diff --git a/policy-20090521.patch b/policy-20090521.patch
index 3075ff7..a7a6e32 100644
--- a/policy-20090521.patch
+++ b/policy-20090521.patch
@@ -1,6 +1,6 @@
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-3.6.12/man/man8/nfs_selinux.8
---- nsaserefpolicy/man/man8/nfs_selinux.8	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/man/man8/nfs_selinux.8	2009-11-19 10:29:57.000000000 +0100
+--- nsaserefpolicy/man/man8/nfs_selinux.8	2010-01-19 12:51:11.885608081 +0100
++++ serefpolicy-3.6.12/man/man8/nfs_selinux.8	2010-01-19 12:51:30.666607854 +0100
 @@ -1,9 +1,9 @@
  .TH  "nfs_selinux"  "8"  "9 Feb 2009" "dwalsh@redhat.com" "NFS SELinux Policy documentation"
  .SH "NAME"
@@ -24,7 +24,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-3.6.12/man/man8/samba_selinux.8
 --- nsaserefpolicy/man/man8/samba_selinux.8	2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/man/man8/samba_selinux.8	2009-08-19 18:01:06.000000000 +0200
++++ serefpolicy-3.6.12/man/man8/samba_selinux.8	2010-01-19 12:51:30.667607981 +0100
 @@ -20,7 +20,7 @@
  .TP
  This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
@@ -41,8 +41,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
 -selinux(8), samba(7), chcon(1), setsebool(8)
 +selinux(8), samba(7), chcon(1), setsebool(8), semanage(8)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.12/policy/mcs
---- nsaserefpolicy/policy/mcs	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/mcs	2009-07-08 21:09:33.000000000 +0200
+--- nsaserefpolicy/policy/mcs	2010-01-19 12:51:11.888608672 +0100
++++ serefpolicy-3.6.12/policy/mcs	2010-01-19 12:51:30.672607570 +0100
 @@ -66,7 +66,7 @@
  #
  # Note that getattr on files is always permitted.
@@ -81,8 +81,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ') dnl end enable_mcs
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.12/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/certwatch.te	2010-01-19 12:51:11.890618006 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te	2010-01-19 12:51:30.673607627 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(certwatch, 1.3.0)
@@ -100,8 +100,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  logging_send_syslog_msg(certwatch_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.6.12/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/dmesg.te	2009-11-19 12:04:46.000000000 +0100
+--- nsaserefpolicy/policy/modules/admin/dmesg.te	2010-01-19 12:51:11.892620356 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/dmesg.te	2010-01-19 12:51:30.674607405 +0100
 @@ -62,3 +62,6 @@
  optional_policy(`
  	udev_read_db(dmesg_t)
@@ -110,8 +110,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#mcelog needs
 +dev_read_raw_memory(dmesg_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.12/policy/modules/admin/kismet.te
---- nsaserefpolicy/policy/modules/admin/kismet.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/kismet.te	2009-07-07 08:55:43.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/kismet.te	2010-01-19 12:51:11.894608528 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/kismet.te	2010-01-19 12:51:30.674607405 +0100
 @@ -23,6 +23,9 @@
  type kismet_var_lib_t;
  files_type(kismet_var_lib_t)
@@ -154,8 +154,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +        ')
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.12/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/logrotate.te	2009-07-28 16:09:42.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/logrotate.te	2010-01-19 12:51:11.895617594 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/logrotate.te	2010-01-19 12:51:30.675616123 +0100
 @@ -32,7 +32,7 @@
  # Change ownership on log files.
  allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -177,8 +177,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.12/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/mrtg.te	2009-08-13 08:59:23.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/mrtg.te	2010-01-19 12:51:11.897608001 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/mrtg.te	2010-01-19 12:51:30.676608358 +0100
 @@ -136,10 +136,18 @@
  ')
  
@@ -199,8 +199,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.12/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/netutils.te	2009-11-19 10:07:23.000000000 +0100
+--- nsaserefpolicy/policy/modules/admin/netutils.te	2010-01-19 12:51:11.898617767 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/netutils.te	2010-01-19 12:51:30.677620847 +0100
 @@ -38,7 +38,7 @@
  
  # Perform network administration operations and have raw access to the network.
@@ -211,8 +211,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
  allow netutils_t self:packet_socket create_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.12/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/prelink.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/prelink.te	2010-01-19 12:51:11.901618148 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/prelink.te	2010-01-19 12:51:30.678620066 +0100
 @@ -68,10 +68,11 @@
  files_list_all(prelink_t)
  files_getattr_all_files(prelink_t)
@@ -238,8 +238,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_domain(prelink_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.12/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.te	2009-08-05 21:59:03.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/readahead.te	2010-01-19 12:51:11.903617984 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.te	2010-01-19 12:51:30.679620054 +0100
 @@ -50,11 +50,13 @@
  domain_use_interactive_fds(readahead_t)
  domain_read_all_domains_state(readahead_t)
@@ -255,8 +255,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_getattr_all_fs(readahead_t)
  fs_search_auto_mountpoints(readahead_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.12/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc	2009-09-02 13:11:37.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/rpm.fc	2010-01-19 12:51:11.904618041 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc	2010-01-19 12:51:30.680608168 +0100
 @@ -1,5 +1,6 @@
  
  /bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -265,8 +265,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/bin/yum 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.12/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.if	2009-09-02 11:03:37.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/rpm.if	2010-01-19 12:51:11.905618238 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.if	2010-01-19 12:51:30.681608994 +0100
 @@ -470,6 +470,24 @@
  
  ########################################
@@ -325,8 +325,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 + 	dontaudit $1 rpm_tmpfs_t:file write_file_perms;
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.12/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.te	2009-07-28 14:08:18.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/rpm.te	2010-01-19 12:51:11.907608156 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.te	2010-01-19 12:51:30.685607338 +0100
 @@ -377,6 +377,10 @@
  ')
  
@@ -340,7 +340,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.6.12/policy/modules/admin/shorewall.fc
 --- nsaserefpolicy/policy/modules/admin/shorewall.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/admin/shorewall.fc	2009-10-29 22:48:05.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/shorewall.fc	2010-01-19 12:51:30.686611725 +0100
 @@ -0,0 +1,13 @@
 +
 +/etc/rc\.d/init\.d/shorewall        	--      gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
@@ -357,7 +357,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/shorewall-lite(/.*)?           	gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.6.12/policy/modules/admin/shorewall.if
 --- nsaserefpolicy/policy/modules/admin/shorewall.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/admin/shorewall.if	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/shorewall.if	2010-01-19 12:51:30.687608849 +0100
 @@ -0,0 +1,166 @@
 +## <summary>policy for shorewall</summary>
 +
@@ -527,7 +527,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.6.12/policy/modules/admin/shorewall.te
 --- nsaserefpolicy/policy/modules/admin/shorewall.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/admin/shorewall.te	2009-06-25 10:41:25.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/shorewall.te	2010-01-19 12:51:30.689618043 +0100
 @@ -0,0 +1,103 @@
 +policy_module(shorewall,1.0.0)
 +
@@ -633,8 +633,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive shorewall_t;
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.12/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/sudo.if	2009-08-05 23:24:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/sudo.if	2010-01-19 12:51:11.908617992 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/sudo.if	2010-01-19 12:51:30.689618043 +0100
 @@ -152,6 +152,10 @@
  	optional_policy(`
  		dbus_system_bus_client($1_sudo_t)
@@ -648,7 +648,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.6.12/policy/modules/admin/tzdata.te
 --- nsaserefpolicy/policy/modules/admin/tzdata.te	2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/tzdata.te	2009-09-07 13:31:31.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/tzdata.te	2010-01-19 12:51:30.690617961 +0100
 @@ -16,6 +16,8 @@
  # tzdata local policy
  #
@@ -660,7 +660,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.12/policy/modules/admin/usermanage.if
 --- nsaserefpolicy/policy/modules/admin/usermanage.if	2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/usermanage.if	2009-09-02 09:29:39.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/usermanage.if	2010-01-19 12:51:30.691607822 +0100
 @@ -274,6 +274,9 @@
  	usermanage_domtrans_useradd($1)
  	role $2 types useradd_t;
@@ -672,8 +672,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		nscd_run(useradd_t, $2)
  	')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.12/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te	2009-09-02 09:28:02.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2010-01-19 12:51:11.913617929 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te	2010-01-19 12:51:30.693618133 +0100
 @@ -209,6 +209,7 @@
  files_manage_etc_files(groupadd_t)
  files_relabel_etc_files(groupadd_t)
@@ -693,7 +693,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_home_filetrans_user_home_dir(useradd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.6.12/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/vpn.te	2010-01-06 16:12:18.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/vpn.te	2010-01-19 12:51:30.694617981 +0100
 @@ -104,6 +104,7 @@
  sysnet_etc_filetrans_config(vpnc_t)
  sysnet_manage_config(vpnc_t)
@@ -703,8 +703,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_search_user_home_content(vpnc_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.6.12/policy/modules/apps/awstats.te
---- nsaserefpolicy/policy/modules/apps/awstats.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/awstats.te	2009-08-19 18:08:12.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/awstats.te	2010-01-19 12:51:11.915617346 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/awstats.te	2010-01-19 12:51:30.694617981 +0100
 @@ -28,6 +28,8 @@
  awstats_rw_pipes(awstats_t)
  awstats_cgi_exec(awstats_t)
@@ -716,7 +716,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/calamaris.te serefpolicy-3.6.12/policy/modules/apps/calamaris.te
 --- nsaserefpolicy/policy/modules/apps/calamaris.te	2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/calamaris.te	2009-08-05 23:27:19.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/calamaris.te	2010-01-19 12:51:30.695618108 +0100
 @@ -82,5 +82,9 @@
  ')
  
@@ -729,7 +729,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.6.12/policy/modules/apps/gitosis.fc
 --- nsaserefpolicy/policy/modules/apps/gitosis.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.fc	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.fc	2010-01-19 12:51:30.696620471 +0100
 @@ -0,0 +1,4 @@
 +
 +/usr/bin/gitosis-serve			--        gen_context(system_u:object_r:gitosis_exec_t,s0)
@@ -737,7 +737,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/gitosis(/.*)?                            gen_context(system_u:object_r:gitosis_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.12/policy/modules/apps/gitosis.if
 --- nsaserefpolicy/policy/modules/apps/gitosis.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.if	2009-06-29 22:52:15.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.if	2010-01-19 12:51:30.697608236 +0100
 @@ -0,0 +1,96 @@
 +## <summary>gitosis interface</summary>
 +
@@ -837,7 +837,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.6.12/policy/modules/apps/gitosis.te
 --- nsaserefpolicy/policy/modules/apps/gitosis.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.te	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.te	2010-01-19 12:51:30.698608712 +0100
 @@ -0,0 +1,43 @@
 +policy_module(gitosis,1.0.0)
 +
@@ -883,8 +883,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	ssh_rw_pipes(gitosis_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.12/policy/modules/apps/gnome.te
---- nsaserefpolicy/policy/modules/apps/gnome.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/gnome.te	2009-09-18 14:56:40.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/gnome.te	2010-01-19 12:51:11.922608458 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gnome.te	2010-01-19 12:51:30.699608071 +0100
 @@ -114,6 +114,16 @@
  
  userdom_dontaudit_search_admin_dir(gconfdefaultsm_t)
@@ -903,8 +903,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
          consolekit_dbus_chat(gconfdefaultsm_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.6.12/policy/modules/apps/gpg.if
---- nsaserefpolicy/policy/modules/apps/gpg.if	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/gpg.if	2009-08-18 15:05:46.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/gpg.if	2010-01-19 12:51:11.924618072 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gpg.if	2010-01-19 12:51:30.699608071 +0100
 @@ -30,7 +30,7 @@
  
  	# allow ps to show gpg
@@ -915,8 +915,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	# communicate with the user 
  	allow gpg_helper_t $2:fd use;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.12/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/gpg.te	2009-08-18 15:06:47.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/gpg.te	2010-01-19 12:51:11.925621412 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gpg.te	2010-01-19 12:51:30.701607837 +0100
 @@ -90,6 +90,7 @@
  corenet_tcp_connect_all_ports(gpg_t)
  corenet_sendrecv_all_client_packets(gpg_t)
@@ -926,8 +926,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_urand(gpg_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.12/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/java.te	2009-09-22 17:00:57.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/java.te	2010-01-19 12:51:11.928618231 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/java.te	2010-01-19 12:51:30.701607837 +0100
 @@ -148,6 +148,8 @@
  	# execheap is needed for itanium/BEA jrocket
  	allow unconfined_java_t self:process { execstack execmem execheap };
@@ -938,8 +938,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	unconfined_domain_noaudit(unconfined_java_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.12/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.if	2009-07-08 21:12:05.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/mozilla.if	2010-01-19 12:51:11.934607820 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.if	2010-01-19 12:51:30.702607964 +0100
 @@ -45,6 +45,18 @@
  	relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
  	relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
@@ -978,8 +978,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.12/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te	2009-07-08 21:12:10.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/mozilla.te	2010-01-19 12:51:11.935618493 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te	2010-01-19 12:51:30.704607869 +0100
 @@ -59,6 +59,7 @@
  manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
  manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
@@ -1030,8 +1030,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.12/policy/modules/apps/nsplugin.if
---- nsaserefpolicy/policy/modules/apps/nsplugin.if	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if	2009-07-07 08:51:57.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if	2010-01-19 12:51:11.939608107 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if	2010-01-19 12:51:30.705618543 +0100
 @@ -89,6 +89,8 @@
  	role $1 types nsplugin_config_t;
  
@@ -1043,13 +1043,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.fc serefpolicy-3.6.12/policy/modules/apps/ptchown.fc
 --- nsaserefpolicy/policy/modules/apps/ptchown.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/ptchown.fc	2009-08-14 08:31:59.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/ptchown.fc	2010-01-19 12:51:30.706618111 +0100
 @@ -0,0 +1,2 @@
 +
 +/usr/libexec/pt_chown	--	gen_context(system_u:object_r:ptchown_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.if serefpolicy-3.6.12/policy/modules/apps/ptchown.if
 --- nsaserefpolicy/policy/modules/apps/ptchown.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/ptchown.if	2009-08-14 08:09:22.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/ptchown.if	2010-01-19 12:51:30.706618111 +0100
 @@ -0,0 +1,22 @@
 +
 +## <summary>helper function for grantpt(3), changes ownship and permissions of pseudotty</summary>
@@ -1075,7 +1075,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.te serefpolicy-3.6.12/policy/modules/apps/ptchown.te
 --- nsaserefpolicy/policy/modules/apps/ptchown.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/ptchown.te	2009-08-20 09:35:25.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/ptchown.te	2010-01-19 12:51:30.710608074 +0100
 @@ -0,0 +1,40 @@
 +policy_module(ptchown,1.0.0)
 +
@@ -1118,15 +1118,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +miscfiles_read_localization(ptchown_t)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.12/policy/modules/apps/qemu.fc
---- nsaserefpolicy/policy/modules/apps/qemu.fc	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/qemu.fc	2010-01-19 12:51:11.948618262 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc	2010-01-19 12:51:30.710608074 +0100
 @@ -1,2 +1,3 @@
  /usr/bin/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/libexec/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.12/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.te	2010-01-06 14:48:15.000000000 +0100
+--- nsaserefpolicy/policy/modules/apps/qemu.te	2010-01-19 12:51:11.951608237 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.te	2010-01-19 12:51:30.711617700 +0100
 @@ -50,6 +50,9 @@
  storage_raw_write_removable_device(qemu_t)
  storage_raw_read_removable_device(qemu_t)
@@ -1155,8 +1155,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.6.12/policy/modules/apps/sandbox.if
---- nsaserefpolicy/policy/modules/apps/sandbox.if	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/sandbox.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/sandbox.if	2010-01-19 12:51:11.955618035 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/sandbox.if	2010-01-19 12:51:30.714607885 +0100
 @@ -3,73 +3,143 @@
  
  ########################################
@@ -1334,8 +1334,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 sandbox_xserver_tmpfs_t:file rw_file_perms;
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.12/policy/modules/apps/sandbox.te
---- nsaserefpolicy/policy/modules/apps/sandbox.te	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/sandbox.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/sandbox.te	2010-01-19 12:51:11.957607813 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/sandbox.te	2010-01-19 12:51:30.715618069 +0100
 @@ -1,18 +1,84 @@
  policy_module(sandbox,1.0.0)
 +dbus_stub()
@@ -1632,8 +1632,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hal_dbus_chat(sandbox_net_client_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.12/policy/modules/apps/screen.if
---- nsaserefpolicy/policy/modules/apps/screen.if	2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/screen.if	2009-08-05 23:21:33.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/screen.if	2010-01-19 12:51:11.958618556 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/screen.if	2010-01-19 12:51:30.716619663 +0100
 @@ -62,6 +62,7 @@
  	manage_dirs_pattern($1_screen_t, screen_dir_t, screen_dir_t)
  	filetrans_pattern($1_screen_t, screen_dir_t, screen_var_run_t, fifo_file)
@@ -1642,9 +1642,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	allow $1_screen_t screen_home_t:dir list_dir_perms;
  	read_files_pattern($1_screen_t, screen_home_t, screen_home_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.6.12/policy/modules/apps/slocate.te
+--- nsaserefpolicy/policy/modules/apps/slocate.te	2009-04-07 21:54:49.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/slocate.te	2010-01-19 13:02:01.591608019 +0100
+@@ -50,6 +50,7 @@
+ fs_getattr_all_symlinks(locate_t)
+ fs_list_all(locate_t)
+ fs_list_inotifyfs(locate_t)
++fs_read_noxattr_fs_symlinks(locate_t)
+ 
+ # getpwnam
+ auth_use_nsswitch(locate_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.6.12/policy/modules/apps/vmware.fc
 --- nsaserefpolicy/policy/modules/apps/vmware.fc	2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/vmware.fc	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.fc	2010-01-19 12:51:30.717611828 +0100
 @@ -63,6 +63,7 @@
  ')
  
@@ -1654,8 +1665,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/vmnat.* 		-s	gen_context(system_u:object_r:vmware_var_run_t,s0)
  /var/run/vmware.* 			gen_context(system_u:object_r:vmware_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.12/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/vmware.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/vmware.te	2010-01-19 12:51:11.961607624 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.te	2010-01-19 12:51:30.718618032 +0100
 @@ -136,7 +136,7 @@
  
  miscfiles_read_localization(vmware_host_t)
@@ -1677,8 +1688,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`TODO',`
  # VMWare need access to pcmcia devices for network
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc	2009-08-13 17:13:38.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2010-01-19 12:51:11.965616444 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc	2010-01-19 12:51:30.719617600 +0100
 @@ -7,6 +7,7 @@
  /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
  /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
@@ -1726,8 +1737,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/X11R6/lib(64)?/X11/xkb/xkbcomp --	gen_context(system_u:object_r:bin_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in	2009-08-13 08:57:43.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2010-01-19 12:51:11.969607384 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in	2010-01-19 12:51:30.720620172 +0100
 @@ -107,6 +107,7 @@
  network_port(giftd, tcp,1213,s0)
  network_port(gopher, tcp,70,s0, udp,70,s0)
@@ -1755,8 +1766,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(mmcc, tcp,5050,s0, udp,5050,s0)
  network_port(monopd, tcp,1234,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.12/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc	2009-09-29 18:31:58.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.fc	2010-01-19 12:51:11.970607302 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc	2010-01-19 12:51:30.721620159 +0100
 @@ -46,8 +46,10 @@
  /dev/kmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
  /dev/kmsg		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
@@ -1777,8 +1788,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/named/chroot/dev/random -c	gen_context(system_u:object_r:random_device_t,s0)
  /var/named/chroot/dev/zero -c	gen_context(system_u:object_r:zero_device_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.12/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.if	2009-07-03 11:25:38.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.if	2010-01-19 12:51:11.972607417 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.if	2010-01-19 12:51:30.724607969 +0100
 @@ -1727,6 +1727,133 @@
  
  ########################################
@@ -1936,8 +1947,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +       setattr_chr_files_pattern($1, devtty_t, devtty_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.12/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.te	2010-01-19 12:51:11.973618649 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.te	2010-01-19 12:51:30.726608294 +0100
 @@ -78,6 +78,13 @@
  dev_node(ipmi_device_t)
  
@@ -1966,8 +1977,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  type lvm_control_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.12/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.if	2009-07-07 08:21:23.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/domain.if	2010-01-19 12:51:11.977607704 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.if	2010-01-19 12:51:30.727618199 +0100
 @@ -44,34 +44,6 @@
  interface(`domain_type',`
  	# start with basic domain
@@ -2025,8 +2036,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 unconfined_domain_type:process signal;
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.12/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.te	2009-09-02 11:03:42.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/domain.te	2010-01-19 12:51:11.978607342 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.te	2010-01-19 12:51:30.729607628 +0100
 @@ -91,6 +91,9 @@
  kernel_read_proc_symlinks(domain)
  kernel_read_crypto_sysctls(domain)
@@ -2102,8 +2113,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.12/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.if	2009-09-14 14:40:51.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/files.if	2010-01-19 12:51:11.981607235 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/files.if	2010-01-19 12:51:30.732608079 +0100
 @@ -1953,6 +1953,8 @@
  	allow $1 etc_t:dir list_dir_perms;
  	read_files_pattern($1, etc_t, etc_t)
@@ -2130,8 +2141,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1 file_type:fifo_file { getattr read write append ioctl lock };
  	allow $1 file_type:sock_file { getattr read write append ioctl lock };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/kernel.if	2010-01-19 12:51:11.988607357 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if	2010-01-19 12:51:30.734618112 +0100
 @@ -817,7 +817,7 @@
  		type proc_t;
  	')
@@ -2142,8 +2153,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.6.12/policy/modules/kernel/storage.fc
---- nsaserefpolicy/policy/modules/kernel/storage.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/storage.fc	2009-08-24 16:29:47.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/storage.fc	2010-01-19 12:51:11.992607517 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/storage.fc	2010-01-19 12:51:30.736617947 +0100
 @@ -28,6 +28,7 @@
  /dev/megadev.*		-c	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/mmcblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
@@ -2154,7 +2165,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/p[fg][0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.6.12/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2009-04-07 21:54:48.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/storage.if	2009-08-24 16:26:39.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/storage.if	2010-01-19 12:51:30.737617934 +0100
 @@ -529,7 +529,7 @@
  
  	')
@@ -2165,8 +2176,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.12/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/terminal.if	2010-01-19 12:51:11.993607155 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if	2010-01-19 12:51:30.738608424 +0100
 @@ -571,6 +571,25 @@
  	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
  ')
@@ -2194,8 +2205,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <summary>
  ##	Read and write the controlling
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.12/policy/modules/roles/staff.te
---- nsaserefpolicy/policy/modules/roles/staff.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/staff.te	2009-08-05 21:52:27.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/staff.te	2010-01-19 12:51:11.995607270 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/staff.te	2010-01-19 12:51:30.739608132 +0100
 @@ -44,6 +44,10 @@
  ')
  
@@ -2230,8 +2241,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.12/policy/modules/roles/sysadm.if
---- nsaserefpolicy/policy/modules/roles/sysadm.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/sysadm.if	2010-01-19 12:51:11.995607270 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if	2010-01-19 12:51:30.740619783 +0100
 @@ -116,6 +116,41 @@
  
  ########################################
@@ -2275,8 +2286,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	a specified domain.  This is an explicit transition,
  ##	requiring the caller to use setexeccon().
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.12/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/sysadm.te	2010-01-19 12:51:11.996607118 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te	2010-01-19 12:51:30.741620189 +0100
 @@ -334,6 +334,10 @@
  ')
  
@@ -2289,8 +2300,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te
---- nsaserefpolicy/policy/modules/roles/unconfineduser.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te	2009-09-02 10:35:47.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.te	2010-01-19 12:51:11.999607220 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te	2010-01-19 12:51:30.742620386 +0100
 @@ -52,6 +52,8 @@
  init_system_domain(unconfined_execmem_t, execmem_exec_t)
  role unconfined_r types unconfined_execmem_t;
@@ -2337,8 +2348,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	init_dbus_chat_script(unconfined_execmem_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.12/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te	2010-01-19 12:51:12.000607347 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te	2010-01-19 12:51:30.743620374 +0100
 @@ -22,5 +22,9 @@
  ')
  
@@ -2350,8 +2361,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	setroubleshoot_dontaudit_stream_connect(user_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.12/policy/modules/roles/xguest.te
---- nsaserefpolicy/policy/modules/roles/xguest.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/xguest.te	2009-07-08 21:12:15.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/xguest.te	2010-01-19 12:51:12.001607265 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/xguest.te	2010-01-19 12:51:30.744608209 +0100
 @@ -36,11 +36,17 @@
  # Local policy
  #
@@ -2371,8 +2382,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		files_search_mnt(xguest_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.12/policy/modules/services/afs.fc
---- nsaserefpolicy/policy/modules/services/afs.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/afs.fc	2009-08-24 16:34:56.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/afs.fc	2010-01-19 12:51:12.001607265 +0100
++++ serefpolicy-3.6.12/policy/modules/services/afs.fc	2010-01-19 12:51:30.745617974 +0100
 @@ -26,7 +26,7 @@
  /vicepb				gen_context(system_u:object_r:afs_files_t,s0)
  /vicepc				gen_context(system_u:object_r:afs_files_t,s0)
@@ -2383,8 +2394,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /var/cache/afs(/.*)?		gen_context(system_u:object_r:afs_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.12/policy/modules/services/afs.te
---- nsaserefpolicy/policy/modules/services/afs.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/afs.te	2009-08-24 16:32:10.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/afs.te	2010-01-19 12:51:12.003607450 +0100
++++ serefpolicy-3.6.12/policy/modules/services/afs.te	2010-01-19 12:51:30.746617892 +0100
 @@ -331,6 +331,7 @@
  files_mounton_mnt(afs_t)
  files_read_etc_files(afs_t)
@@ -2394,8 +2405,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_getattr_xattr_fs(afs_t)
  fs_mount_nfs(afs_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.12/policy/modules/services/apache.fc
---- nsaserefpolicy/policy/modules/services/apache.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apache.fc	2009-09-14 14:48:14.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/apache.fc	2010-01-19 12:51:12.003607450 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apache.fc	2010-01-19 12:51:30.747607892 +0100
 @@ -40,6 +40,7 @@
  /usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /usr/share/wordpress-mu/wp-config\.php   -- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@ -2413,8 +2424,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/svn/hooks(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 +/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.12/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apache.if	2010-01-06 15:18:20.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/apache.if	2010-01-19 12:51:12.006607482 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apache.if	2010-01-19 12:51:30.748608369 +0100
 @@ -16,6 +16,7 @@
  		attribute httpd_exec_scripts;
  		attribute httpd_script_exec_type;
@@ -2433,8 +2444,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	tunable_policy(`httpd_enable_cgi',`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.12/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apache.te	2010-01-06 14:38:36.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/apache.te	2010-01-19 12:51:12.008607667 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apache.te	2010-01-19 12:51:30.750618122 +0100
 @@ -110,6 +110,13 @@
  
  ## <desc>
@@ -2473,8 +2484,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.6.12/policy/modules/services/apm.te
---- nsaserefpolicy/policy/modules/services/apm.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apm.te	2009-11-20 13:05:50.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/apm.te	2010-01-19 12:51:12.009617223 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apm.te	2010-01-19 12:51:30.751620344 +0100
 @@ -220,6 +220,10 @@
  ')
  
@@ -2488,7 +2499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.6.12/policy/modules/services/automount.if
 --- nsaserefpolicy/policy/modules/services/automount.if	2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/automount.if	2009-07-20 14:44:39.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/automount.if	2010-01-19 12:51:30.752619633 +0100
 @@ -21,6 +21,24 @@
  
  ########################################
@@ -2515,8 +2526,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.12/policy/modules/services/avahi.te
---- nsaserefpolicy/policy/modules/services/avahi.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/avahi.te	2009-06-29 13:28:59.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/avahi.te	2010-01-19 12:51:12.011613147 +0100
++++ serefpolicy-3.6.12/policy/modules/services/avahi.te	2010-01-19 12:51:30.753620389 +0100
 @@ -24,7 +24,7 @@
  # Local policy
  #
@@ -2527,8 +2538,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow avahi_t self:process { setrlimit signal_perms getcap setcap };
  allow avahi_t self:fifo_file rw_fifo_file_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.12/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/bluetooth.te	2010-01-19 12:51:12.015607859 +0100
++++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te	2010-01-19 12:51:30.754620516 +0100
 @@ -64,6 +64,7 @@
  allow bluetooth_t self:unix_stream_socket { connectto create_stream_socket_perms };
  allow bluetooth_t self:tcp_socket create_stream_socket_perms;
@@ -2538,8 +2549,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.12/policy/modules/services/clamav.te
---- nsaserefpolicy/policy/modules/services/clamav.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/clamav.te	2009-12-09 15:28:27.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/clamav.te	2010-01-19 12:51:12.019607530 +0100
++++ serefpolicy-3.6.12/policy/modules/services/clamav.te	2010-01-19 12:51:30.755607793 +0100
 @@ -106,6 +106,8 @@
  corenet_tcp_bind_generic_port(clamd_t)
  corenet_tcp_connect_generic_port(clamd_t)
@@ -2569,13 +2580,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  sysnet_dns_name_resolve(freshclam_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.6.12/policy/modules/services/cobbler.fc
 --- nsaserefpolicy/policy/modules/services/cobbler.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/cobbler.fc	2009-09-30 09:41:34.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cobbler.fc	2010-01-19 12:51:30.757607908 +0100
 @@ -0,0 +1,2 @@
 +
 +/var/lib/cobbler(/.*)?                  gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.6.12/policy/modules/services/cobbler.if
 --- nsaserefpolicy/policy/modules/services/cobbler.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/cobbler.if	2009-09-30 10:26:41.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cobbler.if	2010-01-19 12:51:30.757607908 +0100
 @@ -0,0 +1,21 @@
 +## <summary>cobbler server policy</summary>
 +
@@ -2600,7 +2611,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.6.12/policy/modules/services/cobbler.te
 --- nsaserefpolicy/policy/modules/services/cobbler.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/cobbler.te	2009-09-30 09:41:20.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cobbler.te	2010-01-19 12:51:30.758617743 +0100
 @@ -0,0 +1,10 @@
 +
 +policy_module(cobbler,1.0.0)
@@ -2613,8 +2624,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +type cobbler_var_lib_t;
 +files_type(cobbler_var_lib_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.12/policy/modules/services/consolekit.te
---- nsaserefpolicy/policy/modules/services/consolekit.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/consolekit.te	2009-10-29 22:41:51.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/consolekit.te	2010-01-19 12:51:12.021607086 +0100
++++ serefpolicy-3.6.12/policy/modules/services/consolekit.te	2010-01-19 12:51:30.759608232 +0100
 @@ -14,7 +14,7 @@
  files_pid_file(consolekit_var_run_t)
  
@@ -2640,8 +2651,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  init_telinit(consolekit_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.12/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cron.if	2009-07-13 10:01:22.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/cron.if	2010-01-19 12:51:12.025607455 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cron.if	2010-01-19 12:51:30.760608918 +0100
 @@ -163,27 +163,14 @@
  #
  interface(`cron_unconfined_role',`
@@ -2682,8 +2693,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	role system_r types $1;
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.12/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cron.te	2009-07-30 17:13:52.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/cron.te	2010-01-19 12:51:12.026607652 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cron.te	2010-01-19 12:51:30.762608613 +0100
 @@ -440,7 +440,7 @@
  init_dontaudit_rw_utmp(system_cronjob_t)
  # prelink tells init to restart it self, we either need to allow or dontaudit
@@ -2694,8 +2705,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_use_nsswitch(system_cronjob_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.12/policy/modules/services/cups.fc
---- nsaserefpolicy/policy/modules/services/cups.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cups.fc	2009-08-11 09:45:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/cups.fc	2010-01-19 12:51:12.027615811 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cups.fc	2010-01-19 12:51:30.763608392 +0100
 @@ -53,6 +53,8 @@
  /var/lib/cups/certs	-d	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /var/lib/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -2706,8 +2717,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/turboprint.*		gen_context(system_u:object_r:cupsd_log_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.12/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cups.te	2009-11-05 17:54:34.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/cups.te	2010-01-19 12:51:12.032607717 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cups.te	2010-01-19 12:51:30.764608868 +0100
 @@ -59,12 +59,13 @@
  init_daemon_domain(hplip_t, hplip_exec_t)
  # For CUPS to run as a backend
@@ -2803,7 +2814,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.6.12/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cyrus.te	2009-09-16 13:08:45.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cyrus.te	2010-01-19 12:51:30.766608843 +0100
 @@ -136,6 +136,7 @@
  
  optional_policy(`
@@ -2813,8 +2824,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.12/policy/modules/services/dbus.if
---- nsaserefpolicy/policy/modules/services/dbus.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dbus.if	2009-10-02 09:02:08.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dbus.if	2010-01-19 12:51:12.035612708 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dbus.if	2010-01-19 12:51:30.767618818 +0100
 @@ -176,6 +176,10 @@
  		xserver_use_xdm_fds($1_dbusd_t)
  		xserver_rw_xdm_pipes($1_dbusd_t)
@@ -2855,8 +2866,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
---- nsaserefpolicy/policy/modules/services/dcc.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dcc.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dcc.te	2010-01-19 12:51:12.038608550 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dcc.te	2010-01-19 12:51:30.769617885 +0100
 @@ -130,11 +130,13 @@
  
  # Access files in /var/dcc. The map file can be updated
@@ -2885,7 +2896,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.6.12/policy/modules/services/ddclient.if
 --- nsaserefpolicy/policy/modules/services/ddclient.if	2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ddclient.if	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/ddclient.if	2010-01-19 12:51:30.769617885 +0100
 @@ -21,6 +21,31 @@
  
  ########################################
@@ -2919,8 +2930,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	an ddclient environment
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
---- nsaserefpolicy/policy/modules/services/devicekit.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/devicekit.te	2010-01-19 12:51:12.041608722 +0100
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.te	2010-01-19 12:51:30.770607466 +0100
 @@ -55,7 +55,7 @@
  #
  # DeviceKit-Power local policy
@@ -2963,8 +2974,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	polkit_read_lib(devicekit_disk_t)
  	polkit_read_reload(devicekit_disk_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.12/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te	2009-09-30 09:43:10.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te	2010-01-19 12:51:12.044620349 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te	2010-01-19 12:51:30.770607466 +0100
 @@ -83,10 +83,18 @@
  userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
  
@@ -2985,8 +2996,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.12/policy/modules/services/dovecot.if
---- nsaserefpolicy/policy/modules/services/dovecot.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dovecot.if	2009-07-31 13:05:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dovecot.if	2010-01-19 12:51:12.046617810 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dovecot.if	2010-01-19 12:51:30.771607314 +0100
 @@ -2,47 +2,44 @@
  
  ########################################
@@ -3070,8 +3081,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
  ##	<summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.12/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dovecot.te	2009-09-30 15:36:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dovecot.te	2010-01-19 12:51:12.047607530 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dovecot.te	2010-01-19 13:12:34.951856866 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(dovecot, 1.10.2)
@@ -3149,9 +3160,30 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_getattr_all_fs(dovecot_deliver_t)
  
  userdom_manage_user_home_content_dirs(dovecot_deliver_t)
+@@ -268,3 +268,20 @@
+ 	mta_manage_spool(dovecot_deliver_t)
+ ')
+ 
++tunable_policy(`use_nfs_home_dirs',`
++    fs_manage_nfs_dirs(dovecot_deliver_t)
++    fs_manage_nfs_dirs(dovecot_t)
++    fs_manage_nfs_files(dovecot_deliver_t)
++    fs_manage_nfs_symlinks(dovecot_deliver_t)
++    fs_manage_nfs_files(dovecot_t)
++    fs_manage_nfs_symlinks(dovecot_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++    fs_manage_cifs_dirs(dovecot_deliver_t)
++    fs_manage_cifs_dirs(dovecot_t)
++    fs_manage_cifs_files(dovecot_deliver_t)
++    fs_manage_cifs_symlinks(dovecot_deliver_t)
++    fs_manage_cifs_files(dovecot_t)
++    fs_manage_cifs_symlinks(dovecot_t)
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.12/policy/modules/services/exim.te
---- nsaserefpolicy/policy/modules/services/exim.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/exim.te	2009-09-14 14:36:18.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/exim.te	2010-01-19 12:51:12.049617981 +0100
++++ serefpolicy-3.6.12/policy/modules/services/exim.te	2010-01-19 12:51:30.772607302 +0100
 @@ -111,6 +111,7 @@
  files_search_var(exim_t)
  files_read_etc_files(exim_t)
@@ -3173,9 +3205,37 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.6.12/policy/modules/services/fail2ban.if
+--- nsaserefpolicy/policy/modules/services/fail2ban.if	2010-01-19 12:51:12.050618388 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fail2ban.if	2010-01-19 13:00:27.397857214 +0100
+@@ -98,6 +98,24 @@
+ 	allow $1 fail2ban_var_run_t:file read_file_perms;
+ ')
+ 
++######################################
++## <summary>
++## Read and write to an fail2ban unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fail2ban_rw_stream_sockets',`
++    gen_require(`
++        type fail2ban_t;
++    ')
++
++    allow $1 fail2ban_t:unix_stream_socket { getattr read write ioctl };
++')
++
+ ########################################
+ ## <summary>
+ ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.6.12/policy/modules/services/fail2ban.te
---- nsaserefpolicy/policy/modules/services/fail2ban.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/fail2ban.te	2009-10-16 13:32:38.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/fail2ban.te	2010-01-19 12:51:12.051619633 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fail2ban.te	2010-01-19 12:51:30.773607499 +0100
 @@ -79,6 +79,7 @@
  auth_use_nsswitch(fail2ban_t)
  
@@ -3185,8 +3245,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(fail2ban_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.6.12/policy/modules/services/fetchmail.te
---- nsaserefpolicy/policy/modules/services/fetchmail.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/fetchmail.te	2009-06-29 16:22:53.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/fetchmail.te	2010-01-19 12:51:12.052617805 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fetchmail.te	2010-01-19 12:51:30.774607207 +0100
 @@ -60,6 +60,8 @@
  corenet_tcp_connect_all_ports(fetchmail_t)
  corenet_sendrecv_all_client_packets(fetchmail_t)
@@ -3197,8 +3257,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_rand(fetchmail_t)
  dev_read_urand(fetchmail_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.12/policy/modules/services/fprintd.te
---- nsaserefpolicy/policy/modules/services/fprintd.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/fprintd.te	2009-08-13 18:07:07.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/fprintd.te	2010-01-19 12:51:12.055618954 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fprintd.te	2010-01-19 12:51:30.774607207 +0100
 @@ -22,12 +22,17 @@
  
  corecmd_search_bin(fprintd_t)
@@ -3231,8 +3291,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  permissive fprintd_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.12/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ftp.te	2009-08-24 09:30:32.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ftp.te	2010-01-19 12:51:12.056617964 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ftp.te	2010-01-19 12:51:30.775607334 +0100
 @@ -85,12 +85,23 @@
  type xferlog_t;
  logging_log_file(xferlog_t)
@@ -3276,8 +3336,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  kernel_read_kernel_sysctls(ftpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.12/policy/modules/services/gnomeclock.te
---- nsaserefpolicy/policy/modules/services/gnomeclock.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/gnomeclock.te	2010-01-19 12:51:12.059617857 +0100
++++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te	2010-01-19 12:51:30.776607601 +0100
 @@ -44,6 +44,7 @@
  ')
  
@@ -3287,8 +3347,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	polkit_read_lib(gnomeclock_t)
  	polkit_read_reload(gnomeclock_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.12/policy/modules/services/gpsd.fc
---- nsaserefpolicy/policy/modules/services/gpsd.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc	2009-06-25 10:25:21.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/gpsd.fc	2010-01-19 12:51:12.062607902 +0100
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc	2010-01-19 12:51:30.776607601 +0100
 @@ -1,3 +1,6 @@
 +/etc/rc\.d/init\.d/gpsd          --      gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
  
@@ -3297,9 +3357,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/gpsd\.pid               --      gen_context(system_u:object_r:gpsd_var_run_t,s0)
 +/var/run/gpsd\.sock              -s      gen_context(system_u:object_r:gpsd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.12/policy/modules/services/gpsd.te
---- nsaserefpolicy/policy/modules/services/gpsd.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.te	2009-08-20 14:46:39.000000000 +0200
-@@ -8,17 +9,23 @@
+--- nsaserefpolicy/policy/modules/services/gpsd.te	2010-01-19 12:51:12.064607808 +0100
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.te	2010-01-19 12:51:30.777607728 +0100
+@@ -8,17 +8,23 @@
  type gpsd_t;
  type gpsd_exec_t;
  application_domain(gpsd_t, gpsd_exec_t)
@@ -3325,7 +3385,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow gpsd_t self:process setsched;
  allow gpsd_t self:shm create_shm_perms;
  allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -28,6 +35,15 @@
+@@ -28,6 +34,15 @@
  manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
  fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
  
@@ -3342,8 +3402,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_bind_gpsd_port(gpsd_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.12/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/hal.te	2009-09-02 10:30:14.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/hal.te	2010-01-19 12:51:12.067618106 +0100
++++ serefpolicy-3.6.12/policy/modules/services/hal.te	2010-01-19 12:51:30.778607087 +0100
 @@ -103,6 +103,7 @@
  kernel_rw_irq_sysctls(hald_t)
  kernel_rw_vm_sysctls(hald_t)
@@ -3422,7 +3482,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  permissive hald_dccm_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.fc serefpolicy-3.6.12/policy/modules/services/hddtemp.fc
 --- nsaserefpolicy/policy/modules/services/hddtemp.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/hddtemp.fc	2009-08-13 08:56:27.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/hddtemp.fc	2010-01-19 12:51:30.779607564 +0100
 @@ -0,0 +1,4 @@
 +
 +/etc/rc\.d/init\.d/hddtemp      --      gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0)
@@ -3430,7 +3490,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/sbin/hddtemp             	--      gen_context(system_u:object_r:hddtemp_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.if serefpolicy-3.6.12/policy/modules/services/hddtemp.if
 --- nsaserefpolicy/policy/modules/services/hddtemp.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/hddtemp.if	2009-08-13 08:56:27.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/hddtemp.if	2010-01-19 12:51:30.779607564 +0100
 @@ -0,0 +1,38 @@
 +## <summary>hddtemp hard disk temperature tool running as a daemon</summary>
 +
@@ -3472,7 +3532,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.te serefpolicy-3.6.12/policy/modules/services/hddtemp.te
 --- nsaserefpolicy/policy/modules/services/hddtemp.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/hddtemp.te	2009-08-13 08:56:27.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/hddtemp.te	2010-01-19 12:51:30.780607411 +0100
 @@ -0,0 +1,40 @@
 +policy_module(hddtemp,1.0.0)
 +
@@ -3515,8 +3575,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive hddtemp_t;
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.12/policy/modules/services/kerberos.if
---- nsaserefpolicy/policy/modules/services/kerberos.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/kerberos.if	2010-01-19 12:51:12.073618102 +0100
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.if	2010-01-19 12:51:30.781607539 +0100
 @@ -70,6 +70,7 @@
  interface(`kerberos_use',`
  	gen_require(`
@@ -3534,8 +3594,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.12/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.te	2009-07-07 08:19:18.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/kerberos.te	2010-01-19 12:51:12.077608134 +0100
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.te	2010-01-19 12:51:30.781607539 +0100
 @@ -277,6 +277,8 @@
  #
  
@@ -3574,8 +3634,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  kerberos_use(kpropd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.te	2009-10-16 13:42:13.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/lircd.te	2010-01-19 12:51:12.082608701 +0100
++++ serefpolicy-3.6.12/policy/modules/services/lircd.te	2010-01-19 12:51:30.782616396 +0100
 @@ -45,6 +45,13 @@
  dev_filetrans(lircd_t, lircd_sock_t, sock_file )
  dev_read_generic_usb_dev(lircd_t)
@@ -3591,8 +3651,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(lircd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.12/policy/modules/services/mailman.if
---- nsaserefpolicy/policy/modules/services/mailman.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/mailman.if	2010-01-19 12:51:12.085617812 +0100
++++ serefpolicy-3.6.12/policy/modules/services/mailman.if	2010-01-19 12:51:30.783607654 +0100
 @@ -197,6 +197,7 @@
  		type mailman_data_t;
  	')
@@ -3602,8 +3662,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.12/policy/modules/services/milter.if
---- nsaserefpolicy/policy/modules/services/milter.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/milter.if	2009-10-16 13:35:27.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/milter.if	2010-01-19 12:51:12.088613515 +0100
++++ serefpolicy-3.6.12/policy/modules/services/milter.if	2010-01-19 12:51:30.783607654 +0100
 @@ -35,6 +35,8 @@
  	# Create other data files and directories in the data directory
  	manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
@@ -3614,8 +3674,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	logging_send_syslog_msg($1_milter_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.12/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/mta.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/mta.if	2010-01-19 12:51:12.091619973 +0100
++++ serefpolicy-3.6.12/policy/modules/services/mta.if	2010-01-19 12:51:30.789617776 +0100
 @@ -473,6 +473,7 @@
  	')
  
@@ -3625,8 +3685,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.12/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.te	2009-11-19 10:03:36.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/mysql.te	2010-01-19 12:51:12.099608000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/mysql.te	2010-01-19 12:51:30.790607217 +0100
 @@ -136,15 +136,20 @@
  allow mysqld_safe_t self:capability { dac_override fowner chown };
  allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
@@ -3650,8 +3710,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_list_sysfs(mysqld_safe_t)
       
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.12/policy/modules/services/networkmanager.fc
---- nsaserefpolicy/policy/modules/services/networkmanager.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.fc	2010-01-06 11:15:05.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc	2010-01-19 12:51:12.103608090 +0100
++++ serefpolicy-3.6.12/policy/modules/services/networkmanager.fc	2010-01-19 12:51:30.825608731 +0100
 @@ -12,7 +12,9 @@
  /usr/sbin/nm-system-settings	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
  
@@ -3663,8 +3723,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/wicd(/.*)? 			gen_context(system_u:object_r:NetworkManager_log_t,s0)
  /var/log/wpa_supplicant.*	--	gen_context(system_u:object_r:NetworkManager_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.12/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.te	2010-01-06 16:11:15.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.te	2010-01-19 12:51:12.105617983 +0100
++++ serefpolicy-3.6.12/policy/modules/services/networkmanager.te	2010-01-19 12:51:30.826608510 +0100
 @@ -57,7 +57,9 @@
  manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
  files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, sock_file)
@@ -3684,8 +3744,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dgram_send(NetworkManager_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.12/policy/modules/services/nis.te
---- nsaserefpolicy/policy/modules/services/nis.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/nis.te	2009-06-26 15:48:39.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/nis.te	2010-01-19 12:51:12.109608226 +0100
++++ serefpolicy-3.6.12/policy/modules/services/nis.te	2010-01-19 12:51:30.827608147 +0100
 @@ -72,8 +72,7 @@
  manage_files_pattern(ypbind_t, var_yp_t, var_yp_t)
  
@@ -3698,7 +3758,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_all_recvfrom_netlabel(ypbind_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.fc serefpolicy-3.6.12/policy/modules/services/nslcd.fc
 --- nsaserefpolicy/policy/modules/services/nslcd.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.fc	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.fc	2010-01-19 12:51:30.828620497 +0100
 @@ -0,0 +1,4 @@
 +/usr/sbin/nslcd	--	gen_context(system_u:object_r:nslcd_exec_t,s0)
 +/etc/nss-ldapd.conf	--	gen_context(system_u:object_r:nslcd_conf_t,s0)
@@ -3706,7 +3766,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/nslcd(/.*)?			gen_context(system_u:object_r:nslcd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.6.12/policy/modules/services/nslcd.if
 --- nsaserefpolicy/policy/modules/services/nslcd.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.if	2009-10-29 22:58:40.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.if	2010-01-19 12:51:30.829619368 +0100
 @@ -0,0 +1,144 @@
 +
 +## <summary>policy for nslcd</summary>
@@ -3854,7 +3914,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.te serefpolicy-3.6.12/policy/modules/services/nslcd.te
 --- nsaserefpolicy/policy/modules/services/nslcd.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.te	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.te	2010-01-19 12:51:30.830620263 +0100
 @@ -0,0 +1,50 @@
 +policy_module(nslcd,1.0.0)
 +
@@ -3908,7 +3968,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +logging_send_syslog_msg(nslcd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.6.12/policy/modules/services/nx.fc
 --- nsaserefpolicy/policy/modules/services/nx.fc	2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/nx.fc	2009-08-20 15:35:42.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nx.fc	2010-01-19 12:51:30.831620041 +0100
 @@ -5,3 +5,6 @@
  /opt/NX/var(/.*)?			gen_context(system_u:object_r:nx_server_var_run_t,s0)
  
@@ -3918,7 +3978,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.6.12/policy/modules/services/nx.if
 --- nsaserefpolicy/policy/modules/services/nx.if	2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/nx.if	2009-09-14 14:45:30.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nx.if	2010-01-19 12:51:30.832607946 +0100
 @@ -17,3 +17,23 @@
  
  	spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
@@ -3945,7 +4005,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.12/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/openvpn.te	2009-08-20 09:42:28.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/openvpn.te	2010-01-19 12:51:30.833608563 +0100
 @@ -86,6 +86,7 @@
  corenet_udp_bind_openvpn_port(openvpn_t)
  corenet_tcp_connect_openvpn_port(openvpn_t)
@@ -3989,7 +4049,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.6.12/policy/modules/services/pcscd.if
 --- nsaserefpolicy/policy/modules/services/pcscd.if	2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pcscd.if	2009-10-02 08:35:36.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/pcscd.if	2010-01-19 12:51:30.834620423 +0100
 @@ -53,6 +53,5 @@
  	')
  
@@ -4000,7 +4060,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.12/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pcscd.te	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/pcscd.te	2010-01-19 12:51:30.835608677 +0100
 @@ -28,6 +28,7 @@
  allow pcscd_t self:tcp_socket create_stream_socket_perms;
  
@@ -4019,8 +4079,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  term_dontaudit_getattr_pty_dirs(pcscd_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.12/policy/modules/services/polkit.fc
---- nsaserefpolicy/policy/modules/services/polkit.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.fc	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/polkit.fc	2010-01-19 12:51:12.124607968 +0100
++++ serefpolicy-3.6.12/policy/modules/services/polkit.fc	2010-01-19 12:51:30.836608455 +0100
 @@ -2,7 +2,7 @@
  /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:polkit_auth_exec_t,s0)
  /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:polkit_grant_exec_t,s0)
@@ -4031,8 +4091,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/PolicyKit(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
  /var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:polkit_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.12/policy/modules/services/polkit.if
---- nsaserefpolicy/policy/modules/services/polkit.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/polkit.if	2010-01-19 12:51:12.125608166 +0100
++++ serefpolicy-3.6.12/policy/modules/services/polkit.if	2010-01-19 12:51:30.837608932 +0100
 @@ -194,6 +194,7 @@
  
  	polkit_domtrans_auth($1)
@@ -4050,8 +4110,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.12/policy/modules/services/polkit.te
---- nsaserefpolicy/policy/modules/services/polkit.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.te	2009-08-07 12:21:31.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/polkit.te	2010-01-19 12:51:12.126608153 +0100
++++ serefpolicy-3.6.12/policy/modules/services/polkit.te	2010-01-19 12:51:30.838620722 +0100
 @@ -72,6 +72,7 @@
  manage_files_pattern(polkit_t, polkit_var_run_t, polkit_var_run_t)
  files_pid_filetrans(polkit_t, polkit_var_run_t, { file dir })
@@ -4070,8 +4130,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_read_usr_files(polkit_auth_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.12/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.if	2009-07-31 13:05:32.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/postfix.if	2010-01-19 12:51:12.130607545 +0100
++++ serefpolicy-3.6.12/policy/modules/services/postfix.if	2010-01-19 12:51:30.840610640 +0100
 @@ -112,6 +112,13 @@
  template(`postfix_server_domain_template',`
  	postfix_domain_template($1)
@@ -4113,8 +4173,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	postfix_postdrop domain.
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.12/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.te	2010-01-05 18:40:19.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/postfix.te	2010-01-19 12:51:12.131607463 +0100
++++ serefpolicy-3.6.12/policy/modules/services/postfix.te	2010-01-19 12:51:30.842608869 +0100
 @@ -42,9 +42,6 @@
  	mta_manage_spool(postfix_local_t)
  ')
@@ -4199,8 +4259,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.12/policy/modules/services/postgresql.te
---- nsaserefpolicy/policy/modules/services/postgresql.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.te	2009-07-08 21:12:21.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/postgresql.te	2010-01-19 12:51:12.134610988 +0100
++++ serefpolicy-3.6.12/policy/modules/services/postgresql.te	2010-01-19 12:51:30.844608844 +0100
 @@ -202,6 +202,7 @@
  corenet_tcp_bind_generic_node(postgresql_t)
  corenet_tcp_bind_postgresql_port(postgresql_t)
@@ -4218,8 +4278,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(postgresql_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.12/policy/modules/services/ppp.if
---- nsaserefpolicy/policy/modules/services/ppp.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.if	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ppp.if	2010-01-19 12:51:12.136617039 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ppp.if	2010-01-19 12:51:30.845608553 +0100
 @@ -177,10 +177,16 @@
  interface(`ppp_run',`
  	gen_require(`
@@ -4238,8 +4298,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.12/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.te	2009-08-24 15:30:24.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ppp.te	2010-01-19 12:51:12.137607528 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ppp.te	2010-01-19 12:51:30.846608819 +0100
 @@ -218,7 +218,7 @@
  # PPTP Local policy
  #
@@ -4250,8 +4310,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow pptp_t self:process signal;
  allow pptp_t self:fifo_file rw_fifo_file_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.12/policy/modules/services/privoxy.te
---- nsaserefpolicy/policy/modules/services/privoxy.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/privoxy.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/privoxy.te	2010-01-19 12:51:12.140607351 +0100
++++ serefpolicy-3.6.12/policy/modules/services/privoxy.te	2010-01-19 12:51:30.847608668 +0100
 @@ -48,8 +48,7 @@
  files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
  
@@ -4263,8 +4323,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_all_recvfrom_unlabeled(privoxy_t)
  corenet_all_recvfrom_netlabel(privoxy_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.12/policy/modules/services/pyzor.fc
---- nsaserefpolicy/policy/modules/services/pyzor.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/pyzor.fc	2010-01-19 12:51:12.143616532 +0100
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc	2010-01-19 12:51:30.848608445 +0100
 @@ -3,6 +3,8 @@
  
  HOME_DIR/\.pyzor(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
@@ -4275,8 +4335,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.12/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/pyzor.te	2010-01-19 12:51:12.144615892 +0100
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.te	2010-01-19 12:51:30.849608852 +0100
 @@ -97,6 +97,8 @@
  kernel_read_kernel_sysctls(pyzor_t)  
  kernel_read_system_state(pyzor_t)
@@ -4288,7 +4348,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.12/policy/modules/services/radvd.te
 --- nsaserefpolicy/policy/modules/services/radvd.te	2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/radvd.te	2009-09-29 18:03:17.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/radvd.te	2010-01-19 12:51:30.850608490 +0100
 @@ -23,7 +23,7 @@
  # Local policy
  #
@@ -4300,7 +4360,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow radvd_t self:unix_stream_socket create_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.12/policy/modules/services/rpcbind.if
 --- nsaserefpolicy/policy/modules/services/rpcbind.if	2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rpcbind.if	2009-09-14 15:08:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rpcbind.if	2010-01-19 12:51:30.851608618 +0100
 @@ -95,6 +95,26 @@
  	files_search_var_lib($1)
  ')
@@ -4329,8 +4389,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <summary>
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-09-14 14:31:36.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/rpc.te	2010-01-19 12:51:12.151616852 +0100
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2010-01-19 12:51:30.852608395 +0100
 @@ -95,6 +95,10 @@
  userdom_signal_unpriv_users(rpcd_t)
  
@@ -4382,8 +4442,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.12/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rsync.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/rsync.te	2010-01-19 12:51:12.152611462 +0100
++++ serefpolicy-3.6.12/policy/modules/services/rsync.te	2010-01-19 12:51:30.853620256 +0100
 @@ -126,6 +126,8 @@
  
  tunable_policy(`rsync_export_all_ro',`
@@ -4394,8 +4454,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	auth_read_all_files_except_shadow(rsync_t)
  	auth_read_all_symlinks_except_shadow(rsync_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.12/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/samba.te	2010-01-06 13:53:59.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/samba.te	2010-01-19 12:51:12.156607571 +0100
++++ serefpolicy-3.6.12/policy/modules/services/samba.te	2010-01-19 12:51:30.855608708 +0100
 @@ -280,6 +280,9 @@
  files_pid_filetrans(smbd_t, smbd_var_run_t, file)
  
@@ -4442,8 +4502,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_use_user_terminals(smbcontrol_t)
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.12/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sasl.te	2009-09-29 18:20:22.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/sasl.te	2010-01-19 12:51:12.157607418 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sasl.te	2010-01-19 12:51:30.856608276 +0100
 @@ -31,7 +31,7 @@
  # Local policy
  #
@@ -4465,8 +4525,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kerberos_manage_host_rcache(saslauthd_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.12/policy/modules/services/sendmail.if
---- nsaserefpolicy/policy/modules/services/sendmail.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.if	2009-07-31 13:22:05.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/sendmail.if	2010-01-19 12:51:12.157607418 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sendmail.if	2010-01-19 12:51:30.857608613 +0100
 @@ -92,6 +92,24 @@
  	allow $1 sendmail_t:unix_stream_socket { getattr read write ioctl };
  ')
@@ -4518,9 +4578,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.12/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.te	2009-07-24 15:40:05.000000000 +0200
-@@ -131,6 +131,10 @@
+--- nsaserefpolicy/policy/modules/services/sendmail.te	2010-01-19 12:51:12.158607406 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sendmail.te	2010-01-19 13:00:53.365857108 +0100
+@@ -131,7 +131,12 @@
  ')
  
  optional_policy(`
@@ -4529,9 +4589,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +optional_policy(`
  	fail2ban_read_lib_files(sendmail_t)
++	fail2ban_rw_stream_sockets(sendmail_t)
  ')
  
-@@ -148,6 +152,7 @@
+ optional_policy(`
+@@ -148,6 +153,7 @@
  
  optional_policy(`
  	postfix_domtrans_postdrop(sendmail_t)
@@ -4539,7 +4601,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	postfix_domtrans_master(sendmail_t)
  	postfix_read_config(sendmail_t)
  	postfix_search_spool(sendmail_t)
-@@ -186,6 +191,6 @@
+@@ -186,6 +192,6 @@
  
  optional_policy(`
  	mta_etc_filetrans_aliases(unconfined_sendmail_t)
@@ -4548,8 +4610,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te	2009-07-17 08:50:23.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2010-01-19 12:51:12.160607451 +0100
++++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te	2010-01-19 12:51:30.859608518 +0100
 @@ -81,6 +81,7 @@
  
  domain_dontaudit_search_all_domains_state(setroubleshootd_t)
@@ -4570,7 +4632,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	dbus_connect_system_bus(setroubleshootd_t)
  	dbus_system_domain(setroubleshootd_t, setroubleshootd_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.fc serefpolicy-3.6.12/policy/modules/services/shorewall.fc
---- nsaserefpolicy/policy/modules/services/shorewall.fc	2009-06-25 10:19:44.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/shorewall.fc	2010-01-19 12:51:12.161608276 +0100
 +++ serefpolicy-3.6.12/policy/modules/services/shorewall.fc	1970-01-01 01:00:00.000000000 +0100
 @@ -1,12 +0,0 @@
 -
@@ -4586,7 +4648,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/var/lib/shorewall(/.*)?			gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 -/var/lib/shorewall-lite(/.*)?           	gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.if serefpolicy-3.6.12/policy/modules/services/shorewall.if
---- nsaserefpolicy/policy/modules/services/shorewall.if	2009-06-25 10:19:44.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/shorewall.if	2010-01-19 12:51:12.162608683 +0100
 +++ serefpolicy-3.6.12/policy/modules/services/shorewall.if	1970-01-01 01:00:00.000000000 +0100
 @@ -1,166 +0,0 @@
 -## <summary>policy for shorewall</summary>
@@ -4756,7 +4818,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 -
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.te serefpolicy-3.6.12/policy/modules/services/shorewall.te
---- nsaserefpolicy/policy/modules/services/shorewall.te	2009-06-25 10:19:44.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/shorewall.te	2010-01-19 12:51:12.163608950 +0100
 +++ serefpolicy-3.6.12/policy/modules/services/shorewall.te	1970-01-01 01:00:00.000000000 +0100
 @@ -1,102 +0,0 @@
 -policy_module(shorewall,1.0.0)
@@ -4862,8 +4924,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -permissive shorewall_t;
 -
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.12/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/smartmon.te	2009-09-02 10:27:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/smartmon.te	2010-01-19 12:51:12.164608588 +0100
++++ serefpolicy-3.6.12/policy/modules/services/smartmon.te	2010-01-19 12:51:30.864608386 +0100
 @@ -28,9 +28,9 @@
  # Local policy
  #
@@ -4878,7 +4940,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow fsdaemon_t self:unix_stream_socket create_stream_socket_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.6.12/policy/modules/services/snmp.if
 --- nsaserefpolicy/policy/modules/services/snmp.if	2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/snmp.if	2009-09-17 10:38:55.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/snmp.if	2010-01-19 12:51:30.864608386 +0100
 @@ -28,6 +28,24 @@
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -4931,8 +4993,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <summary>
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.12/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/snmp.te	2010-01-05 18:41:36.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/snmp.te	2010-01-19 12:51:12.166620157 +0100
++++ serefpolicy-3.6.12/policy/modules/services/snmp.te	2010-01-19 12:51:30.866608710 +0100
 @@ -27,7 +27,7 @@
  #
  allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
@@ -4952,8 +5014,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_list_sysfs(snmpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-08-19 17:48:56.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc	2010-01-19 12:51:12.169618094 +0100
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2010-01-19 12:51:30.867608418 +0100
 @@ -1,13 +1,15 @@
 +/root/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
  HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -4980,8 +5042,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/MD-Quarantine(/.*)?		gen_context(system_u:object_r:spamd_var_run_t,s0)
 +/var/spool/MIMEDefang(/.*)?		gen_context(system_u:object_r:spamd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.12/policy/modules/services/spamassassin.if
---- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.if	2010-01-05 18:39:03.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/spamassassin.if	2010-01-19 12:51:12.170617872 +0100
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.if	2010-01-19 12:51:30.868612806 +0100
 @@ -246,6 +246,24 @@
  	stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
  ')
@@ -5008,8 +5070,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <summary>
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.12/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te	2009-09-16 12:19:24.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/spamassassin.te	2010-01-19 12:51:12.172608000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te	2010-01-19 12:51:30.870608939 +0100
 @@ -263,6 +263,7 @@
  corenet_tcp_sendrecv_generic_node(spamc_t)
  corenet_tcp_connect_spamd_port(spamc_t)
@@ -5027,8 +5089,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
  manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.12/policy/modules/services/squid.te
---- nsaserefpolicy/policy/modules/services/squid.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/squid.te	2009-08-23 20:37:28.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/squid.te	2010-01-19 12:51:12.176608090 +0100
++++ serefpolicy-3.6.12/policy/modules/services/squid.te	2010-01-19 12:51:30.871608089 +0100
 @@ -67,7 +67,9 @@
  
  can_exec(squid_t, squid_exec_t)
@@ -5040,8 +5102,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_files_pattern(squid_t, squid_var_run_t, squid_var_run_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.12/policy/modules/services/ssh.if
---- nsaserefpolicy/policy/modules/services/ssh.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ssh.if	2009-07-20 14:31:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ssh.if	2010-01-19 12:51:12.179618389 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ssh.if	2010-01-19 12:51:30.873608483 +0100
 @@ -187,7 +187,7 @@
  
  	allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
@@ -5077,8 +5139,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.12/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ssh.te	2009-09-22 17:01:21.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ssh.te	2010-01-19 12:51:12.180607272 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ssh.te	2010-01-19 12:51:30.874608540 +0100
 @@ -133,6 +133,12 @@
  read_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
  read_lnk_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
@@ -5112,8 +5174,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.12/policy/modules/services/sssd.fc
---- nsaserefpolicy/policy/modules/services/sssd.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.fc	2009-10-29 22:53:13.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/sssd.fc	2010-01-19 12:51:12.181611868 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sssd.fc	2010-01-19 12:51:30.875608179 +0100
 @@ -1,6 +1,9 @@
 +/etc/rc\.d/init\.d/sssd	--	gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
  
@@ -5127,8 +5189,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/var/run/sssd.pid	--	gen_context(system_u:object_r:sssd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.12/policy/modules/services/sssd.if
---- nsaserefpolicy/policy/modules/services/sssd.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.if	2009-10-29 23:03:38.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/sssd.if	2010-01-19 12:51:12.182608294 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sssd.if	2010-01-19 12:51:30.876608376 +0100
 @@ -1,5 +1,4 @@
 -
 -## <summary>policy for sssd</summary>
@@ -5155,7 +5217,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	Search sssd lib directories.
-@@ -196,8 +192,7 @@
+@@ -196,8 +193,7 @@
  	')
  
  	files_search_pids($1)
@@ -5165,7 +5227,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -241,9 +235,7 @@
+@@ -241,9 +237,7 @@
  	role_transition $2 sssd_initrc_exec_t system_r;
  	allow $2 system_r;
  
@@ -5178,9 +5240,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 -
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.12/policy/modules/services/sssd.te
---- nsaserefpolicy/policy/modules/services/sssd.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.te	2009-10-29 23:01:59.000000000 +0100
-@@ -9,54 +10,51 @@
+--- nsaserefpolicy/policy/modules/services/sssd.te	2010-01-19 12:51:12.183620783 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sssd.te	2010-01-19 12:51:30.878608770 +0100
+@@ -9,54 +9,51 @@
  type sssd_exec_t;
  init_daemon_domain(sssd_t, sssd_exec_t)
  
@@ -5253,7 +5315,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_use_nsswitch(sssd_t)
  auth_domtrans_chk_passwd(sssd_t)
  auth_domtrans_upd_passwd(sssd_t)
-@@ -68,6 +66,8 @@
+@@ -68,6 +65,8 @@
  
  miscfiles_read_localization(sssd_t)
  
@@ -5264,7 +5326,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	dbus_connect_system_bus(sssd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.6.12/policy/modules/services/tftp.fc
 --- nsaserefpolicy/policy/modules/services/tftp.fc	2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/tftp.fc	2009-10-16 15:01:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/tftp.fc	2010-01-19 12:51:30.879608478 +0100
 @@ -5,4 +5,4 @@
  /tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
  /tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
@@ -5272,8 +5334,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_t,s0)
 +/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_rw_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.12/policy/modules/services/uucp.te
---- nsaserefpolicy/policy/modules/services/uucp.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/uucp.te	2009-07-07 09:47:39.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/uucp.te	2010-01-19 12:51:12.189618124 +0100
++++ serefpolicy-3.6.12/policy/modules/services/uucp.te	2010-01-19 12:51:30.880608326 +0100
 @@ -95,6 +95,8 @@
  files_search_home(uucpd_t)
  files_search_spool(uucpd_t)
@@ -5284,8 +5346,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  logging_send_syslog_msg(uucpd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.12/policy/modules/services/virt.fc
---- nsaserefpolicy/policy/modules/services/virt.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/virt.fc	2009-09-16 13:17:05.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/virt.fc	2010-01-19 12:51:12.192608379 +0100
++++ serefpolicy-3.6.12/policy/modules/services/virt.fc	2010-01-19 12:51:30.882608650 +0100
 @@ -10,6 +10,7 @@
  /var/lib/libvirt/images(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
  /var/lib/libvirt/isos(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
@@ -5295,8 +5357,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/libvirt(/.*)?		gen_context(system_u:object_r:virt_log_t,s0)
  /var/run/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/virt.te	2010-01-06 14:47:34.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/virt.te	2010-01-19 12:51:12.195618608 +0100
++++ serefpolicy-3.6.12/policy/modules/services/virt.te	2010-01-19 12:51:30.883608708 +0100
 @@ -22,6 +22,13 @@
  
  ## <desc>
@@ -5386,8 +5448,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.12/policy/modules/services/xserver.fc
---- nsaserefpolicy/policy/modules/services/xserver.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.fc	2009-09-29 18:24:34.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/xserver.fc	2010-01-19 12:51:12.197618304 +0100
++++ serefpolicy-3.6.12/policy/modules/services/xserver.fc	2010-01-19 12:51:30.884608137 +0100
 @@ -13,6 +13,7 @@
  HOME_DIR/\.dmrc			--	gen_context(system_u:object_r:xdm_home_t,s0)
  
@@ -5413,8 +5475,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/xauth(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.12/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.if	2009-08-05 23:23:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/xserver.if	2010-01-19 12:51:12.199608012 +0100
++++ serefpolicy-3.6.12/policy/modules/services/xserver.if	2010-01-19 12:51:30.886608531 +0100
 @@ -599,9 +599,10 @@
  #
  interface(`xserver_use_xdm_fds',`
@@ -5489,8 +5551,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1 xdm_t:x_client { getattr destroy };
  	allow $1 xdm_t:x_drawable { read receive get_property getattr send list_child add_child };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.12/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.te	2009-11-16 15:19:31.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/xserver.te	2010-01-19 12:51:12.202607975 +0100
++++ serefpolicy-3.6.12/policy/modules/services/xserver.te	2010-01-19 12:51:30.889608563 +0100
 @@ -339,6 +339,8 @@
  allow xdm_t self:appletalk_socket create_socket_perms;
  allow xdm_t self:key { search link write };
@@ -5561,8 +5623,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_domtrans(xserver_t)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.12/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/authlogin.fc	2010-01-19 12:51:12.206620357 +0100
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc	2010-01-19 12:51:30.890608760 +0100
 @@ -24,6 +24,8 @@
  /usr/sbin/unix_chkpwd	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
  ')
@@ -5578,8 +5640,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 -/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.12/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.if	2009-10-29 23:01:14.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.if	2010-01-19 12:51:12.208618307 +0100
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.if	2010-01-19 12:51:30.893608653 +0100
 @@ -30,6 +30,53 @@
  	dontaudit $2 shadow_t:file read_file_perms;
  ')
@@ -5918,8 +5980,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -')
 -
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.12/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/authlogin.te	2010-01-19 12:51:12.210617933 +0100
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.te	2010-01-19 12:51:30.895608838 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(authlogin, 2.0.0)
@@ -6016,9 +6078,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_manage_etc_files(updpwd_t)
  
  term_dontaudit_use_console(updpwd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.6.12/policy/modules/system/hotplug.te
+--- nsaserefpolicy/policy/modules/system/hotplug.te	2009-04-07 21:54:48.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/hotplug.te	2010-01-19 12:58:18.335608750 +0100
+@@ -125,6 +125,10 @@
+ ')
+ 
+ optional_policy(`
++    brctl_domtrans(hotplug_t)
++')
++
++optional_policy(`
+ 	consoletype_exec(hotplug_t)
+ ')
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.12/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/init.fc	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/init.fc	2010-01-19 12:51:12.213607908 +0100
++++ serefpolicy-3.6.12/policy/modules/system/init.fc	2010-01-19 12:51:30.895608838 +0100
 @@ -6,6 +6,8 @@
  /etc/rc\.d/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
  /etc/rc\.d/rc\.[^/]+	--	gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -6029,8 +6105,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /etc/X11/prefdm		--	gen_context(system_u:object_r:initrc_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/init.te	2009-09-14 14:35:30.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/init.te	2010-01-19 12:51:12.218608055 +0100
++++ serefpolicy-3.6.12/policy/modules/system/init.te	2010-01-19 12:51:30.897609022 +0100
 @@ -285,6 +285,7 @@
  kernel_dontaudit_getattr_message_if(initrc_t)
  kernel_stream_connect(initrc_t)
@@ -6066,8 +6142,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.12/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/ipsec.te	2009-08-20 13:08:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/ipsec.te	2010-01-19 12:51:12.219617681 +0100
++++ serefpolicy-3.6.12/policy/modules/system/ipsec.te	2010-01-19 12:51:30.898618857 +0100
 @@ -1,11 +1,18 @@
  
 -policy_module(ipsec, 1.9.0)
@@ -6251,8 +6327,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # allow setkey to set the context for ipsec SAs and policy.
  ipsec_setcontext_default_spd(setkey_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.12/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/iptables.te	2009-10-29 22:49:15.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/iptables.te	2010-01-19 12:51:12.220618087 +0100
++++ serefpolicy-3.6.12/policy/modules/system/iptables.te	2010-01-19 12:51:30.899617658 +0100
 @@ -101,10 +101,18 @@
  ')
  
@@ -6273,8 +6349,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.12/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/iscsi.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2010-01-19 12:51:12.222607936 +0100
++++ serefpolicy-3.6.12/policy/modules/system/iscsi.te	2010-01-19 12:51:30.900616179 +0100
 @@ -69,6 +69,7 @@
  dev_rw_sysfs(iscsid_t)
  
@@ -6284,8 +6360,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_read_etc_files(iscsid_t)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc	2010-01-05 18:53:24.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/libraries.fc	2010-01-19 12:51:12.224618317 +0100
++++ serefpolicy-3.6.12/policy/modules/system/libraries.fc	2010-01-19 12:51:30.901607506 +0100
 @@ -139,8 +139,10 @@
  /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/fglrx/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -6361,8 +6437,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/chromium-browser/.*\.so   --  gen_context(system_u:object_r:textrel_shlib_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.12/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/locallogin.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/locallogin.te	2010-01-19 12:51:12.226618013 +0100
++++ serefpolicy-3.6.12/policy/modules/system/locallogin.te	2010-01-19 12:51:30.902612103 +0100
 @@ -211,6 +211,7 @@
  # Sulogin local policy
  #
@@ -6384,8 +6460,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`sulogin_no_pam', `
  	allow sulogin_t self:capability sys_tty_config;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.12/policy/modules/system/logging.fc
---- nsaserefpolicy/policy/modules/system/logging.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/logging.fc	2009-09-29 18:32:45.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/logging.fc	2010-01-19 12:51:12.227608292 +0100
++++ serefpolicy-3.6.12/policy/modules/system/logging.fc	2010-01-19 12:51:30.903607202 +0100
 @@ -50,6 +50,7 @@
  ')
  
@@ -6395,8 +6471,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.12/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/logging.te	2009-09-29 14:05:27.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/logging.te	2010-01-19 12:51:12.230617963 +0100
++++ serefpolicy-3.6.12/policy/modules/system/logging.te	2010-01-19 12:51:30.903607202 +0100
 @@ -481,6 +481,10 @@
  ')
  
@@ -6410,7 +6486,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.6.12/policy/modules/system/miscfiles.fc
 --- nsaserefpolicy/policy/modules/system/miscfiles.fc	2009-04-07 21:54:48.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/miscfiles.fc	2009-07-30 17:46:06.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/miscfiles.fc	2010-01-19 12:51:30.904615849 +0100
 @@ -11,6 +11,7 @@
  /etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)
  /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
@@ -6420,8 +6496,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`distro_redhat',`
  /etc/sysconfig/clock	--	gen_context(system_u:object_r:locale_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.12/policy/modules/system/miscfiles.if
---- nsaserefpolicy/policy/modules/system/miscfiles.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/miscfiles.if	2009-11-16 15:23:38.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/miscfiles.if	2010-01-19 12:51:12.233607519 +0100
++++ serefpolicy-3.6.12/policy/modules/system/miscfiles.if	2010-01-19 12:51:30.905607456 +0100
 @@ -272,6 +272,24 @@
  	allow $1 locale_t:file execute;
  ')
@@ -6448,8 +6524,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <summary>
  ##	Do not audit attempts to search man pages.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.12/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/mount.if	2009-09-08 13:12:41.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/mount.if	2010-01-19 12:51:12.236617958 +0100
++++ serefpolicy-3.6.12/policy/modules/system/mount.if	2010-01-19 12:51:30.907607780 +0100
 @@ -175,7 +175,9 @@
  interface(`mount_signal',`
  	gen_require(`
@@ -6461,8 +6537,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1 unconfined_mount_t:process signal; 
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.12/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/mount.te	2009-08-11 10:04:04.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/mount.te	2010-01-19 12:51:12.238608295 +0100
++++ serefpolicy-3.6.12/policy/modules/system/mount.te	2010-01-19 12:51:30.908607838 +0100
 @@ -72,6 +72,7 @@
  dev_list_all_dev_nodes(mount_t)
  dev_read_usbfs(mount_t)
@@ -6472,8 +6548,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_dontaudit_getattr_all_chr_files(mount_t)
  dev_dontaudit_getattr_memory_dev(mount_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.12/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.if	2009-08-12 10:55:14.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if	2010-01-19 12:51:12.258607697 +0100
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.if	2010-01-19 12:51:30.909607476 +0100
 @@ -281,6 +281,7 @@
  	')
  
@@ -6483,8 +6559,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.12/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te	2009-07-17 09:43:41.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te	2010-01-19 12:51:12.259607335 +0100
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te	2010-01-19 12:51:30.909607476 +0100
 @@ -45,7 +45,7 @@
  # DHCP client local policy
  #
@@ -6542,7 +6618,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.12/policy/modules/system/udev.fc
 --- nsaserefpolicy/policy/modules/system/udev.fc	2009-04-07 21:54:48.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/udev.fc	2009-07-30 17:22:30.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/udev.fc	2010-01-19 12:51:30.910607394 +0100
 @@ -5,6 +5,7 @@
  /etc/dev\.d/.+	--	gen_context(system_u:object_r:udev_helper_exec_t,s0)
  
@@ -6552,8 +6628,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /etc/udev/scripts/.+ --	gen_context(system_u:object_r:udev_helper_exec_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.12/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/udev.te	2009-08-13 18:24:35.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/udev.te	2010-01-19 12:51:12.260607322 +0100
++++ serefpolicy-3.6.12/policy/modules/system/udev.te	2010-01-19 12:51:30.911607381 +0100
 @@ -67,6 +67,7 @@
  
  manage_dirs_pattern(udev_t,udev_var_run_t,udev_var_run_t)
@@ -6592,17 +6668,29 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_write_xen_state(udev_t)
  	kernel_read_xen_state(udev_t)
  	xen_manage_log(udev_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.12/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if	2010-01-19 12:51:12.261616599 +0100
++++ serefpolicy-3.6.12/policy/modules/system/unconfined.if	2010-01-19 13:07:33.863608811 +0100
+@@ -21,6 +21,8 @@
+ 	allow $1 self:capability all_capabilities;
+ 	allow $1 self:fifo_file manage_fifo_file_perms;
+ 
++	allow $1 self:socket_class_set create_socket_perms;
++
+ 	# Transition to myself, to make get_ordered_context_list happy.
+ 	allow $1 self:process transition;
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.12/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.fc	2010-01-06 16:10:17.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.fc	2010-01-19 12:51:12.263607495 +0100
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.fc	2010-01-19 12:51:30.911607381 +0100
 @@ -5,3 +5,4 @@
  /root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
  /dev/shm/pulse-shm.*	gen_context(system_u:object_r:user_tmpfs_t,s0)
  /dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
 +HOME_DIR/\.cert(/.*)?   gen_context(system_u:object_r:home_cert_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if	2010-01-06 16:08:08.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.if	2010-01-19 12:51:12.266607248 +0100
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.if	2010-01-19 12:51:30.913607357 +0100
 @@ -443,6 +443,9 @@
  	dev_rw_usbfs($1)
  	dev_rw_generic_usb_dev($1)
@@ -6728,8 +6816,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +    read_lnk_files_pattern($1, home_cert_t, home_cert_t)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.12/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.te	2010-01-06 16:05:29.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.te	2010-01-19 12:51:12.268618607 +0100
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.te	2010-01-19 12:51:30.915607401 +0100
 @@ -92,6 +92,10 @@
  dev_node(user_tty_device_t)
  ubac_constrained(user_tty_device_t)
@@ -6742,8 +6830,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	term_use_console(userdomain)
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.12/policy/modules/system/virtual.te
---- nsaserefpolicy/policy/modules/system/virtual.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/virtual.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/virtual.te	2010-01-19 12:51:12.270618023 +0100
++++ serefpolicy-3.6.12/policy/modules/system/virtual.te	2010-01-19 12:51:30.915607401 +0100
 @@ -38,6 +38,7 @@
  dev_read_sound(virtualdomain)
  dev_write_sound(virtualdomain)
@@ -6764,8 +6852,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	virt_read_lib_files(virtualdomain)
  	virt_read_content(virtualdomain)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.12/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/xen.te	2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/xen.te	2010-01-19 12:51:12.272607522 +0100
++++ serefpolicy-3.6.12/policy/modules/system/xen.te	2010-01-19 12:51:30.916615840 +0100
 @@ -419,6 +419,7 @@
  kernel_read_xen_state(xm_ssh_t)
  kernel_write_xen_state(xm_ssh_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7e23039..440fbac 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 93%{?dist}
+Release: 94%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -442,6 +442,12 @@ exit 0
 %endif
 
 %changelog
+* Tue Jan 19 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-94
+- Allow hotplug to transition to brctl domain
+- Allow sendmail to read and write to an fail2ban unix stream socket
+- Allow dovecot to read and write files stored on a NFS filesytem
+- Allow locate to read all noxattrfs symbolic links
+
 * Wed Jan 6 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-93
 - Add labeling for /etc/NetworkManager directory
 - Add home_cert type and appropriate labeling