diff --git a/policy-20080710.patch b/policy-20080710.patch
index 26d9bd8..f655f2c 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -5212,14 +5212,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut
  dbus_system_bus_client_template(podsleuth, podsleuth_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.5.13/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/qemu.fc	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/apps/qemu.fc	2009-02-25 19:55:15.000000000 +0100
 @@ -1,2 +1,7 @@
  /usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
  /usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 +
-+/var/cache/libvirt(/.*)? -- gen_context(system_u:object_r:qemu_cache_t,s0)
++/var/cache/libvirt(/.*)? 	gen_context(system_u:object_r:qemu_cache_t,s0)
 +
-+/var/run/libvirt/qemu(/.*)? -- gen_context(system_u:object_r:qemu_var_run_t,s0)
++/var/run/libvirt/qemu(/.*)?   	gen_context(system_u:object_r:qemu_var_run_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.5.13/policy/modules/apps/qemu.if
 --- nsaserefpolicy/policy/modules/apps/qemu.if	2008-10-17 14:49:14.000000000 +0200
@@ -5651,7 +5651,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.5.13/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/qemu.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/apps/qemu.te	2009-02-26 15:42:13.000000000 +0100
 @@ -6,6 +6,9 @@
  # Declarations
  #
@@ -5662,7 +5662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te 
  ## <desc>
  ## <p>
  ## Allow qemu to connect fully to the network
-@@ -13,16 +16,118 @@
+@@ -13,16 +16,120 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
  
@@ -5714,8 +5714,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te 
 +manage_files_pattern(qemu_t, qemu_cache_t, qemu_cache_t)
 +files_var_filetrans(qemu_t, qemu_cache_t, { file dir })
 +
++manage_dirs_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
 +manage_files_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
-+files_pid_filetrans(qemu_t, qemu_var_run_t, file)
++manage_lnk_files_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
++files_pid_filetrans(qemu_t, qemu_var_run_t, { file dir })
 +
 +kernel_read_system_state(qemutype)
 +
@@ -5781,7 +5783,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te 
  tunable_policy(`qemu_full_network',`
  	allow qemu_t self:udp_socket create_socket_perms;
  
-@@ -35,6 +140,38 @@
+@@ -35,6 +142,38 @@
  	corenet_tcp_connect_all_ports(qemu_t)
  ')
  
@@ -6654,8 +6656,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te se
 +wm_domain_template(user,xdm)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc	2009-02-10 15:07:15.000000000 +0100
-@@ -129,6 +129,9 @@
++++ serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc	2009-02-26 15:48:02.000000000 +0100
+@@ -123,12 +123,17 @@
+ 
+ /opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
+ 
++/opt/real/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
++
+ ifdef(`distro_gentoo',`
+ /opt/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
+ /opt/RealPlayer/postint(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
  ')
  
@@ -6665,7 +6675,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  #
  # /usr
  #
-@@ -176,6 +179,8 @@
+@@ -176,6 +181,8 @@
  /usr/lib(64)?/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
  
@@ -6674,7 +6684,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/lib(64)?/xen/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  
  /usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-@@ -184,10 +189,8 @@
+@@ -184,10 +191,8 @@
  /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
  
  /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
@@ -6687,7 +6697,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/local/linuxprinter/filters(/.*)?   gen_context(system_u:object_r:bin_t,s0)
  
  /usr/sbin/scponlyc		--	gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -202,6 +205,7 @@
+@@ -202,6 +207,7 @@
  /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hal/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/mc/extfs/.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -6695,7 +6705,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/share/printconf/util/print\.py --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
-@@ -222,14 +226,15 @@
+@@ -222,14 +228,15 @@
  /usr/lib64/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
  /usr/lib64/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
@@ -6713,7 +6723,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/share/fedora-usermgmt/wrapper --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hplip/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hwbrowser/hwbrowser --	gen_context(system_u:object_r:bin_t,s0)
-@@ -292,3 +297,14 @@
+@@ -292,3 +299,14 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -10806,7 +10816,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.13/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/apache.fc	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/apache.fc	2009-02-26 15:55:33.000000000 +0100
 @@ -1,16 +1,18 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
 +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -10854,7 +10864,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  /var/cache/mod_proxy(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
  /var/cache/mod_ssl(/.*)?		gen_context(system_u:object_r:httpd_cache_t,s0)
  /var/cache/php-eaccelerator(/.*)?	gen_context(system_u:object_r:httpd_cache_t,s0)
-@@ -47,11 +54,14 @@
+@@ -47,11 +54,16 @@
  
  /var/lib/cacti/rra(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /var/lib/dav(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
@@ -10863,13 +10873,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  /var/lib/httpd(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
  /var/lib/php/session(/.*)?		gen_context(system_u:object_r:httpd_var_run_t,s0)
 +
++/var/lib/rt3/data/RT-Shredder(/.*)?	gen_context(system_u:object_r:httpd_var_lib_t,s0)
++
  /var/lib/squirrelmail/prefs(/.*)?	gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
  
 +/var/www(/.*)?/logs(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
  /var/log/apache(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
  /var/log/apache-ssl(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
  /var/log/cacti(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
-@@ -64,11 +74,23 @@
+@@ -64,11 +76,23 @@
  /var/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
@@ -16367,7 +16379,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.5.13/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/dovecot.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/dovecot.te	2009-02-25 19:29:32.000000000 +0100
 @@ -15,12 +15,21 @@
  domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -16484,7 +16496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  files_read_usr_symlinks(dovecot_auth_t)
  files_search_tmp(dovecot_auth_t)
  files_read_var_lib_files(dovecot_t)
-@@ -185,5 +217,53 @@
+@@ -185,5 +217,55 @@
  ')
  
  optional_policy(`
@@ -16521,6 +16533,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 +files_read_etc_files(dovecot_deliver_t)
 +files_read_etc_runtime_files(dovecot_deliver_t)
++files_search_tmp(dovecot_deliver_t)
++fs_getattr_all_fs(dovecot_deliver_t)
 +
 +auth_use_nsswitch(dovecot_deliver_t)
 +
@@ -17582,6 +17596,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
  kernel_read_ring_buffer(kerneloops_t)
  
  # Init script handling
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.5.13/policy/modules/services/ktalk.te
+--- nsaserefpolicy/policy/modules/services/ktalk.te	2008-10-17 14:49:13.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/ktalk.te	2009-02-25 19:56:42.000000000 +0100
+@@ -69,6 +69,7 @@
+ files_read_etc_files(ktalkd_t)
+ 
+ term_search_ptys(ktalkd_t)
++term_use_all_terms(ktalkd_t)
+ 
+ auth_use_nsswitch(ktalkd_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.5.13/policy/modules/services/ldap.te
 --- nsaserefpolicy/policy/modules/services/ldap.te	2008-10-17 14:49:13.000000000 +0200
 +++ serefpolicy-3.5.13/policy/modules/services/ldap.te	2009-02-10 15:07:15.000000000 +0100
@@ -18623,7 +18648,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.5.13/policy/modules/services/mysql.if
 --- nsaserefpolicy/policy/modules/services/mysql.if	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/mysql.if	2009-02-10 17:48:59.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/mysql.if	2009-02-26 16:00:52.000000000 +0100
 @@ -53,9 +53,11 @@
  interface(`mysql_stream_connect',`
  	gen_require(`
@@ -18645,7 +18670,59 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  ')
  
  ########################################
-@@ -157,7 +159,26 @@
+@@ -120,6 +122,25 @@
+ 	allow $1 mysqld_db_t:dir rw_dir_perms;
+ ')
+ 
++#######################################
++## <summary>
++##      Read and write to the MySQL database directory.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`mysql_rw_db_files',`
++        gen_require(`
++                type mysqld_db_t;
++        ')
++
++        files_search_var_lib($1)
++	rw_files_pattern($1,mysqld_db_t,mysqld_db_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	Create, read, write, and delete MySQL database directories.
+@@ -139,6 +160,25 @@
+ 	allow $1 mysqld_db_t:dir manage_dir_perms;
+ ')
+ 
++#######################################
++## <summary>
++##      Create, read, write, and delete MySQL database files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`mysql_manage_db_files',`
++        gen_require(`
++                type mysqld_db_t;
++        ')
++
++        files_search_var_lib($1)
++        manage_files_pattern($1,mysqld_db_t,mysqld_db_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	Read and write to the MySQL database
+@@ -157,7 +197,26 @@
  
  	files_search_var_lib($1)
  	allow $1 mysqld_db_t:dir search;
@@ -18673,10 +18750,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  ')
  
  ########################################
-@@ -178,3 +199,47 @@
+@@ -176,5 +235,49 @@
+ 	')
+ 
  	logging_search_logs($1)
- 	allow $1 mysqld_log_t:file { write append setattr ioctl };
- ')
+-	allow $1 mysqld_log_t:file { write append setattr ioctl };
++	write_files_pattern($1,mysqld_log_t,mysqld_log_t)
++')
 +
 +########################################
 +## <summary>
@@ -18720,10 +18800,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +	admin_pattern($1, mysqld_log_t)
 +
 +	admin_pattern($1, mysqld_tmp_t)
-+')
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.5.13/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/mysql.te	2009-02-10 17:41:12.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/mysql.te	2009-02-26 15:37:23.000000000 +0100
 @@ -10,6 +10,10 @@
  type mysqld_exec_t;
  init_daemon_domain(mysqld_t, mysqld_exec_t)
@@ -18769,7 +18849,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  
  domain_use_interactive_fds(mysqld_t)
  
-@@ -120,3 +129,33 @@
+@@ -120,3 +129,40 @@
  optional_policy(`
  	udev_read_db(mysqld_t)
  ')
@@ -18783,15 +18863,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +
 +allow mysqld_safe_t self:capability { dac_override fowner chown };
 +allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
-+          
++ 
++append_files_pattern(mysqld_safe_t, mysqld_db_t, mysqld_db_t)
++         
 +mysql_read_config(mysqld_safe_t)
-+mysql_search_db(mysqld_safe_t)
 +mysql_search_pid_files(mysqld_safe_t)
 +mysql_write_log(mysqld_safe_t)
 +
 +kernel_read_system_state(mysqld_safe_t) 
-+      
++
++dev_list_sysfs(mysqld_safe_t)
++     
 +files_read_etc_files(mysqld_safe_t)
++files_read_usr_files(mysqld_safe_t)
 +
 +corecmd_exec_bin(mysqld_safe_t)
 +    
@@ -18799,10 +18883,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +libs_use_shared_libs(mysqld_safe_t)
 +
 +miscfiles_read_localization(mysqld_safe_t) 
-+    
++
++hostname_exec(mysqld_safe_t)
++   
 +permissive mysqld_safe_t; 
 +
 +
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.5.13/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2008-10-17 14:49:13.000000000 +0200
 +++ serefpolicy-3.5.13/policy/modules/services/nagios.fc	2009-02-10 15:07:15.000000000 +0100
@@ -25466,7 +25553,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.13/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/samba.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/samba.te	2009-02-26 15:44:58.000000000 +0100
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -25715,7 +25802,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  ########################################
  #
-@@ -452,6 +514,7 @@
+@@ -415,14 +477,11 @@
+ files_pid_filetrans(nmbd_t, nmbd_var_run_t, file)
+ 
+ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
++read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
+ 
+ manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t)
+ manage_files_pattern(nmbd_t, samba_log_t, samba_log_t)
+ 
+-read_files_pattern(nmbd_t, samba_log_t, samba_log_t)
+-create_files_pattern(nmbd_t, samba_log_t, samba_log_t)
+-allow nmbd_t samba_log_t:dir setattr;
+-
+ manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
+ 
+ allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
+@@ -452,6 +511,7 @@
  dev_getattr_mtrr_dev(nmbd_t)
  
  fs_getattr_all_fs(nmbd_t)
@@ -25723,7 +25826,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  fs_search_auto_mountpoints(nmbd_t)
  
  domain_use_interactive_fds(nmbd_t)
-@@ -536,6 +599,7 @@
+@@ -536,6 +596,7 @@
  storage_raw_write_fixed_disk(smbmount_t)
  
  term_list_ptys(smbmount_t)
@@ -25731,7 +25834,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  corecmd_list_bin(smbmount_t)
  
-@@ -547,32 +611,46 @@
+@@ -547,32 +608,46 @@
  
  auth_use_nsswitch(smbmount_t)
  
@@ -25784,7 +25887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  rw_files_pattern(swat_t, samba_etc_t, samba_etc_t)
  
-@@ -592,6 +670,9 @@
+@@ -592,6 +667,9 @@
  files_pid_filetrans(swat_t, swat_var_run_t, file)
  
  allow swat_t winbind_exec_t:file mmap_file_perms;
@@ -25794,7 +25897,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  kernel_read_kernel_sysctls(swat_t)
  kernel_read_system_state(swat_t)
-@@ -616,10 +697,12 @@
+@@ -616,10 +694,12 @@
  
  dev_read_urand(swat_t)
  
@@ -25807,7 +25910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  auth_domtrans_chk_passwd(swat_t)
  auth_use_nsswitch(swat_t)
-@@ -628,6 +711,7 @@
+@@ -628,6 +708,7 @@
  libs_use_shared_libs(swat_t)
  
  logging_send_syslog_msg(swat_t)
@@ -25815,7 +25918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  logging_search_logs(swat_t)
  
  miscfiles_read_localization(swat_t)
-@@ -645,15 +729,26 @@
+@@ -645,15 +726,26 @@
  	kerberos_use(swat_t)
  ')
  
@@ -25844,7 +25947,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow winbind_t self:fifo_file rw_fifo_file_perms;
  allow winbind_t self:unix_dgram_socket create_socket_perms;
  allow winbind_t self:unix_stream_socket create_stream_socket_perms;
-@@ -694,9 +789,10 @@
+@@ -694,9 +786,10 @@
  manage_sock_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
  files_pid_filetrans(winbind_t, winbind_var_run_t, file)
  
@@ -25857,7 +25960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  corenet_all_recvfrom_unlabeled(winbind_t)
  corenet_all_recvfrom_netlabel(winbind_t)
-@@ -720,10 +816,12 @@
+@@ -720,10 +813,12 @@
  
  auth_domtrans_chk_passwd(winbind_t)
  auth_use_nsswitch(winbind_t)
@@ -25870,7 +25973,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  libs_use_ld_so(winbind_t)
  libs_use_shared_libs(winbind_t)
-@@ -780,8 +878,13 @@
+@@ -780,8 +875,13 @@
  miscfiles_read_localization(winbind_helper_t) 
  
  optional_policy(`
@@ -25884,7 +25987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -790,6 +893,16 @@
+@@ -790,6 +890,16 @@
  #
  
  optional_policy(`
@@ -25901,7 +26004,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  	type samba_unconfined_script_t;
  	type samba_unconfined_script_exec_t;
  	domain_type(samba_unconfined_script_t)
-@@ -800,9 +913,46 @@
+@@ -800,9 +910,46 @@
  	allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
  	allow smbd_t samba_unconfined_script_exec_t:file ioctl;
  
@@ -28446,7 +28549,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.5.13/policy/modules/services/virt.if
 --- nsaserefpolicy/policy/modules/services/virt.if	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/virt.if	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/virt.if	2009-02-26 14:56:14.000000000 +0100
 @@ -18,6 +18,25 @@
  	domtrans_pattern($1, virtd_exec_t, virtd_t)
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2b8c9f3..7fce6fe 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 46%{?dist}
+Release: 47%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,11 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 26 2009 Miroslav Grepl <mgrepl@redhat.com> 3.5.13-47
+- Allow ktalkd to write to terminals
+- Fix qemu labeling
+- Fix mysqld_safe policy
+
 * Thu Feb 19 2009 Miroslav Grepl <mgrepl@redhat.com> 3.5.13-46
 - Fix squidGuard labeling
 - Allow ftpd to list inotifyfs