-03-04 10:00:21.000000000 -0500
 @@ -43,14 +43,12 @@
  
  type cupsd_var_run_t;
@@ -11744,7 +11853,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2008-02-26 12:56:03.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2008-03-04 10:11:49.000000000 -0500
 @@ -53,6 +53,7 @@
  	gen_require(`
  		type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -11816,7 +11925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  
  	selinux_get_fs_mount($1_dbusd_t)
  	selinux_validate_context($1_dbusd_t)
-@@ -161,12 +164,23 @@
+@@ -161,12 +164,24 @@
  	seutil_read_config($1_dbusd_t)
  	seutil_read_default_contexts($1_dbusd_t)
  
@@ -11825,6 +11934,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +	userdom_read_unpriv_users_home_content_files($1_dbusd_t)
 +	userdom_dontaudit_append_unpriv_home_content_files($1_dbusd_t)
 +	term_dontaudit_use_all_user_ptys($1_dbusd_t)
++	term_dontaudit_use_all_user_ttys($1_dbusd_t)
  
  	ifdef(`hide_broken_symptoms', `
  		dontaudit $2 $1_dbusd_t:netlink_selinux_socket { read write };
@@ -11841,7 +11951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  	tunable_policy(`read_default_t',`
  		files_list_default($1_dbusd_t)
  		files_read_default_files($1_dbusd_t)
-@@ -182,6 +196,7 @@
+@@ -182,6 +197,7 @@
  	optional_policy(`
  		xserver_use_xdm_fds($1_dbusd_t)
  		xserver_rw_xdm_pipes($1_dbusd_t)
@@ -11849,7 +11959,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  	')
  ')
  
-@@ -209,12 +224,9 @@
+@@ -209,12 +225,9 @@
  		class dbus send_msg;
  	')
  
@@ -11864,7 +11974,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  
  	read_files_pattern($2, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
  	files_search_var_lib($2)
-@@ -223,6 +235,10 @@
+@@ -223,6 +236,10 @@
  	files_search_pids($2)
  	stream_connect_pattern($2,system_dbusd_var_run_t,system_dbusd_var_run_t,system_dbusd_t)
  	dbus_read_config($2)
@@ -11875,7 +11985,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ')
  
  #######################################
-@@ -251,18 +267,16 @@
+@@ -251,18 +268,16 @@
  template(`dbus_user_bus_client_template',`
  	gen_require(`
  		type $1_dbusd_t;
@@ -11896,7 +12006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ')
  
  ########################################
-@@ -292,6 +306,59 @@
+@@ -292,6 +307,59 @@
  
  ########################################
  ## <summary>
@@ -11956,7 +12066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ##	Read dbus configuration.
  ## </summary>
  ## <param name="domain">
-@@ -366,3 +433,55 @@
+@@ -366,3 +434,55 @@
  
  	allow $1 system_dbusd_t:dbus *;
  ')
@@ -13438,7 +13548,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2008-02-28 15:39:03.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2008-03-04 15:04:18.000000000 -0500
 @@ -18,6 +18,9 @@
  type fail2ban_var_run_t;
  files_pid_file(fail2ban_var_run_t)
@@ -13467,7 +13577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +files_list_var(fail2ban_t)
 +files_search_var_lib(fail2ban_t)
 +
-+fs_search_inotifyfs(fail2ban_t)
++fs_list_inotifyfs(fail2ban_t)
  
  libs_use_ld_so(fail2ban_t)
  libs_use_shared_libs(fail2ban_t)
@@ -19376,7 +19486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.3.1/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2008-03-04 15:19:05.000000000 -0500
 @@ -60,10 +60,14 @@
  manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
  files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)
@@ -19419,7 +19529,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 +dev_dontaudit_getattr_all_blk_files(nfsd_t) 
 +dev_dontaudit_getattr_all_chr_files(nfsd_t) 
 +
-+dev_read_lvm_control(nfsd_t)
++dev_rw_lvm_control(nfsd_t)
 +storage_dontaudit_raw_read_fixed_disk(nfsd_t)
 +
  # for /proc/fs/nfs/exports - should we have a new type?
@@ -22901,8 +23011,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2008-02-29 17:24:22.000000000 -0500
-@@ -15,6 +15,11 @@
++++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2008-03-04 14:49:58.000000000 -0500
+@@ -12,9 +12,15 @@
+ ##	</summary>
+ ## </param>
+ #
++
  template(`xserver_common_domain_template',`
  	gen_require(`
  		type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@@ -22914,7 +23028,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	')
  
  	##############################
-@@ -22,7 +27,10 @@
+@@ -22,7 +28,10 @@
  	# Declarations
  	#
  
@@ -22926,7 +23040,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	domain_type($1_xserver_t)
  	domain_entry_file($1_xserver_t,xserver_exec_t)
  
-@@ -45,7 +53,7 @@
+@@ -33,7 +42,7 @@
+ 	files_tmpfs_file($1_xserver_tmpfs_t)
+ 
+ 	##############################
+-	#
++
+ 	# $1_xserver_t local policy
+ 	#
+ 
+@@ -45,7 +54,7 @@
  	# execheap needed until the X module loader is fixed.
  	# NVIDIA Needs execstack
  
@@ -22935,7 +23058,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	dontaudit $1_xserver_t self:capability chown;
  	allow $1_xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  	allow $1_xserver_t self:memprotect mmap_zero;
-@@ -83,6 +91,11 @@
+@@ -83,6 +92,11 @@
  	manage_files_pattern($1_xserver_t,xserver_log_t,xserver_log_t)
  	logging_log_filetrans($1_xserver_t,xserver_log_t,file)
  
@@ -22947,7 +23070,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	kernel_read_system_state($1_xserver_t)
  	kernel_read_device_sysctls($1_xserver_t)
  	kernel_read_modprobe_sysctls($1_xserver_t)
-@@ -115,18 +128,23 @@
+@@ -115,18 +129,23 @@
  	dev_rw_agp($1_xserver_t)
  	dev_rw_framebuffer($1_xserver_t)
  	dev_manage_dri_dev($1_xserver_t)
@@ -22973,7 +23096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	files_read_etc_files($1_xserver_t)
  	files_read_etc_runtime_files($1_xserver_t)
-@@ -140,12 +158,16 @@
+@@ -140,12 +159,16 @@
  	fs_getattr_xattr_fs($1_xserver_t)
  	fs_search_nfs($1_xserver_t)
  	fs_search_auto_mountpoints($1_xserver_t)
@@ -22991,7 +23114,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	term_setattr_unallocated_ttys($1_xserver_t)
  	term_use_unallocated_ttys($1_xserver_t)
  
-@@ -153,13 +175,17 @@
+@@ -153,13 +176,17 @@
  	libs_use_shared_libs($1_xserver_t)
  
  	logging_send_syslog_msg($1_xserver_t)
@@ -23010,7 +23133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	ifndef(`distro_redhat',`
  		allow $1_xserver_t self:process { execmem execheap execstack };
-@@ -169,6 +195,46 @@
+@@ -169,6 +196,46 @@
  		allow $1_xserver_t self:process { execmem execheap execstack };
  	')
  
@@ -23023,7 +23146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 +		allow $1_xserver_t input_xevent_t:x_event send;
 +		allow $1_xserver_t x_rootwindow_t:x_drawable send;
-+		allow $1_xserver_t xdm_input_xevent_t:x_event send;
++		allow $1_xserver_t xdm_t:x_event send;
 +		allow $1_xserver_t $1_t:x_drawable send;
 +
 +	',`
@@ -23057,7 +23180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	optional_policy(`
  		apm_stream_connect($1_xserver_t)
  	')
-@@ -223,8 +289,10 @@
+@@ -223,8 +290,10 @@
  template(`xserver_per_role_template',`
  
  	gen_require(`
@@ -23070,7 +23193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	')
  
  	##############################
-@@ -232,189 +300,119 @@
+@@ -232,189 +301,119 @@
  	# Declarations
  	#
  
@@ -23191,16 +23314,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	optional_policy(`
 -		userhelper_search_config($1_xserver_t)
-+		userhelper_search_config(xdm_xserver_t)
- 	')
- 
+-	')
+-
 -	ifdef(`TODO',`
 -	ifdef(`xdm.te', `
 -		allow $1_t xdm_tmp_t:sock_file unlink;
 -		allow $1_xserver_t xdm_var_run_t:dir search;
--	')
++		userhelper_search_config(xdm_xserver_t)
+ 	')
 -	') dnl end TODO
--
+ 
  	##############################
  	#
 -	# $1_xauth_t Local policy
@@ -23212,12 +23335,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 -
 -	allow $1_xauth_t $1_xauth_home_t:file manage_file_perms;
 -	userdom_user_home_dir_filetrans($1,$1_xauth_t,$1_xauth_home_t,file)
-+	domtrans_pattern($2, xauth_exec_t, xauth_t)
- 
+-
 -	manage_dirs_pattern($1_xauth_t,$1_xauth_tmp_t,$1_xauth_tmp_t)
 -	manage_files_pattern($1_xauth_t,$1_xauth_tmp_t,$1_xauth_tmp_t)
 -	files_tmp_filetrans($1_xauth_t, $1_xauth_tmp_t, { file dir })
--
++	domtrans_pattern($2, xauth_exec_t, xauth_t)
+ 
 -	domtrans_pattern($2, xauth_exec_t, $1_xauth_t)
 -
 -	allow $2 $1_xauth_t:process signal;
@@ -23231,10 +23354,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 -
 -	allow xdm_t $1_xauth_home_t:file manage_file_perms;
 -	userdom_user_home_dir_filetrans($1,xdm_t,$1_xauth_home_t,file)
--
--	domain_use_interactive_fds($1_xauth_t)
 +	ps_process_pattern($2,xauth_t)
  
+-	domain_use_interactive_fds($1_xauth_t)
+-
 -	files_read_etc_files($1_xauth_t)
 -	files_search_pids($1_xauth_t)
 -
@@ -23312,7 +23435,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 -	tunable_policy(`use_nfs_home_dirs',`
 -		fs_manage_nfs_files($1_iceauth_t)
 -	')
-+	allow $2 { input_xevent_t xdm_input_xevent_type }:x_event send;
++	allow $2 { input_xevent_t }:x_event send;
 +	allow $2 { x_rootwindow_t xdm_x_domain }:x_drawable send;
  
 -	tunable_policy(`use_samba_home_dirs',`
@@ -23324,7 +23447,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  #######################################
-@@ -521,19 +519,18 @@
+@@ -521,19 +520,18 @@
  ## </param>
  #
  template(`xserver_user_client_template',`
@@ -23352,7 +23475,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	# for when /tmp/.X11-unix is created by the system
  	allow $2 xdm_t:fd use;
-@@ -542,25 +539,382 @@
+@@ -542,25 +540,465 @@
  	allow $2 xdm_tmp_t:sock_file { read write };
  	dontaudit $2 xdm_t:tcp_socket { read write };
  
@@ -23414,6 +23537,104 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 +#######################################
 +## <summary>
++##	Interface to provide X object paste
++## </summary>
++## <param name="user">
++##	<summary>
++##	The prefix of the X server domain (e.g., user
++##	is the prefix for user_t).
++##	</summary>
++## </param>
++## <param name="domain">
++##	<summary>
++##	Client domain allowed access.
++##	</summary>
++## </param>
++#
++template(`xserver_paste',`
++	allow $2_t $1_t:x_synthetic_event send;
++	allow $1_t $2_t:x_property destroy;
++')
++
++#######################################
++## <summary>
++##	Interface to provide X object cut
++## </summary>
++## <param name="user">
++##	<summary>
++##	The prefix of the X server domain (e.g., user
++##	is the prefix for user_t).
++##	</summary>
++## </param>
++## <param name="domain">
++##	<summary>
++##	Client domain allowed access.
++##	</summary>
++## </param>
++#
++template(`xserver_cut',`
++	allow $2_t $1_t:x_synthetic_event send;
++')
++
++#######################################
++## <summary>
++##	Interface to provide X object permissions on an X Application
++##      Provides the minimal set required by a basic X client application.
++## </summary>
++## <param name="user">
++##	<summary>
++##	The X user domain (e.g., user_t).
++##	</summary>
++## </param>
++## <param name="domain">
++##	<summary>
++##	Client domain allowed access.
++##	</summary>
++## </param>
++#
++template(`xserver_common_app_template',`
++	gen_require(`
++		type x_rootwindow_t, x_rootcolormap_t, std_xext_t, shmem_xext_t;
++		type default_xproperty_t, info_xproperty_t, clipboard_xproperty_t;
++		type input_xevent_t, focus_xevent_t, property_xevent_t, manage_xevent_t;
++		type default_xevent_t, client_xevent_t;
++		type clipboard_xselection_t, default_xselection_t;
++		type  screensaver_xext_t, unknown_xext_t, x_rootscreen_t;
++		type disallowed_xext_t;
++		type output_xext_t;
++
++		attribute x_server_domain, x_domain;
++		attribute xproperty_type;
++		attribute xevent_type, xextension_type;
++		class x_drawable all_x_drawable_perms;
++		class x_screen all_x_screen_perms;
++		class x_gc all_x_gc_perms;
++		class x_font all_x_font_perms;
++		class x_colormap all_x_colormap_perms;
++		class x_property all_x_property_perms;
++		class x_selection all_x_selection_perms;
++		class x_cursor all_x_cursor_perms;	
++		class x_client all_x_client_perms;
++		class x_device all_x_device_perms;
++		class x_server all_x_server_perms;
++		class x_extension all_x_extension_perms;
++		class x_resource all_x_resource_perms;
++		class x_event all_x_event_perms;
++		class x_synthetic_event all_x_synthetic_event_perms;
++
++		attribute xdm_x_domain;
++		type xdm_t;
++	')
++
++	allow $2 $1:x_drawable { hide setattr show receive create manage add_child write read getattr remove_child list_child destroy set_property };
++	allow $2 $1:x_event receive;
++	allow $2 $1:x_synthetic_event receive;
++
++	allow $1 $2:x_property read;
++')
++
++#######################################
++## <summary>
 +##	Interface to provide X object permissions on a given X server to
 +##	an X client domain.  Provides the minimal set required by a basic
 +##	X client application.
@@ -23444,7 +23665,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +		type default_xevent_t, client_xevent_t;
 +		type clipboard_xselection_t, default_xselection_t;
 +		type  screensaver_xext_t, unknown_xext_t, x_rootscreen_t;
-+		type xdm_default_xproperty_t;
 +		type disallowed_xext_t;
 +		type output_xext_t;
 +
@@ -23467,7 +23687,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +		class x_event all_x_event_perms;
 +		class x_synthetic_event all_x_synthetic_event_perms;
 +
-+		attribute xdm_x_domain, xdm_input_xevent_type;
++		attribute xdm_x_domain;
 +		type xdm_t;
 +	')
 +
@@ -23480,15 +23700,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	typeattribute $2_t xdm_x_domain, x_domain;
 +
 +	# Types for properties
-+	type $2_default_xproperty_t, xproperty_type;
++#	type $2_default_xproperty_t, xproperty_type;
 +
 +	# Types for events
-+	type $2_input_xevent_t, xdm_input_xevent_type, xevent_type;
-+	type $2_property_xevent_t, xevent_type;
-+	type $2_focus_xevent_t, xevent_type;
-+	type $2_manage_xevent_t, xevent_type;
-+	type $2_default_xevent_t, xevent_type;
-+	type $2_client_xevent_t, xevent_type;
++#	type $2_input_xevent_t, xdm_input_xevent_type, xevent_type;
++#	type $2_property_xevent_t, xevent_type;
++#	type $2_focus_xevent_t, xevent_type;
++#	type $2_manage_xevent_t, xevent_type;
++#	type $2_default_xevent_t, xevent_type;
++#	type $2_client_xevent_t, xevent_type;
 +
 +	##############################
 +	#
@@ -23523,22 +23743,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	allow $3 $3:x_client { manage destroy };
 +
 +	# X Protocol Extensions
-+	allow $3 std_xext_t:x_extension { query use };
-+	allow $3 shmem_xext_t:x_extension { query use };
++	allow $3 std_xext_t:x_extension { use };
++	allow $3 shmem_xext_t:x_extension { use };
 +	dontaudit $3 xextension_type:x_extension query;
 +
 +	# X Properties
 +	# can read and write client properties
-+	allow $3 $2_default_xproperty_t:x_property { create destroy read write };
-+	allow $1_t $2_default_xproperty_t:x_property { read };
-+
-+	allow $3 default_xproperty_t:x_property read;
++	allow $3 $3:x_property { create destroy read write };
++	allow $3 default_xproperty_t:x_property { read write destroy create };
++	allow $3 output_xext_t:x_extension { use };
++	allow $3 output_xext_t:x_property read;
 +
-+	allow $3 output_xext_t:x_extension use;
-+
-+	allow $3 xdm_default_xproperty_t:x_property { write read };
-+
-+	type_transition $2_t default_xproperty_t:x_property $2_default_xproperty_t;
++	type_transition $2_t default_xproperty_t:x_property $2_t;
 +	# can read and write cut buffers
 +	allow $3 clipboard_xproperty_t:x_property { create read write };
 +	# can read/write info properties
@@ -23551,7 +23767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 +	# X Windows
 +	# operations allowed on root windows
-+	allow $3 x_rootwindow_t:x_drawable { getattr list_child add_child remove_child send receive read write manage setattr show };
++	allow $3 x_rootwindow_t:x_drawable { getattr list_child add_child remove_child send receive read write manage setattr show override destroy create hide };
 +
 +	# operations allowed on my windows
 +	allow $3 $3:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -23561,45 +23777,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	# can use the default colormap
 +	allow $3 x_rootcolormap_t:x_colormap { read use add_color install uninstall };
 +
-+	allow $3 $1_t:x_client destroy;
-+	allow $3 $1_t:x_drawable { receive get_property getattr list_child };
++	allow $3 $3:x_client destroy;
++	allow $3 $3:x_drawable { receive get_property getattr list_child };
 +
 +	# X Input
 +	# can receive own events
-+	allow $3 $2_input_xevent_t:{ x_event x_synthetic_event } receive;
 +	allow $3 input_xevent_t:{ x_event x_synthetic_event } receive;
-+	allow $1_t $2_input_xevent_t:{ x_event x_synthetic_event } { send receive };
-+
-+	allow $3 $2_property_xevent_t:{ x_event x_synthetic_event } receive;
-+	allow $1_t $2_property_xevent_t:{ x_event x_synthetic_event } { send receive };
-+
-+	allow $3 $2_focus_xevent_t:{ x_event x_synthetic_event } receive;
-+	allow $1_t $2_focus_xevent_t:{ x_event x_synthetic_event } { send receive };
++	allow $3 $3:{ x_event x_synthetic_event } { send receive };
 +
-+	allow $3 $2_manage_xevent_t:{ x_event x_synthetic_event } receive;
-+	allow $1_t $2_manage_xevent_t:{ x_event x_synthetic_event } { send receive };
-+
-+	allow $3 $2_default_xevent_t:{ x_event x_synthetic_event } receive;
-+	allow $1_t $2_default_xevent_t:{ x_event x_synthetic_event } {send receive };
-+	
-+	allow $3 $2_client_xevent_t:{ x_event x_synthetic_event } { send receive };
-+	allow $1_t $2_client_xevent_t:{ x_event x_synthetic_event } { send receive };
-+	type_transition $2_t input_xevent_t:x_event $2_input_xevent_t;
-+	type_transition $2_t property_xevent_t:x_event $2_property_xevent_t;
-+	type_transition $2_t focus_xevent_t:x_event $2_focus_xevent_t;
-+	type_transition $2_t manage_xevent_t:x_event $2_manage_xevent_t;
-+	type_transition $2_t default_xevent_t:x_event $2_default_xevent_t;
++	type_transition $2_t input_xevent_t:x_event $2_t;
++	type_transition $2_t property_xevent_t:x_event $2_t;
++	type_transition $2_t focus_xevent_t:x_event $2_t;
++	type_transition $2_t manage_xevent_t:x_event $2_t;
++	type_transition $2_t default_xevent_t:x_event $2_t;
 +
 +	allow $3 default_xevent_t:x_event receive;
 +
-+	type_transition $2_t client_xevent_t:x_event $2_client_xevent_t;
++	type_transition $2_t client_xevent_t:x_event $2_t;
++
 +	# can receive certain root window events
 +	allow $3 focus_xevent_t:x_event receive;
 +	allow $3 property_xevent_t:x_event receive;
 +	allow $3 client_xevent_t:x_synthetic_event receive;
 +	allow $3 manage_xevent_t:x_synthetic_event receive;
 +	# can send ICCCM events to myself
-+	allow $3 $2_manage_xevent_t:x_synthetic_event send;
++	allow $3 $3:x_synthetic_event send;
 +	# can send ICCCM events to the root window
 +	allow $3 manage_xevent_t:x_synthetic_event send;
 +	allow $3 client_xevent_t:x_synthetic_event send;
@@ -23620,10 +23822,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	# can read and write own objects
 +	allow $3 $3:x_resource { read write };
 +
-+	allow $3 screensaver_xext_t:x_extension use;
-+	allow $3 unknown_xext_t:x_extension use;
-+	allow $3 x_rootscreen_t:x_screen { saver_setattr saver_getattr setattr };
-+        allow $3 disallowed_xext_t:x_extension use;
++	allow $3 screensaver_xext_t:x_extension { use };
++	allow $3 unknown_xext_t:x_extension { use };
++
++	allow $3 x_rootscreen_t:x_screen { saver_setattr saver_getattr getattr setattr };
++
++        allow $3 disallowed_xext_t:x_extension { use };
 +
 +	tunable_policy(`! xserver_object_manager',`
 +		# should be xserver_unconfined($3),
@@ -23653,11 +23857,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +		allow $3 xevent_type:{ x_event x_synthetic_event } *;
 +	')
 +
-+	allow $3 xdm_t:x_client destroy;
-+	allow $3 xdm_t:x_drawable { receive get_property getattr list_child };
-+
-+	allow x_server_domain $2_input_xevent_t:x_event send;
++	allow x_server_domain $3:x_event send;
 +	allow x_server_domain $3:x_drawable send;
++
++	allow $3 xdm_t:x_client destroy;
++	allow $3 xdm_t:x_drawable { get_property receive getattr read send list_child };
++	allow $3 xdm_t:x_property { write read };
++	allow $3 xdm_t:x_synthetic_event send;
 +')
 +
 +#######################################
@@ -23741,7 +23947,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	')
  ')
  
-@@ -593,26 +947,44 @@
+@@ -593,26 +1031,44 @@
  #
  template(`xserver_use_user_fonts',`
  	gen_require(`
@@ -23793,7 +23999,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -638,10 +1010,77 @@
+@@ -638,10 +1094,77 @@
  #
  template(`xserver_domtrans_user_xauth',`
  	gen_require(`
@@ -23832,8 +24038,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +template(`xserver_read_user_xauth',`
 +	gen_require(`
 +		type user_xauth_home_t;
-+	')
-+
+ 	')
+ 
+-	domtrans_pattern($2, xauth_exec_t, $1_xauth_t)
 +	allow $2 user_xauth_home_t:file { getattr read };
 +')
 +
@@ -23865,15 +24072,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +template(`xserver_read_user_iceauth',`
 +	gen_require(`
 +		type user_iceauth_home_t;
- 	')
- 
--	domtrans_pattern($2, xauth_exec_t, $1_xauth_t)
++	')
++
 +	# Read .Iceauthority file
 +	allow $2 user_iceauth_home_t:file { getattr read };
  ')
  
  ########################################
-@@ -671,10 +1110,10 @@
+@@ -671,10 +1194,10 @@
  #
  template(`xserver_user_home_dir_filetrans_user_xauth',`
  	gen_require(`
@@ -23886,7 +24092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -760,7 +1199,7 @@
+@@ -760,7 +1283,7 @@
  		type xconsole_device_t;
  	')
  
@@ -23895,7 +24101,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -860,6 +1299,25 @@
+@@ -860,6 +1383,25 @@
  
  ########################################
  ## <summary>
@@ -23921,7 +24127,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Read xdm-writable configuration files.
  ## </summary>
  ## <param name="domain">
-@@ -914,6 +1372,7 @@
+@@ -914,6 +1456,7 @@
  	files_search_tmp($1)
  	allow $1 xdm_tmp_t:dir list_dir_perms;
  	create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
@@ -23929,7 +24135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -955,6 +1414,24 @@
+@@ -955,6 +1498,24 @@
  
  ########################################
  ## <summary>
@@ -23954,7 +24160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Execute the X server in the XDM X server domain.
  ## </summary>
  ## <param name="domain">
-@@ -965,15 +1442,47 @@
+@@ -965,15 +1526,47 @@
  #
  interface(`xserver_domtrans_xdm_xserver',`
  	gen_require(`
@@ -24003,7 +24209,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Make an X session script an entrypoint for the specified domain.
  ## </summary>
  ## <param name="domain">
-@@ -1123,7 +1632,7 @@
+@@ -1123,7 +1716,7 @@
  		type xdm_xserver_tmp_t;
  	')
  
@@ -24012,7 +24218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -1312,3 +1821,108 @@
+@@ -1312,3 +1905,82 @@
  	files_search_tmp($1)
  	stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
  ')
@@ -24095,32 +24301,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 +	typeattribute $1 xserver_unconfined_type;
 +')
-+
-+#######################################
-+## <summary>
-+##	Interface to provide X object permissions on the xdm X server to
-+##	an X client domain.  Provides the minimal set required by a basic
-+##	X client application.
-+## </summary>
-+## <param name="prefix">
-+##	<summary>
-+##	The prefix of the X client domain (e.g., user
-+##	is the prefix for user_t).
-+##	</summary>
-+## </param>
-+## <param name="domain">
-+##	<summary>
-+##	Client domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`xserver_xdm_x_domain_template', `
-+	gen_require(`
-+		type xdm_t;
-+	')
-+
-+	xserver_common_x_domain_template(xdm,$1,$2)
-+')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-12-19 05:32:17.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/xserver.te	2008-02-28 16:46:06.000000000 -0500
@@ -24907,8 +25087,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  allow zebra_t self:unix_stream_socket { connectto create_stream_socket_perms };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.3.1/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2008-02-19 17:24:26.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc	2008-02-26 08:29:22.000000000 -0500
-@@ -40,6 +40,10 @@
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc	2008-03-04 15:32:26.000000000 -0500
+@@ -13,6 +13,7 @@
+ /sbin/pam_console_apply	 --	gen_context(system_u:object_r:pam_console_exec_t,s0)
+ /sbin/pam_timestamp_check --	gen_context(system_u:object_r:pam_exec_t,s0)
+ /sbin/unix_chkpwd	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
++/usr/sbin/validate	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
+ /sbin/unix_update	--	gen_context(system_u:object_r:updpwd_exec_t,s0)
+ /sbin/unix_verify	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
+ ifdef(`distro_suse', `
+@@ -40,6 +41,10 @@
  /var/log/wtmp.*		--	gen_context(system_u:object_r:wtmp_t,s0)
  
  /var/run/console(/.*)?	 	gen_context(system_u:object_r:pam_var_console_t,s0)
@@ -26768,7 +26956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +/usr/bin/fusermount            --      gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.3.1/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2008-02-06 10:33:22.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/mount.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/mount.te	2008-03-04 08:35:40.000000000 -0500
 @@ -18,17 +18,18 @@
  init_system_domain(mount_t,mount_exec_t)
  role system_r types mount_t;
@@ -26829,7 +27017,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  fs_getattr_xattr_fs(mount_t)
  fs_getattr_cifs(mount_t)
-@@ -100,6 +105,8 @@
+@@ -72,6 +77,7 @@
+ fs_list_auto_mountpoints(mount_t)
+ fs_rw_tmpfs_chr_files(mount_t)
+ fs_read_tmpfs_symlinks(mount_t)
++fs_search_fusefs_dirs(mount_t)
+ 
+ term_use_all_terms(mount_t)
+ 
+@@ -100,6 +106,8 @@
  init_use_fds(mount_t)
  init_use_script_ptys(mount_t)
  init_dontaudit_getattr_initctl(mount_t)
@@ -26838,15 +27034,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  auth_use_nsswitch(mount_t)
  
-@@ -119,6 +126,7 @@
+@@ -119,6 +127,8 @@
  seutil_read_config(mount_t)
  
  userdom_use_all_users_fds(mount_t)
 +userdom_read_sysadm_home_content_files(mount_t)
++userdom_manage_generic_user_home_content_dirs(mount_t)
  
  ifdef(`distro_redhat',`
  	optional_policy(`
-@@ -167,6 +175,8 @@
+@@ -167,6 +177,8 @@
  	fs_search_rpc(mount_t)
  
  	rpc_stub(mount_t)
@@ -26855,7 +27052,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  ')
  
  optional_policy(`
-@@ -181,6 +191,11 @@
+@@ -181,6 +193,11 @@
  	')
  ')
  
@@ -26867,7 +27064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  # for kernel package installation
  optional_policy(`
  	rpm_rw_pipes(mount_t)
-@@ -188,6 +203,7 @@
+@@ -188,6 +205,7 @@
  
  optional_policy(`
  	samba_domtrans_smbmount(mount_t)
@@ -26875,7 +27072,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  ')
  
  ########################################
-@@ -198,4 +214,26 @@
+@@ -198,4 +216,26 @@
  optional_policy(`
  	files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
  	unconfined_domain(unconfined_mount_t)
@@ -27851,7 +28048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
  allow setrans_t self:netlink_selinux_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2007-07-16 14:09:49.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2008-03-04 15:18:51.000000000 -0500
 @@ -145,6 +145,25 @@
  
  ########################################
@@ -28150,7 +28347,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.3.1/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2008-03-04 10:17:41.000000000 -0500
 @@ -2,15 +2,18 @@
  # e.g.:
  # /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -28170,7 +28367,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
 +/usr/bin/rhythmbox		    --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 +/usr/bin/sbcl			    --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/bin/mock			    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
++/usr/sbin/mock			    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +/usr/bin/livecd-creator		    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 +/usr/sbin/sysreport	 	    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.3.1/policy/modules/system/unconfined.if
@@ -28452,7 +28649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-02-13 16:26:06.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2008-02-27 16:50:07.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2008-03-04 16:05:25.000000000 -0500
 @@ -6,35 +6,67 @@
  # Declarations
  #
@@ -28525,7 +28722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  
  libs_run_ldconfig(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  
-@@ -42,7 +74,10 @@
+@@ -42,23 +74,36 @@
  logging_run_auditctl(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  
  mount_run_unconfined(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
@@ -28536,7 +28733,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  seutil_run_setfiles(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  seutil_run_semanage(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  
-@@ -51,14 +86,23 @@
+ unconfined_domain(unconfined_t)
++domain_mmap_low(unconfined_t)
+ 
  userdom_priveleged_home_dir_manager(unconfined_t)
  
  optional_policy(`
@@ -28564,7 +28763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -69,11 +113,11 @@
+@@ -69,11 +114,11 @@
  	bootloader_run(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  ')
  
@@ -28581,7 +28780,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  
  optional_policy(`
  	init_dbus_chat_script(unconfined_t)
-@@ -101,12 +145,24 @@
+@@ -101,12 +146,24 @@
  	')
  
  	optional_policy(`
@@ -28606,7 +28805,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -118,11 +174,7 @@
+@@ -118,11 +175,7 @@
  ')
  
  optional_policy(`
@@ -28619,7 +28818,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -134,14 +186,6 @@
+@@ -134,14 +187,6 @@
  ')
  
  optional_policy(`
@@ -28634,7 +28833,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  	oddjob_domtrans_mkhomedir(unconfined_t)
  ')
  
-@@ -154,38 +198,37 @@
+@@ -154,38 +199,37 @@
  ')
  
  optional_policy(`
@@ -28687,7 +28886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -205,11 +248,30 @@
+@@ -205,11 +249,30 @@
  ')
  
  optional_policy(`
@@ -28720,7 +28919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  ########################################
-@@ -219,14 +281,34 @@
+@@ -219,14 +282,34 @@
  
  allow unconfined_execmem_t self:process { execstack execmem };
  unconfined_domain_noaudit(unconfined_execmem_t)
@@ -28775,7 +28974,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-15 09:52:56.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-02-29 16:26:11.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-03-03 16:30:45.000000000 -0500
 @@ -29,9 +29,14 @@
  	')
  
@@ -29323,7 +29522,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	<summary>
  ##	The prefix of the user domain (e.g., user
  ##	is the prefix for user_t).
-@@ -692,183 +672,193 @@
+@@ -692,183 +672,194 @@
  	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
  	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
  
@@ -29487,6 +29686,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 -			evolution_dbus_chat($1,$1_t)
 -			evolution_alarm_dbus_chat($1,$1_t)
 +			consolekit_dbus_chat($1_usertype)
++			consolekit_read_log($1_usertype)
  		')
  
  		optional_policy(`
@@ -29598,7 +29798,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	optional_policy(`
-@@ -895,6 +885,8 @@
+@@ -895,6 +886,8 @@
  ## </param>
  #
  template(`userdom_login_user_template', `
@@ -29607,7 +29807,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_base_user_template($1)
  
  	userdom_manage_home_template($1)
-@@ -923,26 +915,26 @@
+@@ -923,26 +916,26 @@
  
  	allow $1_t self:context contains;
  
@@ -29648,7 +29848,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	auth_dontaudit_write_login_records($1_t)
  
-@@ -950,43 +942,43 @@
+@@ -950,43 +943,43 @@
  
  	# The library functions always try to open read-write first,
  	# then fall back to read-only if it fails. 
@@ -29710,7 +29910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1020,9 +1012,6 @@
+@@ -1020,9 +1013,6 @@
  	domain_interactive_fd($1_t)
  
  	typeattribute $1_devpts_t user_ptynode;
@@ -29720,7 +29920,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	typeattribute $1_tty_device_t user_ttynode;
  
  	##############################
-@@ -1031,16 +1020,29 @@
+@@ -1031,16 +1021,29 @@
  	#
  
  	# privileged home directory writers
@@ -29756,7 +29956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -1068,6 +1070,13 @@
+@@ -1068,6 +1071,13 @@
  
  	userdom_restricted_user_template($1)
  
@@ -29770,7 +29970,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_xwindows_client_template($1)
  
  	##############################
-@@ -1076,14 +1085,14 @@
+@@ -1076,14 +1086,14 @@
  	#
  
  	authlogin_per_role_template($1, $1_t, $1_r)
@@ -29790,7 +29990,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	logging_dontaudit_send_audit_msgs($1_t)
  
  	# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1091,32 +1100,25 @@
+@@ -1091,32 +1101,25 @@
  	selinux_get_enforce_mode($1_t)
  
  	optional_policy(`
@@ -29832,7 +30032,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1127,10 +1129,10 @@
+@@ -1127,10 +1130,10 @@
  ## </summary>
  ## <desc>
  ##	<p>
@@ -29847,7 +30047,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	This template creates a user domain, types, and
  ##	rules for the user's tty, pty, home directories,
  ##	tmp, and tmpfs files.
-@@ -1193,12 +1195,11 @@
+@@ -1193,12 +1196,11 @@
  	# and may change other protocols
  	tunable_policy(`user_tcp_server',`
  		corenet_tcp_bind_all_nodes($1_t)
@@ -29862,7 +30062,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	# Run pppd in pppd_t by default for user
-@@ -1207,7 +1208,27 @@
+@@ -1207,7 +1209,27 @@
  	')
  
  	optional_policy(`
@@ -29891,7 +30091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1284,8 +1305,6 @@
+@@ -1284,8 +1306,6 @@
  	# Manipulate other users crontab.
  	allow $1_t self:passwd crontab;
  
@@ -29900,7 +30100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
  	kernel_getattr_message_if($1_t)
-@@ -1363,13 +1382,6 @@
+@@ -1363,13 +1383,6 @@
  	# But presently necessary for installing the file_contexts file.
  	seutil_manage_bin_policy($1_t)
  
@@ -29914,7 +30114,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	optional_policy(`
  		userhelper_exec($1_t)
  	')
-@@ -1422,6 +1434,7 @@
+@@ -1422,6 +1435,7 @@
  	dev_relabel_all_dev_nodes($1)
  
  	files_create_boot_flag($1)
@@ -29922,7 +30122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	# Necessary for managing /boot/efi
  	fs_manage_dos_files($1)
-@@ -1787,10 +1800,14 @@
+@@ -1787,10 +1801,14 @@
  template(`userdom_user_home_content',`
  	gen_require(`
  		attribute $1_file_type;
@@ -29938,7 +30138,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1886,11 +1903,11 @@
+@@ -1886,11 +1904,11 @@
  #
  template(`userdom_search_user_home_dirs',`
  	gen_require(`
@@ -29952,7 +30152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1920,11 +1937,11 @@
+@@ -1920,11 +1938,11 @@
  #
  template(`userdom_list_user_home_dirs',`
  	gen_require(`
@@ -29966,7 +30166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1968,12 +1985,12 @@
+@@ -1968,12 +1986,12 @@
  #
  template(`userdom_user_home_domtrans',`
  	gen_require(`
@@ -29982,7 +30182,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2003,10 +2020,10 @@
+@@ -2003,10 +2021,10 @@
  #
  template(`userdom_dontaudit_list_user_home_dirs',`
  	gen_require(`
@@ -29995,7 +30195,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2038,11 +2055,47 @@
+@@ -2038,11 +2056,47 @@
  #
  template(`userdom_manage_user_home_content_dirs',`
  	gen_require(`
@@ -30045,7 +30245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2074,10 +2127,10 @@
+@@ -2074,10 +2128,10 @@
  #
  template(`userdom_dontaudit_setattr_user_home_content_files',`
  	gen_require(`
@@ -30058,7 +30258,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2107,11 +2160,11 @@
+@@ -2107,11 +2161,11 @@
  #
  template(`userdom_read_user_home_content_files',`
  	gen_require(`
@@ -30072,7 +30272,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2141,11 +2194,11 @@
+@@ -2141,11 +2195,11 @@
  #
  template(`userdom_dontaudit_read_user_home_content_files',`
  	gen_require(`
@@ -30087,7 +30287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2175,10 +2228,14 @@
+@@ -2175,10 +2229,14 @@
  #
  template(`userdom_dontaudit_write_user_home_content_files',`
  	gen_require(`
@@ -30104,7 +30304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2208,11 +2265,11 @@
+@@ -2208,11 +2266,11 @@
  #
  template(`userdom_read_user_home_content_symlinks',`
  	gen_require(`
@@ -30118,7 +30318,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2242,11 +2299,11 @@
+@@ -2242,11 +2300,11 @@
  #
  template(`userdom_exec_user_home_content_files',`
  	gen_require(`
@@ -30132,7 +30332,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2276,10 +2333,10 @@
+@@ -2276,10 +2334,10 @@
  #
  template(`userdom_dontaudit_exec_user_home_content_files',`
  	gen_require(`
@@ -30145,7 +30345,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2311,12 +2368,12 @@
+@@ -2311,12 +2369,12 @@
  #
  template(`userdom_manage_user_home_content_files',`
  	gen_require(`
@@ -30161,7 +30361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2348,10 +2405,10 @@
+@@ -2348,10 +2406,10 @@
  #
  template(`userdom_dontaudit_manage_user_home_content_dirs',`
  	gen_require(`
@@ -30174,7 +30374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2383,12 +2440,12 @@
+@@ -2383,12 +2441,12 @@
  #
  template(`userdom_manage_user_home_content_symlinks',`
  	gen_require(`
@@ -30190,7 +30390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2420,12 +2477,12 @@
+@@ -2420,12 +2478,12 @@
  #
  template(`userdom_manage_user_home_content_pipes',`
  	gen_require(`
@@ -30206,7 +30406,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2457,12 +2514,12 @@
+@@ -2457,12 +2515,12 @@
  #
  template(`userdom_manage_user_home_content_sockets',`
  	gen_require(`
@@ -30222,7 +30422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2507,11 +2564,11 @@
+@@ -2507,11 +2565,11 @@
  #
  template(`userdom_user_home_dir_filetrans',`
  	gen_require(`
@@ -30236,7 +30436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2556,11 +2613,11 @@
+@@ -2556,11 +2614,11 @@
  #
  template(`userdom_user_home_content_filetrans',`
  	gen_require(`
@@ -30250,7 +30450,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2600,11 +2657,11 @@
+@@ -2600,11 +2658,11 @@
  #
  template(`userdom_user_home_dir_filetrans_user_home_content',`
  	gen_require(`
@@ -30264,7 +30464,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2634,11 +2691,11 @@
+@@ -2634,11 +2692,11 @@
  #
  template(`userdom_write_user_tmp_sockets',`
  	gen_require(`
@@ -30278,7 +30478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2668,11 +2725,11 @@
+@@ -2668,11 +2726,11 @@
  #
  template(`userdom_list_user_tmp',`
  	gen_require(`
@@ -30292,7 +30492,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2704,10 +2761,10 @@
+@@ -2704,10 +2762,10 @@
  #
  template(`userdom_dontaudit_list_user_tmp',`
  	gen_require(`
@@ -30305,7 +30505,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2739,10 +2796,10 @@
+@@ -2739,10 +2797,10 @@
  #
  template(`userdom_dontaudit_manage_user_tmp_dirs',`
  	gen_require(`
@@ -30318,7 +30518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2772,12 +2829,12 @@
+@@ -2772,12 +2830,12 @@
  #
  template(`userdom_read_user_tmp_files',`
  	gen_require(`
@@ -30334,7 +30534,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2809,10 +2866,10 @@
+@@ -2809,10 +2867,10 @@
  #
  template(`userdom_dontaudit_read_user_tmp_files',`
  	gen_require(`
@@ -30347,7 +30547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2844,10 +2901,48 @@
+@@ -2844,10 +2902,48 @@
  #
  template(`userdom_dontaudit_append_user_tmp_files',`
  	gen_require(`
@@ -30398,7 +30598,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2877,12 +2972,12 @@
+@@ -2877,12 +2973,12 @@
  #
  template(`userdom_rw_user_tmp_files',`
  	gen_require(`
@@ -30414,7 +30614,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2914,10 +3009,10 @@
+@@ -2914,10 +3010,10 @@
  #
  template(`userdom_dontaudit_manage_user_tmp_files',`
  	gen_require(`
@@ -30427,7 +30627,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2949,12 +3044,12 @@
+@@ -2949,12 +3045,12 @@
  #
  template(`userdom_read_user_tmp_symlinks',`
  	gen_require(`
@@ -30443,7 +30643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2986,11 +3081,11 @@
+@@ -2986,11 +3082,11 @@
  #
  template(`userdom_manage_user_tmp_dirs',`
  	gen_require(`
@@ -30457,7 +30657,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3022,11 +3117,11 @@
+@@ -3022,11 +3118,11 @@
  #
  template(`userdom_manage_user_tmp_files',`
  	gen_require(`
@@ -30471,7 +30671,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3058,11 +3153,11 @@
+@@ -3058,11 +3154,11 @@
  #
  template(`userdom_manage_user_tmp_symlinks',`
  	gen_require(`
@@ -30485,7 +30685,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3094,11 +3189,11 @@
+@@ -3094,11 +3190,11 @@
  #
  template(`userdom_manage_user_tmp_pipes',`
  	gen_require(`
@@ -30499,7 +30699,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3130,11 +3225,11 @@
+@@ -3130,11 +3226,11 @@
  #
  template(`userdom_manage_user_tmp_sockets',`
  	gen_require(`
@@ -30513,7 +30713,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3179,10 +3274,10 @@
+@@ -3179,10 +3275,10 @@
  #
  template(`userdom_user_tmp_filetrans',`
  	gen_require(`
@@ -30526,7 +30726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_search_tmp($2)
  ')
  
-@@ -3223,10 +3318,10 @@
+@@ -3223,10 +3319,10 @@
  #
  template(`userdom_tmp_filetrans_user_tmp',`
  	gen_require(`
@@ -30539,7 +30739,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3254,6 +3349,42 @@
+@@ -3254,6 +3350,42 @@
  ##	</summary>
  ## </param>
  #
@@ -30582,7 +30782,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  template(`userdom_rw_user_tmpfs_files',`
  	gen_require(`
  		type $1_tmpfs_t;
-@@ -4231,11 +4362,11 @@
+@@ -4231,11 +4363,11 @@
  #
  interface(`userdom_search_staff_home_dirs',`
  	gen_require(`
@@ -30596,7 +30796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4251,10 +4382,10 @@
+@@ -4251,10 +4383,10 @@
  #
  interface(`userdom_dontaudit_search_staff_home_dirs',`
  	gen_require(`
@@ -30609,7 +30809,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4270,11 +4401,11 @@
+@@ -4270,11 +4402,11 @@
  #
  interface(`userdom_manage_staff_home_dirs',`
  	gen_require(`
@@ -30623,7 +30823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4289,16 +4420,16 @@
+@@ -4289,16 +4421,16 @@
  #
  interface(`userdom_relabelto_staff_home_dirs',`
  	gen_require(`
@@ -30643,7 +30843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	users home directory.
  ## </summary>
  ## <param name="domain">
-@@ -4307,12 +4438,27 @@
+@@ -4307,12 +4439,27 @@
  ##	</summary>
  ## </param>
  #
@@ -30674,7 +30874,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4327,13 +4473,13 @@
+@@ -4327,13 +4474,13 @@
  #
  interface(`userdom_read_staff_home_content_files',`
  	gen_require(`
@@ -30692,7 +30892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4531,10 +4677,10 @@
+@@ -4531,10 +4678,10 @@
  #
  interface(`userdom_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -30705,7 +30905,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4551,10 +4697,10 @@
+@@ -4551,10 +4698,10 @@
  #
  interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -30718,7 +30918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4569,10 +4715,10 @@
+@@ -4569,10 +4716,10 @@
  #
  interface(`userdom_search_sysadm_home_dirs',`
  	gen_require(`
@@ -30731,7 +30931,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4588,10 +4734,10 @@
+@@ -4588,10 +4735,10 @@
  #
  interface(`userdom_dontaudit_search_sysadm_home_dirs',`
  	gen_require(`
@@ -30744,7 +30944,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4606,10 +4752,10 @@
+@@ -4606,10 +4753,10 @@
  #
  interface(`userdom_list_sysadm_home_dirs',`
  	gen_require(`
@@ -30757,7 +30957,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4625,10 +4771,10 @@
+@@ -4625,10 +4772,10 @@
  #
  interface(`userdom_dontaudit_list_sysadm_home_dirs',`
  	gen_require(`
@@ -30770,7 +30970,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4644,12 +4790,11 @@
+@@ -4644,12 +4791,11 @@
  #
  interface(`userdom_dontaudit_read_sysadm_home_content_files',`
  	gen_require(`
@@ -30786,7 +30986,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4676,10 +4821,10 @@
+@@ -4676,10 +4822,10 @@
  #
  interface(`userdom_sysadm_home_dir_filetrans',`
  	gen_require(`
@@ -30799,7 +30999,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4694,10 +4839,10 @@
+@@ -4694,10 +4840,10 @@
  #
  interface(`userdom_search_sysadm_home_content_dirs',`
  	gen_require(`
@@ -30812,7 +31012,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4712,13 +4857,13 @@
+@@ -4712,13 +4858,13 @@
  #
  interface(`userdom_read_sysadm_home_content_files',`
  	gen_require(`
@@ -30830,7 +31030,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4754,11 +4899,49 @@
+@@ -4754,11 +4900,49 @@
  #
  interface(`userdom_search_all_users_home_dirs',`
  	gen_require(`
@@ -30881,7 +31081,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4778,6 +4961,14 @@
+@@ -4778,6 +4962,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -30896,7 +31096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4839,6 +5030,26 @@
+@@ -4839,6 +5031,26 @@
  
  ########################################
  ## <summary>
@@ -30923,7 +31123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all directories
  ##	in all users home directories.
  ## </summary>
-@@ -4859,6 +5070,25 @@
+@@ -4859,6 +5071,25 @@
  
  ########################################
  ## <summary>
@@ -30949,7 +31149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all files
  ##	in all users home directories.
  ## </summary>
-@@ -4879,6 +5109,26 @@
+@@ -4879,6 +5110,26 @@
  
  ########################################
  ## <summary>
@@ -30976,7 +31176,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all symlinks
  ##	in all users home directories.
  ## </summary>
-@@ -5115,7 +5365,7 @@
+@@ -5115,7 +5366,7 @@
  #
  interface(`userdom_relabelto_generic_user_home_dirs',`
  	gen_require(`
@@ -30985,7 +31185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	files_search_home($1)
-@@ -5304,6 +5554,50 @@
+@@ -5304,6 +5555,50 @@
  
  ########################################
  ## <summary>
@@ -31036,7 +31236,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete directories in
  ##	unprivileged users home directories.
  ## </summary>
-@@ -5509,6 +5803,42 @@
+@@ -5509,6 +5804,42 @@
  
  ########################################
  ## <summary>
@@ -31079,7 +31279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Read and write unprivileged user ttys.
  ## </summary>
  ## <param name="domain">
-@@ -5674,6 +6004,42 @@
+@@ -5674,6 +6005,42 @@
  
  ########################################
  ## <summary>
@@ -31122,7 +31322,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5704,3 +6070,368 @@
+@@ -5704,3 +6071,368 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index fa46cda..997be30 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -388,6 +388,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Mar 3 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-10
+- Allow bitlebee to read locale_t
+
 * Fri Feb 29 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-9
 - More xselinux rules