-+##
-+## Allow postfix_local domain full write access to mail_spool directories
-+##
++##
++## Allow postfix_local domain full write access to mail_spool directories
++##
+##
+gen_tunable(postfix_local_write_mail_spool, true)
+
@@ -48357,6 +48533,15 @@ index a1e0f60..22a3efd 100644
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
+@@ -195,7 +216,7 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+-# for postalias
++# for postalias
+ mailman_manage_data_files(postfix_master_t)
+ ')
+
@@ -220,13 +241,17 @@ allow postfix_bounce_t self:capability dac_read_search;
allow postfix_bounce_t self:tcp_socket create_socket_perms;
@@ -48621,7 +48806,7 @@ index a1e0f60..22a3efd 100644
# to write the mailq output, it really should not need read access!
term_use_all_ptys(postfix_showq_t)
-@@ -558,6 +648,11 @@ allow postfix_smtp_t postfix_prng_t:file rw_file_perms;
+@@ -558,6 +648,12 @@ allow postfix_smtp_t postfix_prng_t:file rw_file_perms;
allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
@@ -48629,15 +48814,16 @@ index a1e0f60..22a3efd 100644
+
+# for spampd
+corenet_tcp_connect_spamd_port(postfix_master_t)
++corenet_tcp_bind_spamd_port(postfix_master_t)
+
files_search_all_mountpoints(postfix_smtp_t)
optional_policy(`
-@@ -565,6 +660,14 @@ optional_policy(`
+@@ -565,6 +661,14 @@ optional_policy(`
')
optional_policy(`
-+ dovecot_stream_connect(postfix_smtp_t)
++ dovecot_stream_connect(postfix_smtp_t)
+')
+
+optional_policy(`
@@ -48648,7 +48834,7 @@ index a1e0f60..22a3efd 100644
milter_stream_connect_all(postfix_smtp_t)
')
-@@ -581,17 +684,25 @@ stream_connect_pattern(postfix_smtpd_t, { postfix_private_t postfix_public_t },
+@@ -581,17 +685,25 @@ stream_connect_pattern(postfix_smtpd_t, { postfix_private_t postfix_public_t },
corenet_tcp_connect_postfix_policyd_port(postfix_smtpd_t)
# for prng_exch
@@ -48675,7 +48861,7 @@ index a1e0f60..22a3efd 100644
')
optional_policy(`
-@@ -599,6 +710,11 @@ optional_policy(`
+@@ -599,6 +711,11 @@ optional_policy(`
')
optional_policy(`
@@ -48687,7 +48873,7 @@ index a1e0f60..22a3efd 100644
postgrey_stream_connect(postfix_smtpd_t)
')
-@@ -611,7 +727,6 @@ optional_policy(`
+@@ -611,7 +728,6 @@ optional_policy(`
# Postfix virtual local policy
#
@@ -48695,7 +48881,7 @@ index a1e0f60..22a3efd 100644
allow postfix_virtual_t self:process { setsched setrlimit };
allow postfix_virtual_t postfix_spool_t:file rw_file_perms;
-@@ -622,7 +737,6 @@ stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }
+@@ -622,7 +738,6 @@ stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }
corecmd_exec_shell(postfix_virtual_t)
corecmd_exec_bin(postfix_virtual_t)
@@ -48703,7 +48889,7 @@ index a1e0f60..22a3efd 100644
files_read_usr_files(postfix_virtual_t)
mta_read_aliases(postfix_virtual_t)
-@@ -630,3 +744,76 @@ mta_delete_spool(postfix_virtual_t)
+@@ -630,3 +745,76 @@ mta_delete_spool(postfix_virtual_t)
# For reading spamassasin
mta_read_config(postfix_virtual_t)
mta_manage_spool(postfix_virtual_t)
@@ -49095,7 +49281,7 @@ index de4bdb7..a4cad0b 100644
+ allow $1 pppd_unit_file_t:service all_service_perms;
')
diff --git a/ppp.te b/ppp.te
-index bcbf9ac..c4607d4 100644
+index bcbf9ac..5a550bb 100644
--- a/ppp.te
+++ b/ppp.te
@@ -19,14 +19,15 @@ gen_tunable(pppd_can_insmod, false)
@@ -49141,7 +49327,7 @@ index bcbf9ac..c4607d4 100644
#
-allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
-+allow pppd_t self:capability { kill net_admin setuid setgid sys_admin fsetid fowner net_raw dac_override };
++allow pppd_t self:capability { kill net_admin setuid setgid sys_admin fsetid fowner net_raw dac_override sys_nice };
dontaudit pppd_t self:capability sys_tty_config;
-allow pppd_t self:process { getsched signal };
+allow pppd_t self:process { getsched setsched signal };
@@ -49325,6 +49511,32 @@ index ec0e76a..62af9a4 100644
/var/log/prelink(/.*)? gen_context(system_u:object_r:prelink_log_t,s0)
/var/lib/misc/prelink.* -- gen_context(system_u:object_r:prelink_var_lib_t,s0)
+diff --git a/prelink.if b/prelink.if
+index 93ec175..e6605c1 100644
+--- a/prelink.if
++++ b/prelink.if
+@@ -202,3 +202,21 @@ interface(`prelink_relabel_lib',`
+ files_search_var_lib($1)
+ relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
+ ')
++
++########################################
++##