diff --git a/policy-F13.patch b/policy-F13.patch
index 73f0c15..5c60784 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -439,7 +439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  /usr/sbin/tcpdump	--	gen_context(system_u:object_r:netutils_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.10/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/admin/netutils.te	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/admin/netutils.te	2010-02-26 15:38:35.000000000 -0500
 @@ -44,6 +44,7 @@
  allow netutils_t self:packet_socket create_socket_perms;
  allow netutils_t self:udp_socket create_socket_perms;
@@ -456,7 +456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  userdom_use_user_terminals(netutils_t)
  userdom_use_all_users_fds(netutils_t)
  
-@@ -146,6 +148,13 @@
+@@ -146,11 +148,22 @@
  	')
  ')
  
@@ -470,7 +470,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  optional_policy(`
  	munin_append_log(ping_t)
  ')
-@@ -211,3 +220,10 @@
+ 
+ optional_policy(`
++	nagios_rw_inerited_tmp_files(ping_t)
++')
++
++optional_policy(`
+ 	pcmcia_use_cardmgr_fds(ping_t)
+ ')
+ 
+@@ -211,3 +224,10 @@
  dev_read_rand(traceroute_t)
  dev_read_urand(traceroute_t)
  files_read_usr_files(traceroute_t)
@@ -744,7 +753,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc 
  /usr/bin/online_update		--	gen_context(system_u:object_r:rpm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.10/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/admin/rpm.if	2010-02-26 09:12:28.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/admin/rpm.if	2010-03-01 09:23:04.000000000 -0500
 @@ -13,11 +13,36 @@
  interface(`rpm_domtrans',`
  	gen_require(`
@@ -955,7 +964,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if 
 +                type rpm_tmp_t;
 +        ')
 +
-+        files_search_tmps($1)
++        files_search_tmp($1)
 +        append_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
 +')
 +
@@ -4296,8 +4305,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.10/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/apps/pulseaudio.te	2010-02-26 11:04:50.000000000 -0500
-@@ -8,9 +8,19 @@
++++ serefpolicy-3.7.10/policy/modules/apps/pulseaudio.te	2010-03-01 09:47:28.000000000 -0500
+@@ -8,17 +8,28 @@
  
  type pulseaudio_t;
  type pulseaudio_exec_t;
@@ -4317,8 +4326,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  ########################################
  #
  # pulseaudio local policy
-@@ -18,7 +28,7 @@
+ #
  
++allow pulseaudio_t self:capability { setuid sys_nice setgid };
  allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
  allow pulseaudio_t self:fifo_file rw_file_perms;
 -allow pulseaudio_t self:unix_stream_socket create_stream_socket_perms;
@@ -4326,7 +4336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
  allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
  allow pulseaudio_t self:udp_socket create_socket_perms;
-@@ -26,6 +36,7 @@
+@@ -26,6 +37,7 @@
  
  can_exec(pulseaudio_t, pulseaudio_exec_t)
  
@@ -4334,7 +4344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  kernel_read_system_state(pulseaudio_t)
  kernel_read_kernel_sysctls(pulseaudio_t)
  
-@@ -66,11 +77,17 @@
+@@ -66,11 +78,17 @@
  	bluetooth_stream_connect(pulseaudio_t)
  ')
  
@@ -4355,7 +4365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  	dbus_system_bus_client(pulseaudio_t)
  	dbus_session_bus_client(pulseaudio_t)
  	dbus_connect_session_bus(pulseaudio_t)
-@@ -93,6 +110,10 @@
+@@ -93,6 +111,10 @@
  ')
  
  optional_policy(`
@@ -4366,7 +4376,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  	policykit_domtrans_auth(pulseaudio_t)
  	policykit_read_lib(pulseaudio_t)
  	policykit_read_reload(pulseaudio_t)
-@@ -103,6 +124,9 @@
+@@ -103,6 +125,9 @@
  ')
  
  optional_policy(`
@@ -6188,7 +6198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  ##	Do not audit attempts to get the attributes
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.10/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/devices.te	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/devices.te	2010-02-26 15:47:09.000000000 -0500
 @@ -59,6 +59,12 @@
  type crypt_device_t;
  dev_node(crypt_device_t)
@@ -6221,6 +6231,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  type v4l_device_t;
  dev_node(v4l_device_t)
  
+@@ -277,5 +295,5 @@
+ #
+ 
+ allow devices_unconfined_type self:capability sys_rawio;
+-allow devices_unconfined_type device_node:{ blk_file chr_file } *;
++allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
+ allow devices_unconfined_type mtrr_device_t:file *;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.10/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.7.10/policy/modules/kernel/domain.if	2010-02-25 16:40:56.000000000 -0500
@@ -7461,7 +7478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.10/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/filesystem.if	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/filesystem.if	2010-02-26 15:26:19.000000000 -0500
 @@ -906,7 +906,7 @@
  		type cifs_t;
  	')
@@ -8254,8 +8271,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
 +gen_user(guest_u, user, guest_r, s0, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.10/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2010-02-17 14:07:02.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/roles/staff.te	2010-02-23 15:54:38.000000000 -0500
-@@ -10,11 +10,25 @@
++++ serefpolicy-3.7.10/policy/modules/roles/staff.te	2010-03-01 09:58:00.000000000 -0500
+@@ -10,11 +10,26 @@
  
  userdom_unpriv_user_template(staff)
  
@@ -8274,6 +8291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
 +
 +auth_domtrans_pam_console(staff_t)
 +
++seutil_read_module_store(staff_t)
 +seutil_run_newrole(staff_t, staff_r)
 +netutils_run_ping(staff_t, staff_r)
 +
@@ -8281,7 +8299,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
  optional_policy(`
  	apache_role(staff_r, staff_t)
  ')
-@@ -22,12 +36,22 @@
+@@ -22,12 +37,22 @@
  optional_policy(`
  	auth_role(staff_r, staff_t)
  ')
@@ -8304,7 +8322,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
  	bluetooth_role(staff_r, staff_t)
  ')
  
-@@ -99,12 +123,18 @@
+@@ -99,12 +124,18 @@
  	oident_manage_user_content(staff_t)
  	oident_relabel_user_content(staff_t)
  ')
@@ -8323,7 +8341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
  	pyzor_role(staff_r, staff_t)
  ')
  
-@@ -119,22 +149,27 @@
+@@ -119,22 +150,27 @@
  optional_policy(`
  	screen_role_template(staff, staff_r, staff_t)
  ')
@@ -8351,7 +8369,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
  
  optional_policy(`
  	sudo_role_template(staff, staff_r, staff_t)
-@@ -145,6 +180,7 @@
+@@ -145,6 +181,7 @@
  	userdom_dontaudit_use_user_terminals(staff_t)
  ')
  
@@ -8359,7 +8377,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
  optional_policy(`
  	thunderbird_role(staff_r, staff_t)
  ')
-@@ -172,3 +208,69 @@
+@@ -172,3 +209,69 @@
  optional_policy(`
  	xserver_role(staff_r, staff_t)
  ')
@@ -10255,7 +10273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  ##	All of the rules required to administrate 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.10/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/abrt.te	2010-02-26 11:55:11.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/abrt.te	2010-03-01 10:50:07.000000000 -0500
 @@ -33,12 +33,24 @@
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
@@ -12748,7 +12766,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.10/policy/modules/services/asterisk.te
 --- nsaserefpolicy/policy/modules/services/asterisk.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/asterisk.te	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/asterisk.te	2010-03-01 10:50:26.000000000 -0500
 @@ -40,12 +40,13 @@
  #
  
@@ -12796,14 +12814,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
  
  domain_use_interactive_fds(asterisk_t)
  
-@@ -119,18 +127,31 @@
+@@ -118,19 +126,33 @@
+ files_read_usr_files(asterisk_t)
  
  fs_getattr_all_fs(asterisk_t)
- fs_search_auto_mountpoints(asterisk_t)
++fs_list_inotifyfs(asterisk_t)
 +fs_read_anon_inodefs_files(asterisk_t)
-+
-+auth_use_nsswitch(asterisk_t)
+ fs_search_auto_mountpoints(asterisk_t)
  
++auth_use_nsswitch(asterisk_t)
++
  logging_send_syslog_msg(asterisk_t)
  
  miscfiles_read_localization(asterisk_t)
@@ -12831,7 +12851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
  ')
  
  optional_policy(`
-@@ -138,10 +159,11 @@
+@@ -138,10 +160,11 @@
  ')
  
  optional_policy(`
@@ -13951,7 +13971,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.10/policy/modules/services/cobbler.if
 --- nsaserefpolicy/policy/modules/services/cobbler.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/cobbler.if	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/cobbler.if	2010-02-28 10:20:18.000000000 -0500
 @@ -162,6 +162,7 @@
  	gen_require(`
  		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
@@ -14899,7 +14919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.10/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/cups.te	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/cups.te	2010-03-01 08:42:24.000000000 -0500
 @@ -23,6 +23,9 @@
  type cupsd_initrc_exec_t;
  init_script_file(cupsd_initrc_exec_t)
@@ -15184,7 +15204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
  	snmp_stream_connect(cyrus_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.10/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/dbus.if	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/dbus.if	2010-03-01 10:27:15.000000000 -0500
 @@ -42,8 +42,10 @@
  	gen_require(`
  		class dbus { send_msg acquire_svc };
@@ -15275,13 +15295,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ##	for service (acquire_svc).
  ## </summary>
  ## <param name="domain">
-@@ -364,6 +372,18 @@
+@@ -364,6 +372,19 @@
  	dbus_system_bus_client($1)
  	dbus_connect_system_bus($1)
  
 +	ps_process_pattern(system_dbusd_t, $1)
 +
 +	userdom_dontaudit_search_admin_dir($1)
++	userdom_read_all_users_state($1)
 +
 +	optional_policy(`
 +		rpm_script_dbus_chat($1)
@@ -15294,7 +15315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  	ifdef(`hide_broken_symptoms', `
  		dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
  	')
-@@ -405,3 +425,24 @@
+@@ -405,3 +426,24 @@
  
  	typeattribute $1 dbusd_unconfined;
  ')
@@ -15847,6 +15868,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
 +optional_policy(`
  	vbetool_domtrans(devicekit_power_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.7.10/policy/modules/services/dhcp.te
+--- nsaserefpolicy/policy/modules/services/dhcp.te	2010-02-12 10:33:09.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/dhcp.te	2010-02-28 10:19:25.000000000 -0500
+@@ -112,6 +112,10 @@
+ ')
+ 
+ optional_policy(`
++	cobbler_dontaudit_rw_log(dhcpd_t)
++')
++
++optional_policy(`
+ 	dbus_system_bus_client(dhcpd_t)
+ 	dbus_connect_system_bus(dhcpd_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.if serefpolicy-3.7.10/policy/modules/services/djbdns.if
 --- nsaserefpolicy/policy/modules/services/djbdns.if	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.7.10/policy/modules/services/djbdns.if	2010-02-23 15:54:38.000000000 -0500
@@ -17312,7 +17347,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd
  allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.10/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/hal.te	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/hal.te	2010-03-01 08:44:41.000000000 -0500
 @@ -55,6 +55,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -17340,7 +17375,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  kernel_setsched(hald_t)
  kernel_request_load_module(hald_t)
  
-@@ -161,6 +165,7 @@
+@@ -117,6 +121,7 @@
+ corenet_udp_sendrecv_all_ports(hald_t)
+ 
+ dev_rw_usbfs(hald_t)
++dev_read_rand(hald_t)
+ dev_read_urand(hald_t)
+ dev_read_input(hald_t)
+ dev_read_mouse(hald_t)
+@@ -161,6 +166,7 @@
  fs_unmount_dos_fs(hald_t)
  fs_manage_dos_files(hald_t)
  fs_manage_fusefs_dirs(hald_t)
@@ -17348,7 +17391,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  files_getattr_all_mountpoints(hald_t)
  
-@@ -295,6 +300,7 @@
+@@ -266,6 +272,10 @@
+ ')
+ 
+ optional_policy(`
++	gnome_read_config(hald_t)
++')
++
++optional_policy(`
+ 	gpm_dontaudit_getattr_gpmctl(hald_t)
+ ')
+ 
+@@ -295,6 +305,7 @@
  ')
  
  optional_policy(`
@@ -17356,7 +17410,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	ppp_read_rw_config(hald_t)
  ')
  
-@@ -331,6 +337,10 @@
+@@ -320,6 +331,10 @@
+ ')
+ 
+ optional_policy(`
++	usbmuxd_stream_connect(hald_t)
++')
++
++optional_policy(`
+ 	updfstab_domtrans(hald_t)
+ ')
+ 
+@@ -331,6 +346,10 @@
  	virt_manage_images(hald_t)
  ')
  
@@ -17367,7 +17432,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ########################################
  #
  # Hal acl local policy
-@@ -351,6 +361,7 @@
+@@ -351,6 +370,7 @@
  manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -17375,7 +17440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  corecmd_exec_bin(hald_acl_t)
  
-@@ -463,6 +474,10 @@
+@@ -463,6 +483,10 @@
  
  miscfiles_read_localization(hald_keymap_t)
  
@@ -17675,6 +17740,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
 +optional_policy(`
 +         rtkit_daemon_system_domain(icecast_t)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.7.10/policy/modules/services/inn.te
+--- nsaserefpolicy/policy/modules/services/inn.te	2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.7.10/policy/modules/services/inn.te	2010-03-01 09:16:38.000000000 -0500
+@@ -106,6 +106,7 @@
+ 
+ userdom_dontaudit_use_unpriv_user_fds(innd_t)
+ userdom_dontaudit_search_user_home_dirs(innd_t)
++userdom_stream_connect(innd_t)
+ 
+ mta_send_mail(innd_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.10/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2009-07-23 14:11:04.000000000 -0400
 +++ serefpolicy-3.7.10/policy/modules/services/kerberos.if	2010-02-23 15:54:38.000000000 -0500
@@ -18567,51 +18643,55 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 +/usr/lib(64)?/nagios/plugins/check_by_ssh       --      gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.10/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/nagios.if	2010-02-23 15:54:38.000000000 -0500
-@@ -64,7 +64,7 @@
++++ serefpolicy-3.7.10/policy/modules/services/nagios.if	2010-02-26 15:37:58.000000000 -0500
+@@ -64,8 +64,8 @@
  
  ########################################
  ## <summary>
 -##	Execute the nagios CGI with
-+##	Execute the nagios NRPE with
- ##	a domain transition.
+-##	a domain transition.
++##	Allow the specified domain to read
++##	nagios temporary files.
  ## </summary>
  ## <param name="domain">
-@@ -73,18 +73,17 @@
+ ##	<summary>
+@@ -73,12 +73,13 @@
  ##	</summary>
  ## </param>
  #
 -interface(`nagios_domtrans_cgi',`
-+interface(`nagios_domtrans_nrpe',`
++interface(`nagios_rw_inerited_tmp_files',`
  	gen_require(`
 -		type nagios_cgi_t, nagios_cgi_exec_t;
-+		type nrpe_t, nrpe_exec_t;
++		type nagios_tmp_t;
  	')
  
 -	domtrans_pattern($1, nagios_cgi_exec_t, nagios_cgi_t)
-+	domtrans_pattern($1, nrpe_exec_t, nrpe_t)
++	allow $1 nagios_tmp_t:file rw_inherited_file_perms;
++	files_search_tmp($1)
  ')
  
  ########################################
- ## <summary>
--##	Execute the nagios NRPE with
--##	a domain transition.
+@@ -99,3 +100,134 @@
+ 
+ 	domtrans_pattern($1, nrpe_exec_t, nrpe_t)
+ ')
++
++########################################
++## <summary>
 +##	Search nagios spool directories.
- ## </summary>
- ## <param name="domain">
- ##	<summary>
-@@ -92,10 +91,123 @@
- ##	</summary>
- ## </param>
- #
--interface(`nagios_domtrans_nrpe',`
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
 +interface(`nagios_search_spool',`
- 	gen_require(`
--		type nrpe_t, nrpe_exec_t;
++	gen_require(`
 +		type nagios_spool_t;
- 	')
- 
--	domtrans_pattern($1, nrpe_exec_t, nrpe_t)
++	')
++
 +	allow $1 nagios_spool_t:dir search_dir_perms;
 +	files_search_spool($1)
 +')
@@ -18726,7 +18806,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 +	admin_pattern($1, nagios_var_run_t)
 +
 +	admin_pattern($1, nrpe_etc_t)
- ')
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.10/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2009-08-14 16:14:31.000000000 -0400
 +++ serefpolicy-3.7.10/policy/modules/services/nagios.te	2010-02-23 15:54:38.000000000 -0500
@@ -26323,7 +26403,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbm
 +/var/run/usbmuxd	-s 	gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.if serefpolicy-3.7.10/policy/modules/services/usbmuxd.if
 --- nsaserefpolicy/policy/modules/services/usbmuxd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/usbmuxd.if	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/usbmuxd.if	2010-02-28 07:25:11.000000000 -0500
 @@ -0,0 +1,39 @@
 +## <summary>Daemon for communicating with Apple's iPod Touch and iPhone</summary>
 +
@@ -26844,7 +26924,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.10/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/virt.te	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/virt.te	2010-03-01 09:05:11.000000000 -0500
 @@ -15,6 +15,13 @@
  
  ## <desc>
@@ -27013,7 +27093,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  dev_write_sound(virt_domain)
  dev_rw_ksm(virt_domain)
  dev_rw_kvm(virt_domain)
-@@ -410,11 +447,17 @@
+@@ -410,11 +447,21 @@
  files_read_etc_files(virt_domain)
  files_read_usr_files(virt_domain)
  files_read_var_files(virt_domain)
@@ -27023,6 +27103,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  fs_rw_anon_inodefs_files(virt_domain)
  fs_rw_tmpfs_files(virt_domain)
  
++# I think we need these for now.
++miscfiles_read_public_files(virt_domain)
++storage_raw_read_removable_device(virt_domain)
++
 +term_use_all_terms(virt_domain)
 +term_getattr_pty_fs(virt_domain)
 +term_use_generic_ptys(virt_domain)
@@ -30455,7 +30539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.10/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/system/libraries.fc	2010-02-24 13:20:29.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/libraries.fc	2010-03-01 10:44:28.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -30672,7 +30756,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  ') dnl end distro_redhat
  
  #
-@@ -307,10 +317,141 @@
+@@ -307,10 +317,143 @@
  
  /var/mailman/pythonlib(/.*)?/.+\.so(\..*)? --	gen_context(system_u:object_r:lib_t,s0)
  
@@ -30814,6 +30898,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +/opt/real/RealPlayer/codecs(/.*)?	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
 +/usr/lib(64)?/vdpau/libvdpau_nvidia\.so.*  --	gen_context(system_u:object_r:textrel_shlib_t,s0)	
++
++/usr/lib(64)?/libGTL.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.10/policy/modules/system/libraries.if
 --- nsaserefpolicy/policy/modules/system/libraries.if	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.7.10/policy/modules/system/libraries.if	2010-02-23 15:54:38.000000000 -0500
@@ -32004,7 +32090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.10/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/system/selinuxutil.if	2010-02-23 15:54:38.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/selinuxutil.if	2010-03-01 09:57:50.000000000 -0500
 @@ -351,6 +351,27 @@
  
  ########################################
@@ -34068,7 +34154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.10/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/system/userdomain.if	2010-02-26 09:05:50.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/userdomain.if	2010-03-01 10:27:00.000000000 -0500
 @@ -30,8 +30,9 @@
  	')