diff --git a/policy-20070703.patch b/policy-20070703.patch
index 203451f..6aedb41 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -3998,7 +3998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc 2008-02-11 14:27:53.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc 2008-02-12 12:56:42.000000000 -0500
@@ -7,6 +7,7 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4035,21 +4035,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
#
# /usr
#
-@@ -126,10 +132,11 @@
+@@ -126,10 +132,7 @@
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/cups/drivers(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
-@@ -163,9 +170,15 @@
+@@ -163,9 +166,15 @@
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -4066,7 +4064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
-@@ -180,6 +193,7 @@
+@@ -180,6 +189,7 @@
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
@@ -4074,7 +4072,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -259,3 +273,23 @@
+@@ -259,3 +269,23 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -4187,7 +4185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2008-02-11 16:24:42.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2008-02-11 18:25:44.000000000 -0500
@@ -55,6 +55,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -4200,7 +4198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
# server_packet_t is the default type of IPv4 and IPv6 server packets.
#
type server_packet_t, packet_type, server_packet_type;
-@@ -67,11 +72,12 @@
+@@ -67,6 +72,7 @@
network_port(amanda, udp,10080,s0, tcp,10080,s0, udp,10081,s0, tcp,10081,s0, tcp,10082,s0, tcp,10083,s0)
network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0)
@@ -4208,12 +4206,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0)
network_port(auth, tcp,113,s0)
- network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
--type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
-+type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strictx
- network_port(clamd, tcp,3310,s0)
- network_port(clockspeed, udp,4041,s0)
- network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0)
@@ -93,10 +99,11 @@
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0) # 8118 is for privoxy
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
@@ -8102,8 +8094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.0.8/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.fc 2008-01-17 09:03:07.000000000 -0500
-@@ -8,17 +8,15 @@
++++ serefpolicy-3.0.8/policy/modules/services/cups.fc 2008-02-12 13:39:28.000000000 -0500
+@@ -8,24 +8,28 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/printers\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -8120,10 +8112,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
-/usr/lib(64)?/cups/backend/.* -- gen_context(system_u:object_r:cupsd_exec_t,s0)
-/usr/lib(64)?/cups/daemon/.* -- gen_context(system_u:object_r:cupsd_exec_t,s0)
- /usr/lib(64)?/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
+-/usr/lib(64)?/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
++/usr/lib/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
++/usr/lib64/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
/usr/libexec/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
-@@ -26,6 +24,11 @@
+
/usr/sbin/cupsd -- gen_context(system_u:object_r:cupsd_exec_t,s0)
/usr/sbin/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
/usr/sbin/hpiod -- gen_context(system_u:object_r:hplip_exec_t,s0)
@@ -8135,7 +8129,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
/usr/sbin/printconf-backend -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
/usr/sbin/ptal-printd -- gen_context(system_u:object_r:ptal_exec_t,s0)
/usr/sbin/ptal-mlcd -- gen_context(system_u:object_r:ptal_exec_t,s0)
-@@ -33,7 +36,7 @@
+@@ -33,7 +37,7 @@
/usr/share/cups(/.*)? gen_context(system_u:object_r:cupsd_etc_t,s0)
/usr/share/foomatic/db/oldprinterids -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -8144,7 +8138,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -51,4 +54,5 @@
+@@ -51,4 +55,5 @@
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
@@ -8161,7 +8155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/cups.te 2008-02-12 10:07:02.000000000 -0500
@@ -48,9 +48,8 @@
type hplip_t;
type hplip_exec_t;
@@ -8348,7 +8342,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -377,6 +404,14 @@
+@@ -356,6 +383,7 @@
+ logging_send_syslog_msg(cupsd_config_t)
+
+ miscfiles_read_localization(cupsd_config_t)
++miscfiles_read_hwdata(cupsd_config_t)
+
+ seutil_dontaudit_search_config(cupsd_config_t)
+
+@@ -377,6 +405,14 @@
')
optional_policy(`
@@ -8363,7 +8365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -393,6 +428,7 @@
+@@ -393,6 +429,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -8371,7 +8373,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
')
optional_policy(`
-@@ -482,6 +518,8 @@
+@@ -482,6 +519,8 @@
files_read_etc_files(cupsd_lpd_t)
@@ -8380,7 +8382,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
libs_use_ld_so(cupsd_lpd_t)
libs_use_shared_libs(cupsd_lpd_t)
-@@ -489,22 +527,12 @@
+@@ -489,22 +528,12 @@
miscfiles_read_localization(cupsd_lpd_t)
@@ -8403,7 +8405,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
########################################
#
# HPLIP local policy
-@@ -522,14 +550,12 @@
+@@ -522,14 +551,12 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
@@ -8422,7 +8424,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-@@ -560,7 +586,7 @@
+@@ -560,7 +587,7 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -8431,7 +8433,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -587,7 +613,7 @@
+@@ -587,7 +614,7 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -8440,7 +8442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
optional_policy(`
seutil_sigchld_newrole(hplip_t)
-@@ -668,3 +694,15 @@
+@@ -668,3 +695,15 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -9832,7 +9834,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+/var/run/vbe.* -- gen_context(system_u:object_r:hald_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.0.8/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/hal.te 2008-01-21 13:37:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/hal.te 2008-02-13 09:08:54.000000000 -0500
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -9896,7 +9898,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
allow hald_acl_t self:fifo_file read_fifo_file_perms;
domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
-@@ -340,10 +352,14 @@
+@@ -306,6 +318,7 @@
+ corecmd_exec_bin(hald_acl_t)
+
+ dev_getattr_all_chr_files(hald_acl_t)
++dev_setattr_all_chr_files(hald_acl_t)
+ dev_getattr_generic_usb_dev(hald_acl_t)
+ dev_getattr_video_dev(hald_acl_t)
+ dev_setattr_video_dev(hald_acl_t)
+@@ -340,10 +353,14 @@
manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_mac_t)
@@ -11262,7 +11272,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.0.8/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.fc 2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.fc 2008-02-14 15:08:15.000000000 -0500
@@ -1,7 +1,9 @@
/usr/s?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/s?bin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
@@ -11272,38 +11282,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
/var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-+/var/log/wpa_supplicant.log.* -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
++/var/log/wpa_supplicant\.log.* -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.0.8/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.if 2008-01-17 09:03:07.000000000 -0500
-@@ -97,3 +97,42 @@
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.if 2008-02-14 15:08:03.000000000 -0500
+@@ -97,3 +97,21 @@
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
')
+
+########################################
+##
-+## dontaudit send and receive messages from
-+## NetworkManager over dbus.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`networkmanager_dontaudit_dbus_chat',`
-+ gen_require(`
-+ type NetworkManager_t;
-+ class dbus send_msg;
-+ ')
-+
-+ dontaudit $1 NetworkManager_t:dbus send_msg;
-+ dontaudit NetworkManager_t $1:dbus send_msg;
-+')
-+
-+########################################
-+##
+## Send a generic signal to NetworkManager
+##
+##
@@ -11321,7 +11310,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2008-01-22 09:24:05.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2008-02-14 15:07:55.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(networkmanager,1.7.1)
++policy_module(networkmanager,1.9.0)
+
+ ########################################
+ #
@@ -13,6 +13,9 @@
type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t)
@@ -11337,11 +11333,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
# networkmanager will ptrace itself if gdb is installed
# and it receives a unexpected signal (rh bug #204161)
-allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
-+allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
++allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms };
allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
-@@ -38,6 +41,9 @@
+@@ -38,10 +41,14 @@
manage_sock_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
files_pid_filetrans(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
@@ -11351,16 +11347,29 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
kernel_read_kernel_sysctls(NetworkManager_t)
-@@ -82,6 +88,8 @@
- files_read_etc_files(NetworkManager_t)
- files_read_etc_runtime_files(NetworkManager_t)
- files_read_usr_files(NetworkManager_t)
-+files_read_all_pids(NetworkManager_t)
-+files_unlink_generic_pids(NetworkManager_t)
+ kernel_load_module(NetworkManager_t)
++kernel_read_debugfs(NetworkManager_t)
+
+ corenet_all_recvfrom_unlabeled(NetworkManager_t)
+ corenet_all_recvfrom_netlabel(NetworkManager_t)
+@@ -67,6 +74,7 @@
+
+ fs_getattr_all_fs(NetworkManager_t)
+ fs_search_auto_mountpoints(NetworkManager_t)
++fs_list_inotifyfs(NetworkManager_t)
+
+ mls_file_read_all_levels(NetworkManager_t)
+@@ -86,6 +94,8 @@
init_read_utmp(NetworkManager_t)
init_domtrans_script(NetworkManager_t)
-@@ -129,15 +137,17 @@
+
++auth_use_nsswitch(NetworkManager_t)
++
+ libs_use_ld_so(NetworkManager_t)
+ libs_use_shared_libs(NetworkManager_t)
+
+@@ -129,28 +139,21 @@
')
optional_policy(`
@@ -11368,30 +11377,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
- class dbus send_msg;
- ')
-
- allow NetworkManager_t self:dbus send_msg;
-
- dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
- dbus_connect_system_bus(NetworkManager_t)
- dbus_send_system_bus(NetworkManager_t)
-+ dbus_dontaudit_rw_system_selinux_socket(NetworkManager_t)
+- allow NetworkManager_t self:dbus send_msg;
+-
+- dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
+- dbus_connect_system_bus(NetworkManager_t)
+- dbus_send_system_bus(NetworkManager_t)
+ dbus_system_domain(NetworkManager_t,NetworkManager_exec_t)
-+')
-+
-+optional_policy(`
+ ')
+
+ optional_policy(`
+- howl_signal(NetworkManager_t)
+ hal_write_log(NetworkManager_t)
')
optional_policy(`
-@@ -151,6 +161,8 @@
+- nis_use_ypbind(NetworkManager_t)
++ howl_signal(NetworkManager_t)
+ ')
+
optional_policy(`
- nscd_socket_use(NetworkManager_t)
+- nscd_socket_use(NetworkManager_t)
nscd_signal(NetworkManager_t)
+ nscd_script_domtrans(NetworkManager_t)
+ nscd_domtrans(NetworkManager_t)
')
optional_policy(`
-@@ -162,6 +174,7 @@
+@@ -162,19 +165,20 @@
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
ppp_signal(NetworkManager_t)
@@ -11399,14 +11411,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -173,8 +186,10 @@
+- seutil_sigchld_newrole(NetworkManager_t)
++ # Dispatcher starting and stoping ntp
++ ntp_script_domtrans(NetworkManager_t)
+ ')
+
+ optional_policy(`
+- udev_read_db(NetworkManager_t)
++ seutil_sigchld_newrole(NetworkManager_t)
')
optional_policy(`
-+ unconfined_rw_pipes(NetworkManager_t)
- # Read gnome-keyring
- unconfined_read_home_content_files(NetworkManager_t)
-+ unconfined_use_terminals(NetworkManager_t)
+- # Read gnome-keyring
+- unconfined_read_home_content_files(NetworkManager_t)
++ udev_read_db(NetworkManager_t)
')
optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4618806..261d0ef 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 84%{?dist}
+Release: 85%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
%endif
%changelog
+* Tue Feb 12 2008 Dan Walsh 3.0.8-85
+- Fix cups executables labeling
+
* Fri Feb 1 2008 Dan Walsh 3.0.8-84
- Allow fail2ban to create sock_files in /var/run