From be922a1fae47d044853ddad27cf7abd89be10e7c Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Jul 09 2010 15:28:31 +0000
Subject: - Add support for ebtables

- Fixes for rhcs and corosync policy

---

diff --git a/policy-F14.patch b/policy-F14.patch
index 165119e..98c627a 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.8.6/Makefile
---- nsaserefpolicy/Makefile	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.8.6/Makefile	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/Makefile	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/Makefile	2010-07-09 08:39:38.918146168 +0200
 @@ -244,7 +244,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -11,8 +11,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.8.6/M
  
  all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/git_selinux.8 serefpolicy-3.8.6/man/man8/git_selinux.8
---- nsaserefpolicy/man/man8/git_selinux.8	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/man/man8/git_selinux.8	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/man/man8/git_selinux.8	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/man/man8/git_selinux.8	2010-07-09 08:39:38.919145613 +0200
 @@ -0,0 +1,109 @@
 +.TH  "git_selinux"  "8"  "27 May 2010" "domg472@gmail.com" "Git SELinux policy documentation"
 +.de EX
@@ -124,8 +124,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/git_selinux.8 seref
 +.SH "SEE ALSO"
 +selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.8.6/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.8.6/policy/global_tunables	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/global_tunables	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/global_tunables	2010-07-09 08:39:38.920159167 +0200
 @@ -61,15 +61,6 @@
  
  ## <desc>
@@ -162,16 +162,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
 +gen_tunable(mmap_low_allowed, false)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.fc serefpolicy-3.8.6/policy/modules/admin/accountsd.fc
---- nsaserefpolicy/policy/modules/admin/accountsd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/accountsd.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/accountsd.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/accountsd.fc	2010-07-09 08:39:38.922143809 +0200
 @@ -0,0 +1,4 @@
 +
 +/usr/libexec/accounts-daemon	--	gen_context(system_u:object_r:accountsd_exec_t,s0)
 +
 +/var/lib/AccountsService(/.*)?			gen_context(system_u:object_r:accountsd_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.if serefpolicy-3.8.6/policy/modules/admin/accountsd.if
---- nsaserefpolicy/policy/modules/admin/accountsd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/accountsd.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/accountsd.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/accountsd.if	2010-07-09 08:39:38.922143809 +0200
 @@ -0,0 +1,164 @@
 +## <summary>policy for accountsd</summary>
 +
@@ -338,8 +338,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
 +	accountsd_manage_var_lib($1)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.te serefpolicy-3.8.6/policy/modules/admin/accountsd.te
---- nsaserefpolicy/policy/modules/admin/accountsd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/accountsd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/accountsd.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/accountsd.te	2010-07-09 08:39:38.923147794 +0200
 @@ -0,0 +1,62 @@
 +policy_module(accountsd,1.0.0)
 +
@@ -404,8 +404,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
 +	xserver_dbus_chat_xdm(accountsd_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.8.6/policy/modules/admin/anaconda.te
---- nsaserefpolicy/policy/modules/admin/anaconda.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/anaconda.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/anaconda.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/anaconda.te	2010-07-09 08:39:38.924147379 +0200
 @@ -28,8 +28,10 @@
  logging_send_syslog_msg(anaconda_t)
  
@@ -427,8 +427,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.8.6/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/certwatch.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/certwatch.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/certwatch.te	2010-07-09 08:39:38.924147379 +0200
 @@ -35,7 +35,7 @@
  miscfiles_read_localization(certwatch_t)
  
@@ -439,8 +439,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
  optional_policy(`
  	apache_exec_modules(certwatch_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.8.6/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/consoletype.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/consoletype.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/consoletype.te	2010-07-09 08:39:38.925143751 +0200
 @@ -85,6 +85,7 @@
  	hal_dontaudit_rw_pipes(consoletype_t)
  	hal_dontaudit_rw_dgram_sockets(consoletype_t)
@@ -450,8 +450,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.8.6/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/dmesg.te	2010-06-21 13:57:40.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/dmesg.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/dmesg.te	2010-07-09 08:39:38.926148365 +0200
 @@ -50,6 +50,12 @@
  userdom_use_user_terminals(dmesg_t)
  
@@ -466,8 +466,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.8.6/policy/modules/admin/firstboot.te
---- nsaserefpolicy/policy/modules/admin/firstboot.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/firstboot.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/firstboot.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/firstboot.te	2010-07-09 08:39:38.926148365 +0200
 @@ -76,6 +76,7 @@
  miscfiles_read_localization(firstboot_t)
  
@@ -490,8 +490,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
  	xserver_unconfined(firstboot_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.8.6/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/logrotate.te	2010-06-21 13:58:38.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logrotate.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/logrotate.te	2010-07-09 08:39:38.927145085 +0200
 @@ -119,6 +119,7 @@
  userdom_use_user_terminals(logrotate_t)
  userdom_list_user_home_dirs(logrotate_t)
@@ -510,8 +510,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.fc serefpolicy-3.8.6/policy/modules/admin/logwatch.fc
---- nsaserefpolicy/policy/modules/admin/logwatch.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/logwatch.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logwatch.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/logwatch.fc	2010-07-09 08:39:38.928148372 +0200
 @@ -1,7 +1,11 @@
  /usr/sbin/logcheck	--	gen_context(system_u:object_r:logwatch_exec_t,s0)
 +/usr/sbin/epylog	--	gen_context(system_u:object_r:logwatch_exec_t,s0)
@@ -525,8 +525,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
 +
 +/var/run/epylog\.pid		gen_context(system_u:object_r:logwatch_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.8.6/policy/modules/admin/logwatch.te
---- nsaserefpolicy/policy/modules/admin/logwatch.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/logwatch.te	2010-06-22 09:19:54.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logwatch.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/logwatch.te	2010-07-09 08:39:38.929143906 +0200
 @@ -19,6 +19,9 @@
  type logwatch_tmp_t;
  files_tmp_file(logwatch_tmp_t)
@@ -564,8 +564,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
  ifdef(`distro_redhat',`
  	files_search_all(logwatch_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.8.6/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/mrtg.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/mrtg.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/mrtg.te	2010-07-09 08:39:38.929143906 +0200
 @@ -115,6 +115,7 @@
  userdom_use_user_terminals(mrtg_t)
  userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -575,14 +575,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
  netutils_domtrans_ping(mrtg_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.fc serefpolicy-3.8.6/policy/modules/admin/ncftool.fc
---- nsaserefpolicy/policy/modules/admin/ncftool.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/ncftool.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/ncftool.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/ncftool.fc	2010-07-09 08:39:38.930383609 +0200
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/ncftool		--	gen_context(system_u:object_r:ncftool_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.if serefpolicy-3.8.6/policy/modules/admin/ncftool.if
---- nsaserefpolicy/policy/modules/admin/ncftool.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/ncftool.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/ncftool.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/ncftool.if	2010-07-09 08:39:38.930383609 +0200
 @@ -0,0 +1,74 @@
 +
 +## <summary>policy for ncftool</summary>
@@ -659,8 +659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.te serefpolicy-3.8.6/policy/modules/admin/ncftool.te
---- nsaserefpolicy/policy/modules/admin/ncftool.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/ncftool.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/ncftool.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/ncftool.te	2010-07-09 08:39:38.931384800 +0200
 @@ -0,0 +1,79 @@
 +policy_module(ncftool, 1.0.0)
 +
@@ -742,8 +742,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
 +        dbus_system_bus_client(ncftool_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.8.6/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/netutils.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/netutils.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/netutils.te	2010-07-09 08:39:38.932383687 +0200
 @@ -51,6 +51,8 @@
  
  kernel_search_proc(netutils_t)
@@ -796,8 +796,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
 +	term_use_all_ptys(traceroute_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.8.6/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te	2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/prelink.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/prelink.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/prelink.te	2010-07-09 08:39:38.932383687 +0200
 @@ -59,6 +59,7 @@
  manage_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
  relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@@ -824,8 +824,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
  	domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
  	allow prelink_cron_system_t prelink_t:process noatsecure;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.8.6/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/readahead.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/readahead.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/readahead.te	2010-07-09 08:39:38.933412396 +0200
 @@ -51,6 +51,7 @@
  
  files_list_non_security(readahead_t)
@@ -843,8 +843,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
  fs_dontaudit_read_ramfs_pipes(readahead_t)
  fs_dontaudit_read_ramfs_files(readahead_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.8.6/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/rpm.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/rpm.fc	2010-07-09 08:39:38.934384463 +0200
 @@ -1,6 +1,7 @@
  
  /bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -864,8 +864,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc 
  
  /var/cache/yum(/.*)?			gen_context(system_u:object_r:rpm_var_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.8.6/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/rpm.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/rpm.if	2010-07-09 08:39:38.935384536 +0200
 @@ -13,11 +13,36 @@
  interface(`rpm_domtrans',`
  	gen_require(`
@@ -1053,8 +1053,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if 
 +	domain_entry_file($1, rpm_exec_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.8.6/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/rpm.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/rpm.te	2010-07-09 08:39:38.936410522 +0200
 @@ -1,5 +1,7 @@
  policy_module(rpm, 1.11.0)
  
@@ -1237,8 +1237,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  	optional_policy(`
  		java_domtrans_unconfined(rpm_script_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectoolm.te serefpolicy-3.8.6/policy/modules/admin/sectoolm.te
---- nsaserefpolicy/policy/modules/admin/sectoolm.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/sectoolm.te	2010-06-22 08:31:37.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/sectoolm.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/sectoolm.te	2010-07-09 08:39:38.937395020 +0200
 @@ -84,6 +84,7 @@
  sysnet_domtrans_ifconfig(sectoolm_t)
  
@@ -1248,8 +1248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectool
  optional_policy(`
  	mount_exec(sectoolm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.8.6/policy/modules/admin/shorewall.if
---- nsaserefpolicy/policy/modules/admin/shorewall.if	2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/shorewall.if	2010-06-25 13:22:32.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shorewall.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/shorewall.if	2010-07-09 08:39:38.938410460 +0200
 @@ -134,9 +134,10 @@
  #
  interface(`shorewall_admin',`
@@ -1280,8 +1280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
  	admin_pattern($1, shorewall_tmp_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.8.6/policy/modules/admin/shorewall.te
---- nsaserefpolicy/policy/modules/admin/shorewall.te	2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/shorewall.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shorewall.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/shorewall.te	2010-07-09 08:39:38.939384412 +0200
 @@ -80,13 +80,14 @@
  
  init_rw_utmp(shorewall_t)
@@ -1299,8 +1299,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
  optional_policy(`
  	hostname_exec(shorewall_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.fc serefpolicy-3.8.6/policy/modules/admin/shutdown.fc
---- nsaserefpolicy/policy/modules/admin/shutdown.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/shutdown.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shutdown.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/shutdown.fc	2010-07-09 08:39:38.939384412 +0200
 @@ -0,0 +1,5 @@
 +/etc/nologin			--	gen_context(system_u:object_r:shutdown_etc_t,s0)
 +
@@ -1308,8 +1308,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
 +
 +/var/run/shutdown\.pid 	--	gen_context(system_u:object_r:shutdown_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.8.6/policy/modules/admin/shutdown.if
---- nsaserefpolicy/policy/modules/admin/shutdown.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/shutdown.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shutdown.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/shutdown.if	2010-07-09 08:39:38.940411026 +0200
 @@ -0,0 +1,136 @@
 +
 +## <summary>policy for shutdown</summary>
@@ -1448,8 +1448,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
 +	allow $1 shutdown_exec_t:file getattr;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.8.6/policy/modules/admin/shutdown.te
---- nsaserefpolicy/policy/modules/admin/shutdown.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/shutdown.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shutdown.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/shutdown.te	2010-07-09 08:39:38.941384420 +0200
 @@ -0,0 +1,61 @@
 +policy_module(shutdown,1.0.0)
 +
@@ -1513,8 +1513,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
 +	xserver_dontaudit_write_log(shutdown_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.8.6/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if	2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/sudo.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/sudo.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/sudo.if	2010-07-09 08:39:38.942384633 +0200
 @@ -73,6 +73,10 @@
  	# Enter this derived domain from the user domain
  	domtrans_pattern($3, sudo_exec_t, $1_sudo_t)
@@ -1543,8 +1543,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  	tunable_policy(`use_nfs_home_dirs',`
  		fs_manage_nfs_files($1_sudo_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.8.6/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if	2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/su.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/su.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/su.if	2010-07-09 08:39:38.942384633 +0200
 @@ -212,7 +212,7 @@
  
  	auth_domtrans_chk_passwd($1_su_t)
@@ -1563,8 +1563,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  	ifdef(`distro_redhat',`
  		# RHEL5 and possibly newer releases incl. Fedora
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.8.6/policy/modules/admin/tmpreaper.te
---- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/tmpreaper.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/tmpreaper.te	2010-07-09 08:39:38.943384777 +0200
 @@ -25,8 +25,11 @@
  files_read_etc_files(tmpreaper_t)
  files_read_var_lib_files(tmpreaper_t)
@@ -1603,8 +1603,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.8.6/policy/modules/admin/usermanage.if
---- nsaserefpolicy/policy/modules/admin/usermanage.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/usermanage.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/usermanage.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/usermanage.if	2010-07-09 08:39:38.944411181 +0200
 @@ -18,6 +18,10 @@
  	files_search_usr($1)
  	corecmd_search_bin($1)
@@ -1661,8 +1661,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  		nscd_run(useradd_t, $2)
  	')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.8.6/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/usermanage.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/usermanage.te	2010-07-09 08:39:38.946384439 +0200
 @@ -208,6 +208,7 @@
  files_manage_etc_files(groupadd_t)
  files_relabel_etc_files(groupadd_t)
@@ -1752,8 +1752,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.8.6/policy/modules/admin/vbetool.te
---- nsaserefpolicy/policy/modules/admin/vbetool.te	2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/vbetool.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/vbetool.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/vbetool.te	2010-07-09 08:39:38.946384439 +0200
 @@ -24,7 +24,10 @@
  dev_rw_xserver_misc(vbetool_t)
  dev_rw_mtrr(vbetool_t)
@@ -1766,8 +1766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
  mls_file_read_all_levels(vbetool_t)
  mls_file_write_all_levels(vbetool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.8.6/policy/modules/admin/vpn.if
---- nsaserefpolicy/policy/modules/admin/vpn.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/vpn.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/vpn.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/vpn.if	2010-07-09 08:39:38.947411402 +0200
 @@ -110,7 +110,7 @@
  ##	</summary>
  ## </param>
@@ -1800,8 +1800,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if 
 +	allow $1 vpnc_t:tun_socket relabelfrom;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.8.6/policy/modules/admin/vpn.te
---- nsaserefpolicy/policy/modules/admin/vpn.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/vpn.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/vpn.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/vpn.te	2010-07-09 08:39:38.948384377 +0200
 @@ -30,7 +30,7 @@
  allow vpnc_t self:rawip_socket create_socket_perms;
  allow vpnc_t self:unix_dgram_socket create_socket_perms;
@@ -1820,15 +1820,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te 
  optional_policy(`
  	dbus_system_bus_client(vpnc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.8.6/policy/modules/apps/chrome.fc
---- nsaserefpolicy/policy/modules/apps/chrome.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/chrome.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/chrome.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/chrome.fc	2010-07-09 08:39:38.948384377 +0200
 @@ -0,0 +1,3 @@
 + /opt/google/chrome/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
 +
 +/usr/lib(64)?/chromium-browser/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.8.6/policy/modules/apps/chrome.if
---- nsaserefpolicy/policy/modules/apps/chrome.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/chrome.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/chrome.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/chrome.if	2010-07-09 08:39:38.949384730 +0200
 @@ -0,0 +1,90 @@
 +
 +## <summary>policy for chrome</summary>
@@ -1921,8 +1921,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.8.6/policy/modules/apps/chrome.te
---- nsaserefpolicy/policy/modules/apps/chrome.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/chrome.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/chrome.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/chrome.te	2010-07-09 08:39:38.950396398 +0200
 @@ -0,0 +1,86 @@
 +policy_module(chrome,1.0.0)
 +
@@ -2011,8 +2011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
 +	fs_dontaudit_read_cifs_files(chrome_sandbox_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.8.6/policy/modules/apps/cpufreqselector.te
---- nsaserefpolicy/policy/modules/apps/cpufreqselector.te	2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/cpufreqselector.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/cpufreqselector.te	2010-07-09 08:39:38.951384528 +0200
 @@ -27,7 +27,7 @@
  miscfiles_read_localization(cpufreqselector_t)
  
@@ -2023,8 +2023,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqs
  optional_policy(`
  	dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.8.6/policy/modules/apps/execmem.fc
---- nsaserefpolicy/policy/modules/apps/execmem.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/execmem.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/execmem.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/execmem.fc	2010-07-09 08:39:38.951384528 +0200
 @@ -0,0 +1,47 @@
 +
 +/usr/bin/aticonfig	--	gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -2074,8 +2074,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
 +/opt/google/chrome/google-chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
 +/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.8.6/policy/modules/apps/execmem.if
---- nsaserefpolicy/policy/modules/apps/execmem.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/execmem.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/execmem.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/execmem.if	2010-07-09 08:39:38.952410793 +0200
 @@ -0,0 +1,110 @@
 +## <summary>execmem domain</summary>
 +
@@ -2188,8 +2188,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
 +	domtrans_pattern($1, execmem_exec_t, $2)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.8.6/policy/modules/apps/execmem.te
---- nsaserefpolicy/policy/modules/apps/execmem.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/execmem.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/execmem.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/execmem.te	2010-07-09 08:39:38.953384466 +0200
 @@ -0,0 +1,10 @@
 +policy_module(execmem, 1.0.0)
 +
@@ -2202,15 +2202,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
 +application_executable_file(execmem_exec_t)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.8.6/policy/modules/apps/firewallgui.fc
---- nsaserefpolicy/policy/modules/apps/firewallgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/firewallgui.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.fc	2010-07-09 08:39:38.954385029 +0200
 @@ -0,0 +1,3 @@
 +
 +/usr/share/system-config-firewall/system-config-firewall-mechanism.py	--	gen_context(system_u:object_r:firewallgui_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.8.6/policy/modules/apps/firewallgui.if
---- nsaserefpolicy/policy/modules/apps/firewallgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/firewallgui.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.if	2010-07-09 08:39:38.955384963 +0200
 @@ -0,0 +1,23 @@
 +
 +## <summary>policy for firewallgui</summary>
@@ -2236,8 +2236,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
 +	allow firewallgui_t $1:dbus send_msg;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.8.6/policy/modules/apps/firewallgui.te
---- nsaserefpolicy/policy/modules/apps/firewallgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/firewallgui.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.te	2010-07-09 08:39:38.956385316 +0200
 @@ -0,0 +1,65 @@
 +policy_module(firewallgui,1.0.0)
 +
@@ -2305,8 +2305,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.8.6/policy/modules/apps/gitosis.fc
---- nsaserefpolicy/policy/modules/apps/gitosis.fc	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gitosis.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gitosis.fc	2010-07-09 08:39:38.956385316 +0200
 @@ -1,3 +1,5 @@
  /usr/bin/gitosis-serve			--	gen_context(system_u:object_r:gitosis_exec_t,s0)
 +/usr/bin/gl-auth-command               	--      gen_context(system_u:object_r:gitosis_exec_t,s0)
@@ -2314,8 +2314,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
  /var/lib/gitosis(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
 +/var/lib/gitolite(/.*)?                         gen_context(system_u:object_r:gitosis_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.8.6/policy/modules/apps/gitosis.if
---- nsaserefpolicy/policy/modules/apps/gitosis.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gitosis.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gitosis.if	2010-07-09 08:39:38.957411650 +0200
 @@ -62,7 +62,7 @@
  	files_search_var_lib($1)
  	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -2326,8 +2326,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
  
  ######################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.8.6/policy/modules/apps/gitosis.te
---- nsaserefpolicy/policy/modules/apps/gitosis.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gitosis.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gitosis.te	2010-07-09 08:39:38.958409140 +0200
 @@ -25,12 +25,17 @@
  manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
  manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -2348,8 +2348,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
 +
 +sysnet_read_config(gitosis_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.8.6/policy/modules/apps/gnome.fc
---- nsaserefpolicy/policy/modules/apps/gnome.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gnome.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gnome.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gnome.fc	2010-07-09 08:39:38.959385188 +0200
 @@ -1,8 +1,28 @@
 -HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:gnome_home_t,s0)
 +HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:cache_home_t,s0)
@@ -2382,8 +2382,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
 +/usr/libexec/gnome-system-monitor-mechanism 	--      gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.8.6/policy/modules/apps/gnome.if
---- nsaserefpolicy/policy/modules/apps/gnome.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gnome.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gnome.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gnome.if	2010-07-09 08:39:38.960385052 +0200
 @@ -74,6 +74,24 @@
  
  ########################################
@@ -2839,8 +2839,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
 +	allow gconfdefaultsm_t $1:dbus send_msg;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.8.6/policy/modules/apps/gnome.te
---- nsaserefpolicy/policy/modules/apps/gnome.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gnome.te	2010-06-28 11:02:17.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gnome.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gnome.te	2010-07-09 08:39:38.962385060 +0200
 @@ -6,18 +6,33 @@
  #
  
@@ -2992,8 +2992,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
 +        policykit_read_reload(gnomesystemmm_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.8.6/policy/modules/apps/gpg.fc
---- nsaserefpolicy/policy/modules/apps/gpg.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gpg.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gpg.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gpg.fc	2010-07-09 08:39:38.963384854 +0200
 @@ -1,4 +1,5 @@
  HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:gpg_secret_t,s0)
 +/root/\.gnupg(/.+)?		gen_context(system_u:object_r:gpg_secret_t,s0)
@@ -3001,8 +3001,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
  /usr/bin/gpg(2)?	--	gen_context(system_u:object_r:gpg_exec_t,s0)
  /usr/bin/gpg-agent	--	gen_context(system_u:object_r:gpg_agent_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.8.6/policy/modules/apps/gpg.if
---- nsaserefpolicy/policy/modules/apps/gpg.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gpg.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gpg.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gpg.if	2010-07-09 08:39:38.964385207 +0200
 @@ -60,8 +60,10 @@
  
  	ifdef(`hide_broken_symptoms',`
@@ -3060,8 +3060,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
  ## <summary>
  ##	Send generic signals to user gpg processes.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.8.6/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gpg.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gpg.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gpg.te	2010-07-09 08:39:38.965385281 +0200
 @@ -4,6 +4,7 @@
  #
  # Declarations
@@ -3255,8 +3255,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
 +    miscfiles_manage_public_files(gpg_web_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.8.6/policy/modules/apps/irc.fc
---- nsaserefpolicy/policy/modules/apps/irc.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/irc.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/irc.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/irc.fc	2010-07-09 08:39:38.966390174 +0200
 @@ -2,10 +2,14 @@
  # /home
  #
@@ -3273,8 +3273,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s
 +/usr/bin/irssi		--	gen_context(system_u:object_r:irssi_exec_t,s0)
  /usr/bin/tinyirc	--	gen_context(system_u:object_r:irc_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.8.6/policy/modules/apps/irc.if
---- nsaserefpolicy/policy/modules/apps/irc.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/irc.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/irc.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/irc.if	2010-07-09 08:39:38.967410781 +0200
 @@ -18,9 +18,11 @@
  interface(`irc_role',`
  	gen_require(`
@@ -3306,8 +3306,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s
 +	relabel_lnk_files_pattern($2, irssi_home_t, irssi_home_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.8.6/policy/modules/apps/irc.te
---- nsaserefpolicy/policy/modules/apps/irc.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/irc.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/irc.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/irc.te	2010-07-09 08:39:38.968384943 +0200
 @@ -24,6 +24,30 @@
  
  ########################################
@@ -3424,8 +3424,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.8.6/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/java.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/java.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/java.fc	2010-07-09 08:39:38.969384877 +0200
 @@ -9,6 +9,7 @@
  #
  # /usr
@@ -3444,8 +3444,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
  /usr/java/eclipse[^/]*/eclipse	--	gen_context(system_u:object_r:java_exec_t,s0)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.8.6/policy/modules/apps/java.if
---- nsaserefpolicy/policy/modules/apps/java.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/java.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/java.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/java.if	2010-07-09 08:39:38.970385091 +0200
 @@ -72,6 +72,7 @@
  
  	domain_interactive_fd($1_java_t)
@@ -3472,8 +3472,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.8.6/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/java.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/java.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/java.te	2010-07-09 08:39:38.971385234 +0200
 @@ -152,6 +152,7 @@
  
  	unconfined_domain_noaudit(unconfined_java_t)
@@ -3483,20 +3483,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te 
  	optional_policy(`
  		rpm_domtrans(unconfined_java_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.8.6/policy/modules/apps/kdumpgui.fc
---- nsaserefpolicy/policy/modules/apps/kdumpgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.fc	2010-07-09 08:39:38.972385098 +0200
 @@ -0,0 +1,2 @@
 +
 +/usr/share/system-config-kdump/system-config-kdump-backend.py -- gen_context(system_u:object_r:kdumpgui_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.8.6/policy/modules/apps/kdumpgui.if
---- nsaserefpolicy/policy/modules/apps/kdumpgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.if	2010-07-09 08:39:38.972385098 +0200
 @@ -0,0 +1,2 @@
 +## <summary>system-config-kdump policy</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.8.6/policy/modules/apps/kdumpgui.te
---- nsaserefpolicy/policy/modules/apps/kdumpgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.te	2010-07-09 08:39:38.973385242 +0200
 @@ -0,0 +1,68 @@
 +policy_module(kdumpgui,1.0.0)
 +
@@ -3567,14 +3567,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui
 +        policykit_dbus_chat(kdumpgui_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.8.6/policy/modules/apps/livecd.fc
---- nsaserefpolicy/policy/modules/apps/livecd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/livecd.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/livecd.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/livecd.fc	2010-07-09 08:39:38.974385246 +0200
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.8.6/policy/modules/apps/livecd.if
---- nsaserefpolicy/policy/modules/apps/livecd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/livecd.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/livecd.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/livecd.if	2010-07-09 08:39:38.975411790 +0200
 @@ -0,0 +1,127 @@
 +
 +## <summary>policy for livecd</summary>
@@ -3704,8 +3704,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.8.6/policy/modules/apps/livecd.te
---- nsaserefpolicy/policy/modules/apps/livecd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/livecd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/livecd.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/livecd.te	2010-07-09 08:39:38.976411374 +0200
 @@ -0,0 +1,34 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -3742,8 +3742,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
 +seutil_domtrans_setfiles_mac(livecd_t)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.8.6/policy/modules/apps/mono.if
---- nsaserefpolicy/policy/modules/apps/mono.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/mono.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mono.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mono.if	2010-07-09 08:39:38.977385188 +0200
 @@ -40,16 +40,19 @@
  	domain_interactive_fd($1_mono_t)
  	application_type($1_mono_t)
@@ -3766,8 +3766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if 
  	optional_policy(`
  		xserver_role($1_r, $1_mono_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.8.6/policy/modules/apps/mozilla.fc
---- nsaserefpolicy/policy/modules/apps/mozilla.fc	2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mozilla.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mozilla.fc	2010-07-09 08:39:38.978385121 +0200
 @@ -1,6 +1,7 @@
  HOME_DIR/\.galeon(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
  HOME_DIR/\.java(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
@@ -3777,8 +3777,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.8.6/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if	2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mozilla.if	2010-06-21 10:57:13.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mozilla.if	2010-07-09 08:39:38.979385265 +0200
 @@ -48,6 +48,12 @@
  
  	mozilla_dbus_chat($2)
@@ -3802,8 +3802,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.6/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te	2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mozilla.te	2010-06-21 10:57:39.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mozilla.te	2010-07-09 08:39:38.980384920 +0200
 @@ -90,6 +90,7 @@
  corenet_raw_sendrecv_generic_node(mozilla_t)
  corenet_tcp_sendrecv_http_port(mozilla_t)
@@ -3833,8 +3833,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	pulseaudio_stream_connect(mozilla_t)
  	pulseaudio_manage_home_files(mozilla_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.8.6/policy/modules/apps/mplayer.if
---- nsaserefpolicy/policy/modules/apps/mplayer.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mplayer.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mplayer.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mplayer.if	2010-07-09 08:39:38.981385133 +0200
 @@ -102,3 +102,39 @@
  	read_files_pattern($1, mplayer_home_t, mplayer_home_t)
  	userdom_search_user_home_dirs($1)
@@ -3876,8 +3876,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
 +	domtrans_pattern($1, mplayer_exec_t, $2)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.8.6/policy/modules/apps/mplayer.te
---- nsaserefpolicy/policy/modules/apps/mplayer.te	2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mplayer.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mplayer.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mplayer.te	2010-07-09 08:39:38.982385207 +0200
 @@ -160,6 +160,7 @@
  manage_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t)
  manage_lnk_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t)
@@ -3912,8 +3912,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
  ')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.8.6/policy/modules/apps/nsplugin.fc
---- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.fc	2010-07-09 08:39:38.983385211 +0200
 @@ -0,0 +1,10 @@
 +HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
 +HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -3926,8 +3926,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +/usr/lib(64)?/nspluginwrapper/plugin-config	--	gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.8.6/policy/modules/apps/nsplugin.if
---- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.if	2010-07-09 08:39:38.984385145 +0200
 @@ -0,0 +1,391 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -4321,8 +4321,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +	domtrans_pattern($1, nsplugin_exec_t, $2)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.8.6/policy/modules/apps/nsplugin.te
---- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/nsplugin.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.te	2010-07-09 08:39:38.986385082 +0200
 @@ -0,0 +1,299 @@
 +policy_module(nsplugin, 1.0.0)
 +
@@ -4624,16 +4624,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.8.6/policy/modules/apps/openoffice.fc
---- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/openoffice.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/openoffice.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/openoffice.fc	2010-07-09 08:39:38.986385082 +0200
 @@ -0,0 +1,4 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/opt/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.8.6/policy/modules/apps/openoffice.if
---- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/openoffice.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/openoffice.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/openoffice.if	2010-07-09 08:39:38.987385156 +0200
 @@ -0,0 +1,129 @@
 +## <summary>Openoffice</summary>
 +
@@ -4765,8 +4765,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +	domtrans_pattern($1, openoffice_exec_t, $2)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.8.6/policy/modules/apps/openoffice.te
---- nsaserefpolicy/policy/modules/apps/openoffice.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/openoffice.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/openoffice.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/openoffice.te	2010-07-09 08:39:38.988389630 +0200
 @@ -0,0 +1,16 @@
 +policy_module(openoffice, 1.0.0)
 +
@@ -4785,8 +4785,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +#
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.8.6/policy/modules/apps/podsleuth.te
---- nsaserefpolicy/policy/modules/apps/podsleuth.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/podsleuth.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/podsleuth.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/podsleuth.te	2010-07-09 08:39:38.989384745 +0200
 @@ -49,6 +49,7 @@
  fs_tmpfs_filetrans(podsleuth_t, podsleuth_tmpfs_t, { dir file lnk_file })
  
@@ -4811,8 +4811,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut
  optional_policy(`
  	dbus_system_bus_client(podsleuth_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.8.6/policy/modules/apps/pulseaudio.if
---- nsaserefpolicy/policy/modules/apps/pulseaudio.if	2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.if	2010-07-09 08:39:38.990385238 +0200
 @@ -104,6 +104,24 @@
  	can_exec($1, pulseaudio_exec_t)
  ')
@@ -4890,8 +4890,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
 +	allow $1 pulseaudio_t:process signull;
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.8.6/policy/modules/apps/pulseaudio.te
---- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.te	2010-07-09 08:39:38.991385172 +0200
 @@ -40,9 +40,11 @@
  manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
  manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
@@ -4931,8 +4931,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
 +	sandbox_manage_tmpfs_files(pulseaudio_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.8.6/policy/modules/apps/qemu.fc
---- nsaserefpolicy/policy/modules/apps/qemu.fc	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/qemu.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/qemu.fc	2010-07-09 08:39:38.992411995 +0200
 @@ -1,2 +1,4 @@
 -/usr/bin/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
@@ -4940,8 +4940,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc 
 +/usr/bin/qemu-kvm	--	gen_context(system_u:object_r:qemu_exec_t,s0)
  /usr/libexec/qemu.* --	gen_context(system_u:object_r:qemu_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.8.6/policy/modules/apps/qemu.if
---- nsaserefpolicy/policy/modules/apps/qemu.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/qemu.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/qemu.if	2010-07-09 08:39:38.993385040 +0200
 @@ -127,12 +127,14 @@
  template(`qemu_role',`
  	gen_require(`
@@ -5051,8 +5051,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if 
 +
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.8.6/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/qemu.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/qemu.te	2010-07-09 08:39:38.994413120 +0200
 @@ -49,6 +49,8 @@
  #
  # qemu local policy
@@ -5086,19 +5086,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te 
 +	allow unconfined_qemu_t qemu_exec_t:file execmod;
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.8.6/policy/modules/apps/sambagui.fc
---- nsaserefpolicy/policy/modules/apps/sambagui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sambagui.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sambagui.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sambagui.fc	2010-07-09 08:39:38.995411448 +0200
 @@ -0,0 +1 @@
 +/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.8.6/policy/modules/apps/sambagui.if
---- nsaserefpolicy/policy/modules/apps/sambagui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sambagui.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sambagui.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sambagui.if	2010-07-09 08:39:38.996432614 +0200
 @@ -0,0 +1,2 @@
 +## <summary>system-config-samba policy</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.8.6/policy/modules/apps/sambagui.te
---- nsaserefpolicy/policy/modules/apps/sambagui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sambagui.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sambagui.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sambagui.te	2010-07-09 08:39:38.997385265 +0200
 @@ -0,0 +1,66 @@
 +policy_module(sambagui,1.0.0)
 +
@@ -5167,13 +5167,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui
 +	policykit_dbus_chat(sambagui_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.8.6/policy/modules/apps/sandbox.fc
---- nsaserefpolicy/policy/modules/apps/sandbox.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sandbox.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sandbox.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sandbox.fc	2010-07-09 08:39:38.997385265 +0200
 @@ -0,0 +1 @@
 +# No types are sandbox_exec_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.8.6/policy/modules/apps/sandbox.if
---- nsaserefpolicy/policy/modules/apps/sandbox.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sandbox.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sandbox.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sandbox.if	2010-07-09 08:39:38.999385133 +0200
 @@ -0,0 +1,314 @@
 +
 +## <summary>policy for sandbox</summary>
@@ -5490,9 +5490,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +	allow $1 sandbox_file_type:dir list_dir_perms;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.8.6/policy/modules/apps/sandbox.te
---- nsaserefpolicy/policy/modules/apps/sandbox.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sandbox.te	2010-06-22 08:36:58.000000000 -0400
-@@ -0,0 +1,387 @@
+--- nsaserefpolicy/policy/modules/apps/sandbox.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sandbox.te	2010-07-09 09:45:35.840135472 +0200
+@@ -0,0 +1,390 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
 +attribute sandbox_domain;
@@ -5802,10 +5802,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +corenet_dontaudit_tcp_bind_generic_port(sandbox_web_type)
 +
 +files_dontaudit_getattr_all_dirs(sandbox_web_type)
++files_dontaudit_list_mnt(sandbox_web_type)
 +
 +fs_dontaudit_rw_anon_inodefs_files(sandbox_web_type)
 +fs_dontaudit_getattr_all_fs(sandbox_web_type)
 +
++storage_dontaudit_getattr_fixed_disk_dev(sandbox_web_type)
++
 +auth_use_nsswitch(sandbox_web_type)
 +
 +dbus_system_bus_client(sandbox_web_type)
@@ -5881,8 +5884,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.8.6/policy/modules/apps/seunshare.if
---- nsaserefpolicy/policy/modules/apps/seunshare.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/seunshare.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/seunshare.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/seunshare.if	2010-07-09 08:39:39.001386048 +0200
 @@ -53,8 +53,14 @@
  
  ########################################
@@ -5935,8 +5938,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
 +	')
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.8.6/policy/modules/apps/seunshare.te
---- nsaserefpolicy/policy/modules/apps/seunshare.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/seunshare.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/seunshare.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/seunshare.te	2010-07-09 08:39:39.002385284 +0200
 @@ -5,40 +5,39 @@
  # Declarations
  #
@@ -5996,8 +5999,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
  	')
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.8.6/policy/modules/apps/slocate.te
---- nsaserefpolicy/policy/modules/apps/slocate.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/slocate.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/slocate.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/slocate.te	2010-07-09 08:39:39.003385288 +0200
 @@ -29,6 +29,7 @@
  manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
  
@@ -6019,14 +6022,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
  # getpwnam
  auth_use_nsswitch(locate_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.fc
---- nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.fc	2010-07-09 08:39:39.004389971 +0200
 @@ -0,0 +1,2 @@
 +
 +/usr/libexec/telepathy-sofiasip	--	gen_context(system_u:object_r:telepathysofiasip_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.if serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.if
---- nsaserefpolicy/policy/modules/apps/telepathysofiasip.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.if	2010-07-09 08:39:39.005385156 +0200
 @@ -0,0 +1,69 @@
 +
 +## <summary>policy for telepathy-sofiasip</summary>
@@ -6098,8 +6101,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
 +	telepathysofiasip_dbus_chat($2)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.te serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.te
---- nsaserefpolicy/policy/modules/apps/telepathysofiasip.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.te	2010-07-09 08:39:39.006412119 +0200
 @@ -0,0 +1,42 @@
 +policy_module(telepathysofiasip,1.0.0)
 +
@@ -6144,16 +6147,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
 +
 +sysnet_read_config(telepathysofiasip_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.8.6/policy/modules/apps/userhelper.fc
---- nsaserefpolicy/policy/modules/apps/userhelper.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/userhelper.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/userhelper.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/userhelper.fc	2010-07-09 08:39:39.007385303 +0200
 @@ -7,3 +7,4 @@
  # /usr
  #
  /usr/sbin/userhelper		--	gen_context(system_u:object_r:userhelper_exec_t,s0)
 +/usr/bin/consolehelper		--	gen_context(system_u:object_r:consolehelper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.8.6/policy/modules/apps/userhelper.if
---- nsaserefpolicy/policy/modules/apps/userhelper.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/userhelper.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/userhelper.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/userhelper.if	2010-07-09 08:39:39.008385237 +0200
 @@ -25,6 +25,7 @@
  	gen_require(`
  		attribute userhelper_type;
@@ -6222,8 +6225,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
 +	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.te serefpolicy-3.8.6/policy/modules/apps/userhelper.te
---- nsaserefpolicy/policy/modules/apps/userhelper.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/userhelper.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/userhelper.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/userhelper.te	2010-07-09 08:39:39.009384822 +0200
 @@ -6,9 +6,51 @@
  #
  
@@ -6277,8 +6280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
 +	xserver_stream_connect(consolehelper_domain)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.8.6/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/vmware.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/vmware.fc	2010-07-09 08:39:39.010385734 +0200
 @@ -20,7 +20,7 @@
  /usr/bin/vmnet-sniffer		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
  /usr/bin/vmware-network		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
@@ -6298,8 +6301,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.f
  /opt/vmware/(workstation|player)/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
  /opt/vmware/(workstation|player)/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.8.6/policy/modules/apps/vmware.if
---- nsaserefpolicy/policy/modules/apps/vmware.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/vmware.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/vmware.if	2010-07-09 08:39:39.011385109 +0200
 @@ -84,3 +84,22 @@
  	logging_search_logs($1)
  	append_files_pattern($1, vmware_log_t, vmware_log_t)
@@ -6324,8 +6327,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.i
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.8.6/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/vmware.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/vmware.te	2010-07-09 08:39:39.012385742 +0200
 @@ -28,6 +28,10 @@
  type vmware_host_exec_t;
  init_daemon_domain(vmware_host_t, vmware_host_exec_t)
@@ -6371,8 +6374,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t
  domain_use_interactive_fds(vmware_host_t)
  domain_dontaudit_read_all_domains_state(vmware_host_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.8.6/policy/modules/apps/wine.fc
---- nsaserefpolicy/policy/modules/apps/wine.fc	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/wine.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wine.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wine.fc	2010-07-09 08:39:39.013385047 +0200
 @@ -2,6 +2,7 @@
  
  /opt/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
@@ -6382,8 +6385,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc 
  /opt/google/picasa(/.*)?/bin/notepad --	gen_context(system_u:object_r:wine_exec_t,s0)
  /opt/google/picasa(/.*)?/bin/progman --	gen_context(system_u:object_r:wine_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.8.6/policy/modules/apps/wine.if
---- nsaserefpolicy/policy/modules/apps/wine.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/wine.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wine.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wine.if	2010-07-09 08:39:39.014385051 +0200
 @@ -35,6 +35,8 @@
  	role $1 types wine_t;
  
@@ -6410,8 +6413,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if 
  	optional_policy(`
  		xserver_role($1_r, $1_wine_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.8.6/policy/modules/apps/wine.te
---- nsaserefpolicy/policy/modules/apps/wine.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/wine.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wine.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wine.te	2010-07-09 08:39:39.015384915 +0200
 @@ -1,5 +1,13 @@
  policy_module(wine, 1.7.0)
  
@@ -6455,8 +6458,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te 
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.8.6/policy/modules/apps/wm.if
---- nsaserefpolicy/policy/modules/apps/wm.if	2009-07-27 18:11:17.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/wm.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wm.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wm.if	2010-07-09 08:39:39.016385128 +0200
 @@ -30,6 +30,7 @@
  template(`wm_role_template',`
  	gen_require(`
@@ -6505,9 +6508,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.8.6/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.fc	2010-06-21 10:53:58.000000000 -0400
-@@ -101,6 +101,9 @@
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.fc	2010-07-09 16:26:49.939385338 +0200
+@@ -9,8 +9,10 @@
+ /bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/fish			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
++/bin/mksh			--  gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/sash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/tcsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
++/bin/yash			--  gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ 
+ #
+@@ -101,6 +103,9 @@
  /etc/X11/xdm/Xsetup_0		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/X11/xinit(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  
@@ -6517,7 +6531,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /etc/profile.d(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  /etc/xen/qemu-ifup		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/xen/scripts(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-@@ -145,6 +148,10 @@
+@@ -145,6 +150,10 @@
  
  /opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  
@@ -6528,7 +6542,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  ifdef(`distro_gentoo',`
  /opt/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
  /opt/RealPlayer/postint(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-@@ -228,6 +235,8 @@
+@@ -228,6 +237,8 @@
  /usr/share/cluster/svclib_nfslock --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/e16/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -6537,7 +6551,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -340,3 +349,22 @@
+@@ -340,3 +351,22 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -6561,8 +6575,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +
 +/usr/lib(64)?/gimp/.*/plug-ins(/.*)?  gen_context(system_u:object_r:bin_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.8.6/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if	2010-03-05 17:14:56.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.if	2010-07-09 08:39:39.019385000 +0200
 @@ -931,6 +931,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -6580,8 +6594,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  	manage_lnk_files_pattern($1, bin_t, bin_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.8.6/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/corenetwork.te.in	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/corenetwork.te.in	2010-07-09 08:39:39.020385144 +0200
 @@ -24,6 +24,7 @@
  #
  type tun_tap_device_t;
@@ -6717,8 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(zope, tcp,8021,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.8.6/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc	2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/devices.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/devices.fc	2010-07-09 08:39:39.021411478 +0200
 @@ -191,3 +191,8 @@
  /var/named/chroot/dev/random -c	gen_context(system_u:object_r:random_device_t,s0)
  /var/named/chroot/dev/zero -c	gen_context(system_u:object_r:zero_device_t,s0)
@@ -6729,8 +6743,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +#
 +/sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.8.6/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if	2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/devices.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/devices.if	2010-07-09 08:39:39.025385233 +0200
 @@ -606,6 +606,24 @@
  
  ########################################
@@ -6839,8 +6853,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.8.6/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/devices.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/devices.te	2010-07-09 08:39:39.027385241 +0200
 @@ -100,6 +100,7 @@
  #
  type kvm_device_t;
@@ -6857,8 +6871,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
  allow devices_unconfined_type mtrr_device_t:file *;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.8.6/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if	2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/domain.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/domain.if	2010-07-09 08:39:39.029385179 +0200
 @@ -611,7 +611,7 @@
  
  ########################################
@@ -6939,8 +6953,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +	dontaudit $1 domain:socket_class_set { read write };
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.8.6/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/domain.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/domain.te	2010-07-09 08:39:39.030385252 +0200
 @@ -4,6 +4,21 @@
  #
  # Declarations
@@ -7107,8 +7121,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +# broken kernel
 +dontaudit can_change_object_identity can_change_object_identity:key link;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.8.6/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/files.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/files.fc	2010-07-09 16:29:56.646135332 +0200
 @@ -18,6 +18,7 @@
  /fsckoptions 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /halt			--	gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -7117,19 +7131,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ifdef(`distro_suse',`
-@@ -64,6 +65,11 @@
+@@ -64,6 +65,13 @@
  /etc/reader\.conf	-- 	gen_context(system_u:object_r:etc_runtime_t,s0)
  /etc/smartd\.conf.*	--	gen_context(system_u:object_r:etc_runtime_t,s0)
  
 +/etc/sysctl\.conf(\.old)?               --      gen_context(system_u:object_r:system_conf_t,s0)
++/etc/sysconfig/ebtables.*				--      gen_context(system_u:object_r:system_conf_t,s0)
 +/etc/sysconfig/ip6?tables.*             --      gen_context(system_u:object_r:system_conf_t,s0)
 +/etc/sysconfig/ipvsadm.*                --      gen_context(system_u:object_r:system_conf_t,s0)
 +/etc/sysconfig/system-config-firewall.* --      gen_context(system_u:object_r:system_conf_t,s0)
 +
++
  /etc/cups/client\.conf	--	gen_context(system_u:object_r:etc_t,s0)
  
  /etc/ipsec\.d/examples(/.*)?	gen_context(system_u:object_r:etc_t,s0)
-@@ -74,7 +80,8 @@
+@@ -74,7 +82,8 @@
  
  /etc/sysconfig/hwconf	--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /etc/sysconfig/iptables\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -7139,7 +7155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  
  ifdef(`distro_gentoo', `
  /etc/profile\.env	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-@@ -95,7 +102,7 @@
+@@ -95,7 +104,7 @@
  # HOME_ROOT
  # expanded by genhomedircon
  #
@@ -7148,7 +7164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  HOME_ROOT/\.journal		<<none>>
  HOME_ROOT/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
  HOME_ROOT/lost\+found/.*		<<none>>
-@@ -159,6 +166,10 @@
+@@ -159,6 +168,10 @@
  /proc			-d	<<none>>
  /proc/.*			<<none>>
  
@@ -7159,7 +7175,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #
  # /selinux
  #
-@@ -172,12 +183,6 @@
+@@ -172,12 +185,6 @@
  /srv/.*				gen_context(system_u:object_r:var_t,s0)
  
  #
@@ -7172,7 +7188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  # /tmp
  #
  /tmp			-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
-@@ -217,7 +222,6 @@
+@@ -217,7 +224,6 @@
  
  ifndef(`distro_redhat',`
  /usr/local/src(/.*)?		gen_context(system_u:object_r:src_t,s0)
@@ -7180,7 +7196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  /usr/src(/.*)?			gen_context(system_u:object_r:src_t,s0)
  /usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
  ')
-@@ -233,6 +237,8 @@
+@@ -233,6 +239,8 @@
  
  /var/ftp/etc(/.*)?		gen_context(system_u:object_r:etc_t,s0)
  
@@ -7189,15 +7205,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  /var/lib(/.*)?			gen_context(system_u:object_r:var_lib_t,s0)
  
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
-@@ -258,3 +264,5 @@
+@@ -258,3 +266,5 @@
  ifdef(`distro_debian',`
  /var/run/motd		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  ')
 +/nsr(/.*)?						gen_context(system_u:object_r:var_t,s0)
 +/nsr/logs(/.*)?						gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.8.6/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/files.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/files.if	2010-07-09 09:46:04.850134775 +0200
 @@ -1053,10 +1053,8 @@
  	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
  	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -7285,7 +7301,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -3711,6 +3748,64 @@
+@@ -3347,6 +3384,24 @@
+ 	allow $1 mnt_t:dir list_dir_perms;
+ ')
+ 
++######################################
++## <summary>
++##  dontaudit List the contents of /mnt.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`files_dontaudit_list_mnt',`
++    gen_require(`
++        type mnt_t;
++    ')
++
++    dontaudit $1 mnt_t:dir list_dir_perms;
++')
++
+ ########################################
+ ## <summary>
+ ##	Mount a filesystem on /mnt.
+@@ -3711,6 +3766,64 @@
  	allow $1 readable_t:sock_file read_sock_file_perms;
  ')
  
@@ -7350,7 +7391,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ########################################
  ## <summary>
  ##	Allow the specified type to associate
-@@ -3896,6 +3991,32 @@
+@@ -3896,6 +4009,32 @@
  
  ########################################
  ## <summary>
@@ -7383,7 +7424,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Manage temporary files and directories in /tmp.
  ## </summary>
  ## <param name="domain">
-@@ -4109,6 +4230,13 @@
+@@ -4109,6 +4248,13 @@
  	delete_lnk_files_pattern($1, tmpfile, tmpfile)
  	delete_fifo_files_pattern($1, tmpfile, tmpfile)
  	delete_sock_files_pattern($1, tmpfile, tmpfile)
@@ -7397,7 +7438,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -5298,6 +5426,25 @@
+@@ -5298,6 +5444,25 @@
  	search_dirs_pattern($1, var_t, var_run_t)
  ')
  
@@ -7423,7 +7464,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ########################################
  ## <summary>
  ##	Do not audit attempts to search
-@@ -5522,6 +5669,7 @@
+@@ -5522,6 +5687,7 @@
  
  	list_dirs_pattern($1, var_t, pidfile)
  	read_files_pattern($1, pidfile, pidfile)
@@ -7431,7 +7472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -5807,3 +5955,229 @@
+@@ -5807,3 +5973,229 @@
  
  	typeattribute $1 files_unconfined_type;
  ')
@@ -7662,8 +7703,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
 +	allow $1 file_type:kernel_service create_files_as;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.8.6/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/files.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/files.te	2010-07-09 08:39:39.038435081 +0200
 @@ -11,6 +11,7 @@
  attribute mountpoint;
  attribute pidfile;
@@ -7696,8 +7737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #Temporarily in policy until FC5 dissappears
  typealias etc_runtime_t alias firstboot_rw_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.6/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if	2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.if	2010-07-09 08:39:39.042385299 +0200
 @@ -1207,7 +1207,7 @@
  		type cifs_t;
  	')
@@ -7932,8 +7973,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.8.6/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.te	2010-07-09 08:39:39.044385167 +0200
 @@ -52,6 +52,7 @@
  fs_type(anon_inodefs_t)
  files_mountpoint(anon_inodefs_t)
@@ -7976,8 +8017,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.8.6/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if	2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/kernel.if	2010-06-25 14:04:46.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/kernel.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/kernel.if	2010-07-09 08:39:39.046385104 +0200
 @@ -1977,7 +1977,7 @@
  	')
  
@@ -8037,8 +8078,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.8.6/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/kernel.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/kernel.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/kernel.te	2010-07-09 08:39:39.048385182 +0200
 @@ -156,6 +156,7 @@
  #
  type unlabeled_t;
@@ -8099,8 +8140,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  #
  # Unlabeled process local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.8.6/policy/modules/kernel/selinux.if
---- nsaserefpolicy/policy/modules/kernel/selinux.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/selinux.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/selinux.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/selinux.if	2010-07-09 08:39:39.049385186 +0200
 @@ -40,7 +40,7 @@
  
  	# because of this statement, any module which
@@ -8159,8 +8200,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
 +	mls_trusted_object($1)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.8.6/policy/modules/kernel/storage.if
---- nsaserefpolicy/policy/modules/kernel/storage.if	2010-06-04 17:11:28.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/storage.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/storage.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/storage.if	2010-07-09 08:39:39.050384701 +0200
 @@ -101,6 +101,8 @@
  	dev_list_all_dev_nodes($1)
  	allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
@@ -8171,8 +8212,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.8.6/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/terminal.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/terminal.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/terminal.if	2010-07-09 08:39:39.052385058 +0200
 @@ -292,9 +292,11 @@
  interface(`term_dontaudit_use_console',`
  	gen_require(`
@@ -8214,8 +8255,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.8.6/policy/modules/roles/auditadm.te
---- nsaserefpolicy/policy/modules/roles/auditadm.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/auditadm.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/auditadm.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/auditadm.te	2010-07-09 08:39:39.053411252 +0200
 @@ -28,10 +28,13 @@
  logging_manage_audit_config(auditadm_t)
  logging_run_auditctl(auditadm_t, auditadm_r)
@@ -8231,8 +8272,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditad
  	consoletype_exec(auditadm_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.8.6/policy/modules/roles/guest.te
---- nsaserefpolicy/policy/modules/roles/guest.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/guest.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/guest.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/guest.te	2010-07-09 08:39:39.054411536 +0200
 @@ -15,11 +15,7 @@
  #
  
@@ -8248,8 +8289,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
 -#gen_user(guest_u,, guest_r, s0, s0)
 +gen_user(guest_u, user, guest_r, s0, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.8.6/policy/modules/roles/secadm.te
---- nsaserefpolicy/policy/modules/roles/secadm.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/secadm.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/secadm.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/secadm.te	2010-07-09 08:39:39.055433540 +0200
 @@ -9,6 +9,8 @@
  
  userdom_unpriv_user_template(secadm)
@@ -8260,8 +8301,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.
  ########################################
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.8.6/policy/modules/roles/staff.te
---- nsaserefpolicy/policy/modules/roles/staff.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/staff.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/staff.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/staff.te	2010-07-09 08:39:39.056437385 +0200
 @@ -8,25 +8,55 @@
  role staff_r;
  
@@ -8457,8 +8498,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
 +	userhelper_console_role_template(staff, staff_r, staff_usertype)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.8.6/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/sysadm.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/sysadm.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/sysadm.te	2010-07-09 08:39:39.058385290 +0200
 @@ -27,17 +27,29 @@
  
  corecmd_exec_shell(sysadm_t)
@@ -8814,8 +8855,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
 +modutils_read_module_deps(sysadm_t)
 +miscfiles_read_hwdata(sysadm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.8.6/policy/modules/roles/unconfineduser.fc
---- nsaserefpolicy/policy/modules/roles/unconfineduser.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.fc	2010-07-09 08:39:39.059411066 +0200
 @@ -0,0 +1,8 @@
 +# Add programs here which should not be confined by SELinux
 +# e.g.:
@@ -8826,8 +8867,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +/usr/sbin/xrdp   --  gen_context(system_u:object_r:unconfined_exec_t,s0)
 +/usr/sbin/xrdp-sesman   --  gen_context(system_u:object_r:unconfined_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.8.6/policy/modules/roles/unconfineduser.if
---- nsaserefpolicy/policy/modules/roles/unconfineduser.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.if	2010-07-09 08:39:39.061385442 +0200
 @@ -0,0 +1,667 @@
 +## <summary>Unconfiend user role</summary>
 +
@@ -9497,8 +9538,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +	allow $1 unconfined_r;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.8.6/policy/modules/roles/unconfineduser.te
---- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.te	2010-07-09 08:39:39.062384887 +0200
 @@ -0,0 +1,443 @@
 +policy_module(unconfineduser, 1.0.0)
 +
@@ -9944,8 +9985,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.8.6/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/unprivuser.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/unprivuser.te	2010-07-09 08:39:39.063411361 +0200
 @@ -12,10 +12,13 @@
  
  userdom_unpriv_user_template(user)
@@ -10000,8 +10041,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
  	xserver_role(user_r, user_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.8.6/policy/modules/roles/xguest.te
---- nsaserefpolicy/policy/modules/roles/xguest.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/xguest.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/xguest.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/xguest.te	2010-07-09 08:39:39.064410666 +0200
 @@ -14,7 +14,7 @@
  
  ## <desc>
@@ -10137,8 +10178,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.
 +
 +gen_user(xguest_u, user, xguest_r, s0, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.8.6/policy/modules/services/abrt.fc
---- nsaserefpolicy/policy/modules/services/abrt.fc	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/abrt.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/abrt.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/abrt.fc	2010-07-09 08:39:39.065411438 +0200
 @@ -15,6 +15,7 @@
  
  /var/run/abrt\.pid		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
@@ -10148,8 +10189,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  
  /var/spool/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.8.6/policy/modules/services/abrt.if
---- nsaserefpolicy/policy/modules/services/abrt.if	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/abrt.if	2010-06-21 13:57:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/abrt.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/abrt.if	2010-07-09 08:39:39.066411512 +0200
 @@ -130,6 +130,10 @@
  	')
  
@@ -10224,8 +10265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  ## <summary>
  ##	All of the rules required to administrate
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.8.6/policy/modules/services/abrt.te
---- nsaserefpolicy/policy/modules/services/abrt.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/abrt.te	2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/abrt.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/abrt.te	2010-07-09 08:39:39.068385189 +0200
 @@ -5,6 +5,14 @@
  # Declarations
  #
@@ -10351,8 +10392,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
 +	allow abrt_t domain:process setrlimit;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.8.6/policy/modules/services/afs.te
---- nsaserefpolicy/policy/modules/services/afs.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/afs.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/afs.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/afs.te	2010-07-09 08:39:39.069385123 +0200
 @@ -82,6 +82,10 @@
  
  kernel_rw_afs_state(afs_t)
@@ -10365,8 +10406,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
  corenet_all_recvfrom_netlabel(afs_t)
  corenet_tcp_sendrecv_generic_if(afs_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.fc serefpolicy-3.8.6/policy/modules/services/aiccu.fc
---- nsaserefpolicy/policy/modules/services/aiccu.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/aiccu.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aiccu.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/aiccu.fc	2010-07-09 08:39:39.070384918 +0200
 @@ -0,0 +1,6 @@
 +/etc/aiccu.conf			--	gen_context(system_u:object_r:aiccu_etc_t,s0)
 +/etc/rc\.d/init\.d/aiccu	--	gen_context(system_u:object_r:aiccu_initrc_exec_t,s0)
@@ -10375,8 +10416,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
 +
 +/var/run/aiccu\.pid		--	gen_context(system_u:object_r:aiccu_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.if serefpolicy-3.8.6/policy/modules/services/aiccu.if
---- nsaserefpolicy/policy/modules/services/aiccu.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/aiccu.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aiccu.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/aiccu.if	2010-07-09 08:39:39.071385341 +0200
 @@ -0,0 +1,118 @@
 +## <summary>Automatic IPv6 Connectivity Client Utility.</summary>
 +
@@ -10497,8 +10538,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
 +	files_search_pids($1)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.8.6/policy/modules/services/aiccu.te
---- nsaserefpolicy/policy/modules/services/aiccu.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/aiccu.te	2010-06-25 14:38:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aiccu.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/aiccu.te	2010-07-09 08:39:39.072385065 +0200
 @@ -0,0 +1,71 @@
 +policy_module(aiccu, 1.0.0)
 +
@@ -10572,8 +10613,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
 +sysnet_dns_name_resolve(aiccu_t)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.8.6/policy/modules/services/aisexec.te
---- nsaserefpolicy/policy/modules/services/aisexec.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/aisexec.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aisexec.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/aisexec.te	2010-07-09 08:39:39.073385209 +0200
 @@ -97,3 +97,6 @@
  	rhcs_rw_groupd_semaphores(aisexec_t)
  	rhcs_rw_groupd_shm(aisexec_t)
@@ -10582,8 +10623,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
 +userdom_rw_semaphores(aisexec_t)
 +userdom_rw_unpriv_user_shared_mem(aisexec_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.8.6/policy/modules/services/apache.fc
---- nsaserefpolicy/policy/modules/services/apache.fc	2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apache.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apache.fc	2010-07-09 08:39:39.074387866 +0200
 @@ -24,7 +24,6 @@
  
  /usr/lib/apache-ssl/.+		--	gen_context(system_u:object_r:httpd_exec_t,s0)
@@ -10635,8 +10676,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.8.6/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if	2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apache.if	2010-06-25 16:19:36.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apache.if	2010-07-09 08:39:39.076385360 +0200
 @@ -13,17 +13,13 @@
  #
  template(`apache_content_template',`
@@ -11047,8 +11088,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	dontaudit $1 httpd_t:unix_stream_socket { read write };
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.8.6/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apache.te	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apache.te	2010-07-09 08:39:39.079385092 +0200
 @@ -18,6 +18,8 @@
  # Declarations
  #
@@ -11589,8 +11630,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +typealias httpd_var_run_t         alias httpd_fastcgi_var_run_t;
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.8.6/policy/modules/services/apcupsd.te
---- nsaserefpolicy/policy/modules/services/apcupsd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apcupsd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apcupsd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apcupsd.te	2010-07-09 08:39:39.080385305 +0200
 @@ -94,6 +94,10 @@
  ')
  
@@ -11603,8 +11644,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
  	mta_system_content(apcupsd_tmp_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.8.6/policy/modules/services/arpwatch.te
---- nsaserefpolicy/policy/modules/services/arpwatch.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/arpwatch.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/arpwatch.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/arpwatch.te	2010-07-09 08:39:39.081384820 +0200
 @@ -63,6 +63,7 @@
  corenet_udp_sendrecv_all_ports(arpwatch_t)
  
@@ -11614,8 +11655,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
  
  fs_getattr_all_fs(arpwatch_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.8.6/policy/modules/services/asterisk.te
---- nsaserefpolicy/policy/modules/services/asterisk.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/asterisk.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/asterisk.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/asterisk.te	2010-07-09 08:39:39.082390202 +0200
 @@ -99,6 +99,7 @@
  corenet_tcp_bind_generic_node(asterisk_t)
  corenet_udp_bind_generic_node(asterisk_t)
@@ -11644,8 +11685,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.8.6/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/automount.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/automount.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/automount.te	2010-07-09 08:39:39.083389856 +0200
 @@ -145,6 +145,7 @@
  
  # Run mount in the mount_t domain.
@@ -11655,8 +11696,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  
  userdom_dontaudit_use_unpriv_user_fds(automount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.8.6/policy/modules/services/avahi.if
---- nsaserefpolicy/policy/modules/services/avahi.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/avahi.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/avahi.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/avahi.if	2010-07-09 08:39:39.084412978 +0200
 @@ -90,6 +90,7 @@
  		class dbus send_msg;
  	')
@@ -11666,8 +11707,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
  	allow avahi_t $1:dbus send_msg;
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.8.6/policy/modules/services/bind.if
---- nsaserefpolicy/policy/modules/services/bind.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/bind.if	2010-06-25 13:19:23.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bind.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/bind.if	2010-07-09 08:39:39.085411515 +0200
 @@ -359,9 +359,9 @@
  interface(`bind_admin',`
  	gen_require(`
@@ -11691,8 +11732,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  	files_list_pids($1)
  	admin_pattern($1, named_var_run_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.8.6/policy/modules/services/bitlbee.te
---- nsaserefpolicy/policy/modules/services/bitlbee.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/bitlbee.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bitlbee.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/bitlbee.te	2010-07-09 08:39:39.087385192 +0200
 @@ -27,6 +27,7 @@
  # Local policy
  #
@@ -11713,8 +11754,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
  
  sysnet_dns_name_resolve(bitlbee_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.8.6/policy/modules/services/bluetooth.if
---- nsaserefpolicy/policy/modules/services/bluetooth.if	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bluetooth.if	2010-06-25 13:21:01.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bluetooth.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/bluetooth.if	2010-07-09 08:39:39.088385127 +0200
 @@ -117,6 +117,27 @@
  
  ########################################
@@ -11763,8 +11804,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
  	admin_pattern($1, bluetooth_var_lib_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.fc serefpolicy-3.8.6/policy/modules/services/boinc.fc
---- nsaserefpolicy/policy/modules/services/boinc.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/boinc.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/boinc.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/boinc.fc	2010-07-09 08:39:39.089385200 +0200
 @@ -0,0 +1,6 @@
 +
 +/etc/rc\.d/init\.d/boinc_client		--  gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
@@ -11773,8 +11814,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +
 +/var/lib/boinc(/.*)?					gen_context(system_u:object_r:boinc_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.if serefpolicy-3.8.6/policy/modules/services/boinc.if
---- nsaserefpolicy/policy/modules/services/boinc.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/boinc.if	2010-06-25 13:19:35.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/boinc.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/boinc.if	2010-07-09 08:39:39.090384995 +0200
 @@ -0,0 +1,151 @@
 +
 +## <summary>policy for boinc</summary>
@@ -11928,9 +11969,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +	admin_pattern($1, boinc_var_lib_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.8.6/policy/modules/services/boinc.te
---- nsaserefpolicy/policy/modules/services/boinc.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/boinc.te	2010-06-28 09:37:14.000000000 -0400
-@@ -0,0 +1,94 @@
+--- nsaserefpolicy/policy/modules/services/boinc.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/boinc.te	2010-07-09 09:59:27.747135432 +0200
+@@ -0,0 +1,96 @@
 +policy_module(boinc,1.0.0)
 +
 +########################################
@@ -12010,6 +12051,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +
 +domain_read_all_domains_state(boinc_t)
 +
++files_dontaudit_getattr_boot_dirs(boinc_t)
++
 +files_read_etc_files(boinc_t)
 +files_read_usr_files(boinc_t)
 +
@@ -12026,16 +12069,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +
 +mta_send_mail(boinc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.fc serefpolicy-3.8.6/policy/modules/services/bugzilla.fc
---- nsaserefpolicy/policy/modules/services/bugzilla.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bugzilla.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bugzilla.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/bugzilla.fc	2010-07-09 08:39:39.091384928 +0200
 @@ -0,0 +1,4 @@
 +
 +/usr/share/bugzilla(/.*)?	-d	gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
 +/usr/share/bugzilla(/.*)?	--	gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0)
 +/var/lib/bugzilla(/.*)?			gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.if serefpolicy-3.8.6/policy/modules/services/bugzilla.if
---- nsaserefpolicy/policy/modules/services/bugzilla.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bugzilla.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bugzilla.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/bugzilla.if	2010-07-09 08:39:39.092411123 +0200
 @@ -0,0 +1,39 @@
 +## <summary>Bugzilla server</summary>
 +
@@ -12077,8 +12120,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
 +	dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.te serefpolicy-3.8.6/policy/modules/services/bugzilla.te
---- nsaserefpolicy/policy/modules/services/bugzilla.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bugzilla.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bugzilla.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/bugzilla.te	2010-07-09 08:39:39.093437597 +0200
 @@ -0,0 +1,56 @@
 +policy_module(bugzilla, 1.0)
 +
@@ -12137,8 +12180,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.fc serefpolicy-3.8.6/policy/modules/services/cachefilesd.fc
---- nsaserefpolicy/policy/modules/services/cachefilesd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cachefilesd.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.fc	2010-07-09 08:39:39.094384661 +0200
 @@ -0,0 +1,29 @@
 +###############################################################################
 +#
@@ -12170,8 +12213,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
 +
 +/var/run/cachefilesd\.pid --	gen_context(system_u:object_r:cachefiles_var_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.if serefpolicy-3.8.6/policy/modules/services/cachefilesd.if
---- nsaserefpolicy/policy/modules/services/cachefilesd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cachefilesd.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.if	2010-07-09 08:39:39.095385084 +0200
 @@ -0,0 +1,41 @@
 +###############################################################################
 +#
@@ -12215,8 +12258,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
 +	allow cachefilesd_t $1:process sigchld;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.te serefpolicy-3.8.6/policy/modules/services/cachefilesd.te
---- nsaserefpolicy/policy/modules/services/cachefilesd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cachefilesd.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.te	2010-07-09 08:39:39.096385297 +0200
 @@ -0,0 +1,147 @@
 +###############################################################################
 +#
@@ -12366,8 +12409,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
 +
 +dev_search_sysfs(cachefiles_kernel_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.8.6/policy/modules/services/ccs.te
---- nsaserefpolicy/policy/modules/services/ccs.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ccs.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ccs.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ccs.te	2010-07-09 08:39:39.097385371 +0200
 @@ -118,5 +118,10 @@
  ')
  
@@ -12380,8 +12423,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.
  	unconfined_use_fds(ccs_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.8.6/policy/modules/services/certmaster.if
---- nsaserefpolicy/policy/modules/services/certmaster.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/certmaster.if	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/certmaster.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/certmaster.if	2010-07-09 08:39:39.098384816 +0200
 @@ -18,6 +18,25 @@
  	domtrans_pattern($1, certmaster_exec_t, certmaster_t)
  ')
@@ -12409,8 +12452,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
  ## <summary>
  ##	read certmaster logs.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.if serefpolicy-3.8.6/policy/modules/services/certmonger.if
---- nsaserefpolicy/policy/modules/services/certmonger.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/certmonger.if	2010-06-25 13:17:18.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/certmonger.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/certmonger.if	2010-07-09 08:39:39.099385169 +0200
 @@ -167,8 +167,8 @@
  	allow $2 system_r;
  
@@ -12423,8 +12466,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
 +	admin_pattern($1, certmonger_var_run_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.te serefpolicy-3.8.6/policy/modules/services/certmonger.te
---- nsaserefpolicy/policy/modules/services/certmonger.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/certmonger.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/certmonger.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/certmonger.te	2010-07-09 08:39:39.100385033 +0200
 @@ -68,5 +68,5 @@
  ')
  
@@ -12433,8 +12476,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
 +	pcscd_stream_connect(certmonger_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.8.6/policy/modules/services/cgroup.if
---- nsaserefpolicy/policy/modules/services/cgroup.if	2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cgroup.if	2010-06-25 13:20:49.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cgroup.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cgroup.if	2010-07-09 08:39:39.101385246 +0200
 @@ -121,7 +121,6 @@
  	gen_require(`
  		type cgred_t, cgconfig_t, cgred_var_run_t;
@@ -12452,8 +12495,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
  
  	admin_pattern($1, cgred_var_run_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.8.6/policy/modules/services/cgroup.te
---- nsaserefpolicy/policy/modules/services/cgroup.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cgroup.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cgroup.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cgroup.te	2010-07-09 08:39:39.101385246 +0200
 @@ -18,8 +18,8 @@
  type cgrules_etc_t;
  files_config_file(cgrules_etc_t)
@@ -12466,8 +12509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
  
  type cgconfig_initrc_exec_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.8.6/policy/modules/services/chronyd.if
---- nsaserefpolicy/policy/modules/services/chronyd.if	2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/chronyd.if	2010-06-25 13:20:28.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/chronyd.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/chronyd.if	2010-07-09 08:39:39.102385250 +0200
 @@ -19,6 +19,24 @@
  	domtrans_pattern($1, chronyd_exec_t, chronyd_t)
  ')
@@ -12575,8 +12618,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
 +	admin_pattern($1, chronyd_tmpfs_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.8.6/policy/modules/services/chronyd.te
---- nsaserefpolicy/policy/modules/services/chronyd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/chronyd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/chronyd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/chronyd.te	2010-07-09 08:39:39.103385324 +0200
 @@ -15,6 +15,9 @@
  type chronyd_keys_t;
  files_type(chronyd_keys_t)
@@ -12607,8 +12650,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
  # bind to udp/323
  corenet_udp_bind_chronyd_port(chronyd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.8.6/policy/modules/services/clamav.te
---- nsaserefpolicy/policy/modules/services/clamav.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/clamav.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/clamav.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/clamav.te	2010-07-09 08:39:39.105385890 +0200
 @@ -92,7 +92,7 @@
  manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
  manage_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
@@ -12647,8 +12690,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.fc serefpolicy-3.8.6/policy/modules/services/cmirrord.fc
---- nsaserefpolicy/policy/modules/services/cmirrord.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cmirrord.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cmirrord.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cmirrord.fc	2010-07-09 08:39:39.105385890 +0200
 @@ -0,0 +1,6 @@
 +
 +/etc/rc\.d/init\.d/cmirrord	--	gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
@@ -12657,8 +12700,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
 +
 +/var/run/cmirrord\.pid		--	gen_context(system_u:object_r:cmirrord_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.if serefpolicy-3.8.6/policy/modules/services/cmirrord.if
---- nsaserefpolicy/policy/modules/services/cmirrord.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cmirrord.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cmirrord.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cmirrord.if	2010-07-09 08:39:39.106385196 +0200
 @@ -0,0 +1,118 @@
 +
 +## <summary>policy for cmirrord</summary>
@@ -12779,8 +12822,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
 +
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.te serefpolicy-3.8.6/policy/modules/services/cmirrord.te
---- nsaserefpolicy/policy/modules/services/cmirrord.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cmirrord.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cmirrord.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cmirrord.te	2010-07-09 08:39:39.107387574 +0200
 @@ -0,0 +1,56 @@
 +policy_module(cmirrord,1.0.0)
 +
@@ -12839,8 +12882,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
 +        corosync_stream_connect(cmirrord_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.8.6/policy/modules/services/cobbler.fc
---- nsaserefpolicy/policy/modules/services/cobbler.fc	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cobbler.fc	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cobbler.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cobbler.fc	2010-07-09 08:39:39.108385134 +0200
 @@ -1,7 +1,32 @@
 -/etc/cobbler(/.*)?		gen_context(system_u:object_r:cobbler_etc_t, s0)
 -/etc/rc\.d/init\.d/cobblerd --	gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
@@ -12880,8 +12923,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
 -/var/lib/cobbler(/.*)?		gen_context(system_u:object_r:cobbler_var_lib_t, s0)
 -/var/log/cobbler(/.*)?		gen_context(system_u:object_r:cobbler_var_log_t, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.8.6/policy/modules/services/cobbler.if
---- nsaserefpolicy/policy/modules/services/cobbler.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cobbler.if	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cobbler.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cobbler.if	2010-07-09 08:39:39.110385141 +0200
 @@ -1,14 +1,4 @@
  ## <summary>Cobbler installation server.</summary>
 -## <desc>
@@ -13134,8 +13177,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
 +	')
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.8.6/policy/modules/services/cobbler.te
---- nsaserefpolicy/policy/modules/services/cobbler.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cobbler.te	2010-06-25 17:37:55.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cobbler.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cobbler.te	2010-07-09 08:39:39.111385145 +0200
 @@ -1,3 +1,4 @@
 +
  policy_module(cobbler, 1.1.0)
@@ -13385,8 +13428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
 +	dontaudit cobblerd_t httpdcontent:dir relabel_dir_perms;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.8.6/policy/modules/services/consolekit.te
---- nsaserefpolicy/policy/modules/services/consolekit.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/consolekit.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/consolekit.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/consolekit.te	2010-07-09 08:39:39.112411410 +0200
 @@ -15,6 +15,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -13452,8 +13495,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  	unconfined_stream_connect(consolekit_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.8.6/policy/modules/services/corosync.fc
---- nsaserefpolicy/policy/modules/services/corosync.fc	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/corosync.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/corosync.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/corosync.fc	2010-07-09 08:39:39.113411972 +0200
 @@ -3,6 +3,7 @@
  /usr/sbin/corosync		--	gen_context(system_u:object_r:corosync_exec_t,s0)
  
@@ -13463,9 +13506,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
  /var/lib/corosync(/.*)?			gen_context(system_u:object_r:corosync_var_lib_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.8.6/policy/modules/services/corosync.te
---- nsaserefpolicy/policy/modules/services/corosync.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/corosync.te	2010-06-21 10:53:58.000000000 -0400
-@@ -32,8 +32,8 @@
+--- nsaserefpolicy/policy/modules/services/corosync.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/corosync.te	2010-07-09 09:07:25.113135329 +0200
+@@ -5,6 +5,13 @@
+ # Declarations
+ #
+ 
++## <desc>
++## <p>
++## Allow corosync to read and write generic tmpfs files.
++## </p>
++## </desc>
++gen_tunable(allow_corosync_rw_tmpfs, false)
++
+ type corosync_t;
+ type corosync_exec_t;
+ init_daemon_domain(corosync_t, corosync_exec_t)
+@@ -32,8 +39,8 @@
  # corosync local policy
  #
  
@@ -13476,7 +13533,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
  
  allow corosync_t self:fifo_file rw_fifo_file_perms;
  allow corosync_t self:sem create_sem_perms;
-@@ -41,6 +41,8 @@
+@@ -41,6 +48,8 @@
  allow corosync_t self:unix_dgram_socket create_socket_perms;
  allow corosync_t self:udp_socket create_socket_perms;
  
@@ -13485,7 +13542,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
  manage_dirs_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
  manage_files_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
  files_tmp_filetrans(corosync_t, corosync_tmp_t, { file dir })
-@@ -63,8 +65,10 @@
+@@ -63,8 +72,10 @@
  files_pid_filetrans(corosync_t, corosync_var_run_t, { file sock_file })
  
  kernel_read_system_state(corosync_t)
@@ -13496,7 +13553,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
  
  corenet_udp_bind_netsupport_port(corosync_t)
  
-@@ -73,6 +77,7 @@
+@@ -73,6 +84,7 @@
  domain_read_all_domains_state(corosync_t)
  
  files_manage_mounttab(corosync_t)
@@ -13504,15 +13561,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
  
  auth_use_nsswitch(corosync_t)
  
-@@ -83,6 +88,7 @@
+@@ -83,19 +95,26 @@
  
  miscfiles_read_localization(corosync_t)
  
 +userdom_delete_user_tmpfs_files(corosync_t)
  userdom_rw_user_tmpfs_files(corosync_t)
  
++tunable_policy(`allow_corosync_rw_tmpfs',`
++    fs_rw_tmpfs_files(corosync_t)
++')
++
  optional_policy(`
-@@ -90,12 +96,13 @@
+ 	ccs_read_config(corosync_t)
  ')
  
  optional_policy(`
@@ -13528,12 +13589,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
 +	# to communication with RHCS
 +	rhcs_rw_cluster_shm(corosync_t)
 +	rhcs_rw_cluster_semaphores(corosync_t)
++	rhcs_stream_connect_cluster(corosync_t)
  ')
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.8.6/policy/modules/services/cron.fc
---- nsaserefpolicy/policy/modules/services/cron.fc	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cron.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cron.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cron.fc	2010-07-09 08:39:39.115384951 +0200
 @@ -14,7 +14,7 @@
  /var/run/anacron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
  /var/run/atd\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -13552,8 +13614,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +
 +/var/log/mcelog.*		--	gen_context(system_u:object_r:cron_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.8.6/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cron.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cron.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cron.if	2010-07-09 08:39:39.116384955 +0200
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -13738,8 +13800,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +	manage_files_pattern($1, system_cronjob_var_lib_t,  system_cronjob_var_lib_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.8.6/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cron.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cron.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cron.te	2010-07-09 08:39:39.119385246 +0200
 @@ -63,9 +63,12 @@
  
  type crond_tmp_t;
@@ -14034,8 +14096,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  
  tunable_policy(`fcron_crond', `
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.8.6/policy/modules/services/cups.fc
---- nsaserefpolicy/policy/modules/services/cups.fc	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cups.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cups.fc	2010-07-09 08:39:39.120384970 +0200
 @@ -71,3 +71,9 @@
  /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
  /var/run/udev-configure-printer(/.*)? 	gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
@@ -14047,8 +14109,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 +/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.8.6/policy/modules/services/cups.if
---- nsaserefpolicy/policy/modules/services/cups.if	2009-07-28 15:51:13.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cups.if	2010-06-25 13:20:18.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cups.if	2010-07-09 08:39:39.121387488 +0200
 @@ -314,7 +314,7 @@
  interface(`cups_admin',`
  	gen_require(`
@@ -14069,8 +14131,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	files_list_tmp($1)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.8.6/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cups.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cups.te	2010-07-09 08:39:39.122385118 +0200
 @@ -15,6 +15,7 @@
  type cupsd_t;
  type cupsd_exec_t;
@@ -14145,8 +14207,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  tunable_policy(`use_nfs_home_dirs',`
  	fs_search_auto_mountpoints(cups_pdf_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.8.6/policy/modules/services/cvs.te
---- nsaserefpolicy/policy/modules/services/cvs.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cvs.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cvs.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cvs.te	2010-07-09 08:39:39.123411801 +0200
 @@ -112,4 +112,5 @@
  	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
  	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -14154,8 +14216,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
 +	files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.8.6/policy/modules/services/cyrus.te
---- nsaserefpolicy/policy/modules/services/cyrus.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cyrus.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cyrus.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cyrus.te	2010-07-09 08:39:39.124411596 +0200
 @@ -135,6 +135,7 @@
  ')
  
@@ -14165,8 +14227,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
  	snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
  	snmp_stream_connect(cyrus_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.8.6/policy/modules/services/dbus.if
---- nsaserefpolicy/policy/modules/services/dbus.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dbus.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dbus.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dbus.if	2010-07-09 08:39:39.125432971 +0200
 @@ -42,8 +42,10 @@
  	gen_require(`
  		class dbus { send_msg acquire_svc };
@@ -14250,8 +14312,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  		dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
  	')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.8.6/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dbus.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dbus.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dbus.te	2010-07-09 08:39:39.127385207 +0200
 @@ -121,6 +121,7 @@
  
  init_use_fds(system_dbusd_t)
@@ -14292,8 +14354,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +	xserver_append_xdm_home_files(session_bus_type)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.te serefpolicy-3.8.6/policy/modules/services/denyhosts.te
---- nsaserefpolicy/policy/modules/services/denyhosts.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/denyhosts.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/denyhosts.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/denyhosts.te	2010-07-09 08:39:39.128385141 +0200
 @@ -25,7 +25,8 @@
  #
  # DenyHosts personal policy.
@@ -14325,8 +14387,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
  sysnet_etc_filetrans_config(denyhosts_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.8.6/policy/modules/services/devicekit.te
---- nsaserefpolicy/policy/modules/services/devicekit.te	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/devicekit.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/devicekit.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/devicekit.te	2010-07-09 08:39:39.129384935 +0200
 @@ -75,10 +75,12 @@
  manage_files_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
  files_var_lib_filetrans(devicekit_disk_t, devicekit_var_lib_t, dir)
@@ -14374,8 +14436,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
  allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
  allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.8.6/policy/modules/services/dhcp.te
---- nsaserefpolicy/policy/modules/services/dhcp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dhcp.te	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dhcp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dhcp.te	2010-07-09 08:39:39.130385079 +0200
 @@ -111,6 +111,11 @@
  ')
  
@@ -14389,8 +14451,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
  	dbus_connect_system_bus(dhcpd_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.8.6/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dnsmasq.te	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dnsmasq.te	2010-07-09 08:39:39.131385082 +0200
 @@ -92,7 +92,11 @@
  userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
  
@@ -14404,9 +14466,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
  ')
  
  optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.8.6/policy/modules/services/dovecot.fc
+--- nsaserefpolicy/policy/modules/services/dovecot.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dovecot.fc	2010-07-09 08:49:36.123135184 +0200
+@@ -25,7 +25,7 @@
+ ifdef(`distro_redhat', `
+ /usr/libexec/dovecot/auth 	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+ /usr/libexec/dovecot/deliver	--	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+-/usr/libexec/dovecot/deliver-lda --	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
++/usr/libexec/dovecot/dovecot-lda --	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+ /usr/libexec/dovecot/dovecot-auth --	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+ ')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.8.6/policy/modules/services/dovecot.if
---- nsaserefpolicy/policy/modules/services/dovecot.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dovecot.if	2010-06-25 13:20:06.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dovecot.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dovecot.if	2010-07-09 08:39:39.132385086 +0200
 @@ -93,12 +93,14 @@
  #
  interface(`dovecot_admin',`
@@ -14449,8 +14523,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  	admin_pattern($1, dovecot_var_run_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.8.6/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dovecot.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dovecot.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dovecot.te	2010-07-09 16:23:37.808134293 +0200
 @@ -58,7 +58,7 @@
  
  allow dovecot_t self:capability { dac_override dac_read_search chown kill net_bind_service setgid setuid sys_chroot };
@@ -14476,15 +14550,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  	postfix_search_spool(dovecot_auth_t)
  ')
  
-@@ -302,4 +304,5 @@
+@@ -256,9 +258,15 @@
+ allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
+ allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
+ 
++allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
++
++can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
++
+ kernel_read_all_sysctls(dovecot_deliver_t)
+ kernel_read_system_state(dovecot_deliver_t)
+ 
++corecmd_exec_bin(dovecot_deliver_t)
++
+ files_read_etc_files(dovecot_deliver_t)
+ files_read_etc_runtime_files(dovecot_deliver_t)
+ 
+@@ -302,4 +310,5 @@
  
  optional_policy(`
  	mta_manage_spool(dovecot_deliver_t)
 +	mta_read_queue(dovecot_deliver_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.8.6/policy/modules/services/exim.fc
---- nsaserefpolicy/policy/modules/services/exim.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/exim.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/exim.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/exim.fc	2010-07-09 08:39:39.134385024 +0200
 @@ -1,3 +1,6 @@
 +
 +/etc/rc\.d/init\.d/exim        --  gen_context(system_u:object_r:exim_initrc_exec_t,s0)
@@ -14493,8 +14583,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
  /var/log/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_log_t,s0)
  /var/run/exim[0-9]?\.pid	--	gen_context(system_u:object_r:exim_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.8.6/policy/modules/services/exim.if
---- nsaserefpolicy/policy/modules/services/exim.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/exim.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/exim.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/exim.if	2010-07-09 08:39:39.135385098 +0200
 @@ -20,6 +20,24 @@
  
  ########################################
@@ -14568,8 +14658,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 +	admin_pattern($1, exim_var_run_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.8.6/policy/modules/services/exim.te
---- nsaserefpolicy/policy/modules/services/exim.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/exim.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/exim.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/exim.te	2010-07-09 08:39:39.136384822 +0200
 @@ -35,6 +35,9 @@
  application_executable_file(exim_exec_t)
  mta_agent_executable(exim_exec_t)
@@ -14592,8 +14682,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
  		mysql_stream_connect(exim_t)
  	')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.8.6/policy/modules/services/fail2ban.if
---- nsaserefpolicy/policy/modules/services/fail2ban.if	2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/fail2ban.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/fail2ban.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/fail2ban.if	2010-07-09 08:39:39.137384686 +0200
 @@ -138,6 +138,26 @@
  
  ########################################
@@ -14622,8 +14712,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
  ##	an fail2ban environment
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.8.6/policy/modules/services/fprintd.te
---- nsaserefpolicy/policy/modules/services/fprintd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/fprintd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/fprintd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/fprintd.te	2010-07-09 08:39:39.138384969 +0200
 @@ -54,4 +54,5 @@
  	policykit_read_lib(fprintd_t)
  	policykit_dbus_chat(fprintd_t)
@@ -14631,8 +14721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri
 +	policykit_dbus_chat_auth(fprintd_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.8.6/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ftp.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ftp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ftp.te	2010-07-09 08:39:39.139385043 +0200
 @@ -40,6 +40,13 @@
  
  ## <desc>
@@ -14761,8 +14851,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  tunable_policy(`sftpd_enable_homedirs && use_nfs_home_dirs',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.8.6/policy/modules/services/git.fc
---- nsaserefpolicy/policy/modules/services/git.fc	2010-04-05 14:44:26.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/git.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/git.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/git.fc	2010-07-09 08:39:39.140409562 +0200
 @@ -1,3 +1,12 @@
 +HOME_DIR/public_git(/.*)?	gen_context(system_u:object_r:git_session_content_t, s0)
 +HOME_DIR/\.gitconfig	--	gen_context(system_u:object_r:git_session_content_t, s0)
@@ -14777,8 +14867,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +/var/www/git(/.*)?		gen_context(system_u:object_r:httpd_git_content_t,s0)
 +/var/www/git/gitweb.cgi		gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.8.6/policy/modules/services/git.if
---- nsaserefpolicy/policy/modules/services/git.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/git.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/git.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/git.if	2010-07-09 08:39:39.142385194 +0200
 @@ -1 +1,525 @@
 -## <summary>GIT revision control system</summary>
 +## <summary>Fast Version Control System.</summary>
@@ -15307,8 +15397,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.8.6/policy/modules/services/git.te
---- nsaserefpolicy/policy/modules/services/git.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/git.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/git.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/git.te	2010-07-09 08:39:39.143385129 +0200
 @@ -1,8 +1,192 @@
 -policy_module(git, 1.0)
 +policy_module(git, 1.0.3)
@@ -15506,8 +15596,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +gen_user(git_shell_u, user, git_shell_r, s0, s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.8.6/policy/modules/services/gnomeclock.if
---- nsaserefpolicy/policy/modules/services/gnomeclock.if	2009-09-16 10:01:13.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/gnomeclock.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/gnomeclock.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/gnomeclock.if	2010-07-09 08:39:39.144385132 +0200
 @@ -63,3 +63,24 @@
  	allow $1 gnomeclock_t:dbus send_msg;
  	allow gnomeclock_t $1:dbus send_msg;
@@ -15534,8 +15624,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
 +	dontaudit gnomeclock_t $1:dbus send_msg;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.8.6/policy/modules/services/gpsd.te
---- nsaserefpolicy/policy/modules/services/gpsd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/gpsd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/gpsd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/gpsd.te	2010-07-09 08:39:39.145385136 +0200
 @@ -56,6 +56,10 @@
  miscfiles_read_localization(gpsd_t)
  
@@ -15548,8 +15638,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.8.6/policy/modules/services/hal.if
---- nsaserefpolicy/policy/modules/services/hal.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/hal.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hal.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/hal.if	2010-07-09 08:39:39.146385000 +0200
 @@ -377,6 +377,26 @@
  
  ########################################
@@ -15578,8 +15668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ## </summary>
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.8.6/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/hal.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hal.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/hal.te	2010-07-09 08:39:39.147385004 +0200
 @@ -54,6 +54,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -15675,8 +15765,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  #
  # Local hald dccm policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.te serefpolicy-3.8.6/policy/modules/services/hddtemp.te
---- nsaserefpolicy/policy/modules/services/hddtemp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/hddtemp.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hddtemp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/hddtemp.te	2010-07-09 08:39:39.148385427 +0200
 @@ -26,6 +26,7 @@
  corenet_tcp_bind_all_nodes(hddtemp_t)
  corenet_tcp_bind_hddtemp_port(hddtemp_t)
@@ -15686,8 +15776,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddt
  files_read_usr_files(hddtemp_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.8.6/policy/modules/services/icecast.te
---- nsaserefpolicy/policy/modules/services/icecast.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/icecast.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/icecast.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/icecast.te	2010-07-09 08:39:39.149385221 +0200
 @@ -37,6 +37,8 @@
  manage_files_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)
  files_pid_filetrans(icecast_t, icecast_var_run_t, { file dir })
@@ -15708,8 +15798,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
  	rtkit_scheduled(icecast_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.8.6/policy/modules/services/inn.te
---- nsaserefpolicy/policy/modules/services/inn.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/inn.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/inn.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/inn.te	2010-07-09 08:39:39.150409949 +0200
 @@ -105,6 +105,7 @@
  
  userdom_dontaudit_use_unpriv_user_fds(innd_t)
@@ -15719,8 +15809,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
  mta_send_mail(innd_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.8.6/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/kerberos.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/kerberos.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/kerberos.te	2010-07-09 08:39:39.151388302 +0200
 @@ -126,10 +126,13 @@
  corenet_tcp_bind_generic_node(kadmind_t)
  corenet_udp_bind_generic_node(kadmind_t)
@@ -15746,8 +15836,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
  manage_files_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.8.6/policy/modules/services/ksmtuned.fc
---- nsaserefpolicy/policy/modules/services/ksmtuned.fc	2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ksmtuned.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.fc	2010-07-09 08:39:39.152411074 +0200
 @@ -3,3 +3,5 @@
  /usr/sbin/ksmtuned		--	gen_context(system_u:object_r:ksmtuned_exec_t,s0)
  
@@ -15755,8 +15845,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
 +
 +/var/log/ksmtuned.*			gen_context(system_u:object_r:ksmtuned_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.if serefpolicy-3.8.6/policy/modules/services/ksmtuned.if
---- nsaserefpolicy/policy/modules/services/ksmtuned.if	2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.if	2010-06-25 13:17:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ksmtuned.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.if	2010-07-09 08:39:39.153384957 +0200
 @@ -60,7 +60,7 @@
  	')
  
@@ -15767,8 +15857,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
  	files_list_pids($1)
  	admin_pattern($1, ksmtuned_var_run_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.8.6/policy/modules/services/ksmtuned.te
---- nsaserefpolicy/policy/modules/services/ksmtuned.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.te	2010-06-21 11:39:04.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ksmtuned.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.te	2010-07-09 08:39:39.154385101 +0200
 @@ -9,6 +9,9 @@
  type ksmtuned_exec_t;
  init_daemon_domain(ksmtuned_t, ksmtuned_exec_t)
@@ -15807,8 +15897,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
  miscfiles_read_localization(ksmtuned_t)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.8.6/policy/modules/services/ldap.fc
---- nsaserefpolicy/policy/modules/services/ldap.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ldap.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ldap.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ldap.fc	2010-07-09 08:39:39.155385175 +0200
 @@ -1,6 +1,8 @@
  
  /etc/ldap/slapd\.conf	--	gen_context(system_u:object_r:slapd_etc_t,s0)
@@ -15825,8 +15915,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  /var/run/slapd\.pid	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
 +#/var/run/slapd.*	-s	gen_context(system_u:object_r:slapd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.8.6/policy/modules/services/ldap.if
---- nsaserefpolicy/policy/modules/services/ldap.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ldap.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ldap.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ldap.if	2010-07-09 08:39:39.156385039 +0200
 @@ -1,5 +1,43 @@
  ## <summary>OpenLDAP directory server</summary>
  
@@ -15929,8 +16019,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.8.6/policy/modules/services/ldap.te
---- nsaserefpolicy/policy/modules/services/ldap.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ldap.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ldap.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ldap.te	2010-07-09 08:39:39.157385113 +0200
 @@ -27,9 +27,15 @@
  type slapd_replog_t;
  files_type(slapd_replog_t)
@@ -15966,8 +16056,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  manage_sock_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
  files_pid_filetrans(slapd_t, slapd_var_run_t, { file sock_file })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.8.6/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/lircd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/lircd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/lircd.te	2010-07-09 08:39:39.158384907 +0200
 @@ -24,6 +24,7 @@
  #
  
@@ -15986,8 +16076,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
  dev_filetrans_lirc(lircd_t)
  dev_rw_lirc(lircd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.if serefpolicy-3.8.6/policy/modules/services/memcached.if
---- nsaserefpolicy/policy/modules/services/memcached.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/memcached.if	2010-06-25 13:17:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/memcached.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/memcached.if	2010-07-09 08:39:39.159385120 +0200
 @@ -59,6 +59,7 @@
  	gen_require(`
  		type memcached_t;
@@ -15997,8 +16087,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memc
  
  	allow $1 memcached_t:process { ptrace signal_perms };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.8.6/policy/modules/services/milter.if
---- nsaserefpolicy/policy/modules/services/milter.if	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/milter.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/milter.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/milter.if	2010-07-09 08:39:39.160384914 +0200
 @@ -37,6 +37,8 @@
  
  	files_read_etc_files($1_milter_t)
@@ -16034,8 +16124,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
  ## </summary>
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.fc serefpolicy-3.8.6/policy/modules/services/mock.fc
---- nsaserefpolicy/policy/modules/services/mock.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mock.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mock.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mock.fc	2010-07-09 08:39:39.160384914 +0200
 @@ -0,0 +1,6 @@
 +
 +/usr/sbin/mock		--	gen_context(system_u:object_r:mock_exec_t,s0)
@@ -16044,8 +16134,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
 +
 +/var/cache/mock(/.*)?		gen_context(system_u:object_r:mock_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.if serefpolicy-3.8.6/policy/modules/services/mock.if
---- nsaserefpolicy/policy/modules/services/mock.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mock.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mock.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mock.if	2010-07-09 08:39:39.162385131 +0200
 @@ -0,0 +1,238 @@
 +
 +## <summary>policy for mock</summary>
@@ -16286,8 +16376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
 +
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.te serefpolicy-3.8.6/policy/modules/services/mock.te
---- nsaserefpolicy/policy/modules/services/mock.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mock.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mock.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mock.te	2010-07-09 08:39:39.162385131 +0200
 @@ -0,0 +1,98 @@
 +policy_module(mock,1.0.0)
 +
@@ -16388,8 +16478,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
 +	apache_read_sys_content_rw_files(mock_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.8.6/policy/modules/services/modemmanager.te
---- nsaserefpolicy/policy/modules/services/modemmanager.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/modemmanager.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/modemmanager.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/modemmanager.te	2010-07-09 08:39:39.163384996 +0200
 @@ -16,7 +16,8 @@
  # ModemManager local policy
  #
@@ -16419,8 +16509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mode
  	udev_read_db(modemmanager_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.fc serefpolicy-3.8.6/policy/modules/services/mpd.fc
---- nsaserefpolicy/policy/modules/services/mpd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mpd.fc	2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mpd.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mpd.fc	2010-07-09 08:39:39.164385209 +0200
 @@ -0,0 +1,10 @@
 +
 +/etc/mpd\.conf		--      gen_context(system_u:object_r:mpd_etc_t,s0)
@@ -16433,8 +16523,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
 +/var/lib/mpd/music(/.*)?       gen_context(system_u:object_r:mpd_data_t,s0)    
 +/var/lib/mpd/playlists(/.*)?   gen_context(system_u:object_r:mpd_data_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.if serefpolicy-3.8.6/policy/modules/services/mpd.if
---- nsaserefpolicy/policy/modules/services/mpd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mpd.if	2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mpd.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mpd.if	2010-07-09 08:39:39.165411823 +0200
 @@ -0,0 +1,274 @@
 +
 +## <summary>policy for daemon for playing music</summary>
@@ -16711,9 +16801,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
 +
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.te serefpolicy-3.8.6/policy/modules/services/mpd.te
---- nsaserefpolicy/policy/modules/services/mpd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mpd.te	2010-06-28 11:33:41.000000000 -0400
-@@ -0,0 +1,110 @@
+--- nsaserefpolicy/policy/modules/services/mpd.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mpd.te	2010-07-09 09:35:41.097135148 +0200
+@@ -0,0 +1,111 @@
 +policy_module(mpd,1.0.0)
 +
 +########################################
@@ -16790,6 +16880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
 +
 +corenet_sendrecv_pulseaudio_client_packets(mpd_t)
 +corenet_tcp_connect_http_port(mpd_t)
++corenet_tcp_connect_http_cache_port(mpd_t)
 +corenet_tcp_connect_pulseaudio_port(mpd_t)
 +corenet_tcp_bind_mpd_port(mpd_t)
 +corenet_tcp_bind_soundd_port(mpd_t)
@@ -16825,8 +16916,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
 +        udev_read_db(mpd_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.8.6/policy/modules/services/mta.fc
---- nsaserefpolicy/policy/modules/services/mta.fc	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mta.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mta.fc	2010-07-09 08:39:39.167411063 +0200
 @@ -13,6 +13,8 @@
  
  /usr/bin/esmtp			-- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -16837,8 +16928,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  /usr/lib/courier/bin/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.8.6/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/mta.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mta.if	2010-07-09 08:39:39.169386765 +0200
 @@ -220,6 +220,25 @@
  	application_executable_file($1)
  ')
@@ -16909,8 +17000,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.8.6/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/mta.te	2010-06-28 11:02:32.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mta.te	2010-07-09 08:39:39.170385372 +0200
 @@ -21,7 +21,7 @@
  files_config_file(etc_mail_t)
  
@@ -17003,8 +17094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  
  read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.8.6/policy/modules/services/munin.if
---- nsaserefpolicy/policy/modules/services/munin.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/munin.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/munin.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/munin.if	2010-07-09 08:39:39.171411287 +0200
 @@ -92,6 +92,24 @@
  	files_search_etc($1)
  ')
@@ -17031,8 +17122,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  ## <summary>
  ##	Append to the munin log.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.8.6/policy/modules/services/munin.te
---- nsaserefpolicy/policy/modules/services/munin.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/munin.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/munin.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/munin.te	2010-07-09 08:39:39.172395507 +0200
 @@ -40,7 +40,7 @@
  # Local policy
  #
@@ -17116,8 +17207,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +term_getattr_all_ptys(system_munin_plugin_t)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.8.6/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/mysql.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mysql.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mysql.te	2010-07-09 08:39:39.173412133 +0200
 @@ -64,6 +64,7 @@
  
  manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
@@ -17143,8 +17234,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  files_read_usr_files(mysqld_safe_t)
  files_dontaudit_getattr_all_dirs(mysqld_safe_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.8.6/policy/modules/services/nagios.if
---- nsaserefpolicy/policy/modules/services/nagios.if	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nagios.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nagios.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nagios.if	2010-07-09 08:39:39.174386295 +0200
 @@ -159,6 +159,26 @@
  
  ########################################
@@ -17173,8 +17264,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
  ##	a domain transition.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.8.6/policy/modules/services/nagios.te
---- nsaserefpolicy/policy/modules/services/nagios.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nagios.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nagios.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nagios.te	2010-07-09 08:39:39.175385321 +0200
 @@ -107,13 +107,11 @@
  files_read_etc_runtime_files(nagios_t)
  files_read_kernel_symbol_table(nagios_t)
@@ -17209,8 +17300,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.8.6/policy/modules/services/networkmanager.fc
---- nsaserefpolicy/policy/modules/services/networkmanager.fc	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/networkmanager.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/networkmanager.fc	2010-07-09 08:39:39.176384976 +0200
 @@ -2,6 +2,10 @@
  
  /etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -17223,8 +17314,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  /sbin/wpa_cli			--	gen_context(system_u:object_r:wpa_cli_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.8.6/policy/modules/services/networkmanager.if
---- nsaserefpolicy/policy/modules/services/networkmanager.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/networkmanager.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/networkmanager.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/networkmanager.if	2010-07-09 08:39:39.178385123 +0200
 @@ -137,6 +137,27 @@
  
  ########################################
@@ -17305,8 +17396,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +	append_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.8.6/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/networkmanager.te	2010-06-25 16:48:01.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/networkmanager.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/networkmanager.te	2010-07-09 08:39:39.179385267 +0200
 @@ -35,7 +35,7 @@
  
  # networkmanager will ptrace itself if gdb is installed
@@ -17398,8 +17489,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.8.6/policy/modules/services/nscd.if
---- nsaserefpolicy/policy/modules/services/nscd.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nscd.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nscd.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nscd.if	2010-07-09 08:39:39.180411182 +0200
 @@ -121,6 +121,24 @@
  
  ########################################
@@ -17435,8 +17526,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.8.6/policy/modules/services/nscd.te
---- nsaserefpolicy/policy/modules/services/nscd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nscd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nscd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nscd.te	2010-07-09 16:25:11.753384075 +0200
 @@ -1,9 +1,16 @@
 -policy_module(nscd, 1.10.0)
 +policy_module(nscd, 1.10.1)
@@ -17455,6 +17546,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  ########################################
  #
  # Declarations
+@@ -30,7 +37,7 @@
+ # Local policy
+ #
+ 
+-allow nscd_t self:capability { kill setgid setuid };
++allow nscd_t self:capability { kill setgid setuid sys_ptrace };
+ dontaudit nscd_t self:capability sys_tty_config;
+ allow nscd_t self:process { getattr getcap setcap setsched signal_perms };
+ allow nscd_t self:fifo_file read_fifo_file_perms;
 @@ -90,6 +97,7 @@
  selinux_compute_relabel_context(nscd_t)
  selinux_compute_user_contexts(nscd_t)
@@ -17492,8 +17592,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +	unconfined_dontaudit_rw_packet_sockets(nscd_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.te serefpolicy-3.8.6/policy/modules/services/nslcd.te
---- nsaserefpolicy/policy/modules/services/nslcd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nslcd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nslcd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nslcd.te	2010-07-09 08:39:39.182403717 +0200
 @@ -34,6 +34,8 @@
  manage_sock_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
  files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir })
@@ -17504,8 +17604,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslc
  
  auth_use_nsswitch(nslcd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.8.6/policy/modules/services/ntp.te
---- nsaserefpolicy/policy/modules/services/ntp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ntp.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ntp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ntp.te	2010-07-09 08:39:39.183385143 +0200
 @@ -96,9 +96,12 @@
  dev_read_sysfs(ntpd_t)
  # for SSP
@@ -17520,8 +17620,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
  term_use_ptmx(ntpd_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.8.6/policy/modules/services/nut.te
---- nsaserefpolicy/policy/modules/services/nut.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nut.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nut.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nut.te	2010-07-09 08:39:39.184384867 +0200
 @@ -103,6 +103,10 @@
  
  mta_send_mail(nut_upsmon_t)
@@ -17534,8 +17634,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.
  #
  # Local policy for upsdrvctl
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.8.6/policy/modules/services/nx.if
---- nsaserefpolicy/policy/modules/services/nx.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nx.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nx.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nx.if	2010-07-09 08:39:39.185385081 +0200
 @@ -35,6 +35,7 @@
  
  	allow $1 nx_server_var_lib_t:dir search_dir_perms;
@@ -17545,8 +17645,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.i
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.8.6/policy/modules/services/nx.te
---- nsaserefpolicy/policy/modules/services/nx.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nx.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nx.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nx.te	2010-07-09 08:39:39.186385224 +0200
 @@ -27,6 +27,9 @@
  type nx_server_var_run_t;
  files_pid_file(nx_server_var_run_t)
@@ -17568,8 +17668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.t
  kernel_read_kernel_sysctls(nx_server_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.8.6/policy/modules/services/oddjob.fc
---- nsaserefpolicy/policy/modules/services/oddjob.fc	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oddjob.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oddjob.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oddjob.fc	2010-07-09 08:39:39.187385157 +0200
 @@ -1,4 +1,5 @@
  /usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 +/usr/libexec/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -17577,8 +17677,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
  /usr/sbin/oddjobd		--	gen_context(system_u:object_r:oddjob_exec_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.8.6/policy/modules/services/oddjob.if
---- nsaserefpolicy/policy/modules/services/oddjob.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oddjob.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oddjob.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oddjob.if	2010-07-09 08:39:39.188385092 +0200
 @@ -44,6 +44,7 @@
  	')
  
@@ -17588,8 +17688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.8.6/policy/modules/services/oddjob.te
---- nsaserefpolicy/policy/modules/services/oddjob.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oddjob.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oddjob.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oddjob.te	2010-07-09 08:39:39.188385092 +0200
 @@ -99,8 +99,7 @@
  
  # Add/remove user home directories
@@ -17602,8 +17702,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
 +userdom_manage_user_home_content(oddjob_mkhomedir_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oident.te serefpolicy-3.8.6/policy/modules/services/oident.te
---- nsaserefpolicy/policy/modules/services/oident.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oident.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oident.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oident.te	2010-07-09 08:39:39.189385165 +0200
 @@ -48,6 +48,7 @@
  kernel_read_network_state(oidentd_t)
  kernel_read_network_state_symlinks(oidentd_t)
@@ -17613,8 +17713,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oide
  logging_send_syslog_msg(oidentd_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.8.6/policy/modules/services/openvpn.te
---- nsaserefpolicy/policy/modules/services/openvpn.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/openvpn.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/openvpn.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/openvpn.te	2010-07-09 08:39:39.190411290 +0200
 @@ -24,6 +24,9 @@
  type openvpn_etc_rw_t;
  files_config_file(openvpn_etc_rw_t)
@@ -17644,8 +17744,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  tunable_policy(`openvpn_enable_homedirs',`
  	userdom_read_user_home_content_files(openvpn_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.8.6/policy/modules/services/pegasus.te
---- nsaserefpolicy/policy/modules/services/pegasus.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pegasus.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pegasus.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pegasus.te	2010-07-09 08:39:39.191411713 +0200
 @@ -29,7 +29,7 @@
  # Local policy
  #
@@ -17718,8 +17818,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
 +	xen_stream_connect_xenstore(pegasus_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.fc serefpolicy-3.8.6/policy/modules/services/piranha.fc
---- nsaserefpolicy/policy/modules/services/piranha.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/piranha.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/piranha.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/piranha.fc	2010-07-09 08:39:39.192388180 +0200
 @@ -0,0 +1,21 @@
 +
 +/etc/rc\.d/init\.d/pulse	--	gen_context(system_u:object_r:piranha_pulse_initrc_exec_t,s0)
@@ -17743,8 +17843,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
 +
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.if serefpolicy-3.8.6/policy/modules/services/piranha.if
---- nsaserefpolicy/policy/modules/services/piranha.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/piranha.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/piranha.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/piranha.if	2010-07-09 08:39:39.193410184 +0200
 @@ -0,0 +1,175 @@
 +
 +## <summary>policy for piranha</summary>
@@ -17922,9 +18022,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
 +    manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.te serefpolicy-3.8.6/policy/modules/services/piranha.te
---- nsaserefpolicy/policy/modules/services/piranha.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/piranha.te	2010-06-21 10:53:58.000000000 -0400
-@@ -0,0 +1,181 @@
+--- nsaserefpolicy/policy/modules/services/piranha.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/piranha.te	2010-07-09 09:13:55.695135233 +0200
+@@ -0,0 +1,188 @@
 +policy_module(piranha,1.0.0)
 +
 +########################################
@@ -17952,6 +18052,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
 +
 +piranha_domain_template(web)
 +
++type piranha_web_tmpfs_t;
++files_tmpfs_file(piranha_web_tmpfs_t)
++
 +type piranha_etc_rw_t;
 +files_type(piranha_etc_rw_t)
 +
@@ -17991,6 +18094,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
 +manage_files_pattern(piranha_web_t, piranha_log_t, piranha_log_t)
 +logging_log_filetrans(piranha_web_t, piranha_log_t, { dir file } )
 +
++manage_dirs_pattern(piranha_web_t, piranha_web_tmpfs_t, piranha_web_tmpfs_t)
++manage_files_pattern(piranha_web_t, piranha_web_tmpfs_t, piranha_web_tmpfs_t)
++fs_tmpfs_filetrans(piranha_web_t, piranha_web_tmpfs_t, { dir file })
++
 +piranha_pulse_initrc_domtrans(piranha_web_t)
 +
 +kernel_read_kernel_sysctls(piranha_web_t)
@@ -18107,8 +18214,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
 +
 +sysnet_read_config(piranha_domain)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.te serefpolicy-3.8.6/policy/modules/services/plymouthd.te
---- nsaserefpolicy/policy/modules/services/plymouthd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/plymouthd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/plymouthd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/plymouthd.te	2010-07-09 08:39:39.195134943 +0200
 @@ -60,10 +60,14 @@
  files_read_etc_files(plymouthd_t)
  files_read_usr_files(plymouthd_t)
@@ -18133,8 +18240,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
  domain_use_interactive_fds(plymouth_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.8.6/policy/modules/services/policykit.fc
---- nsaserefpolicy/policy/modules/services/policykit.fc	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/policykit.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/policykit.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/policykit.fc	2010-07-09 08:39:39.196135226 +0200
 @@ -6,10 +6,13 @@
  /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
  /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
@@ -18151,8 +18258,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
  /var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.8.6/policy/modules/services/policykit.if
---- nsaserefpolicy/policy/modules/services/policykit.if	2009-08-18 18:39:50.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/policykit.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/policykit.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/policykit.if	2010-07-09 08:39:39.197146474 +0200
 @@ -17,12 +17,37 @@
  		class dbus send_msg;
  	')
@@ -18250,8 +18357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
 +	allow $1 policykit_auth_t:process signal;
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.8.6/policy/modules/services/policykit.te
---- nsaserefpolicy/policy/modules/services/policykit.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/policykit.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/policykit.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/policykit.te	2010-07-09 08:39:39.199135168 +0200
 @@ -24,6 +24,9 @@
  type policykit_reload_t alias polkit_reload_t;
  files_type(policykit_reload_t)
@@ -18435,8 +18542,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
  allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms;
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.8.6/policy/modules/services/portreserve.fc
---- nsaserefpolicy/policy/modules/services/portreserve.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/portreserve.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/portreserve.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/portreserve.fc	2010-07-09 08:39:39.200135171 +0200
 @@ -1,3 +1,6 @@
 +
 +/etc/rc\.d/init\.d/portreserve    --  gen_context(system_u:object_r:portreserve_initrc_exec_t,s0)
@@ -18445,8 +18552,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
  
  /sbin/portreserve		--	gen_context(system_u:object_r:portreserve_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.8.6/policy/modules/services/portreserve.if
---- nsaserefpolicy/policy/modules/services/portreserve.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/portreserve.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/portreserve.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/portreserve.if	2010-07-09 08:39:39.201135245 +0200
 @@ -18,6 +18,24 @@
  	domtrans_pattern($1, portreserve_exec_t, portreserve_t)
  ')
@@ -18514,8 +18621,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
 +	admin_pattern($1, portreserve_var_run_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.8.6/policy/modules/services/portreserve.te
---- nsaserefpolicy/policy/modules/services/portreserve.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/portreserve.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/portreserve.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/portreserve.te	2010-07-09 09:55:44.480135059 +0200
 @@ -9,6 +9,9 @@
  type portreserve_exec_t;
  init_daemon_domain(portreserve_t, portreserve_exec_t)
@@ -18526,9 +18633,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
  type portreserve_etc_t;
  files_type(portreserve_etc_t)
  
+@@ -47,3 +50,5 @@
+ corenet_udp_bind_all_ports(portreserve_t)
+ 
+ files_read_etc_files(portreserve_t)
++
++userdom_dontaudit_search_user_home_content(portreserve_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.8.6/policy/modules/services/postfix.fc
---- nsaserefpolicy/policy/modules/services/postfix.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/postfix.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/postfix.fc	2010-07-09 08:39:39.202135318 +0200
 @@ -1,4 +1,5 @@
  # postfix
 +/etc/rc\.d/init\.d/postfix    --  gen_context(system_u:object_r:postfix_initrc_exec_t,s0)
@@ -18549,8 +18662,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.8.6/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/postfix.if	2010-06-25 13:19:47.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/postfix.if	2010-07-09 08:39:39.204134767 +0200
 @@ -376,6 +376,25 @@
  	domtrans_pattern($1, postfix_master_exec_t, postfix_master_t)
  ')
@@ -18760,8 +18873,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.8.6/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/postfix.te	2010-06-28 12:56:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/postfix.te	2010-07-09 08:39:39.206135543 +0200
 @@ -5,6 +5,15 @@
  # Declarations
  #
@@ -18912,8 +19025,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +userdom_home_filetrans_user_home_dir(postfix_virtual_t)
 +userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.8.6/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ppp.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ppp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ppp.te	2010-07-09 08:39:39.207135059 +0200
 @@ -70,7 +70,7 @@
  # PPPD Local policy
  #
@@ -18933,8 +19046,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.8.6/policy/modules/services/procmail.fc
---- nsaserefpolicy/policy/modules/services/procmail.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/procmail.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/procmail.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/procmail.fc	2010-07-09 08:39:39.208146865 +0200
 @@ -1,3 +1,5 @@
 +HOME_DIR/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
 +/root/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
@@ -18942,8 +19055,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
  /usr/bin/procmail	--	gen_context(system_u:object_r:procmail_exec_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.8.6/policy/modules/services/procmail.te
---- nsaserefpolicy/policy/modules/services/procmail.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/procmail.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/procmail.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/procmail.te	2010-07-09 08:39:39.209135206 +0200
 @@ -10,6 +10,9 @@
  application_domain(procmail_t, procmail_exec_t)
  role system_r types procmail_t;
@@ -18993,8 +19106,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
  	pyzor_signal(procmail_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.8.6/policy/modules/services/psad.if
---- nsaserefpolicy/policy/modules/services/psad.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/psad.if	2010-06-25 13:17:36.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/psad.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/psad.if	2010-07-09 08:39:39.210135279 +0200
 @@ -176,6 +176,26 @@
  
  ########################################
@@ -19032,8 +19145,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
  
  	allow $1 psad_t:process { ptrace signal_perms };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.8.6/policy/modules/services/psad.te
---- nsaserefpolicy/policy/modules/services/psad.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/psad.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/psad.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/psad.te	2010-07-09 08:39:39.211134864 +0200
 @@ -85,6 +85,7 @@
  dev_read_urand(psad_t)
  
@@ -19043,8 +19156,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
  fs_getattr_all_fs(psad_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/puppet.te serefpolicy-3.8.6/policy/modules/services/puppet.te
---- nsaserefpolicy/policy/modules/services/puppet.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/puppet.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/puppet.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/puppet.te	2010-07-09 08:39:39.212135287 +0200
 @@ -221,6 +221,8 @@
  sysnet_dns_name_resolve(puppetmaster_t)
  sysnet_run_ifconfig(puppetmaster_t, system_r)
@@ -19055,8 +19168,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp
  	hostname_exec(puppetmaster_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.8.6/policy/modules/services/pyzor.fc
---- nsaserefpolicy/policy/modules/services/pyzor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pyzor.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pyzor.fc	2010-07-09 08:39:39.213135151 +0200
 @@ -1,6 +1,10 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -19069,8 +19182,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
  /usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.8.6/policy/modules/services/pyzor.if
---- nsaserefpolicy/policy/modules/services/pyzor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pyzor.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pyzor.if	2010-07-09 08:39:39.214135225 +0200
 @@ -88,3 +88,50 @@
  	corecmd_search_bin($1)
  	can_exec($1, pyzor_exec_t)
@@ -19123,8 +19236,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
 +
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.8.6/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pyzor.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pyzor.te	2010-07-09 08:39:39.215135019 +0200
 @@ -5,6 +5,38 @@
  # Declarations
  #
@@ -19190,8 +19303,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.fc serefpolicy-3.8.6/policy/modules/services/qpidd.fc
---- nsaserefpolicy/policy/modules/services/qpidd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/qpidd.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/qpidd.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/qpidd.fc	2010-07-09 08:39:39.216153810 +0200
 @@ -0,0 +1,9 @@
 +
 +/usr/sbin/qpidd	--	gen_context(system_u:object_r:qpidd_exec_t,s0)
@@ -19203,8 +19316,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
 +/var/run/qpidd(/.*)?			gen_context(system_u:object_r:qpidd_var_run_t,s0)
 +/var/run/qpidd\.pid			gen_context(system_u:object_r:qpidd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.if serefpolicy-3.8.6/policy/modules/services/qpidd.if
---- nsaserefpolicy/policy/modules/services/qpidd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/qpidd.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/qpidd.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/qpidd.if	2010-07-09 08:39:39.217135097 +0200
 @@ -0,0 +1,236 @@
 +
 +## <summary>policy for qpidd</summary>
@@ -19443,8 +19556,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
 +        allow $1 qpidd_t:shm rw_shm_perms;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.te serefpolicy-3.8.6/policy/modules/services/qpidd.te
---- nsaserefpolicy/policy/modules/services/qpidd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/qpidd.te	2010-06-25 15:10:37.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/qpidd.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/qpidd.te	2010-07-09 08:39:39.218135031 +0200
 @@ -0,0 +1,59 @@
 +policy_module(qpidd,1.0.0)
 +
@@ -19506,8 +19619,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
 +
 +sysnet_dns_name_resolve(qpidd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.8.6/policy/modules/services/radius.te
---- nsaserefpolicy/policy/modules/services/radius.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/radius.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/radius.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/radius.te	2010-07-09 08:39:39.219135244 +0200
 @@ -36,7 +36,7 @@
  # gzip also needs chown access to preserve GID for radwtmp files
  allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config };
@@ -19518,16 +19631,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
  allow radiusd_t self:unix_stream_socket create_stream_socket_perms;
  allow radiusd_t self:tcp_socket create_stream_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.8.6/policy/modules/services/razor.fc
---- nsaserefpolicy/policy/modules/services/razor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/razor.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/razor.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/razor.fc	2010-07-09 08:39:39.220135248 +0200
 @@ -1,3 +1,4 @@
 +/root/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  
  /etc/razor(/.*)?		gen_context(system_u:object_r:razor_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.8.6/policy/modules/services/razor.if
---- nsaserefpolicy/policy/modules/services/razor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/razor.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/razor.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/razor.if	2010-07-09 08:39:39.221135252 +0200
 @@ -157,3 +157,45 @@
  
  	domtrans_pattern($1, razor_exec_t, razor_t)
@@ -19575,8 +19688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.8.6/policy/modules/services/razor.te
---- nsaserefpolicy/policy/modules/services/razor.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/razor.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/razor.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/razor.te	2010-07-09 08:39:39.222135186 +0200
 @@ -5,6 +5,32 @@
  # Declarations
  #
@@ -19629,8 +19742,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
 +
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.8.6/policy/modules/services/rgmanager.fc
---- nsaserefpolicy/policy/modules/services/rgmanager.fc	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rgmanager.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rgmanager.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rgmanager.fc	2010-07-09 08:39:39.223145387 +0200
 @@ -1,3 +1,5 @@
 +/etc/rc\.d/init\.d/rgmanager          --  gen_context(system_u:object_r:rgmanager_initrc_exec_t,s0)
 +
@@ -19638,8 +19751,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
  
  /var/log/cluster/rgmanager\.log		--	gen_context(system_u:object_r:rgmanager_var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.8.6/policy/modules/services/rgmanager.if
---- nsaserefpolicy/policy/modules/services/rgmanager.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rgmanager.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rgmanager.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rgmanager.if	2010-07-09 08:39:39.230134658 +0200
 @@ -75,3 +75,64 @@
  	fs_search_tmpfs($1)
  	manage_files_pattern($1, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
@@ -19706,8 +19819,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +	admin_pattern($1, rgmanager_var_run_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.8.6/policy/modules/services/rgmanager.te
---- nsaserefpolicy/policy/modules/services/rgmanager.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rgmanager.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rgmanager.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rgmanager.te	2010-07-09 08:39:39.231135081 +0200
 @@ -17,6 +17,9 @@
  domain_type(rgmanager_t)
  init_daemon_domain(rgmanager_t, rgmanager_exec_t)
@@ -19762,17 +19875,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
  	mysql_stream_connect(rgmanager_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.8.6/policy/modules/services/rhcs.if
---- nsaserefpolicy/policy/modules/services/rhcs.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rhcs.if	2010-06-21 10:53:58.000000000 -0400
-@@ -14,6 +14,7 @@
+--- nsaserefpolicy/policy/modules/services/rhcs.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rhcs.if	2010-07-09 10:11:46.230385859 +0200
+@@ -14,6 +14,8 @@
  template(`rhcs_domain_template',`
  	gen_require(`
  		attribute cluster_domain;
 +		attribute cluster_tmpfs;
++		attribute cluster_pid;
  	')
  
  	##############################
-@@ -25,7 +26,7 @@
+@@ -25,13 +27,13 @@
  	type $1_exec_t;
  	init_daemon_domain($1_t, $1_exec_t)
  
@@ -19781,7 +19895,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  	files_tmpfs_file($1_tmpfs_t)
  
  	type $1_var_log_t;
-@@ -335,6 +336,46 @@
+ 	logging_log_file($1_var_log_t)
+ 
+-	type $1_var_run_t;
++	type $1_var_run_t, cluster_pid;
+ 	files_pid_file($1_var_run_t)
+ 
+ 	##############################
+@@ -335,6 +337,67 @@
  	manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
  ')
  
@@ -19825,10 +19946,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
 +        allow $1 cluster_domain:sem { rw_sem_perms destroy };
 +')
 +
++####################################
++## <summary>
++##  Connect to cluster domains over a unix domain
++##  stream socket.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`rhcs_stream_connect_cluster',`
++    gen_require(`
++        attribute cluster_domain;
++        attribute cluster_pid;
++    ')
++
++    files_search_pids($1)
++    stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
++')
++
  ######################################
  ## <summary>
  ##	Execute a domain transition to run qdiskd.
-@@ -353,3 +394,21 @@
+@@ -353,3 +416,21 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, qdiskd_exec_t, qdiskd_t)
  ')
@@ -19851,17 +19993,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
 +	allow $1 qdiskd_tmpfs_t:file read_file_perms;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.8.6/policy/modules/services/rhcs.te
---- nsaserefpolicy/policy/modules/services/rhcs.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rhcs.te	2010-06-21 10:53:58.000000000 -0400
-@@ -13,6 +13,7 @@
+--- nsaserefpolicy/policy/modules/services/rhcs.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rhcs.te	2010-07-09 09:10:06.331135765 +0200
+@@ -13,6 +13,8 @@
  gen_tunable(fenced_can_network_connect, false)
  
  attribute cluster_domain;
 +attribute cluster_tmpfs;
++attribute cluster_pid;
  
  rhcs_domain_template(dlm_controld)
  
-@@ -55,17 +56,13 @@
+@@ -55,17 +57,13 @@
  
  init_rw_script_tmp_files(dlm_controld_t)
  
@@ -19880,7 +20023,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  
  allow fenced_t self:tcp_socket create_stream_socket_perms;
  allow fenced_t self:udp_socket create_socket_perms;
-@@ -82,7 +79,10 @@
+@@ -82,7 +80,10 @@
  
  stream_connect_pattern(fenced_t, groupd_var_run_t, groupd_var_run_t, groupd_t)
  
@@ -19891,7 +20034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  
  corenet_tcp_connect_http_port(fenced_t)
  
-@@ -106,7 +106,6 @@
+@@ -106,7 +107,6 @@
  
  optional_policy(`
  	ccs_read_config(fenced_t)
@@ -19899,7 +20042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  ')
  
  optional_policy(`
-@@ -139,10 +138,6 @@
+@@ -139,10 +139,6 @@
  init_rw_script_tmp_files(gfs_controld_t)
  
  optional_policy(`
@@ -19910,7 +20053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  	lvm_exec(gfs_controld_t)
  	dev_rw_lvm_control(gfs_controld_t)
  ')
-@@ -168,7 +163,7 @@
+@@ -168,7 +164,7 @@
  # qdiskd local policy
  #
  
@@ -19919,7 +20062,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  
  allow qdiskd_t self:tcp_socket create_stream_socket_perms;
  allow qdiskd_t self:udp_socket create_socket_perms;
-@@ -207,10 +202,6 @@
+@@ -207,10 +203,6 @@
  auth_use_nsswitch(qdiskd_t)
  
  optional_policy(`
@@ -19930,7 +20073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  	netutils_domtrans_ping(qdiskd_t)
  ')
  
-@@ -236,5 +227,9 @@
+@@ -236,5 +228,9 @@
  miscfiles_read_localization(cluster_domain)
  
  optional_policy(`
@@ -19941,8 +20084,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
  	corosync_stream_connect(cluster_domain)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-3.8.6/policy/modules/services/ricci.fc
---- nsaserefpolicy/policy/modules/services/ricci.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ricci.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ricci.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ricci.fc	2010-07-09 08:39:39.235147109 +0200
 @@ -1,3 +1,6 @@
 +
 +/etc/rc\.d/init\.d/ricci    --  gen_context(system_u:object_r:ricci_initrc_exec_t,s0)
@@ -19951,8 +20094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  /usr/libexec/ricci-modlog	--	gen_context(system_u:object_r:ricci_modlog_exec_t,s0)
  /usr/libexec/ricci-modrpm	--	gen_context(system_u:object_r:ricci_modrpm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.8.6/policy/modules/services/ricci.if
---- nsaserefpolicy/policy/modules/services/ricci.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ricci.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ricci.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ricci.if	2010-07-09 08:39:39.236135030 +0200
 @@ -18,6 +18,24 @@
  	domtrans_pattern($1, ricci_exec_t, ricci_t)
  ')
@@ -20027,8 +20170,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
 +	admin_pattern($1, ricci_var_run_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.8.6/policy/modules/services/ricci.te
---- nsaserefpolicy/policy/modules/services/ricci.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ricci.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ricci.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ricci.te	2010-07-09 08:39:39.237135733 +0200
 @@ -10,6 +10,9 @@
  domain_type(ricci_t)
  init_daemon_domain(ricci_t, ricci_exec_t)
@@ -20053,8 +20196,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  
  term_dontaudit_use_console(ricci_modstorage_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.8.6/policy/modules/services/rlogin.fc
---- nsaserefpolicy/policy/modules/services/rlogin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rlogin.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rlogin.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rlogin.fc	2010-07-09 08:39:39.238146981 +0200
 @@ -1,4 +1,7 @@
  HOME_DIR/\.rlogin		--	gen_context(system_u:object_r:rlogind_home_t,s0)
 +HOME_DIR/\.rhosts		--	gen_context(system_u:object_r:rlogind_home_t,s0)
@@ -20064,8 +20207,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
  /usr/kerberos/sbin/klogind	--	gen_context(system_u:object_r:rlogind_exec_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.8.6/policy/modules/services/rlogin.te
---- nsaserefpolicy/policy/modules/services/rlogin.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rlogin.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rlogin.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rlogin.te	2010-07-09 08:39:39.239146985 +0200
 @@ -88,6 +88,7 @@
  userdom_setattr_user_ptys(rlogind_t)
  # cjp: this is egregious
@@ -20075,8 +20218,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
  remotelogin_domtrans(rlogind_t)
  remotelogin_signal(rlogind_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.8.6/policy/modules/services/rpcbind.if
---- nsaserefpolicy/policy/modules/services/rpcbind.if	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/rpcbind.if	2010-06-25 13:17:49.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpcbind.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpcbind.if	2010-07-09 08:39:39.240135395 +0200
 @@ -141,7 +141,7 @@
  	allow $1 rpcbind_t:process { ptrace signal_perms };
  	ps_process_pattern($1, rpcbind_t)
@@ -20087,8 +20230,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
  	role_transition $2 rpcbind_initrc_exec_t system_r;
  	allow $2 system_r;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.8.6/policy/modules/services/rpcbind.te
---- nsaserefpolicy/policy/modules/services/rpcbind.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rpcbind.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpcbind.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpcbind.te	2010-07-09 08:39:39.241152580 +0200
 @@ -71,3 +71,7 @@
  ifdef(`hide_broken_symptoms',`
  	dontaudit rpcbind_t self:udp_socket listen;
@@ -20098,8 +20241,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
 +	nis_use_ypbind(rpcbind_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.8.6/policy/modules/services/rpc.if
---- nsaserefpolicy/policy/modules/services/rpc.if	2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rpc.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpc.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpc.if	2010-07-09 08:39:39.243135337 +0200
 @@ -246,6 +246,26 @@
  	allow rpcd_t $1:process signal;
  ')
@@ -20134,8 +20277,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 +	allow $1 var_lib_nfs_t:file { relabelfrom relabelto };
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.8.6/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rpc.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpc.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpc.te	2010-07-09 08:39:39.244135131 +0200
 @@ -97,15 +97,26 @@
  
  seutil_dontaudit_search_config(rpcd_t)
@@ -20181,8 +20324,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.8.6/policy/modules/services/rsync.if
---- nsaserefpolicy/policy/modules/services/rsync.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/rsync.if	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rsync.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rsync.if	2010-07-09 08:39:39.245135205 +0200
 @@ -119,7 +119,7 @@
  		type rsync_etc_t;
  	')
@@ -20244,8 +20387,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +	files_etc_filetrans($1, rsync_etc_t, $2)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.8.6/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rsync.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rsync.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rsync.te	2010-07-09 08:39:39.246135139 +0200
 @@ -7,6 +7,13 @@
  
  ## <desc>
@@ -20306,8 +20449,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +
  auth_can_read_shadow_passwords(rsync_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.8.6/policy/modules/services/rtkit.if
---- nsaserefpolicy/policy/modules/services/rtkit.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rtkit.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rtkit.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rtkit.if	2010-07-09 08:39:39.247135142 +0200
 @@ -41,6 +41,27 @@
  
  ########################################
@@ -20337,8 +20480,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
  ## </summary>
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.8.6/policy/modules/services/samba.fc
---- nsaserefpolicy/policy/modules/services/samba.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/samba.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/samba.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/samba.fc	2010-07-09 08:39:39.247135142 +0200
 @@ -51,3 +51,7 @@
  /var/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
  
@@ -20348,8 +20491,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +/var/lib/samba/scripts(/.*)?		gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.8.6/policy/modules/services/samba.if
---- nsaserefpolicy/policy/modules/services/samba.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/samba.if	2010-06-25 13:21:13.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/samba.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/samba.if	2010-07-09 08:39:39.249135080 +0200
 @@ -79,6 +79,25 @@
  
  ########################################
@@ -20525,8 +20668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +	admin_pattern($1, samba_unconfined_script_exec_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.8.6/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/samba.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/samba.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/samba.te	2010-07-09 08:39:39.251135228 +0200
 @@ -152,9 +152,6 @@
  type winbind_log_t;
  logging_log_file(winbind_log_t)
@@ -20660,8 +20803,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +	can_exec(smbd_t, samba_unconfined_script_exec_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.8.6/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sasl.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sasl.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sasl.te	2010-07-09 08:39:39.252134813 +0200
 @@ -49,6 +49,9 @@
  kernel_read_kernel_sysctls(saslauthd_t)
  kernel_read_system_state(saslauthd_t)
@@ -20673,8 +20816,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
  corenet_all_recvfrom_netlabel(saslauthd_t)
  corenet_tcp_sendrecv_generic_if(saslauthd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.fc serefpolicy-3.8.6/policy/modules/services/sendmail.fc
---- nsaserefpolicy/policy/modules/services/sendmail.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sendmail.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sendmail.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sendmail.fc	2010-07-09 08:39:39.253146899 +0200
 @@ -1,4 +1,6 @@
  
 +/etc/rc\.d/init\.d/sendmail --  gen_context(system_u:object_r:sendmail_initrc_exec_t,s0)
@@ -20683,8 +20826,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  /var/log/mail(/.*)?			gen_context(system_u:object_r:sendmail_log_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.8.6/policy/modules/services/sendmail.if
---- nsaserefpolicy/policy/modules/services/sendmail.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sendmail.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sendmail.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sendmail.if	2010-07-09 08:39:39.254140268 +0200
 @@ -57,6 +57,24 @@
  	allow sendmail_t $1:process sigchld;
  ')
@@ -20762,8 +20905,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +	admin_pattern($1, mail_spool_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.8.6/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sendmail.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sendmail.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sendmail.te	2010-07-09 08:39:39.255146907 +0200
 @@ -19,6 +19,9 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -20827,8 +20970,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +	unconfined_domain_noaudit(unconfined_sendmail_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.8.6/policy/modules/services/setroubleshoot.if
---- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.if	2010-06-25 13:20:38.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.if	2010-07-09 08:39:39.256135247 +0200
 @@ -105,6 +105,25 @@
  
  ########################################
@@ -20874,8 +21017,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
  	files_list_var_lib($1)
  	admin_pattern($1, setroubleshoot_var_lib_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.8.6/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.te	2010-07-09 08:39:39.258135045 +0200
 @@ -32,6 +32,8 @@
  
  allow setroubleshootd_t self:capability { dac_override sys_nice sys_tty_config };
@@ -20928,8 +21071,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
  	rpm_signull(setroubleshoot_fixit_t)
  	rpm_read_db(setroubleshoot_fixit_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.8.6/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/smartmon.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/smartmon.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/smartmon.te	2010-07-09 08:39:39.258135045 +0200
 @@ -82,6 +82,8 @@
  storage_raw_read_fixed_disk(fsdaemon_t)
  storage_raw_write_fixed_disk(fsdaemon_t)
@@ -20940,8 +21083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
  term_dontaudit_search_ptys(fsdaemon_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.8.6/policy/modules/services/smokeping.te
---- nsaserefpolicy/policy/modules/services/smokeping.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/smokeping.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/smokeping.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/smokeping.te	2010-07-09 08:39:39.259135049 +0200
 @@ -23,6 +23,7 @@
  # smokeping local policy
  #
@@ -20959,8 +21102,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
  logging_send_syslog_msg(smokeping_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.8.6/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/snmp.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/snmp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/snmp.te	2010-07-09 08:39:39.260135262 +0200
 @@ -24,7 +24,7 @@
  #
  # Local policy
@@ -20979,8 +21122,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
  auth_use_nsswitch(snmpd_t)
  auth_read_all_dirs_except_shadow(snmpd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.8.6/policy/modules/services/snort.te
---- nsaserefpolicy/policy/modules/services/snort.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/snort.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/snort.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/snort.te	2010-07-09 08:39:39.262135270 +0200
 @@ -61,6 +61,7 @@
  kernel_read_proc_symlinks(snort_t)
  kernel_request_load_module(snort_t)
@@ -20998,8 +21141,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
  # Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect?
  dev_rw_generic_usb_dev(snort_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.8.6/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/spamassassin.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/spamassassin.fc	2010-07-09 08:39:39.263135134 +0200
 @@ -1,15 +1,26 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -21030,8 +21173,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +/var/spool/MD-Quarantine(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
 +/var/spool/MIMEDefang(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.8.6/policy/modules/services/spamassassin.if
---- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/spamassassin.if	2010-06-25 13:21:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/spamassassin.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/spamassassin.if	2010-07-09 08:39:39.264135138 +0200
 @@ -111,6 +111,45 @@
  	')
  
@@ -21159,8 +21302,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +	admin_pattern($1, spamd_var_run_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.8.6/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/spamassassin.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/spamassassin.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/spamassassin.te	2010-07-09 08:39:39.266135216 +0200
 @@ -19,6 +19,35 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs, true)
@@ -21477,8 +21620,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
  	udev_read_db(spamd_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.8.6/policy/modules/services/ssh.fc
---- nsaserefpolicy/policy/modules/services/ssh.fc	2010-01-18 15:04:31.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/ssh.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ssh.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ssh.fc	2010-07-09 08:39:39.267147092 +0200
 @@ -1,4 +1,9 @@
  HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
 +HOME_DIR/\.shosts			gen_context(system_u:object_r:ssh_home_t,s0)
@@ -21497,8 +21640,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
 +/root/\.shosts				gen_context(system_u:object_r:home_ssh_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.8.6/policy/modules/services/ssh.if
---- nsaserefpolicy/policy/modules/services/ssh.if	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ssh.if	2010-06-25 16:21:14.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ssh.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ssh.if	2010-07-09 08:39:39.269135297 +0200
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -21656,8 +21799,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  ## <summary>
  ##	Execute the ssh client in the caller domain.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.8.6/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ssh.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ssh.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ssh.te	2010-07-09 08:39:39.270135231 +0200
 @@ -33,13 +33,12 @@
  ssh_server_template(sshd)
  init_daemon_domain(sshd_t, sshd_exec_t)
@@ -21812,8 +21955,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.8.6/policy/modules/services/sssd.te
---- nsaserefpolicy/policy/modules/services/sssd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sssd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sssd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sssd.te	2010-07-09 08:39:39.271146968 +0200
 @@ -31,6 +31,7 @@
  allow sssd_t self:capability { dac_read_search dac_override kill sys_nice setgid setuid };
  allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
@@ -21832,8 +21975,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
  	dbus_system_bus_client(sssd_t)
  	dbus_connect_system_bus(sssd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.8.6/policy/modules/services/sysstat.te
---- nsaserefpolicy/policy/modules/services/sysstat.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sysstat.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sysstat.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sysstat.te	2010-07-09 08:39:39.272135029 +0200
 @@ -68,3 +68,8 @@
  optional_policy(`
  	logging_send_syslog_msg(sysstat_t)
@@ -21844,8 +21987,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/syss
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.8.6/policy/modules/services/tftp.if
---- nsaserefpolicy/policy/modules/services/tftp.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/tftp.if	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tftp.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tftp.if	2010-07-09 08:39:39.273135312 +0200
 @@ -20,6 +20,25 @@
  
  ########################################
@@ -21910,8 +22053,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
  ##	an tftp environment
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.8.6/policy/modules/services/tftp.te
---- nsaserefpolicy/policy/modules/services/tftp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tftp.te	2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tftp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tftp.te	2010-07-09 08:39:39.274135107 +0200
 @@ -94,6 +94,10 @@
  ')
  
@@ -21924,8 +22067,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.te serefpolicy-3.8.6/policy/modules/services/tgtd.te
---- nsaserefpolicy/policy/modules/services/tgtd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tgtd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tgtd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tgtd.te	2010-07-09 08:39:39.275135180 +0200
 @@ -59,8 +59,12 @@
  
  files_read_etc_files(tgtd_t)
@@ -21940,8 +22083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd
 +
 +iscsi_manage_semaphores(tgtd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.8.6/policy/modules/services/tor.te
---- nsaserefpolicy/policy/modules/services/tor.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tor.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tor.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tor.te	2010-07-09 08:39:39.276152156 +0200
 @@ -100,6 +100,8 @@
  
  auth_use_nsswitch(tor_t)
@@ -21952,8 +22095,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
  
  tunable_policy(`tor_bind_all_unreserved_ports', `
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.8.6/policy/modules/services/tuned.te
---- nsaserefpolicy/policy/modules/services/tuned.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tuned.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tuned.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tuned.te	2010-07-09 08:39:39.277152439 +0200
 @@ -24,6 +24,7 @@
  #
  
@@ -21974,8 +22117,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
  optional_policy(`
  	sysnet_domtrans_ifconfig(tuned_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.8.6/policy/modules/services/ucspitcp.te
---- nsaserefpolicy/policy/modules/services/ucspitcp.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ucspitcp.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ucspitcp.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ucspitcp.te	2010-07-09 08:39:39.278147205 +0200
 @@ -91,3 +91,8 @@
  	daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t)
  	daemontools_read_svc(ucspitcp_t)
@@ -21986,16 +22129,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.fc serefpolicy-3.8.6/policy/modules/services/usbmuxd.fc
---- nsaserefpolicy/policy/modules/services/usbmuxd.fc	2010-04-05 14:44:26.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/usbmuxd.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/usbmuxd.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/usbmuxd.fc	2010-07-09 08:39:39.279135195 +0200
 @@ -1,3 +1,3 @@
  /usr/sbin/usbmuxd	--	gen_context(system_u:object_r:usbmuxd_exec_t,s0)
  
 -/var/run/usbmuxd	-s 	gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
 +/var/run/usbmuxd.*	 	gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.if serefpolicy-3.8.6/policy/modules/services/varnishd.if
---- nsaserefpolicy/policy/modules/services/varnishd.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/varnishd.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/varnishd.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/varnishd.if	2010-07-09 08:39:39.280135200 +0200
 @@ -56,6 +56,25 @@
  	read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
  ')
@@ -22023,8 +22166,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn
  ## <summary>
  ##	Read varnish logs.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.if serefpolicy-3.8.6/policy/modules/services/vhostmd.if
---- nsaserefpolicy/policy/modules/services/vhostmd.if	2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/vhostmd.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/vhostmd.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/vhostmd.if	2010-07-09 08:39:39.281135343 +0200
 @@ -42,7 +42,7 @@
  ## </summary>
  ## <param name="domain">
@@ -22035,8 +22178,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
  ## </param>
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.te serefpolicy-3.8.6/policy/modules/services/vhostmd.te
---- nsaserefpolicy/policy/modules/services/vhostmd.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/vhostmd.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/vhostmd.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/vhostmd.te	2010-07-09 08:39:39.282134998 +0200
 @@ -44,6 +44,8 @@
  
  corenet_tcp_connect_soundd_port(vhostmd_t)
@@ -22047,8 +22190,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
  files_read_usr_files(vhostmd_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.8.6/policy/modules/services/virt.fc
---- nsaserefpolicy/policy/modules/services/virt.fc	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.fc	2010-06-22 09:25:07.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/virt.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/virt.fc	2010-07-09 08:39:39.283135141 +0200
 @@ -13,17 +13,18 @@
  /etc/xen/.*/.*			gen_context(system_u:object_r:virt_etc_rw_t,s0)
  
@@ -22072,8 +22215,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
  /var/vdsm(/.*)?			gen_context(system_u:object_r:virt_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.8.6/policy/modules/services/virt.if
---- nsaserefpolicy/policy/modules/services/virt.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.if	2010-06-28 17:16:24.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/virt.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/virt.if	2010-07-09 08:39:39.284135075 +0200
 @@ -21,6 +21,7 @@
  	type $1_t, virt_domain;
  	domain_type($1_t)
@@ -22219,8 +22362,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.8.6/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.te	2010-06-28 17:20:07.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/virt.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/virt.te	2010-07-09 08:39:39.286135223 +0200
 @@ -4,6 +4,7 @@
  #
  # Declarations
@@ -22588,8 +22731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.8.6/policy/modules/services/w3c.te
---- nsaserefpolicy/policy/modules/services/w3c.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/w3c.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/w3c.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/w3c.te	2010-07-09 08:39:39.287135575 +0200
 @@ -7,11 +7,18 @@
  
  apache_content_template(w3c_validator)
@@ -22616,8 +22759,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
 +
 +apache_dontaudit_rw_tmp_files(httpd_w3c_validator_script_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.8.6/policy/modules/services/xserver.fc
---- nsaserefpolicy/policy/modules/services/xserver.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/xserver.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/xserver.fc	2010-07-09 08:39:39.288135230 +0200
 @@ -2,13 +2,23 @@
  # HOME_DIR
  #
@@ -22740,8 +22883,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +/var/lib/pqsql/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.8.6/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/xserver.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/xserver.if	2010-07-09 08:39:39.291134892 +0200
 @@ -19,9 +19,10 @@
  interface(`xserver_restricted_role',`
  	gen_require(`
@@ -23340,8 +23483,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.8.6/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/xserver.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/xserver.te	2010-07-09 08:39:39.295134978 +0200
 @@ -35,6 +35,13 @@
  
  ## <desc>
@@ -24233,8 +24376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	fs_append_cifs_files(xdmhomewriter)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.8.6/policy/modules/services/zabbix.te
---- nsaserefpolicy/policy/modules/services/zabbix.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/zabbix.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zabbix.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/zabbix.te	2010-07-09 08:39:39.296135191 +0200
 @@ -12,11 +12,9 @@
  type zabbix_initrc_exec_t;
  init_script_file(zabbix_initrc_exec_t)
@@ -24248,8 +24391,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
  files_pid_file(zabbix_var_run_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.fc serefpolicy-3.8.6/policy/modules/services/zarafa.fc
---- nsaserefpolicy/policy/modules/services/zarafa.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/zarafa.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zarafa.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/zarafa.fc	2010-07-09 08:39:39.297135265 +0200
 @@ -0,0 +1,27 @@
 +
 +/etc/zarafa(/.*)?			gen_context(system_u:object_r:zarafa_etc_t,s0)
@@ -24279,8 +24422,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
 +/var/run/zarafa-ical\.pid       --      gen_context(system_u:object_r:zarafa_ical_var_run_t,s0)
 +/var/run/zarafa-monitor\.pid    --      gen_context(system_u:object_r:zarafa_monitor_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.if serefpolicy-3.8.6/policy/modules/services/zarafa.if
---- nsaserefpolicy/policy/modules/services/zarafa.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/zarafa.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zarafa.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/zarafa.if	2010-07-09 08:39:39.298135129 +0200
 @@ -0,0 +1,105 @@
 +
 +## <summary>policy for zarafa services</summary>
@@ -24388,8 +24531,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
 +    stream_connect_pattern($1, zarafa_server_t, zarafa_server_var_run_t, zarafa_server_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.te serefpolicy-3.8.6/policy/modules/services/zarafa.te
---- nsaserefpolicy/policy/modules/services/zarafa.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/zarafa.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zarafa.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/zarafa.te	2010-07-09 08:39:39.299135203 +0200
 @@ -0,0 +1,133 @@
 +policy_module(zarafa, 1.0.0)
 +
@@ -24525,8 +24668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
 +	apache_content_template(zarafa)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.8.6/policy/modules/system/application.te
---- nsaserefpolicy/policy/modules/system/application.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/application.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/application.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/application.te	2010-07-09 08:39:39.300135416 +0200
 @@ -6,6 +6,22 @@
  # Executables to be run by user
  attribute application_exec_type;
@@ -24551,8 +24694,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
  	ssh_sigchld(application_domain_type)
  	ssh_rw_stream_sockets(application_domain_type)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.8.6/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc	2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/authlogin.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/authlogin.fc	2010-07-09 08:39:39.301135210 +0200
 @@ -10,6 +10,7 @@
  /sbin/pam_console_apply	 --	gen_context(system_u:object_r:pam_console_exec_t,s0)
  /sbin/pam_timestamp_check --	gen_context(system_u:object_r:pam_exec_t,s0)
@@ -24562,8 +24705,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  /sbin/unix_verify	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
  ifdef(`distro_suse', `
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.8.6/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if	2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/authlogin.if	2010-06-25 14:22:53.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/authlogin.if	2010-07-09 08:39:39.302135144 +0200
 @@ -91,9 +91,12 @@
  interface(`auth_login_pgm_domain',`
  	gen_require(`
@@ -24686,8 +24829,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  	optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.8.6/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/authlogin.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/authlogin.te	2010-07-09 08:39:39.304135222 +0200
 @@ -8,6 +8,7 @@
  attribute can_read_shadow_passwords;
  attribute can_write_shadow_passwords;
@@ -24709,8 +24852,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +	userdom_relabelto_user_home_files(polydomain)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.if serefpolicy-3.8.6/policy/modules/system/daemontools.if
---- nsaserefpolicy/policy/modules/system/daemontools.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/daemontools.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/daemontools.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/daemontools.if	2010-07-09 08:39:39.305135296 +0200
 @@ -71,6 +71,32 @@
  	domtrans_pattern($1, svc_start_exec_t, svc_start_t)
  ')
@@ -24792,8 +24935,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
 +    allow $1 svc_run_t:process sigchld;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.te serefpolicy-3.8.6/policy/modules/system/daemontools.te
---- nsaserefpolicy/policy/modules/system/daemontools.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/daemontools.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/daemontools.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/daemontools.te	2010-07-09 08:39:39.306135299 +0200
 @@ -38,7 +38,10 @@
  # multilog creates /service/*/log/status
  manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t)
@@ -24867,8 +25010,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
  daemontools_domtrans_run(svc_start_t)
  daemontools_manage_svc(svc_start_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.8.6/policy/modules/system/fstools.fc
---- nsaserefpolicy/policy/modules/system/fstools.fc	2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/fstools.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/fstools.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/fstools.fc	2010-07-09 08:39:39.307135233 +0200
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -24883,8 +25026,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  /sbin/partprobe		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.8.6/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/fstools.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/fstools.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/fstools.te	2010-07-09 08:39:39.308135237 +0200
 @@ -117,6 +117,8 @@
  fs_search_tmpfs(fsadm_t)
  fs_getattr_tmpfs_dirs(fsadm_t)
@@ -24919,8 +25062,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.8.6/policy/modules/system/getty.te
---- nsaserefpolicy/policy/modules/system/getty.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/getty.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/getty.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/getty.te	2010-07-09 08:39:39.309135381 +0200
 @@ -83,7 +83,7 @@
  term_setattr_all_ttys(getty_t)
  term_setattr_unallocated_ttys(getty_t)
@@ -24931,8 +25074,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
  auth_rw_login_records(getty_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.8.6/policy/modules/system/hostname.te
---- nsaserefpolicy/policy/modules/system/hostname.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/hostname.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/hostname.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/hostname.te	2010-07-09 08:39:39.310135454 +0200
 @@ -26,15 +26,18 @@
  
  dev_read_sysfs(hostname_t)
@@ -24964,8 +25107,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
  	xen_dontaudit_use_fds(hostname_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.8.6/policy/modules/system/hotplug.te
---- nsaserefpolicy/policy/modules/system/hotplug.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/hotplug.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/hotplug.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/hotplug.te	2010-07-09 08:39:39.311135458 +0200
 @@ -23,7 +23,7 @@
  #
  
@@ -24984,8 +25127,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
  kernel_read_net_sysctls(hotplug_t)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.8.6/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc	2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/init.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/init.fc	2010-07-09 08:39:39.312135183 +0200
 @@ -44,6 +44,9 @@
  
  /usr/sbin/apachectl	-- 	gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -24997,8 +25140,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
  #
  # /var
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.8.6/policy/modules/system/init.if
---- nsaserefpolicy/policy/modules/system/init.if	2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/init.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/init.if	2010-07-09 08:39:39.314135330 +0200
 @@ -193,8 +193,10 @@
  	gen_require(`
  		attribute direct_run_init, direct_init, direct_init_entry;
@@ -25261,8 +25404,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.8.6/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/init.te	2010-06-22 10:17:42.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/init.te	2010-07-09 08:39:39.317135062 +0200
 @@ -16,6 +16,27 @@
  ## </desc>
  gen_tunable(init_upstart, false)
@@ -25721,8 +25864,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +	allow daemon init_t:socket_class_set { getopt read getattr ioctl setopt write };
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.8.6/policy/modules/system/ipsec.fc
---- nsaserefpolicy/policy/modules/system/ipsec.fc	2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/ipsec.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/ipsec.fc	2010-07-09 08:39:39.318146869 +0200
 @@ -25,6 +25,7 @@
  /usr/libexec/ipsec/klipsdebug	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/libexec/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -25732,8 +25875,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  /usr/local/lib(64)?/ipsec/eroute --	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.8.6/policy/modules/system/ipsec.if
---- nsaserefpolicy/policy/modules/system/ipsec.if	2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/ipsec.if	2010-06-25 14:16:53.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/ipsec.if	2010-07-09 08:39:39.319139051 +0200
 @@ -20,6 +20,24 @@
  
  ########################################
@@ -25822,8 +25965,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.8.6/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/ipsec.te	2010-06-28 12:57:18.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/ipsec.te	2010-07-09 08:39:39.321135217 +0200
 @@ -72,7 +72,7 @@
  #
  
@@ -25958,28 +26101,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  userdom_use_user_terminals(setkey_t)
 +userdom_read_user_tmp_files(setkey_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.8.6/policy/modules/system/iptables.fc
---- nsaserefpolicy/policy/modules/system/iptables.fc	2010-02-12 16:41:05.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/iptables.fc	2010-06-21 10:53:58.000000000 -0400
-@@ -1,12 +1,14 @@
+--- nsaserefpolicy/policy/modules/system/iptables.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iptables.fc	2010-07-09 17:14:51.394143904 +0200
+@@ -1,12 +1,19 @@
  /etc/rc\.d/init\.d/ip6?tables	--	gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
 -/etc/sysconfig/ip6?tables.*	--	gen_context(system_u:object_r:iptables_conf_t,s0)
 -/etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
++/etc/rc\.d/init\.d/ebtables		--  gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
  
  /sbin/ipchains.*		--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /sbin/ip6?tables		--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /sbin/ip6?tables-restore	--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /sbin/ip6?tables-multi		--	gen_context(system_u:object_r:iptables_exec_t,s0)
  
++/sbin/ebtables			--  gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ebtables-restore	--  gen_context(system_u:object_r:iptables_exec_t,s0)
++
 +/sbin/ipvsadm           --  gen_context(system_u:object_r:iptables_exec_t,s0)
 +/sbin/ipvsadm-restore   --  gen_context(system_u:object_r:iptables_exec_t,s0)
 +/sbin/ipvsadm-save      --  gen_context(system_u:object_r:iptables_exec_t,s0)
 +
++
  /usr/sbin/ipchains.*		--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /usr/sbin/iptables		--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /usr/sbin/iptables-multi 	--	gen_context(system_u:object_r:iptables_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.8.6/policy/modules/system/iptables.if
---- nsaserefpolicy/policy/modules/system/iptables.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/iptables.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iptables.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iptables.if	2010-07-09 08:39:39.323135155 +0200
 @@ -17,6 +17,10 @@
  
  	corecmd_search_bin($1)
@@ -25992,8 +26140,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.8.6/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/iptables.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iptables.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iptables.te	2010-07-09 16:52:07.942133987 +0200
 @@ -13,9 +13,6 @@
  type iptables_initrc_exec_t;
  init_script_file(iptables_initrc_exec_t)
@@ -26022,12 +26170,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  manage_files_pattern(iptables_t, iptables_var_run_t, iptables_var_run_t)
  files_pid_filetrans(iptables_t, iptables_var_run_t, file)
-@@ -52,10 +51,16 @@
+@@ -52,10 +51,17 @@
  kernel_read_modprobe_sysctls(iptables_t)
  kernel_use_fds(iptables_t)
  
 +# needed by ipvsadm
 +corecmd_exec_bin(iptables_t)
++corecmd_exec_shell(iptables_t)
 +
  corenet_relabelto_all_packets(iptables_t)
  corenet_dontaudit_rw_tun_tap_dev(iptables_t)
@@ -26039,7 +26188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  fs_getattr_xattr_fs(iptables_t)
  fs_search_auto_mountpoints(iptables_t)
-@@ -64,11 +69,13 @@
+@@ -64,11 +70,13 @@
  mls_file_read_all_levels(iptables_t)
  
  term_dontaudit_use_console(iptables_t)
@@ -26053,7 +26202,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  auth_use_nsswitch(iptables_t)
  
-@@ -77,6 +84,7 @@
+@@ -77,6 +85,7 @@
  # to allow rules to be saved on reboot:
  init_rw_script_tmp_files(iptables_t)
  init_rw_script_stream_sockets(iptables_t)
@@ -26061,7 +26210,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  logging_send_syslog_msg(iptables_t)
  
-@@ -90,6 +98,7 @@
+@@ -90,6 +99,7 @@
  
  optional_policy(`
  	fail2ban_append_log(iptables_t)
@@ -26069,7 +26218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  ')
  
  optional_policy(`
-@@ -112,6 +121,7 @@
+@@ -112,6 +122,7 @@
  
  optional_policy(`
  	psad_rw_tmp_files(iptables_t)
@@ -26078,8 +26227,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.8.6/policy/modules/system/iscsi.if
---- nsaserefpolicy/policy/modules/system/iscsi.if	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/iscsi.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iscsi.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iscsi.if	2010-07-09 08:39:39.325135023 +0200
 @@ -56,3 +56,21 @@
  	allow $1 iscsi_var_lib_t:dir list_dir_perms;
  	files_search_var_lib($1)
@@ -26103,8 +26252,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
 +	allow $1 iscsid_t:sem create_sem_perms;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.8.6/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/iscsi.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iscsi.te	2010-07-09 08:39:39.326135516 +0200
 @@ -76,6 +76,8 @@
  
  dev_rw_sysfs(iscsid_t)
@@ -26115,8 +26264,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  domain_use_interactive_fds(iscsid_t)
  domain_dontaudit_read_all_domains_state(iscsid_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.8.6/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc	2010-03-23 11:19:40.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/libraries.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/libraries.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/libraries.fc	2010-07-09 08:39:39.328135454 +0200
 @@ -131,13 +131,13 @@
  /usr/lib/vlc/codec/libdmo_plugin\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/vlc/codec/librealaudio_plugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -26326,8 +26475,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +/opt/google/picasa/.*\.dll	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/opt/google/picasa/.*\.yti	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.8.6/policy/modules/system/libraries.te
---- nsaserefpolicy/policy/modules/system/libraries.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/libraries.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/libraries.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/libraries.te	2010-07-09 08:39:39.329135388 +0200
 @@ -61,7 +61,7 @@
  
  manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t)
@@ -26365,8 +26514,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  	ifdef(`distro_gentoo',`
  		# leaked fds from portage
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.8.6/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/locallogin.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/locallogin.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/locallogin.te	2010-07-09 08:39:39.330135182 +0200
 @@ -32,9 +32,8 @@
  # Local login local policy
  #
@@ -26469,8 +26618,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
 -	nscd_socket_use(sulogin_t)
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.8.6/policy/modules/system/logging.fc
---- nsaserefpolicy/policy/modules/system/logging.fc	2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/logging.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/logging.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/logging.fc	2010-07-09 08:39:39.331135256 +0200
 @@ -17,6 +17,10 @@
  /sbin/syslogd		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
  /sbin/syslog-ng		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
@@ -26510,8 +26659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +
 +/var/webmin(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.8.6/policy/modules/system/logging.if
---- nsaserefpolicy/policy/modules/system/logging.if	2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/logging.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/logging.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/logging.if	2010-07-09 08:39:39.332135399 +0200
 @@ -545,6 +545,25 @@
  
  ########################################
@@ -26584,8 +26733,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
  	domain_system_change_exemption($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.8.6/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/logging.te	2010-06-25 15:35:40.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/logging.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/logging.te	2010-07-09 08:39:39.334135477 +0200
 @@ -60,6 +60,7 @@
  type syslogd_t;
  type syslogd_exec_t;
@@ -26689,8 +26838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.8.6/policy/modules/system/lvm.fc
---- nsaserefpolicy/policy/modules/system/lvm.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/lvm.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/lvm.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/lvm.fc	2010-07-09 08:39:39.335135201 +0200
 @@ -28,10 +28,12 @@
  #
  /lib/lvm-10/.*		--	gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -26705,8 +26854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
  /sbin/dmraid		--	gen_context(system_u:object_r:lvm_exec_t,s0)
  /sbin/dmsetup		--	gen_context(system_u:object_r:lvm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.8.6/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/lvm.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/lvm.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/lvm.te	2010-07-09 08:39:39.336135205 +0200
 @@ -141,6 +141,11 @@
  ')
  
@@ -26786,8 +26935,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.8.6/policy/modules/system/miscfiles.fc
---- nsaserefpolicy/policy/modules/system/miscfiles.fc	2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/miscfiles.fc	2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/miscfiles.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/miscfiles.fc	2010-07-09 08:39:39.337150015 +0200
 @@ -75,13 +75,11 @@
  /var/cache/fonts(/.*)?		gen_context(system_u:object_r:tetex_data_t,s0)
  /var/cache/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
@@ -26805,8 +26954,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
  ifdef(`distro_debian',`
  /var/lib/msttcorefonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.8.6/policy/modules/system/miscfiles.if
---- nsaserefpolicy/policy/modules/system/miscfiles.if	2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/miscfiles.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/miscfiles.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/miscfiles.if	2010-07-09 08:39:39.338134724 +0200
 @@ -305,9 +305,6 @@
  	allow $1 locale_t:dir list_dir_perms;
  	read_files_pattern($1, locale_t, locale_t)
@@ -26818,8 +26967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
  
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.8.6/policy/modules/system/modutils.if
---- nsaserefpolicy/policy/modules/system/modutils.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/modutils.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/modutils.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/modutils.if	2010-07-09 08:39:39.339147369 +0200
 @@ -39,6 +39,26 @@
  
  ########################################
@@ -26848,8 +26997,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  ##	loading modules.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.8.6/policy/modules/system/modutils.te
---- nsaserefpolicy/policy/modules/system/modutils.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/modutils.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/modutils.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/modutils.te	2010-07-09 08:39:39.341134875 +0200
 @@ -18,6 +18,7 @@
  type insmod_exec_t;
  application_domain(insmod_t, insmod_exec_t)
@@ -26932,8 +27081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  
  if( ! secure_mode_insmod ) {
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.8.6/policy/modules/system/mount.fc
---- nsaserefpolicy/policy/modules/system/mount.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/mount.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/mount.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/mount.fc	2010-07-09 08:39:39.341134875 +0200
 @@ -1,4 +1,10 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -26947,8 +27096,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +/var/cache/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 +/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.8.6/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/mount.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/mount.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/mount.if	2010-07-09 08:39:39.343135162 +0200
 @@ -16,6 +16,14 @@
  	')
  
@@ -27147,8 +27296,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +    role $2 types showmount_t;
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.8.6/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/mount.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/mount.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/mount.te	2010-07-09 08:39:39.344135166 +0200
 @@ -17,8 +17,15 @@
  init_system_domain(mount_t, mount_exec_t)
  role system_r types mount_t;
@@ -27433,8 +27582,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +
 +userdom_use_user_terminals(showmount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.8.6/policy/modules/system/raid.te
---- nsaserefpolicy/policy/modules/system/raid.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/raid.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/raid.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/raid.te	2010-07-09 08:39:39.345135170 +0200
 @@ -57,6 +57,7 @@
  
  files_read_etc_files(mdadm_t)
@@ -27444,8 +27593,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
  fs_search_auto_mountpoints(mdadm_t)
  fs_dontaudit_list_tmpfs(mdadm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.8.6/policy/modules/system/selinuxutil.fc
---- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.fc	2010-07-09 08:39:39.346135802 +0200
 @@ -6,13 +6,13 @@
  /etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
  /etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
@@ -27486,8 +27635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +/etc/share/selinux/targeted(/.*)?	gen_context(system_u:object_r:semanage_store_t,s0)
 +/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.8.6/policy/modules/system/selinuxutil.if
---- nsaserefpolicy/policy/modules/system/selinuxutil.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.if	2010-07-09 08:39:39.348135041 +0200
 @@ -361,6 +361,27 @@
  
  ########################################
@@ -27865,8 +28014,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.8.6/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.te	2010-07-09 08:39:39.351135193 +0200
 @@ -22,6 +22,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -28251,8 +28400,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +	unconfined_domain(setfiles_mac_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.8.6/policy/modules/system/setrans.te
---- nsaserefpolicy/policy/modules/system/setrans.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/setrans.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/setrans.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/setrans.te	2010-07-09 08:39:39.352135266 +0200
 @@ -12,6 +12,7 @@
  type setrans_t;
  type setrans_exec_t;
@@ -28262,14 +28411,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
  type setrans_initrc_exec_t;
  init_script_file(setrans_initrc_exec_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.8.6/policy/modules/system/sosreport.fc
---- nsaserefpolicy/policy/modules/system/sosreport.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/sosreport.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sosreport.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/system/sosreport.fc	2010-07-09 08:39:39.352135266 +0200
 @@ -0,0 +1,2 @@
 +
 +/usr/sbin/sosreport	--	gen_context(system_u:object_r:sosreport_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.8.6/policy/modules/system/sosreport.if
---- nsaserefpolicy/policy/modules/system/sosreport.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/sosreport.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sosreport.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/system/sosreport.if	2010-07-09 08:39:39.353146654 +0200
 @@ -0,0 +1,131 @@
 +
 +## <summary>policy for sosreport</summary>
@@ -28403,8 +28552,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
 +	allow $1 sosreport_tmp_t:file append;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.8.6/policy/modules/system/sosreport.te
---- nsaserefpolicy/policy/modules/system/sosreport.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/sosreport.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sosreport.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/system/sosreport.te	2010-07-09 08:39:39.354146658 +0200
 @@ -0,0 +1,154 @@
 +policy_module(sosreport,1.0.0)
 +
@@ -28561,8 +28710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
 +	unconfined_domain(sosreport_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.8.6/policy/modules/system/sysnetwork.fc
---- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.fc	2010-07-09 08:39:39.355146313 +0200
 @@ -64,3 +64,5 @@
  ifdef(`distro_gentoo',`
  /var/lib/dhcpc(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
@@ -28570,8 +28719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.8.6/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.if	2010-07-09 08:39:39.357135216 +0200
 @@ -60,25 +60,24 @@
  		netutils_run(dhcpc_t, $2)
  		netutils_run_ping(dhcpc_t, $2)
@@ -28820,8 +28969,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +	role_transition $1 dhcpc_exec_t system_r;
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.8.6/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.te	2010-06-25 14:37:50.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.te	2010-07-09 08:39:39.358135150 +0200
 @@ -19,6 +19,9 @@
  init_daemon_domain(dhcpc_t, dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -28929,16 +29078,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.8.6/policy/modules/system/udev.fc
---- nsaserefpolicy/policy/modules/system/udev.fc	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/udev.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/udev.fc	2010-07-09 08:39:39.359134804 +0200
 @@ -22,3 +22,4 @@
  /usr/bin/udevinfo --	gen_context(system_u:object_r:udev_exec_t,s0)
  
  /var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
 +/var/run/libgpod(/.*)?	        gen_context(system_u:object_r:udev_var_run_t,s0)    
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.8.6/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/udev.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/udev.te	2010-07-09 08:39:39.360135087 +0200
 @@ -52,6 +52,7 @@
  allow udev_t self:unix_stream_socket connectto;
  allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -28981,8 +29130,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.8.6/policy/modules/system/unconfined.fc
---- nsaserefpolicy/policy/modules/system/unconfined.fc	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/unconfined.fc	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/unconfined.fc	2010-07-09 08:39:39.361135091 +0200
 @@ -1,15 +1 @@
  # Add programs here which should not be confined by SELinux
 -# e.g.:
@@ -29000,8 +29149,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 -/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.8.6/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/unconfined.if	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/unconfined.if	2010-07-09 08:39:39.363134959 +0200
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -29497,8 +29646,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 -	allow $1 unconfined_t:dbus acquire_svc;
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.8.6/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/unconfined.te	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/unconfined.te	2010-07-09 08:39:39.364135312 +0200
 @@ -4,227 +4,5 @@
  #
  # Declarations
@@ -29729,8 +29878,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 -	')
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.8.6/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/userdomain.fc	2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/userdomain.fc	2010-07-09 08:39:39.365135665 +0200
 @@ -1,4 +1,14 @@
  HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
 +HOME_DIR	-l	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -29748,8 +29897,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +HOME_DIR/\.pki(/.*)?		gen_context(system_u:object_r:home_cert_t,s0)
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.8.6/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if	2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/userdomain.if	2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/userdomain.if	2010-07-09 08:39:39.372135413 +0200
 @@ -30,8 +30,9 @@
  	')
  
@@ -32038,8 +32187,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +	dontaudit $1 user_tmp_t:dir search_dir_perms;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.8.6/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/userdomain.te	2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/userdomain.te	2010-07-09 08:39:39.373153017 +0200
 @@ -59,6 +59,15 @@
  attribute untrusted_content_type;
  attribute untrusted_content_tmp_type;
@@ -32099,8 +32248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +# Nautilus causes this avc
 +dontaudit unpriv_userdomain self:dir setattr;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.8.6/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/xen.fc	2010-06-22 09:25:01.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.fc	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/xen.fc	2010-07-09 08:39:39.374135281 +0200
 @@ -1,7 +1,5 @@
  /dev/xen/tapctrl.*	-p	gen_context(system_u:object_r:xenctl_t,s0)
  
@@ -32110,8 +32259,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc
  
  ifdef(`distro_debian',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.8.6/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/xen.if	2010-06-28 17:17:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.if	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/xen.if	2010-07-09 08:39:39.375147018 +0200
 @@ -87,6 +87,26 @@
  ## 	</summary>
  ## </param>
@@ -32151,8 +32300,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.8.6/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/xen.te	2010-06-28 17:16:48.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.te	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/xen.te	2010-07-09 08:39:39.377134873 +0200
 @@ -4,6 +4,7 @@
  #
  # Declarations
@@ -32289,8 +32438,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
  	fs_list_auto_mountpoints(xend_t)
  	files_search_mnt(xend_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-3.8.6/policy/support/misc_patterns.spt
---- nsaserefpolicy/policy/support/misc_patterns.spt	2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/support/misc_patterns.spt	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/support/misc_patterns.spt	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/support/misc_patterns.spt	2010-07-09 08:39:39.378134877 +0200
 @@ -15,7 +15,7 @@
  	domain_transition_pattern($1,$2,$3)
  
@@ -32315,8 +32464,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
  
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.8.6/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt	2010-03-04 11:44:07.000000000 -0500
-+++ serefpolicy-3.8.6/policy/support/obj_perm_sets.spt	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/support/obj_perm_sets.spt	2010-07-09 08:39:39.379135090 +0200
 @@ -28,7 +28,7 @@
  #
  # All socket classes.
@@ -32427,8 +32576,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
 +define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
 +define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.8.6/policy/users
---- nsaserefpolicy/policy/users	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.8.6/policy/users	2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/users	2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/users	2010-07-09 08:39:39.380146967 +0200
 @@ -15,7 +15,7 @@
  # and a user process should never be assigned the system user
  # identity.
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8ec1916..1157b73 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.8.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,10 @@ exit 0
 %endif
 
 %changelog
+* Fri Jul 9 2010 Miroslav Grepl <mgrepl@redhat.com> 3.8.6-2
+- Add support for ebtables
+- Fixes for rhcs and corosync policy
+
 * Tue Jun 22 2010 Dan Walsh <dwalsh@redhat.com> 3.8.6-1
 -Update to upstream