diff --git a/config.tgz b/config.tgz
index 5c3a843..e855e92 100644
Binary files a/config.tgz and b/config.tgz differ
diff --git a/policy-F16.patch b/policy-F16.patch
index 7f48ebb..9c512c7 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -68962,10 +68962,10 @@ index 00a19e3..17006fc 100644
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
-index f5afe78..9dc61ff 100644
+index f5afe78..dbf40ce 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
-@@ -1,44 +1,956 @@
+@@ -1,44 +1,957 @@
## GNU network object model environment (GNOME)
-############################################################
@@ -69216,6 +69216,7 @@ index f5afe78..9dc61ff 100644
+ allow $1 gnome_home_type:dir manage_dir_perms;
+ allow $1 gnome_home_type:file manage_file_perms;
+ allow $1 gnome_home_type:lnk_file manage_lnk_file_perms;
++ allow $1 gnome_home_type:sock_file manage_sock_file_perms;
+ userdom_search_user_home_dirs($1)
+')
+
@@ -69940,7 +69941,7 @@ index f5afe78..9dc61ff 100644
##
##
##
-@@ -46,37 +958,74 @@ interface(`gnome_role',`
+@@ -46,37 +959,74 @@ interface(`gnome_role',`
##
##
#
@@ -70026,7 +70027,7 @@ index f5afe78..9dc61ff 100644
##
##
##
-@@ -84,37 +1033,53 @@ template(`gnome_read_gconf_config',`
+@@ -84,37 +1034,53 @@ template(`gnome_read_gconf_config',`
##
##
#
@@ -70091,7 +70092,7 @@ index f5afe78..9dc61ff 100644
##
##
##
-@@ -122,17 +1087,80 @@ interface(`gnome_stream_connect_gconf',`
+@@ -122,17 +1088,80 @@ interface(`gnome_stream_connect_gconf',`
##
##
#
@@ -70176,7 +70177,7 @@ index f5afe78..9dc61ff 100644
##
##
##
-@@ -140,51 +1168,307 @@ interface(`gnome_domtrans_gconfd',`
+@@ -140,51 +1169,307 @@ interface(`gnome_domtrans_gconfd',`
##
##
#
@@ -91764,10 +91765,10 @@ index deca9d3..1aa76b0 100644
spamassassin_exec_client(amavis_t)
spamassassin_read_lib_files(amavis_t)
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
-index 9e39aa5..6def224 100644
+index 9e39aa5..5c1f951 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
-@@ -1,39 +1,55 @@
+@@ -1,41 +1,59 @@
HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html))/cgi-bin(/.+)? gen_context(system_u:object_r:httpd_user_script_exec_t,s0)
+HOME_DIR/((www)|(web)|(public_html))(/.*)?/\.htaccess -- gen_context(system_u:object_r:httpd_user_htaccess_t,s0)
@@ -91796,6 +91797,7 @@ index 9e39aa5..6def224 100644
+/usr/lib/systemd/system/httpd.* -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
+/usr/lib/systemd/system/jetty.* -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
++/usr/lib/systemd/system/php-fpm.* -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
+
+/usr/libexec/httpd-ssl-pass-dialog -- gen_context(system_u:object_r:httpd_passwd_exec_t,s0)
+
@@ -91830,8 +91832,11 @@ index 9e39aa5..6def224 100644
+/usr/sbin/httpd\.event -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/lighttpd -- gen_context(system_u:object_r:httpd_exec_t,s0)
++/usr/sbin/php-fpm -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/rotatelogs -- gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
-@@ -43,8 +59,9 @@ ifdef(`distro_suse', `
+ /usr/sbin/suexec -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
+
+@@ -43,8 +61,9 @@ ifdef(`distro_suse', `
/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0)
')
@@ -91843,7 +91848,7 @@ index 9e39aa5..6def224 100644
/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/icecast(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/mythweb(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
-@@ -54,9 +71,12 @@ ifdef(`distro_suse', `
+@@ -54,9 +73,12 @@ ifdef(`distro_suse', `
/usr/share/ntop/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -91856,7 +91861,7 @@ index 9e39aa5..6def224 100644
/var/cache/httpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/lighttpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
-@@ -73,39 +93,86 @@ ifdef(`distro_suse', `
+@@ -73,39 +95,87 @@ ifdef(`distro_suse', `
/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0)
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -91904,6 +91909,7 @@ index 9e39aa5..6def224 100644
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/mod_.* gen_context(system_u:object_r:httpd_var_run_t,s0)
++/var/run/php-fpm(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/wsgi.* -s gen_context(system_u:object_r:httpd_var_run_t,s0)
+/var/run/user/apache(/.*)? gen_context(system_u:object_r:httpd_tmp_t,s0)
@@ -103424,7 +103430,7 @@ index 0000000..284fbae
+ sysnet_domtrans_ifconfig(ctdbd_t)
+')
diff --git a/policy/modules/services/cups.fc b/policy/modules/services/cups.fc
-index 1b492ed..bd900e1 100644
+index 1b492ed..e91148b 100644
--- a/policy/modules/services/cups.fc
+++ b/policy/modules/services/cups.fc
@@ -19,7 +19,10 @@
@@ -103450,7 +103456,7 @@ index 1b492ed..bd900e1 100644
/usr/libexec/cups-pk-helper-mechanism -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
/usr/libexec/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-@@ -56,18 +56,29 @@
+@@ -56,18 +56,30 @@
/var/lib/cups/certs -d gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/lib/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -103480,6 +103486,7 @@ index 1b492ed..bd900e1 100644
+
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+
++/etc/opt/brother/Printers/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/opt/brother/Printers(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --git a/policy/modules/services/cups.if b/policy/modules/services/cups.if
index 305ddf4..d1b97fb 100644
@@ -110863,10 +110870,10 @@ index 0000000..ebe1dde
+')
diff --git a/policy/modules/services/glance.te b/policy/modules/services/glance.te
new file mode 100644
-index 0000000..40df3ea
+index 0000000..0e4df5d
--- /dev/null
+++ b/policy/modules/services/glance.te
-@@ -0,0 +1,118 @@
+@@ -0,0 +1,125 @@
+policy_module(glance, 1.0.0)
+
+########################################
@@ -110886,6 +110893,9 @@ index 0000000..40df3ea
+type glance_registry_tmp_t;
+files_tmp_file(glance_registry_tmp_t)
+
++type glance_registry_tmpfs_t;
++files_tmpfs_file(glance_registry_tmpfs_t)
++
+type glance_api_t, glance_domain;
+type glance_api_exec_t;
+init_daemon_domain(glance_api_t, glance_api_exec_t)
@@ -110952,6 +110962,10 @@ index 0000000..40df3ea
+manage_files_pattern(glance_registry_t, glance_registry_tmp_t, glance_registry_tmp_t)
+files_tmp_filetrans(glance_registry_t, glance_registry_tmp_t, { file dir })
+
++manage_dirs_pattern(glance_registry_t, glance_registry_tmpfs_t, glance_registry_tmpfs_t)
++manage_files_pattern(glance_registry_t, glance_registry_tmpfs_t, glance_registry_tmpfs_t)
++fs_tmpfs_filetrans(glance_registry_t, glance_registry_tmpfs_t,{ dir file })
++
+corenet_tcp_bind_generic_node(glance_registry_t)
+corenet_tcp_bind_glance_registry_port(glance_registry_t)
+corenet_tcp_connect_mysqld_port(glance_registry_t)
@@ -118709,7 +118723,7 @@ index c358d8f..7c097ec 100644
init_labeled_script_domtrans($1, munin_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
-index f17583b..5918ac4 100644
+index f17583b..c5ef1a3 100644
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@@ -5,6 +5,8 @@ policy_module(munin, 1.8.0)
@@ -118802,7 +118816,7 @@ index f17583b..5918ac4 100644
allow disk_munin_plugin_t self:tcp_socket create_stream_socket_perms;
rw_files_pattern(disk_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
-@@ -192,13 +204,13 @@ corenet_tcp_connect_hddtemp_port(disk_munin_plugin_t)
+@@ -192,13 +204,16 @@ corenet_tcp_connect_hddtemp_port(disk_munin_plugin_t)
files_read_etc_files(disk_munin_plugin_t)
files_read_etc_runtime_files(disk_munin_plugin_t)
@@ -118815,11 +118829,14 @@ index f17583b..5918ac4 100644
dev_read_urand(disk_munin_plugin_t)
-storage_getattr_fixed_disk_dev(disk_munin_plugin_t)
++fs_getattr_all_fs(disk_munin_plugin_t)
++fs_getattr_all_dirs(disk_munin_plugin_t)
++
+storage_raw_read_fixed_disk(disk_munin_plugin_t)
sysnet_read_config(disk_munin_plugin_t)
-@@ -221,30 +233,48 @@ rw_files_pattern(mail_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
+@@ -221,30 +236,48 @@ rw_files_pattern(mail_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
dev_read_urand(mail_munin_plugin_t)
@@ -118874,7 +118891,7 @@ index f17583b..5918ac4 100644
allow services_munin_plugin_t self:tcp_socket create_stream_socket_perms;
allow services_munin_plugin_t self:udp_socket create_socket_perms;
allow services_munin_plugin_t self:netlink_route_socket r_netlink_socket_perms;
-@@ -255,13 +285,10 @@ corenet_tcp_connect_http_port(services_munin_plugin_t)
+@@ -255,13 +288,10 @@ corenet_tcp_connect_http_port(services_munin_plugin_t)
dev_read_urand(services_munin_plugin_t)
dev_read_rand(services_munin_plugin_t)
@@ -118889,7 +118906,7 @@ index f17583b..5918ac4 100644
cups_stream_connect(services_munin_plugin_t)
')
-@@ -279,6 +306,10 @@ optional_policy(`
+@@ -279,6 +309,10 @@ optional_policy(`
')
optional_policy(`
@@ -118900,7 +118917,7 @@ index f17583b..5918ac4 100644
postgresql_stream_connect(services_munin_plugin_t)
')
-@@ -286,6 +317,10 @@ optional_policy(`
+@@ -286,6 +320,10 @@ optional_policy(`
snmp_read_snmp_var_lib_files(services_munin_plugin_t)
')
@@ -118911,7 +118928,7 @@ index f17583b..5918ac4 100644
##################################
#
# local policy for system plugins
-@@ -295,13 +330,12 @@ allow system_munin_plugin_t self:udp_socket create_socket_perms;
+@@ -295,13 +333,12 @@ allow system_munin_plugin_t self:udp_socket create_socket_perms;
rw_files_pattern(system_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
@@ -118928,7 +118945,7 @@ index f17583b..5918ac4 100644
dev_read_sysfs(system_munin_plugin_t)
dev_read_urand(system_munin_plugin_t)
-@@ -313,3 +347,43 @@ init_read_utmp(system_munin_plugin_t)
+@@ -313,3 +350,43 @@ init_read_utmp(system_munin_plugin_t)
sysnet_exec_ifconfig(system_munin_plugin_t)
term_getattr_unallocated_ttys(system_munin_plugin_t)
@@ -138390,16 +138407,19 @@ index 4b2230e..24a0520 100644
+
+miscfiles_read_localization(squid_cron_t)
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
-index 078bcd7..bb2a084 100644
+index 078bcd7..191153f 100644
--- a/policy/modules/services/ssh.fc
+++ b/policy/modules/services/ssh.fc
-@@ -1,9 +1,19 @@
+@@ -1,9 +1,22 @@
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
+
+/var/lib/amanda/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/var/lib/gitolite/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/var/lib/nocpulse/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
++/var/lib/stickshift/[^/]+/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
++/var/lib/openshift/[^/]+/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
++/var/lib/pgsql/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+
+/etc/rc\.d/init\.d/sshd -- gen_context(system_u:object_r:sshd_initrc_exec_t,s0)
@@ -138413,7 +138433,7 @@ index 078bcd7..bb2a084 100644
/usr/bin/ssh -- gen_context(system_u:object_r:ssh_exec_t,s0)
/usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0)
-@@ -14,3 +24,10 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+@@ -14,3 +27,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
@@ -138421,9 +138441,6 @@ index 078bcd7..bb2a084 100644
+
+/root/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/root/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
-+
-+/var/lib/stickshift/[^/]+/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
-+/var/lib/openshift/[^/]+/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 22adaca..c595c7d 100644
--- a/policy/modules/services/ssh.if
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2e1ab1f..bfcae13 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 164%{?dist}
+Release: 165%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -479,6 +479,11 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Dec 17 2012 Miroslav Grepl 3.10.0-165
+- Add php-fpm support
+- Allow munin disk plugins to get attributes of all directories
+- Fix gnome_manage_config() to allow to manage sock_file
+
* Fri Dec 14 2012 Miroslav Grepl 3.10.0-164
- Add labeling for /var/www/openshift/{broker,console}
- Allow openshift_initrc domain to dbus chat with systemd_logind
diff --git a/sources b/sources
index c7a99c0..309afff 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
4fdbfc8caff5bccdb27a3d08bf8e384a serefpolicy-3.10.0.tgz
-0c2b63cca976e70491dfde2080d16cbd config.tgz
+4dd8645e8b93a71e5d6c216bd400055e config.tgz