diff --git a/policy-20071130.patch b/policy-20071130.patch
index 03eef7f..890ee91 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -3099,9 +3099,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
+ xserver_exec_pid(vbetool_t)
+ xserver_write_pid(vbetool_t)
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.3.1/policy/modules/admin/vpn.if
+--- nsaserefpolicy/policy/modules/admin/vpn.if 2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.if 2008-06-26 07:40:55.000000000 -0400
+@@ -48,6 +48,7 @@
+ vpn_domtrans($1)
+ role $2 types vpnc_t;
+ allow vpnc_t $3:chr_file rw_term_perms;
++ sysnet_run_ifconfig(vpnc_t, $2, $3)
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2008-06-12 23:38:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2008-06-26 07:40:35.000000000 -0400
@@ -24,7 +24,8 @@
allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
@@ -3112,6 +3123,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te
allow vpnc_t self:tcp_socket create_stream_socket_perms;
allow vpnc_t self:udp_socket create_socket_perms;
allow vpnc_t self:rawip_socket create_socket_perms;
+@@ -102,7 +103,6 @@
+ seutil_dontaudit_search_config(vpnc_t)
+ seutil_use_newrole_fds(vpnc_t)
+
+-sysnet_domtrans_ifconfig(vpnc_t)
+ sysnet_etc_filetrans_config(vpnc_t)
+ sysnet_manage_config(vpnc_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.3.1/policy/modules/apps/ethereal.fc
--- nsaserefpolicy/policy/modules/apps/ethereal.fc 2008-06-12 23:38:02.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc 2008-06-12 23:38:04.000000000 -0400
@@ -13937,7 +13956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2008-06-12 23:38:04.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2008-06-26 07:24:33.000000000 -0400
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -14043,8 +14062,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
')
')
-@@ -209,12 +225,9 @@
+@@ -207,14 +223,12 @@
+ type system_dbusd_t, system_dbusd_t;
+ type system_dbusd_var_run_t, system_dbusd_var_lib_t;
class dbus send_msg;
++ attribute dbusd_unconfined;
')
-# type $1_dbusd_system_t;
@@ -14053,12 +14075,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
# SE-DBus specific permissions
-# allow $1_dbusd_system_t { system_dbusd_t self }:dbus send_msg;
- allow $2 { system_dbusd_t self }:dbus send_msg;
-+ allow $2 { system_dbusd_t $2 }:dbus send_msg;
-+ allow system_dbusd_t $2:dbus send_msg;
++ allow $2 { system_dbusd_t $2 dbusd_unconfined }:dbus send_msg;
++ allow { system_dbusd_t dbusd_unconfined } $2:dbus send_msg;
read_files_pattern($2, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
files_search_var_lib($2)
-@@ -223,6 +236,10 @@
+@@ -223,6 +237,10 @@
files_search_pids($2)
stream_connect_pattern($2,system_dbusd_var_run_t,system_dbusd_var_run_t,system_dbusd_t)
dbus_read_config($2)
@@ -14069,7 +14091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
')
#######################################
-@@ -251,18 +268,16 @@
+@@ -251,18 +269,16 @@
template(`dbus_user_bus_client_template',`
gen_require(`
type $1_dbusd_t;
@@ -14090,7 +14112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
')
########################################
-@@ -292,6 +307,55 @@
+@@ -292,6 +308,55 @@
########################################
##
@@ -14146,7 +14168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
## Read dbus configuration.
##
##
-@@ -366,3 +430,55 @@
+@@ -366,3 +431,55 @@
allow $1 system_dbusd_t:dbus *;
')
@@ -14204,7 +14226,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.3.1/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2008-06-12 23:38:04.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2008-06-26 07:21:03.000000000 -0400
@@ -9,9 +9,10 @@
#
# Delcarations
@@ -14286,7 +14308,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
libs_use_ld_so(system_dbusd_t)
libs_use_shared_libs(system_dbusd_t)
-@@ -121,9 +139,36 @@
+@@ -121,9 +139,37 @@
')
optional_policy(`
@@ -14317,6 +14339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+ ')
+ unconfined_domain(unconfined_dbusd_t)
+ allow dbusd_unconfined domain:dbus send_msg;
++ allow domain dbusd_unconfined:dbus send_msg;
+
+ optional_policy(`
+ xserver_xdm_rw_shm(unconfined_dbusd_t)
@@ -30330,6 +30353,49 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
zebra_read_config(initrc_t)
')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.3.1/policy/modules/system/ipsec.if
+--- nsaserefpolicy/policy/modules/system/ipsec.if 2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.if 2008-06-26 07:50:05.000000000 -0400
+@@ -152,6 +152,25 @@
+
+ ########################################
+ ##
++## write the ipsec_var_run_t files.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`ipsec_write_pid',`
++ gen_require(`
++ type ipsec_var_run_t;
++ ')
++
++ files_search_pids($1)
++ write_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
++')
++
++########################################
++##
+ ## Execute racoon in the racoon domain.
+ ##
+ ##
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te 2008-06-26 07:47:23.000000000 -0400
+@@ -69,8 +69,8 @@
+ read_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
+ read_lnk_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
+
+-allow ipsec_t ipsec_var_run_t:file manage_file_perms;
+-allow ipsec_t ipsec_var_run_t:sock_file manage_sock_file_perms;
++manage_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
++manage_sock_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
+ files_pid_filetrans(ipsec_t,ipsec_var_run_t,{ file sock_file })
+
+ can_exec(ipsec_t, ipsec_mgmt_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2008-06-12 23:38:02.000000000 -0400
@@ -30391,7 +30457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2008-06-12 23:38:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2008-06-25 07:11:54.000000000 -0400
@@ -69,8 +69,10 @@
ifdef(`distro_gentoo',`
# despite the extensions, they are actually libs
@@ -30403,7 +30469,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/opt/netscape/plugins(/.*)? gen_context(system_u:object_r:lib_t,s0)
/opt/netscape/plugins/libflashplayer\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -133,6 +135,7 @@
+@@ -101,8 +103,10 @@
+ #
+ # /usr
+ #
+-/usr/(.*/)?/HelixPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/(.*/)?/RealPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?HelixPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?RealPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/opt/real/(.*/)?.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/opt/helix/(.*/)?.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ /usr/(.*/)?java/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
+@@ -133,6 +137,7 @@
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30411,7 +30490,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -165,6 +168,7 @@
+@@ -165,6 +170,7 @@
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/\.gstreamer-.*/plugins/*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30419,7 +30498,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -183,6 +187,7 @@
+@@ -183,6 +189,7 @@
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30427,7 +30506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -242,7 +247,7 @@
+@@ -242,7 +249,7 @@
# Flash plugin, Macromedia
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30436,7 +30515,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -287,11 +292,15 @@
+@@ -287,11 +294,15 @@
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30452,7 +30531,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-@@ -304,3 +313,11 @@
+@@ -304,3 +315,11 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
@@ -33133,7 +33212,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2008-06-12 23:38:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2008-06-26 07:51:09.000000000 -0400
@@ -20,6 +20,10 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -33283,7 +33362,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
domain_use_interactive_fds(ifconfig_t)
-@@ -308,7 +334,7 @@
+@@ -303,12 +329,16 @@
+
+ userdom_use_all_users_fds(ifconfig_t)
+
++optional_policy(`
++ ipsec_write_pid(ifconfig_t)
++')
++
+ ifdef(`distro_ubuntu',`
+ optional_policy(`
unconfined_domain(ifconfig_t)
')
')
@@ -33292,7 +33380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
ifdef(`hide_broken_symptoms',`
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -332,6 +358,14 @@
+@@ -332,6 +362,14 @@
')
optional_policy(`
@@ -33423,8 +33511,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.3.1/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc 2008-06-23 06:28:07.000000000 -0400
-@@ -1,16 +1,24 @@
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc 2008-06-25 07:14:00.000000000 -0400
+@@ -1,16 +1,26 @@
# Add programs here which should not be confined by SELinux
# e.g.:
-# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -33455,6 +33543,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+/usr/bin/runhaskell -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/libexec/ghc-[^/]+/.*bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/libexec/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++
++/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.3.1/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/system/unconfined.if 2008-06-12 23:38:02.000000000 -0400
@@ -34152,7 +34242,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-06-24 06:25:05.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-06-27 07:06:25.000000000 -0400
@@ -29,9 +29,14 @@
')
@@ -36474,7 +36564,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4839,6 +5116,26 @@
+@@ -4815,6 +5092,8 @@
+ ')
+
+ dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
++ fs_dontaudit_list_nfs($1)
++ fs_dontaudit_list_cifs($1)
+ ')
+
+ ########################################
+@@ -4839,6 +5118,26 @@
########################################
##
@@ -36501,7 +36600,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all directories
## in all users home directories.
##
-@@ -4859,6 +5156,25 @@
+@@ -4859,6 +5158,25 @@
########################################
##
@@ -36527,7 +36626,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all files
## in all users home directories.
##
-@@ -4879,6 +5195,26 @@
+@@ -4879,6 +5197,26 @@
########################################
##
@@ -36554,7 +36653,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all symlinks
## in all users home directories.
##
-@@ -5115,7 +5451,7 @@
+@@ -5115,7 +5453,7 @@
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
@@ -36563,7 +36662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
files_search_home($1)
-@@ -5304,8 +5640,8 @@
+@@ -5304,8 +5642,8 @@
########################################
##
@@ -36574,7 +36673,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5313,19 +5649,26 @@
+@@ -5313,19 +5651,26 @@
##
##
#
@@ -36605,7 +36704,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5333,18 +5676,29 @@
+@@ -5333,18 +5678,29 @@
##
##
#
@@ -36638,7 +36737,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5352,17 +5706,19 @@
+@@ -5352,17 +5708,19 @@
##
##
#
@@ -36662,7 +36761,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5370,14 +5726,51 @@
+@@ -5370,14 +5728,51 @@
##
##
#
@@ -36719,7 +36818,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
########################################
##
-@@ -5509,6 +5902,42 @@
+@@ -5509,6 +5904,42 @@
########################################
##
@@ -36762,7 +36861,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Read and write unprivileged user ttys.
##
##
-@@ -5559,7 +5988,7 @@
+@@ -5559,7 +5990,7 @@
attribute userdomain;
')
@@ -36771,7 +36870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_search_proc($1)
')
-@@ -5674,6 +6103,42 @@
+@@ -5674,6 +6105,42 @@
########################################
##
@@ -36814,7 +36913,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Send a dbus message to all user domains.
##
##
-@@ -5704,3 +6169,408 @@
+@@ -5704,3 +6171,408 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3081e79..c06f0b8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 71%{?dist}
+Release: 72%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,9 @@ exit 0
%endif
%changelog
+* Wed Jun 23 2008 Dan Walsh 3.3.1-72
+- Fix file context of real player
+
* Mon Jun 23 2008 Dan Walsh 3.3.1-71
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server