diff --git a/policy-20070501.patch b/policy-20070501.patch
index f64cc05..f744005 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -186,17 +186,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
  logging_log_file(acct_data_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
 --- nsaserefpolicy/policy/modules/admin/alsa.fc	2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc	2007-10-09 16:20:44.000000000 -0400
-@@ -1,4 +1,9 @@
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc	2007-10-18 15:53:35.000000000 -0400
+@@ -1,4 +1,11 @@
  
- /etc/alsa/pcm(/.*)?		gen_context(system_u:object_r:alsa_etc_rw_t,s0)
 +/etc/alsa/asound\.state --	gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+ /etc/alsa/pcm(/.*)?		gen_context(system_u:object_r:alsa_etc_rw_t,s0)
 +/etc/asound(/.*)?		gen_context(system_u:object_r:alsa_etc_rw_t,s0)
 +/etc/asound\.state	--	gen_context(system_u:object_r:alsa_etc_rw_t,s0)
  
  /usr/bin/ainit 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
 +/sbin/alsactl 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
 +/sbin/salsa 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
++/var/lib/alsa(/.*)?		gen_context(system_u:object_r:alsa_var_lib_t,s0)
++/bin/alsaunmute		--	gen_context(system_u:object_r:alsa_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-2.6.4/policy/modules/admin/alsa.if
 --- nsaserefpolicy/policy/modules/admin/alsa.if	2007-05-07 14:51:04.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/admin/alsa.if	2007-10-09 16:21:00.000000000 -0400
@@ -242,7 +244,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
 --- nsaserefpolicy/policy/modules/admin/alsa.te	2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te	2007-10-09 16:22:07.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te	2007-10-18 15:53:28.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(alsa,1.1.0)
@@ -250,7 +252,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
  
  ########################################
  #
-@@ -8,32 +8,44 @@
+@@ -8,32 +8,47 @@
  
  type alsa_t;
  type alsa_exec_t;
@@ -289,6 +291,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
 +manage_dirs_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t)
 +manage_files_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t)
 +
++corecmd_exec_bin(alsa_t)
++can_exec(alsa_t, alsa_exec_t)
++
 +files_search_home(alsa_t)
  files_read_etc_files(alsa_t)
  
@@ -300,7 +305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
  
  libs_use_ld_so(alsa_t)
  libs_use_shared_libs(alsa_t)
-@@ -44,7 +56,17 @@
+@@ -44,7 +59,17 @@
  
  userdom_manage_unpriv_user_semaphores(alsa_t)
  userdom_manage_unpriv_user_shared_mem(alsa_t)
@@ -1398,6 +1403,47 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
  	hal_rw_pid_files(vbetool_t)
 +	hal_write_log(vbetool_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-2.6.4/policy/modules/admin/vpn.fc
+--- nsaserefpolicy/policy/modules/admin/vpn.fc	2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/vpn.fc	2007-10-17 10:38:07.000000000 -0400
+@@ -7,3 +7,5 @@
+ # sbin
+ #
+ /sbin/vpnc		--	gen_context(system_u:object_r:vpnc_exec_t,s0)
++
++/var/run/vpnc(/.*)?		gen_context(system_u:object_r:vpnc_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.6.4/policy/modules/admin/vpn.te
+--- nsaserefpolicy/policy/modules/admin/vpn.te	2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/vpn.te	2007-10-17 10:37:50.000000000 -0400
+@@ -24,7 +24,7 @@
+ # Local policy
+ #
+ 
+-allow vpnc_t self:capability { net_admin ipc_lock net_raw };
++allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
+ allow vpnc_t self:process getsched;
+ allow vpnc_t self:fifo_file { getattr ioctl read write };
+ allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
+@@ -40,8 +40,9 @@
+ manage_files_pattern(vpnc_t,vpnc_tmp_t,vpnc_tmp_t)
+ files_tmp_filetrans(vpnc_t, vpnc_tmp_t, { file dir })
+ 
++manage_dirs_pattern(vpnc_t,vpnc_var_run_t,vpnc_var_run_t)
+ manage_files_pattern(vpnc_t,vpnc_var_run_t,vpnc_var_run_t)
+-files_pid_filetrans(vpnc_t,vpnc_var_run_t,file)
++files_pid_filetrans(vpnc_t,vpnc_var_run_t,{ file dir})
+ 
+ kernel_read_system_state(vpnc_t)
+ kernel_read_network_state(vpnc_t)
+@@ -97,7 +98,7 @@
+ seutil_dontaudit_search_config(vpnc_t)
+ seutil_use_newrole_fds(vpnc_t)
+ 
+-sysnet_exec_ifconfig(vpnc_t)
++sysnet_domtrans_ifconfig(vpnc_t)
+ sysnet_etc_filetrans_config(vpnc_t)
+ sysnet_manage_config(vpnc_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc serefpolicy-2.6.4/policy/modules/apps/games.fc
 --- nsaserefpolicy/policy/modules/apps/games.fc	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/apps/games.fc	2007-08-07 09:42:35.000000000 -0400
@@ -1541,6 +1587,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
 +	domain_trans($1,java_exec_t,$2)
 +	type_transition $1 java_exec_t:process $2;
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.6.4/policy/modules/apps/java.te
+--- nsaserefpolicy/policy/modules/apps/java.te	2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/java.te	2007-10-11 09:16:04.000000000 -0400
+@@ -31,4 +31,5 @@
+ 
+ 	unconfined_domain_noaudit(java_t)
+ 	unconfined_dbus_chat(java_t)
++	hal_dbus_chat(java_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.6.4/policy/modules/apps/loadkeys.if
 --- nsaserefpolicy/policy/modules/apps/loadkeys.if	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if	2007-08-07 09:42:35.000000000 -0400
@@ -1699,6 +1754,57 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
  	auth_manage_pam_pid($1_userhelper_t)
  	auth_manage_var_auth($1_userhelper_t)
  	auth_search_pam_console_data($1_userhelper_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-2.6.4/policy/modules/apps/vmware.fc
+--- nsaserefpolicy/policy/modules/apps/vmware.fc	2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/vmware.fc	2007-10-17 14:14:20.000000000 -0400
+@@ -1,11 +1,9 @@
+ #
+ # HOME_DIR/
+ #
+-ifdef(`strict_policy',`
+ HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+-HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+ HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
+-')
++HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+ 
+ #
+ # /etc
+@@ -15,7 +13,7 @@
+ #
+ # /usr
+ #
+-/usr/bin/vmnet-bridg		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/bin/vmnet-bridge		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmnet-dhcpd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmnet-natd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmnet-netifup		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+@@ -23,18 +21,25 @@
+ /usr/bin/vmware-nmbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-ping		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/sbin/vmware-guest.*		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd\.bin	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/bin/vmware-vmx		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-wizard		--	gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/bin/vmware			--	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/sbin/vmware-serverd	--	gen_context(system_u:object_r:vmware_exec_t,s0)
+ 
+ /usr/lib/vmware/config		--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib/vmware/bin/vmware-mks	--	gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib/vmware/bin/vmware-ui	--	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ 
+ /usr/lib64/vmware/config	--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib64/vmware/bin/vmware-mks --	gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib64/vmware/bin/vmware-ui --	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ 
+ ifdef(`distro_gentoo',`
+ /opt/vmware/workstation/bin/vmnet-bridge --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-05-07 14:51:04.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc	2007-09-04 15:55:30.000000000 -0400
@@ -2323,7 +2429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  /usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.if	2007-10-05 10:05:49.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.if	2007-10-18 16:07:57.000000000 -0400
 @@ -343,8 +343,7 @@
  
  ########################################
@@ -3339,8 +3445,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.6.4/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/amavis.te	2007-08-07 09:42:35.000000000 -0400
-@@ -170,6 +170,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/amavis.te	2007-10-17 10:28:20.000000000 -0400
+@@ -65,6 +65,7 @@
+ # Spool Files
+ manage_dirs_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+ manage_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
++manage_lnk_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+ manage_sock_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+ filetrans_pattern(amavis_t,amavis_spool_t,amavis_var_run_t,sock_file)
+ files_search_spool(amavis_t)
+@@ -170,6 +171,7 @@
  
  optional_policy(`
  	pyzor_domtrans(amavis_t)
@@ -4051,8 +4165,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +/var/www/apcupsd/upsstats.cgi		--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-2.6.4/policy/modules/services/apcupsd.if
 --- nsaserefpolicy/policy/modules/services/apcupsd.if	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if	2007-08-07 09:42:35.000000000 -0400
-@@ -79,3 +79,25 @@
++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if	2007-10-18 09:24:50.000000000 -0400
+@@ -79,3 +79,43 @@
  	allow $1 apcupsd_log_t:dir list_dir_perms;
  	allow $1 apcupsd_log_t:file { getattr append };
  ')
@@ -4067,7 +4181,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +## </summary>
 +## </param>
 +#
-+interface(`httpd_apcupsd_cgi_script_domtrans',`
++interface(`apcupsd_cgi_script_domtrans',`
 +	gen_require(`
 +		type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
 +	')
@@ -4078,6 +4192,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +	allow httpd_apcupsd_cgi_script_t $1:fifo_file rw_file_perms;
 +	allow httpd_apcupsd_cgi_script_t $1:process sigchld;
 +')
++
++########################################
++## <summary>
++##	Read apcupsd tmp files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`apcupsd_read_tmp_files',`
++	gen_require(`
++		type apcupsd_tmp_t;
++	')
++
++	allow $1 apcupsd_tmp_t:file read_file_perms;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-2.6.4/policy/modules/services/apcupsd.te
 --- nsaserefpolicy/policy/modules/services/apcupsd.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te	2007-09-10 10:51:56.000000000 -0400
@@ -5510,7 +5642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.fc	2007-10-05 09:28:27.000000000 -0400
 @@ -0,0 +1,16 @@
-+# $Id: policy-20070501.patch,v 1.66 2007/10/09 21:21:41 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.67 2007/10/18 21:08:24 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -5691,7 +5823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.te	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.te	2007-10-05 09:28:22.000000000 -0400
 @@ -0,0 +1,229 @@
-+# $Id: policy-20070501.patch,v 1.66 2007/10/09 21:21:41 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.67 2007/10/18 21:08:24 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -6530,16 +6662,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-2.6.4/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mailman.te	2007-08-13 19:39:50.000000000 -0400
-@@ -55,6 +55,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/mailman.te	2007-10-12 09:27:04.000000000 -0400
+@@ -55,6 +55,8 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
  	apache_search_sys_script_state(mailman_cgi_t)
 +	apache_read_config(mailman_cgi_t)
++	apache_dontaudit_rw_stream_sockets(mailman_cgi_t)
  
  	optional_policy(`
  		nscd_socket_use(mailman_cgi_t)
-@@ -96,6 +97,7 @@
+@@ -96,6 +98,7 @@
  kernel_read_proc_symlinks(mailman_queue_t)
  
  auth_domtrans_chk_passwd(mailman_queue_t)
@@ -6725,7 +6858,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ##	Read sendmail binary.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.6.4/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.te	2007-10-06 08:53:21.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mta.te	2007-10-18 09:25:13.000000000 -0400
 @@ -6,6 +6,7 @@
  # Declarations
  #
@@ -6757,8 +6890,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  init_use_script_ptys(system_mail_t)
  
  userdom_use_sysadm_terms(system_mail_t)
-@@ -91,12 +96,14 @@
+@@ -89,14 +94,20 @@
+ ')
+ 
  optional_policy(`
++	apcupsd_read_tmp_files(system_mail_t)
++')
++
++optional_policy(`
  	apache_read_squirrelmail_data(system_mail_t)
  	apache_append_squirrelmail_data(system_mail_t)
 +	apache_search_bugzilla_dirs(system_mail_t)
@@ -6772,7 +6911,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ')
  
  optional_policy(`
-@@ -109,6 +116,7 @@
+@@ -109,6 +120,7 @@
  
  optional_policy(`
  	cron_read_system_job_tmp_files(system_mail_t)
@@ -6961,7 +7100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.6.4/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te	2007-10-01 16:09:26.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te	2007-10-17 14:24:35.000000000 -0400
 @@ -20,7 +20,7 @@
  
  # networkmanager will ptrace itself if gdb is installed
@@ -6990,7 +7129,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -161,6 +166,11 @@
+@@ -161,9 +166,15 @@
  ')
  
  optional_policy(`
@@ -7002,7 +7141,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
-@@ -178,3 +188,4 @@
++	ppp_read_read_config(NetworkManager_t)
+ ')
+ 
+ optional_policy(`
+@@ -178,3 +189,4 @@
  	vpn_domtrans(NetworkManager_t)
  	vpn_signal(NetworkManager_t)
  ')
@@ -7841,7 +7984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.6.4/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.te	2007-09-04 16:10:20.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.te	2007-10-12 09:13:26.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -7881,26 +8024,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix master process local policy
-@@ -169,12 +187,18 @@
+@@ -94,6 +112,7 @@
+ allow postfix_master_t self:fifo_file rw_fifo_file_perms;
+ allow postfix_master_t self:tcp_socket create_stream_socket_perms;
+ allow postfix_master_t self:udp_socket create_socket_perms;
++allow postfix_master_t self:process setrlimit;
+ 
+ allow postfix_master_t postfix_etc_t:file rw_file_perms;
+ 
+@@ -168,6 +187,9 @@
+ 
  mta_rw_aliases(postfix_master_t)
  mta_read_sendmail_bin(postfix_master_t)
- 
-+term_dontaudit_search_ptys(postfix_master_t)
++mta_getattr_spool(postfix_master_t)
 +
++term_dontaudit_search_ptys(postfix_master_t)
+ 
  ifdef(`targeted_policy',`
  	term_dontaudit_use_unallocated_ttys(postfix_master_t)
- 	term_dontaudit_use_generic_ptys(postfix_master_t)
- ')
- 
- optional_policy(`
-+	auth_use_nsswitch(postfix_master_t)
-+')
-+
-+optional_policy(`
- 	cyrus_stream_connect(postfix_master_t)
- ')
- 
-@@ -184,9 +208,17 @@
+@@ -184,9 +206,17 @@
  ')
  
  optional_policy(`
@@ -7918,7 +8060,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ###########################################################
  #
  # Partially converted rules.  THESE ARE ONLY TEMPORARY
-@@ -268,6 +300,8 @@
+@@ -268,6 +298,8 @@
  
  files_read_etc_files(postfix_local_t)
  
@@ -7927,7 +8069,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  mta_read_aliases(postfix_local_t)
  mta_delete_spool(postfix_local_t)
  # For reading spamassasin
-@@ -386,7 +420,7 @@
+@@ -280,6 +312,7 @@
+ optional_policy(`
+ #	for postalias
+ 	mailman_manage_data_files(postfix_local_t)
++	mailman_append_log(postfix_local_t)
+ ')
+ 
+ optional_policy(`
+@@ -386,7 +419,7 @@
  # Postfix pipe local policy
  #
  
@@ -7936,7 +8086,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
  write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
  
-@@ -395,6 +429,10 @@
+@@ -395,6 +428,10 @@
  rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
  
  optional_policy(`
@@ -7947,7 +8097,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	procmail_domtrans(postfix_pipe_t)
  ')
  
-@@ -441,6 +479,10 @@
+@@ -403,6 +440,10 @@
+ ')
+ 
+ optional_policy(`
++	mta_manage_spool(postfix_pipe_t)
++')
++
++optional_policy(`
+ 	uucp_domtrans_uux(postfix_pipe_t)
+ ')
+ 
+@@ -441,6 +482,10 @@
  ')
  
  optional_policy(`
@@ -7958,7 +8119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	ppp_use_fds(postfix_postqueue_t)
  	ppp_sigchld(postfix_postqueue_t)
  ')
-@@ -519,8 +561,6 @@
+@@ -519,8 +564,6 @@
  # Postfix smtp delivery local policy
  #
  
@@ -7967,7 +8128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # connect to master process
  stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
  
-@@ -528,6 +568,8 @@
+@@ -528,6 +571,8 @@
  
  allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
  
@@ -7976,7 +8137,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  optional_policy(`
  	cyrus_stream_connect(postfix_smtp_t)
  ')
-@@ -536,6 +578,7 @@
+@@ -536,6 +581,7 @@
  #
  # Postfix smtpd local policy
  #
@@ -7984,7 +8145,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;
  
  # connect to master process
-@@ -552,9 +595,45 @@
+@@ -552,9 +598,45 @@
  mta_read_aliases(postfix_smtpd_t)
  
  optional_policy(`
@@ -8030,6 +8191,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +# For reading spamassasin
 +mta_read_config(postfix_virtual_t)
 +mta_manage_spool(postfix_virtual_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-2.6.4/policy/modules/services/ppp.if
+--- nsaserefpolicy/policy/modules/services/ppp.if	2007-05-07 14:51:01.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ppp.if	2007-10-17 14:23:28.000000000 -0400
+@@ -159,6 +159,25 @@
+ 
+ ########################################
+ ## <summary>
++##	Read ppp configuration files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`ppp_read_read_config',`
++	gen_require(`
++		type pppd_etc_t;
++	')
++
++	read_files_pattern($1, pppd_etc_t, pppd_etc_t)
++	files_search_etc($1)
++')
++
++########################################
++## <summary>
+ ##	Read PPP-writable configuration files.
+ ## </summary>
+ ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.6.4/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2007-05-07 14:50:57.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/ppp.te	2007-08-07 09:42:35.000000000 -0400
@@ -9053,7 +9243,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te	2007-10-09 10:45:19.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te	2007-10-18 10:21:16.000000000 -0400
 @@ -16,6 +16,14 @@
  
  ## <desc>
@@ -9207,7 +9397,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  userdom_dontaudit_search_sysadm_home_dirs(smbd_t)
  userdom_dontaudit_use_unpriv_user_fds(smbd_t)
  userdom_use_unpriv_users_fds(smbd_t)
-@@ -312,6 +344,12 @@
+@@ -312,10 +344,27 @@
  	miscfiles_manage_public_files(smbd_t)
  ') 
  
@@ -9220,22 +9410,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  # Support Samba sharing of NFS mount points
  tunable_policy(`samba_share_nfs',`
  	fs_manage_nfs_dirs(smbd_t)
-@@ -319,6 +357,14 @@
- ')
- 
- optional_policy(`
-+	kerberos_read_keytab(smbd_t)
+ 	fs_manage_nfs_files(smbd_t)
++	fs_manage_nfs_symlinks(smbd_t)
++	fs_manage_nfs_named_pipes(smbd_t)
++	fs_manage_nfs_named_sockets(smbd_t)
 +')
 +
 +optional_policy(`
-+	lpd_exec_lpr(smbd_t)
++	kerberos_read_keytab(smbd_t)
 +')
 +
 +optional_policy(`
- 	cups_read_rw_config(smbd_t)
- 	cups_stream_connect(smbd_t)
++	lpd_exec_lpr(smbd_t)
  ')
-@@ -339,6 +385,23 @@
+ 
+ optional_policy(`
+@@ -339,6 +388,23 @@
  	udev_read_db(smbd_t)
  ')
  
@@ -9259,7 +9449,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ########################################
  #
  # nmbd Local policy
-@@ -352,7 +415,7 @@
+@@ -352,7 +418,7 @@
  allow nmbd_t self:msgq create_msgq_perms;
  allow nmbd_t self:sem create_sem_perms;
  allow nmbd_t self:shm create_shm_perms;
@@ -9268,7 +9458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow nmbd_t self:tcp_socket create_stream_socket_perms;
  allow nmbd_t self:udp_socket create_socket_perms;
  allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -362,9 +425,11 @@
+@@ -362,9 +428,11 @@
  files_pid_filetrans(nmbd_t,nmbd_var_run_t,file)
  
  read_files_pattern(nmbd_t,samba_etc_t,samba_etc_t)
@@ -9282,7 +9472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  read_files_pattern(nmbd_t,samba_log_t,samba_log_t)
  create_files_pattern(nmbd_t,samba_log_t,samba_log_t)
  allow nmbd_t samba_log_t:dir setattr;
-@@ -373,6 +438,8 @@
+@@ -373,6 +441,8 @@
  
  allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
  
@@ -9291,7 +9481,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  kernel_getattr_core_if(nmbd_t)
  kernel_getattr_message_if(nmbd_t)
  kernel_read_kernel_sysctls(nmbd_t)
-@@ -391,6 +458,7 @@
+@@ -391,6 +461,7 @@
  corenet_udp_bind_nmbd_port(nmbd_t)
  corenet_sendrecv_nmbd_server_packets(nmbd_t)
  corenet_sendrecv_nmbd_client_packets(nmbd_t)
@@ -9299,7 +9489,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  dev_read_sysfs(nmbd_t)
  dev_getattr_mtrr_dev(nmbd_t)
-@@ -402,6 +470,7 @@
+@@ -402,6 +473,7 @@
  
  files_read_usr_files(nmbd_t)
  files_read_etc_files(nmbd_t)
@@ -9307,7 +9497,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  libs_use_ld_so(nmbd_t)
  libs_use_shared_libs(nmbd_t)
-@@ -411,8 +480,6 @@
+@@ -411,8 +483,6 @@
  
  miscfiles_read_localization(nmbd_t)
  
@@ -9316,7 +9506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  userdom_dontaudit_search_sysadm_home_dirs(nmbd_t)
  userdom_dontaudit_use_unpriv_user_fds(nmbd_t)
  userdom_use_unpriv_users_fds(nmbd_t)
-@@ -457,6 +524,7 @@
+@@ -457,6 +527,7 @@
  
  allow smbmount_t samba_secrets_t:file manage_file_perms;
  
@@ -9324,7 +9514,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow smbmount_t samba_var_t:dir rw_dir_perms;
  manage_files_pattern(smbmount_t,samba_var_t,samba_var_t)
  manage_lnk_files_pattern(smbmount_t,samba_var_t,samba_var_t)
-@@ -489,6 +557,8 @@
+@@ -489,6 +560,8 @@
  term_list_ptys(smbmount_t)
  term_use_controlling_term(smbmount_t)
  
@@ -9333,7 +9523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  corecmd_list_bin(smbmount_t)
  
  files_list_mnt(smbmount_t)
-@@ -508,21 +578,11 @@
+@@ -508,21 +581,11 @@
  
  logging_search_logs(smbmount_t)
  
@@ -9356,7 +9546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -530,22 +590,36 @@
+@@ -530,22 +593,36 @@
  # SWAT Local policy
  #
  
@@ -9400,7 +9590,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  allow swat_t smbd_t:process signull;
  
-@@ -558,7 +632,11 @@
+@@ -558,7 +635,11 @@
  manage_files_pattern(swat_t,swat_var_run_t,swat_var_run_t)
  files_pid_filetrans(swat_t,swat_var_run_t,file)
  
@@ -9413,7 +9603,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  kernel_read_kernel_sysctls(swat_t)
  kernel_read_system_state(swat_t)
-@@ -582,23 +660,24 @@
+@@ -582,23 +663,24 @@
  
  dev_read_urand(swat_t)
  
@@ -9440,7 +9630,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  optional_policy(`
  	cups_read_rw_config(swat_t)
  	cups_stream_connect(swat_t)
-@@ -612,32 +691,30 @@
+@@ -612,32 +694,30 @@
  	kerberos_use(swat_t)
  ')
  
@@ -9480,7 +9670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  manage_files_pattern(winbind_t,samba_etc_t,samba_secrets_t)
  filetrans_pattern(winbind_t,samba_etc_t,samba_secrets_t,file)
  
-@@ -645,6 +722,8 @@
+@@ -645,6 +725,8 @@
  manage_files_pattern(winbind_t,samba_log_t,samba_log_t)
  manage_lnk_files_pattern(winbind_t,samba_log_t,samba_log_t)
  
@@ -9489,7 +9679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  manage_files_pattern(winbind_t,samba_var_t,samba_var_t)
  manage_lnk_files_pattern(winbind_t,samba_var_t,samba_var_t)
  
-@@ -682,7 +761,9 @@
+@@ -682,7 +764,9 @@
  fs_getattr_all_fs(winbind_t)
  fs_search_auto_mountpoints(winbind_t)
  
@@ -9499,7 +9689,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  domain_use_interactive_fds(winbind_t)
  
-@@ -695,9 +776,6 @@
+@@ -695,9 +779,6 @@
  
  miscfiles_read_localization(winbind_t)
  
@@ -9509,7 +9699,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  userdom_dontaudit_use_unpriv_user_fds(winbind_t)
  userdom_dontaudit_search_sysadm_home_dirs(winbind_t)
  userdom_priveleged_home_dir_manager(winbind_t)
-@@ -713,10 +791,6 @@
+@@ -713,10 +794,6 @@
  ')
  
  optional_policy(`
@@ -9520,7 +9710,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  	seutil_sigchld_newrole(winbind_t)
  ')
  
-@@ -736,8 +810,11 @@
+@@ -736,8 +813,11 @@
  read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
  read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
  
@@ -9532,7 +9722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
  
  term_list_ptys(winbind_helper_t)
-@@ -757,10 +834,68 @@
+@@ -757,10 +837,68 @@
  ')
  
  optional_policy(`
@@ -9937,7 +10127,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +/usr/lib64/squid/cachemgr\.cgi	--	gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-2.6.4/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/squid.if	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/squid.if	2007-10-18 17:04:05.000000000 -0400
 @@ -131,3 +131,22 @@
  interface(`squid_use',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -9959,7 +10149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +		type squid_t;
 +	')
 +
-+	allow $1 squid_t:unix_stream_socket { read write };
++	allow $1 squid_t:unix_stream_socket { getattr read write };
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.6.4/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2007-05-07 14:50:57.000000000 -0400
@@ -10301,8 +10491,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.6.4/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/xserver.te	2007-08-07 09:42:35.000000000 -0400
-@@ -448,6 +448,10 @@
++++ serefpolicy-2.6.4/policy/modules/services/xserver.te	2007-10-18 16:08:28.000000000 -0400
+@@ -228,6 +228,7 @@
+ files_read_usr_files(xdm_t)
+ # Poweroff wants to create the /poweroff file when run from xdm
+ files_create_boot_flag(xdm_t)
++files_dontaudit_getattr_boot_dirs(xdm_t)
+ 
+ fs_getattr_all_fs(xdm_t)
+ fs_search_auto_mountpoints(xdm_t)
+@@ -448,6 +449,10 @@
  	rhgb_rw_tmpfs_files(xdm_xserver_t)
  ')
  
@@ -10457,7 +10655,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.6.4/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.if	2007-10-09 10:29:42.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.if	2007-10-18 17:07:12.000000000 -0400
 @@ -27,11 +27,9 @@
  	domain_type($1_chkpwd_t)
  	domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
@@ -10643,7 +10841,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Get the attributes of the shadow passwords file.
  ## </summary>
  ## <param name="domain">
-@@ -1357,6 +1404,8 @@
+@@ -1337,6 +1384,8 @@
+ 	allow $1 var_auth_t:dir list_dir_perms;
+ 	allow $1 var_auth_t:file manage_file_perms;
+ 	files_list_var_lib($1)
++	# read /etc/nsswitch.conf
++	files_read_etc_files($1)
+ 
+ 	miscfiles_read_certs($1)
+ 
+@@ -1357,6 +1406,8 @@
  
  	optional_policy(`
  		samba_stream_connect_winbind($1)
@@ -10652,7 +10859,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  ')
  
-@@ -1391,3 +1440,114 @@
+@@ -1391,3 +1442,114 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -12182,7 +12389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
  /etc/lvm/lock(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.6.4/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/lvm.te	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/lvm.te	2007-10-15 13:53:50.000000000 -0400
 @@ -16,6 +16,7 @@
  type lvm_t;
  type lvm_exec_t;
@@ -12191,7 +12398,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  # needs privowner because it assigns the identity system_u to device nodes
  # but runs as the identity of the sysadmin
  domain_obj_id_change_exemption(lvm_t)
-@@ -155,7 +156,9 @@
+@@ -122,8 +123,6 @@
+ lvm_read_config(clvmd_t)
+ 
+ ifdef(`targeted_policy', `
+-	term_dontaudit_use_unallocated_ttys(clvmd_t)
+-	term_dontaudit_use_generic_ptys(clvmd_t)
+ 	files_dontaudit_read_root_files(clvmd_t)
+ ')
+ 
+@@ -155,7 +154,9 @@
  
  # DAC overrides and mknod for modifying /dev entries (vgmknodes)
  # rawio needed for dmraid
@@ -12202,7 +12418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  dontaudit lvm_t self:capability sys_tty_config;
  allow lvm_t self:process { sigchld sigkill sigstop signull signal };
  # LVM will complain a lot if it cannot set its priority.
-@@ -165,6 +168,7 @@
+@@ -165,6 +166,7 @@
  allow lvm_t self:unix_dgram_socket create_socket_perms;
  allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
  
@@ -12210,7 +12426,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  allow lvm_t clvmd_t:unix_stream_socket connectto;
  
  manage_dirs_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
-@@ -189,7 +193,8 @@
+@@ -189,7 +191,8 @@
  manage_dirs_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t)
  manage_files_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t)
  manage_sock_files_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t)
@@ -12220,7 +12436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  read_files_pattern(lvm_t,lvm_etc_t,lvm_etc_t)
  read_lnk_files_pattern(lvm_t,lvm_etc_t,lvm_etc_t)
-@@ -233,6 +238,8 @@
+@@ -233,6 +236,8 @@
  dev_dontaudit_getattr_generic_blk_files(lvm_t)
  dev_dontaudit_getattr_generic_pipes(lvm_t)
  dev_create_generic_dirs(lvm_t)
@@ -12229,7 +12445,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  fs_getattr_xattr_fs(lvm_t)
  fs_search_auto_mountpoints(lvm_t)
-@@ -251,6 +258,7 @@
+@@ -251,6 +256,7 @@
  storage_dev_filetrans_fixed_disk(lvm_t)
  # Access raw devices and old /dev/lvm (c 109,0).  Is this needed?
  storage_manage_fixed_disk(lvm_t)
@@ -12237,7 +12453,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  term_getattr_all_user_ttys(lvm_t)
  term_list_ptys(lvm_t)
-@@ -305,5 +313,14 @@
+@@ -305,5 +311,14 @@
  ')
  
  optional_policy(`
@@ -12906,7 +13122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  allow ifconfig_t self:udp_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.4/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/udev.te	2007-08-31 06:15:18.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/udev.te	2007-10-15 13:46:47.000000000 -0400
 @@ -18,11 +18,6 @@
  type udev_etc_t alias etc_udev_t;
  files_config_file(udev_etc_t)
@@ -12979,10 +13195,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  
  userdom_use_sysadm_ttys(udev_t)
  userdom_dontaudit_search_all_users_home_content(udev_t)
-@@ -176,6 +187,10 @@
+@@ -176,6 +187,16 @@
  ')
  
  optional_policy(`
++	alsa_domtrans(udev_t)
++	alsa_search_lib(udev_t)
++	alsa_read_lib(udev_t)
++')
++
++optional_policy(`
 +	brctl_domtrans(udev_t)
 +')
 +
@@ -12990,7 +13212,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  	consoletype_exec(udev_t)
  ')
  
-@@ -184,6 +199,10 @@
+@@ -184,6 +205,10 @@
  ')
  
  optional_policy(`
@@ -13001,7 +13223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  	hal_dgram_send(udev_t)
  ')
  
-@@ -194,5 +213,24 @@
+@@ -194,5 +219,24 @@
  ')
  
  optional_policy(`