diff --git a/policy-20070501.patch b/policy-20070501.patch
index 2fdf795..bb4dde0 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -574,7 +574,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.4/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-07-31 16:39:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-08-03 08:45:43.000000000 -0400
@@ -31,6 +31,7 @@
type traceroute_t;
type traceroute_exec_t;
@@ -583,6 +583,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
role system_r types traceroute_t;
########################################
+@@ -118,6 +119,7 @@
+ corenet_tcp_sendrecv_all_if(ping_t)
+ corenet_raw_sendrecv_all_if(ping_t)
+ corenet_raw_sendrecv_all_nodes(ping_t)
++corenet_raw_bind_all_nodes(ping_t)
+ corenet_tcp_sendrecv_all_nodes(ping_t)
+ corenet_tcp_sendrecv_all_ports(ping_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.6.4/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 14:51:04.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-07-31 16:39:53.000000000 -0400
@@ -676,7 +684,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.6.4/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-07-31 16:39:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-08-02 15:13:10.000000000 -0400
@@ -211,6 +211,24 @@
########################################
@@ -733,7 +741,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
')
########################################
-@@ -290,3 +329,85 @@
+@@ -290,3 +329,103 @@
dontaudit $1 rpm_var_lib_t:file manage_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
')
@@ -783,6 +791,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+
+########################################
+##
++## allow domain to read, RPM tmp files
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`rpm_read_tmp_files',`
++ gen_require(`
++ type rpm_tmp_t;
++ ')
++
++ allow $1 rpm_tmp_t:file r_file_perms;
++')
++
++########################################
++##
+## Do not audit attempts to read,
+## write RPM tmp files
+##
@@ -8786,8 +8812,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
\ No newline at end of file
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.6.4/policy/modules/system/fusermount.te
--- nsaserefpolicy/policy/modules/system/fusermount.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-07-31 16:39:53.000000000 -0400
-@@ -0,0 +1,51 @@
++++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-08-03 14:21:48.000000000 -0400
+@@ -0,0 +1,47 @@
+policy_module(fusermount,1.0.0)
+
+########################################
@@ -8830,10 +8856,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
+ hal_rw_pipes(fusermount_t)
+')
+
-+optional_policy(`
-+ mount_ntfs_rw_stream_sockets(fusermount_t)
-+')
-+
+ifdef(`targeted_policy',`
+ term_use_generic_ptys(fusermount_t)
+ term_use_console(fusermount_t)
@@ -9203,7 +9225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
# vmware
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-07-31 16:39:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-08-02 15:13:32.000000000 -0400
@@ -62,7 +62,8 @@
manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
@@ -9743,53 +9765,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
-
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.6.4/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.if 2007-07-31 16:39:53.000000000 -0400
-@@ -143,3 +143,40 @@
- mount_domtrans($1)
- ')
- ')
-+
-+########################################
-+##
-+## Execute a domain transition to run mount_ntfs.
-+##
-+##
-+##
-+## Domain allowed to transition.
-+##
-+##
-+#
-+interface(`mount_ntfs_domtrans',`
-+ gen_require(`
-+ type mount_ntfs_t, mount_ntfs_exec_t;
-+ ')
-+
-+ domtrans_pattern($1,mount_ntfs_exec_t,mount_ntfs_t)
-+')
-+
-+########################################
-+##
-+## Allow the specified domain to read/write to
-+## init scripts with a unix domain stream sockets.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`mount_ntfs_rw_stream_sockets',`
-+ gen_require(`
-+ type mount_ntfs_t;
-+ ')
-+
-+ allow $1 mount_ntfs_t:unix_stream_socket { read write };
-+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-08-01 16:40:38.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-08-03 14:22:02.000000000 -0400
@@ -9,6 +9,13 @@
ifdef(`targeted_policy',`
##
@@ -9917,7 +9895,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+fusermount_domtrans(mount_t)
+fusermount_use_fds(mount_t)
+
-+# modutils_domtrans_insmod(mount_t)
++modutils_exec_insmod(mount_t)
+
+optional_policy(`
+ hal_write_log(mount_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index cb1ce5a..959283d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 31%{?dist}
+Release: 32%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
%endif
%changelog
+* Fri Aug 3 2007 Dan Walsh 2.6.4-32
+- Allow ping to bind to rawip_socket
+
* Wed Aug 1 2007 Dan Walsh 2.6.4-31
- Fix specification of nagios cgi scripts