diff --git a/policy-F15.patch b/policy-F15.patch
index 84700d3..c3d81f9 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -8073,10 +8073,10 @@ index 0000000..0fedd57
 +')
 diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
 new file mode 100644
-index 0000000..3928015
+index 0000000..dd6c327
 --- /dev/null
 +++ b/policy/modules/apps/sandbox.te
-@@ -0,0 +1,481 @@
+@@ -0,0 +1,483 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
 +attribute sandbox_domain;
@@ -8306,6 +8306,8 @@ index 0000000..3928015
 +init_read_utmp(sandbox_x_domain)
 +init_dontaudit_write_utmp(sandbox_x_domain)
 +
++libs_dontaudit_setattr_lib_files(sandbox_x_domain)
++
 +miscfiles_read_localization(sandbox_x_domain)
 +miscfiles_dontaudit_setattr_fonts_cache_dirs(sandbox_x_domain)
 +
@@ -8671,10 +8673,10 @@ index 1dc7a85..787df80 100644
 +	')
  ')
 diff --git a/policy/modules/apps/seunshare.te b/policy/modules/apps/seunshare.te
-index 7590165..080ea54 100644
+index 7590165..4792a22 100644
 --- a/policy/modules/apps/seunshare.te
 +++ b/policy/modules/apps/seunshare.te
-@@ -5,40 +5,59 @@ policy_module(seunshare, 1.1.0)
+@@ -5,40 +5,61 @@ policy_module(seunshare, 1.1.0)
  # Declarations
  #
  
@@ -8707,25 +8709,27 @@ index 7590165..080ea54 100644
  
 -files_read_etc_files(seunshare_t)
 -files_mounton_all_poly_members(seunshare_t)
++dev_read_urand(seunshare_domain)
+ 
+-auth_use_nsswitch(seunshare_t)
 +files_search_all(seunshare_domain)
 +files_read_etc_files(seunshare_domain)
 +files_mounton_all_poly_members(seunshare_domain)
 +files_manage_generic_tmp_dirs(seunshare_domain)
 +files_relabelfrom_tmp_dirs(seunshare_domain)
  
--auth_use_nsswitch(seunshare_t)
+-logging_send_syslog_msg(seunshare_t)
 +fs_manage_cgroup_dirs(seunshare_domain)
 +fs_manage_cgroup_files(seunshare_domain)
  
--logging_send_syslog_msg(seunshare_t)
+-miscfiles_read_localization(seunshare_t)
 +auth_use_nsswitch(seunshare_domain)
  
--miscfiles_read_localization(seunshare_t)
+-userdom_use_user_terminals(seunshare_t)
 +logging_send_syslog_msg(seunshare_domain)
  
--userdom_use_user_terminals(seunshare_t)
 +miscfiles_read_localization(seunshare_domain)
- 
++
 +userdom_use_user_terminals(seunshare_domain)
 +userdom_list_user_home_content(seunshare_domain)
  ifdef(`hide_broken_symptoms', `
@@ -8985,10 +8989,10 @@ index 0000000..6878d68
 +
 diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te
 new file mode 100644
-index 0000000..298b1e5
+index 0000000..a225c3b
 --- /dev/null
 +++ b/policy/modules/apps/telepathy.te
-@@ -0,0 +1,339 @@
+@@ -0,0 +1,353 @@
 +
 +policy_module(telepathy, 1.0.0)
 +
@@ -9005,6 +9009,14 @@ index 0000000..298b1e5
 +## </desc>
 +gen_tunable(telepathy_tcp_connect_generic_network_ports, false)
 +
++## <desc>
++## <p>
++##  Allow the Telepathy connection managers
++##  to connect to any network port.
++## </p>
++## </desc>
++gen_tunable(telepathy_connect_all_ports, true)
++
 +attribute telepathy_domain;
 +attribute telepathy_executable;
 +
@@ -9313,6 +9325,12 @@ index 0000000..298b1e5
 +        corenet_sendrecv_generic_client_packets(telepathy_domain)
 +')
 +
++tunable_policy(`telepathy_connect_all_ports', `
++        corenet_tcp_connect_all_ports(telepathy_domain)
++        corenet_tcp_sendrecv_all_ports(telepathy_domain)
++		corenet_udp_sendrecv_all_ports(telepathy_domain)
++')
++
 +optional_policy(`
 +        automount_dontaudit_getattr_tmp_dirs(telepathy_domain)
 +')
@@ -9962,7 +9980,7 @@ index 5a07a43..99c7564 100644
  ## </summary>
  ## <param name="domain">
 diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 0757523..47f11a4 100644
+index 0757523..fc98c87 100644
 --- a/policy/modules/kernel/corenetwork.te.in
 +++ b/policy/modules/kernel/corenetwork.te.in
 @@ -16,6 +16,7 @@ attribute rpc_port_type;
@@ -10039,7 +10057,7 @@ index 0757523..47f11a4 100644
  network_port(dbskkd, tcp,1178,s0)
  network_port(dcc, udp,6276,s0, udp,6277,s0)
  network_port(dccm, tcp,5679,s0, udp,5679,s0)
-@@ -96,9 +117,12 @@ network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
+@@ -96,9 +117,13 @@ network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
  network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
  network_port(dict, tcp,2628,s0)
  network_port(distccd, tcp,3632,s0)
@@ -10048,11 +10066,12 @@ index 0757523..47f11a4 100644
  network_port(epmap, tcp,135,s0, udp,135,s0)
 +network_port(festival, tcp,1314,s0)
  network_port(fingerd, tcp,79,s0)
++network_port(firebird, tcp,3050,s0, udp,3050,s0)
 +network_port(flash, tcp,843,s0, tcp,1935,s0, udp,1935,s0)
  network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
  network_port(ftp_data, tcp,20,s0)
  network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -112,7 +136,7 @@ network_port(hddtemp, tcp,7634,s0)
+@@ -112,7 +137,7 @@ network_port(hddtemp, tcp,7634,s0)
  network_port(howl, tcp,5335,s0, udp,5353,s0)
  network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
  network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
@@ -10061,7 +10080,7 @@ index 0757523..47f11a4 100644
  network_port(i18n_input, tcp,9010,s0)
  network_port(imaze, tcp,5323,s0, udp,5323,s0)
  network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-@@ -126,43 +150,58 @@ network_port(iscsi, tcp,3260,s0)
+@@ -126,43 +151,58 @@ network_port(iscsi, tcp,3260,s0)
  network_port(isns, tcp,3205,s0, udp,3205,s0)
  network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
  network_port(jabber_interserver, tcp,5269,s0)
@@ -10126,7 +10145,7 @@ index 0757523..47f11a4 100644
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pulseaudio, tcp,4713,s0)
-@@ -177,24 +216,29 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
+@@ -177,24 +217,29 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
  network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
  network_port(rlogind, tcp,513,s0)
  network_port(rndc, tcp,953,s0)
@@ -10160,7 +10179,7 @@ index 0757523..47f11a4 100644
  network_port(syslogd, udp,514,s0)
  network_port(tcs, tcp, 30003, s0)
  network_port(telnetd, tcp,23,s0)
-@@ -205,16 +249,17 @@ network_port(transproxy, tcp,8081,s0)
+@@ -205,16 +250,17 @@ network_port(transproxy, tcp,8081,s0)
  network_port(ups, tcp,3493,s0)
  type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
  network_port(uucpd, tcp,540,s0)
@@ -10181,7 +10200,7 @@ index 0757523..47f11a4 100644
  network_port(zookeeper_client, tcp,2181,s0)
  network_port(zookeeper_election, tcp,3888,s0)
  network_port(zookeeper_leader, tcp,2888,s0)
-@@ -276,5 +321,5 @@ allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_conn
+@@ -276,5 +322,5 @@ allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_conn
  allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
  
  # Bind to any network address.
@@ -10189,7 +10208,7 @@ index 0757523..47f11a4 100644
 +allow corenet_unconfined_type port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
  allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
 diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
-index 6cf8784..5b25039 100644
+index 6cf8784..5a6e602 100644
 --- a/policy/modules/kernel/devices.fc
 +++ b/policy/modules/kernel/devices.fc
 @@ -20,6 +20,7 @@
@@ -10200,7 +10219,15 @@ index 6cf8784..5b25039 100644
  /dev/dmfm		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/dmmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/dsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-@@ -187,8 +188,6 @@ ifdef(`distro_suse', `
+@@ -38,6 +39,7 @@
+ /dev/hfmodem		-c	gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/hiddev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/hidraw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
++/dev/hpilo		-d	gen_context(system_u:object_r:device_t,mls_systemhigh)
+ /dev/hpet		-c	gen_context(system_u:object_r:clock_device_t,s0)
+ /dev/hw_random		-c	gen_context(system_u:object_r:random_device_t,s0)
+ /dev/hwrng		-c	gen_context(system_u:object_r:random_device_t,s0)
+@@ -187,8 +189,6 @@ ifdef(`distro_suse', `
  /lib/udev/devices/null	-c	gen_context(system_u:object_r:null_device_t,s0)
  /lib/udev/devices/zero	-c	gen_context(system_u:object_r:zero_device_t,s0)
  
@@ -10209,7 +10236,7 @@ index 6cf8784..5b25039 100644
  ifdef(`distro_redhat',`
  # originally from named.fc
  /var/named/chroot/dev	-d	gen_context(system_u:object_r:device_t,s0)
-@@ -196,3 +195,8 @@ ifdef(`distro_redhat',`
+@@ -196,3 +196,8 @@ ifdef(`distro_redhat',`
  /var/named/chroot/dev/random -c	gen_context(system_u:object_r:random_device_t,s0)
  /var/named/chroot/dev/zero -c	gen_context(system_u:object_r:zero_device_t,s0)
  ')
@@ -13368,7 +13395,7 @@ index 069d36c..78a81b3 100644
 +')
 +
 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 5001b89..160976e 100644
+index 5001b89..f15622d 100644
 --- a/policy/modules/kernel/kernel.te
 +++ b/policy/modules/kernel/kernel.te
 @@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@@ -13439,17 +13466,18 @@ index 5001b89..160976e 100644
  ')
  
  optional_policy(`
-@@ -357,6 +375,10 @@ optional_policy(`
- 	unconfined_domain_noaudit(kernel_t)
- ')
+@@ -355,6 +373,11 @@ optional_policy(`
  
-+optional_policy(`
-+	xserver_xdm_manage_spool(kernel_t)
+ optional_policy(`
+ 	unconfined_domain_noaudit(kernel_t)
++	kernel_rw_unlabeled_socket(kernel_t)
 +')
 +
++optional_policy(`
++	xserver_xdm_manage_spool(kernel_t)
+ ')
+ 
  ########################################
- #
- # Unlabeled process local policy
 diff --git a/policy/modules/kernel/mcs.if b/policy/modules/kernel/mcs.if
 index f52faaf..6bb6529 100644
 --- a/policy/modules/kernel/mcs.if
@@ -15252,7 +15280,7 @@ index 0000000..8b2cdf3
 +
 diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
 new file mode 100644
-index 0000000..c2818a1
+index 0000000..805d0ea
 --- /dev/null
 +++ b/policy/modules/roles/unconfineduser.te
 @@ -0,0 +1,503 @@
@@ -15673,9 +15701,9 @@ index 0000000..c2818a1
 +	sysnet_role_transition_dhcpc(unconfined_r)
 +')
 +
-+#optional_policy(`
-+#	telepathy_dbus_session_role(unconfined_r, unconfined_t)
-+#')
++optional_policy(`
++	telepathy_dbus_session_role(unconfined_r, unconfined_t)
++')
 +
 +optional_policy(`
 +	vbetool_run(unconfined_t, unconfined_r)
@@ -16699,14 +16727,17 @@ index 838d25b..0b0db39 100644
  interface(`aide_run',`
  	gen_require(`
 diff --git a/policy/modules/services/aide.te b/policy/modules/services/aide.te
-index 2509dd2..88b8d9e 100644
+index 2509dd2..43cc2c2 100644
 --- a/policy/modules/services/aide.te
 +++ b/policy/modules/services/aide.te
-@@ -32,6 +32,10 @@ manage_files_pattern(aide_t, aide_log_t, aide_log_t)
+@@ -32,6 +32,13 @@ manage_files_pattern(aide_t, aide_log_t, aide_log_t)
  logging_log_filetrans(aide_t, aide_log_t, file)
  
  files_read_all_files(aide_t)
 +files_read_boot_symlinks(aide_t)
++files_read_all_symlinks(aide_t)
++files_getattr_all_pipes(aide_t)
++files_getattr_all_sockets(aide_t)
 +
 +mls_file_read_to_clearance(aide_t)
 +mls_file_write_to_clearance(aide_t)
@@ -17685,7 +17716,7 @@ index 6480167..2d45594 100644
 +	dontaudit $1 httpd_tmp_t:file { read write };
  ')
 diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
-index 3136c6a..700b734 100644
+index 3136c6a..63bb9e3 100644
 --- a/policy/modules/services/apache.te
 +++ b/policy/modules/services/apache.te
 @@ -18,130 +18,195 @@ policy_module(apache, 2.2.1)
@@ -18076,7 +18107,7 @@ index 3136c6a..700b734 100644
  
  libs_read_lib_files(httpd_t)
  
-@@ -416,34 +510,73 @@ seutil_dontaudit_search_config(httpd_t)
+@@ -416,34 +510,74 @@ seutil_dontaudit_search_config(httpd_t)
  
  userdom_use_unpriv_users_fds(httpd_t)
  
@@ -18110,6 +18141,7 @@ index 3136c6a..700b734 100644
  ')
  
 +tunable_policy(`httpd_can_network_connect_db',`
++	corenet_tcp_connect_firebird_port(httpd_t)
 +	corenet_tcp_connect_mssql_port(httpd_t)
 +	corenet_sendrecv_mssql_client_packets(httpd_t)
 +	corenet_tcp_connect_oracledb_port(httpd_t)
@@ -18152,7 +18184,7 @@ index 3136c6a..700b734 100644
  ')
  
  tunable_policy(`httpd_enable_cgi && httpd_use_nfs',`
-@@ -456,6 +589,10 @@ tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
+@@ -456,6 +590,10 @@ tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
  
  tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
  	domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
@@ -18163,7 +18195,7 @@ index 3136c6a..700b734 100644
  
  	manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
  	manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
-@@ -466,15 +603,27 @@ tunable_policy(`httpd_enable_ftp_server',`
+@@ -466,15 +604,27 @@ tunable_policy(`httpd_enable_ftp_server',`
  	corenet_tcp_bind_ftp_port(httpd_t)
  ')
  
@@ -18193,7 +18225,7 @@ index 3136c6a..700b734 100644
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_t)
  	fs_read_cifs_symlinks(httpd_t)
-@@ -484,7 +633,16 @@ tunable_policy(`httpd_can_sendmail',`
+@@ -484,7 +634,16 @@ tunable_policy(`httpd_can_sendmail',`
  	# allow httpd to connect to mail servers
  	corenet_tcp_connect_smtp_port(httpd_t)
  	corenet_sendrecv_smtp_client_packets(httpd_t)
@@ -18210,7 +18242,7 @@ index 3136c6a..700b734 100644
  ')
  
  tunable_policy(`httpd_ssi_exec',`
-@@ -500,8 +658,10 @@ tunable_policy(`httpd_ssi_exec',`
+@@ -500,8 +659,10 @@ tunable_policy(`httpd_ssi_exec',`
  # are dontaudited here.
  tunable_policy(`httpd_tty_comm',`
  	userdom_use_user_terminals(httpd_t)
@@ -18221,7 +18253,7 @@ index 3136c6a..700b734 100644
  ')
  
  optional_policy(`
-@@ -513,7 +673,13 @@ optional_policy(`
+@@ -513,7 +674,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -18236,7 +18268,7 @@ index 3136c6a..700b734 100644
  ')
  
  optional_policy(`
-@@ -528,7 +694,18 @@ optional_policy(`
+@@ -528,7 +695,18 @@ optional_policy(`
  	daemontools_service_domain(httpd_t, httpd_exec_t)
  ')
  
@@ -18256,7 +18288,7 @@ index 3136c6a..700b734 100644
  	dbus_system_bus_client(httpd_t)
  
  	tunable_policy(`httpd_dbus_avahi',`
-@@ -537,8 +714,13 @@ optional_policy(`
+@@ -537,8 +715,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -18271,7 +18303,7 @@ index 3136c6a..700b734 100644
  	')
  ')
  
-@@ -556,7 +738,13 @@ optional_policy(`
+@@ -556,7 +739,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -18285,7 +18317,7 @@ index 3136c6a..700b734 100644
  	mysql_stream_connect(httpd_t)
  	mysql_rw_db_sockets(httpd_t)
  
-@@ -567,6 +755,7 @@ optional_policy(`
+@@ -567,6 +756,7 @@ optional_policy(`
  
  optional_policy(`
  	nagios_read_config(httpd_t)
@@ -18293,7 +18325,7 @@ index 3136c6a..700b734 100644
  ')
  
  optional_policy(`
-@@ -577,6 +766,16 @@ optional_policy(`
+@@ -577,6 +767,16 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -18310,7 +18342,7 @@ index 3136c6a..700b734 100644
  	# Allow httpd to work with postgresql
  	postgresql_stream_connect(httpd_t)
  	postgresql_unpriv_client(httpd_t)
-@@ -591,6 +790,11 @@ optional_policy(`
+@@ -591,6 +791,11 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -18322,7 +18354,7 @@ index 3136c6a..700b734 100644
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -603,6 +807,11 @@ optional_policy(`
+@@ -603,6 +808,11 @@ optional_policy(`
  	yam_read_content(httpd_t)
  ')
  
@@ -18334,7 +18366,7 @@ index 3136c6a..700b734 100644
  ########################################
  #
  # Apache helper local policy
-@@ -618,6 +827,10 @@ logging_send_syslog_msg(httpd_helper_t)
+@@ -618,6 +828,10 @@ logging_send_syslog_msg(httpd_helper_t)
  
  userdom_use_user_terminals(httpd_helper_t)
  
@@ -18345,7 +18377,7 @@ index 3136c6a..700b734 100644
  ########################################
  #
  # Apache PHP script local policy
-@@ -654,28 +867,29 @@ libs_exec_lib_files(httpd_php_t)
+@@ -654,28 +868,30 @@ libs_exec_lib_files(httpd_php_t)
  userdom_use_unpriv_users_fds(httpd_php_t)
  
  tunable_policy(`httpd_can_network_connect_db',`
@@ -18362,6 +18394,7 @@ index 3136c6a..700b734 100644
 -	corenet_sendrecv_mssql_client_packets(httpd_sys_script_t)
 -	corenet_tcp_connect_mssql_port(httpd_suexec_t)
 -	corenet_sendrecv_mssql_client_packets(httpd_suexec_t)
++	corenet_tcp_connect_firebird_port(httpd_php_t)
 +	corenet_tcp_connect_mssql_port(httpd_php_t)
 +	corenet_sendrecv_mssql_client_packets(httpd_php_t)
 +	corenet_tcp_connect_oracledb_port(httpd_php_t)
@@ -18388,7 +18421,7 @@ index 3136c6a..700b734 100644
  ')
  
  ########################################
-@@ -699,17 +913,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
+@@ -699,17 +915,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
  manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -18414,11 +18447,12 @@ index 3136c6a..700b734 100644
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -740,13 +959,26 @@ tunable_policy(`httpd_can_network_connect',`
+@@ -740,13 +961,27 @@ tunable_policy(`httpd_can_network_connect',`
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
  ')
  
 +tunable_policy(`httpd_can_network_connect_db',`
++	corenet_tcp_connect_firebird_port(httpd_suexec_t)
 +	corenet_tcp_connect_mssql_port(httpd_suexec_t)
 +	corenet_sendrecv_mssql_client_packets(httpd_suexec_t)
 +	corenet_tcp_connect_oracledb_port(httpd_suexec_t)
@@ -18442,7 +18476,7 @@ index 3136c6a..700b734 100644
  	fs_read_nfs_files(httpd_suexec_t)
  	fs_read_nfs_symlinks(httpd_suexec_t)
  	fs_exec_nfs_files(httpd_suexec_t)
-@@ -769,6 +1001,25 @@ optional_policy(`
+@@ -769,6 +1004,25 @@ optional_policy(`
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -18468,7 +18502,7 @@ index 3136c6a..700b734 100644
  ########################################
  #
  # Apache system script local policy
-@@ -789,12 +1040,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
+@@ -789,12 +1043,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
  
  kernel_read_kernel_sysctls(httpd_sys_script_t)
  
@@ -18486,7 +18520,7 @@ index 3136c6a..700b734 100644
  ifdef(`distro_redhat',`
  	allow httpd_sys_script_t httpd_log_t:file append_file_perms;
  ')
-@@ -803,18 +1059,49 @@ tunable_policy(`httpd_can_sendmail',`
+@@ -803,18 +1062,50 @@ tunable_policy(`httpd_can_sendmail',`
  	mta_send_mail(httpd_sys_script_t)
  ')
  
@@ -18497,6 +18531,7 @@ index 3136c6a..700b734 100644
 +')
 +
 +tunable_policy(`httpd_can_network_connect_db',`
++	corenet_tcp_connect_firebird_port(httpd_sys_script_t)
 +	corenet_tcp_connect_mssql_port(httpd_sys_script_t)
 +	corenet_sendrecv_mssql_client_packets(httpd_sys_script_t)
 +	corenet_tcp_connect_oracledb_port(httpd_sys_script_t)
@@ -18542,7 +18577,7 @@ index 3136c6a..700b734 100644
  	corenet_tcp_sendrecv_all_ports(httpd_sys_script_t)
  	corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
  	corenet_tcp_connect_all_ports(httpd_sys_script_t)
-@@ -822,14 +1109,29 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
+@@ -822,14 +1113,29 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
  ')
  
  tunable_policy(`httpd_enable_homedirs',`
@@ -18573,7 +18608,7 @@ index 3136c6a..700b734 100644
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -842,10 +1144,20 @@ optional_policy(`
+@@ -842,10 +1148,20 @@ optional_policy(`
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -18594,7 +18629,7 @@ index 3136c6a..700b734 100644
  ')
  
  ########################################
-@@ -891,11 +1203,21 @@ optional_policy(`
+@@ -891,11 +1207,21 @@ optional_policy(`
  
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -21629,10 +21664,10 @@ index 0000000..939d76e
 +')
 diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
 new file mode 100644
-index 0000000..63872b7
+index 0000000..5187146
 --- /dev/null
 +++ b/policy/modules/services/colord.te
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,95 @@
 +policy_module(colord,1.0.0)
 +
 +########################################
@@ -21699,6 +21734,18 @@ index 0000000..63872b7
 +
 +sysnet_dns_name_resolve(colord_t)
 +
++userdom_search_user_home_dirs(colord_t)
++
++tunable_policy(`use_nfs_home_dirs',`
++	fs_getattr_nfs(colord_t)
++	fs_search_nfs(colord_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++	fs_getattr_cifs(colord_t)
++	fs_search_cifs(colord_t)
++')
++
 +optional_policy(`
 +	cups_read_config(colord_t)
 +	cups_read_rw_config(colord_t)
@@ -28331,7 +28378,7 @@ index 604f67b..65fdeb0 100644
 +	read_files_pattern($1, krb5_home_t, krb5_home_t)
 +')
 diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
-index 8edc29b..09dac65 100644
+index 8edc29b..92dde2c 100644
 --- a/policy/modules/services/kerberos.te
 +++ b/policy/modules/services/kerberos.te
 @@ -6,9 +6,9 @@ policy_module(kerberos, 1.11.0)
@@ -28375,6 +28422,15 @@ index 8edc29b..09dac65 100644
  
  # types for KDC principal file(s)
  type krb5kdc_principal_t;
+@@ -80,7 +80,7 @@ files_pid_file(krb5kdc_var_run_t)
+ # Use capabilities. Surplus capabilities may be allowed.
+ allow kadmind_t self:capability { setuid setgid chown fowner dac_override sys_nice };
+ dontaudit kadmind_t self:capability sys_tty_config;
+-allow kadmind_t self:process { setfscreate signal_perms };
++allow kadmind_t self:process { setfscreate setsched getsched signal_perms };
+ allow kadmind_t self:netlink_route_socket r_netlink_socket_perms;
+ allow kadmind_t self:unix_dgram_socket { connect create write };
+ allow kadmind_t self:tcp_socket connected_stream_socket_perms;
 @@ -93,9 +93,9 @@ allow kadmind_t krb5_conf_t:file read_file_perms;
  dontaudit kadmind_t krb5_conf_t:file write;
  
@@ -29075,7 +29131,7 @@ index 67c7fdd..84b7626 100644
  	files_list_var_lib(mailman_$1_t)
  	files_read_var_lib_symlinks(mailman_$1_t)
 diff --git a/policy/modules/services/mailman.te b/policy/modules/services/mailman.te
-index af4d572..0fd2357 100644
+index af4d572..999384c 100644
 --- a/policy/modules/services/mailman.te
 +++ b/policy/modules/services/mailman.te
 @@ -61,14 +61,18 @@ optional_policy(`
@@ -29099,7 +29155,7 @@ index af4d572..0fd2357 100644
  files_search_spool(mailman_mail_t)
  
  fs_rw_anon_inodefs_files(mailman_mail_t)
-@@ -81,6 +85,10 @@ optional_policy(`
+@@ -81,11 +85,16 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -29110,7 +29166,13 @@ index af4d572..0fd2357 100644
  	cron_read_pipes(mailman_mail_t)
  ')
  
-@@ -104,6 +112,8 @@ manage_lnk_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
+ optional_policy(`
+ 	postfix_search_spool(mailman_mail_t)
++	postfix_rw_master_pipes(mailman_mail_t)
+ ')
+ 
+ ########################################
+@@ -104,6 +113,8 @@ manage_lnk_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
  
  kernel_read_proc_symlinks(mailman_queue_t)
  
@@ -29119,7 +29181,7 @@ index af4d572..0fd2357 100644
  auth_domtrans_chk_passwd(mailman_queue_t)
  
  files_dontaudit_search_pids(mailman_queue_t)
-@@ -125,4 +135,4 @@ optional_policy(`
+@@ -125,4 +136,4 @@ optional_policy(`
  
  optional_policy(`
  	su_exec(mailman_queue_t)
@@ -41348,7 +41410,7 @@ index 078bcd7..2d60774 100644
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
 +/root/\.shosts				gen_context(system_u:object_r:ssh_home_t,s0)
 diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index 22adaca..0f2729b 100644
+index 22adaca..7cf2180 100644
 --- a/policy/modules/services/ssh.if
 +++ b/policy/modules/services/ssh.if
 @@ -32,10 +32,10 @@
@@ -41427,7 +41489,7 @@ index 22adaca..0f2729b 100644
 +	allow $1_t self:capability { kill sys_chroot sys_nice sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
  	allow $1_t self:fifo_file rw_fifo_file_perms;
 -	allow $1_t self:process { signal getsched setsched setrlimit setexec setkeycreate };
-+	allow $1_t self:process { signal getsched setsched setrlimit setexec };
++	allow $1_t self:process { getcap signal getsched setsched setrlimit setexec };
  	allow $1_t self:tcp_socket create_stream_socket_perms;
  	allow $1_t self:udp_socket create_socket_perms;
  	# ssh agent connections:
@@ -43197,7 +43259,7 @@ index 32a3c13..7baeb6f 100644
  
  optional_policy(`
 diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc
-index 2124b6a..1b33cbb 100644
+index 2124b6a..7b0af0f 100644
 --- a/policy/modules/services/virt.fc
 +++ b/policy/modules/services/virt.fc
 @@ -1,4 +1,5 @@
@@ -43207,7 +43269,7 @@ index 2124b6a..1b33cbb 100644
  HOME_DIR/VirtualMachines(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
  HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
  
-@@ -13,17 +14,25 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
+@@ -13,17 +14,26 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
  /etc/xen/.*/.*			gen_context(system_u:object_r:virt_etc_rw_t,s0)
  
  /usr/sbin/libvirtd	--	gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -43215,7 +43277,8 @@ index 2124b6a..1b33cbb 100644
 +/usr/sbin/condor_vm-gahp	--	gen_context(system_u:object_r:virtd_exec_t,s0)
  
 -/var/cache/libvirt(/.*)?	gen_context(system_u:object_r:svirt_cache_t,s0)
-+/var/cache/libvirt(/.*)?	gen_context(system_u:object_r:virt_cache_t,s0-mls_systemhigh)
++/var/cache/libvirt	-d	gen_context(system_u:object_r:virt_cache_t,s0-mls_systemhigh)
++/var/cache/libvirt/.*		<<none>>	
  
  /var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
  /var/lib/libvirt/boot(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
@@ -51423,10 +51486,10 @@ index 879bb1e..7b22111 100644
 +/var/run/clvmd\.pid --  gen_context(system_u:object_r:clvmd_var_run_t,s0)
  /var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
-index 58bc27f..b95f0c0 100644
+index 58bc27f..c3fe956 100644
 --- a/policy/modules/system/lvm.if
 +++ b/policy/modules/system/lvm.if
-@@ -123,3 +123,39 @@ interface(`lvm_domtrans_clvmd',`
+@@ -123,3 +123,57 @@ interface(`lvm_domtrans_clvmd',`
  	corecmd_search_bin($1)
  	domtrans_pattern($1, clvmd_exec_t, clvmd_t)
  ')
@@ -51466,6 +51529,24 @@ index 58bc27f..b95f0c0 100644
 +
 +	allow $1 clvmd_tmpfs_t:file unlink;
 +')
++
++########################################
++## <summary>
++##	Send lvm a null signal.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`lvm_signull',`
++	gen_require(`
++		type lvm_t;
++	')
++
++	allow $1 lvm_t:process signull;
++')
 diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
 index a0a0ebf..612ad99 100644
 --- a/policy/modules/system/lvm.te
@@ -52517,6 +52598,18 @@ index 15832c7..00f5ea9 100644
 +sysnet_dns_name_resolve(showmount_t)
 +
 +userdom_use_user_terminals(showmount_t)
+diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te
+index cbbda4a..da24cb4 100644
+--- a/policy/modules/system/netlabel.te
++++ b/policy/modules/system/netlabel.te
+@@ -8,6 +8,7 @@ policy_module(netlabel, 1.3.0)
+ type netlabel_mgmt_t;
+ type netlabel_mgmt_exec_t;
+ application_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t)
++init_system_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t)
+ role system_r types netlabel_mgmt_t;
+ 
+ ########################################
 diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te
 index 4d06ae3..a9918e0 100644
 --- a/policy/modules/system/pcmcia.te
@@ -53836,7 +53929,7 @@ index ff80d0a..7f1a21c 100644
 +	role_transition $1 dhcpc_exec_t system_r;
 +')
 diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index df32316..e8d03fb 100644
+index df32316..a228139 100644
 --- a/policy/modules/system/sysnetwork.te
 +++ b/policy/modules/system/sysnetwork.te
 @@ -5,6 +5,13 @@ policy_module(sysnetwork, 1.11.1)
@@ -53930,7 +54023,15 @@ index df32316..e8d03fb 100644
  domain_use_interactive_fds(dhcpc_t)
  domain_dontaudit_read_all_domains_state(dhcpc_t)
  
-@@ -130,13 +148,13 @@ term_dontaudit_use_unallocated_ttys(dhcpc_t)
+@@ -124,19 +142,21 @@ files_getattr_generic_locks(dhcpc_t)
+ fs_getattr_all_fs(dhcpc_t)
+ fs_search_auto_mountpoints(dhcpc_t)
+ 
++systemd_exec_systemctl(dhcpc_t)
++
+ term_dontaudit_use_all_ttys(dhcpc_t)
+ term_dontaudit_use_all_ptys(dhcpc_t)
+ term_dontaudit_use_unallocated_ttys(dhcpc_t)
  term_dontaudit_use_generic_ptys(dhcpc_t)
  
  init_rw_utmp(dhcpc_t)
@@ -53946,7 +54047,7 @@ index df32316..e8d03fb 100644
  userdom_use_user_terminals(dhcpc_t)
  userdom_dontaudit_search_user_home_dirs(dhcpc_t)
  
-@@ -155,6 +173,14 @@ optional_policy(`
+@@ -155,6 +175,14 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -53961,7 +54062,7 @@ index df32316..e8d03fb 100644
  	init_dbus_chat_script(dhcpc_t)
  
  	dbus_system_bus_client(dhcpc_t)
-@@ -171,6 +197,8 @@ optional_policy(`
+@@ -171,6 +199,8 @@ optional_policy(`
  
  optional_policy(`
  	hal_dontaudit_rw_dgram_sockets(dhcpc_t)
@@ -53970,7 +54071,7 @@ index df32316..e8d03fb 100644
  ')
  
  optional_policy(`
-@@ -192,6 +220,17 @@ optional_policy(`
+@@ -192,6 +222,17 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -53988,7 +54089,7 @@ index df32316..e8d03fb 100644
  	nis_read_ypbind_pid(dhcpc_t)
  ')
  
-@@ -213,6 +252,10 @@ optional_policy(`
+@@ -213,6 +254,11 @@ optional_policy(`
  optional_policy(`
  	seutil_sigchld_newrole(dhcpc_t)
  	seutil_dontaudit_search_config(dhcpc_t)
@@ -53996,10 +54097,11 @@ index df32316..e8d03fb 100644
 +')
 +optional_policy(`
 +	systemd_passwd_agent_domtrans(dhcpc_t)
++	systemd_exec_systemctl(dhcpc_t)
  ')
  
  optional_policy(`
-@@ -276,8 +319,11 @@ dev_read_urand(ifconfig_t)
+@@ -276,8 +322,11 @@ dev_read_urand(ifconfig_t)
  
  domain_use_interactive_fds(ifconfig_t)
  
@@ -54011,12 +54113,12 @@ index df32316..e8d03fb 100644
  
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
-@@ -301,10 +347,11 @@ logging_send_syslog_msg(ifconfig_t)
+@@ -301,10 +350,10 @@ logging_send_syslog_msg(ifconfig_t)
  
  miscfiles_read_localization(ifconfig_t)
  
 -modutils_domtrans_insmod(ifconfig_t)
- 
+-
  seutil_use_runinit_fds(ifconfig_t)
  
 +sysnet_dns_name_resolve(ifconfig_t)
@@ -54024,7 +54126,7 @@ index df32316..e8d03fb 100644
  userdom_use_user_terminals(ifconfig_t)
  userdom_use_all_users_fds(ifconfig_t)
  
-@@ -314,6 +361,10 @@ ifdef(`distro_ubuntu',`
+@@ -314,6 +363,10 @@ ifdef(`distro_ubuntu',`
  	')
  ')
  
@@ -54035,7 +54137,7 @@ index df32316..e8d03fb 100644
  ifdef(`hide_broken_symptoms',`
  	optional_policy(`
  		dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -325,12 +376,31 @@ ifdef(`hide_broken_symptoms',`
+@@ -325,12 +378,31 @@ ifdef(`hide_broken_symptoms',`
  ')
  
  optional_policy(`
@@ -54067,7 +54169,7 @@ index df32316..e8d03fb 100644
  ')
  
  optional_policy(`
-@@ -355,3 +425,9 @@ optional_policy(`
+@@ -355,3 +427,9 @@ optional_policy(`
  	xen_append_log(ifconfig_t)
  	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
  ')
@@ -54351,10 +54453,10 @@ index 0000000..4dfe28c
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..a7fc66b
+index 0000000..2b6d19b
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,185 @@
+@@ -0,0 +1,190 @@
 +
 +policy_module(systemd, 1.0.0)
 +
@@ -54425,10 +54527,15 @@ index 0000000..a7fc66b
 +
 +init_read_utmp(systemd_passwd_agent_t)
 +init_create_pid_dirs(systemd_passwd_agent_t)
++init_stream_connect(systemd_passwd_agent_t)
 +
 +miscfiles_read_localization(systemd_passwd_agent_t)
 +
 +optional_policy(`
++	lvm_signull(systemd_passwd_agent_t)
++')
++
++optional_policy(`
 +	plymouthd_stream_connect(systemd_passwd_agent_t)
 +')
 +
@@ -54743,7 +54850,7 @@ index 025348a..4e2ca03 100644
 +')
 +
 diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
-index d88f7c3..e1b2016 100644
+index d88f7c3..5f34c11 100644
 --- a/policy/modules/system/udev.te
 +++ b/policy/modules/system/udev.te
 @@ -17,14 +17,12 @@ init_daemon_domain(udev_t, udev_exec_t)
@@ -54868,7 +54975,7 @@ index d88f7c3..e1b2016 100644
  ')
  
  optional_policy(`
-@@ -233,6 +250,10 @@ optional_policy(`
+@@ -233,6 +250,14 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -54876,10 +54983,14 @@ index d88f7c3..e1b2016 100644
 +')
 +
 +optional_policy(`
++	gpsd_domtrans(udev_t)
++')
++
++optional_policy(`
  	lvm_domtrans(udev_t)
  ')
  
-@@ -259,6 +280,10 @@ optional_policy(`
+@@ -259,6 +284,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -54890,7 +55001,7 @@ index d88f7c3..e1b2016 100644
  	openct_read_pid_files(udev_t)
  	openct_domtrans(udev_t)
  ')
-@@ -273,6 +298,11 @@ optional_policy(`
+@@ -273,6 +302,11 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -58613,7 +58724,7 @@ index df29ca1..2a5c03d 100644
 +# Nautilus causes this avc
 +dontaudit unpriv_userdomain self:dir setattr;
 diff --git a/policy/modules/system/xen.fc b/policy/modules/system/xen.fc
-index a865da7..2e7f2b0 100644
+index a865da7..875acbd 100644
 --- a/policy/modules/system/xen.fc
 +++ b/policy/modules/system/xen.fc
 @@ -1,7 +1,5 @@
@@ -58624,6 +58735,14 @@ index a865da7..2e7f2b0 100644
  /usr/sbin/blktapctrl	--	gen_context(system_u:object_r:blktap_exec_t,s0)
  /usr/sbin/evtchnd	--	gen_context(system_u:object_r:evtchnd_exec_t,s0)
  /usr/sbin/tapdisk	--	gen_context(system_u:object_r:blktap_exec_t,s0)
+@@ -17,6 +15,7 @@ ifdef(`distro_debian',`
+ /usr/sbin/xenconsoled	--	gen_context(system_u:object_r:xenconsoled_exec_t,s0)
+ /usr/sbin/xend		--	gen_context(system_u:object_r:xend_exec_t,s0)
+ /usr/sbin/xenstored	--	gen_context(system_u:object_r:xenstored_exec_t,s0)
++/usr/sbin/xl		--	gen_context(system_u:object_r:xm_exec_t,s0)
+ /usr/sbin/xm		--	gen_context(system_u:object_r:xm_exec_t,s0)
+ ')
+ 
 diff --git a/policy/modules/system/xen.if b/policy/modules/system/xen.if
 index 77d41b6..4aa96c6 100644
 --- a/policy/modules/system/xen.if
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b43164f..fc200a5 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.9.16
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Apr 26 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-17
+- Add back transition from unconfined to telepathy domains
+
 * Thu Apr 21 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-16
 - Allow spamd to sent mail
 - Needs to be able to write to its systemhigh log file