diff --git a/policy-20090521.patch b/policy-20090521.patch
index 96d8d7f..a9fddfd 100644
--- a/policy-20090521.patch
+++ b/policy-20090521.patch
@@ -599,6 +599,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.6.12/policy/modules/admin/tzdata.te
+--- nsaserefpolicy/policy/modules/admin/tzdata.te	2009-04-07 21:54:49.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/tzdata.te	2009-09-07 13:31:31.000000000 +0200
+@@ -16,6 +16,8 @@
+ # tzdata local policy
+ #
+ 
++fs_getattr_xattr_fs(tzdata_t)  
++
+ files_read_etc_files(tzdata_t)
+ files_search_spool(tzdata_t)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.12/policy/modules/admin/usermanage.if
 --- nsaserefpolicy/policy/modules/admin/usermanage.if	2009-04-07 21:54:49.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/admin/usermanage.if	2009-09-02 09:29:39.000000000 +0200
@@ -2008,16 +2020,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.12/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.if	2009-06-25 10:21:01.000000000 +0200
-@@ -1953,6 +1953,7 @@
++++ serefpolicy-3.6.12/policy/modules/kernel/files.if	2009-09-14 14:40:51.000000000 +0200
+@@ -1953,6 +1953,8 @@
  	allow $1 etc_t:dir list_dir_perms;
  	read_files_pattern($1, etc_t, etc_t)
  	read_lnk_files_pattern($1, etc_t, etc_t)
 +	files_read_etc_runtime_files($1)
++	files_read_config_files($1)
  ')
  
  ########################################
-@@ -3734,6 +3735,7 @@
+@@ -3734,6 +3736,7 @@
  	allow $1 usr_t:dir list_dir_perms;
  	read_files_pattern($1, usr_t, usr_t)
  	read_lnk_files_pattern($1, usr_t, usr_t)
@@ -2025,7 +2038,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -5224,6 +5226,7 @@
+@@ -5224,6 +5227,7 @@
  		attribute file_type;
  	')
  
@@ -2299,8 +2312,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_mount_nfs(afs_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.12/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apache.fc	2009-06-25 10:21:01.000000000 +0200
-@@ -98,4 +98,6 @@
++++ serefpolicy-3.6.12/policy/modules/services/apache.fc	2009-09-14 14:48:14.000000000 +0200
+@@ -40,6 +40,7 @@
+ /usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /usr/share/wordpress-mu/wp-config\.php   -- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+ /usr/share/wordpress-mu/wp-content(/.*)? gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
++/usr/share/wordpress/wp-content/uploads(/.*)?  gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
+ 
+ 
+ /var/cache/httpd(/.*)?			gen_context(system_u:object_r:httpd_cache_t,s0)
+@@ -98,4 +99,6 @@
  
  /var/lib/rt3/data/RT-Shredder(/.*)?	gen_context(system_u:object_r:httpd_var_lib_t,s0)
  
@@ -2308,6 +2329,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/svn(/.*)?			gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
 +/var/www/svn/hooks(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 +/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.12/policy/modules/services/apache.te
+--- nsaserefpolicy/policy/modules/services/apache.te	2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/apache.te	2009-09-16 13:39:43.000000000 +0200
+@@ -681,6 +681,7 @@
+ 	unconfined_domain(httpd_unconfined_script_t)
+ 
+ 	role system_r types httpd_unconfined_script_t;
++	allow httpd_t httpd_unconfined_script_t:process signal_perms;
+ ')
+ 
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.6.12/policy/modules/services/automount.if
 --- nsaserefpolicy/policy/modules/services/automount.if	2009-04-07 21:54:47.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/automount.if	2009-07-20 14:44:39.000000000 +0200
@@ -2554,6 +2586,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +
 +
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.6.12/policy/modules/services/cyrus.te
+--- nsaserefpolicy/policy/modules/services/cyrus.te	2009-04-07 21:54:45.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cyrus.te	2009-09-16 13:08:45.000000000 +0200
+@@ -136,6 +136,7 @@
+ 
+ optional_policy(`
+ 	snmp_read_snmp_var_lib_files(cyrus_t)
++	snmp_stream_connect(cyrus_t)
+ 	snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
+ ')
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.12/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/dbus.if	2009-08-05 21:48:06.000000000 +0200
@@ -2848,8 +2891,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_manage_user_home_content_dirs(dovecot_deliver_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.12/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/exim.te	2009-07-31 13:05:27.000000000 +0200
-@@ -148,7 +148,11 @@
++++ serefpolicy-3.6.12/policy/modules/services/exim.te	2009-09-14 14:36:18.000000000 +0200
+@@ -111,6 +111,7 @@
+ files_search_var(exim_t)
+ files_read_etc_files(exim_t)
+ files_read_etc_runtime_files(exim_t)
++files_getattr_all_mountpoints(exim_t)
+ 
+ auth_use_nsswitch(exim_t)
+ 
+@@ -148,7 +149,11 @@
  ')
  
  optional_policy(`
@@ -3542,8 +3593,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.6.12/policy/modules/services/nx.if
 --- nsaserefpolicy/policy/modules/services/nx.if	2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/nx.if	2009-08-20 15:36:36.000000000 +0200
-@@ -17,3 +17,22 @@
++++ serefpolicy-3.6.12/policy/modules/services/nx.if	2009-09-14 14:45:30.000000000 +0200
+@@ -17,3 +17,23 @@
  
  	spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
  ')
@@ -3564,6 +3615,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +
 +	read_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t)
++	read_lnk_files_pattern($1, nx_server_home_ssh_t, nx_server_home_ssh_t)
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.12/policy/modules/services/openvpn.te
@@ -3890,9 +3942,39 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corecmd_list_bin(pyzor_t)
  corecmd_getattr_bin_files(pyzor_t)
  
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.12/policy/modules/services/rpcbind.if
+--- nsaserefpolicy/policy/modules/services/rpcbind.if	2009-04-07 21:54:47.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rpcbind.if	2009-09-14 15:08:43.000000000 +0200
+@@ -95,6 +95,26 @@
+ 	files_search_var_lib($1)
+ ')
+ 
++#######################################
++## <summary>
++##      Connect to rpcbindd over an unix stream socket.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`rpcbind_stream_connect',`
++        gen_require(`
++                type rpcbind_t, rpcbind_var_run_t;
++        ')
++
++        files_search_pids($1)
++        allow $1 rpcbind_var_run_t:sock_file write;
++        allow $1 rpcbind_t:unix_stream_socket connectto;
++')
++
+ ########################################
+ ## <summary>
+ ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-09-02 10:55:40.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-09-14 14:31:36.000000000 +0200
 @@ -95,6 +95,10 @@
  userdom_signal_unpriv_users(rpcd_t)
  
@@ -3915,7 +3997,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # NFSD local policy
-@@ -207,6 +215,8 @@
+@@ -189,6 +197,7 @@
+ kernel_read_network_state(gssd_t)
+ kernel_read_network_state_symlinks(gssd_t)	
+ kernel_search_network_sysctl(gssd_t)	
++kernel_signal(gssd_t)
+ 
+ corecmd_exec_bin(gssd_t)
+ 
+@@ -207,6 +216,8 @@
  
  mount_signal(gssd_t)
  
@@ -3924,7 +4014,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`allow_gssd_read_tmp',`
  	userdom_list_user_tmp(gssd_t) 
  	userdom_read_user_tmp_files(gssd_t) 
-@@ -214,6 +224,10 @@
+@@ -214,6 +225,10 @@
  ')
  
  optional_policy(`
@@ -4383,6 +4473,47 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow fsdaemon_t self:fifo_file rw_fifo_file_perms;
  allow fsdaemon_t self:unix_dgram_socket create_socket_perms;
  allow fsdaemon_t self:unix_stream_socket create_stream_socket_perms;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.6.12/policy/modules/services/snmp.if
+--- nsaserefpolicy/policy/modules/services/snmp.if	2009-04-07 21:54:45.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/snmp.if	2009-09-16 13:07:46.000000000 +0200
+@@ -85,6 +85,25 @@
+ 	dontaudit $1 snmpd_var_lib_t:file write;
+ ')
+ 
++#######################################
++## <summary>
++## Connect to snmpd using a unix domain stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`snmp_stream_connect',`
++	gen_require(`
++		type snmpd_t, snmpd_var_lib_t;
++	')
++
++	files_search_var_lib($1)
++	stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	All of the rules required to administrate 
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.12/policy/modules/services/snmp.te
+--- nsaserefpolicy/policy/modules/services/snmp.te	2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/snmp.te	2009-09-16 13:08:08.000000000 +0200
+@@ -71,6 +71,8 @@
+ corenet_tcp_bind_snmp_port(snmpd_t)
+ corenet_udp_bind_snmp_port(snmpd_t)
+ corenet_sendrecv_snmp_server_packets(snmpd_t)
++corenet_tcp_bind_agentx_port(snmpd_t)
++corenet_udp_bind_agentx_port(snmpd_t)  
+ corenet_tcp_connect_agentx_port(snmpd_t)
+ 
+ dev_list_sysfs(snmpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-08-19 17:48:56.000000000 +0200
@@ -4413,7 +4544,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/MIMEDefang(/.*)?		gen_context(system_u:object_r:spamd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.12/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te	2009-07-13 11:32:30.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te	2009-09-16 12:19:24.000000000 +0200
 @@ -263,6 +263,7 @@
  corenet_tcp_sendrecv_generic_node(spamc_t)
  corenet_tcp_connect_spamd_port(spamc_t)
@@ -4422,6 +4553,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_dirs_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
  manage_files_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
+@@ -406,6 +407,7 @@
+ # var/lib files for spamd
+ allow spamd_t spamd_var_lib_t:dir list_dir_perms;
+ manage_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
++manage_lnk_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
+ 
+ manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
+ manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.12/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/squid.te	2009-08-23 20:37:28.000000000 +0200
@@ -4506,6 +4645,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_use_nsswitch(uucpd_t)
  
  logging_send_syslog_msg(uucpd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.12/policy/modules/services/virt.fc
+--- nsaserefpolicy/policy/modules/services/virt.fc	2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/virt.fc	2009-09-16 13:17:05.000000000 +0200
+@@ -10,6 +10,7 @@
+ /var/lib/libvirt/images(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
+ /var/lib/libvirt/isos(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
+ /var/lib/libvirt/boot(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
++/var/lib/libvirt/qemu(/.*)?     gen_context(system_u:object_r:svirt_var_run_t,s0)
+ 
+ /var/log/libvirt(/.*)?		gen_context(system_u:object_r:virt_log_t,s0)
+ /var/run/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-08-14 08:33:53.000000000 +0200
@@ -5216,7 +5366,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/X11/prefdm		--	gen_context(system_u:object_r:initrc_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/init.te	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/init.te	2009-09-14 14:35:30.000000000 +0200
 @@ -285,6 +285,7 @@
  kernel_dontaudit_getattr_message_if(initrc_t)
  kernel_stream_connect(initrc_t)
@@ -5225,7 +5375,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_kernel_symbol_table(initrc_t)
  files_exec_etc_files(initrc_t)
-@@ -750,6 +751,7 @@
+@@ -331,6 +332,7 @@
+ fs_unmount_all_fs(initrc_t)
+ fs_remount_all_fs(initrc_t)
+ fs_getattr_all_fs(initrc_t)
++fs_search_all(initrc_t)
+ 
+ # initrc_t needs to do a pidof which requires ptrace
+ mcs_ptrace_all(initrc_t)
+@@ -403,6 +405,9 @@
+ files_mounton_isid_type_dirs(initrc_t)
+ files_list_default(initrc_t)
+ files_mounton_default(initrc_t)
++files_manage_mnt_dirs(initrc_t)
++files_manage_mnt_files(initrc_t)
++
+ 
+ auth_use_nsswitch(initrc_t)
+ 
+@@ -750,6 +755,7 @@
  
  	mysql_stream_connect(initrc_t)
  	mysql_write_log(initrc_t)
@@ -5537,6 +5705,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ifdef(`distro_redhat',`
  /etc/sysconfig/clock	--	gen_context(system_u:object_r:locale_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.12/policy/modules/system/mount.if
+--- nsaserefpolicy/policy/modules/system/mount.if	2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/mount.if	2009-09-08 13:12:41.000000000 +0200
+@@ -175,7 +175,9 @@
+ interface(`mount_signal',`
+ 	gen_require(`
+ 		type mount_t;
++		type unconfined_mount_t;
+ 	')
+ 
+ 	allow $1 mount_t:process signal; 
++	allow $1 unconfined_mount_t:process signal; 
+ ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.12/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/system/mount.te	2009-08-11 10:04:04.000000000 +0200
@@ -5671,7 +5852,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xen_manage_log(udev_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if	2009-08-20 15:20:32.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.if	2009-09-14 14:33:01.000000000 +0200
 @@ -443,6 +443,9 @@
  	dev_rw_usbfs($1)
  	dev_rw_generic_usb_dev($1)
@@ -5704,7 +5885,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  			evolution_dbus_chat($1_usertype)
  			evolution_alarm_dbus_chat($1_usertype)
  	')
-@@ -968,6 +967,21 @@
+@@ -702,6 +701,7 @@
+ 	optional_policy(`
+ 		rpc_dontaudit_getattr_exports($1_usertype)
+ 		rpc_manage_nfs_rw_content($1_usertype)
++		rpcbind_stream_connect($1_usertype)
+ 	')
+ 
+ 	optional_policy(`
+@@ -968,6 +968,21 @@
  	')
  
  		optional_policy(`
@@ -5726,7 +5915,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		gnome_manage_config($1_usertype)
  		gnome_manage_gconf_home_files($1_usertype)
  		gnome_read_gconf_config($1_usertype)
-@@ -1457,6 +1471,7 @@
+@@ -1218,6 +1233,7 @@
+ 	files_exec_usr_src_files($1_t)
+ 
+ 	fs_getattr_all_fs($1_t)
++	fs_getattr_all_files($1_t)
+ 	fs_set_all_quotas($1_t)
+ 	fs_exec_noxattr($1_t)
+ 
+@@ -1457,6 +1473,7 @@
  	')
  
  	allow $1 user_home_dir_t:dir search_dir_perms;
@@ -5734,7 +5931,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	files_search_home($1)
  ')
  
-@@ -1880,7 +1895,7 @@
+@@ -1880,7 +1897,7 @@
  		type user_home_t;
  	')
  
@@ -5743,7 +5940,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -3317,10 +3332,6 @@
+@@ -3317,10 +3334,6 @@
    seutil_run_newrole($1_t, $1_r)
  
    optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 9c25361..f77caff 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 82%{?dist}
+Release: 83%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -442,6 +442,11 @@ exit 0
 %endif
 
 %changelog
+* Wed Sep 16 2009 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-83
+- Add wordpress/wp-content/uploads label
+- Add /var/lib/libvirt/qemu label
+- Allow tzdata to getattr of all persistent filesystems
+
 * Wed Sep 2 2009 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-82
 - Allow gssd to send signals to users
 - Allow fsdaemon_t setpcap capability