diff --git a/.cvsignore b/.cvsignore
index ef4def8..23f8547 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -201,3 +201,4 @@ serefpolicy-3.7.7.tgz
serefpolicy-3.7.8.tgz
setroubleshoot-2.2.58.tar.gz
serefpolicy-3.7.9.tgz
+serefpolicy-3.7.11.tgz
diff --git a/modules-mls.conf b/modules-mls.conf
index 45a9536..c966444 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -742,6 +742,13 @@ kdump = module
kdumpgui = module
# Layer: services
+# Module: ksmtuned
+#
+# Kernel Samepage Merging (KSM) Tuning Daemon
+#
+ksmtuned = module
+
+# Layer: services
# Module: kerberos
#
# MIT Kerberos admin and KDC
diff --git a/policy-F13.patch b/policy-F13.patch
index cb381ef..36b088e 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -11000,6 +11000,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.7.11/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2010-03-04 11:17:25.000000000 -0500
+++ serefpolicy-3.7.11/policy/modules/services/amavis.te 2010-03-03 23:48:01.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(amavis, 1.10.2)
++policy_module(amavis, 1.10.1)
+
+ ########################################
+ #
@@ -138,11 +138,13 @@
auth_dontaudit_read_shadow(amavis_t)
@@ -12738,9 +12745,168 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.7.11/policy/modules/services/apcupsd.if
+--- nsaserefpolicy/policy/modules/services/apcupsd.if 2010-03-04 11:17:25.000000000 -0500
++++ serefpolicy-3.7.11/policy/modules/services/apcupsd.if 2010-03-03 23:27:42.000000000 -0500
+@@ -15,30 +15,11 @@
+ type apcupsd_t, apcupsd_exec_t;
+ ')
+
+- corecmd_search_bin($1)
+ domtrans_pattern($1, apcupsd_exec_t, apcupsd_t)
+ ')
+
+ ########################################
+ ##
+-## Execute apcupsd server in the apcupsd domain.
+-##
+-##
+-##
+-## Domain allowed access.
+-##
+-##
+-#
+-interface(`apcupsd_initrc_domtrans',`
+- gen_require(`
+- type apcupsd_initrc_exec_t;
+- ')
+-
+- init_labeled_script_domtrans($1, apcupsd_initrc_exec_t)
+-')
+-
+-########################################
+-##
+ ## Read apcupsd PID files.
+ ##
+ ##
+@@ -113,11 +94,6 @@
+ type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
+ ')
+
+- optional_policy(`
+- apache_search_sys_content($1)
+- ')
+-
+- files_search_var($1)
+ domtrans_pattern($1, httpd_apcupsd_cgi_script_exec_t, httpd_apcupsd_cgi_script_t)
+ ')
+
+@@ -142,14 +118,13 @@
+ gen_require(`
+ type apcupsd_t, apcupsd_tmp_t;
+ type apcupsd_log_t, apcupsd_lock_t;
+- type apcupsd_var_run_t;
+- type apcupsd_initrc_exec_t;
++ type apcupsd_var_run_t, apcupsd_initrc_exec_t;
+ ')
+
+ allow $1 apcupsd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, apcupsd_t)
+
+- apcupsd_initrc_domtrans($1, apcupsd_initrc_exec_t)
++ init_labeled_script_domtrans($1, apcupsd_initrc_exec_t)
+ domain_system_change_exemption($1)
+ role_transition $2 apcupsd_initrc_exec_t system_r;
+ allow $2 system_r;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.7.11/policy/modules/services/apcupsd.te
+--- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-03-04 11:17:25.000000000 -0500
++++ serefpolicy-3.7.11/policy/modules/services/apcupsd.te 2010-03-03 23:27:41.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(apcupsd, 1.6.1)
++policy_module(apcupsd, 1.6.0)
+
+ ########################################
+ #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.7.11/policy/modules/services/apm.te
+--- nsaserefpolicy/policy/modules/services/apm.te 2010-03-04 11:17:25.000000000 -0500
++++ serefpolicy-3.7.11/policy/modules/services/apm.te 2010-03-03 23:48:01.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(apm, 1.10.2)
++policy_module(apm, 1.10.1)
+
+ ########################################
+ #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.7.11/policy/modules/services/arpwatch.if
+--- nsaserefpolicy/policy/modules/services/arpwatch.if 2010-03-04 11:17:25.000000000 -0500
++++ serefpolicy-3.7.11/policy/modules/services/arpwatch.if 2010-03-03 23:27:40.000000000 -0500
+@@ -2,24 +2,6 @@
+
+ ########################################
+ ##
+-## Execute arpwatch server in the arpwatch domain.
+-##
+-##
+-##
+-## Domain allowed access.
+-##
+-##
+-#
+-interface(`arpwatch_initrc_domtrans',`
+- gen_require(`
+- type arpwatch_initrc_exec_t;
+- ')
+-
+- init_labeled_script_domtrans($1, arpwatch_initrc_exec_t)
+-')
+-
+-########################################
+-##
+ ## Search arpwatch's data file directories.
+ ##
+ ##
+@@ -33,7 +15,6 @@
+ type arpwatch_data_t;
+ ')
+
+- files_search_var_lib($1)
+ allow $1 arpwatch_data_t:dir search_dir_perms;
+ ')
+
+@@ -52,7 +33,6 @@
+ type arpwatch_data_t;
+ ')
+
+- files_search_var_lib($1)
+ manage_files_pattern($1, arpwatch_data_t, arpwatch_data_t)
+ ')
+
+@@ -71,7 +51,6 @@
+ type arpwatch_tmp_t;
+ ')
+
+- files_search_tmp($1)
+ allow $1 arpwatch_tmp_t:file rw_file_perms;
+ ')
+
+@@ -90,7 +69,6 @@
+ type arpwatch_tmp_t;
+ ')
+
+- files_search_tmp($1)
+ allow $1 arpwatch_tmp_t:file manage_file_perms;
+ ')
+
+@@ -140,7 +118,7 @@
+ allow $1 arpwatch_t:process { ptrace signal_perms getattr };
+ ps_process_pattern($1, arpwatch_t)
+
+- arpwatch_initrc_domtrans($1)
++ init_labeled_script_domtrans($1, arpwatch_initrc_exec_t)
+ domain_system_change_exemption($1)
+ role_transition $2 arpwatch_initrc_exec_t system_r;
+ allow $2 system_r;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.7.11/policy/modules/services/arpwatch.te
--- nsaserefpolicy/policy/modules/services/arpwatch.te 2010-03-04 11:17:25.000000000 -0500
+++ serefpolicy-3.7.11/policy/modules/services/arpwatch.te 2010-03-03 23:48:01.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(arpwatch, 1.8.1)
++policy_module(arpwatch, 1.8.0)
+
+ ########################################
+ #
@@ -34,6 +34,7 @@
allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
allow arpwatch_t self:udp_socket create_socket_perms;
@@ -16248,6 +16414,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
fs_manage_cifs_files(dovecot_t)
fs_manage_cifs_symlinks(dovecot_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.11/policy/modules/services/exim.te
+--- nsaserefpolicy/policy/modules/services/exim.te 2010-03-04 11:17:25.000000000 -0500
++++ serefpolicy-3.7.11/policy/modules/services/exim.te 2010-03-03 23:48:01.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(exim, 1.4.2)
++policy_module(exim, 1.4.1)
+
+ ########################################
+ #
+@@ -192,9 +192,6 @@
+ ')
+
+ optional_policy(`
+- # https://bugzilla.redhat.com/show_bug.cgi?id=512710
+- # uses sendmail for outgoing mail and exim
+- # for incoming mail
+ sendmail_manage_tmp_files(exim_t)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.11/policy/modules/services/fail2ban.if
--- nsaserefpolicy/policy/modules/services/fail2ban.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.7.11/policy/modules/services/fail2ban.if 2010-03-03 23:48:01.000000000 -0500
@@ -18004,33 +18190,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
+miscfiles_read_localization(ksmtuned_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.7.11/policy/modules/services/ldap.fc
--- nsaserefpolicy/policy/modules/services/ldap.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.11/policy/modules/services/ldap.fc 2010-03-03 23:48:01.000000000 -0500
-@@ -1,8 +1,12 @@
++++ serefpolicy-3.7.11/policy/modules/services/ldap.fc 2010-03-04 13:06:45.000000000 -0500
+@@ -1,5 +1,7 @@
/etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0)
+/etc/openldap/slapd\.d(/.*)? gen_context(system_u:object_r:slapd_db_t,s0)
+
/etc/rc\.d/init\.d/ldap -- gen_context(system_u:object_r:slapd_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/dirsrv.* -- gen_context(system_u:object_r:slapd_initrc_exec_t,s0)
/usr/sbin/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
-+/usr/sbin/ns-slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
-
- ifdef(`distro_debian',`
- /usr/lib/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
-@@ -10,8 +14,12 @@
-
- /var/lib/ldap(/.*)? gen_context(system_u:object_r:slapd_db_t,s0)
- /var/lib/ldap/replog(/.*)? gen_context(system_u:object_r:slapd_replog_t,s0)
-+/var/lib/dirsrv(/.*)? gen_context(system_u:object_r:slapd_db_t,s0)
-+
-+/var/log/dirsrv(/.*)? gen_context(system_u:object_r:slapd_log_t,s0)
-
- /var/run/ldapi -s gen_context(system_u:object_r:slapd_var_run_t,s0)
+@@ -15,3 +17,4 @@
/var/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
-+/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
++#/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.7.11/policy/modules/services/ldap.if
--- nsaserefpolicy/policy/modules/services/ldap.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.7.11/policy/modules/services/ldap.if 2010-03-03 23:48:01.000000000 -0500
@@ -29351,6 +29524,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
term_dontaudit_use_console(hostname_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.7.11/policy/modules/system/hotplug.te
+--- nsaserefpolicy/policy/modules/system/hotplug.te 2010-03-04 11:17:25.000000000 -0500
++++ serefpolicy-3.7.11/policy/modules/system/hotplug.te 2010-03-03 23:48:01.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(hotplug, 1.12.1)
++policy_module(hotplug, 1.12.0)
+
+ ########################################
+ #
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.11/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.7.11/policy/modules/system/init.fc 2010-03-03 23:48:01.000000000 -0500
@@ -37228,7 +37411,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.11/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2009-11-25 11:47:19.000000000 -0500
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-03-04 11:44:07.000000000 -0500
+++ serefpolicy-3.7.11/policy/support/obj_perm_sets.spt 2010-03-03 23:48:01.000000000 -0500
@@ -28,7 +28,7 @@
#
@@ -37260,7 +37443,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
define(`create_lnk_file_perms',`{ create getattr }')
define(`rename_lnk_file_perms',`{ getattr rename }')
define(`delete_lnk_file_perms',`{ getattr unlink }')
--define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
+-define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename }')
+define(`manage_lnk_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4f06646..8ad573b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,8 +19,8 @@
%define CHECKPOLICYVER 2.0.21-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.7.10
-Release: 5%{?dist}
+Version: 3.7.11
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -466,7 +466,20 @@ exit 0
%endif
%changelog
-* Fri Feb 26 2010 Dan Walsh 3.7.10-5
+* Tue Mar 2 2010 Dan Walsh 3.7.11-1
+- Update to upstream - These are merges of my patches
+- Remove 389 labeling conflicts
+- Add MLS fixes found in RHEL6 testing
+- Allow pulseaudio to run as a service
+- Add label for mssql and allow apache to connect to this database port if boolean set
+- Dontaudit searches of debugfs mount point
+- Allow policykit_auth to send signals to itself
+- Allow modcluster to call getpwnam
+- Allow swat to signal winbind
+- Allow usbmux to run as a system role
+- Allow svirt to create and use devpts
+
+* Mon Mar 1 2010 Dan Walsh 3.7.10-5
- Add MLS fixes found in RHEL6 testing
- Allow domains to append to rpm_tmp_t
- Add cachefilesfd policy
diff --git a/sources b/sources
index 3094b84..64a46df 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
4c7d323036f1662a06a7a4f2a7da57a5 config.tgz
-08d83373515696cd385e10fba5294890 serefpolicy-3.7.10.tgz
+316c182558e4f2c4b6955d06a943d64e serefpolicy-3.7.11.tgz