diff --git a/modules-minimum.conf b/modules-minimum.conf
index 94c79ba..1f08acc 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -935,7 +935,7 @@ mount = base
#
mozilla = module
-# Layer: admin
+# Layer: services
# Module: ntop
#
# Policy for ntop
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 94c79ba..1f08acc 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -935,7 +935,7 @@ mount = base
#
mozilla = module
-# Layer: admin
+# Layer: services
# Module: ntop
#
# Policy for ntop
diff --git a/policy-F12.patch b/policy-F12.patch
index cdb2660..0cefdd1 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -306,7 +306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.32/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/admin/logrotate.te 2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/admin/logrotate.te 2009-12-21 14:18:28.000000000 -0500
@@ -32,7 +32,7 @@
# Change ownership on log files.
allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -437,221 +437,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_use_user_terminals(netutils_t)
userdom_use_all_users_fds(netutils_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.fc serefpolicy-3.6.32/policy/modules/admin/ntop.fc
---- nsaserefpolicy/policy/modules/admin/ntop.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/admin/ntop.fc 2009-12-17 11:20:45.000000000 -0500
-@@ -0,0 +1,5 @@
-+/etc/rc\.d/init\.d/ntop -- gen_context(system_u:object_r:ntop_initrc_exec_t,s0)
-+
-+/usr/sbin/ntop -- gen_context(system_u:object_r:ntop_exec_t,s0)
-+
-+/var/lib/ntop(/.*)? gen_context(system_u:object_r:ntop_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.if serefpolicy-3.6.32/policy/modules/admin/ntop.if
---- nsaserefpolicy/policy/modules/admin/ntop.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/admin/ntop.if 2009-12-17 11:20:45.000000000 -0500
-@@ -0,0 +1,158 @@
-+
-+## policy for ntop
-+
-+########################################
-+##
-+## Execute a domain transition to run ntop.
-+##
-+##
-+##
-+## Domain allowed to transition.
-+##
-+##
-+#
-+interface(`ntop_domtrans',`
-+ gen_require(`
-+ type ntop_t, ntop_exec_t;
-+ ')
-+
-+ domtrans_pattern($1,ntop_exec_t,ntop_t)
-+')
-+
-+
-+########################################
-+##
-+## Execute ntop server in the ntop domain.
-+##
-+##
-+##
-+## The type of the process performing this action.
-+##
-+##
-+#
-+interface(`ntop_initrc_domtrans',`
-+ gen_require(`
-+ type ntop_initrc_exec_t;
-+ ')
-+
-+ init_labeled_script_domtrans($1,ntop_initrc_exec_t)
-+')
-+
-+########################################
-+##
-+## Search ntop lib directories.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ntop_search_lib',`
-+ gen_require(`
-+ type ntop_var_lib_t;
-+ ')
-+
-+ allow $1 ntop_var_lib_t:dir search_dir_perms;
-+ files_search_var_lib($1)
-+')
-+
-+########################################
-+##
-+## Read ntop lib files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ntop_read_lib_files',`
-+ gen_require(`
-+ type ntop_var_lib_t;
-+ ')
-+
-+ files_search_var_lib($1)
-+ read_files_pattern($1, ntop_var_lib_t, ntop_var_lib_t)
-+')
-+
-+########################################
-+##
-+## Create, read, write, and delete
-+## ntop lib files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ntop_manage_lib_files',`
-+ gen_require(`
-+ type ntop_var_lib_t;
-+ ')
-+
-+ files_search_var_lib($1)
-+ manage_files_pattern($1, ntop_var_lib_t, ntop_var_lib_t)
-+')
-+
-+########################################
-+##
-+## Manage ntop var_lib files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ntop_manage_var_lib',`
-+ gen_require(`
-+ type ntop_var_lib_t;
-+ ')
-+
-+ manage_dirs_pattern($1,ntop_var_lib_t,ntop_var_lib_t)
-+ manage_files_pattern($1,ntop_var_lib_t,ntop_var_lib_t)
-+ manage_lnk_files_pattern($1,ntop_var_lib_t,ntop_var_lib_t)
-+')
-+
-+
-+########################################
-+##
-+## All of the rules required to administrate
-+## an ntop environment
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+## Role allowed access.
-+##
-+##
-+##
-+#
-+interface(`ntop_admin',`
-+ gen_require(`
-+ type ntop_t;
-+ ')
-+
-+ allow $1 ntop_t:process { ptrace signal_perms getattr };
-+ read_files_pattern($1, ntop_t, ntop_t)
-+
-+
-+ gen_require(`
-+ type ntop_initrc_exec_t;
-+ ')
-+
-+ # Allow ntop_t to restart the apache service
-+ ntop_initrc_domtrans($1)
-+ domain_system_change_exemption($1)
-+ role_transition $2 ntop_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
-+ ntop_manage_var_lib($1)
-+
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ntop.te serefpolicy-3.6.32/policy/modules/admin/ntop.te
---- nsaserefpolicy/policy/modules/admin/ntop.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/admin/ntop.te 2009-12-17 11:20:45.000000000 -0500
-@@ -0,0 +1,40 @@
-+policy_module(ntop,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type ntop_t;
-+type ntop_exec_t;
-+init_daemon_domain(ntop_t, ntop_exec_t)
-+
-+permissive ntop_t;
-+
-+type ntop_initrc_exec_t;
-+init_script_file(ntop_initrc_exec_t)
-+
-+type ntop_var_lib_t;
-+files_type(ntop_var_lib_t)
-+
-+########################################
-+#
-+# ntop local policy
-+#
-+allow ntop_t self:capability { setgid setuid };
-+allow ntop_t self:fifo_file manage_file_perms;
-+allow ntop_t self:unix_stream_socket create_stream_socket_perms;
-+
-+# Init script handling
-+domain_use_interactive_fds(ntop_t)
-+
-+files_read_etc_files(ntop_t)
-+
-+manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
-+manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
-+files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir } )
-+
-+auth_use_nsswitch(ntop_t)
-+
-+miscfiles_read_localization(ntop_t)
-+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage.te serefpolicy-3.6.32/policy/modules/admin/portage.te
--- nsaserefpolicy/policy/modules/admin/portage.te 2009-09-16 10:01:19.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/admin/portage.te 2009-12-17 11:20:45.000000000 -0500
@@ -2211,7 +1996,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.6.32/policy/modules/apps/chrome.te
--- nsaserefpolicy/policy/modules/apps/chrome.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/chrome.te 2009-12-18 10:19:15.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/apps/chrome.te 2009-12-21 13:49:17.000000000 -0500
@@ -0,0 +1,82 @@
+policy_module(chrome,1.0.0)
+
@@ -2240,7 +2025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#
+allow chrome_sandbox_t self:capability { setuid sys_admin dac_override sys_chroot chown fsetid setgid };
+dontaudit chrome_sandbox_t self:capability { sys_ptrace };
-+allow chrome_sandbox_t self:process { signal_perms setrlimit execmem };
++allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack };
+allow chrome_sandbox_t self:fifo_file manage_file_perms;
+allow chrome_sandbox_t self:unix_stream_socket create_stream_socket_perms;
+allow chrome_sandbox_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -5293,8 +5078,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.32/policy/modules/apps/sandbox.te
--- nsaserefpolicy/policy/modules/apps/sandbox.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/sandbox.te 2009-12-17 11:20:45.000000000 -0500
-@@ -0,0 +1,335 @@
++++ serefpolicy-3.6.32/policy/modules/apps/sandbox.te 2009-12-21 14:31:10.000000000 -0500
+@@ -0,0 +1,336 @@
+policy_module(sandbox,1.0.0)
+dbus_stub()
+attribute sandbox_domain;
@@ -5401,6 +5186,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## internal communication is often done using fifo and unix sockets.
+allow sandbox_domain self:fifo_file manage_file_perms;
+allow sandbox_domain self:unix_stream_socket create_stream_socket_perms;
++allow sandbox_domain self:unix_dgram_socket create_socket_perms;
+
+gen_require(`
+ type usr_t, lib_t, locale_t;
@@ -5632,7 +5418,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.32/policy/modules/apps/screen.if
--- nsaserefpolicy/policy/modules/apps/screen.if 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/apps/screen.if 2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/apps/screen.if 2009-12-21 14:51:45.000000000 -0500
@@ -45,6 +45,7 @@
allow $1_screen_t self:capability { setuid setgid fsetid };
@@ -5661,11 +5447,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch($1_screen_t)
auth_dontaudit_read_shadow($1_screen_t)
auth_dontaudit_exec_utempter($1_screen_t)
-@@ -134,6 +141,7 @@
+@@ -134,6 +141,12 @@
userdom_create_user_pty($1_screen_t)
userdom_user_home_domtrans($1_screen_t, $3)
userdom_setattr_user_ptys($1_screen_t)
+ userdom_setattr_user_ttys($1_screen_t)
++
++ optional_policy(`
++ dbus_system_bus_client($1_screen_t)
++ fprintd_dbus_chat($1_screen_t)
++ ')
tunable_policy(`use_samba_home_dirs',`
fs_cifs_domtrans($1_screen_t, $3)
@@ -7410,7 +7201,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/nfs/rpc_pipefs(/.*)? <>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.32/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/files.if 2009-12-18 15:32:53.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/kernel/files.if 2009-12-21 17:41:42.000000000 -0500
@@ -110,7 +110,11 @@
##
#
@@ -10230,8 +10021,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te
--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2009-12-17 11:20:45.000000000 -0500
-@@ -0,0 +1,443 @@
++++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2009-12-21 11:46:41.000000000 -0500
+@@ -0,0 +1,442 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -10268,7 +10059,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+userdom_manage_home_role(unconfined_r, unconfined_t)
+userdom_manage_tmp_role(unconfined_r, unconfined_t)
+userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
-+userdom_execmod_user_home_files(unconfined_t)
+userdom_unpriv_usertype(unconfined, unconfined_t)
+
+type unconfined_exec_t;
@@ -10931,14 +10721,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.6.32/policy/modules/services/abrt.fc
--- nsaserefpolicy/policy/modules/services/abrt.fc 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.fc 2009-12-18 08:10:43.000000000 -0500
-@@ -1,11 +1,16 @@
++++ serefpolicy-3.6.32/policy/modules/services/abrt.fc 2009-12-21 12:21:10.000000000 -0500
+@@ -1,11 +1,17 @@
/etc/abrt(/.*)? gen_context(system_u:object_r:abrt_etc_t,s0)
/etc/rc\.d/init\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
-/usr/sbin/abrt -- gen_context(system_u:object_r:abrt_exec_t,s0)
+/usr/bin/abrt-pyhook-helper -- gen_context(system_u:object_r:abrt_helper_exec_t,s0)
+/usr/libexec/abrt-pyhook-helper -- gen_context(system_u:object_r:abrt_helper_exec_t,s0)
++/usr/libexec/abrt-hook-python -- gen_context(system_u:object_r:abrt_helper_exec_t,s0)
+
+/usr/sbin/abrtd -- gen_context(system_u:object_r:abrt_exec_t,s0)
@@ -17159,7 +16950,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.32/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/hal.te 2009-12-18 08:18:28.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/hal.te 2009-12-21 10:21:57.000000000 -0500
@@ -55,13 +55,16 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -17188,7 +16979,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_read_pam_console_data(hald_t)
-@@ -156,6 +161,12 @@
+@@ -156,6 +161,13 @@
fs_search_all(hald_t)
fs_list_inotifyfs(hald_t)
fs_list_auto_mountpoints(hald_t)
@@ -17197,11 +16988,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+fs_manage_dos_files(hald_t)
+fs_manage_fusefs_dirs(hald_t)
+fs_manage_fusefs_files(hald_t)
++fs_rw_removable_blk_files(hald_t)
+
files_getattr_all_mountpoints(hald_t)
mls_file_read_all_levels(hald_t)
-@@ -197,13 +208,16 @@
+@@ -197,13 +209,16 @@
miscfiles_read_hwdata(hald_t)
modutils_domtrans_insmod(hald_t)
@@ -17219,7 +17011,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_use_unpriv_user_fds(hald_t)
userdom_dontaudit_search_user_home_dirs(hald_t)
-@@ -290,6 +304,7 @@
+@@ -290,6 +305,7 @@
')
optional_policy(`
@@ -17227,7 +17019,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
policykit_domtrans_auth(hald_t)
policykit_domtrans_resolve(hald_t)
policykit_read_lib(hald_t)
-@@ -321,6 +336,10 @@
+@@ -321,6 +337,10 @@
virt_manage_images(hald_t)
')
@@ -17238,7 +17030,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Hal acl local policy
-@@ -341,6 +360,7 @@
+@@ -341,6 +361,7 @@
manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -17246,7 +17038,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_bin(hald_acl_t)
-@@ -357,6 +377,8 @@
+@@ -357,6 +378,8 @@
files_read_usr_files(hald_acl_t)
files_read_etc_files(hald_acl_t)
@@ -17255,7 +17047,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
storage_getattr_removable_dev(hald_acl_t)
storage_setattr_removable_dev(hald_acl_t)
storage_getattr_fixed_disk_dev(hald_acl_t)
-@@ -369,6 +391,7 @@
+@@ -369,6 +392,7 @@
miscfiles_read_localization(hald_acl_t)
optional_policy(`
@@ -17263,7 +17055,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
policykit_domtrans_auth(hald_acl_t)
policykit_read_lib(hald_acl_t)
policykit_read_reload(hald_acl_t)
-@@ -450,12 +473,16 @@
+@@ -450,12 +474,16 @@
miscfiles_read_localization(hald_keymap_t)
@@ -17282,7 +17074,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow hald_dccm_t self:process getsched;
allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
allow hald_dccm_t self:udp_socket create_socket_perms;
-@@ -469,10 +496,22 @@
+@@ -469,10 +497,22 @@
manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_dccm_t)
@@ -17305,7 +17097,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(hald_dccm_t)
corenet_all_recvfrom_netlabel(hald_dccm_t)
corenet_tcp_sendrecv_generic_if(hald_dccm_t)
-@@ -484,6 +523,7 @@
+@@ -484,6 +524,7 @@
corenet_tcp_bind_generic_node(hald_dccm_t)
corenet_udp_bind_generic_node(hald_dccm_t)
corenet_udp_bind_dhcpc_port(hald_dccm_t)
@@ -17313,7 +17105,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_bind_dccm_port(hald_dccm_t)
logging_send_syslog_msg(hald_dccm_t)
-@@ -491,3 +531,7 @@
+@@ -491,3 +532,7 @@
files_read_usr_files(hald_dccm_t)
miscfiles_read_localization(hald_dccm_t)
@@ -17405,7 +17197,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1 self:udp_socket create_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.32/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/kerberos.te 2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/kerberos.te 2009-12-21 17:39:29.000000000 -0500
@@ -110,8 +110,9 @@
manage_files_pattern(kadmind_t, kadmind_var_run_t, kadmind_var_run_t)
files_pid_filetrans(kadmind_t, kadmind_var_run_t, file)
@@ -17417,7 +17209,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_proc_symlinks(kadmind_t)
kernel_read_system_state(kadmind_t)
-@@ -277,6 +278,8 @@
+@@ -277,11 +278,13 @@
#
allow kpropd_t self:capability net_bind_service;
@@ -17426,6 +17218,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow kpropd_t self:fifo_file rw_file_perms;
allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
allow kpropd_t self:tcp_socket create_stream_socket_perms;
+
+-allow kpropd_t krb5_host_rcache_t:file rw_file_perms;
++allow kpropd_t krb5_host_rcache_t:file manage_file_perms;
+
+ allow kpropd_t krb5_keytab_t:file read_file_perms;
+
@@ -286,8 +289,13 @@
allow kpropd_t krb5_keytab_t:file read_file_perms;
@@ -17559,7 +17357,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.6.32/policy/modules/services/ksmtuned.te
--- nsaserefpolicy/policy/modules/services/ksmtuned.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/services/ksmtuned.te 2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/ksmtuned.te 2009-12-21 09:46:33.000000000 -0500
@@ -0,0 +1,46 @@
+policy_module(ksmtuned,1.0.0)
+
@@ -17584,7 +17382,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#
+# ksmtuned local policy
+#
-+allow ksmtuned_t self:capability sys_ptrace;
++allow ksmtuned_t self:capability { sys_ptrace sys_tty_config };
+
+# Init script handling
+domain_use_interactive_fds(ksmtuned_t)
@@ -18028,7 +17826,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.32/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/munin.te 2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/munin.te 2009-12-21 11:34:20.000000000 -0500
@@ -33,7 +33,7 @@
# Local policy
#
@@ -18038,7 +17836,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dontaudit munin_t self:capability sys_tty_config;
allow munin_t self:process { getsched setsched signal_perms };
allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
-@@ -147,6 +147,7 @@
+@@ -55,7 +55,8 @@
+
+ manage_dirs_pattern(munin_t, munin_tmp_t, munin_tmp_t)
+ manage_files_pattern(munin_t, munin_tmp_t, munin_tmp_t)
+-files_tmp_filetrans(munin_t, munin_tmp_t, { file dir })
++manage_sock_files_pattern(munin_t, munin_tmp_t, munin_tmp_t)
++files_tmp_filetrans(munin_t, munin_tmp_t, { file dir sock_file })
+
+ # Allow access to the munin databases
+ manage_dirs_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
+@@ -147,6 +148,7 @@
optional_policy(`
postfix_list_spool(munin_t)
@@ -19337,7 +19145,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.fc serefpolicy-3.6.32/policy/modules/services/ntop.fc
--- nsaserefpolicy/policy/modules/services/ntop.fc 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/ntop.fc 2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/ntop.fc 2009-12-21 11:13:49.000000000 -0500
@@ -1,7 +1,6 @@
/etc/ntop(/.*)? gen_context(system_u:object_r:ntop_etc_t,s0)
@@ -19348,8 +19156,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/ntop\.pid -- gen_context(system_u:object_r:ntop_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.6.32/policy/modules/services/ntop.te
--- nsaserefpolicy/policy/modules/services/ntop.te 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/ntop.te 2009-12-17 11:20:45.000000000 -0500
-@@ -14,9 +14,6 @@
++++ serefpolicy-3.6.32/policy/modules/services/ntop.te 2009-12-21 11:12:35.000000000 -0500
+@@ -11,12 +11,12 @@
+ init_daemon_domain(ntop_t, ntop_exec_t)
+ application_domain(ntop_t, ntop_exec_t)
+
++type ntop_initrc_exec_t;
++init_script_file(ntop_initrc_exec_t)
++
type ntop_etc_t;
files_config_file(ntop_etc_t)
@@ -19359,11 +19173,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type ntop_tmp_t;
files_tmp_file(ntop_tmp_t)
-@@ -37,15 +34,14 @@
+@@ -37,26 +37,28 @@
allow ntop_t self:fifo_file rw_fifo_file_perms;
allow ntop_t self:tcp_socket create_stream_socket_perms;
allow ntop_t self:udp_socket create_socket_perms;
+allow ntop_t self:unix_dgram_socket create_socket_perms;
++allow ntop_t self:unix_stream_socket create_stream_socket_perms;
allow ntop_t self:packet_socket create_socket_perms;
+allow ntop_t self:socket create_socket_perms;
@@ -19377,7 +19192,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
manage_files_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
files_tmp_filetrans(ntop_t, ntop_tmp_t, { file dir })
-@@ -57,6 +53,8 @@
+
+-create_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
++manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
+ manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
+-files_var_lib_filetrans(ntop_t, ntop_var_lib_t, file)
++files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir } )
+
manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
files_pid_filetrans(ntop_t, ntop_var_run_t, file)
@@ -19386,7 +19207,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_network_state(ntop_t)
kernel_read_kernel_sysctls(ntop_t)
kernel_list_proc(ntop_t)
-@@ -72,12 +70,17 @@
+@@ -72,26 +74,36 @@
corenet_raw_sendrecv_generic_node(ntop_t)
corenet_tcp_sendrecv_all_ports(ntop_t)
corenet_udp_sendrecv_all_ports(ntop_t)
@@ -19404,15 +19225,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(ntop_t)
fs_search_auto_mountpoints(ntop_t)
-@@ -85,6 +88,7 @@
+
++auth_use_nsswitch(ntop_t)
++
logging_send_syslog_msg(ntop_t)
miscfiles_read_localization(ntop_t)
+-
+-sysnet_read_config(ntop_t)
+miscfiles_read_fonts(ntop_t)
- sysnet_read_config(ntop_t)
-
-@@ -92,6 +96,10 @@
+ userdom_dontaudit_use_unpriv_user_fds(ntop_t)
userdom_dontaudit_search_user_home_dirs(ntop_t)
optional_policy(`
@@ -20162,7 +19985,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_var_run_t, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.if serefpolicy-3.6.32/policy/modules/services/plymouth.if
--- nsaserefpolicy/policy/modules/services/plymouth.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/services/plymouth.if 2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/plymouth.if 2009-12-21 12:06:57.000000000 -0500
@@ -0,0 +1,304 @@
+## policy for plymouthd
+
@@ -20186,7 +20009,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+########################################
+##
-+## Execute a plymoth in the current domain
++## Execute a plymoth command in the current domain
+##
+##
+##
@@ -20194,12 +20017,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+##
+##
+#
-+interface(`plymouth_exec', `
++interface(`plymouth_exec_plymouth', `
+ gen_require(`
-+ type plymouthd_exec_t;
++ type plymouth_exec_t;
+ ')
+
-+ can_exec($1, plymouthd_exec_t)
++ can_exec($1, plymouth_exec_t)
+')
+
+########################################
@@ -23437,7 +23260,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read NFS exported content.
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.32/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/rpc.te 2009-12-18 15:32:53.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/rpc.te 2009-12-21 17:41:53.000000000 -0500
@@ -37,8 +37,14 @@
# rpc_exec_t is the type of rpc daemon programs.
rpc_domain_template(rpcd)
@@ -23528,7 +23351,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(gssd_t)
auth_manage_cache(gssd_t)
-@@ -199,10 +219,13 @@
+@@ -199,10 +219,14 @@
mount_signal(gssd_t)
@@ -23539,6 +23362,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_read_user_tmp_files(gssd_t)
userdom_read_user_tmp_symlinks(gssd_t)
+ userdom_dontaudit_write_user_tmp_files(gssd_t)
++ files_read_generic_tmp_files(gssd_t)
')
optional_policy(`
@@ -26593,8 +26417,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.6.32/policy/modules/services/tuned.te
--- nsaserefpolicy/policy/modules/services/tuned.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/services/tuned.te 2009-12-17 11:20:47.000000000 -0500
-@@ -0,0 +1,59 @@
++++ serefpolicy-3.6.32/policy/modules/services/tuned.te 2009-12-21 10:30:27.000000000 -0500
+@@ -0,0 +1,60 @@
+
+policy_module(tuned,1.0.0)
+
@@ -26627,6 +26451,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+files_pid_filetrans(tuned_t, tuned_var_run_t, { file })
+
+corecmd_exec_shell(tuned_t)
++corecmd_exec_bin(tuned_t)
+
+kernel_read_network_state(tuned_t)
+kernel_read_system_state(tuned_t)
@@ -28718,7 +28543,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.32/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.te 2009-12-17 11:20:47.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/xserver.te 2009-12-21 17:51:39.000000000 -0500
@@ -34,6 +34,13 @@
##
@@ -29251,7 +29076,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
+ plymouth_search_spool(xdm_t)
-+ plymouth_exec(xdm_t)
++ plymouth_exec_plymouth(xdm_t)
+')
+
+optional_policy(`
@@ -29401,15 +29226,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
selinux_validate_context(xserver_t)
selinux_compute_access_vector(xserver_t)
-@@ -721,6 +926,7 @@
+@@ -721,6 +926,8 @@
miscfiles_read_localization(xserver_t)
miscfiles_read_fonts(xserver_t)
++miscfiles_dontaudit_write_fonts(xserver_t)
+miscfiles_read_hwdata(xserver_t)
modutils_domtrans_insmod(xserver_t)
-@@ -743,7 +949,7 @@
+@@ -743,7 +950,7 @@
')
ifdef(`enable_mls',`
@@ -29418,7 +29244,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
')
-@@ -775,12 +981,20 @@
+@@ -775,12 +982,20 @@
')
optional_policy(`
@@ -29440,7 +29266,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_domtrans(xserver_t)
')
-@@ -807,12 +1021,12 @@
+@@ -807,12 +1022,12 @@
allow xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xserver_t xdm_var_lib_t:dir search;
@@ -29457,7 +29283,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Run xkbcomp.
allow xserver_t xkb_var_lib_t:lnk_file read;
-@@ -828,9 +1042,14 @@
+@@ -828,9 +1043,14 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -29472,7 +29298,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
fs_manage_nfs_files(xserver_t)
-@@ -845,11 +1064,14 @@
+@@ -845,11 +1065,14 @@
optional_policy(`
dbus_system_bus_client(xserver_t)
@@ -29488,7 +29314,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -882,6 +1104,8 @@
+@@ -882,6 +1105,8 @@
# X Server
# can read server-owned resources
allow x_domain xserver_t:x_resource read;
@@ -29497,7 +29323,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# can mess with own clients
allow x_domain self:x_client { manage destroy };
-@@ -906,6 +1130,8 @@
+@@ -906,6 +1131,8 @@
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -29506,7 +29332,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# X Colormaps
# can use the default colormap
allow x_domain rootwindow_t:x_colormap { read use add_color };
-@@ -973,17 +1199,49 @@
+@@ -973,17 +1200,49 @@
allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
@@ -31607,7 +31433,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive kdump_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.32/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/libraries.fc 2009-12-18 08:55:06.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/system/libraries.fc 2009-12-21 13:42:25.000000000 -0500
@@ -60,12 +60,15 @@
#
# /opt
@@ -31815,7 +31641,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') dnl end distro_redhat
#
-@@ -307,10 +309,113 @@
+@@ -307,10 +309,115 @@
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
@@ -31929,6 +31755,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/opt/lampp/lib/libct\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+/usr/lib(64)?/nmm/liba52\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/usr/lib(64)?/chromium-browser/libsandbox\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.6.32/policy/modules/system/libraries.if
--- nsaserefpolicy/policy/modules/system/libraries.if 2009-09-16 10:01:19.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/system/libraries.if 2009-12-17 11:20:47.000000000 -0500
@@ -35412,7 +35240,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/\.gvfs(/.*)? <>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.32/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-12-17 11:20:47.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-12-21 14:36:02.000000000 -0500
@@ -30,8 +30,9 @@
')
@@ -36980,35 +36808,50 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_search_tmpfs($1)
')
--########################################
-+######################################
+ ########################################
##
-## Read user tmpfs files.
-+## Manage user tmpfs files.
++## Read/Write user tmpfs files.
##
##
##
-@@ -2419,15 +2695,14 @@
+@@ -2419,7 +2695,7 @@
##
##
#
-interface(`userdom_rw_user_tmpfs_files',`
-+interface(`userdom_manage_user_tmpfs_files',`
++interface(`userdom_rw_inherited_user_tmpfs_files',`
gen_require(`
type user_tmpfs_t;
')
+@@ -2430,6 +2706,26 @@
+ fs_search_tmpfs($1)
+ ')
-- rw_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
-- read_lnk_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
-- allow $1 user_tmpfs_t:dir list_dir_perms;
-- fs_search_tmpfs($1)
++######################################
++##
++## Manage user tmpfs files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`userdom_manage_user_tmpfs_files',`
++ gen_require(`
++ type user_tmpfs_t;
++ ')
++
+ manage_dirs_pattern($1, user_tmpfs_t, user_tmpfs_t)
+ manage_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
+ manage_lnk_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
- ')
-
++')
++
########################################
-@@ -2749,7 +3024,7 @@
+ ##
+ ## Get the attributes of a user domain tty.
+@@ -2749,7 +3045,7 @@
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
@@ -37017,7 +36860,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow unpriv_userdomain $1:process sigchld;
')
-@@ -2765,11 +3040,33 @@
+@@ -2765,11 +3061,33 @@
#
interface(`userdom_search_user_home_content',`
gen_require(`
@@ -37053,7 +36896,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -2897,7 +3194,43 @@
+@@ -2897,7 +3215,43 @@
type user_tmp_t;
')
@@ -37098,7 +36941,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -2934,6 +3267,7 @@
+@@ -2934,6 +3288,7 @@
')
read_files_pattern($1, userdomain, userdomain)
@@ -37106,7 +36949,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_search_proc($1)
')
-@@ -3064,3 +3398,656 @@
+@@ -3064,3 +3419,656 @@
allow $1 userdomain:dbus send_msg;
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e21062b..2237716 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.32
-Release: 60%{?dist}
+Release: 61%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -449,6 +449,12 @@ exit 0
%endif
%changelog
+* Mon Dec 21 2009 Dan Walsh 3.6.32-61
+- Fixes for sandbox_x_server
+- Fix ntop policy
+- Allow screen to use fprintd
+- Sandbox fixes
+
* Fri Dec 18 2009 Dan Walsh 3.6.32-60
- Fixs for cluster policy
- mysql_safe fixes
@@ -456,10 +462,6 @@ exit 0
- Cgroup access for virtd
- Dontaudit fail2ban leaks
-* Wed Dec 16 2009 Dan Walsh 3.6.32-59
-- Fixes for sandbox_x_server
--
-
* Tue Dec 15 2009 Dan Walsh 3.6.32-59
- Dontaudit udp_socket leaks for xauth_t
- Dontaudit rules for iceauth_t