diff --git a/policy-F14.patch b/policy-F14.patch
index 9eb8862..65dad37 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -1272,6 +1272,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
optional_policy(`
hostname_exec(shorewall_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.fc serefpolicy-3.8.8/policy/modules/admin/shutdown.fc
+--- nsaserefpolicy/policy/modules/admin/shutdown.fc 2010-07-14 11:21:53.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/admin/shutdown.fc 2010-07-26 16:52:20.000000000 -0400
+@@ -3,3 +3,5 @@
+ /sbin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0)
+
+ /var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0)
++
++/lib/upstart/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.8.8/policy/modules/admin/shutdown.if
--- nsaserefpolicy/policy/modules/admin/shutdown.if 2010-07-14 11:21:53.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/admin/shutdown.if 2010-07-20 10:46:10.000000000 -0400
@@ -5383,8 +5392,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.8.8/policy/modules/apps/seunshare.te
--- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/apps/seunshare.te 2010-07-20 10:46:10.000000000 -0400
-@@ -5,40 +5,39 @@
++++ serefpolicy-3.8.8/policy/modules/apps/seunshare.te 2010-07-26 17:02:42.000000000 -0400
+@@ -5,40 +5,41 @@
# Declarations
#
@@ -5419,16 +5428,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
-files_read_etc_files(seunshare_t)
-files_mounton_all_poly_members(seunshare_t)
-+auth_use_nsswitch(seunshare_domain)
++fs_manage_cgroup_dirs(seunshare_domain)
-auth_use_nsswitch(seunshare_t)
-+logging_send_syslog_msg(seunshare_domain)
++auth_use_nsswitch(seunshare_domain)
-logging_send_syslog_msg(seunshare_t)
-+miscfiles_read_localization(seunshare_domain)
++logging_send_syslog_msg(seunshare_domain)
-miscfiles_read_localization(seunshare_t)
--
++miscfiles_read_localization(seunshare_domain)
+
-userdom_use_user_terminals(seunshare_t)
+userdom_use_user_terminals(seunshare_domain)
@@ -6519,8 +6529,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.8.8/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/kernel/devices.if 2010-07-26 14:00:19.000000000 -0400
-@@ -606,6 +606,24 @@
++++ serefpolicy-3.8.8/policy/modules/kernel/devices.if 2010-07-26 16:44:30.000000000 -0400
+@@ -497,6 +497,24 @@
+
+ ########################################
+ ##
++## Read generic character device files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dev_read_generic_chr_files',`
++ gen_require(`
++ type device_t;
++ ')
++
++ allow $1 device_t:chr_file read_chr_file_perms;
++')
++
++########################################
++##
+ ## Read and write generic character device files.
+ ##
+ ##
+@@ -606,6 +624,24 @@
########################################
##
@@ -6545,7 +6580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
## Create, delete, read, and write symbolic links in device directories.
##
##
-@@ -1015,6 +1033,42 @@
+@@ -1015,6 +1051,42 @@
########################################
##
@@ -6588,7 +6623,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
## Delete all block device files.
##
##
-@@ -3540,6 +3594,24 @@
+@@ -3540,6 +3612,24 @@
########################################
##
@@ -6613,7 +6648,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
## Get the attributes of sysfs directories.
##
##
-@@ -3851,6 +3923,24 @@
+@@ -3851,6 +3941,24 @@
########################################
##
@@ -6638,7 +6673,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
## Mount a usbfs filesystem.
##
##
-@@ -4161,11 +4251,10 @@
+@@ -4161,11 +4269,10 @@
#
interface(`dev_rw_vhost',`
gen_require(`
@@ -7584,7 +7619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.8/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-07-14 11:21:53.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if 2010-07-21 11:43:41.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if 2010-07-26 17:02:26.000000000 -0400
@@ -1233,7 +1233,7 @@
type cifs_t;
')
@@ -17349,7 +17384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.8.8/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/services/mta.if 2010-07-21 08:47:33.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/services/mta.if 2010-07-26 17:39:52.000000000 -0400
@@ -220,6 +220,25 @@
application_executable_file($1)
')
@@ -17400,7 +17435,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
########################################
-@@ -391,12 +408,13 @@
+@@ -391,12 +408,15 @@
#
interface(`mta_sendmail_domtrans',`
gen_require(`
@@ -17412,11 +17447,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+ allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
corecmd_read_bin_symlinks($1)
- domain_auto_trans($1, sendmail_exec_t, $2)
++
++ allow $2 mta_exec_type:file entrypoint;
+ domtrans_pattern($1, mta_exec_type, $2)
')
########################################
-@@ -474,7 +492,8 @@
+@@ -474,7 +494,8 @@
type etc_mail_t;
')
@@ -17426,7 +17463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
########################################
-@@ -698,7 +717,7 @@
+@@ -698,7 +719,7 @@
files_search_spool($1)
allow $1 mail_spool_t:dir list_dir_perms;
allow $1 mail_spool_t:file setattr;
@@ -17437,7 +17474,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.8.8/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/services/mta.te 2010-07-20 10:46:10.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/services/mta.te 2010-07-26 17:09:17.000000000 -0400
@@ -21,7 +21,7 @@
files_config_file(etc_mail_t)
@@ -17447,6 +17484,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
type mqueue_spool_t;
files_mountpoint(mqueue_spool_t)
+@@ -62,9 +62,9 @@
+
+ can_exec(system_mail_t, mta_exec_type)
+
+-kernel_read_system_state(system_mail_t)
+-kernel_read_network_state(system_mail_t)
+-kernel_request_load_module(system_mail_t)
++kernel_read_system_state(user_mail_domain)
++kernel_read_network_state(user_mail_domain)
++kernel_request_load_module(user_mail_domain)
+
+ dev_read_sysfs(system_mail_t)
+ dev_read_rand(system_mail_t)
@@ -82,6 +82,9 @@
userdom_use_user_terminals(system_mail_t)
@@ -21487,7 +21537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.8.8/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/services/samba.te 2010-07-20 10:46:11.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/services/samba.te 2010-07-26 17:19:57.000000000 -0400
@@ -152,9 +152,6 @@
type winbind_log_t;
logging_log_file(winbind_log_t)
@@ -21585,7 +21635,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
allow swat_t smbd_exec_t:file mmap_file_perms ;
-@@ -754,6 +750,8 @@
+@@ -710,6 +706,7 @@
+ domtrans_pattern(swat_t, winbind_exec_t, winbind_t)
+ allow swat_t winbind_t:process { signal signull };
+
++read_files_pattern(swat_t, winbind_var_run_t, winbind_var_run_t)
+ allow swat_t winbind_var_run_t:dir { write add_name remove_name };
+ allow swat_t winbind_var_run_t:sock_file { create unlink };
+
+@@ -754,6 +751,8 @@
miscfiles_read_localization(swat_t)
@@ -21594,7 +21652,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
optional_policy(`
cups_read_rw_config(swat_t)
cups_stream_connect(swat_t)
-@@ -806,14 +804,14 @@
+@@ -806,14 +805,14 @@
allow winbind_t winbind_log_t:file manage_file_perms;
logging_log_filetrans(winbind_t, winbind_log_t, file)
@@ -21614,7 +21672,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
kernel_read_kernel_sysctls(winbind_t)
kernel_read_system_state(winbind_t)
-@@ -833,6 +831,7 @@
+@@ -833,6 +832,7 @@
corenet_tcp_bind_generic_node(winbind_t)
corenet_udp_bind_generic_node(winbind_t)
corenet_tcp_connect_smbd_port(winbind_t)
@@ -21622,7 +21680,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
corenet_tcp_connect_epmap_port(winbind_t)
corenet_tcp_connect_all_unreserved_ports(winbind_t)
-@@ -922,6 +921,18 @@
+@@ -922,6 +922,18 @@
#
optional_policy(`
@@ -21641,7 +21699,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
type samba_unconfined_script_t;
type samba_unconfined_script_exec_t;
domain_type(samba_unconfined_script_t)
-@@ -932,9 +943,12 @@
+@@ -932,9 +944,12 @@
allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
allow smbd_t samba_unconfined_script_exec_t:file ioctl;
@@ -26302,8 +26360,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.8.8/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/system/init.fc 2010-07-20 10:46:11.000000000 -0400
-@@ -24,6 +24,11 @@
++++ serefpolicy-3.8.8/policy/modules/system/init.fc 2010-07-26 16:50:56.000000000 -0400
+@@ -24,7 +24,13 @@
#
# /sbin
#
@@ -26313,9 +26371,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
+# /sbin
+#
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
++/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
ifdef(`distro_gentoo', `
-@@ -44,6 +49,9 @@
+ /sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
+@@ -44,6 +50,9 @@
/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -26693,7 +26753,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.8.8/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2010-07-14 11:21:53.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/system/init.te 2010-07-26 14:00:27.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/system/init.te 2010-07-26 16:44:55.000000000 -0400
@@ -16,6 +16,27 @@
##
gen_tunable(init_upstart, false)
@@ -26805,7 +26865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
corecmd_shell_domtrans(init_t, initrc_t)
',`
# Run the shell in the sysadm role for single-user mode.
-@@ -185,15 +216,64 @@
+@@ -185,15 +216,65 @@
sysadm_shell_domtrans(init_t)
')
@@ -26826,6 +26886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+ dev_write_kmsg(init_t)
+ dev_rw_autofs(init_t)
+ dev_manage_generic_dirs(init_t)
++ dev_read_generic_chr_files(init_t)
+
+ files_mounton_all_mountpoints(init_t)
+ files_manage_all_pids_dirs(init_t)
@@ -26870,7 +26931,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
nscd_socket_use(init_t)
')
-@@ -211,7 +291,7 @@
+@@ -211,7 +292,7 @@
#
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -26879,7 +26940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
-@@ -240,6 +320,7 @@
+@@ -240,6 +321,7 @@
allow initrc_t initrc_var_run_t:file manage_file_perms;
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
@@ -26887,7 +26948,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
can_exec(initrc_t, initrc_tmp_t)
manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
-@@ -257,11 +338,22 @@
+@@ -257,11 +339,22 @@
kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t)
kernel_read_all_sysctls(initrc_t)
@@ -26910,7 +26971,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
corecmd_exec_all_executables(initrc_t)
-@@ -297,11 +389,13 @@
+@@ -297,11 +390,13 @@
dev_delete_generic_symlinks(initrc_t)
dev_getattr_all_blk_files(initrc_t)
dev_getattr_all_chr_files(initrc_t)
@@ -26924,7 +26985,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t)
-@@ -320,8 +414,10 @@
+@@ -320,8 +415,10 @@
files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t)
@@ -26936,7 +26997,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
files_delete_all_pids(initrc_t)
files_delete_all_pid_dirs(initrc_t)
files_read_etc_files(initrc_t)
-@@ -337,6 +433,8 @@
+@@ -337,6 +434,8 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -26945,7 +27006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
fs_delete_cgroup_dirs(initrc_t)
fs_list_cgroup_dirs(initrc_t)
-@@ -350,6 +448,8 @@
+@@ -350,6 +449,8 @@
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
@@ -26954,7 +27015,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
# initrc_t needs to do a pidof which requires ptrace
mcs_ptrace_all(initrc_t)
-@@ -362,6 +462,7 @@
+@@ -362,6 +463,7 @@
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
@@ -26962,7 +27023,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
selinux_get_enforce_mode(initrc_t)
-@@ -393,13 +494,14 @@
+@@ -393,13 +495,14 @@
miscfiles_read_localization(initrc_t)
# slapd needs to read cert files from its initscript
@@ -26978,7 +27039,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
userdom_read_user_home_content_files(initrc_t)
# Allow access to the sysadm TTYs. Note that this will give access to the
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
-@@ -472,7 +574,7 @@
+@@ -472,7 +575,7 @@
# Red Hat systems seem to have a stray
# fd open from the initrd
@@ -26987,7 +27048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
files_dontaudit_read_root_files(initrc_t)
# These seem to be from the initrd
-@@ -518,6 +620,19 @@
+@@ -518,6 +621,19 @@
optional_policy(`
bind_manage_config_dirs(initrc_t)
bind_write_config(initrc_t)
@@ -27007,7 +27068,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -525,10 +640,17 @@
+@@ -525,10 +641,17 @@
rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t)
')
@@ -27025,7 +27086,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -543,6 +665,35 @@
+@@ -543,6 +666,35 @@
')
')
@@ -27061,7 +27122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -555,6 +706,8 @@
+@@ -555,6 +707,8 @@
optional_policy(`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
@@ -27070,7 +27131,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -571,6 +724,7 @@
+@@ -571,6 +725,7 @@
optional_policy(`
cgroup_stream_connect(initrc_t)
@@ -27078,7 +27139,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -583,6 +737,11 @@
+@@ -583,6 +738,11 @@
')
optional_policy(`
@@ -27090,7 +27151,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t)
-@@ -599,6 +758,7 @@
+@@ -599,6 +759,7 @@
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -27098,7 +27159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
consolekit_dbus_chat(initrc_t)
-@@ -700,7 +860,12 @@
+@@ -700,7 +861,12 @@
')
optional_policy(`
@@ -27111,7 +27172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
mta_dontaudit_read_spool_symlinks(initrc_t)
')
-@@ -723,6 +888,10 @@
+@@ -723,6 +889,10 @@
')
optional_policy(`
@@ -27122,7 +27183,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-@@ -765,8 +934,6 @@
+@@ -765,8 +935,6 @@
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -27131,7 +27192,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -779,10 +946,12 @@
+@@ -779,10 +947,12 @@
squid_manage_logs(initrc_t)
')
@@ -27144,7 +27205,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -804,11 +973,19 @@
+@@ -804,11 +974,19 @@
')
optional_policy(`
@@ -27165,7 +27226,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
ifdef(`distro_redhat',`
# system-config-services causes avc messages that should be dontaudited
-@@ -818,6 +995,25 @@
+@@ -818,6 +996,25 @@
optional_policy(`
mono_domtrans(initrc_t)
')
@@ -27191,7 +27252,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -843,3 +1039,55 @@
+@@ -843,3 +1040,55 @@
optional_policy(`
zebra_read_config(initrc_t)
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d533ce5..8ef795b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.8.8
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,9 @@ exit 0
%endif
%changelog
+* Mon Jul 26 2010 Dan Walsh 3.8.8-6
+- New paths for upstart
+
* Mon Jul 26 2010 Dan Walsh 3.8.8-5
- New permissions for syslog
- New labels for /lib/upstart