diff --git a/policy-20071130.patch b/policy-20071130.patch
index 60f8e8e..1edc290 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -2862,7 +2862,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.3.1/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/su.if	2008-07-15 14:02:51.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/su.if	2008-08-12 12:08:28.000000000 -0400
 @@ -41,15 +41,13 @@
  
  	allow $2 $1_su_t:process signal;
@@ -2881,7 +2881,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  	domtrans_pattern($2, su_exec_t, $1_su_t)
  
  	# By default, revert to the calling domain when a shell is executed.
-@@ -89,6 +87,7 @@
+@@ -89,28 +87,16 @@
  	libs_use_ld_so($1_su_t)
  	libs_use_shared_libs($1_su_t)
  
@@ -2889,18 +2889,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  	logging_send_syslog_msg($1_su_t)
  
  	miscfiles_read_localization($1_su_t)
-@@ -112,6 +111,10 @@
- 		userdom_spec_domtrans_unpriv_users($1_su_t)
- 	')
  
+-	ifdef(`distro_rhel4',`
+-		domain_role_change_exemption($1_su_t)
+-		domain_subj_id_change_exemption($1_su_t)
+-		domain_obj_id_change_exemption($1_su_t)
+-
+-		selinux_get_fs_mount($1_su_t)
+-		selinux_validate_context($1_su_t)
+-		selinux_compute_access_vector($1_su_t)
+-		selinux_compute_create_context($1_su_t)
+-		selinux_compute_relabel_context($1_su_t)
+-		selinux_compute_user_contexts($1_su_t)
+-
+-		seutil_read_config($1_su_t)
+-		seutil_read_default_contexts($1_su_t)
++	auth_login_pgm_domain($1_su_t)
+ 
+-		# Only allow transitions to unprivileged user domains.
+-		userdom_spec_domtrans_unpriv_users($1_su_t)
+-	')
 +	# Deal with unconfined_terminals.
 +	term_use_all_user_ttys($1_su_t)
 +	term_use_all_user_ptys($1_su_t)
-+
+ 
  	optional_policy(`
  		cron_read_pipes($1_su_t)
- 	')
-@@ -119,11 +122,6 @@
+@@ -119,11 +105,6 @@
  	optional_policy(`
  		kerberos_use($1_su_t)
  	')
@@ -2912,7 +2927,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  ')
  
  #######################################
-@@ -172,14 +170,14 @@
+@@ -172,14 +153,14 @@
  	domain_interactive_fd($1_su_t)
  	role $3 types $1_su_t;
  
@@ -2931,7 +2946,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  
  	# Transition from the user domain to this domain.
  	domtrans_pattern($2, su_exec_t, $1_su_t)
-@@ -188,7 +186,7 @@
+@@ -188,7 +169,7 @@
  	corecmd_shell_domtrans($1_su_t,$2)
  	allow $2 $1_su_t:fd use;
  	allow $2 $1_su_t:fifo_file rw_file_perms;
@@ -2940,7 +2955,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  
  	kernel_read_system_state($1_su_t)
  	kernel_read_kernel_sysctls($1_su_t)
-@@ -203,15 +201,15 @@
+@@ -203,15 +184,15 @@
  	# needed for pam_rootok
  	selinux_compute_access_vector($1_su_t)
  
@@ -2959,7 +2974,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  	files_read_etc_files($1_su_t)
  	files_read_etc_runtime_files($1_su_t)
  	files_search_var_lib($1_su_t)
-@@ -226,12 +224,14 @@
+@@ -226,12 +207,14 @@
  	libs_use_ld_so($1_su_t)
  	libs_use_shared_libs($1_su_t)
  
@@ -2975,7 +2990,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  
  	ifdef(`distro_rhel4',`
  		domain_role_change_exemption($1_su_t)
-@@ -295,13 +295,7 @@
+@@ -295,13 +278,7 @@
  		xserver_domtrans_user_xauth($1, $1_su_t)
  	')
  
@@ -9606,7 +9621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +/etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if	2008-07-15 14:02:51.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.if	2008-08-11 15:42:35.000000000 -0400
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -12239,7 +12254,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.3.1/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2008-08-06 09:31:30.000000000 -0400
 @@ -13,7 +13,7 @@
  
  # configuration files
@@ -12290,7 +12305,36 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
  ########################################
  #
  # Freshclam local policy
-@@ -233,3 +246,7 @@
+@@ -197,7 +210,7 @@
+ allow clamscan_t self:fifo_file rw_file_perms;
+ allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
+ allow clamscan_t self:unix_dgram_socket create_socket_perms;
+-allow clamscan_t self:tcp_socket { listen accept };
++allow clamscan_t self:tcp_socket create_stream_socket_perms;
+ 
+ # configuration files
+ allow clamscan_t clamd_etc_t:dir list_dir_perms;
+@@ -213,6 +226,14 @@
+ manage_files_pattern(clamscan_t,clamd_var_lib_t,clamd_var_lib_t)
+ allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
+ 
++corenet_all_recvfrom_unlabeled(clamscan_t)
++corenet_all_recvfrom_netlabel(clamscan_t)
++corenet_tcp_sendrecv_all_if(clamscan_t)
++corenet_tcp_sendrecv_all_nodes(clamscan_t)
++corenet_tcp_sendrecv_all_ports(clamscan_t)
++corenet_tcp_sendrecv_clamd_port(clamscan_t)
++corenet_tcp_connect_clamd_port(clamscan_t)
++
+ kernel_read_kernel_sysctls(clamscan_t)
+ 
+ files_read_etc_files(clamscan_t)
+@@ -230,6 +251,12 @@
+ 
+ clamav_stream_connect(clamscan_t)
+ 
++mta_send_mail(clamscan_t)
++
  optional_policy(`
  	apache_read_sys_content(clamscan_t)
  ')
@@ -15529,7 +15573,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.3.1/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2008-07-30 16:18:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2008-08-08 10:11:54.000000000 -0400
 @@ -15,6 +15,15 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -15579,7 +15623,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  
  init_getattr_utmp(dovecot_t)
  
-@@ -139,25 +153,38 @@
+@@ -139,25 +153,39 @@
  # dovecot auth local policy
  #
  
@@ -15609,6 +15653,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +files_read_var_symlinks(dovecot_t)
  
  allow dovecot_auth_t dovecot_var_run_t:dir list_dir_perms;
++manage_sock_files_pattern(dovecot_auth_t, dovecot_var_run_t, dovecot_var_run_t)
 +dovecot_auth_stream_connect(dovecot_auth_t)
  
  kernel_read_all_sysctls(dovecot_auth_t)
@@ -15620,7 +15665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  dev_read_urand(dovecot_auth_t)
  
  auth_domtrans_chk_passwd(dovecot_auth_t)
-@@ -166,6 +193,7 @@
+@@ -166,6 +194,7 @@
  files_read_etc_files(dovecot_auth_t)
  files_read_etc_runtime_files(dovecot_auth_t)
  files_search_pids(dovecot_auth_t)
@@ -15628,7 +15673,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  files_read_usr_symlinks(dovecot_auth_t)
  files_search_tmp(dovecot_auth_t)
  files_read_var_lib_files(dovecot_t)
-@@ -184,5 +212,53 @@
+@@ -184,5 +213,53 @@
  ')
  
  optional_policy(`
@@ -15715,7 +15760,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.3.1/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/exim.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/exim.te	2008-08-08 10:12:38.000000000 -0400
 @@ -21,9 +21,20 @@
  ## </desc>
  gen_tunable(exim_manage_user_files,false)
@@ -15820,7 +15865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
  
  tunable_policy(`exim_read_user_files',`
  	userdom_read_unpriv_users_home_content_files(exim_t)
-@@ -111,3 +144,76 @@
+@@ -111,3 +144,80 @@
  	userdom_read_unpriv_users_tmp_files(exim_t)
  	userdom_write_unpriv_users_tmp_files(exim_t)
  ')
@@ -15837,6 +15882,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 +')
 +
 +optional_policy(`
++	dovecot_auth_stream_connect(exim_t)
++')
++
++optional_policy(`
 +	tunable_policy(`exim_can_connect_db',`
 +		mysql_stream_connect(exim_t)
 +	')
@@ -16263,7 +16312,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.3.1/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2008-08-11 14:50:00.000000000 -0400
 @@ -75,6 +75,9 @@
  type xferlog_t;
  logging_log_file(xferlog_t)
@@ -16327,6 +16376,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ')
  
  optional_policy(`
+@@ -265,6 +279,14 @@
+ ')
+ 
+ optional_policy(`
++	dbus_system_bus_client_template(notused, ftpd_t)
++	optional_policy(`
++		oddjob_dbus_chat(ftpd_t)
++		oddjob_domtrans_mkhomedir(ftpd_t)
++	')
++')
++
++optional_policy(`
+ 	seutil_sigchld_newrole(ftpd_t)
+ ')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.fc serefpolicy-3.3.1/policy/modules/services/gamin.fc
 --- nsaserefpolicy/policy/modules/services/gamin.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/gamin.fc	2008-07-15 14:02:52.000000000 -0400
@@ -16660,7 +16724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.3.1/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/hal.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/hal.te	2008-08-12 11:59:06.000000000 -0400
 @@ -49,6 +49,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -16762,7 +16826,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	rpc_search_nfs_state_data(hald_t)
  ')
  
-@@ -291,7 +315,8 @@
+@@ -282,16 +306,25 @@
+ ')
+ 
+ optional_policy(`
++	unconfined_domain(hald_t)
++')
++
++optional_policy(`
+ 	vbetool_domtrans(hald_t)
+ ')
+ 
++optional_policy(`
++	virt_manage_image(hald_t)
++')
++
+ ########################################
+ #
+ # Hal acl local policy
  #
  
  allow hald_acl_t self:capability { dac_override fowner };
@@ -16772,7 +16853,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
  allow hald_t hald_acl_t:process signal;
-@@ -301,9 +326,14 @@
+@@ -301,9 +334,14 @@
  manage_files_pattern(hald_acl_t,hald_var_lib_t,hald_var_lib_t)
  files_search_var_lib(hald_acl_t)
  
@@ -16787,7 +16868,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  dev_getattr_generic_usb_dev(hald_acl_t)
  dev_getattr_video_dev(hald_acl_t)
  dev_setattr_video_dev(hald_acl_t)
-@@ -323,13 +353,22 @@
+@@ -323,13 +361,22 @@
  libs_use_ld_so(hald_acl_t)
  libs_use_shared_libs(hald_acl_t)
  
@@ -16810,7 +16891,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
  allow hald_t hald_mac_t:process signal;
  allow hald_mac_t hald_t:unix_stream_socket connectto;
-@@ -338,9 +377,16 @@
+@@ -338,9 +385,16 @@
  manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
  files_search_var_lib(hald_mac_t)
  
@@ -16827,7 +16908,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  libs_use_ld_so(hald_mac_t)
  libs_use_shared_libs(hald_mac_t)
-@@ -391,3 +437,8 @@
+@@ -391,3 +445,8 @@
  libs_use_shared_libs(hald_keymap_t)
  
  miscfiles_read_localization(hald_keymap_t)
@@ -17983,7 +18064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.3.1/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mailman.te	2008-08-11 10:57:59.000000000 -0400
 @@ -53,10 +53,9 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -18003,7 +18084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
 +allow mailman_mail_t initrc_t:process signal;
 +allow mailman_mail_t self:process signal;
-+allow mailman_mail_t self:capability { setuid setgid sys_tty_config };
++allow mailman_mail_t self:capability { kill dac_override setuid setgid sys_tty_config };
 +
 +files_search_spool(mailman_mail_t)
 +fs_rw_anon_inodefs_files(mailman_mail_t)
@@ -19162,7 +19243,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-08-11 15:43:37.000000000 -0400
 @@ -13,6 +13,13 @@
  type NetworkManager_var_run_t;
  files_pid_file(NetworkManager_var_run_t)
@@ -19270,10 +19351,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -155,19 +177,20 @@
+@@ -155,19 +177,21 @@
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
++	ppp_signull(NetworkManager_t)
 +	ppp_read_config(NetworkManager_t)
  ')
  
@@ -20433,8 +20515,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2008-07-15 14:02:52.000000000 -0400
-@@ -0,0 +1,208 @@
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2008-08-12 08:59:37.000000000 -0400
+@@ -0,0 +1,212 @@
 +
 +## <summary>policy for polkit_auth</summary>
 +
@@ -20534,6 +20616,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +	')
 +
 +	domtrans_pattern($1,polkit_resolve_exec_t,polkit_resolve_t)
++
++	allow polkit_resolve_t $1:dir list_dir_perms;
++	read_files_pattern(polkit_resolve_t, $1, $1)
++	read_lnk_files_pattern(polkit_resolve_t, $1, $1)
 +')
 +
 +########################################
@@ -21591,8 +21677,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
 +/etc/rc.d/init.d/ppp	--	gen_context(system_u:object_r:pppd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.3.1/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.if	2008-07-15 14:02:52.000000000 -0400
-@@ -297,38 +297,42 @@
++++ serefpolicy-3.3.1/policy/modules/services/ppp.if	2008-08-11 15:44:31.000000000 -0400
+@@ -95,6 +95,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Send a generic signull to PPP.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`ppp_signull',`
++	gen_require(`
++		type pppd_t;
++	')
++
++	allow $1 pppd_t:process signull;
++')
++
++########################################
++## <summary>
+ ##	 Conditionally execute ppp daemon on behalf of a user or staff type.
+ ## </summary>
+ ## <param name="domain">
+@@ -297,38 +315,42 @@
  		type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
  		type pppd_etc_t, pppd_script_t, pppd_secret_t;
  		type pppd_etc_rw_t, pppd_var_lib_t, pppd_var_run_t;
@@ -21614,22 +21725,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  	logging_list_logs($1)
 -	manage_files_pattern($1, pppd_log_t, pppd_log_t)
 +        manage_all_pattern($1,pppd_log_t)
-+
-+        manage_all_pattern($1,pptp_log_t)
  
 -	manage_files_pattern($1, pppd_lock_t, pppd_lock_t)
++        manage_all_pattern($1,pptp_log_t)
++
 +        manage_all_pattern($1,pppd_lock_t)
  
  	files_list_etc($1)
 -	manage_files_pattern($1, pppd_etc_t, pppd_etc_t)
 +	manage_all_pattern($1,pppd_etc_t)
++
++	manage_all_pattern($1,pppd_etc_rw_t)
  
 -	manage_files_pattern($1, pppd_etc_rw_t, pppd_etc_rw_t)
-+	manage_all_pattern($1,pppd_etc_rw_t)
++	manage_all_pattern($1,pppd_secret_t)
  
 -	manage_files_pattern($1, pppd_secret_t, pppd_secret_t)
-+	manage_all_pattern($1,pppd_secret_t)
-+
 +	manage_all_pattern($1,pppd_script_exec_t)
  
  	files_list_var_lib($1)
@@ -21651,7 +21762,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.3.1/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.te	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/ppp.te	2008-08-11 16:48:05.000000000 -0400
+@@ -71,7 +71,7 @@
+ # PPPD Local policy
+ #
+ 
+-allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
++allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
+ dontaudit pppd_t self:capability sys_tty_config;
+ allow pppd_t self:process signal;
+ allow pppd_t self:fifo_file rw_fifo_file_perms;
 @@ -196,6 +196,12 @@
  
  optional_policy(`
@@ -24659,7 +24779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2008-07-25 07:32:08.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2008-08-12 10:20:06.000000000 -0400
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -24718,7 +24838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  
  auth_use_nsswitch(sendmail_t)
  
-@@ -91,26 +101,42 @@
+@@ -91,33 +101,50 @@
  libs_read_lib_files(sendmail_t)
  
  logging_send_syslog_msg(sendmail_t)
@@ -24750,6 +24870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  ')
  
  optional_policy(`
+-	postfix_exec_master(sendmail_t)
 +	cyrus_stream_connect(sendmail_t)
 +	clamav_stream_connect(sendmail_t)
 +')
@@ -24759,10 +24880,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 +
 +optional_policy(`
- 	postfix_exec_master(sendmail_t)
++	postfix_domtrans_master(sendmail_t)
  	postfix_read_config(sendmail_t)
  	postfix_search_spool(sendmail_t)
-@@ -118,6 +144,7 @@
+ ')
  
  optional_policy(`
  	procmail_domtrans(sendmail_t)
@@ -26773,7 +26894,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  /etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.3.1/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.if	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/ssh.if	2008-08-12 12:21:39.000000000 -0400
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -26942,6 +27063,29 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  	')
  
  	optional_policy(`
+@@ -710,3 +739,22 @@
+ 
+ 	dontaudit $1 sshd_key_t:file { getattr read };
+ ')
++
++#######################################
++## <summary>
++##	Delete from the ssh temp files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`ssh_delete_tmp',`
++	gen_require(`
++		type ssh_tmp_t;
++	')
++
++	files_search_tmp($1)
++	delete_files_pattern($1, ssh_tmp_t, ssh_tmp_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.3.1/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2008-06-12 23:38:02.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/services/ssh.te	2008-07-15 14:02:52.000000000 -0400
@@ -27004,6 +27148,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  	unconfined_shell_domtrans(sshd_t)
  ')
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.3.1/policy/modules/services/stunnel.fc
+--- nsaserefpolicy/policy/modules/services/stunnel.fc	2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.fc	2008-08-07 12:46:15.000000000 -0400
+@@ -2,5 +2,6 @@
+ /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
+ 
+ /usr/sbin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
++/usr/bin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
+ 
+ /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.3.1/policy/modules/services/stunnel.if
 --- nsaserefpolicy/policy/modules/services/stunnel.if	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/services/stunnel.if	2008-07-15 14:02:52.000000000 -0400
@@ -33975,7 +34129,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2008-07-24 08:14:38.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2008-08-12 11:25:15.000000000 -0400
 @@ -20,6 +20,10 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -34104,7 +34258,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  
  # Create UDP sockets, necessary when called from dhcpc
  allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -268,7 +290,10 @@
+@@ -262,13 +284,20 @@
+ allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
+ allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
+ allow ifconfig_t self:tcp_socket { create ioctl };
++
++read_files_pattern(ifconfig_t,dhcpc_state_t,dhcpc_state_t)
++
++
+ files_read_etc_files(ifconfig_t);
+ 
+ kernel_use_fds(ifconfig_t)
  kernel_read_system_state(ifconfig_t)
  kernel_read_network_state(ifconfig_t)
  kernel_search_network_sysctl(ifconfig_t)
@@ -34115,7 +34279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  
  corenet_rw_tun_tap_dev(ifconfig_t)
  
-@@ -279,8 +304,11 @@
+@@ -279,8 +308,11 @@
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
  
@@ -34127,7 +34291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  
  domain_use_interactive_fds(ifconfig_t)
  
-@@ -303,12 +331,16 @@
+@@ -303,12 +335,16 @@
  
  userdom_use_all_users_fds(ifconfig_t)
  
@@ -34145,7 +34309,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ifdef(`hide_broken_symptoms',`
  	optional_policy(`
  		dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -332,6 +364,14 @@
+@@ -332,6 +368,14 @@
  ')
  
  optional_policy(`
@@ -35009,7 +35173,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-07-30 10:07:48.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-08-12 12:21:18.000000000 -0400
 @@ -29,9 +29,14 @@
  	')
  
@@ -35157,18 +35321,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	tunable_policy(`allow_execmem',`
  		# Allow loading DSOs that require executable stack.
-@@ -115,6 +136,10 @@
+@@ -115,6 +136,11 @@
  		# Allow making the stack executable via mprotect.
  		allow $1_t self:process execstack;
  	')
 +
 +	optional_policy(`
 +		ssh_rw_stream_sockets($1_usertype)
++		ssh_delete_tmp($1_t)
 +	')
  ')
  
  #######################################
-@@ -141,33 +166,13 @@
+@@ -141,33 +167,13 @@
  #
  template(`userdom_ro_home_template',`
  	gen_require(`
@@ -35207,7 +35372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	##############################
  	#
-@@ -175,13 +180,14 @@
+@@ -175,13 +181,14 @@
  	#
  
  	# read-only home directory
@@ -35229,7 +35394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_list_home($1_t)
  
  	tunable_policy(`use_nfs_home_dirs',`
-@@ -190,9 +196,6 @@
+@@ -190,9 +197,6 @@
  		fs_read_nfs_symlinks($1_t)
  		fs_read_nfs_named_sockets($1_t)
  		fs_read_nfs_named_pipes($1_t)
@@ -35239,7 +35404,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	tunable_policy(`use_samba_home_dirs',`
-@@ -201,9 +204,6 @@
+@@ -201,9 +205,6 @@
  		fs_read_cifs_symlinks($1_t)
  		fs_read_cifs_named_sockets($1_t)
  		fs_read_cifs_named_pipes($1_t)
@@ -35249,7 +35414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -231,30 +231,14 @@
+@@ -231,30 +232,14 @@
  #
  template(`userdom_manage_home_template',`
  	gen_require(`
@@ -35286,7 +35451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	##############################
  	#
-@@ -262,43 +246,44 @@
+@@ -262,43 +247,44 @@
  	#
  
  	# full control of the home directory
@@ -35361,7 +35526,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -316,14 +301,20 @@
+@@ -316,14 +302,20 @@
  ## <rolebase/>
  #
  template(`userdom_exec_home_template',`
@@ -35387,7 +35552,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -341,11 +332,10 @@
+@@ -341,11 +333,10 @@
  ## <rolebase/>
  #
  template(`userdom_poly_home_template',`
@@ -35403,7 +35568,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -369,18 +359,18 @@
+@@ -369,18 +360,18 @@
  #
  template(`userdom_manage_tmp_template',`
  	gen_require(`
@@ -35432,7 +35597,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -396,7 +386,13 @@
+@@ -396,7 +387,13 @@
  ## <rolebase/>
  #
  template(`userdom_exec_tmp_template',`
@@ -35447,7 +35612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -445,12 +441,12 @@
+@@ -445,12 +442,12 @@
  	type $1_tmpfs_t, $1_file_type;
  	files_tmpfs_file($1_tmpfs_t)
  
@@ -35466,7 +35631,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -510,10 +506,6 @@
+@@ -510,10 +507,6 @@
  ## <rolebase/>
  #
  template(`userdom_exec_generic_pgms_template',`
@@ -35477,7 +35642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	corecmd_exec_bin($1_t)
  ')
  
-@@ -531,27 +523,20 @@
+@@ -531,27 +524,20 @@
  ## <rolebase/>
  #
  template(`userdom_basic_networking_template',`
@@ -35517,7 +35682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -568,30 +553,33 @@
+@@ -568,30 +554,33 @@
  #
  template(`userdom_xwindows_client_template',`
  	gen_require(`
@@ -35567,7 +35732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -622,13 +610,7 @@
+@@ -622,13 +611,7 @@
  ## <summary>
  ##	The template for allowing the user to change roles.
  ## </summary>
@@ -35582,7 +35747,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	<summary>
  ##	The prefix of the user domain (e.g., user
  ##	is the prefix for user_t).
-@@ -692,187 +674,201 @@
+@@ -692,187 +675,201 @@
  	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
  	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
  
@@ -35868,7 +36033,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -895,6 +891,8 @@
+@@ -895,6 +892,8 @@
  ## </param>
  #
  template(`userdom_login_user_template', `
@@ -35877,7 +36042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_base_user_template($1)
  
  	userdom_manage_home_template($1)
-@@ -923,70 +921,72 @@
+@@ -923,70 +922,72 @@
  
  	allow $1_t self:context contains;
  
@@ -35983,7 +36148,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1020,9 +1020,6 @@
+@@ -1020,9 +1021,6 @@
  	domain_interactive_fd($1_t)
  
  	typeattribute $1_devpts_t user_ptynode;
@@ -35993,7 +36158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	typeattribute $1_tty_device_t user_ttynode;
  
  	##############################
-@@ -1031,16 +1028,29 @@
+@@ -1031,16 +1029,29 @@
  	#
  
  	# privileged home directory writers
@@ -36030,7 +36195,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -1068,6 +1078,13 @@
+@@ -1068,6 +1079,13 @@
  
  	userdom_restricted_user_template($1)
  
@@ -36044,7 +36209,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	userdom_xwindows_client_template($1)
  
  	##############################
-@@ -1076,14 +1093,16 @@
+@@ -1076,14 +1094,16 @@
  	#
  
  	authlogin_per_role_template($1, $1_t, $1_r)
@@ -36066,7 +36231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	logging_dontaudit_send_audit_msgs($1_t)
  
  	# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1091,32 +1110,29 @@
+@@ -1091,32 +1111,29 @@
  	selinux_get_enforce_mode($1_t)
  
  	optional_policy(`
@@ -36110,7 +36275,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1127,10 +1143,10 @@
+@@ -1127,10 +1144,10 @@
  ## </summary>
  ## <desc>
  ##	<p>
@@ -36125,7 +36290,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	This template creates a user domain, types, and
  ##	rules for the user's tty, pty, home directories,
  ##	tmp, and tmpfs files.
-@@ -1164,7 +1180,6 @@
+@@ -1164,7 +1181,6 @@
  	# Need the following rule to allow users to run vpnc
  	corenet_tcp_bind_xserver_port($1_t)
  
@@ -36133,7 +36298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	# cjp: why?
  	files_read_kernel_symbol_table($1_t)
  
-@@ -1182,32 +1197,45 @@
+@@ -1182,32 +1198,45 @@
  		')
  	')
  
@@ -36191,7 +36356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  ')
  
-@@ -1284,8 +1312,6 @@
+@@ -1284,8 +1313,6 @@
  	# Manipulate other users crontab.
  	allow $1_t self:passwd crontab;
  
@@ -36200,7 +36365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
  	kernel_getattr_message_if($1_t)
-@@ -1307,8 +1333,6 @@
+@@ -1307,8 +1334,6 @@
  
  	dev_getattr_generic_blk_files($1_t)
  	dev_getattr_generic_chr_files($1_t)
@@ -36209,7 +36374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	# Allow MAKEDEV to work
  	dev_create_all_blk_files($1_t)
  	dev_create_all_chr_files($1_t)
-@@ -1363,13 +1387,6 @@
+@@ -1363,13 +1388,6 @@
  	# But presently necessary for installing the file_contexts file.
  	seutil_manage_bin_policy($1_t)
  
@@ -36223,7 +36388,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	optional_policy(`
  		userhelper_exec($1_t)
  	')
-@@ -1422,6 +1439,7 @@
+@@ -1422,6 +1440,7 @@
  	dev_relabel_all_dev_nodes($1)
  
  	files_create_boot_flag($1)
@@ -36231,7 +36396,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	# Necessary for managing /boot/efi
  	fs_manage_dos_files($1)
-@@ -1787,10 +1805,14 @@
+@@ -1787,10 +1806,14 @@
  template(`userdom_user_home_content',`
  	gen_require(`
  		attribute $1_file_type;
@@ -36247,7 +36412,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1886,11 +1908,11 @@
+@@ -1886,11 +1909,11 @@
  #
  template(`userdom_search_user_home_dirs',`
  	gen_require(`
@@ -36261,7 +36426,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1920,11 +1942,11 @@
+@@ -1920,11 +1943,11 @@
  #
  template(`userdom_list_user_home_dirs',`
  	gen_require(`
@@ -36275,7 +36440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1968,12 +1990,12 @@
+@@ -1968,12 +1991,12 @@
  #
  template(`userdom_user_home_domtrans',`
  	gen_require(`
@@ -36291,7 +36456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2003,10 +2025,11 @@
+@@ -2003,10 +2026,11 @@
  #
  template(`userdom_dontaudit_list_user_home_dirs',`
  	gen_require(`
@@ -36305,7 +36470,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2038,11 +2061,48 @@
+@@ -2038,11 +2062,48 @@
  #
  template(`userdom_manage_user_home_content_dirs',`
  	gen_require(`
@@ -36356,7 +36521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2074,10 +2134,10 @@
+@@ -2074,10 +2135,10 @@
  #
  template(`userdom_dontaudit_setattr_user_home_content_files',`
  	gen_require(`
@@ -36369,7 +36534,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2107,11 +2167,11 @@
+@@ -2107,11 +2168,11 @@
  #
  template(`userdom_read_user_home_content_files',`
  	gen_require(`
@@ -36383,7 +36548,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2141,11 +2201,11 @@
+@@ -2141,11 +2202,11 @@
  #
  template(`userdom_dontaudit_read_user_home_content_files',`
  	gen_require(`
@@ -36398,7 +36563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2175,10 +2235,14 @@
+@@ -2175,10 +2236,14 @@
  #
  template(`userdom_dontaudit_write_user_home_content_files',`
  	gen_require(`
@@ -36415,7 +36580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2208,11 +2272,11 @@
+@@ -2208,11 +2273,11 @@
  #
  template(`userdom_read_user_home_content_symlinks',`
  	gen_require(`
@@ -36429,7 +36594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2242,11 +2306,11 @@
+@@ -2242,11 +2307,11 @@
  #
  template(`userdom_exec_user_home_content_files',`
  	gen_require(`
@@ -36443,7 +36608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2276,10 +2340,10 @@
+@@ -2276,10 +2341,10 @@
  #
  template(`userdom_dontaudit_exec_user_home_content_files',`
  	gen_require(`
@@ -36456,7 +36621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2311,12 +2375,12 @@
+@@ -2311,12 +2376,12 @@
  #
  template(`userdom_manage_user_home_content_files',`
  	gen_require(`
@@ -36472,7 +36637,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2348,10 +2412,10 @@
+@@ -2348,10 +2413,10 @@
  #
  template(`userdom_dontaudit_manage_user_home_content_dirs',`
  	gen_require(`
@@ -36485,7 +36650,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2383,12 +2447,12 @@
+@@ -2383,12 +2448,12 @@
  #
  template(`userdom_manage_user_home_content_symlinks',`
  	gen_require(`
@@ -36501,7 +36666,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2420,12 +2484,12 @@
+@@ -2420,12 +2485,12 @@
  #
  template(`userdom_manage_user_home_content_pipes',`
  	gen_require(`
@@ -36517,7 +36682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2457,12 +2521,12 @@
+@@ -2457,12 +2522,12 @@
  #
  template(`userdom_manage_user_home_content_sockets',`
  	gen_require(`
@@ -36533,7 +36698,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2507,11 +2571,11 @@
+@@ -2507,11 +2572,11 @@
  #
  template(`userdom_user_home_dir_filetrans',`
  	gen_require(`
@@ -36547,7 +36712,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2556,11 +2620,11 @@
+@@ -2556,11 +2621,11 @@
  #
  template(`userdom_user_home_content_filetrans',`
  	gen_require(`
@@ -36561,7 +36726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2600,11 +2664,11 @@
+@@ -2600,11 +2665,11 @@
  #
  template(`userdom_user_home_dir_filetrans_user_home_content',`
  	gen_require(`
@@ -36575,7 +36740,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2634,11 +2698,11 @@
+@@ -2634,11 +2699,11 @@
  #
  template(`userdom_write_user_tmp_sockets',`
  	gen_require(`
@@ -36589,7 +36754,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2668,11 +2732,11 @@
+@@ -2668,11 +2733,11 @@
  #
  template(`userdom_list_user_tmp',`
  	gen_require(`
@@ -36603,7 +36768,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2704,10 +2768,10 @@
+@@ -2704,10 +2769,10 @@
  #
  template(`userdom_dontaudit_list_user_tmp',`
  	gen_require(`
@@ -36616,7 +36781,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2739,10 +2803,10 @@
+@@ -2739,10 +2804,10 @@
  #
  template(`userdom_dontaudit_manage_user_tmp_dirs',`
  	gen_require(`
@@ -36629,7 +36794,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2772,12 +2836,12 @@
+@@ -2772,12 +2837,12 @@
  #
  template(`userdom_read_user_tmp_files',`
  	gen_require(`
@@ -36645,7 +36810,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2809,20 +2873,20 @@
+@@ -2809,20 +2874,20 @@
  #
  template(`userdom_dontaudit_read_user_tmp_files',`
  	gen_require(`
@@ -36670,7 +36835,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	temporary files.
  ##	</p>
  ##	<p>
-@@ -2842,21 +2906,23 @@
+@@ -2842,21 +2907,23 @@
  ##	</summary>
  ## </param>
  #
@@ -36699,7 +36864,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	</p>
  ##	<p>
  ##	This is a templated interface, and should only
-@@ -2871,67 +2937,138 @@
+@@ -2871,67 +2938,138 @@
  ## </param>
  ## <param name="domain">
  ##	<summary>
@@ -36875,7 +37040,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	be called from a per-userdomain template.
  ##	</p>
  ## </desc>
-@@ -2949,12 +3086,12 @@
+@@ -2949,12 +3087,12 @@
  #
  template(`userdom_read_user_tmp_symlinks',`
  	gen_require(`
@@ -36891,7 +37056,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2986,11 +3123,11 @@
+@@ -2986,11 +3124,11 @@
  #
  template(`userdom_manage_user_tmp_dirs',`
  	gen_require(`
@@ -36905,7 +37070,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3022,11 +3159,11 @@
+@@ -3022,11 +3160,11 @@
  #
  template(`userdom_manage_user_tmp_files',`
  	gen_require(`
@@ -36919,7 +37084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3058,11 +3195,11 @@
+@@ -3058,11 +3196,11 @@
  #
  template(`userdom_manage_user_tmp_symlinks',`
  	gen_require(`
@@ -36933,7 +37098,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3094,11 +3231,11 @@
+@@ -3094,11 +3232,11 @@
  #
  template(`userdom_manage_user_tmp_pipes',`
  	gen_require(`
@@ -36947,7 +37112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3130,11 +3267,11 @@
+@@ -3130,11 +3268,11 @@
  #
  template(`userdom_manage_user_tmp_sockets',`
  	gen_require(`
@@ -36961,7 +37126,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3179,10 +3316,10 @@
+@@ -3179,10 +3317,10 @@
  #
  template(`userdom_user_tmp_filetrans',`
  	gen_require(`
@@ -36974,7 +37139,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_search_tmp($2)
  ')
  
-@@ -3223,10 +3360,10 @@
+@@ -3223,10 +3361,10 @@
  #
  template(`userdom_tmp_filetrans_user_tmp',`
  	gen_require(`
@@ -36987,7 +37152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3254,6 +3391,42 @@
+@@ -3254,6 +3392,42 @@
  ##	</summary>
  ## </param>
  #
@@ -37030,7 +37195,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  template(`userdom_rw_user_tmpfs_files',`
  	gen_require(`
  		type $1_tmpfs_t;
-@@ -3267,6 +3440,42 @@
+@@ -3267,6 +3441,42 @@
  
  ########################################
  ## <summary>
@@ -37073,7 +37238,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	List users untrusted directories.
  ## </summary>
  ## <desc>
-@@ -3962,6 +4171,24 @@
+@@ -3962,6 +4172,24 @@
  
  ########################################
  ## <summary>
@@ -37098,7 +37263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Manage unpriviledged user SysV shared
  ##	memory segments.
  ## </summary>
-@@ -4231,11 +4458,11 @@
+@@ -4231,11 +4459,11 @@
  #
  interface(`userdom_search_staff_home_dirs',`
  	gen_require(`
@@ -37112,7 +37277,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4251,10 +4478,10 @@
+@@ -4251,10 +4479,10 @@
  #
  interface(`userdom_dontaudit_search_staff_home_dirs',`
  	gen_require(`
@@ -37125,7 +37290,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4270,11 +4497,11 @@
+@@ -4270,11 +4498,11 @@
  #
  interface(`userdom_manage_staff_home_dirs',`
  	gen_require(`
@@ -37139,7 +37304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4289,16 +4516,16 @@
+@@ -4289,16 +4517,16 @@
  #
  interface(`userdom_relabelto_staff_home_dirs',`
  	gen_require(`
@@ -37159,7 +37324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	users home directory.
  ## </summary>
  ## <param name="domain">
-@@ -4307,12 +4534,35 @@
+@@ -4307,12 +4535,35 @@
  ##	</summary>
  ## </param>
  #
@@ -37198,7 +37363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4327,13 +4577,13 @@
+@@ -4327,13 +4578,13 @@
  #
  interface(`userdom_read_staff_home_content_files',`
  	gen_require(`
@@ -37216,7 +37381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4531,10 +4781,10 @@
+@@ -4531,10 +4782,10 @@
  #
  interface(`userdom_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -37229,7 +37394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4551,10 +4801,10 @@
+@@ -4551,10 +4802,10 @@
  #
  interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -37242,7 +37407,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4569,10 +4819,10 @@
+@@ -4569,10 +4820,10 @@
  #
  interface(`userdom_search_sysadm_home_dirs',`
  	gen_require(`
@@ -37255,7 +37420,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4588,10 +4838,10 @@
+@@ -4588,10 +4839,10 @@
  #
  interface(`userdom_dontaudit_search_sysadm_home_dirs',`
  	gen_require(`
@@ -37268,7 +37433,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4606,10 +4856,10 @@
+@@ -4606,10 +4857,10 @@
  #
  interface(`userdom_list_sysadm_home_dirs',`
  	gen_require(`
@@ -37281,7 +37446,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4625,10 +4875,10 @@
+@@ -4625,10 +4876,10 @@
  #
  interface(`userdom_dontaudit_list_sysadm_home_dirs',`
  	gen_require(`
@@ -37294,7 +37459,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4644,12 +4894,29 @@
+@@ -4644,12 +4895,29 @@
  #
  interface(`userdom_dontaudit_read_sysadm_home_content_files',`
  	gen_require(`
@@ -37328,7 +37493,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4676,10 +4943,10 @@
+@@ -4676,10 +4944,10 @@
  #
  interface(`userdom_sysadm_home_dir_filetrans',`
  	gen_require(`
@@ -37341,7 +37506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4694,10 +4961,10 @@
+@@ -4694,10 +4962,10 @@
  #
  interface(`userdom_search_sysadm_home_content_dirs',`
  	gen_require(`
@@ -37354,7 +37519,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4712,13 +4979,13 @@
+@@ -4712,13 +4980,13 @@
  #
  interface(`userdom_read_sysadm_home_content_files',`
  	gen_require(`
@@ -37372,7 +37537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4754,11 +5021,49 @@
+@@ -4754,11 +5022,49 @@
  #
  interface(`userdom_search_all_users_home_dirs',`
  	gen_require(`
@@ -37423,7 +37588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4778,6 +5083,14 @@
+@@ -4778,6 +5084,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -37438,7 +37603,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4815,6 +5128,8 @@
+@@ -4815,6 +5129,8 @@
  	')
  
  	dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -37447,7 +37612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4839,7 +5154,7 @@
+@@ -4839,7 +5155,7 @@
  
  ########################################
  ## <summary>
@@ -37456,7 +37621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	in all users home directories.
  ## </summary>
  ## <param name="domain">
-@@ -4848,13 +5163,52 @@
+@@ -4848,13 +5164,52 @@
  ##	</summary>
  ## </param>
  #
@@ -37511,7 +37676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4879,6 +5233,26 @@
+@@ -4879,6 +5234,26 @@
  
  ########################################
  ## <summary>
@@ -37538,7 +37703,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete all symlinks
  ##	in all users home directories.
  ## </summary>
-@@ -5115,7 +5489,7 @@
+@@ -5115,7 +5490,7 @@
  #
  interface(`userdom_relabelto_generic_user_home_dirs',`
  	gen_require(`
@@ -37547,7 +37712,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	files_search_home($1)
-@@ -5304,6 +5678,63 @@
+@@ -5304,6 +5679,63 @@
  
  ########################################
  ## <summary>
@@ -37611,7 +37776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Create, read, write, and delete directories in
  ##	unprivileged users home directories.
  ## </summary>
-@@ -5509,6 +5940,43 @@
+@@ -5509,6 +5941,43 @@
  
  ########################################
  ## <summary>
@@ -37655,7 +37820,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Read and write unprivileged user ttys.
  ## </summary>
  ## <param name="domain">
-@@ -5559,7 +6027,7 @@
+@@ -5559,7 +6028,7 @@
  		attribute userdomain;
  	')
  
@@ -37664,7 +37829,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_search_proc($1)
  ')
  
-@@ -5674,6 +6142,42 @@
+@@ -5674,6 +6143,42 @@
  
  ########################################
  ## <summary>
@@ -37707,7 +37872,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5704,3 +6208,408 @@
+@@ -5704,3 +6209,408 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -38090,7 +38255,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +#
 +interface(`userdom_relabel_all_home_dirs',`
 +	gen_require(`
-+		type user_home_type;
++		attribute user_home_type;
 +	')
 +
 +	files_search_home($1)
@@ -38109,7 +38274,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +#
 +interface(`userdom_relabel_all_home_files',`
 +	gen_require(`
-+		type user_home_type;
++		attribute user_home_type;
 +	')
 +
 +	files_search_home($1)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a96f10e..17cc365 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 84%{?dist}
+Release: 85%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Aug 6 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-85
+- Allow clamscan to connect to the clamd_port over tcp
+
 * Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-84
 - Stop confinement of tmpreaper