diff --git a/policy-20070703.patch b/policy-20070703.patch
index faf6e45..6123c15 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -6893,7 +6893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
dev_read_rand(amavis_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.0.8/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.fc 2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.fc 2008-08-26 20:36:50.000000000 -0400
@@ -3,12 +3,13 @@
/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@ -6955,12 +6955,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
ifdef(`distro_debian', `
/var/log/horde2(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
')
-@@ -65,11 +71,24 @@
+@@ -65,11 +71,23 @@
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
+/var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
-+/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0)
@@ -9205,7 +9204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.0.8/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.fc 2008-07-30 11:33:25.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/cups.fc 2008-09-08 11:56:44.000000000 -0400
@@ -8,24 +8,28 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -9249,7 +9248,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -51,4 +55,8 @@
+@@ -46,9 +50,14 @@
+ /var/log/turboprint_cups\.log.* -- gen_context(system_u:object_r:cupsd_log_t,s0)
+
+ /var/run/cups(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
++/var/ccpd(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
+ /var/run/hp.*\.pid -- gen_context(system_u:object_r:hplip_var_run_t,s0)
+ /var/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
@@ -9269,7 +9274,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/cups.te 2008-09-08 11:56:57.000000000 -0400
@@ -48,9 +48,8 @@
type hplip_t;
type hplip_exec_t;
@@ -9309,8 +9314,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
allow cupsd_t cupsd_exec_t:lnk_file read;
manage_files_pattern(cupsd_t,cupsd_log_t,cupsd_log_t)
-@@ -122,13 +121,14 @@
+@@ -120,15 +119,17 @@
+ allow cupsd_t cupsd_var_run_t:dir setattr;
+ manage_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
manage_sock_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
++manage_fifo_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
files_pid_filetrans(cupsd_t,cupsd_var_run_t,file)
-read_files_pattern(cupsd_t,hplip_etc_t,hplip_etc_t)
@@ -9326,7 +9334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
kernel_read_system_state(cupsd_t)
kernel_read_network_state(cupsd_t)
kernel_read_all_sysctls(cupsd_t)
-@@ -150,21 +150,27 @@
+@@ -150,21 +151,27 @@
corenet_tcp_bind_reserved_port(cupsd_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
corenet_tcp_connect_all_ports(cupsd_t)
@@ -9355,7 +9363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
mls_file_downgrade(cupsd_t)
mls_file_write_all_levels(cupsd_t)
mls_file_read_all_levels(cupsd_t)
-@@ -174,6 +180,7 @@
+@@ -174,6 +181,7 @@
term_search_ptys(cupsd_t)
auth_domtrans_chk_passwd(cupsd_t)
@@ -9363,7 +9371,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
auth_dontaudit_read_pam_pid(cupsd_t)
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
-@@ -187,7 +194,7 @@
+@@ -187,7 +195,7 @@
# read python modules
files_read_usr_files(cupsd_t)
# for /var/lib/defoma
@@ -9372,7 +9380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
files_list_world_readable(cupsd_t)
files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t)
-@@ -196,12 +203,9 @@
+@@ -196,12 +204,9 @@
files_read_var_symlinks(cupsd_t)
# for /etc/printcap
files_dontaudit_write_etc_files(cupsd_t)
@@ -9386,7 +9394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
init_exec_script_files(cupsd_t)
-@@ -220,18 +224,41 @@
+@@ -220,18 +225,41 @@
seutil_read_config(cupsd_t)
sysnet_read_config(cupsd_t)
@@ -9428,7 +9436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
apm_domtrans_client(cupsd_t)
')
-@@ -263,16 +290,16 @@
+@@ -263,16 +291,16 @@
')
optional_policy(`
@@ -9449,7 +9457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
seutil_sigchld_newrole(cupsd_t)
')
-@@ -331,6 +358,7 @@
+@@ -331,6 +359,7 @@
dev_read_sysfs(cupsd_config_t)
dev_read_urand(cupsd_config_t)
dev_read_rand(cupsd_config_t)
@@ -9457,7 +9465,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -356,6 +384,7 @@
+@@ -356,6 +385,7 @@
logging_send_syslog_msg(cupsd_config_t)
miscfiles_read_localization(cupsd_config_t)
@@ -9465,7 +9473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
seutil_dontaudit_search_config(cupsd_config_t)
-@@ -377,6 +406,14 @@
+@@ -377,6 +407,14 @@
')
optional_policy(`
@@ -9480,7 +9488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -393,6 +430,7 @@
+@@ -393,6 +431,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -9488,7 +9496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
')
optional_policy(`
-@@ -482,6 +520,8 @@
+@@ -482,6 +521,8 @@
files_read_etc_files(cupsd_lpd_t)
@@ -9497,7 +9505,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
libs_use_ld_so(cupsd_lpd_t)
libs_use_shared_libs(cupsd_lpd_t)
-@@ -489,22 +529,12 @@
+@@ -489,22 +530,12 @@
miscfiles_read_localization(cupsd_lpd_t)
@@ -9520,7 +9528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
########################################
#
# HPLIP local policy
-@@ -522,14 +552,12 @@
+@@ -522,14 +553,12 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
@@ -9539,7 +9547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-@@ -560,7 +588,7 @@
+@@ -560,7 +589,7 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -9548,7 +9556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -587,7 +615,7 @@
+@@ -587,7 +616,7 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -9557,7 +9565,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
optional_policy(`
seutil_sigchld_newrole(hplip_t)
-@@ -668,3 +696,15 @@
+@@ -668,3 +697,15 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -11826,7 +11834,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.0.8/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mailman.te 2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/mailman.te 2008-08-28 09:25:27.000000000 -0400
@@ -55,6 +55,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -11840,7 +11848,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
#
allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
-+allow mailman_mail_t self:process signal;
++allow mailman_mail_t self:process { signal signull };
+allow mailman_mail_t initrc_t:process signal;
+allow mailman_mail_t self:capability { setuid setgid };
+
@@ -19381,7 +19389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-07-24 06:57:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-08-29 12:42:00.000000000 -0400
@@ -1,4 +1,4 @@
-
+
@@ -19453,7 +19461,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+userdom_write_unpriv_users_tmp_files(pam_t)
+userdom_unlink_unpriv_users_tmp_files(pam_t)
+userdom_dontaudit_read_unpriv_users_home_content_files(pam_t)
-+userdom_dontaudit_write_user_home_content_files(user, pam_t)
++userdom_dontaudit_write_unpriv_user_home_content_files(pam_t)
+userdom_append_unpriv_users_home_content_files(pam_t)
+userdom_dontaudit_read_user_tmp_files(user, pam_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b9d64a6..ddbfc26 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 114%{?dist}
+Release: 115%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
%endif
%changelog
+* Tue Aug 26 2008 Dan Walsh 3.0.8-115
+- Remove definition for /var/run/mod_fcgid(/.*)?
+
* Tue Aug 12 2008 Dan Walsh 3.0.8-114
- Allow bluetooth to read hwdate