diff --git a/policy-F13.patch b/policy-F13.patch
index 73f0c15..5c60784 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -439,7 +439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
/usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.10/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/admin/netutils.te 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/admin/netutils.te 2010-02-26 15:38:35.000000000 -0500
@@ -44,6 +44,7 @@
allow netutils_t self:packet_socket create_socket_perms;
allow netutils_t self:udp_socket create_socket_perms;
@@ -456,7 +456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
userdom_use_user_terminals(netutils_t)
userdom_use_all_users_fds(netutils_t)
-@@ -146,6 +148,13 @@
+@@ -146,11 +148,22 @@
')
')
@@ -470,7 +470,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
optional_policy(`
munin_append_log(ping_t)
')
-@@ -211,3 +220,10 @@
+
+ optional_policy(`
++ nagios_rw_inerited_tmp_files(ping_t)
++')
++
++optional_policy(`
+ pcmcia_use_cardmgr_fds(ping_t)
+ ')
+
+@@ -211,3 +224,10 @@
dev_read_rand(traceroute_t)
dev_read_urand(traceroute_t)
files_read_usr_files(traceroute_t)
@@ -744,7 +753,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.10/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/admin/rpm.if 2010-02-26 09:12:28.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/admin/rpm.if 2010-03-01 09:23:04.000000000 -0500
@@ -13,11 +13,36 @@
interface(`rpm_domtrans',`
gen_require(`
@@ -955,7 +964,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+ type rpm_tmp_t;
+ ')
+
-+ files_search_tmps($1)
++ files_search_tmp($1)
+ append_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
+')
+
@@ -4296,8 +4305,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.10/policy/modules/apps/pulseaudio.te
--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/apps/pulseaudio.te 2010-02-26 11:04:50.000000000 -0500
-@@ -8,9 +8,19 @@
++++ serefpolicy-3.7.10/policy/modules/apps/pulseaudio.te 2010-03-01 09:47:28.000000000 -0500
+@@ -8,17 +8,28 @@
type pulseaudio_t;
type pulseaudio_exec_t;
@@ -4317,8 +4326,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
########################################
#
# pulseaudio local policy
-@@ -18,7 +28,7 @@
+ #
++allow pulseaudio_t self:capability { setuid sys_nice setgid };
allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
allow pulseaudio_t self:fifo_file rw_file_perms;
-allow pulseaudio_t self:unix_stream_socket create_stream_socket_perms;
@@ -4326,7 +4336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
allow pulseaudio_t self:udp_socket create_socket_perms;
-@@ -26,6 +36,7 @@
+@@ -26,6 +37,7 @@
can_exec(pulseaudio_t, pulseaudio_exec_t)
@@ -4334,7 +4344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
kernel_read_system_state(pulseaudio_t)
kernel_read_kernel_sysctls(pulseaudio_t)
-@@ -66,11 +77,17 @@
+@@ -66,11 +78,17 @@
bluetooth_stream_connect(pulseaudio_t)
')
@@ -4355,7 +4365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
dbus_system_bus_client(pulseaudio_t)
dbus_session_bus_client(pulseaudio_t)
dbus_connect_session_bus(pulseaudio_t)
-@@ -93,6 +110,10 @@
+@@ -93,6 +111,10 @@
')
optional_policy(`
@@ -4366,7 +4376,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
policykit_domtrans_auth(pulseaudio_t)
policykit_read_lib(pulseaudio_t)
policykit_read_reload(pulseaudio_t)
-@@ -103,6 +124,9 @@
+@@ -103,6 +125,9 @@
')
optional_policy(`
@@ -6188,7 +6198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
## Do not audit attempts to get the attributes
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.10/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/devices.te 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/devices.te 2010-02-26 15:47:09.000000000 -0500
@@ -59,6 +59,12 @@
type crypt_device_t;
dev_node(crypt_device_t)
@@ -6221,6 +6231,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
type v4l_device_t;
dev_node(v4l_device_t)
+@@ -277,5 +295,5 @@
+ #
+
+ allow devices_unconfined_type self:capability sys_rawio;
+-allow devices_unconfined_type device_node:{ blk_file chr_file } *;
++allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
+ allow devices_unconfined_type mtrr_device_t:file *;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.10/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.7.10/policy/modules/kernel/domain.if 2010-02-25 16:40:56.000000000 -0500
@@ -7461,7 +7478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.10/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/filesystem.if 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/filesystem.if 2010-02-26 15:26:19.000000000 -0500
@@ -906,7 +906,7 @@
type cifs_t;
')
@@ -8254,8 +8271,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
+gen_user(guest_u, user, guest_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.10/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2010-02-17 14:07:02.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/roles/staff.te 2010-02-23 15:54:38.000000000 -0500
-@@ -10,11 +10,25 @@
++++ serefpolicy-3.7.10/policy/modules/roles/staff.te 2010-03-01 09:58:00.000000000 -0500
+@@ -10,11 +10,26 @@
userdom_unpriv_user_template(staff)
@@ -8274,6 +8291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
+
+auth_domtrans_pam_console(staff_t)
+
++seutil_read_module_store(staff_t)
+seutil_run_newrole(staff_t, staff_r)
+netutils_run_ping(staff_t, staff_r)
+
@@ -8281,7 +8299,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
optional_policy(`
apache_role(staff_r, staff_t)
')
-@@ -22,12 +36,22 @@
+@@ -22,12 +37,22 @@
optional_policy(`
auth_role(staff_r, staff_t)
')
@@ -8304,7 +8322,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
bluetooth_role(staff_r, staff_t)
')
-@@ -99,12 +123,18 @@
+@@ -99,12 +124,18 @@
oident_manage_user_content(staff_t)
oident_relabel_user_content(staff_t)
')
@@ -8323,7 +8341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
pyzor_role(staff_r, staff_t)
')
-@@ -119,22 +149,27 @@
+@@ -119,22 +150,27 @@
optional_policy(`
screen_role_template(staff, staff_r, staff_t)
')
@@ -8351,7 +8369,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
optional_policy(`
sudo_role_template(staff, staff_r, staff_t)
-@@ -145,6 +180,7 @@
+@@ -145,6 +181,7 @@
userdom_dontaudit_use_user_terminals(staff_t)
')
@@ -8359,7 +8377,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
optional_policy(`
thunderbird_role(staff_r, staff_t)
')
-@@ -172,3 +208,69 @@
+@@ -172,3 +209,69 @@
optional_policy(`
xserver_role(staff_r, staff_t)
')
@@ -10255,7 +10273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
## All of the rules required to administrate
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.10/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/abrt.te 2010-02-26 11:55:11.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/abrt.te 2010-03-01 10:50:07.000000000 -0500
@@ -33,12 +33,24 @@
type abrt_var_run_t;
files_pid_file(abrt_var_run_t)
@@ -12748,7 +12766,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.10/policy/modules/services/asterisk.te
--- nsaserefpolicy/policy/modules/services/asterisk.te 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/asterisk.te 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/asterisk.te 2010-03-01 10:50:26.000000000 -0500
@@ -40,12 +40,13 @@
#
@@ -12796,14 +12814,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
domain_use_interactive_fds(asterisk_t)
-@@ -119,18 +127,31 @@
+@@ -118,19 +126,33 @@
+ files_read_usr_files(asterisk_t)
fs_getattr_all_fs(asterisk_t)
- fs_search_auto_mountpoints(asterisk_t)
++fs_list_inotifyfs(asterisk_t)
+fs_read_anon_inodefs_files(asterisk_t)
-+
-+auth_use_nsswitch(asterisk_t)
+ fs_search_auto_mountpoints(asterisk_t)
++auth_use_nsswitch(asterisk_t)
++
logging_send_syslog_msg(asterisk_t)
miscfiles_read_localization(asterisk_t)
@@ -12831,7 +12851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
')
optional_policy(`
-@@ -138,10 +159,11 @@
+@@ -138,10 +160,11 @@
')
optional_policy(`
@@ -13951,7 +13971,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.10/policy/modules/services/cobbler.if
--- nsaserefpolicy/policy/modules/services/cobbler.if 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/cobbler.if 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/cobbler.if 2010-02-28 10:20:18.000000000 -0500
@@ -162,6 +162,7 @@
gen_require(`
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
@@ -14899,7 +14919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.10/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/cups.te 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/cups.te 2010-03-01 08:42:24.000000000 -0500
@@ -23,6 +23,9 @@
type cupsd_initrc_exec_t;
init_script_file(cupsd_initrc_exec_t)
@@ -15184,7 +15204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
snmp_stream_connect(cyrus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.10/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/dbus.if 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/dbus.if 2010-03-01 10:27:15.000000000 -0500
@@ -42,8 +42,10 @@
gen_require(`
class dbus { send_msg acquire_svc };
@@ -15275,13 +15295,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
## for service (acquire_svc).
##
##
-@@ -364,6 +372,18 @@
+@@ -364,6 +372,19 @@
dbus_system_bus_client($1)
dbus_connect_system_bus($1)
+ ps_process_pattern(system_dbusd_t, $1)
+
+ userdom_dontaudit_search_admin_dir($1)
++ userdom_read_all_users_state($1)
+
+ optional_policy(`
+ rpm_script_dbus_chat($1)
@@ -15294,7 +15315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
ifdef(`hide_broken_symptoms', `
dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
')
-@@ -405,3 +425,24 @@
+@@ -405,3 +426,24 @@
typeattribute $1 dbusd_unconfined;
')
@@ -15847,6 +15868,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
+optional_policy(`
vbetool_domtrans(devicekit_power_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.7.10/policy/modules/services/dhcp.te
+--- nsaserefpolicy/policy/modules/services/dhcp.te 2010-02-12 10:33:09.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/dhcp.te 2010-02-28 10:19:25.000000000 -0500
+@@ -112,6 +112,10 @@
+ ')
+
+ optional_policy(`
++ cobbler_dontaudit_rw_log(dhcpd_t)
++')
++
++optional_policy(`
+ dbus_system_bus_client(dhcpd_t)
+ dbus_connect_system_bus(dhcpd_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.if serefpolicy-3.7.10/policy/modules/services/djbdns.if
--- nsaserefpolicy/policy/modules/services/djbdns.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.7.10/policy/modules/services/djbdns.if 2010-02-23 15:54:38.000000000 -0500
@@ -17312,7 +17347,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd
allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.10/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/hal.te 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/hal.te 2010-03-01 08:44:41.000000000 -0500
@@ -55,6 +55,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -17340,7 +17375,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
kernel_setsched(hald_t)
kernel_request_load_module(hald_t)
-@@ -161,6 +165,7 @@
+@@ -117,6 +121,7 @@
+ corenet_udp_sendrecv_all_ports(hald_t)
+
+ dev_rw_usbfs(hald_t)
++dev_read_rand(hald_t)
+ dev_read_urand(hald_t)
+ dev_read_input(hald_t)
+ dev_read_mouse(hald_t)
+@@ -161,6 +166,7 @@
fs_unmount_dos_fs(hald_t)
fs_manage_dos_files(hald_t)
fs_manage_fusefs_dirs(hald_t)
@@ -17348,7 +17391,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
files_getattr_all_mountpoints(hald_t)
-@@ -295,6 +300,7 @@
+@@ -266,6 +272,10 @@
+ ')
+
+ optional_policy(`
++ gnome_read_config(hald_t)
++')
++
++optional_policy(`
+ gpm_dontaudit_getattr_gpmctl(hald_t)
+ ')
+
+@@ -295,6 +305,7 @@
')
optional_policy(`
@@ -17356,7 +17410,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
ppp_read_rw_config(hald_t)
')
-@@ -331,6 +337,10 @@
+@@ -320,6 +331,10 @@
+ ')
+
+ optional_policy(`
++ usbmuxd_stream_connect(hald_t)
++')
++
++optional_policy(`
+ updfstab_domtrans(hald_t)
+ ')
+
+@@ -331,6 +346,10 @@
virt_manage_images(hald_t)
')
@@ -17367,7 +17432,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
########################################
#
# Hal acl local policy
-@@ -351,6 +361,7 @@
+@@ -351,6 +370,7 @@
manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -17375,7 +17440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
corecmd_exec_bin(hald_acl_t)
-@@ -463,6 +474,10 @@
+@@ -463,6 +483,10 @@
miscfiles_read_localization(hald_keymap_t)
@@ -17675,6 +17740,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
+optional_policy(`
+ rtkit_daemon_system_domain(icecast_t)
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.7.10/policy/modules/services/inn.te
+--- nsaserefpolicy/policy/modules/services/inn.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.7.10/policy/modules/services/inn.te 2010-03-01 09:16:38.000000000 -0500
+@@ -106,6 +106,7 @@
+
+ userdom_dontaudit_use_unpriv_user_fds(innd_t)
+ userdom_dontaudit_search_user_home_dirs(innd_t)
++userdom_stream_connect(innd_t)
+
+ mta_send_mail(innd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.10/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2009-07-23 14:11:04.000000000 -0400
+++ serefpolicy-3.7.10/policy/modules/services/kerberos.if 2010-02-23 15:54:38.000000000 -0500
@@ -18567,51 +18643,55 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+/usr/lib(64)?/nagios/plugins/check_by_ssh -- gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.10/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/nagios.if 2010-02-23 15:54:38.000000000 -0500
-@@ -64,7 +64,7 @@
++++ serefpolicy-3.7.10/policy/modules/services/nagios.if 2010-02-26 15:37:58.000000000 -0500
+@@ -64,8 +64,8 @@
########################################
##
-## Execute the nagios CGI with
-+## Execute the nagios NRPE with
- ## a domain transition.
+-## a domain transition.
++## Allow the specified domain to read
++## nagios temporary files.
##
##
-@@ -73,18 +73,17 @@
+ ##
+@@ -73,12 +73,13 @@
##
##
#
-interface(`nagios_domtrans_cgi',`
-+interface(`nagios_domtrans_nrpe',`
++interface(`nagios_rw_inerited_tmp_files',`
gen_require(`
- type nagios_cgi_t, nagios_cgi_exec_t;
-+ type nrpe_t, nrpe_exec_t;
++ type nagios_tmp_t;
')
- domtrans_pattern($1, nagios_cgi_exec_t, nagios_cgi_t)
-+ domtrans_pattern($1, nrpe_exec_t, nrpe_t)
++ allow $1 nagios_tmp_t:file rw_inherited_file_perms;
++ files_search_tmp($1)
')
########################################
- ##
--## Execute the nagios NRPE with
--## a domain transition.
+@@ -99,3 +100,134 @@
+
+ domtrans_pattern($1, nrpe_exec_t, nrpe_t)
+ ')
++
++########################################
++##
+## Search nagios spool directories.
- ##
- ##
- ##
-@@ -92,10 +91,123 @@
- ##
- ##
- #
--interface(`nagios_domtrans_nrpe',`
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
+interface(`nagios_search_spool',`
- gen_require(`
-- type nrpe_t, nrpe_exec_t;
++ gen_require(`
+ type nagios_spool_t;
- ')
-
-- domtrans_pattern($1, nrpe_exec_t, nrpe_t)
++ ')
++
+ allow $1 nagios_spool_t:dir search_dir_perms;
+ files_search_spool($1)
+')
@@ -18726,7 +18806,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+ admin_pattern($1, nagios_var_run_t)
+
+ admin_pattern($1, nrpe_etc_t)
- ')
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.10/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.7.10/policy/modules/services/nagios.te 2010-02-23 15:54:38.000000000 -0500
@@ -26323,7 +26403,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbm
+/var/run/usbmuxd -s gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.if serefpolicy-3.7.10/policy/modules/services/usbmuxd.if
--- nsaserefpolicy/policy/modules/services/usbmuxd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/usbmuxd.if 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/usbmuxd.if 2010-02-28 07:25:11.000000000 -0500
@@ -0,0 +1,39 @@
+## Daemon for communicating with Apple's iPod Touch and iPhone
+
@@ -26844,7 +26924,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.10/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/virt.te 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/virt.te 2010-03-01 09:05:11.000000000 -0500
@@ -15,6 +15,13 @@
##
@@ -27013,7 +27093,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
dev_write_sound(virt_domain)
dev_rw_ksm(virt_domain)
dev_rw_kvm(virt_domain)
-@@ -410,11 +447,17 @@
+@@ -410,11 +447,21 @@
files_read_etc_files(virt_domain)
files_read_usr_files(virt_domain)
files_read_var_files(virt_domain)
@@ -27023,6 +27103,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
fs_rw_anon_inodefs_files(virt_domain)
fs_rw_tmpfs_files(virt_domain)
++# I think we need these for now.
++miscfiles_read_public_files(virt_domain)
++storage_raw_read_removable_device(virt_domain)
++
+term_use_all_terms(virt_domain)
+term_getattr_pty_fs(virt_domain)
+term_use_generic_ptys(virt_domain)
@@ -30455,7 +30539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.10/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/system/libraries.fc 2010-02-24 13:20:29.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/libraries.fc 2010-03-01 10:44:28.000000000 -0500
@@ -60,12 +60,15 @@
#
# /opt
@@ -30672,7 +30756,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
') dnl end distro_redhat
#
-@@ -307,10 +317,141 @@
+@@ -307,10 +317,143 @@
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
@@ -30814,6 +30898,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+/opt/real/RealPlayer/codecs(/.*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+/usr/lib(64)?/vdpau/libvdpau_nvidia\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/usr/lib(64)?/libGTL.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.10/policy/modules/system/libraries.if
--- nsaserefpolicy/policy/modules/system/libraries.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.7.10/policy/modules/system/libraries.if 2010-02-23 15:54:38.000000000 -0500
@@ -32004,7 +32090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.10/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/system/selinuxutil.if 2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/selinuxutil.if 2010-03-01 09:57:50.000000000 -0500
@@ -351,6 +351,27 @@
########################################
@@ -34068,7 +34154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+HOME_DIR/\.gvfs(/.*)? <>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.10/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/system/userdomain.if 2010-02-26 09:05:50.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/userdomain.if 2010-03-01 10:27:00.000000000 -0500
@@ -30,8 +30,9 @@
')