diff --git a/policy-20080710.patch b/policy-20080710.patch
index 30c0c25..a465d22 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -4424,8 +4424,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-11-06 12:46:21.000000000 -0500
-@@ -0,0 +1,272 @@
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-11-10 10:40:02.000000000 -0500
+@@ -0,0 +1,274 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4535,6 +4535,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+fs_getattr_tmpfs(nsplugin_t)
+fs_getattr_xattr_fs(nsplugin_t)
+fs_search_auto_mountpoints(nsplugin_t)
++fs_rw_anon_inodefs_files(nsplugin_t)
+
+storage_dontaudit_getattr_fixed_disk_dev(nsplugin_t)
+
@@ -4657,6 +4658,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_fonts(nsplugin_config_t)
+
+userdom_search_all_users_home_content(nsplugin_config_t)
++unprivuser_read_home_content_files(nsplugin_config_t)
+
+tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs(nsplugin_t)
@@ -5327,7 +5329,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.5.13/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/qemu.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/apps/qemu.te 2008-11-10 09:31:53.000000000 -0500
@@ -6,6 +6,8 @@
# Declarations
#
@@ -7263,7 +7265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.13/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-29 12:09:50.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-11-10 15:37:12.000000000 -0500
@@ -110,6 +110,11 @@
##
#
@@ -7276,7 +7278,51 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_type($1)
')
-@@ -1060,6 +1065,24 @@
+@@ -928,8 +933,8 @@
+ relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
+- relabelfrom_blk_files_pattern($1, { file_type $2 }, { file_type $2 })
+- relabelfrom_chr_files_pattern($1, { file_type $2 }, { file_type $2 })
++ relabel_blk_files_pattern($1, { file_type $2 }, { file_type $2 })
++ relabel_chr_files_pattern($1, { file_type $2 }, { file_type $2 })
+
+ # satisfy the assertions:
+ seutil_relabelto_bin_policy($1)
+@@ -953,6 +958,32 @@
+ ##
+ ##
+ #
++interface(`files_rw_all_files',`
++ gen_require(`
++ attribute file_type;
++ ')
++
++ rw_files_pattern($1, { file_type $2 }, { file_type $2 })
++')
++
++########################################
++##
++## Manage all files on the filesystem, except
++## the listed exceptions.
++##
++##
++##
++## The type of the domain perfoming this action.
++##
++##
++##
++##
++## The types to be excluded. Each type or attribute
++## must be negated by the caller.
++##
++##
++##
++#
+ interface(`files_manage_all_files',`
+ gen_require(`
+ attribute file_type;
+@@ -1060,6 +1091,24 @@
##
##
#
@@ -7301,7 +7347,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
interface(`files_relabelto_all_file_type_fs',`
gen_require(`
attribute file_type;
-@@ -1303,6 +1326,24 @@
+@@ -1303,6 +1352,24 @@
########################################
##
@@ -7326,7 +7372,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Unmount a rootfs filesystem.
##
##
-@@ -1889,6 +1930,26 @@
+@@ -1889,6 +1956,26 @@
########################################
##
@@ -7353,7 +7399,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Do not audit attempts to write generic files in /etc.
##
##
-@@ -2224,6 +2285,49 @@
+@@ -2224,6 +2311,49 @@
########################################
##
@@ -7403,7 +7449,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Do not audit attempts to search directories on new filesystems
## that have not yet been labeled.
##
-@@ -2744,6 +2848,24 @@
+@@ -2744,6 +2874,24 @@
########################################
##
@@ -7428,7 +7474,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Create, read, write, and delete symbolic links in /mnt.
##
##
-@@ -3394,6 +3516,8 @@
+@@ -3394,6 +3542,8 @@
delete_lnk_files_pattern($1, tmpfile, tmpfile)
delete_fifo_files_pattern($1, tmpfile, tmpfile)
delete_sock_files_pattern($1, tmpfile, tmpfile)
@@ -7437,7 +7483,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -3471,6 +3595,47 @@
+@@ -3471,6 +3621,47 @@
########################################
##
@@ -7485,7 +7531,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Get the attributes of files in /usr.
##
##
-@@ -3547,6 +3712,24 @@
+@@ -3547,6 +3738,24 @@
########################################
##
@@ -7510,7 +7556,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Relabel a file to the type used in /usr.
##
##
-@@ -4433,6 +4616,25 @@
+@@ -4433,6 +4642,25 @@
########################################
##
@@ -7536,7 +7582,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read and write generic process ID files.
##
##
-@@ -4761,12 +4963,14 @@
+@@ -4761,12 +4989,14 @@
allow $1 poly_t:dir { create mounton };
fs_unmount_xattr_fs($1)
@@ -7552,7 +7598,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
')
-@@ -4787,3 +4991,71 @@
+@@ -4787,3 +5017,71 @@
typeattribute $1 files_unconfined_type;
')
@@ -9996,8 +10042,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.5.13/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/roles/xguest.te 2008-10-28 11:05:26.000000000 -0400
-@@ -0,0 +1,83 @@
++++ serefpolicy-3.5.13/policy/modules/roles/xguest.te 2008-11-10 11:13:37.000000000 -0500
+@@ -0,0 +1,87 @@
+
+policy_module(xguest, 1.0.0)
+
@@ -10006,21 +10052,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## Allow xguest users to mount removable media
+##
+##
-+gen_tunable(xguest_mount_media, false)
++gen_tunable(xguest_mount_media, true)
+
+##
+##
+## Allow xguest to configure Network Manager
+##
+##
-+gen_tunable(xguest_connect_network, false)
++gen_tunable(xguest_connect_network, true)
+
+##
+##
+## Allow xguest to use blue tooth devices
+##
+##
-+gen_tunable(xguest_use_bluetooth, false)
++gen_tunable(xguest_use_bluetooth, true)
+
+########################################
+#
@@ -10048,6 +10094,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ mono_per_role_template(xguest, xguest_t, xguest_r)
+')
+
++optional_policy(`
++ nsplugin_per_role_template($1, $1_usertype, $1_r)
++')
++
+# Allow mounting of file systems
+optional_policy(`
+ tunable_policy(`xguest_mount_media',`
@@ -13770,7 +13820,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.13/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/cups.te 2008-10-29 13:51:55.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/cups.te 2008-11-10 14:07:38.000000000 -0500
@@ -20,6 +20,12 @@
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -13870,7 +13920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-read_files_pattern(cupsd_t, hplip_etc_t, hplip_etc_t)
-
-+allow cupsd_t hplip_t:process sigkill;
++allow cupsd_t hplip_t:process {signal sigkill };
allow cupsd_t hplip_var_run_t:file read_file_perms;
stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
@@ -14073,16 +14123,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -500,7 +558,7 @@
+@@ -500,7 +558,8 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
-allow hplip_t cupsd_etc_t:dir search;
+allow hplip_t cupsd_etc_t:dir search_dir_perms;
++allow hplip_t cupsd_tmp_t:file rw_file_perms;
cups_stream_connect(hplip_t)
-@@ -509,6 +567,8 @@
+@@ -509,6 +568,8 @@
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
files_search_etc(hplip_t)
@@ -14091,7 +14142,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
files_pid_filetrans(hplip_t, hplip_var_run_t, file)
-@@ -538,7 +598,8 @@
+@@ -538,7 +599,8 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -14101,7 +14152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -564,12 +625,14 @@
+@@ -564,12 +626,14 @@
userdom_dontaudit_use_unpriv_user_fds(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -14117,7 +14168,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -651,3 +714,44 @@
+@@ -651,3 +715,44 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -15206,7 +15257,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.13/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.te 2008-11-10 10:52:53.000000000 -0500
@@ -10,6 +10,9 @@
type dnsmasq_exec_t;
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
@@ -16371,6 +16422,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(inetd_child_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.5.13/policy/modules/services/kerberos.fc
+--- nsaserefpolicy/policy/modules/services/kerberos.fc 2008-10-10 15:53:03.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/kerberos.fc 2008-11-10 14:48:44.000000000 -0500
+@@ -20,7 +20,7 @@
+ /var/kerberos/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+ /var/kerberos/krb5kdc/from_master.* gen_context(system_u:object_r:krb5kdc_lock_t,s0)
+ /var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+-/var/kerberos/krb5kdc/principal\.ok gen_context(system_u:object_r:krb5kdc_lock_t,s0)
++/var/kerberos/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
+
+ /var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
+ /var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.5.13/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2008-10-14 11:58:09.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/services/kerberos.te 2008-10-28 10:56:19.000000000 -0400
@@ -19284,8 +19347,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.5.13/policy/modules/services/portreserve.te
--- nsaserefpolicy/policy/modules/services/portreserve.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/portreserve.te 2008-10-28 11:20:02.000000000 -0400
-@@ -0,0 +1,53 @@
++++ serefpolicy-3.5.13/policy/modules/services/portreserve.te 2008-11-10 11:16:45.000000000 -0500
+@@ -0,0 +1,55 @@
+policy_module(portreserve,1.0.0)
+
+########################################
@@ -19323,6 +19386,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
+files_pid_filetrans(portreserve_t,portreserve_var_run_t, { file sock_file })
+
++corenet_sendrecv_unlabeled_packets(portreserve_t)
++corenet_all_recvfrom_netlabel(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_udp_bind_all_nodes(portreserve_t)
@@ -28166,7 +28231,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2008-11-05 11:29:07.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2008-11-10 09:54:43.000000000 -0500
@@ -60,12 +60,15 @@
#
# /opt
@@ -28211,7 +28276,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -133,6 +145,7 @@
+@@ -127,12 +139,14 @@
+ /usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28219,7 +28291,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -168,7 +181,8 @@
+@@ -168,7 +182,8 @@
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28229,7 +28301,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -187,6 +201,7 @@
+@@ -187,6 +202,7 @@
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28237,7 +28309,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -246,7 +261,7 @@
+@@ -246,7 +262,7 @@
# Flash plugin, Macromedia
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28246,7 +28318,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -267,6 +282,8 @@
+@@ -267,6 +283,8 @@
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28255,7 +28327,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Java, Sun Microsystems (JPackage SRPM)
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -291,6 +308,8 @@
+@@ -291,6 +309,8 @@
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28264,7 +28336,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') dnl end distro_redhat
#
-@@ -310,3 +329,18 @@
+@@ -310,3 +330,18 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
@@ -28423,7 +28495,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.5.13/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.fc 2008-11-07 08:13:03.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/logging.fc 2008-11-07 08:13:26.000000000 -0500
@@ -53,15 +53,18 @@
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
')
@@ -28941,7 +29013,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
samba_run_smbmount($1, $2, $3)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.5.13/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/mount.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/mount.te 2008-11-10 15:37:25.000000000 -0500
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -29050,7 +29122,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_redhat',`
optional_policy(`
-@@ -167,6 +182,8 @@
+@@ -138,6 +153,7 @@
+ auth_read_all_dirs_except_shadow(mount_t)
+ auth_read_all_files_except_shadow(mount_t)
+ files_mounton_non_security(mount_t)
++ files_rw_all_files(mount_t)
+ ')
+
+ optional_policy(`
+@@ -167,6 +183,8 @@
fs_search_rpc(mount_t)
rpc_stub(mount_t)
@@ -29059,7 +29139,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -181,6 +198,11 @@
+@@ -181,6 +199,11 @@
')
')
@@ -29071,7 +29151,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# for kernel package installation
optional_policy(`
rpm_rw_pipes(mount_t)
-@@ -188,6 +210,7 @@
+@@ -188,6 +211,7 @@
optional_policy(`
samba_domtrans_smbmount(mount_t)
@@ -29079,7 +29159,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -198,4 +221,26 @@
+@@ -198,4 +222,26 @@
optional_policy(`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
@@ -29577,7 +29657,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.5.13/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/selinuxutil.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/selinuxutil.te 2008-11-10 12:22:40.000000000 -0500
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -31124,7 +31204,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-03 17:15:19.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-10 11:10:03.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index aed0025..e1d8a85 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -457,6 +457,16 @@ exit 0
%endif
%changelog
+* Mon Nov 10 2008 Dan Walsh 3.5.13-20
+- Change default boolean settings for xguest
+- Allow mount to r/w image files
+- Fix labes for several libraries that need textrel_shlib_t
+- portreserve needs to be able to sendrecv unlabeled_t
+- Fix Kerberos labeling
+- Fix cups printing on hp printers
+- Allow relabeling on blk devices on the homedir
+- Allow nslpugin to r/w inodefs
+
* Fri Nov 5 2008 Dan Walsh 3.5.13-19
- Fix labeling on /var/spool/rsyslog