From 0e6791552a3ad149117ac2dea43f719071cb41b9 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Mar 18 2010 15:42:47 +0000
Subject: - Update to upstream


---

diff --git a/policy-F13.patch b/policy-F13.patch
index ab2fa06..5f9b2f0 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.14/Makefile
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.15/Makefile
 --- nsaserefpolicy/Makefile	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.7.14/Makefile	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/Makefile	2010-03-18 10:44:42.000000000 -0400
 @@ -244,7 +244,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -10,9 +10,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.14/
  net_contexts := $(builddir)net_contexts
  
  all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.7.14/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.7.15/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/global_tunables	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/global_tunables	2010-03-18 10:44:42.000000000 -0400
 @@ -61,15 +61,6 @@
  
  ## <desc>
@@ -48,9 +48,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
 +## </desc>
 +gen_tunable(mmap_low_allowed, false)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-3.7.14/policy/modules/admin/acct.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-3.7.15/policy/modules/admin/acct.te
 --- nsaserefpolicy/policy/modules/admin/acct.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/acct.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/acct.te	2010-03-18 10:44:42.000000000 -0400
 @@ -43,6 +43,7 @@
  fs_getattr_xattr_fs(acct_t)
  
@@ -59,19 +59,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
  
  corecmd_exec_bin(acct_t)
  corecmd_exec_shell(acct_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.7.14/policy/modules/admin/alsa.te
---- nsaserefpolicy/policy/modules/admin/alsa.te	2010-03-12 11:48:14.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/alsa.te	2010-03-12 09:25:28.000000000 -0500
-@@ -1,5 +1,5 @@
- 
--policy_module(alsa, 1.8.1)
-+policy_module(alsa, 1.8.0)
- 
- ########################################
- #
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.7.14/policy/modules/admin/anaconda.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.7.15/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/anaconda.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/anaconda.te	2010-03-18 10:44:42.000000000 -0400
 @@ -31,6 +31,7 @@
  modutils_domtrans_insmod(anaconda_t)
  
@@ -89,21 +79,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.7.14/policy/modules/admin/brctl.te
---- nsaserefpolicy/policy/modules/admin/brctl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/brctl.te	2010-03-12 09:30:00.000000000 -0500
-@@ -21,7 +21,7 @@
- allow brctl_t self:unix_dgram_socket create_socket_perms;
- allow brctl_t self:tcp_socket create_socket_perms;
- 
--kernel_load_module(brctl_t)
-+kernel_request_load_module(brctl_t)
- kernel_read_network_state(brctl_t)
- kernel_read_sysctl(brctl_t)
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.7.14/policy/modules/admin/certwatch.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.7.15/policy/modules/admin/certwatch.te
 --- nsaserefpolicy/policy/modules/admin/certwatch.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/certwatch.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/certwatch.te	2010-03-18 10:44:42.000000000 -0400
 @@ -36,7 +36,7 @@
  miscfiles_read_localization(certwatch_t)
  
@@ -113,9 +91,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
  
  optional_policy(`
  	apache_exec_modules(certwatch_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.if serefpolicy-3.7.14/policy/modules/admin/consoletype.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.if serefpolicy-3.7.15/policy/modules/admin/consoletype.if
 --- nsaserefpolicy/policy/modules/admin/consoletype.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/consoletype.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/consoletype.if	2010-03-18 10:44:42.000000000 -0400
 @@ -19,6 +19,9 @@
  
  	corecmd_search_bin($1)
@@ -126,9 +104,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.14/policy/modules/admin/consoletype.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.15/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/consoletype.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/consoletype.te	2010-03-18 10:44:42.000000000 -0400
 @@ -10,7 +10,6 @@
  type consoletype_exec_t;
  application_executable_file(consoletype_exec_t)
@@ -137,23 +115,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
  role system_r types consoletype_t;
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.7.14/policy/modules/admin/firstboot.te
---- nsaserefpolicy/policy/modules/admin/firstboot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/firstboot.te	2010-03-12 09:30:00.000000000 -0500
-@@ -91,8 +91,12 @@
- userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
- 
- optional_policy(`
-+	dbus_system_bus_client(firstboot_t)
-+
-+	optional_policy(`
- 	hal_dbus_chat(firstboot_t)
- ')
-+')
- 
- optional_policy(`
- 	nis_use_ypbind(firstboot_t)
-@@ -105,7 +109,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.7.15/policy/modules/admin/firstboot.te
+--- nsaserefpolicy/policy/modules/admin/firstboot.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/admin/firstboot.te	2010-03-18 10:44:42.000000000 -0400
+@@ -109,7 +109,7 @@
  optional_policy(`
  	unconfined_domtrans(firstboot_t)
  	# The big hammer
@@ -162,9 +127,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.7.14/policy/modules/admin/kismet.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.7.15/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/kismet.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/kismet.te	2010-03-18 10:44:42.000000000 -0400
 @@ -45,6 +45,7 @@
  manage_dirs_pattern(kismet_t, kismet_home_t, kismet_home_t)
  manage_files_pattern(kismet_t, kismet_home_t, kismet_home_t)
@@ -173,9 +138,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
  userdom_user_home_dir_filetrans(kismet_t, kismet_home_t, { file dir })
  
  manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.14/policy/modules/admin/logrotate.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.15/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/logrotate.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/logrotate.te	2010-03-18 10:44:42.000000000 -0400
 @@ -32,7 +32,7 @@
  # Change ownership on log files.
  allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -281,76 +246,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
 +optional_policy(`
  	varnishd_manage_log(logrotate_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.fc serefpolicy-3.7.14/policy/modules/admin/mcelog.fc
---- nsaserefpolicy/policy/modules/admin/mcelog.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/mcelog.fc	2010-03-12 09:30:00.000000000 -0500
-@@ -0,0 +1,2 @@
-+
-+/usr/sbin/mcelog	--	gen_context(system_u:object_r:mcelog_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.if serefpolicy-3.7.14/policy/modules/admin/mcelog.if
---- nsaserefpolicy/policy/modules/admin/mcelog.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/mcelog.if	2010-03-12 09:30:00.000000000 -0500
-@@ -0,0 +1,21 @@
-+
-+## <summary>policy for mcelog</summary>
-+
-+########################################
-+## <summary>
-+##	Execute a domain transition to run mcelog.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+##	Domain allowed to transition.
-+## </summary>
-+## </param>
-+#
-+interface(`mcelog_domtrans',`
-+	gen_require(`
-+		type mcelog_t, mcelog_exec_t;
-+	')
-+
-+	domtrans_pattern($1, mcelog_exec_t, mcelog_t)
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.te serefpolicy-3.7.14/policy/modules/admin/mcelog.te
---- nsaserefpolicy/policy/modules/admin/mcelog.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/mcelog.te	2010-03-12 09:30:00.000000000 -0500
-@@ -0,0 +1,32 @@
-+
-+policy_module(mcelog,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type mcelog_t;
-+type mcelog_exec_t;
-+application_domain(mcelog_t, mcelog_exec_t)
-+cron_system_entry(mcelog_t, mcelog_exec_t)
-+
-+permissive mcelog_t;
-+
-+########################################
-+#
-+# mcelog local policy
-+#
-+
-+allow mcelog_t self:capability sys_admin;
-+
-+kernel_read_system_state(mcelog_t)
-+
-+dev_read_raw_memory(mcelog_t)
-+dev_read_kmsg(mcelog_t)
-+
-+files_read_etc_files(mcelog_t)
-+
-+miscfiles_read_localization(mcelog_t)
-+
-+logging_send_syslog_msg(mcelog_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.7.14/policy/modules/admin/mrtg.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.7.15/policy/modules/admin/mrtg.te
 --- nsaserefpolicy/policy/modules/admin/mrtg.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/mrtg.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/mrtg.te	2010-03-18 10:44:42.000000000 -0400
 @@ -116,6 +116,7 @@
  userdom_use_user_terminals(mrtg_t)
  userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -359,9 +257,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
  
  netutils_domtrans_ping(mrtg_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.fc serefpolicy-3.7.14/policy/modules/admin/netutils.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.fc serefpolicy-3.7.15/policy/modules/admin/netutils.fc
 --- nsaserefpolicy/policy/modules/admin/netutils.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/netutils.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/netutils.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -9,6 +9,7 @@
  /usr/bin/nmap		--	gen_context(system_u:object_r:traceroute_exec_t,s0)
  /usr/bin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
@@ -370,9 +268,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  /usr/sbin/traceroute.*	--	gen_context(system_u:object_r:traceroute_exec_t,s0)
  /usr/sbin/hping2		--	gen_context(system_u:object_r:ping_exec_t,s0)
  /usr/sbin/tcpdump	--	gen_context(system_u:object_r:netutils_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.14/policy/modules/admin/netutils.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.15/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/netutils.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/netutils.te	2010-03-18 10:44:42.000000000 -0400
 @@ -44,6 +44,7 @@
  allow netutils_t self:packet_socket create_socket_perms;
  allow netutils_t self:udp_socket create_socket_perms;
@@ -423,17 +321,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
 +	term_use_all_ttys(traceroute_t)
 +	term_use_all_ptys(traceroute_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.7.14/policy/modules/admin/prelink.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.7.15/policy/modules/admin/prelink.fc
 --- nsaserefpolicy/policy/modules/admin/prelink.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/prelink.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/prelink.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -1,3 +1,4 @@
 +/etc/cron\.daily/prelink	--      gen_context(system_u:object_r:prelink_cron_system_exec_t,s0)
  
  /etc/prelink\.cache		--	gen_context(system_u:object_r:prelink_cache_t,s0)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.7.14/policy/modules/admin/prelink.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.7.15/policy/modules/admin/prelink.if
 --- nsaserefpolicy/policy/modules/admin/prelink.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/prelink.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/prelink.if	2010-03-18 10:44:42.000000000 -0400
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -474,9 +372,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
 -	relabelfrom_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
 +	relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.14/policy/modules/admin/prelink.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.15/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/prelink.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/prelink.te	2010-03-18 10:44:42.000000000 -0400
 @@ -21,8 +21,21 @@
  type prelink_tmp_t;
  files_tmp_file(prelink_tmp_t)
@@ -601,9 +499,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
 +optional_policy(`
 +	rpm_read_db(prelink_cron_system_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.te serefpolicy-3.7.14/policy/modules/admin/quota.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.te serefpolicy-3.7.15/policy/modules/admin/quota.te
 --- nsaserefpolicy/policy/modules/admin/quota.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/quota.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/quota.te	2010-03-18 10:44:42.000000000 -0400
 @@ -39,6 +39,7 @@
  kernel_list_proc(quota_t)
  kernel_read_proc_symlinks(quota_t)
@@ -612,9 +510,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.t
  
  dev_read_sysfs(quota_t)
  dev_getattr_all_blk_files(quota_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.14/policy/modules/admin/readahead.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.15/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/readahead.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/readahead.te	2010-03-18 10:44:42.000000000 -0400
 @@ -52,6 +52,7 @@
  
  files_list_non_security(readahead_t)
@@ -632,9 +530,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
  fs_read_tmpfs_symlinks(readahead_t)
  fs_list_inotifyfs(readahead_t)
  fs_dontaudit_search_ramfs(readahead_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.7.14/policy/modules/admin/rpm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.7.15/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/rpm.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/rpm.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -1,18 +1,19 @@
  
  /bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -685,9 +583,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc 
  # SuSE
  ifdef(`distro_suse', `
  /usr/bin/online_update		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.14/policy/modules/admin/rpm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.15/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/rpm.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/rpm.if	2010-03-18 10:44:42.000000000 -0400
 @@ -13,11 +13,36 @@
  interface(`rpm_domtrans',`
  	gen_require(`
@@ -1141,9 +1039,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if 
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.7.14/policy/modules/admin/rpm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.7.15/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/rpm.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/rpm.te	2010-03-18 10:44:42.000000000 -0400
 @@ -1,6 +1,8 @@
  
  policy_module(rpm, 1.10.0)
@@ -1428,9 +1326,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  	optional_policy(`
  		java_domtrans_unconfined(rpm_script_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.14/policy/modules/admin/shorewall.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.15/policy/modules/admin/shorewall.te
 --- nsaserefpolicy/policy/modules/admin/shorewall.te	2010-03-08 14:49:44.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/shorewall.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/shorewall.te	2010-03-18 10:44:42.000000000 -0400
 @@ -87,7 +87,7 @@
  
  sysnet_domtrans_ifconfig(shorewall_t)
@@ -1440,18 +1338,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
  
  optional_policy(`
  	iptables_domtrans(shorewall_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.fc serefpolicy-3.7.14/policy/modules/admin/shutdown.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.fc serefpolicy-3.7.15/policy/modules/admin/shutdown.fc
 --- nsaserefpolicy/policy/modules/admin/shutdown.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/shutdown.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/shutdown.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,5 @@
 +/etc/nologin			--	gen_context(system_u:object_r:shutdown_etc_t,s0)
 +
 +/sbin/shutdown			--	gen_context(system_u:object_r:shutdown_exec_t,s0)
 +
 +/var/run/shutdown\.pid 	--	gen_context(system_u:object_r:shutdown_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.7.14/policy/modules/admin/shutdown.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.7.15/policy/modules/admin/shutdown.if
 --- nsaserefpolicy/policy/modules/admin/shutdown.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/shutdown.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/shutdown.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,118 @@
 +
 +## <summary>policy for shutdown</summary>
@@ -1571,9 +1469,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
 +	allow $1 shutdown_t:dbus send_msg;
 +	allow shutdown_t $1:dbus send_msg;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.7.14/policy/modules/admin/shutdown.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.7.15/policy/modules/admin/shutdown.te
 --- nsaserefpolicy/policy/modules/admin/shutdown.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/shutdown.te	2010-03-14 22:42:45.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/admin/shutdown.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,57 @@
 +policy_module(shutdown,1.0.0)
 +
@@ -1632,92 +1530,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
 +	dbus_system_bus_client(shutdown_t)
 +	dbus_connect_system_bus(shutdown_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.fc serefpolicy-3.7.14/policy/modules/admin/smoltclient.fc
---- nsaserefpolicy/policy/modules/admin/smoltclient.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/smoltclient.fc	2010-03-12 09:30:00.000000000 -0500
-@@ -0,0 +1,4 @@
-+
-+/usr/share/smolt/client/sendProfile.py	--	gen_context(system_u:object_r:smoltclient_exec_t,s0)	
-+
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.if serefpolicy-3.7.14/policy/modules/admin/smoltclient.if
---- nsaserefpolicy/policy/modules/admin/smoltclient.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/smoltclient.if	2010-03-12 09:30:00.000000000 -0500
-@@ -0,0 +1 @@
-+## <summary>The Fedora hardware profiler client</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.7.14/policy/modules/admin/smoltclient.te
---- nsaserefpolicy/policy/modules/admin/smoltclient.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/smoltclient.te	2010-03-12 09:30:00.000000000 -0500
-@@ -0,0 +1,66 @@
-+policy_module(smoltclient,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type smoltclient_t;
-+type smoltclient_exec_t;
-+application_domain(smoltclient_t, smoltclient_exec_t)
-+cron_system_entry(smoltclient_t, smoltclient_exec_t)
-+
-+type smoltclient_tmp_t;
-+files_tmp_file(smoltclient_tmp_t)
-+
-+########################################
-+#
-+# Local policy
-+#
-+allow smoltclient_t self:process { setsched getsched }; 
-+
-+allow smoltclient_t self:fifo_file rw_fifo_file_perms;
-+allow smoltclient_t self:tcp_socket create_socket_perms;
-+allow smoltclient_t self:udp_socket create_socket_perms;
-+
-+can_exec(smoltclient_t, smoltclient_tmp_t)
-+manage_dirs_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)
-+manage_files_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)
-+files_tmp_filetrans(smoltclient_t, smoltclient_tmp_t, { dir file })
-+
-+kernel_read_system_state(smoltclient_t)
-+kernel_read_network_state(smoltclient_t)
-+kernel_read_kernel_sysctls(smoltclient_t)
-+
-+corecmd_exec_bin(smoltclient_t)
-+corecmd_exec_shell(smoltclient_t)
-+
-+corenet_tcp_connect_http_port(smoltclient_t)
-+
-+dev_read_sysfs(smoltclient_t)
-+
-+fs_getattr_all_fs(smoltclient_t)
-+fs_getattr_all_dirs(smoltclient_t)
-+
-+files_getattr_generic_locks(smoltclient_t)
-+files_read_etc_files(smoltclient_t)
-+files_read_usr_files(smoltclient_t)
-+
-+auth_use_nsswitch(smoltclient_t)
-+
-+logging_send_syslog_msg(smoltclient_t)
-+
-+miscfiles_read_localization(smoltclient_t)
-+
-+optional_policy(`
-+	dbus_system_bus_client(smoltclient_t)
-+')
-+
-+optional_policy(`
-+	hal_dbus_chat(smoltclient_t)
-+')
-+
-+optional_policy(`
-+	rpm_exec(smoltclient_t)
-+	rpm_read_db(smoltclient_t)
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.7.14/policy/modules/admin/sudo.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.7.15/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/sudo.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/sudo.if	2010-03-18 10:44:42.000000000 -0400
 @@ -73,12 +73,16 @@
  	# Enter this derived domain from the user domain
  	domtrans_pattern($3, sudo_exec_t, $1_sudo_t)
@@ -1746,9 +1561,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  
  	tunable_policy(`use_nfs_home_dirs',`
  		fs_manage_nfs_files($1_sudo_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.7.14/policy/modules/admin/su.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.7.15/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/su.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/su.if	2010-03-18 10:44:42.000000000 -0400
 @@ -58,6 +58,10 @@
  	allow $2 $1_su_t:fifo_file rw_file_perms;
  	allow $2 $1_su_t:process sigchld;
@@ -1771,9 +1586,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  
  	ps_process_pattern($3, $1_su_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.7.14/policy/modules/admin/tmpreaper.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.7.15/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/tmpreaper.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/tmpreaper.te	2010-03-18 10:44:42.000000000 -0400
 @@ -42,6 +42,7 @@
  cron_system_entry(tmpreaper_t, tmpreaper_exec_t)
  
@@ -1812,9 +1627,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
 +optional_policy(`
  	unconfined_domain(tmpreaper_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.7.14/policy/modules/admin/usermanage.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.7.15/policy/modules/admin/usermanage.if
 --- nsaserefpolicy/policy/modules/admin/usermanage.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/admin/usermanage.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/usermanage.if	2010-03-18 10:44:42.000000000 -0400
 @@ -18,6 +18,10 @@
  	files_search_usr($1)
  	corecmd_search_bin($1)
@@ -1870,9 +1685,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  	optional_policy(`
  		nscd_run(useradd_t, $2)
  	')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.7.14/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.7.15/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/usermanage.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/usermanage.te	2010-03-18 10:44:42.000000000 -0400
 @@ -209,6 +209,7 @@
  files_manage_etc_files(groupadd_t)
  files_relabel_etc_files(groupadd_t)
@@ -1941,9 +1756,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  	puppet_rw_tmp(useradd_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.14/policy/modules/admin/vbetool.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.15/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/vbetool.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/vbetool.te	2010-03-18 10:44:42.000000000 -0400
 @@ -25,7 +25,13 @@
  dev_rw_xserver_misc(vbetool_t)
  dev_rw_mtrr(vbetool_t)
@@ -1958,9 +1773,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
  
  term_use_unallocated_ttys(vbetool_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.7.14/policy/modules/admin/vpn.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.7.15/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/admin/vpn.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/admin/vpn.te	2010-03-18 10:44:42.000000000 -0400
 @@ -31,7 +31,7 @@
  allow vpnc_t self:rawip_socket create_socket_perms;
  allow vpnc_t self:unix_dgram_socket create_socket_perms;
@@ -1994,15 +1809,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te 
 +optional_policy(`
 +	networkmanager_attach_tun_iface(vpnc_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.7.14/policy/modules/apps/chrome.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.7.15/policy/modules/apps/chrome.fc
 --- nsaserefpolicy/policy/modules/apps/chrome.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/chrome.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/chrome.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/lib(64)?/chromium-browser/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.7.14/policy/modules/apps/chrome.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.7.15/policy/modules/apps/chrome.if
 --- nsaserefpolicy/policy/modules/apps/chrome.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/chrome.if	2010-03-15 14:11:08.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/apps/chrome.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,90 @@
 +
 +## <summary>policy for chrome</summary>
@@ -2094,10 +1909,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i
 +	allow $2 chrome_sandbox_tmpfs_t:file rw_file_perms;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.14/policy/modules/apps/chrome.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.15/policy/modules/apps/chrome.te
 --- nsaserefpolicy/policy/modules/apps/chrome.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/chrome.te	2010-03-12 09:30:00.000000000 -0500
-@@ -0,0 +1,81 @@
++++ serefpolicy-3.7.15/policy/modules/apps/chrome.te	2010-03-18 10:44:42.000000000 -0400
+@@ -0,0 +1,84 @@
 +policy_module(chrome,1.0.0)
 +
 +########################################
@@ -2143,9 +1958,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
 +domain_dontaudit_read_all_domains_state(chrome_sandbox_t)
 +
 +dev_read_urand(chrome_sandbox_t)
++dev_read_sysfs(chrome_sandbox_t)
 +
 +files_read_etc_files(chrome_sandbox_t)
 +
++fs_dontaudit_getattr_all_fs(chrome_sandbox_t)
++
 +userdom_rw_user_tmpfs_files(chrome_sandbox_t)
 +userdom_use_user_ptys(chrome_sandbox_t)
 +userdom_write_inherited_user_tmp_files(chrome_sandbox_t)
@@ -2179,9 +1997,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
 +	fs_dontaudit_append_cifs_files(chrome_sandbox_t)
 +	fs_dontaudit_read_cifs_files(chrome_sandbox_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.7.14/policy/modules/apps/cpufreqselector.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.7.15/policy/modules/apps/cpufreqselector.te
 --- nsaserefpolicy/policy/modules/apps/cpufreqselector.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/cpufreqselector.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/cpufreqselector.te	2010-03-18 10:44:42.000000000 -0400
 @@ -26,7 +26,7 @@
  dev_rw_sysfs(cpufreqselector_t)
  
@@ -2191,9 +2009,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqs
  
  optional_policy(`
  	dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.7.14/policy/modules/apps/execmem.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.7.15/policy/modules/apps/execmem.fc
 --- nsaserefpolicy/policy/modules/apps/execmem.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/execmem.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/execmem.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,45 @@
 +
 +/usr/bin/aticonfig	--	gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -2240,9 +2058,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
 +
 +/opt/google/chrome/chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
 +/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.7.14/policy/modules/apps/execmem.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.7.15/policy/modules/apps/execmem.if
 --- nsaserefpolicy/policy/modules/apps/execmem.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/execmem.if	2010-03-15 14:11:49.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/apps/execmem.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,118 @@
 +## <summary>execmem domain</summary>
 +
@@ -2362,9 +2180,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
 +
 +	domtrans_pattern($1, execmem_exec_t, $2)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.7.14/policy/modules/apps/execmem.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.7.15/policy/modules/apps/execmem.te
 --- nsaserefpolicy/policy/modules/apps/execmem.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/execmem.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/execmem.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,11 @@
 +
 +policy_module(execmem, 1.0.0)
@@ -2377,16 +2195,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
 +type execmem_exec_t alias unconfined_execmem_exec_t;
 +application_executable_file(execmem_exec_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.7.14/policy/modules/apps/firewallgui.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.7.15/policy/modules/apps/firewallgui.fc
 --- nsaserefpolicy/policy/modules/apps/firewallgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/firewallgui.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/firewallgui.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,3 @@
 +
 +/usr/share/system-config-firewall/system-config-firewall-mechanism.py	--	gen_context(system_u:object_r:firewallgui_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.7.14/policy/modules/apps/firewallgui.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.7.15/policy/modules/apps/firewallgui.if
 --- nsaserefpolicy/policy/modules/apps/firewallgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/firewallgui.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/firewallgui.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,23 @@
 +
 +## <summary>policy for firewallgui</summary>
@@ -2411,9 +2229,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
 +	allow $1 firewallgui_t:dbus send_msg;
 +	allow firewallgui_t $1:dbus send_msg;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.7.14/policy/modules/apps/firewallgui.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.7.15/policy/modules/apps/firewallgui.te
 --- nsaserefpolicy/policy/modules/apps/firewallgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/firewallgui.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/firewallgui.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,66 @@
 +
 +policy_module(firewallgui,1.0.0)
@@ -2481,9 +2299,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
 +        policykit_dbus_chat(firewallgui_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.7.14/policy/modules/apps/gitosis.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.7.15/policy/modules/apps/gitosis.if
 --- nsaserefpolicy/policy/modules/apps/gitosis.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/gitosis.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/gitosis.if	2010-03-18 10:44:42.000000000 -0400
 @@ -43,3 +43,47 @@
  	role $2 types gitosis_t;
  ')
@@ -2532,9 +2350,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
 +        manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +	manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.7.14/policy/modules/apps/gnome.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.7.15/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/gnome.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/gnome.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -1,8 +1,28 @@
 -HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:gnome_home_t,s0)
 +HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:cache_home_t,s0)
@@ -2566,9 +2384,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
 +
 +/usr/libexec/gnome-system-monitor-mechanism 	--      gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.7.14/policy/modules/apps/gnome.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.7.15/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/gnome.if	2010-03-17 08:37:44.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/apps/gnome.if	2010-03-18 10:44:42.000000000 -0400
 @@ -74,6 +74,24 @@
  
  ########################################
@@ -2844,9 +2662,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
 +	allow $1 gconfdefaultsm_t:dbus send_msg;
 +	allow gconfdefaultsm_t $1:dbus send_msg;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.14/policy/modules/apps/gnome.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.15/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/gnome.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/gnome.te	2010-03-18 10:44:42.000000000 -0400
 @@ -7,18 +7,33 @@
  #
  
@@ -2995,18 +2813,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
 +        policykit_read_lib(gnomesystemmm_t)
 +        policykit_read_reload(gnomesystemmm_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.7.14/policy/modules/apps/gpg.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.7.15/policy/modules/apps/gpg.fc
 --- nsaserefpolicy/policy/modules/apps/gpg.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/gpg.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/gpg.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -1,4 +1,5 @@
  HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:gpg_secret_t,s0)
 +/root/\.gnupg(/.+)?		gen_context(system_u:object_r:gpg_secret_t,s0)
  
  /usr/bin/gpg(2)?	--	gen_context(system_u:object_r:gpg_exec_t,s0)
  /usr/bin/gpg-agent	--	gen_context(system_u:object_r:gpg_agent_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.7.14/policy/modules/apps/gpg.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.7.15/policy/modules/apps/gpg.if
 --- nsaserefpolicy/policy/modules/apps/gpg.if	2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/gpg.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/gpg.if	2010-03-18 10:44:42.000000000 -0400
 @@ -52,11 +52,8 @@
  
  	ifdef(`hide_broken_symptoms',`
@@ -3020,9 +2838,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
  	')
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.14/policy/modules/apps/gpg.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.15/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/gpg.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/gpg.te	2010-03-18 10:44:42.000000000 -0400
 @@ -20,6 +20,7 @@
  typealias gpg_t alias { auditadm_gpg_t secadm_gpg_t };
  application_domain(gpg_t, gpg_exec_t)
@@ -3079,9 +2897,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
  
  # rlimit: gpg-agent wants to prevent coredumps
  allow gpg_agent_t self:process setrlimit;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.7.14/policy/modules/apps/java.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.7.15/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/java.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/java.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -9,6 +9,7 @@
  #
  # /usr
@@ -3101,9 +2919,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
 +
 +/usr/java/eclipse[^/]*/eclipse	--	gen_context(system_u:object_r:java_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.7.14/policy/modules/apps/java.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.7.15/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/java.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/java.if	2010-03-18 10:44:42.000000000 -0400
 @@ -72,6 +72,7 @@
  
  	domain_interactive_fd($1_java_t)
@@ -3129,9 +2947,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.14/policy/modules/apps/java.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.15/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/java.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/java.te	2010-03-18 10:44:42.000000000 -0400
 @@ -147,6 +147,14 @@
  
  	init_dbus_chat_script(unconfined_java_t)
@@ -3147,21 +2965,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te 
 +		rpm_domtrans(unconfined_java_t)
 +	')
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.7.14/policy/modules/apps/kdumpgui.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.7.15/policy/modules/apps/kdumpgui.fc
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/kdumpgui.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/kdumpgui.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/share/system-config-kdump/system-config-kdump-backend.py -- gen_context(system_u:object_r:kdumpgui_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.7.14/policy/modules/apps/kdumpgui.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.7.15/policy/modules/apps/kdumpgui.if
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/kdumpgui.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/kdumpgui.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,2 @@
 +## <summary>system-config-kdump policy</summary>
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.7.14/policy/modules/apps/kdumpgui.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.7.15/policy/modules/apps/kdumpgui.te
 --- nsaserefpolicy/policy/modules/apps/kdumpgui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/kdumpgui.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/kdumpgui.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,68 @@
 +policy_module(kdumpgui,1.0.0)
 +
@@ -3231,15 +3049,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui
 +optional_policy(`
 +        policykit_dbus_chat(kdumpgui_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.7.14/policy/modules/apps/livecd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.7.15/policy/modules/apps/livecd.fc
 --- nsaserefpolicy/policy/modules/apps/livecd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/livecd.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/livecd.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.7.14/policy/modules/apps/livecd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.7.15/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/livecd.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/livecd.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,52 @@
 +
 +## <summary>policy for livecd</summary>
@@ -3293,9 +3111,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
 +	usermanage_run_chfn(livecd_t, $2)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.7.14/policy/modules/apps/livecd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.7.15/policy/modules/apps/livecd.te
 --- nsaserefpolicy/policy/modules/apps/livecd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/livecd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/livecd.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,27 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -3324,9 +3142,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
 +
 +seutil_domtrans_setfiles_mac(livecd_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-3.7.14/policy/modules/apps/loadkeys.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-3.7.15/policy/modules/apps/loadkeys.if
 --- nsaserefpolicy/policy/modules/apps/loadkeys.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/loadkeys.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/loadkeys.if	2010-03-18 10:44:42.000000000 -0400
 @@ -17,6 +17,9 @@
  
  	corecmd_search_bin($1)
@@ -3337,9 +3155,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.7.14/policy/modules/apps/loadkeys.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.7.15/policy/modules/apps/loadkeys.te
 --- nsaserefpolicy/policy/modules/apps/loadkeys.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/loadkeys.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/loadkeys.te	2010-03-18 10:44:42.000000000 -0400
 @@ -40,8 +40,12 @@
  miscfiles_read_localization(loadkeys_t)
  
@@ -3354,9 +3172,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
 +ifdef(`hide_broken_symptoms',`
 +	dev_dontaudit_rw_lvm_control(loadkeys_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.7.14/policy/modules/apps/mono.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.7.15/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/mono.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/mono.if	2010-03-18 10:44:42.000000000 -0400
 @@ -40,10 +40,10 @@
  	domain_interactive_fd($1_mono_t)
  	application_type($1_mono_t)
@@ -3369,9 +3187,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if 
  	allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
  
  	domtrans_pattern($3, mono_exec_t, $1_mono_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.7.14/policy/modules/apps/mozilla.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.7.15/policy/modules/apps/mozilla.fc
 --- nsaserefpolicy/policy/modules/apps/mozilla.fc	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/mozilla.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/mozilla.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -1,6 +1,7 @@
  HOME_DIR/\.galeon(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
  HOME_DIR/\.java(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
@@ -3388,9 +3206,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  /usr/bin/mozilla-[0-9].*	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
  /usr/bin/mozilla-bin-[0-9].*	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.7.14/policy/modules/apps/mozilla.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.7.15/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/mozilla.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/mozilla.if	2010-03-18 10:44:42.000000000 -0400
 @@ -48,6 +48,12 @@
  
  	mozilla_dbus_chat($2)
@@ -3471,9 +3289,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +	allow $2 mozilla_exec_t:file entrypoint;
 +	domtrans_pattern($1, mozilla_exec_t, $2)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.7.14/policy/modules/apps/mozilla.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.7.15/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/mozilla.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/mozilla.te	2010-03-18 10:44:42.000000000 -0400
 @@ -91,6 +91,7 @@
  corenet_raw_sendrecv_generic_node(mozilla_t)
  corenet_tcp_sendrecv_http_port(mozilla_t)
@@ -3532,9 +3350,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +optional_policy(`
  	thunderbird_domtrans(mozilla_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.7.14/policy/modules/apps/mplayer.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.7.15/policy/modules/apps/mplayer.if
 --- nsaserefpolicy/policy/modules/apps/mplayer.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/mplayer.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/mplayer.if	2010-03-18 10:44:42.000000000 -0400
 @@ -102,3 +102,39 @@
  	read_files_pattern($1, mplayer_home_t, mplayer_home_t)
  	userdom_search_user_home_dirs($1)
@@ -3575,9 +3393,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
 +	allow $2 mplayer_exec_t:file entrypoint;
 +	domtrans_pattern($1, mplayer_exec_t, $2)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.7.14/policy/modules/apps/nsplugin.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.7.15/policy/modules/apps/nsplugin.fc
 --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/nsplugin.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/nsplugin.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,10 @@
 +HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
 +HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -3589,9 +3407,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +/usr/lib(64)?/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
 +/usr/lib(64)?/nspluginwrapper/plugin-config	--	gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.7.14/policy/modules/apps/nsplugin.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.7.15/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/nsplugin.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/nsplugin.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,390 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -3983,9 +3801,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +	allow $2 nsplugin_exec_t:file entrypoint;
 +	domtrans_pattern($1, nsplugin_exec_t, $2)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.7.14/policy/modules/apps/nsplugin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.7.15/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/nsplugin.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/nsplugin.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,295 @@
 +
 +policy_module(nsplugin, 1.0.0)
@@ -4282,16 +4100,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.7.14/policy/modules/apps/openoffice.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.7.15/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/openoffice.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/openoffice.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,3 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.14/policy/modules/apps/openoffice.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.15/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/openoffice.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/openoffice.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,129 @@
 +## <summary>Openoffice</summary>
 +
@@ -4422,9 +4240,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +	allow $2 openoffice_exec_t:file entrypoint;
 +	domtrans_pattern($1, openoffice_exec_t, $2)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.14/policy/modules/apps/openoffice.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.15/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/openoffice.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/openoffice.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,17 @@
 +
 +policy_module(openoffice, 1.0.0)
@@ -4443,9 +4261,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +# Unconfined java local policy
 +#
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.14/policy/modules/apps/podsleuth.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.15/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/podsleuth.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/podsleuth.te	2010-03-18 10:44:42.000000000 -0400
 @@ -50,6 +50,7 @@
  fs_tmpfs_filetrans(podsleuth_t, podsleuth_tmpfs_t, { dir file lnk_file })
  
@@ -4469,51 +4287,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut
  
  optional_policy(`
  	dbus_system_bus_client(podsleuth_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.if serefpolicy-3.7.14/policy/modules/apps/ptchown.if
---- nsaserefpolicy/policy/modules/apps/ptchown.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/ptchown.if	2010-03-12 09:30:00.000000000 -0500
-@@ -18,3 +18,27 @@
- 	domtrans_pattern($1, ptchown_exec_t, ptchown_t)
- ')
- 
-+########################################
-+## <summary>
-+##	Execute ptchown in the ptchown domain, and
-+##	allow the specified role the ptchown domain.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <param name="role">
-+##	<summary>
-+##	The role to be allowed the ptchown domain.
-+##	</summary>
-+## </param>
-+#
-+interface(`ptchown_run',`
-+	gen_require(`
-+		type ptchown_t;
-+	')
-+
-+	ptchown_domtrans($1)
-+	role $2 types ptchown_t;
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.te serefpolicy-3.7.14/policy/modules/apps/ptchown.te
---- nsaserefpolicy/policy/modules/apps/ptchown.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/ptchown.te	2010-03-12 09:30:00.000000000 -0500
-@@ -24,6 +24,7 @@
- fs_rw_anon_inodefs_files(ptchown_t)
- 
- term_setattr_generic_ptys(ptchown_t)
-+term_getattr_all_ptys(ptchown_t)
- term_setattr_all_ptys(ptchown_t)
- term_use_generic_ptys(ptchown_t)
- term_use_ptmx(ptchown_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.fc serefpolicy-3.7.14/policy/modules/apps/pulseaudio.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.fc serefpolicy-3.7.15/policy/modules/apps/pulseaudio.fc
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/pulseaudio.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/pulseaudio.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -1 +1,9 @@
 +HOME_DIR/\.pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_home_t,s0)
 +HOME_DIR/\.pulse-cookie		gen_context(system_u:object_r:pulseaudio_home_t,s0)
@@ -4524,9 +4300,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
 +
  /usr/bin/pulseaudio	--	gen_context(system_u:object_r:pulseaudio_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.14/policy/modules/apps/pulseaudio.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.15/policy/modules/apps/pulseaudio.if
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/pulseaudio.if	2010-03-14 23:18:21.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/apps/pulseaudio.if	2010-03-18 10:44:42.000000000 -0400
 @@ -18,7 +18,7 @@
  interface(`pulseaudio_role',`
  	gen_require(`
@@ -4639,9 +4415,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
 -	allow $1 pulseaudio_t:unix_stream_socket connectto;
 +        stream_connect_pattern($1, pulseaudio_var_run_t, pulseaudio_var_run_t, pulseaudio_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.14/policy/modules/apps/pulseaudio.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.15/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/pulseaudio.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/pulseaudio.te	2010-03-18 10:44:42.000000000 -0400
 @@ -8,24 +8,52 @@
  
  type pulseaudio_t;
@@ -4730,9 +4506,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
 +	xserver_read_xdm_pid(pulseaudio_t)
 +	xserver_user_x_domain_template(pulseaudio, pulseaudio_t, pulseaudio_tmpfs_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.7.14/policy/modules/apps/qemu.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.7.15/policy/modules/apps/qemu.if
 --- nsaserefpolicy/policy/modules/apps/qemu.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/qemu.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/qemu.if	2010-03-18 10:44:42.000000000 -0400
 @@ -127,12 +127,14 @@
  template(`qemu_role',`
  	gen_require(`
@@ -4821,9 +4597,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if 
  	manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
  ')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.7.14/policy/modules/apps/qemu.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.7.15/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/qemu.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/qemu.te	2010-03-18 10:44:42.000000000 -0400
 @@ -50,6 +50,8 @@
  #
  # qemu local policy
@@ -4854,20 +4630,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te 
  	allow unconfined_qemu_t self:process { execstack execmem };
 +	allow unconfined_qemu_t qemu_exec_t:file execmod;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.7.14/policy/modules/apps/sambagui.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.7.15/policy/modules/apps/sambagui.fc
 --- nsaserefpolicy/policy/modules/apps/sambagui.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/sambagui.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/sambagui.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1 @@
 +/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.7.14/policy/modules/apps/sambagui.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.7.15/policy/modules/apps/sambagui.if
 --- nsaserefpolicy/policy/modules/apps/sambagui.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/sambagui.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/sambagui.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,2 @@
 +## <summary>system-config-samba policy</summary>
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.7.14/policy/modules/apps/sambagui.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.7.15/policy/modules/apps/sambagui.te
 --- nsaserefpolicy/policy/modules/apps/sambagui.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/sambagui.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/sambagui.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,66 @@
 +policy_module(sambagui,1.0.0)
 +
@@ -4935,14 +4711,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui
 +optional_policy(`
 +	policykit_dbus_chat(sambagui_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.7.14/policy/modules/apps/sandbox.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.7.15/policy/modules/apps/sandbox.fc
 --- nsaserefpolicy/policy/modules/apps/sandbox.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/sandbox.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/sandbox.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1 @@
 +# No types are sandbox_exec_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.14/policy/modules/apps/sandbox.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.15/policy/modules/apps/sandbox.if
 --- nsaserefpolicy/policy/modules/apps/sandbox.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/sandbox.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/sandbox.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,250 @@
 +
 +## <summary>policy for sandbox</summary>
@@ -5194,9 +4970,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +
 +	allow $1 sandbox_file_type:dir list_dir_perms;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.14/policy/modules/apps/sandbox.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.15/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/sandbox.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/sandbox.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,365 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
@@ -5563,20 +5339,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
 +optional_policy(`
 +	hal_dbus_chat(sandbox_net_client_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.7.14/policy/modules/apps/screen.if
---- nsaserefpolicy/policy/modules/apps/screen.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/screen.if	2010-03-12 09:30:00.000000000 -0500
-@@ -141,6 +141,7 @@
- 	userdom_create_user_pty($1_screen_t)
- 	userdom_user_home_domtrans($1_screen_t, $3)
- 	userdom_setattr_user_ptys($1_screen_t)
-+	userdom_setattr_user_ttys($1_screen_t)
- 
- 	tunable_policy(`use_samba_home_dirs',`
- 		fs_cifs_domtrans($1_screen_t, $3)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.14/policy/modules/apps/seunshare.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.15/policy/modules/apps/seunshare.if
 --- nsaserefpolicy/policy/modules/apps/seunshare.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/seunshare.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/seunshare.if	2010-03-18 10:44:42.000000000 -0400
 @@ -2,30 +2,12 @@
  
  ########################################
@@ -5680,9 +5445,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
 +		dontaudit $1_seunshare_t $3:socket_class_set { read write };
 +	')
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.14/policy/modules/apps/seunshare.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.15/policy/modules/apps/seunshare.te
 --- nsaserefpolicy/policy/modules/apps/seunshare.te	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/seunshare.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/seunshare.te	2010-03-18 10:44:42.000000000 -0400
 @@ -6,40 +6,39 @@
  # Declarations
  #
@@ -5741,9 +5506,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
 +		mozilla_dontaudit_manage_user_home_files(seunshare_domain)
  	')
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.7.14/policy/modules/apps/slocate.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.7.15/policy/modules/apps/slocate.te
 --- nsaserefpolicy/policy/modules/apps/slocate.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/slocate.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/slocate.te	2010-03-18 10:44:42.000000000 -0400
 @@ -30,6 +30,7 @@
  manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
  
@@ -5760,17 +5525,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
  
  # getpwnam
  auth_use_nsswitch(locate_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.7.14/policy/modules/apps/userhelper.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.7.15/policy/modules/apps/userhelper.fc
 --- nsaserefpolicy/policy/modules/apps/userhelper.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/userhelper.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/userhelper.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -7,3 +7,4 @@
  # /usr
  #
  /usr/sbin/userhelper		--	gen_context(system_u:object_r:userhelper_exec_t,s0)
 +/usr/bin/consolehelper		--	gen_context(system_u:object_r:consolehelper_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.7.14/policy/modules/apps/userhelper.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.7.15/policy/modules/apps/userhelper.if
 --- nsaserefpolicy/policy/modules/apps/userhelper.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/userhelper.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/userhelper.if	2010-03-18 10:44:42.000000000 -0400
 @@ -260,3 +260,51 @@
  
  	can_exec($1, userhelper_exec_t)
@@ -5823,9 +5588,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
 +		shutdown_send_sigchld($3)
 +	')
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.te serefpolicy-3.7.14/policy/modules/apps/userhelper.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.te serefpolicy-3.7.15/policy/modules/apps/userhelper.te
 --- nsaserefpolicy/policy/modules/apps/userhelper.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/userhelper.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/userhelper.te	2010-03-18 10:44:42.000000000 -0400
 @@ -7,9 +7,51 @@
  #
  
@@ -5878,9 +5643,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
 +optional_policy(`
 +	xserver_stream_connect(consolehelper_domain)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.7.14/policy/modules/apps/vmware.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.7.15/policy/modules/apps/vmware.if
 --- nsaserefpolicy/policy/modules/apps/vmware.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/vmware.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/vmware.if	2010-03-18 10:44:42.000000000 -0400
 @@ -84,3 +84,22 @@
  	logging_search_logs($1)
  	append_files_pattern($1, vmware_log_t, vmware_log_t)
@@ -5904,9 +5669,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.i
 +	can_exec($1, vmware_host_exec_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.14/policy/modules/apps/vmware.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.15/policy/modules/apps/vmware.te
 --- nsaserefpolicy/policy/modules/apps/vmware.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/vmware.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/vmware.te	2010-03-18 10:44:42.000000000 -0400
 @@ -29,6 +29,10 @@
  type vmware_host_exec_t;
  init_daemon_domain(vmware_host_t, vmware_host_exec_t)
@@ -5931,9 +5696,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t
  
  manage_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
  manage_sock_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.14/policy/modules/apps/wine.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.15/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/wine.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/wine.if	2010-03-18 10:44:42.000000000 -0400
 @@ -35,6 +35,8 @@
  	role $1 types wine_t;
  
@@ -5959,9 +5724,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if 
  
  	optional_policy(`
  		xserver_role($1_r, $1_wine_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.7.14/policy/modules/apps/wine.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.7.15/policy/modules/apps/wine.te
 --- nsaserefpolicy/policy/modules/apps/wine.te	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/apps/wine.te	2010-03-14 23:34:28.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/apps/wine.te	2010-03-18 10:44:42.000000000 -0400
 @@ -1,6 +1,14 @@
  
  policy_module(wine, 1.6.1)
@@ -6003,9 +5768,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te 
  	unconfined_domain_noaudit(wine_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.7.14/policy/modules/apps/wm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.7.15/policy/modules/apps/wm.if
 --- nsaserefpolicy/policy/modules/apps/wm.if	2009-07-27 18:11:17.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/apps/wm.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/apps/wm.if	2010-03-18 10:44:42.000000000 -0400
 @@ -30,6 +30,7 @@
  template(`wm_role_template',`
  	gen_require(`
@@ -6055,9 +5820,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.14/policy/modules/kernel/corecommands.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.15/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2010-03-05 17:14:56.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/corecommands.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/corecommands.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -147,6 +147,9 @@
  /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -6090,9 +5855,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +/usr/lib(64)?/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)
 +
 +/usr/lib(64)?/gimp/.*/plug-ins(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.14/policy/modules/kernel/corecommands.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.15/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2010-03-05 17:14:56.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/corecommands.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/corecommands.if	2010-03-18 10:44:42.000000000 -0400
 @@ -931,6 +931,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -6109,9 +5874,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  	manage_files_pattern($1, bin_t, exec_type)
  	manage_lnk_files_pattern($1, bin_t, bin_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.14/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2010-03-08 14:49:44.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/corenetwork.te.in	2010-03-16 10:29:41.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.15/policy/modules/kernel/corenetwork.te.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/corenetwork.te.in	2010-03-18 10:44:42.000000000 -0400
 @@ -65,6 +65,7 @@
  type server_packet_t, packet_type, server_packet_type;
  
@@ -6136,18 +5901,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(comsat, udp,512,s0)
  network_port(cvs, tcp,2401,s0, udp,2401,s0)
  network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, tcp,6780-6799,s0, udp,32771,s0)
-@@ -97,7 +100,10 @@
- network_port(dict, tcp,2628,s0)
+@@ -98,7 +101,9 @@
  network_port(distccd, tcp,3632,s0)
  network_port(dns, udp,53,s0, tcp,53,s0)
-+network_port(epmap, udp,135,s0, tcp,135,s0)
+ network_port(epmap, tcp,135,s0, udp,135,s0)
 +network_port(festival, tcp,1314,s0)
  network_port(fingerd, tcp,79,s0)
 +network_port(flash, tcp,843,s0, tcp,1935,s0, udp,1935,s0)
  network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
  network_port(ftp_data, tcp,20,s0)
  network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -131,12 +137,14 @@
+@@ -132,32 +137,43 @@
  network_port(ktalkd, udp,517,s0, udp,518,s0)
  network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
  network_port(lmtp, tcp,24,s0, udp,24,s0)
@@ -6162,7 +5926,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(munin, tcp,4949,s0, udp,4949,s0)
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
  portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
-@@ -145,18 +153,26 @@
+ network_port(mysqlmanagerd, tcp,2273,s0)
+ network_port(nessus, tcp,1241,s0)
++network_port(netport, tcp,3129,s0, udp,3129,s0)
  network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
  network_port(nmbd, udp,137,s0, udp,138,s0)
  network_port(ntp, udp,123,s0)
@@ -6189,7 +5955,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pulseaudio, tcp,4713,s0)
-@@ -176,16 +192,18 @@
+@@ -177,16 +193,18 @@
  network_port(rsync, tcp,873,s0, udp,873,s0)
  network_port(rwho, udp,513,s0)
  network_port(sap, tcp,9875,s0, udp,9875,s0)
@@ -6209,7 +5975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
  network_port(swat, tcp,901,s0)
  network_port(syslogd, udp,514,s0)
-@@ -200,7 +218,7 @@
+@@ -201,7 +219,7 @@
  network_port(varnishd, tcp,6081,s0, tcp,6082,s0)
  network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
  network_port(virt_migration, tcp,49152-49216,s0)
@@ -6218,9 +5984,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(wccp, udp,2048,s0)
  network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 )
  network_port(xdmcp, udp,177,s0, tcp,177,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.14/policy/modules/kernel/devices.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.15/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/devices.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/devices.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -108,6 +108,7 @@
  /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
  /dev/ub[a-c]		-c	gen_context(system_u:object_r:usb_device_t,s0)
@@ -6229,9 +5995,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/usblp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  ifdef(`distro_suse', `
  /dev/usbscanner		-c	gen_context(system_u:object_r:scanner_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.14/policy/modules/kernel/devices.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.15/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/devices.if	2010-03-14 23:46:26.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/devices.if	2010-03-18 10:44:42.000000000 -0400
 @@ -934,6 +934,42 @@
  
  ########################################
@@ -6333,9 +6099,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  ##	Mount a usbfs filesystem.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.14/policy/modules/kernel/devices.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.15/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/devices.te	2010-03-13 09:46:53.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/devices.te	2010-03-18 10:44:42.000000000 -0400
 @@ -210,7 +210,7 @@
  files_mountpoint(sysfs_t)
  fs_type(sysfs_t)
@@ -6366,9 +6132,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
  allow devices_unconfined_type mtrr_device_t:file *;
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.14/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/domain.if	2010-03-12 09:30:00.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.15/policy/modules/kernel/domain.if
+--- nsaserefpolicy/policy/modules/kernel/domain.if	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/domain.if	2010-03-18 10:44:42.000000000 -0400
 @@ -611,7 +611,7 @@
  
  ########################################
@@ -6387,105 +6153,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -831,6 +831,42 @@
- 
- ########################################
- ## <summary>
-+##	Get the process group ID of all domains.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`domain_getpgid_all_domains',`
-+	gen_require(`
-+		attribute domain;
-+	')
-+
-+	allow $1 domain:process getpgid;
-+')
-+
-+########################################
-+## <summary>
-+##	Get the scheduler information of all domains.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`domain_getsched_all_domains',`
-+	gen_require(`
-+		attribute domain;
-+	')
-+
-+	allow $1 domain:process getsched;
-+')
-+
-+########################################
-+## <summary>
- ##	Do not audit attempts to get the
- ##	session ID of all domains.
- ## </summary>
-@@ -1079,6 +1115,54 @@
- 
- ########################################
- ## <summary>
-+##	Get the attributes
-+##	of all domains unix datagram sockets.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`domain_getattr_all_stream_sockets',`
-+	gen_require(`
-+		attribute domain;
-+	')
-+
-+	allow $1 domain:unix_stream_socket getattr;
-+')
-+
-+########################################
-+## <summary>
-+##	Get the attributes of all domains
-+##	unnamed pipes.
-+## </summary>
-+## <desc>
-+##	<p>
-+##	Get the attributes of all domains
-+##	unnamed pipes.
-+##	</p>
-+##	<p>
-+##	This is commonly used for domains
-+##	that can use lsof on all domains.
-+##	</p>
-+## </desc>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`domain_getattr_all_pipes',`
-+	gen_require(`
-+		attribute domain;
-+	')
-+
-+	allow $1 domain:fifo_file getattr;
-+')
-+
-+########################################
-+## <summary>
- ##	Do not audit attempts to get the attributes
- ##	of all domains unnamed pipes.
- ## </summary>
-@@ -1288,18 +1372,34 @@
+@@ -1372,18 +1372,34 @@
  ##	</summary>
  ## </param>
  #
@@ -6523,7 +6191,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  ##	Allow specified type to receive labeled
  ##	networking packets from all domains, over
  ##	all protocols (TCP, UDP, etc)
-@@ -1320,6 +1420,24 @@
+@@ -1422,6 +1438,24 @@
  
  ########################################
  ## <summary>
@@ -6548,27 +6216,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  ##	Unconfined access to domains.
  ## </summary>
  ## <param name="domain">
-@@ -1344,3 +1462,39 @@
+@@ -1445,3 +1479,22 @@
+ 	typeattribute $1 set_curr_context;
  	typeattribute $1 process_uncond_exempt;
  ')
- 
-+########################################
-+## <summary>
-+##	Send generic signals to the unconfined domain.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`domain_unconfined_signal',`
-+	gen_require(`
-+		attribute unconfined_domain_type;
-+	')
-+
-+	allow $1 unconfined_domain_type:process signal;
-+')
 +
 +########################################
 +## <summary>
@@ -6588,9 +6239,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +
 +	dontaudit $1 domain:socket_class_set { read write };
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.14/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/kernel/domain.te	2010-03-12 09:30:00.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.15/policy/modules/kernel/domain.te
+--- nsaserefpolicy/policy/modules/kernel/domain.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/domain.te	2010-03-18 10:44:42.000000000 -0400
 @@ -5,6 +5,21 @@
  #
  # Declarations
@@ -6683,7 +6334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  # Act upon any other process.
  allow unconfined_domain_type domain:process ~{ transition dyntransition execmem execstack execheap };
  
-@@ -153,3 +187,75 @@
+@@ -153,3 +187,76 @@
  
  # receive from all domains over labeled networking
  domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -6717,6 +6368,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +optional_policy(`
 +	rpm_use_fds(domain)
 +	rpm_read_pipes(domain)
++	rpm_search_log(domain)
 +	rpm_append_tmp(domain)
 +	rpm_dontaudit_leaks(domain)
 +	rpm_read_script_tmp_files(domain)
@@ -6759,9 +6411,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +	userdom_relabelto_user_home_dirs(polydomain)
 +	userdom_relabelto_user_home_files(polydomain)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.14/policy/modules/kernel/files.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.15/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/kernel/files.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/files.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -18,6 +18,7 @@
  /fsckoptions 		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /halt			--	gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -6833,9 +6485,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  /var/lib(/.*)?			gen_context(system_u:object_r:var_lib_t,s0)
  
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.14/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/files.if	2010-03-17 08:58:55.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.15/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/files.if	2010-03-18 10:44:42.000000000 -0400
 @@ -1053,10 +1053,8 @@
  	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
  	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -7160,7 +6812,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -3502,6 +3711,64 @@
+@@ -3520,6 +3729,64 @@
  	allow $1 readable_t:sock_file read_sock_file_perms;
  ')
  
@@ -7225,7 +6877,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ########################################
  ## <summary>
  ##	Allow the specified type to associate
-@@ -3687,6 +3954,32 @@
+@@ -3705,6 +3972,32 @@
  
  ########################################
  ## <summary>
@@ -7258,7 +6910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Manage temporary files and directories in /tmp.
  ## </summary>
  ## <param name="domain">
-@@ -3900,6 +4193,13 @@
+@@ -3918,6 +4211,13 @@
  	delete_lnk_files_pattern($1, tmpfile, tmpfile)
  	delete_fifo_files_pattern($1, tmpfile, tmpfile)
  	delete_sock_files_pattern($1, tmpfile, tmpfile)
@@ -7272,7 +6924,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -4008,7 +4308,7 @@
+@@ -4026,7 +4326,7 @@
  		type usr_t;
  	')
  
@@ -7281,7 +6933,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -4089,6 +4389,24 @@
+@@ -4107,6 +4407,24 @@
  
  ########################################
  ## <summary>
@@ -7306,7 +6958,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	dontaudit write of /usr files
  ## </summary>
  ## <param name="domain">
-@@ -5014,6 +5332,25 @@
+@@ -5032,6 +5350,25 @@
  	search_dirs_pattern($1, var_t, var_run_t)
  ')
  
@@ -7332,7 +6984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ########################################
  ## <summary>
  ##	Do not audit attempts to search
-@@ -5073,6 +5410,24 @@
+@@ -5091,6 +5428,24 @@
  
  ########################################
  ## <summary>
@@ -7357,7 +7009,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Create an object in the process ID directory, with a private type.
  ## </summary>
  ## <desc>
-@@ -5148,6 +5503,24 @@
+@@ -5166,6 +5521,24 @@
  
  ########################################
  ## <summary>
@@ -7382,7 +7034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Do not audit attempts to write to daemon runtime data files.
  ## </summary>
  ## <param name="domain">
-@@ -5201,6 +5574,7 @@
+@@ -5219,6 +5592,7 @@
  
  	list_dirs_pattern($1, var_t, pidfile)
  	read_files_pattern($1, pidfile, pidfile)
@@ -7390,7 +7042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -5269,6 +5643,24 @@
+@@ -5287,6 +5661,24 @@
  
  ########################################
  ## <summary>
@@ -7415,7 +7067,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Search the contents of generic spool
  ##	directories (/var/spool).
  ## </summary>
-@@ -5457,12 +5849,15 @@
+@@ -5475,12 +5867,15 @@
  	allow $1 poly_t:dir { create mounton };
  	fs_unmount_xattr_fs($1)
  
@@ -7432,7 +7084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  	')
  ')
  
-@@ -5483,3 +5878,211 @@
+@@ -5501,3 +5896,211 @@
  
  	typeattribute $1 files_unconfined_type;
  ')
@@ -7644,9 +7296,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
 +	dontaudit $1 file_type:file rw_inherited_file_perms;
 +	dontaudit $1 file_type:lnk_file { read };
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.14/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/files.te	2010-03-13 09:49:26.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.15/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/files.te	2010-03-18 10:44:42.000000000 -0400
 @@ -12,6 +12,7 @@
  attribute mountpoint;
  attribute pidfile;
@@ -7679,9 +7331,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  
  ########################################
  #
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.14/policy/modules/kernel/filesystem.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.15/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2010-03-12 11:48:14.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/filesystem.if	2010-03-12 11:58:52.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/filesystem.if	2010-03-18 10:44:42.000000000 -0400
 @@ -1141,7 +1141,7 @@
  		type cifs_t;
  	')
@@ -7733,9 +7385,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +	dontaudit $1 filesystem_type:lnk_file { read };
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.14/policy/modules/kernel/filesystem.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.15/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2010-03-12 11:48:14.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/filesystem.te	2010-03-13 09:53:41.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/filesystem.te	2010-03-18 10:44:42.000000000 -0400
 @@ -172,6 +172,7 @@
  fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
  fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
@@ -7752,60 +7404,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  files_mountpoint(removable_t)
  
  #
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.14/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/kernel.if	2010-03-12 09:30:00.000000000 -0500
-@@ -144,6 +144,24 @@
- 
- ########################################
- ## <summary>
-+##	Send a kill signal to kernel threads.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the process sending the signal.
-+##	</summary>
-+## </param>
-+#
-+interface(`kernel_kill',`
-+	gen_require(`
-+		type kernel_t;
-+	')
-+
-+	allow $1 kernel_t:process sigkill;
-+')
-+
-+########################################
-+## <summary>
- ##	Send a generic signal to kernel threads.
- ## </summary>
- ## <param name="domain">
-@@ -612,6 +630,24 @@
- 
- ########################################
- ## <summary>
-+##	Do not audit attempts to search the kernel debugging filesystem.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`kernel_dontaudit_search_debugfs',`
-+	gen_require(`
-+		type debugfs_t;
-+	')
-+
-+	dontaudit $1 debugfs_t:dir search_dir_perms;
-+')
-+
-+########################################
-+## <summary>
- ##	Read information from the debugging filesystem.
- ## </summary>
- ## <param name="domain">
-@@ -1911,7 +1947,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.15/policy/modules/kernel/kernel.if
+--- nsaserefpolicy/policy/modules/kernel/kernel.if	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/kernel.if	2010-03-18 10:44:42.000000000 -0400
+@@ -1959,7 +1959,7 @@
  	')
  
  	dontaudit $1 sysctl_type:dir list_dir_perms;
@@ -7814,33 +7416,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ')
  
  ########################################
-@@ -1982,6 +2018,25 @@
- 
- ########################################
- ## <summary>
-+##	Mount a kernel unlabeled filesystem.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the domain mounting the filesystem.
-+##	</summary>
-+## </param>
-+#
-+interface(`kernel_mount_unlabeled',`
-+	gen_require(`
-+		type unlabeled_t;
-+	')
-+
-+	allow $1 unlabeled_t:filesystem mount;
-+')
-+
-+
-+########################################
-+## <summary>
- ##	Send general signals to unlabeled processes.
- ## </summary>
- ## <param name="domain">
-@@ -2725,6 +2780,24 @@
+@@ -2792,6 +2792,24 @@
  
  ########################################
  ## <summary>
@@ -7865,7 +7441,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ##	Unconfined access to kernel module resources.
  ## </summary>
  ## <param name="domain">
-@@ -2740,3 +2813,22 @@
+@@ -2807,3 +2825,22 @@
  
  	typeattribute $1 kern_unconfined;
  ')
@@ -7888,9 +7464,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
 +
 +	allow $1 kernel_t:unix_stream_socket connectto;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.7.14/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te	2010-03-04 08:02:45.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/kernel.te	2010-03-12 09:30:00.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.7.15/policy/modules/kernel/kernel.te
+--- nsaserefpolicy/policy/modules/kernel/kernel.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/kernel.te	2010-03-18 10:44:42.000000000 -0400
 @@ -64,6 +64,15 @@
  genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
  
@@ -7925,7 +7501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  
  corecmd_exec_shell(kernel_t)
  corecmd_list_bin(kernel_t)
-@@ -270,20 +281,27 @@
+@@ -270,6 +281,8 @@
  files_list_etc(kernel_t)
  files_list_home(kernel_t)
  files_read_usr_files(kernel_t)
@@ -7933,9 +7509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
 +files_manage_generic_spool_dirs(kernel_t)
  
  mcs_process_set_categories(kernel_t)
--mcs_killall(kernel_t)
  
- mls_process_read_up(kernel_t)
+@@ -277,12 +290,18 @@
  mls_process_write_down(kernel_t)
  mls_file_write_all_levels(kernel_t)
  mls_file_read_all_levels(kernel_t)
@@ -7954,7 +7529,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  optional_policy(`
  	hotplug_search_config(kernel_t)
  ')
-@@ -360,6 +378,10 @@
+@@ -359,6 +378,10 @@
  	unconfined_domain_noaudit(kernel_t)
  ')
  
@@ -7965,9 +7540,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ########################################
  #
  # Unlabeled process local policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.7.14/policy/modules/kernel/selinux.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.7.15/policy/modules/kernel/selinux.if
 --- nsaserefpolicy/policy/modules/kernel/selinux.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/kernel/selinux.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/kernel/selinux.if	2010-03-18 10:44:42.000000000 -0400
 @@ -40,7 +40,7 @@
  
  	# because of this statement, any module which
@@ -8025,9 +7600,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
 +	fs_type($1)
 +	mls_trusted_object($1)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.14/policy/modules/kernel/terminal.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.15/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/terminal.if	2010-03-16 14:27:31.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/kernel/terminal.if	2010-03-18 10:44:42.000000000 -0400
 @@ -292,9 +292,11 @@
  interface(`term_dontaudit_use_console',`
  	gen_require(`
@@ -8094,9 +7669,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.7.14/policy/modules/roles/auditadm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.7.15/policy/modules/roles/auditadm.te
 --- nsaserefpolicy/policy/modules/roles/auditadm.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/roles/auditadm.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/auditadm.te	2010-03-18 10:44:42.000000000 -0400
 @@ -33,6 +33,8 @@
  seutil_run_runinit(auditadm_t, auditadm_r)
  seutil_read_bin_policy(auditadm_t)
@@ -8106,9 +7681,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditad
  optional_policy(`
  	consoletype_exec(auditadm_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.7.14/policy/modules/roles/guest.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.7.15/policy/modules/roles/guest.te
 --- nsaserefpolicy/policy/modules/roles/guest.te	2010-03-05 17:14:56.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/guest.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/guest.te	2010-03-18 10:44:42.000000000 -0400
 @@ -16,6 +16,10 @@
  #
  
@@ -8126,9 +7701,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
  
 -#gen_user(guest_u,, guest_r, s0, s0)
 +gen_user(guest_u, user, guest_r, s0, s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.14/policy/modules/roles/staff.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.15/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2010-03-10 15:27:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/staff.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/staff.te	2010-03-18 10:44:42.000000000 -0400
 @@ -10,24 +10,50 @@
  
  userdom_unpriv_user_template(staff)
@@ -8307,9 +7882,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
 +')
 +
 +userhelper_console_role_template(staff, staff_t, staff_usertype)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.14/policy/modules/roles/sysadm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.15/policy/modules/roles/sysadm.te
 --- nsaserefpolicy/policy/modules/roles/sysadm.te	2010-02-17 10:37:39.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/sysadm.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/sysadm.te	2010-03-18 10:44:42.000000000 -0400
 @@ -15,7 +15,7 @@
  
  role sysadm_r;
@@ -8664,9 +8239,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
 +
 +init_script_role_transition(sysadm_r)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.7.14/policy/modules/roles/unconfineduser.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.7.15/policy/modules/roles/unconfineduser.fc
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/unconfineduser.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/unconfineduser.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,10 @@
 +# Add programs here which should not be confined by SELinux
 +# e.g.:
@@ -8678,9 +8253,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +
 +/usr/sbin/xrdp   --  gen_context(system_u:object_r:unconfined_exec_t,s0)
 +/usr/sbin/xrdp-sesman   --  gen_context(system_u:object_r:unconfined_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.7.14/policy/modules/roles/unconfineduser.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.7.15/policy/modules/roles/unconfineduser.if
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/unconfineduser.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/unconfineduser.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,667 @@
 +## <summary>Unconfiend user role</summary>
 +
@@ -9349,9 +8924,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +
 +	allow $1 unconfined_r;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.14/policy/modules/roles/unconfineduser.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.15/policy/modules/roles/unconfineduser.te
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/unconfineduser.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/unconfineduser.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,417 @@
 +policy_module(unconfineduser, 1.0.0)
 +
@@ -9770,9 +9345,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +#
 +
 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.7.14/policy/modules/roles/unprivuser.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.7.15/policy/modules/roles/unprivuser.te
 --- nsaserefpolicy/policy/modules/roles/unprivuser.te	2010-03-10 15:27:39.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/unprivuser.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/unprivuser.te	2010-03-18 10:44:42.000000000 -0400
 @@ -17,6 +17,7 @@
  	apache_role(user_r, user_t)
  ')
@@ -9820,9 +9395,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
  optional_policy(`
  	xserver_role(user_r, user_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.7.14/policy/modules/roles/xguest.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.7.15/policy/modules/roles/xguest.te
 --- nsaserefpolicy/policy/modules/roles/xguest.te	2010-03-10 15:28:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/roles/xguest.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/roles/xguest.te	2010-03-18 10:44:42.000000000 -0400
 @@ -15,7 +15,7 @@
  
  ## <desc>
@@ -9945,9 +9520,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.
  
 -#gen_user(xguest_u,, xguest_r, s0, s0)
 +gen_user(xguest_u, user, xguest_r, s0, s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.14/policy/modules/services/abrt.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.15/policy/modules/services/abrt.fc
 --- nsaserefpolicy/policy/modules/services/abrt.fc	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/abrt.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/abrt.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -1,11 +1,17 @@
  /etc/abrt(/.*)?			 gen_context(system_u:object_r:abrt_etc_t,s0)
  /etc/rc\.d/init\.d/abrt		--	gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
@@ -9967,9 +9542,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  /var/run/abrt\.pid		--	gen_context(system_u:object_r:abrt_var_run_t,s0)	
  /var/run/abrt\.lock		--	gen_context(system_u:object_r:abrt_var_run_t,s0)
 +/var/run/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.14/policy/modules/services/abrt.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.15/policy/modules/services/abrt.if
 --- nsaserefpolicy/policy/modules/services/abrt.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/abrt.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/abrt.if	2010-03-18 10:44:42.000000000 -0400
 @@ -19,6 +19,28 @@
  	domtrans_pattern($1, abrt_exec_t, abrt_t)
  ')
@@ -10134,9 +9709,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
  #####################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.14/policy/modules/services/abrt.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.15/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/abrt.te	2010-03-15 14:38:06.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/abrt.te	2010-03-18 10:44:42.000000000 -0400
 @@ -33,12 +33,24 @@
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
@@ -10342,9 +9917,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
 +	dev_dontaudit_write_all_blk_files(abrt_helper_t)
 +	fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.7.14/policy/modules/services/afs.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.7.15/policy/modules/services/afs.if
 --- nsaserefpolicy/policy/modules/services/afs.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/afs.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/afs.if	2010-03-18 10:44:42.000000000 -0400
 @@ -94,7 +94,7 @@
  #
  interface(`afs_admin',`
@@ -10354,9 +9929,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
  	')
  
  	allow $1 afs_t:process { ptrace signal_perms getattr };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.14/policy/modules/services/afs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.15/policy/modules/services/afs.te
 --- nsaserefpolicy/policy/modules/services/afs.te	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/afs.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/afs.te	2010-03-18 10:44:42.000000000 -0400
 @@ -71,8 +71,8 @@
  # afs client local policy
  #
@@ -10377,18 +9952,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
  ########################################
  #
  # AFS bossserver local policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.fc serefpolicy-3.7.14/policy/modules/services/aiccu.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.fc serefpolicy-3.7.15/policy/modules/services/aiccu.fc
 --- nsaserefpolicy/policy/modules/services/aiccu.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/aiccu.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/aiccu.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,5 @@
 +
 +/usr/sbin/aiccu	--	gen_context(system_u:object_r:aiccu_exec_t,s0)
 +
 +/etc/rc\.d/init\.d/aiccu	--	gen_context(system_u:object_r:aiccu_initrc_exec_t,s0)
 +/var/run/aiccu.pid		--	gen_context(system_u:object_r:aiccu_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.if serefpolicy-3.7.14/policy/modules/services/aiccu.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.if serefpolicy-3.7.15/policy/modules/services/aiccu.if
 --- nsaserefpolicy/policy/modules/services/aiccu.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/aiccu.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/aiccu.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,119 @@
 +
 +## <summary>policy for aiccu</summary>
@@ -10509,9 +10084,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
 +	aiccu_manage_var_run($1)
 +
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.7.14/policy/modules/services/aiccu.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.7.15/policy/modules/services/aiccu.te
 --- nsaserefpolicy/policy/modules/services/aiccu.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/aiccu.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/aiccu.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,41 @@
 +policy_module(aiccu,1.0.0)
 +
@@ -10554,9 +10129,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
 +manage_dirs_pattern(aiccu_t, aiccu_var_run_t,  aiccu_var_run_t)
 +manage_files_pattern(aiccu_t, aiccu_var_run_t,  aiccu_var_run_t)
 +files_pid_filetrans(aiccu_t, aiccu_var_run_t, { file dir })
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.7.14/policy/modules/services/aisexec.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.7.15/policy/modules/services/aisexec.fc
 --- nsaserefpolicy/policy/modules/services/aisexec.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/aisexec.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/aisexec.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,10 @@
 +
 +/etc/rc\.d/init\.d/openais             --      gen_context(system_u:object_r:aisexec_initrc_exec_t,s0)
@@ -10568,9 +10143,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
 +/var/log/cluster/aisexec\.log          --      gen_context(system_u:object_r:aisexec_var_log_t,s0)
 +
 +/var/run/aisexec\.pid                  --      gen_context(system_u:object_r:aisexec_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.7.14/policy/modules/services/aisexec.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.7.15/policy/modules/services/aisexec.if
 --- nsaserefpolicy/policy/modules/services/aisexec.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/aisexec.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/aisexec.if	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,106 @@
 +## <summary>SELinux policy for Aisexec Cluster Engine</summary>
 +
@@ -10678,9 +10253,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
 +
 +        admin_pattern($1, aisexec_tmpfs_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.7.14/policy/modules/services/aisexec.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.7.15/policy/modules/services/aisexec.te
 --- nsaserefpolicy/policy/modules/services/aisexec.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/aisexec.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/aisexec.te	2010-03-18 10:44:42.000000000 -0400
 @@ -0,0 +1,115 @@
 +
 +policy_module(aisexec,1.0.0)
@@ -10797,83 +10372,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
 +	groupd_rw_semaphores(aisexec_t)
 +	groupd_rw_shm(aisexec_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.7.14/policy/modules/services/amavis.if
---- nsaserefpolicy/policy/modules/services/amavis.if	2010-03-04 11:17:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/amavis.if	2010-03-12 09:30:00.000000000 -0500
-@@ -18,30 +18,11 @@
- 		type amavis_t, amavis_exec_t;
- 	')
- 
--	corecmd_search_bin($1)
- 	domtrans_pattern($1, amavis_exec_t, amavis_t)
- ')
- 
- ########################################
- ## <summary>
--##	Execute amavis server in the amavis domain.
--## </summary>
--## <param name="domain">
--##	<summary>
--##	Domain allowed access.
--##	</summary>
--## </param>
--#
--interface(`amavis_initrc_domtrans',`
--	gen_require(`
--		type amavis_initrc_exec_t;
--	')
--
--	init_labeled_script_domtrans($1, amavis_initrc_exec_t)
--')
--
--########################################
--## <summary>
- ##	Read amavis spool files.
- ## </summary>
- ## <param name="domain">
-@@ -228,13 +209,13 @@
- 		type amavis_t, amavis_tmp_t, amavis_var_log_t;
- 		type amavis_spool_t, amavis_var_lib_t, amavis_var_run_t;
- 		type amavis_etc_t, amavis_quarantine_t;
--		type amavis_initrc_exec_t;
-+ 		type amavis_initrc_exec_t;
- 	')
- 
- 	allow $1 amavis_t:process { ptrace signal_perms };
- 	ps_process_pattern($1, amavis_t)
- 
--	amavis_initrc_domtrans($1)
-+	init_labeled_script_domtrans($1, amavis_initrc_exec_t)
-  	domain_system_change_exemption($1)
-  	role_transition $2 amavis_initrc_exec_t system_r;
-  	allow $2 system_r;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.7.14/policy/modules/services/amavis.te
---- nsaserefpolicy/policy/modules/services/amavis.te	2010-03-04 11:17:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/amavis.te	2010-03-12 09:30:00.000000000 -0500
-@@ -1,5 +1,5 @@
- 
--policy_module(amavis, 1.10.2)
-+policy_module(amavis, 1.10.1)
- 
- ########################################
- #
-@@ -138,11 +138,13 @@
- 
- auth_dontaudit_read_shadow(amavis_t)
- 
-+init_read_utmp(amavis_t)
- init_stream_connect_script(amavis_t)
- 
- logging_send_syslog_msg(amavis_t)
- 
- miscfiles_read_localization(amavis_t)
-+miscfiles_read_certs(amavis_t)
- 
- sysnet_dns_name_resolve(amavis_t)
- sysnet_use_ldap(amavis_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.7.14/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.7.15/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/apache.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/apache.fc	2010-03-18 10:44:42.000000000 -0400
 @@ -2,12 +2,19 @@
  
  /etc/apache(2)?(/.*)?			gen_context(system_u:object_r:httpd_config_t,s0)
@@ -11001,9 +10502,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +/var/www/svn/hooks(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 +/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.14/policy/modules/services/apache.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.15/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/apache.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/apache.if	2010-03-18 10:44:42.000000000 -0400
 @@ -13,21 +13,17 @@
  #
  template(`apache_content_template',`
@@ -11712,9 +11213,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	dontaudit $1 httpd_t:unix_dgram_socket { read write };
 +	dontaudit $1 httpd_t:unix_stream_socket { read write };
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.14/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te	2010-03-09 19:04:58.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/apache.te	2010-03-17 09:55:47.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.15/policy/modules/services/apache.te
+--- nsaserefpolicy/policy/modules/services/apache.te	2010-03-18 06:48:02.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/apache.te	2010-03-18 10:44:42.000000000 -0400
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -11772,20 +11273,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ## Allow HTTPD scripts and modules to connect to databases over the network.
  ## </p>
  ## </desc>
-@@ -87,10 +110,10 @@
+@@ -87,6 +110,13 @@
  
  ## <desc>
  ## <p>
--## Allow httpd to manage modify performance limits
 +## Allow httpd to read user content 
++## </p>
++## </desc>
++gen_tunable(httpd_read_user_content, false)
++
++## <desc>
++## <p>
+ ## Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
  ## </p>
  ## </desc>
--gen_tunable(httpd_manage_limits, false)
-+gen_tunable(httpd_read_user_content, false)
- 
- ## <desc>
- ## <p>
-@@ -101,6 +124,13 @@
+@@ -94,6 +124,13 @@
  
  ## <desc>
  ## <p>
@@ -11799,7 +11301,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ## Unify HTTPD to communicate with the terminal.
  ## Needed for entering the passphrase for certificates at
  ## the terminal.
-@@ -115,6 +145,36 @@
+@@ -108,6 +145,36 @@
  ## </desc>
  gen_tunable(httpd_unified, false)
  
@@ -11836,7 +11338,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  attribute httpdcontent;
  attribute httpd_user_content_type;
  
-@@ -147,6 +207,9 @@
+@@ -140,6 +207,9 @@
  domain_entry_file(httpd_helper_t, httpd_helper_exec_t)
  role system_r types httpd_helper_t;
  
@@ -11846,7 +11348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  type httpd_lock_t;
  files_lock_file(httpd_lock_t)
  
-@@ -187,6 +250,10 @@
+@@ -180,6 +250,10 @@
  # setup the system domain for system CGI scripts
  apache_content_template(sys)
  
@@ -11857,7 +11359,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  type httpd_tmp_t;
  files_tmp_file(httpd_tmp_t)
  
-@@ -194,28 +261,28 @@
+@@ -187,28 +261,28 @@
  files_tmpfs_file(httpd_tmpfs_t)
  
  apache_content_template(user)
@@ -11899,7 +11401,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  # for apache2 memory mapped files
  type httpd_var_lib_t;
-@@ -237,7 +304,7 @@
+@@ -230,7 +304,7 @@
  # Apache server local policy
  #
  
@@ -11908,7 +11410,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  dontaudit httpd_t self:capability { net_admin sys_tty_config };
  allow httpd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow httpd_t self:fd use;
-@@ -256,6 +323,7 @@
+@@ -249,6 +323,7 @@
  manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
  manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
  manage_lnk_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
@@ -11916,7 +11418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  # Allow the httpd_t to read the web servers config files
  allow httpd_t httpd_config_t:dir list_dir_perms;
-@@ -279,6 +347,7 @@
+@@ -272,6 +347,7 @@
  allow httpd_t httpd_modules_t:dir list_dir_perms;
  mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
  read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
@@ -11924,7 +11426,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  apache_domtrans_rotatelogs(httpd_t)
  # Apache-httpd needs to be able to send signals to the log rotate procs.
-@@ -290,13 +359,14 @@
+@@ -283,13 +359,14 @@
  
  allow httpd_t httpd_suexec_exec_t:file read_file_perms;
  
@@ -11943,7 +11445,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  manage_dirs_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
  manage_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
-@@ -308,9 +378,11 @@
+@@ -301,9 +378,11 @@
  manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
  files_var_lib_filetrans(httpd_t, httpd_var_lib_t, file)
  
@@ -11956,7 +11458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  manage_dirs_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
  manage_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
-@@ -319,18 +391,21 @@
+@@ -312,18 +391,21 @@
  kernel_read_kernel_sysctls(httpd_t)
  # for modules that want to access /proc/meminfo
  kernel_read_system_state(httpd_t)
@@ -11983,7 +11485,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  corenet_sendrecv_http_server_packets(httpd_t)
  # Signal self for shutdown
  corenet_tcp_connect_http_port(httpd_t)
-@@ -342,15 +417,16 @@
+@@ -335,15 +417,16 @@
  
  fs_getattr_all_fs(httpd_t)
  fs_search_auto_mountpoints(httpd_t)
@@ -12003,7 +11505,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  files_read_usr_files(httpd_t)
  files_list_mnt(httpd_t)
  files_search_spool(httpd_t)
-@@ -365,6 +441,10 @@
+@@ -358,6 +441,10 @@
  files_read_var_lib_symlinks(httpd_t)
  
  fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -12014,7 +11516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  libs_read_lib_files(httpd_t)
  
-@@ -379,18 +459,33 @@
+@@ -372,18 +459,33 @@
  
  userdom_use_unpriv_users_fds(httpd_t)
  
@@ -12035,8 +11537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +## </desc>
 +gen_tunable(allow_httpd_mod_auth_pam, false)
 +
- tunable_policy(`allow_httpd_mod_auth_pam',`
--	auth_domtrans_chk_passwd(httpd_t)
++tunable_policy(`allow_httpd_mod_auth_pam',`
 +	auth_domtrans_chkpwd(httpd_t)
 +')
 +
@@ -12047,12 +11548,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +## </desc>
 +gen_tunable(allow_httpd_mod_auth_ntlm_winbind, false)
 +optional_policy(`
-+tunable_policy(`allow_httpd_mod_auth_pam',`
+ tunable_policy(`allow_httpd_mod_auth_pam',`
+-	auth_domtrans_chk_passwd(httpd_t)
 +		samba_domtrans_winbind_helper(httpd_t)
  ')
  ')
  
-@@ -398,32 +493,71 @@
+@@ -391,32 +493,71 @@
  	corenet_tcp_connect_all_ports(httpd_t)
  ')
  
@@ -12129,7 +11631,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -431,14 +565,21 @@
+@@ -424,11 +565,23 @@
  	fs_read_nfs_symlinks(httpd_t)
  ')
  
@@ -12144,17 +11646,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	fs_read_cifs_symlinks(httpd_t)
  ')
  
--tunable_policy(`httpd_manage_limits',`
--	allow httpd_t self:capability sys_resource;
--	allow httpd_t self:process setrlimit;
 +tunable_policy(`httpd_use_cifs',`
 +	fs_manage_cifs_dirs(httpd_t)
 +	fs_manage_cifs_files(httpd_t)
 +	fs_manage_cifs_symlinks(httpd_t)
- ')
- 
++')
++
  tunable_policy(`httpd_ssi_exec',`
-@@ -463,7 +604,18 @@
+ 	corecmd_shell_domtrans(httpd_t, httpd_sys_script_t)
+ 	allow httpd_sys_script_t httpd_t:fd use;
+@@ -451,7 +604,18 @@
  ')
  
  optional_policy(`
@@ -12173,7 +11674,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -475,8 +627,24 @@
+@@ -463,8 +627,24 @@
  ')
  
  optional_policy(`
@@ -12200,7 +11701,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -484,22 +652,19 @@
+@@ -472,22 +652,19 @@
  	mailman_domtrans_cgi(httpd_t)
  	# should have separate types for public and private archives
  	mailman_search_data(httpd_t)
@@ -12226,7 +11727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -510,12 +675,23 @@
+@@ -498,12 +675,23 @@
  ')
  
  optional_policy(`
@@ -12250,7 +11751,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	')
  ')
  
-@@ -524,6 +700,11 @@
+@@ -512,6 +700,11 @@
  ')
  
  optional_policy(`
@@ -12262,7 +11763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -551,6 +732,23 @@
+@@ -539,6 +732,23 @@
  
  userdom_use_user_terminals(httpd_helper_t)
  
@@ -12286,7 +11787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ########################################
  #
  # Apache PHP script local policy
-@@ -580,20 +778,32 @@
+@@ -568,20 +778,32 @@
  
  fs_search_auto_mountpoints(httpd_php_t)
  
@@ -12325,7 +11826,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -611,23 +821,24 @@
+@@ -599,23 +821,24 @@
  append_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
  read_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
  
@@ -12354,7 +11855,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -640,6 +851,7 @@
+@@ -628,6 +851,7 @@
  logging_send_syslog_msg(httpd_suexec_t)
  
  miscfiles_read_localization(httpd_suexec_t)
@@ -12362,7 +11863,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  tunable_policy(`httpd_can_network_connect',`
  	allow httpd_suexec_t self:tcp_socket create_stream_socket_perms;
-@@ -647,22 +859,31 @@
+@@ -635,22 +859,31 @@
  
  	corenet_all_recvfrom_unlabeled(httpd_suexec_t)
  	corenet_all_recvfrom_netlabel(httpd_suexec_t)
@@ -12401,7 +11902,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -688,16 +909,16 @@
+@@ -676,16 +909,16 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -12422,7 +11923,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
  
-@@ -712,15 +933,29 @@
+@@ -700,15 +933,29 @@
  files_search_var_lib(httpd_sys_script_t)
  files_search_spool(httpd_sys_script_t)
  
@@ -12454,7 +11955,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -728,6 +963,35 @@
+@@ -716,6 +963,35 @@
  	fs_read_nfs_symlinks(httpd_sys_script_t)
  ')
  
@@ -12490,7 +11991,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -740,6 +1004,10 @@
+@@ -728,6 +1004,10 @@
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -12501,7 +12002,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -751,6 +1019,8 @@
+@@ -739,6 +1019,8 @@
  # httpd_rotatelogs local policy
  #
  
@@ -12510,7 +12011,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
  
  kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-@@ -770,11 +1040,88 @@
+@@ -758,11 +1040,88 @@
  
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -12530,12 +12031,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	userdom_search_user_home_content(httpd_t)
 +	userdom_search_user_home_content(httpd_suexec_t)
 +	userdom_search_user_home_content(httpd_user_script_t)
-+')
+ ')
 +
 +tunable_policy(`httpd_read_user_content',`
 +	userdom_read_user_home_content_files(httpd_user_script_t)
 +	userdom_read_user_home_content_files(httpd_suexec_t)
- ')
++')
 +
 +tunable_policy(`httpd_read_user_content && httpd_builtin_scripting',`
 +	userdom_read_user_home_content_files(httpd_t)
@@ -12602,9 +12103,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +typealias httpd_sys_script_t      alias httpd_fastcgi_script_t;
 +typealias httpd_var_run_t         alias httpd_fastcgi_var_run_t;
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.7.14/policy/modules/services/apcupsd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.7.15/policy/modules/services/apcupsd.te
 --- nsaserefpolicy/policy/modules/services/apcupsd.te	2010-03-04 11:17:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/apcupsd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/apcupsd.te	2010-03-18 10:44:42.000000000 -0400
 @@ -95,6 +95,10 @@
  ')
  
@@ -12616,9 +12117,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
  	mta_send_mail(apcupsd_t)
  	mta_system_content(apcupsd_tmp_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.7.14/policy/modules/services/arpwatch.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.7.15/policy/modules/services/arpwatch.te
 --- nsaserefpolicy/policy/modules/services/arpwatch.te	2010-03-04 11:17:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/arpwatch.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/arpwatch.te	2010-03-18 10:44:42.000000000 -0400
 @@ -34,6 +34,7 @@
  allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
  allow arpwatch_t self:udp_socket create_socket_perms;
@@ -12644,9 +12145,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
  
  fs_getattr_all_fs(arpwatch_t)
  fs_search_auto_mountpoints(arpwatch_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.7.14/policy/modules/services/asterisk.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.7.15/policy/modules/services/asterisk.if
 --- nsaserefpolicy/policy/modules/services/asterisk.if	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/asterisk.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/asterisk.if	2010-03-18 10:44:43.000000000 -0400
 @@ -1,5 +1,24 @@
  ## <summary>Asterisk IP telephony server</summary>
  
@@ -12672,9 +12173,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
  #####################################
  ## <summary>
  ##	Connect to asterisk over a unix domain
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.14/policy/modules/services/asterisk.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.15/policy/modules/services/asterisk.te
 --- nsaserefpolicy/policy/modules/services/asterisk.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/asterisk.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/asterisk.te	2010-03-18 10:44:43.000000000 -0400
 @@ -40,12 +40,13 @@
  #
  
@@ -12775,18 +12276,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
 +	udev_read_db(asterisk_t)
  ')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.7.14/policy/modules/services/avahi.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.7.15/policy/modules/services/avahi.fc
 --- nsaserefpolicy/policy/modules/services/avahi.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/avahi.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/avahi.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -6,4 +6,4 @@
  
  /var/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
  
 -/usr/lib/avahi-autoipd(/.*)		gen_context(system_u:object_r:avahi_var_lib_t,s0)
 +/var/lib/avahi-autoipd(/.*)?		gen_context(system_u:object_r:avahi_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.7.14/policy/modules/services/avahi.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.7.15/policy/modules/services/avahi.if
 --- nsaserefpolicy/policy/modules/services/avahi.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/avahi.if	2010-03-14 23:10:43.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/avahi.if	2010-03-18 10:44:43.000000000 -0400
 @@ -90,6 +90,7 @@
  		class dbus send_msg;
  	')
@@ -12795,9 +12296,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
  	allow $1 avahi_t:dbus send_msg;
  	allow avahi_t $1:dbus send_msg;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.14/policy/modules/services/avahi.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.15/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2010-01-11 09:40:36.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/avahi.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/avahi.te	2010-03-18 10:44:43.000000000 -0400
 @@ -24,7 +24,7 @@
  # Local policy
  #
@@ -12842,9 +12343,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
  userdom_dontaudit_use_unpriv_user_fds(avahi_t)
  userdom_dontaudit_search_user_home_dirs(avahi_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.7.14/policy/modules/services/bind.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.7.15/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/bind.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/bind.if	2010-03-18 10:44:43.000000000 -0400
 @@ -253,7 +253,7 @@
  
  ########################################
@@ -12889,9 +12390,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  	domain_system_change_exemption($1)
  	role_transition $2 named_initrc_exec_t system_r;
  	allow $2 system_r;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.7.14/policy/modules/services/bind.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.7.15/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/bind.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/bind.te	2010-03-18 10:44:43.000000000 -0400
 @@ -142,11 +142,11 @@
  
  logging_send_syslog_msg(named_t)
@@ -12906,9 +12407,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  userdom_dontaudit_use_unpriv_user_fds(named_t)
  userdom_dontaudit_search_user_home_dirs(named_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.14/policy/modules/services/bluetooth.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.15/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/bluetooth.te	2010-03-12 12:36:31.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/bluetooth.te	2010-03-18 10:44:43.000000000 -0400
 @@ -54,7 +54,7 @@
  # Bluetooth services local policy
  #
@@ -12926,9 +12427,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
  
  corenet_all_recvfrom_unlabeled(bluetooth_t)
  corenet_all_recvfrom_netlabel(bluetooth_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.fc serefpolicy-3.7.14/policy/modules/services/boinc.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.fc serefpolicy-3.7.15/policy/modules/services/boinc.fc
 --- nsaserefpolicy/policy/modules/services/boinc.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/boinc.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/boinc.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,6 @@
 +
 +/etc/rc\.d/init\.d/boinc_client		--  gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
@@ -12936,9 +12437,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +/usr/bin/boinc_client				--	gen_context(system_u:object_r:boinc_exec_t,s0)
 +
 +/var/lib/boinc(/.*)?					gen_context(system_u:object_r:boinc_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.if serefpolicy-3.7.14/policy/modules/services/boinc.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.if serefpolicy-3.7.15/policy/modules/services/boinc.if
 --- nsaserefpolicy/policy/modules/services/boinc.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/boinc.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/boinc.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,151 @@
 +
 +## <summary>policy for boinc</summary>
@@ -13091,9 +12592,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +	files_list_var_lib($1)
 +	admin_pattern($1, boinc_var_lib_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.7.14/policy/modules/services/boinc.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.7.15/policy/modules/services/boinc.te
 --- nsaserefpolicy/policy/modules/services/boinc.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/boinc.te	2010-03-16 14:27:36.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/boinc.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,80 @@
 +
 +policy_module(boinc,1.0.0)
@@ -13175,9 +12676,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +
 +sysnet_dns_name_resolve(boinc_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.fc serefpolicy-3.7.14/policy/modules/services/cachefilesd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.fc serefpolicy-3.7.15/policy/modules/services/cachefilesd.fc
 --- nsaserefpolicy/policy/modules/services/cachefilesd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cachefilesd.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cachefilesd.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,28 @@
 +###############################################################################
 +#
@@ -13207,9 +12708,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
 +/var/fscache(/.*)?		gen_context(system_u:object_r:cachefiles_var_t,s0)
 +
 +/var/run/cachefilesd\.pid --	gen_context(system_u:object_r:cachefiles_var_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.if serefpolicy-3.7.14/policy/modules/services/cachefilesd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.if serefpolicy-3.7.15/policy/modules/services/cachefilesd.if
 --- nsaserefpolicy/policy/modules/services/cachefilesd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cachefilesd.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cachefilesd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,41 @@
 +###############################################################################
 +#
@@ -13252,9 +12753,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
 +	allow cachefilesd_t $1:fifo_file rw_file_perms;
 +	allow cachefilesd_t $1:process sigchld;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.te serefpolicy-3.7.14/policy/modules/services/cachefilesd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.te serefpolicy-3.7.15/policy/modules/services/cachefilesd.te
 --- nsaserefpolicy/policy/modules/services/cachefilesd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cachefilesd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cachefilesd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,146 @@
 +###############################################################################
 +#
@@ -13402,9 +12903,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
 +fs_getattr_xattr_fs(cachefiles_kernel_t)
 +
 +dev_search_sysfs(cachefiles_kernel_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.7.14/policy/modules/services/ccs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.7.15/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	2010-02-16 14:58:22.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ccs.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ccs.te	2010-03-18 10:44:43.000000000 -0400
 @@ -114,5 +114,10 @@
  ')
  
@@ -13416,19 +12917,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.
 +optional_policy(`
  	unconfined_use_fds(ccs_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.7.14/policy/modules/services/certmaster.fc
---- nsaserefpolicy/policy/modules/services/certmaster.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/certmaster.fc	2010-03-12 09:30:00.000000000 -0500
-@@ -3,5 +3,6 @@
- 
- /usr/bin/certmaster		--	gen_context(system_u:object_r:certmaster_exec_t,s0)
- 
-+/var/lib/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_lib_t,s0)
- /var/log/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_log_t,s0)
- /var/run/certmaster.*			gen_context(system_u:object_r:certmaster_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.fc serefpolicy-3.7.14/policy/modules/services/certmonger.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.fc serefpolicy-3.7.15/policy/modules/services/certmonger.fc
 --- nsaserefpolicy/policy/modules/services/certmonger.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/certmonger.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/certmonger.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,6 @@
 +/etc/rc\.d/init\.d/certmonger	--	gen_context(system_u:object_r:certmonger_initrc_exec_t,s0)
 +
@@ -13436,9 +12927,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
 +
 +/var/run/certmonger.pid		--	gen_context(system_u:object_r:certmonger_var_run_t,s0)
 +/var/lib/certmonger(/.*)?			gen_context(system_u:object_r:certmonger_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.if serefpolicy-3.7.14/policy/modules/services/certmonger.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.if serefpolicy-3.7.15/policy/modules/services/certmonger.if
 --- nsaserefpolicy/policy/modules/services/certmonger.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/certmonger.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/certmonger.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,217 @@
 +
 +## <summary>Certificate status monitor and PKI enrollment client</summary>
@@ -13657,9 +13148,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
 +	files_search_pids($1)
 +	admin_pattern($1, cermonger_var_run_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.te serefpolicy-3.7.14/policy/modules/services/certmonger.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.te serefpolicy-3.7.15/policy/modules/services/certmonger.te
 --- nsaserefpolicy/policy/modules/services/certmonger.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/certmonger.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/certmonger.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,74 @@
 +policy_module(certmonger,1.0.0)
 +
@@ -13735,9 +13226,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
 +optional_policy(`
 +	unconfined_dbus_send(certmonger_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.fc serefpolicy-3.7.14/policy/modules/services/cgroup.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.fc serefpolicy-3.7.15/policy/modules/services/cgroup.fc
 --- nsaserefpolicy/policy/modules/services/cgroup.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cgroup.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cgroup.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,7 @@
 +/etc/rc\.d/init\.d/cgconfig	-- gen_context(system_u:object_r:cgconfig_initrc_exec_t, s0)
 +/etc/rc\.d/init\.d/cgred	-- gen_context(system_u:object_r:cgred_initrc_exec_t, s0)
@@ -13746,9 +13237,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +/sbin/cgconfigparser		-- gen_context(system_u:object_r:cgconfigparser_exec_t, s0)
 +
 +/var/run/cgred.*		gen_context(system_u:object_r:cgred_var_run_t, s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.7.14/policy/modules/services/cgroup.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.7.15/policy/modules/services/cgroup.if
 --- nsaserefpolicy/policy/modules/services/cgroup.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cgroup.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cgroup.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,35 @@
 +## <summary>Control group rules engine daemon.</summary>
 +## <desc>
@@ -13785,9 +13276,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +	stream_connect_pattern($1, cgred_var_run_t, cgred_var_run_t, cgred_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.14/policy/modules/services/cgroup.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.15/policy/modules/services/cgroup.te
 --- nsaserefpolicy/policy/modules/services/cgroup.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cgroup.te	2010-03-12 12:05:49.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cgroup.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,87 @@
 +policy_module(cgroup, 1.0.0)
 +
@@ -13876,18 +13367,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +# /mnt/cgroups/cpu
 +kernel_list_unlabeled(cgconfigparser_t)
 +kernel_read_system_state(cgconfigparser_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.fc serefpolicy-3.7.14/policy/modules/services/chronyd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.fc serefpolicy-3.7.15/policy/modules/services/chronyd.fc
 --- nsaserefpolicy/policy/modules/services/chronyd.fc	2010-02-16 14:58:22.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/chronyd.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/chronyd.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,3 +1,5 @@
 +/etc/chrony\.keys		--	gen_context(system_u:object_r:chronyd_keys_t,s0)
 +
  /etc/rc\.d/init\.d/chronyd	--	gen_context(system_u:object_r:chronyd_initrc_exec_t,s0)
  
  /usr/sbin/chronyd		--	gen_context(system_u:object_r:chronyd_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.14/policy/modules/services/chronyd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.15/policy/modules/services/chronyd.if
 --- nsaserefpolicy/policy/modules/services/chronyd.if	2010-02-16 14:58:22.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/chronyd.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/chronyd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -77,7 +77,7 @@
  	gen_require(`
  		type chronyd_t, chronyd_var_log_t;
@@ -13906,9 +13397,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
  	logging_search_logs($1)
  	admin_pattern($1, chronyd_var_log_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.7.14/policy/modules/services/chronyd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.7.15/policy/modules/services/chronyd.te
 --- nsaserefpolicy/policy/modules/services/chronyd.te	2010-02-16 14:58:22.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/chronyd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/chronyd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -13,6 +13,9 @@
  type chronyd_initrc_exec_t;
  init_script_file(chronyd_initrc_exec_t)
@@ -13957,9 +13448,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
 +optional_policy(`
 +	gpsd_rw_shm(chronyd_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.14/policy/modules/services/clamav.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.15/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/clamav.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/clamav.te	2010-03-18 10:44:43.000000000 -0400
 @@ -57,6 +57,7 @@
  #
  
@@ -13983,17 +13474,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
  optional_policy(`
  	cron_system_entry(freshclam_t, freshclam_exec_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.7.14/policy/modules/services/clogd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.7.15/policy/modules/services/clogd.fc
 --- nsaserefpolicy/policy/modules/services/clogd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/clogd.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/clogd.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,4 @@
 +
 +/usr/sbin/clogd			--	gen_context(system_u:object_r:clogd_exec_t,s0)
 +
 +/var/run/clogd\.pid             --      gen_context(system_u:object_r:clogd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.7.14/policy/modules/services/clogd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.7.15/policy/modules/services/clogd.if
 --- nsaserefpolicy/policy/modules/services/clogd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/clogd.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/clogd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,82 @@
 +## <summary>clogd - clustered mirror log server</summary>
 +
@@ -14077,9 +13568,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
 +        fs_search_tmpfs($1)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.7.14/policy/modules/services/clogd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.7.15/policy/modules/services/clogd.te
 --- nsaserefpolicy/policy/modules/services/clogd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/clogd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/clogd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,65 @@
 +
 +policy_module(clogd,1.0.0)
@@ -14146,9 +13637,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.14/policy/modules/services/cobbler.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.15/policy/modules/services/cobbler.if
 --- nsaserefpolicy/policy/modules/services/cobbler.if	2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cobbler.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cobbler.if	2010-03-18 10:44:43.000000000 -0400
 @@ -173,9 +173,11 @@
  	files_list_var_lib($1)
  	admin_pattern($1, cobbler_var_lib_t)
@@ -14162,9 +13653,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
  	cobblerd_initrc_domtrans($1)
  	domain_system_change_exemption($1)
  	role_transition $2 cobblerd_initrc_exec_t system_r;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.7.14/policy/modules/services/cobbler.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.7.15/policy/modules/services/cobbler.te
 --- nsaserefpolicy/policy/modules/services/cobbler.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cobbler.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cobbler.te	2010-03-18 10:44:43.000000000 -0400
 @@ -40,6 +40,7 @@
  allow cobblerd_t self:fifo_file rw_fifo_file_perms;
  allow cobblerd_t self:tcp_socket create_stream_socket_perms;
@@ -14195,9 +13686,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
 +apache_content_template(cobbler)
 +manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t,  httpd_cobbler_content_rw_t)
 +manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t,  httpd_cobbler_content_rw_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.7.14/policy/modules/services/consolekit.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.7.15/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/consolekit.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/consolekit.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -2,4 +2,5 @@
  
  /var/log/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_log_t,s0)
@@ -14205,9 +13696,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 -/var/run/ConsoleKit(/.*)?	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
 +
 +/var/run/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.7.14/policy/modules/services/consolekit.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.7.15/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/consolekit.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/consolekit.if	2010-03-18 10:44:43.000000000 -0400
 @@ -57,3 +57,42 @@
  	read_files_pattern($1, consolekit_log_t, consolekit_log_t)
  	files_search_pids($1)
@@ -14251,9 +13742,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +	read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.14/policy/modules/services/consolekit.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.15/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/consolekit.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/consolekit.te	2010-03-18 10:44:43.000000000 -0400
 @@ -16,12 +16,15 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -14346,9 +13837,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +	unconfined_ptrace(consolekit_t)
  	unconfined_stream_connect(consolekit_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.7.14/policy/modules/services/corosync.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.7.15/policy/modules/services/corosync.fc
 --- nsaserefpolicy/policy/modules/services/corosync.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/corosync.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/corosync.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,14 @@
 +
 +/etc/rc\.d/init\.d/corosync     --      gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
@@ -14364,9 +13855,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
 +/var/run/cman_.*                -s      gen_context(system_u:object_r:corosync_var_run_t,s0)
 +/var/run/corosync\.pid          --      gen_context(system_u:object_r:corosync_var_run_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.7.14/policy/modules/services/corosync.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.7.15/policy/modules/services/corosync.if
 --- nsaserefpolicy/policy/modules/services/corosync.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/corosync.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/corosync.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,108 @@
 +## <summary>SELinux policy for Corosync Cluster Engine</summary>
 +
@@ -14476,9 +13967,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.14/policy/modules/services/corosync.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.15/policy/modules/services/corosync.te
 --- nsaserefpolicy/policy/modules/services/corosync.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/corosync.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/corosync.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,115 @@
 +
 +policy_module(corosync,1.0.0)
@@ -14595,9 +14086,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
 +optional_policy(`
 +	rgmanager_manage_tmpfs_files(corosync_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.7.14/policy/modules/services/cron.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.7.15/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/cron.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cron.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -14,7 +14,7 @@
  /var/run/anacron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
  /var/run/atd\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -14615,9 +14106,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/lib/glpi/files(/.*)?		gen_context(system_u:object_r:cron_var_lib_t,s0)
 +
 +/var/log/mcelog.*		--	gen_context(system_u:object_r:cron_log_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.14/policy/modules/services/cron.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.15/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/cron.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cron.if	2010-03-18 10:44:43.000000000 -0400
 @@ -12,6 +12,10 @@
  ## </param>
  #
@@ -14768,9 +14259,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +
 +	manage_files_pattern($1, system_cronjob_var_lib_t,  system_cronjob_var_lib_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.14/policy/modules/services/cron.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.15/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cron.te	2010-03-12 14:47:55.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cron.te	2010-03-18 10:44:43.000000000 -0400
 @@ -38,8 +38,10 @@
  type cron_var_lib_t;
  files_type(cron_var_lib_t)
@@ -15049,9 +14540,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  	unconfined_domain(system_cronjob_t)
  	userdom_user_home_dir_filetrans_user_home_content(system_cronjob_t, { dir file lnk_file fifo_file sock_file })
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.7.14/policy/modules/services/cups.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.7.15/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2009-07-28 15:51:13.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/cups.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cups.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -13,10 +13,14 @@
  /etc/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/rc\.d/init\.d/cups	--	gen_context(system_u:object_r:cupsd_initrc_exec_t,s0)
@@ -15098,9 +14589,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/local/Printer/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +
 +/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.14/policy/modules/services/cups.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.15/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/cups.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cups.te	2010-03-18 10:44:43.000000000 -0400
 @@ -23,6 +23,9 @@
  type cupsd_initrc_exec_t;
  init_script_file(cupsd_initrc_exec_t)
@@ -15350,9 +14841,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  dev_read_sysfs(hplip_t)
  dev_rw_printer(hplip_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.14/policy/modules/services/cvs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.15/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/cvs.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cvs.te	2010-03-18 10:44:43.000000000 -0400
 @@ -93,6 +93,7 @@
  auth_can_read_shadow_passwords(cvs_t)
  tunable_policy(`allow_cvs_read_shadow',`
@@ -15367,9 +14858,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
  	manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
 +	files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.7.14/policy/modules/services/cyrus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.7.15/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cyrus.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/cyrus.te	2010-03-18 10:44:43.000000000 -0400
 @@ -75,6 +75,7 @@
  corenet_tcp_bind_mail_port(cyrus_t)
  corenet_tcp_bind_lmtp_port(cyrus_t)
@@ -15386,9 +14877,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
  	snmp_read_snmp_var_lib_files(cyrus_t)
  	snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
  	snmp_stream_connect(cyrus_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.14/policy/modules/services/dbus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.15/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/dbus.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dbus.if	2010-03-18 10:44:43.000000000 -0400
 @@ -42,8 +42,10 @@
  	gen_require(`
  		class dbus { send_msg acquire_svc };
@@ -15524,9 +15015,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +	manage_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.7.14/policy/modules/services/dbus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.7.15/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/dbus.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dbus.te	2010-03-18 10:44:43.000000000 -0400
 @@ -86,6 +86,7 @@
  dev_read_sysfs(system_dbusd_t)
  
@@ -15585,9 +15076,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +	xserver_rw_xdm_pipes(session_bus_type)
 +	xserver_append_xdm_home_files(session_bus_type)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.7.14/policy/modules/services/dcc.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.7.15/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/dcc.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dcc.te	2010-03-18 10:44:43.000000000 -0400
 @@ -81,7 +81,7 @@
  # dcc daemon controller local policy
  #
@@ -15597,9 +15088,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
  allow cdcc_t self:unix_dgram_socket create_socket_perms;
  allow cdcc_t self:udp_socket create_socket_perms;
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.fc serefpolicy-3.7.14/policy/modules/services/denyhosts.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.fc serefpolicy-3.7.15/policy/modules/services/denyhosts.fc
 --- nsaserefpolicy/policy/modules/services/denyhosts.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/denyhosts.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/denyhosts.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,7 @@
 +/etc/rc\.d/init\.d/denyhosts		--		gen_context(system_u:object_r:denyhosts_initrc_exec_t, s0)
 +
@@ -15608,9 +15099,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
 +/var/lib/denyhosts(/.*)?					gen_context(system_u:object_r:denyhosts_var_lib_t, s0)
 +/var/lock/subsys/denyhosts			--		gen_context(system_u:object_r:denyhosts_var_lock_t, s0)
 +/var/log/denyhosts(/.*)?					gen_context(system_u:object_r:denyhosts_var_log_t, s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.if serefpolicy-3.7.14/policy/modules/services/denyhosts.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.if serefpolicy-3.7.15/policy/modules/services/denyhosts.if
 --- nsaserefpolicy/policy/modules/services/denyhosts.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/denyhosts.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/denyhosts.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,90 @@
 +## <summary>Deny Hosts.</summary>
 +## <desc>
@@ -15702,9 +15193,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
 +	ps_process_pattern($1, denyhosts_t)
 +	read_lnk_files_pattern($1, denyhosts_t, denyhosts_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.te serefpolicy-3.7.14/policy/modules/services/denyhosts.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.te serefpolicy-3.7.15/policy/modules/services/denyhosts.te
 --- nsaserefpolicy/policy/modules/services/denyhosts.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/denyhosts.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/denyhosts.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,72 @@
 +
 +policy_module(denyhosts, 1.0.0) 
@@ -15778,9 +15269,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
 +optional_policy(`
 +	cron_system_entry(denyhosts_t, denyhosts_exec_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.7.14/policy/modules/services/devicekit.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.7.15/policy/modules/services/devicekit.fc
 --- nsaserefpolicy/policy/modules/services/devicekit.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/devicekit.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/devicekit.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,8 +1,12 @@
  /usr/libexec/devkit-daemon	--	gen_context(system_u:object_r:devicekit_exec_t,s0)
  /usr/libexec/devkit-disks-daemon --	gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
@@ -15795,9 +15286,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
 -/var/run/DeviceKit-disk(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
 +/var/run/DeviceKit-disks(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
 +/var/run/udisks(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.7.14/policy/modules/services/devicekit.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.7.15/policy/modules/services/devicekit.if
 --- nsaserefpolicy/policy/modules/services/devicekit.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/devicekit.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/devicekit.if	2010-03-18 10:44:43.000000000 -0400
 @@ -139,6 +139,26 @@
  
  ########################################
@@ -15834,9 +15325,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
  	')
  
  	allow $1 devicekit_t:process { ptrace signal_perms getattr };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.14/policy/modules/services/devicekit.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.15/policy/modules/services/devicekit.te
 --- nsaserefpolicy/policy/modules/services/devicekit.te	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/devicekit.te	2010-03-17 08:59:10.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/devicekit.te	2010-03-18 10:44:43.000000000 -0400
 @@ -42,6 +42,8 @@
  
  files_read_etc_files(devicekit_t)
@@ -16063,9 +15554,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
 +optional_policy(`
  	vbetool_domtrans(devicekit_power_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.7.14/policy/modules/services/dhcp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.7.15/policy/modules/services/dhcp.te
 --- nsaserefpolicy/policy/modules/services/dhcp.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/dhcp.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dhcp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -112,6 +112,10 @@
  ')
  
@@ -16077,9 +15568,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
  	dbus_system_bus_client(dhcpd_t)
  	dbus_connect_system_bus(dhcpd_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.if serefpolicy-3.7.14/policy/modules/services/djbdns.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.if serefpolicy-3.7.15/policy/modules/services/djbdns.if
 --- nsaserefpolicy/policy/modules/services/djbdns.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/djbdns.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/djbdns.if	2010-03-18 10:44:43.000000000 -0400
 @@ -26,6 +26,8 @@
  	daemontools_read_svc(djbdns_$1_t)
  
@@ -16129,9 +15620,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd
 +
 +    allow $1 djbdns_tinydn_t:key link;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-3.7.14/policy/modules/services/djbdns.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-3.7.15/policy/modules/services/djbdns.te
 --- nsaserefpolicy/policy/modules/services/djbdns.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/djbdns.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/djbdns.te	2010-03-18 10:44:43.000000000 -0400
 @@ -42,3 +42,11 @@
  files_search_var(djbdns_axfrdns_t)
  
@@ -16144,9 +15635,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd
 +
 +init_dontaudit_use_script_fds(djbdns_tinydns_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.7.14/policy/modules/services/dnsmasq.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.7.15/policy/modules/services/dnsmasq.fc
 --- nsaserefpolicy/policy/modules/services/dnsmasq.fc	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/dnsmasq.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dnsmasq.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -6,5 +6,7 @@
  /var/lib/misc/dnsmasq\.leases	--	gen_context(system_u:object_r:dnsmasq_lease_t,s0)
  /var/lib/dnsmasq(/.*)?			gen_context(system_u:object_r:dnsmasq_lease_t,s0)
@@ -16155,9 +15646,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
 +
  /var/run/dnsmasq\.pid		--	gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
  /var/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.7.14/policy/modules/services/dnsmasq.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.7.15/policy/modules/services/dnsmasq.if
 --- nsaserefpolicy/policy/modules/services/dnsmasq.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/dnsmasq.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dnsmasq.if	2010-03-18 10:44:43.000000000 -0400
 @@ -111,7 +111,7 @@
  		type dnsmasq_etc_t;
  	')
@@ -16176,9 +15667,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
  	files_search_etc($1)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.7.14/policy/modules/services/dnsmasq.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.7.15/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/dnsmasq.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dnsmasq.te	2010-03-18 10:44:43.000000000 -0400
 @@ -19,6 +19,9 @@
  type dnsmasq_lease_t;
  files_type(dnsmasq_lease_t)
@@ -16234,9 +15725,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
  	seutil_sigchld_newrole(dnsmasq_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.7.14/policy/modules/services/dovecot.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.7.15/policy/modules/services/dovecot.fc
 --- nsaserefpolicy/policy/modules/services/dovecot.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/dovecot.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dovecot.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -34,6 +34,7 @@
  
  /var/lib/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_var_lib_t,s0)
@@ -16245,9 +15736,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  /var/log/dovecot\.log.*			gen_context(system_u:object_r:dovecot_var_log_t,s0)
  
  /var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.14/policy/modules/services/dovecot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.15/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/dovecot.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/dovecot.te	2010-03-18 10:44:43.000000000 -0400
 @@ -73,14 +73,21 @@
  
  can_exec(dovecot_t, dovecot_exec_t)
@@ -16365,35 +15856,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  	fs_manage_cifs_files(dovecot_t)
  	fs_manage_cifs_symlinks(dovecot_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.14/policy/modules/services/fail2ban.if
---- nsaserefpolicy/policy/modules/services/fail2ban.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/fail2ban.if	2010-03-12 09:30:00.000000000 -0500
-@@ -98,6 +98,46 @@
- 	allow $1 fail2ban_var_run_t:file read_file_perms;
- ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.15/policy/modules/services/fail2ban.if
+--- nsaserefpolicy/policy/modules/services/fail2ban.if	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/fail2ban.if	2010-03-18 10:44:43.000000000 -0400
+@@ -138,6 +138,26 @@
  
-+#####################################
-+## <summary>
-+##      Connect to fail2ban over a unix domain
-+##      stream socket.
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      Domain allowed access.
-+##      </summary>
-+## </param>
-+#
-+interface(`fail2ban_stream_connect',`
-+        gen_require(`
-+                type fail2ban_t, fail2ban_var_run_t;
-+        ')
-+
-+        files_search_pids($1)
-+        stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
-+')
-+
-+########################################
-+## <summary>
+ ########################################
+ ## <summary>
 +##	dontaudit read and write an leaked file descriptors
 +## </summary>
 +## <param name="domain">
@@ -16412,45 +15881,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +	dontaudit $1 fail2ban_t:unix_stream_socket { read write };
 +')
 +
- ########################################
- ## <summary>
- ##	All of the rules required to administrate 
-@@ -135,3 +175,21 @@
- 	files_list_pids($1)
- 	admin_pattern($1, fail2ban_var_run_t)
- ')
-+
 +########################################
 +## <summary>
-+##	Read and write to an fail2ban unix stream socket.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`fail2ban_rw_stream_sockets',`
-+	gen_require(`
-+		type fail2ban_t;
-+	')
-+
-+	allow $1 fail2ban_t:unix_stream_socket { getattr read write ioctl };
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.7.14/policy/modules/services/fetchmail.te
---- nsaserefpolicy/policy/modules/services/fetchmail.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/fetchmail.te	2010-03-12 09:30:00.000000000 -0500
-@@ -48,6 +48,7 @@
- kernel_dontaudit_read_system_state(fetchmail_t)
- 
- corecmd_exec_shell(fetchmail_t)
-+corecmd_exec_bin(fetchmail_t)
- 
- corenet_all_recvfrom_unlabeled(fetchmail_t)
- corenet_all_recvfrom_netlabel(fetchmail_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.7.14/policy/modules/services/fprintd.te
+ ##	All of the rules required to administrate 
+ ##	an fail2ban environment
+ ## </summary>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.7.15/policy/modules/services/fprintd.te
 --- nsaserefpolicy/policy/modules/services/fprintd.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/fprintd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/fprintd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -55,4 +55,6 @@
  	policykit_read_lib(fprintd_t)
  	policykit_dbus_chat(fprintd_t)
@@ -16458,9 +15896,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri
 +	policykit_dbus_chat_auth(fprintd_t)
  ')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.7.14/policy/modules/services/ftp.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.7.15/policy/modules/services/ftp.fc
 --- nsaserefpolicy/policy/modules/services/ftp.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ftp.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ftp.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -22,7 +22,7 @@
  #
  # /var
@@ -16470,9 +15908,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  /var/log/muddleftpd\.log.* --	gen_context(system_u:object_r:xferlog_t,s0)
  /var/log/proftpd(/.*)?		gen_context(system_u:object_r:xferlog_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.7.14/policy/modules/services/ftp.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.7.15/policy/modules/services/ftp.if
 --- nsaserefpolicy/policy/modules/services/ftp.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ftp.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ftp.if	2010-03-18 10:44:43.000000000 -0400
 @@ -115,6 +115,44 @@
  	role $2 types ftpdctl_t;
  ')
@@ -16518,9 +15956,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.14/policy/modules/services/ftp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.15/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ftp.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ftp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -41,11 +41,51 @@
  
  ## <desc>
@@ -16769,9 +16207,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +	fs_read_nfs_files(sftpd_t)
 +	fs_read_nfs_symlinks(ftpd_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.14/policy/modules/services/git.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.15/policy/modules/services/git.fc
 --- nsaserefpolicy/policy/modules/services/git.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/git.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/git.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,3 +1,16 @@
 -/var/cache/cgit(/.*)?		gen_context(system_u:object_r:httpd_git_script_rw_t,s0)
 -/var/lib/git(/.*)?		gen_context(system_u:object_r:httpd_git_content_t,s0)
@@ -16792,9 +16230,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +
 +/var/lib/git(/.*)?				gen_context(system_u:object_r:git_system_content_t, s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.14/policy/modules/services/git.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.15/policy/modules/services/git.if
 --- nsaserefpolicy/policy/modules/services/git.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/git.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/git.if	2010-03-18 10:44:43.000000000 -0400
 @@ -1 +1,535 @@
 -## <summary>GIT revision control system</summary>
 +## <summary>Git - Fast Version Control System.</summary>
@@ -17332,9 +16770,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +	userdom_search_user_home_dirs($1)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.14/policy/modules/services/git.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.15/policy/modules/services/git.te
 --- nsaserefpolicy/policy/modules/services/git.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/git.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/git.te	2010-03-18 10:44:43.000000000 -0400
 @@ -1,9 +1,182 @@
  
 -policy_module(git, 1.0)
@@ -17521,9 +16959,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 -apache_content_template(git)
 +#git_role_template(git_shell)
 +#gen_user(git_shell_u, user, git_shell_r, s0, s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.14/policy/modules/services/gpsd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.15/policy/modules/services/gpsd.te
 --- nsaserefpolicy/policy/modules/services/gpsd.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/gpsd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/gpsd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -25,7 +25,7 @@
  # gpsd local policy
  #
@@ -17533,9 +16971,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd
  allow gpsd_t self:process setsched;
  allow gpsd_t self:shm create_shm_perms;
  allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.14/policy/modules/services/hal.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.15/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/hal.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/hal.te	2010-03-18 10:44:43.000000000 -0400
 @@ -55,6 +55,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -17657,26 +17095,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ########################################
  #
  # Local hald dccm policy
-@@ -522,3 +550,4 @@
- optional_policy(`
- 	dbus_system_bus_client(hald_dccm_t)
- ')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/howl.te serefpolicy-3.7.14/policy/modules/services/howl.te
---- nsaserefpolicy/policy/modules/services/howl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/howl.te	2010-03-12 09:30:00.000000000 -0500
-@@ -30,7 +30,7 @@
- 
- kernel_read_network_state(howl_t)
- kernel_read_kernel_sysctls(howl_t)
--kernel_load_module(howl_t)
-+kernel_request_load_module(howl_t)
- kernel_list_proc(howl_t)
- kernel_read_proc_symlinks(howl_t)
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.fc serefpolicy-3.7.14/policy/modules/services/icecast.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.fc serefpolicy-3.7.15/policy/modules/services/icecast.fc
 --- nsaserefpolicy/policy/modules/services/icecast.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/icecast.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/icecast.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,7 @@
 +/etc/rc\.d/init\.d/icecast	--	gen_context(system_u:object_r:icecast_initrc_exec_t,s0)
 +
@@ -17685,9 +17106,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
 +/var/log/icecast(/.*)?			gen_context(system_u:object_r:icecast_log_t,s0)
 +
 +/var/run/icecast(/.*)?			gen_context(system_u:object_r:icecast_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.if serefpolicy-3.7.14/policy/modules/services/icecast.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.if serefpolicy-3.7.15/policy/modules/services/icecast.if
 --- nsaserefpolicy/policy/modules/services/icecast.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/icecast.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/icecast.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,199 @@
 +
 +## <summary> ShoutCast compatible streaming media server</summary>
@@ -17888,9 +17309,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
 +	icecast_manage_log($1)
 +
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.7.14/policy/modules/services/icecast.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.7.15/policy/modules/services/icecast.te
 --- nsaserefpolicy/policy/modules/services/icecast.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/icecast.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/icecast.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,59 @@
 +policy_module(icecast,1.0.0)
 +
@@ -17951,9 +17372,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
 +optional_policy(`
 +         rtkit_daemon_system_domain(icecast_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.7.14/policy/modules/services/inn.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.7.15/policy/modules/services/inn.te
 --- nsaserefpolicy/policy/modules/services/inn.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/inn.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/inn.te	2010-03-18 10:44:43.000000000 -0400
 @@ -106,6 +106,7 @@
  
  userdom_dontaudit_use_unpriv_user_fds(innd_t)
@@ -17962,9 +17383,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
  
  mta_send_mail(innd_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.14/policy/modules/services/kerberos.if
---- nsaserefpolicy/policy/modules/services/kerberos.if	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/kerberos.if	2010-03-12 09:30:00.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.15/policy/modules/services/kerberos.if
+--- nsaserefpolicy/policy/modules/services/kerberos.if	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/kerberos.if	2010-03-18 10:44:43.000000000 -0400
 @@ -74,7 +74,7 @@
  	')
  
@@ -17985,9 +17406,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  	tunable_policy(`allow_kerberos',`
  		allow $1 self:tcp_socket create_socket_perms;
  		allow $1 self:udp_socket create_socket_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.14/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/kerberos.te	2010-03-12 09:30:00.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.15/policy/modules/services/kerberos.te
+--- nsaserefpolicy/policy/modules/services/kerberos.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/kerberos.te	2010-03-18 10:44:43.000000000 -0400
 @@ -112,6 +112,7 @@
  
  kernel_read_kernel_sysctls(kadmind_t)
@@ -18005,18 +17426,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  
  allow kpropd_t krb5_keytab_t:file read_file_perms;
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.7.14/policy/modules/services/ksmtuned.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.7.15/policy/modules/services/ksmtuned.fc
 --- nsaserefpolicy/policy/modules/services/ksmtuned.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ksmtuned.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ksmtuned.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,5 @@
 +/etc/rc\.d/init\.d/ksmtuned	--	gen_context(system_u:object_r:ksmtuned_initrc_exec_t,s0)
 +
 +/usr/sbin/ksmtuned	--	gen_context(system_u:object_r:ksmtuned_exec_t,s0)
 +
 +/var/run/ksmtune\.pid		--	gen_context(system_u:object_r:ksmtuned_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.if serefpolicy-3.7.14/policy/modules/services/ksmtuned.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.if serefpolicy-3.7.15/policy/modules/services/ksmtuned.if
 --- nsaserefpolicy/policy/modules/services/ksmtuned.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ksmtuned.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ksmtuned.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,76 @@
 +
 +## <summary>policy for Kernel Samepage Merging (KSM) Tuning Daemon</summary>
@@ -18094,9 +17515,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
 +	allow $2 system_r;
 +
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.7.14/policy/modules/services/ksmtuned.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.7.15/policy/modules/services/ksmtuned.te
 --- nsaserefpolicy/policy/modules/services/ksmtuned.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ksmtuned.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ksmtuned.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,44 @@
 +policy_module(ksmtuned,1.0.0)
 +
@@ -18142,9 +17563,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
 +files_read_etc_files(ksmtuned_t)
 +
 +miscfiles_read_localization(ksmtuned_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.7.14/policy/modules/services/ldap.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.7.15/policy/modules/services/ldap.fc
 --- nsaserefpolicy/policy/modules/services/ldap.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ldap.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ldap.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,5 +1,7 @@
  
  /etc/ldap/slapd\.conf	--	gen_context(system_u:object_r:slapd_etc_t,s0)
@@ -18158,9 +17579,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  /var/run/slapd\.args	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
  /var/run/slapd\.pid	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
 +#/var/run/slapd.*	-s	gen_context(system_u:object_r:slapd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.7.14/policy/modules/services/ldap.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.7.15/policy/modules/services/ldap.if
 --- nsaserefpolicy/policy/modules/services/ldap.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ldap.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ldap.if	2010-03-18 10:44:43.000000000 -0400
 @@ -1,5 +1,43 @@
  ## <summary>OpenLDAP directory server</summary>
  
@@ -18205,9 +17626,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  ########################################
  ## <summary>
  ##	Read the contents of the OpenLDAP
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.7.14/policy/modules/services/ldap.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.7.15/policy/modules/services/ldap.te
 --- nsaserefpolicy/policy/modules/services/ldap.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ldap.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ldap.te	2010-03-18 10:44:43.000000000 -0400
 @@ -28,9 +28,15 @@
  type slapd_replog_t;
  files_type(slapd_replog_t)
@@ -18242,9 +17663,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  manage_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
  manage_sock_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
  files_pid_filetrans(slapd_t, slapd_var_run_t, { file sock_file })
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.7.14/policy/modules/services/lircd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.7.15/policy/modules/services/lircd.te
 --- nsaserefpolicy/policy/modules/services/lircd.te	2010-01-11 09:40:36.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/lircd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/lircd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -24,8 +24,11 @@
  # lircd local policy
  #
@@ -18293,33 +17714,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
 +
 +sysnet_dns_name_resolve(lircd_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.7.14/policy/modules/services/mailman.fc
---- nsaserefpolicy/policy/modules/services/mailman.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/mailman.fc	2010-03-12 09:30:00.000000000 -0500
-@@ -1,4 +1,4 @@
--/usr/lib/mailman/bin/mailmanctl	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-+/usr/lib(64)?/mailman/bin/mailmanctl	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
- /usr/lib/mailman/cron/.*	--	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
- 
- /var/lib/mailman(/.*)?			gen_context(system_u:object_r:mailman_data_t,s0)
-@@ -25,10 +25,10 @@
- ifdef(`distro_redhat', `
- /etc/mailman(/.*)?			gen_context(system_u:object_r:mailman_data_t,s0)
- 
--/usr/lib/mailman/bin/qrunner	--	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
--/usr/lib/mailman/cgi-bin/.*	--	gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
--/usr/lib/mailman/mail/mailman	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
--/usr/lib/mailman/scripts/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-+/usr/lib(64)?/mailman/bin/qrunner	--	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-+/usr/lib(64)?/mailman/cgi-bin/.*	--	gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
-+/usr/lib(64)?/mailman/mail/mailman	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-+/usr/lib(64)?/mailman/scripts/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
- 
- /var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.7.14/policy/modules/services/memcached.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.7.15/policy/modules/services/memcached.te
 --- nsaserefpolicy/policy/modules/services/memcached.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/memcached.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/memcached.te	2010-03-18 10:44:43.000000000 -0400
 @@ -22,9 +22,12 @@
  #
  
@@ -18350,9 +17747,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memc
 +term_dontaudit_use_all_ptys(memcached_t)
 +term_dontaudit_use_all_ttys(memcached_t)
 +term_dontaudit_use_console(memcached_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.14/policy/modules/services/modemmanager.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.15/policy/modules/services/modemmanager.te
 --- nsaserefpolicy/policy/modules/services/modemmanager.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/modemmanager.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/modemmanager.te	2010-03-18 10:44:43.000000000 -0400
 @@ -16,8 +16,8 @@
  #
  # ModemManager local policy
@@ -18372,9 +17769,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mode
  term_use_unallocated_ttys(modemmanager_t)
  
  miscfiles_read_localization(modemmanager_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.7.14/policy/modules/services/mta.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.7.15/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/mta.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/mta.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -13,6 +13,8 @@
  
  /usr/bin/esmtp			-- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -18384,9 +17781,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  /usr/lib(64)?/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
  /usr/lib/courier/bin/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.7.14/policy/modules/services/mta.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.7.15/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/mta.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/mta.if	2010-03-18 10:44:43.000000000 -0400
 @@ -220,6 +220,25 @@
  	application_executable_file($1)
  ')
@@ -18502,9 +17899,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ##	Read the mail queue.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.14/policy/modules/services/mta.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.15/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/mta.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/mta.te	2010-03-18 10:44:43.000000000 -0400
 @@ -63,6 +63,9 @@
  
  can_exec(system_mail_t, mta_exec_type)
@@ -18559,7 +17956,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ')
  
  optional_policy(`
-@@ -185,6 +197,10 @@
+@@ -142,6 +154,10 @@
+ ')
+ 
+ optional_policy(`
++	munin_dontaudit_leaks(system_mail_t)
++')
++
++optional_policy(`
+ 	nagios_read_tmp_files(system_mail_t)
+ ')
+ 
+@@ -185,6 +201,10 @@
  ')
  
  optional_policy(`
@@ -18570,7 +17978,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  	smartmon_read_tmp_files(system_mail_t)
  ')
  
-@@ -216,6 +232,7 @@
+@@ -216,6 +236,7 @@
  create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
  read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
  
@@ -18578,20 +17986,180 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  read_files_pattern(mailserver_delivery, mail_forward_t, mail_forward_t)
  
  read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.7.14/policy/modules/services/munin.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.7.15/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/munin.fc	2010-03-12 09:30:00.000000000 -0500
-@@ -9,3 +9,6 @@
++++ serefpolicy-3.7.15/policy/modules/services/munin.fc	2010-03-18 10:44:43.000000000 -0400
+@@ -6,6 +6,64 @@
+ /usr/share/munin/munin-.*	--	gen_context(system_u:object_r:munin_exec_t,s0)
+ /usr/share/munin/plugins/.*	--	gen_context(system_u:object_r:munin_exec_t,s0)
+ 
++# disk plugins
++/usr/share/munin/plugins/diskstat.* --  gen_context(system_u:object_r:munin_disk_plugin_exec_t,s0)
++/usr/share/munin/plugins/df.*		--	gen_context(system_u:object_r:munin_disk_plugin_exec_t,s0)
++/usr/share/munin/plugins/hddtemp.*	--	gen_context(system_u:object_r:munin_disk_plugin_exec_t,s0)
++/usr/share/munin/plugins/smart_.*	--	gen_context(system_u:object_r:munin_disk_plugin_exec_t,s0)
++
++# mail plugins
++/usr/share/munin/plugins/courier_mta_.*	--	gen_context(system_u:object_r:munin_mail_plugin_exec_t,s0)
++/usr/share/munin/plugins/exim_mail.*	--	gen_context(system_u:object_r:munin_mail_plugin_exec_t,s0)
++/usr/share/munin/plugins/mailman		--	gen_context(system_u:object_r:munin_mail_plugin_exec_t,s0)
++/usr/share/munin/plugins/mailscanner	--	gen_context(system_u:object_r:munin_mail_plugin_exec_t,s0)
++/usr/share/munin/plugins/postfix_mail.*	--	gen_context(system_u:object_r:munin_mail_plugin_exec_t,s0)
++/usr/share/munin/plugins/sendmail_.*    --	gen_context(system_u:object_r:munin_mail_plugin_exec_t,s0)
++/usr/share/munin/plugins/qmail.* 		--	gen_context(system_u:object_r:munin_mail_plugin_exec_t,s0)
++
++# services plugins
++/usr/share/munin/plugins/apache_.*		--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/asterisk_.*	--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/http_loadtime	--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/fail2ban		--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/lpstat			--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/mysql_.*		--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/named			--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/ntp_.*			--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/nut.*         	--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/openvpn		--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/ping_ 	        --	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/postgres_.*	--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/samba			--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/slapd_.*		--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/snmp_.*     	--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/squid_.*     	--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/tomcat_.*     	--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++/usr/share/munin/plugins/varnish_.*		--	gen_context(system_u:object_r:munin_services_plugin_exec_t,s0)
++
++# system plugins
++/usr/share/munin/plugins/acpi		--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/cpu.*		--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/forks   	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/if_.* 		--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/iostat.*   --	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/interrupts --	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/irqstats   --	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/load	    --	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/memory		--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/netstat	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/nfs.*	 	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/open_files	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/proc_pri	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/processes 	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/swap		--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/threads 	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/uptime		--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/users	 	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++/usr/share/munin/plugins/yum      	--	gen_context(system_u:object_r:munin_system_plugin_exec_t,s0)
++
  /var/lib/munin(/.*)?			gen_context(system_u:object_r:munin_var_lib_t,s0)
  /var/log/munin.*			gen_context(system_u:object_r:munin_log_t,s0)
  /var/run/munin(/.*)?			gen_context(system_u:object_r:munin_var_run_t,s0)
 +/var/www/html/munin(/.*)?		gen_context(system_u:object_r:httpd_munin_content_t,s0)
 +/var/www/html/munin/cgi(/.*)?		gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.7.15/policy/modules/services/munin.if
+--- nsaserefpolicy/policy/modules/services/munin.if	2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/munin.if	2010-03-18 10:44:43.000000000 -0400
+@@ -43,6 +43,24 @@
+ 	files_search_etc($1)
+ ')
+ 
++######################################
++## <summary>
++##  dontaudit read and write an leaked file descriptors
++## </summary>
++## <param name="domain">
++##  <summary>
++##  The type of the process performing this action.
++##  </summary>
++## </param>
++#
++interface(`munin_dontaudit_leaks',`
++    gen_require(`
++        type munin_t;
++    ')
++
++    dontaudit $1 munin_t:tcp_socket { read write };
++')
++
+ #######################################
+ ## <summary>
+ ##	Append to the munin log.
+@@ -102,6 +120,54 @@
+ 	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
+ ')
+ 
++######################################
++## <summary>
++##  Create a set of derived types for various
++##  munin plugins,
++## </summary>
++## <param name="plugins_group_name">
++##  <summary>
++##  The name to be used for deriving type names.
++##  </summary>
++## </param>
++#
++template(`munin_plugin_template',`
++
++	gen_require(`
++		type munin_t, munin_exec_t;
++		type munin_etc_t;
++	')
++
++	type munin_$1_plugin_t;
++	type munin_$1_plugin_exec_t;
++	application_domain(munin_$1_plugin_t, munin_$1_plugin_exec_t)
++	role system_r types munin_$1_plugin_t;
++
++	type munin_$1_plugin_tmp_t;
++	files_tmp_file(munin_$1_plugin_tmp_t)
++
++	allow munin_$1_plugin_t self:fifo_file rw_fifo_file_perms;
++
++	manage_files_pattern(munin_$1_plugin_t, munin_$1_plugin_tmp_t, munin_$1_plugin_tmp_t)
++	manage_dirs_pattern(munin_$1_plugin_t, munin_$1_plugin_tmp_t, munin_$1_plugin_tmp_t)
++	files_tmp_filetrans(munin_$1_plugin_t, munin_$1_plugin_tmp_t, { dir file })
++
++	# automatic transition rules from munin domain
++	# to specific munin plugin domain
++	domtrans_pattern(munin_t, munin_$1_plugin_exec_t, munin_$1_plugin_t)
++	
++	allow munin_$1_plugin_t munin_exec_t:file read_file_perms;
++	allow munin_$1_plugin_t munin_t:tcp_socket rw_socket_perms;
++	
++	read_lnk_files_pattern(munin_$1_plugin_t, munin_etc_t, munin_etc_t)
++
++	kernel_read_system_state(munin_$1_plugin_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.14/policy/modules/services/munin.te
++	corecmd_exec_bin(munin_$1_plugin_t)
++
++	miscfiles_read_localization(munin_$1_plugin_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	All of the rules required to administrate 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.15/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/munin.te	2010-03-12 09:30:00.000000000 -0500
-@@ -33,7 +33,7 @@
++++ serefpolicy-3.7.15/policy/modules/services/munin.te	2010-03-18 10:44:43.000000000 -0400
+@@ -28,12 +28,26 @@
+ type munin_var_run_t alias lrrd_var_run_t;
+ files_pid_file(munin_var_run_t)
+ 
++# munin plugins declaration
++
++munin_plugin_template(disk)
++permissive munin_disk_plugin_t;
++
++munin_plugin_template(mail)
++permissive munin_mail_plugin_t;
++
++munin_plugin_template(services)
++permissive munin_services_plugin_t;
++
++munin_plugin_template(system)
++permissive munin_system_plugin_t;
++
+ ########################################
+ #
  # Local policy
  #
  
@@ -18600,7 +18168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  dontaudit munin_t self:capability sys_tty_config;
  allow munin_t self:process { getsched setsched signal_perms };
  allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
-@@ -55,7 +55,8 @@
+@@ -55,7 +69,8 @@
  
  manage_dirs_pattern(munin_t, munin_tmp_t, munin_tmp_t)
  manage_files_pattern(munin_t, munin_tmp_t, munin_tmp_t)
@@ -18610,16 +18178,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  
  # Allow access to the munin databases
  manage_dirs_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
-@@ -103,6 +104,8 @@
- 
- auth_use_nsswitch(munin_t)
- 
-+init_read_utmp(munin_t)
-+
- logging_send_syslog_msg(munin_t)
- logging_read_all_logs(munin_t)
- 
-@@ -131,8 +134,13 @@
+@@ -131,8 +146,13 @@
  ')
  
  optional_policy(`
@@ -18633,7 +18192,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  	mta_read_queue(munin_t)
  ')
  
-@@ -147,6 +155,7 @@
+@@ -147,6 +167,7 @@
  
  optional_policy(`
  	postfix_list_spool(munin_t)
@@ -18641,9 +18200,156 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.14/policy/modules/services/mysql.te
+@@ -164,3 +185,146 @@
+ optional_policy(`
+ 	udev_read_db(munin_t)
+ ')
++
++###################################
++#
++# local policy for disk plugins 
++#
++
++allow munin_disk_plugin_t self:tcp_socket create_stream_socket_perms;
++
++rw_files_pattern(munin_disk_plugin_t, munin_var_lib_t, munin_var_lib_t)
++
++corenet_tcp_connect_hddtemp_port(munin_disk_plugin_t)
++
++corecmd_exec_shell(munin_disk_plugin_t)
++
++files_read_etc_files(munin_disk_plugin_t)
++files_read_etc_runtime_files(munin_disk_plugin_t)
++
++fs_getattr_all_fs(munin_disk_plugin_t)
++
++dev_read_sysfs(munin_disk_plugin_t)
++dev_read_urand(munin_disk_plugin_t)
++
++storage_getattr_fixed_disk_dev(munin_disk_plugin_t)
++
++sysnet_read_config(munin_disk_plugin_t)
++
++optional_policy(`
++    hddtemp_exec(munin_disk_plugin_t)
++')
++
++optional_policy(`
++    fstools_exec(munin_disk_plugin_t)
++')
++
++####################################
++#
++# local policy for mail plugins 
++#
++
++allow munin_mail_plugin_t self:capability dac_override;
++
++rw_files_pattern(munin_mail_plugin_t, munin_var_lib_t, munin_var_lib_t)
++
++dev_read_urand(munin_mail_plugin_t)
++
++files_read_etc_files(munin_mail_plugin_t)
++
++fs_getattr_all_fs(munin_mail_plugin_t)
++
++logging_read_generic_logs(munin_mail_plugin_t)
++
++mta_read_config(munin_mail_plugin_t)
++mta_send_mail(munin_mail_plugin_t)
++mta_list_queue(munin_mail_plugin_t)
++mta_read_queue(munin_mail_plugin_t)
++
++optional_policy(`
++    postfix_read_config(munin_mail_plugin_t)
++    postfix_list_spool(munin_mail_plugin_t)
++    postfix_getattr_spool_files(munin_mail_plugin_t)
++')
++
++optional_policy(`
++    sendmail_read_log(munin_mail_plugin_t)
++')
++
++###################################
++#
++# local policy for service plugins 
++#
++
++allow munin_services_plugin_t self:tcp_socket create_stream_socket_perms;
++allow munin_services_plugin_t self:udp_socket create_socket_perms;
++allow munin_services_plugin_t self:netlink_route_socket r_netlink_socket_perms;
++
++corenet_tcp_connect_all_ports(munin_services_plugin_t)
++corenet_tcp_connect_http_port(munin_services_plugin_t)
++
++dev_read_urand(munin_services_plugin_t)
++dev_read_rand(munin_services_plugin_t)
++
++fs_getattr_all_fs(munin_services_plugin_t)
++
++files_read_etc_files(munin_services_plugin_t)
++
++sysnet_read_config(munin_services_plugin_t)
++
++optional_policy(`
++    cups_stream_connect(munin_services_plugin_t)
++')
++
++optional_policy(`
++    lpd_exec_lpr(munin_services_plugin_t)
++')
++
++optional_policy(`
++    mysql_read_config(munin_services_plugin_t)
++    mysql_stream_connect(munin_services_plugin_t)
++')
++
++optional_policy(`
++    netutils_domtrans_ping(munin_services_plugin_t)
++')
++
++optional_policy(`
++    postgresql_stream_connect(munin_services_plugin_t)
++')
++
++optional_policy(`
++    snmp_read_snmp_var_lib_files(munin_services_plugin_t)
++')
++
++optional_policy(`
++    varnishd_read_lib_files(munin_services_plugin_t)
++')
++
++##################################
++#
++# local policy for system plugins 
++#
++
++allow munin_system_plugin_t self:udp_socket create_socket_perms;
++
++rw_files_pattern(munin_system_plugin_t, munin_var_lib_t, munin_var_lib_t)
++
++kernel_read_network_state(munin_system_plugin_t)
++kernel_read_all_sysctls(munin_system_plugin_t)
++
++corecmd_exec_shell(munin_system_plugin_t)
++
++fs_getattr_all_fs(munin_system_plugin_t)
++
++dev_read_sysfs(munin_system_plugin_t)
++dev_read_urand(munin_system_plugin_t)
++
++domain_read_all_domains_state(munin_system_plugin_t)
++
++# needed by users plugin
++init_read_utmp(munin_system_plugin_t)
++
++sysnet_exec_ifconfig(munin_system_plugin_t)
++
++term_getattr_unallocated_ttys(munin_system_plugin_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.15/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2010-03-12 11:48:14.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/mysql.te	2010-03-15 09:44:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/mysql.te	2010-03-18 10:44:43.000000000 -0400
 @@ -65,6 +65,7 @@
  
  manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
@@ -18660,9 +18366,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  files_read_etc_files(mysqld_safe_t)
  files_read_usr_files(mysqld_safe_t)
  files_dontaudit_getattr_all_dirs(mysqld_safe_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.14/policy/modules/services/nagios.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.15/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nagios.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nagios.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,16 +1,89 @@
  /etc/nagios(/.*)?			gen_context(system_u:object_r:nagios_etc_t,s0)
  /etc/nagios/nrpe\.cfg		--	gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -18758,9 +18464,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 +
 +# unconfined plugins
 +/usr/lib(64)?/nagios/plugins/check_by_ssh       --      gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.14/policy/modules/services/nagios.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.15/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nagios.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nagios.if	2010-03-18 10:44:43.000000000 -0400
 @@ -64,8 +64,8 @@
  
  ########################################
@@ -18924,9 +18630,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 +
 +	admin_pattern($1, nrpe_etc_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.14/policy/modules/services/nagios.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.15/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nagios.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nagios.te	2010-03-18 10:44:43.000000000 -0400
 @@ -6,17 +6,23 @@
  # Declarations
  #
@@ -19311,9 +19017,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 +optional_policy(`
 +	init_read_utmp(nagios_system_plugin_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.14/policy/modules/services/networkmanager.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.15/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/networkmanager.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/networkmanager.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,12 +1,32 @@
 +/etc/rc\.d/init\.d/wicd		--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -19347,9 +19053,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 +/var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.14/policy/modules/services/networkmanager.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.15/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/networkmanager.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/networkmanager.if	2010-03-18 10:44:43.000000000 -0400
 @@ -118,6 +118,24 @@
  
  ########################################
@@ -19447,9 +19153,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.14/policy/modules/services/networkmanager.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.15/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/networkmanager.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/networkmanager.te	2010-03-18 10:44:43.000000000 -0400
 @@ -19,6 +19,9 @@
  type NetworkManager_tmp_t;
  files_tmp_file(NetworkManager_tmp_t)
@@ -19693,9 +19399,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.14/policy/modules/services/nis.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.15/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nis.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nis.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,4 +1,7 @@
 -
 +/etc/rc\.d/init\.d/ypbind	--	gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -19714,9 +19420,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +/var/run/ypbind.*	--	gen_context(system_u:object_r:ypbind_var_run_t,s0)
 +/var/run/ypserv.*	--	gen_context(system_u:object_r:ypserv_var_run_t,s0)
 +/var/run/yppass.*	--	gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.14/policy/modules/services/nis.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.15/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/nis.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nis.if	2010-03-18 10:44:43.000000000 -0400
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -19834,9 +19540,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +	nis_domtrans_ypbind($1)
 +	role $2 types ypbind_t;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.14/policy/modules/services/nis.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.15/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nis.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nis.te	2010-03-18 10:44:43.000000000 -0400
 @@ -13,6 +13,9 @@
  type ypbind_exec_t;
  init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -19908,9 +19614,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  corenet_tcp_bind_all_rpc_ports(ypxfr_t)
  corenet_udp_bind_all_rpc_ports(ypxfr_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.14/policy/modules/services/nscd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.15/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nscd.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nscd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -121,6 +121,24 @@
  
  ########################################
@@ -19945,9 +19651,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.14/policy/modules/services/nscd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.15/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/nscd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nscd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -1,10 +1,17 @@
  
 -policy_module(nscd, 1.10.0)
@@ -19992,9 +19698,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +optional_policy(`
 +	unconfined_dontaudit_rw_packet_sockets(nscd_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.fc serefpolicy-3.7.14/policy/modules/services/ntop.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.fc serefpolicy-3.7.15/policy/modules/services/ntop.fc
 --- nsaserefpolicy/policy/modules/services/ntop.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ntop.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ntop.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,7 +1,6 @@
  /etc/ntop(/.*)?			gen_context(system_u:object_r:ntop_etc_t,s0)
  
@@ -20003,9 +19709,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop
  
  /var/lib/ntop(/.*)?		gen_context(system_u:object_r:ntop_var_lib_t,s0)
  /var/run/ntop\.pid	--	gen_context(system_u:object_r:ntop_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.7.14/policy/modules/services/ntop.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.7.15/policy/modules/services/ntop.te
 --- nsaserefpolicy/policy/modules/services/ntop.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ntop.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ntop.te	2010-03-18 10:44:43.000000000 -0400
 @@ -11,12 +11,12 @@
  init_daemon_domain(ntop_t, ntop_exec_t)
  application_domain(ntop_t, ntop_exec_t)
@@ -20096,9 +19802,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop
  	seutil_sigchld_newrole(ntop_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.14/policy/modules/services/ntp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.15/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ntp.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ntp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -100,6 +100,8 @@
  
  fs_getattr_all_fs(ntpd_t)
@@ -20108,9 +19814,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
  
  term_use_ptmx(ntpd_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.14/policy/modules/services/nut.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.15/policy/modules/services/nut.te
 --- nsaserefpolicy/policy/modules/services/nut.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/nut.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nut.te	2010-03-18 10:44:43.000000000 -0400
 @@ -29,7 +29,8 @@
  # Local policy for upsd
  #
@@ -20166,9 +19872,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.
 +
 +	sysnet_dns_name_resolve(httpd_nutups_cgi_script_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.14/policy/modules/services/nx.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.15/policy/modules/services/nx.fc
 --- nsaserefpolicy/policy/modules/services/nx.fc	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/nx.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nx.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,7 +1,15 @@
  /opt/NX/bin/nxserver		--	gen_context(system_u:object_r:nx_server_exec_t,s0)
  
@@ -20187,9 +19893,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.f
 +/var/lib/nxserver(/.*)? 		gen_context(system_u:object_r:nx_server_var_lib_t,s0)
 +
  /usr/libexec/nx/nxserver	--	gen_context(system_u:object_r:nx_server_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.14/policy/modules/services/nx.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.15/policy/modules/services/nx.if
 --- nsaserefpolicy/policy/modules/services/nx.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nx.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nx.if	2010-03-18 10:44:43.000000000 -0400
 @@ -17,3 +17,70 @@
  
  	spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
@@ -20261,9 +19967,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.i
 +
 +	filetrans_pattern($1, nx_server_var_lib_t, $2, $3)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.14/policy/modules/services/nx.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.15/policy/modules/services/nx.te
 --- nsaserefpolicy/policy/modules/services/nx.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/nx.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/nx.te	2010-03-18 10:44:43.000000000 -0400
 @@ -25,6 +25,12 @@
  type nx_server_var_run_t;
  files_pid_file(nx_server_var_run_t)
@@ -20298,9 +20004,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.t
  kernel_read_system_state(nx_server_t)
  kernel_read_kernel_sysctls(nx_server_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.14/policy/modules/services/oddjob.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.15/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/oddjob.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/oddjob.if	2010-03-18 10:44:43.000000000 -0400
 @@ -44,6 +44,7 @@
  	')
  
@@ -20309,9 +20015,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.7.14/policy/modules/services/oddjob.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.7.15/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/oddjob.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/oddjob.te	2010-03-18 10:44:43.000000000 -0400
 @@ -100,8 +100,7 @@
  
  # Add/remove user home directories
@@ -20323,9 +20029,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
 +userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
 +userdom_manage_user_home_content(oddjob_mkhomedir_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.14/policy/modules/services/openvpn.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.15/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/openvpn.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/openvpn.te	2010-03-18 10:44:43.000000000 -0400
 @@ -41,7 +41,7 @@
  # openvpn local policy
  #
@@ -20361,9 +20067,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  sysnet_etc_filetrans_config(openvpn_t)
  
  userdom_use_user_terminals(openvpn_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.14/policy/modules/services/pcscd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.15/policy/modules/services/pcscd.if
 --- nsaserefpolicy/policy/modules/services/pcscd.if	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/pcscd.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/pcscd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -39,6 +39,44 @@
  
  ########################################
@@ -20409,9 +20115,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
  ##	Connect to pcscd over an unix stream socket.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.7.14/policy/modules/services/pegasus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.7.15/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/pegasus.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/pegasus.te	2010-03-18 10:44:43.000000000 -0400
 @@ -30,7 +30,7 @@
  # Local policy
  #
@@ -20483,9 +20189,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
 +	xen_stream_connect(pegasus_t)
 +	xen_stream_connect_xenstore(pegasus_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.fc serefpolicy-3.7.14/policy/modules/services/plymouthd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.fc serefpolicy-3.7.15/policy/modules/services/plymouthd.fc
 --- nsaserefpolicy/policy/modules/services/plymouthd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/plymouthd.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/plymouthd.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,9 @@
 +/bin/plymouth				--	gen_context(system_u:object_r:plymouth_exec_t, s0)
 +
@@ -20496,9 +20202,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
 +/var/lib/plymouth(/.*)?				gen_context(system_u:object_r:plymouthd_var_lib_t, s0)
 +
 +/var/run/plymouth(/.*)?				gen_context(system_u:object_r:plymouthd_var_run_t, s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.if serefpolicy-3.7.14/policy/modules/services/plymouthd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.if serefpolicy-3.7.15/policy/modules/services/plymouthd.if
 --- nsaserefpolicy/policy/modules/services/plymouthd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/plymouthd.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/plymouthd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,322 @@
 +## <summary>policy for plymouthd</summary>
 +
@@ -20822,9 +20528,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
 +
 +	allow $1 plymouthd_t:unix_stream_socket connectto;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.te serefpolicy-3.7.14/policy/modules/services/plymouthd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.te serefpolicy-3.7.15/policy/modules/services/plymouthd.te
 --- nsaserefpolicy/policy/modules/services/plymouthd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/plymouthd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/plymouthd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,105 @@
 +policy_module(plymouthd, 1.0.0)
 +
@@ -20931,9 +20637,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
 +	hal_dontaudit_rw_pipes(plymouth_t)
 +')
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.7.14/policy/modules/services/policykit.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.7.15/policy/modules/services/policykit.fc
 --- nsaserefpolicy/policy/modules/services/policykit.fc	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/policykit.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/policykit.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -6,10 +6,13 @@
  /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
  /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
@@ -20949,9 +20655,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
  /var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
  /var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.7.14/policy/modules/services/policykit.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.7.15/policy/modules/services/policykit.if
 --- nsaserefpolicy/policy/modules/services/policykit.if	2009-08-18 18:39:50.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/policykit.if	2010-03-14 23:34:00.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/policykit.if	2010-03-18 10:44:43.000000000 -0400
 @@ -17,12 +17,37 @@
  		class dbus send_msg;
  	')
@@ -21048,9 +20754,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
 +
 +	allow $1 policykit_auth_t:process signal;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.14/policy/modules/services/policykit.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.15/policy/modules/services/policykit.te
 --- nsaserefpolicy/policy/modules/services/policykit.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/policykit.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/policykit.te	2010-03-18 10:44:43.000000000 -0400
 @@ -36,11 +36,12 @@
  # policykit local policy
  #
@@ -21212,9 +20918,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
  allow policykit_resolve_t self:unix_dgram_socket create_socket_perms;
  allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms;
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.7.14/policy/modules/services/portreserve.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.7.15/policy/modules/services/portreserve.te
 --- nsaserefpolicy/policy/modules/services/portreserve.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/portreserve.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/portreserve.te	2010-03-18 10:44:43.000000000 -0400
 @@ -21,6 +21,7 @@
  # Portreserve local policy
  #
@@ -21232,9 +20938,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
  corenet_all_recvfrom_unlabeled(portreserve_t)
  corenet_all_recvfrom_netlabel(portreserve_t)
  corenet_tcp_bind_generic_node(portreserve_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.7.14/policy/modules/services/postfix.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.7.15/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/postfix.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/postfix.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -21248,9 +20954,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /usr/sbin/postdrop	--	gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
  /usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.7.14/policy/modules/services/postfix.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.7.15/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/postfix.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/postfix.if	2010-03-18 10:44:43.000000000 -0400
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -21545,9 +21251,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +	role $2 types postfix_postdrop_t;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.7.14/policy/modules/services/postfix.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.7.15/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/postfix.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/postfix.te	2010-03-18 10:44:43.000000000 -0400
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -21953,9 +21659,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +userdom_manage_user_home_content(postfix_virtual_t)
 +userdom_home_filetrans_user_home_dir(postfix_virtual_t)
 +userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.7.14/policy/modules/services/postgresql.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.7.15/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/postgresql.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/postgresql.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -3,6 +3,7 @@
  #
  /etc/postgresql(/.*)?			gen_context(system_u:object_r:postgresql_etc_t,s0)
@@ -21982,9 +21688,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /var/run/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_var_run_t,s0)
 +
 +/var/run/postmaster.*			gen_context(system_u:object_r:postgresql_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.7.14/policy/modules/services/postgresql.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.7.15/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/postgresql.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/postgresql.if	2010-03-18 10:44:43.000000000 -0400
 @@ -125,6 +125,23 @@
  	typeattribute $1 sepgsql_table_type;
  ')
@@ -22009,9 +21715,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  ## <summary>
  ##	Marks as a SE-PostgreSQL system table/column/tuple object type
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.7.14/policy/modules/services/postgresql.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.7.15/policy/modules/services/postgresql.te
 --- nsaserefpolicy/policy/modules/services/postgresql.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/postgresql.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/postgresql.te	2010-03-18 10:44:43.000000000 -0400
 @@ -150,6 +150,7 @@
  dontaudit postgresql_t self:capability { sys_tty_config sys_admin };
  allow postgresql_t self:process signal_perms;
@@ -22046,9 +21752,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
  miscfiles_read_localization(postgresql_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.7.14/policy/modules/services/ppp.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.7.15/policy/modules/services/ppp.fc
 --- nsaserefpolicy/policy/modules/services/ppp.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ppp.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ppp.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -3,6 +3,7 @@
  #
  /etc/rc\.d/init\.d/ppp		--	gen_context(system_u:object_r:pppd_initrc_exec_t,s0)
@@ -22057,9 +21763,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  /etc/ppp			-d	gen_context(system_u:object_r:pppd_etc_t,s0)
  /etc/ppp(/.*)?			--	gen_context(system_u:object_r:pppd_etc_rw_t,s0)
  /etc/ppp/peers(/.*)?			gen_context(system_u:object_r:pppd_etc_rw_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.7.14/policy/modules/services/ppp.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.7.15/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2010-01-18 15:04:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ppp.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ppp.if	2010-03-18 10:44:43.000000000 -0400
 @@ -182,6 +182,10 @@
  	ppp_domtrans($1)
  	role $2 types pppd_t;
@@ -22071,9 +21777,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.14/policy/modules/services/ppp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.15/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2010-01-18 15:04:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ppp.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ppp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -71,9 +71,9 @@
  # PPPD Local policy
  #
@@ -22111,9 +21817,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  
  optional_policy(`
  	consoletype_exec(pppd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.14/policy/modules/services/prelude.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.15/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/prelude.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/prelude.te	2010-03-18 10:44:43.000000000 -0400
 @@ -90,6 +90,7 @@
  corenet_tcp_bind_prelude_port(prelude_t)
  corenet_tcp_connect_prelude_port(prelude_t)
@@ -22131,9 +21837,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
  fs_rw_anon_inodefs_files(prelude_lml_t)
  
  auth_use_nsswitch(prelude_lml_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.7.14/policy/modules/services/procmail.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.7.15/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/procmail.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/procmail.te	2010-03-18 10:44:43.000000000 -0400
 @@ -22,7 +22,7 @@
  # Local policy
  #
@@ -22181,9 +21887,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.7.14/policy/modules/services/pyzor.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.7.15/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/pyzor.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/pyzor.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,6 +1,10 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -22195,9 +21901,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
  
  /usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.7.14/policy/modules/services/pyzor.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.7.15/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/pyzor.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/pyzor.if	2010-03-18 10:44:43.000000000 -0400
 @@ -88,3 +88,50 @@
  	corecmd_search_bin($1)
  	can_exec($1, pyzor_exec_t)
@@ -22249,9 +21955,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.7.14/policy/modules/services/pyzor.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.7.15/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/pyzor.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/pyzor.te	2010-03-18 10:44:43.000000000 -0400
 @@ -6,6 +6,38 @@
  # Declarations
  #
@@ -22316,9 +22022,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
  userdom_dontaudit_search_user_home_dirs(pyzor_t)
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.7.14/policy/modules/services/radvd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.7.15/policy/modules/services/radvd.te
 --- nsaserefpolicy/policy/modules/services/radvd.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/radvd.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/radvd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -22,9 +22,9 @@
  #
  # Local policy
@@ -22354,17 +22060,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
  	seutil_sigchld_newrole(radvd_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.7.14/policy/modules/services/razor.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.7.15/policy/modules/services/razor.fc
 --- nsaserefpolicy/policy/modules/services/razor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/razor.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/razor.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,3 +1,4 @@
 +/root/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:razor_home_t,s0)
  
  /etc/razor(/.*)?		gen_context(system_u:object_r:razor_etc_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.7.14/policy/modules/services/razor.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.7.15/policy/modules/services/razor.if
 --- nsaserefpolicy/policy/modules/services/razor.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/razor.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/razor.if	2010-03-18 10:44:43.000000000 -0400
 @@ -157,3 +157,45 @@
  
  	domtrans_pattern($1, razor_exec_t, razor_t)
@@ -22411,9 +22117,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
 +	read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.7.14/policy/modules/services/razor.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.7.15/policy/modules/services/razor.te
 --- nsaserefpolicy/policy/modules/services/razor.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/razor.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/razor.te	2010-03-18 10:44:43.000000000 -0400
 @@ -6,6 +6,32 @@
  # Declarations
  #
@@ -22465,9 +22171,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
 +')
 +
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.if serefpolicy-3.7.14/policy/modules/services/rdisc.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.if serefpolicy-3.7.15/policy/modules/services/rdisc.if
 --- nsaserefpolicy/policy/modules/services/rdisc.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/rdisc.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rdisc.if	2010-03-18 10:44:43.000000000 -0400
 @@ -1 +1,20 @@
  ## <summary>Network router discovery daemon</summary>
 +
@@ -22489,9 +22195,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdis
 +        corecmd_search_bin($1)
 +        can_exec($1,rdisc_exec_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.7.14/policy/modules/services/rgmanager.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.7.15/policy/modules/services/rgmanager.fc
 --- nsaserefpolicy/policy/modules/services/rgmanager.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rgmanager.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rgmanager.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,8 @@
 +
 +/usr/sbin/rgmanager                    --      gen_context(system_u:object_r:rgmanager_exec_t,s0)
@@ -22501,9 +22207,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +/var/run/rgmanager\.pid                --      gen_context(system_u:object_r:rgmanager_var_run_t,s0)
 +
 +/var/run/cluster/rgmanager\.sk        -s      gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.14/policy/modules/services/rgmanager.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.15/policy/modules/services/rgmanager.if
 --- nsaserefpolicy/policy/modules/services/rgmanager.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rgmanager.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rgmanager.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,98 @@
 +## <summary>SELinux policy for rgmanager</summary>
 +
@@ -22603,9 +22309,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +    manage_files_pattern($1, rgmanager_tmp_t, rgmanager_tmp_t)
 +    manage_lnk_files_pattern($1, rgmanager_tmp_t, rgmanager_tmp_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.14/policy/modules/services/rgmanager.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.15/policy/modules/services/rgmanager.te
 --- nsaserefpolicy/policy/modules/services/rgmanager.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rgmanager.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rgmanager.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,223 @@
 +
 +policy_module(rgmanager,1.0.0)
@@ -22830,9 +22536,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +optional_policy(`
 +	xen_domtrans_xm(rgmanager_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.14/policy/modules/services/rhcs.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.15/policy/modules/services/rhcs.fc
 --- nsaserefpolicy/policy/modules/services/rhcs.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rhcs.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rhcs.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,23 @@
 +/usr/sbin/dlm_controld                     --      gen_context(system_u:object_r:dlm_controld_exec_t,s0)
 +/var/log/cluster/dlm_controld\.log.*   --      gen_context(system_u:object_r:dlm_controld_var_log_t,s0)
@@ -22857,9 +22563,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
 +/var/log/cluster/qdiskd\.log.*         --      gen_context(system_u:object_r:qdiskd_var_log_t,s0)
 +/var/run/qdiskd\.pid                   --      gen_context(system_u:object_r:qdiskd_var_run_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.7.14/policy/modules/services/rhcs.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.7.15/policy/modules/services/rhcs.if
 --- nsaserefpolicy/policy/modules/services/rhcs.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rhcs.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rhcs.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,424 @@
 +## <summary>SELinux policy for RHCS - Red Hat Cluster Suite </summary>
 +
@@ -23285,9 +22991,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.7.14/policy/modules/services/rhcs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.7.15/policy/modules/services/rhcs.te
 --- nsaserefpolicy/policy/modules/services/rhcs.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rhcs.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rhcs.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,248 @@
 +
 +policy_module(rhcs,1.1.0)
@@ -23537,9 +23243,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
 +optional_policy(`
 +    corosync_stream_connect(cluster_domain)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.14/policy/modules/services/ricci.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.15/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ricci.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ricci.te	2010-03-18 10:44:43.000000000 -0400
 @@ -194,10 +194,13 @@
  # ricci_modcluster local policy
  #
@@ -23649,9 +23355,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  	ccs_stream_connect(ricci_modstorage_t)
  	ccs_read_config(ricci_modstorage_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.7.14/policy/modules/services/rpc.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.7.15/policy/modules/services/rpc.fc
 --- nsaserefpolicy/policy/modules/services/rpc.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/rpc.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rpc.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,6 +1,10 @@
  #
  # /etc
@@ -23663,9 +23369,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  /etc/exports		--	gen_context(system_u:object_r:exports_t,s0)
  
  #
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.14/policy/modules/services/rpc.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.15/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/rpc.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rpc.if	2010-03-18 10:44:43.000000000 -0400
 @@ -54,7 +54,7 @@
  	allow $1_t self:unix_dgram_socket create_socket_perms;
  	allow $1_t self:unix_stream_socket create_stream_socket_perms;
@@ -23759,9 +23465,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  	manage_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
 +	allow $1 var_lib_nfs_t:file { relabelfrom relabelto };
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.14/policy/modules/services/rpc.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.15/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/rpc.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rpc.te	2010-03-18 10:44:43.000000000 -0400
 @@ -8,7 +8,7 @@
  
  ## <desc>
@@ -23896,9 +23602,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.7.14/policy/modules/services/rsync.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.7.15/policy/modules/services/rsync.if
 --- nsaserefpolicy/policy/modules/services/rsync.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rsync.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rsync.if	2010-03-18 10:44:43.000000000 -0400
 @@ -119,7 +119,7 @@
  		type rsync_etc_t;
  	')
@@ -23916,9 +23622,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +	write_files_pattern($1, rsync_etc_t, rsync_etc_t)
  	files_search_etc($1)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.7.14/policy/modules/services/rsync.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.7.15/policy/modules/services/rsync.te
 --- nsaserefpolicy/policy/modules/services/rsync.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/rsync.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rsync.te	2010-03-18 10:44:43.000000000 -0400
 @@ -8,6 +8,13 @@
  
  ## <desc>
@@ -23970,9 +23676,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +')
 +
  auth_can_read_shadow_passwords(rsync_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.7.14/policy/modules/services/rtkit.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.7.15/policy/modules/services/rtkit.if
 --- nsaserefpolicy/policy/modules/services/rtkit.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/rtkit.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rtkit.if	2010-03-18 10:44:43.000000000 -0400
 @@ -38,3 +38,23 @@
  	allow $1 rtkit_daemon_t:dbus send_msg;
  	allow rtkit_daemon_t $1:dbus send_msg;
@@ -23997,9 +23703,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
 +	allow rtkit_daemon_t $1:process { getsched setsched };
 +	rtkit_daemon_dbus_chat($1)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.7.14/policy/modules/services/rtkit.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.7.15/policy/modules/services/rtkit.te
 --- nsaserefpolicy/policy/modules/services/rtkit.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/rtkit.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/rtkit.te	2010-03-18 10:44:43.000000000 -0400
 @@ -17,9 +17,11 @@
  
  allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
@@ -24021,9 +23727,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
  
  optional_policy(`
  	policykit_dbus_chat(rtkit_daemon_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.7.14/policy/modules/services/samba.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.7.15/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/samba.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/samba.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -51,3 +51,7 @@
  /var/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
  
@@ -24032,9 +23738,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +ifndef(`enable_mls',`
 +/var/lib/samba/scripts(/.*)?		gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.7.14/policy/modules/services/samba.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.7.15/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/samba.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/samba.if	2010-03-18 10:44:43.000000000 -0400
 @@ -62,6 +62,25 @@
  
  ########################################
@@ -24248,9 +23954,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  	admin_pattern($1, winbind_var_run_t)
 +	admin_pattern($1, samba_unconfined_script_exec_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.14/policy/modules/services/samba.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.15/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/samba.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/samba.te	2010-03-18 10:44:43.000000000 -0400
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -24265,6 +23971,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  type nmbd_t;
  type nmbd_exec_t;
  init_daemon_domain(nmbd_t, nmbd_exec_t)
+@@ -156,7 +163,7 @@
+ #
+ # Samba net local policy
+ #
+-allow samba_net_t self:capability { sys_nice dac_read_search dac_override };
++allow samba_net_t self:capability { sys_chroot sys_nice dac_read_search dac_override };
+ allow samba_net_t self:process { getsched setsched };
+ allow samba_net_t self:unix_dgram_socket create_socket_perms;
+ allow samba_net_t self:unix_stream_socket create_stream_socket_perms;
 @@ -201,14 +208,16 @@
  files_read_usr_symlinks(samba_net_t)
  
@@ -24570,9 +24285,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +',`
 +	can_exec(smbd_t, samba_unconfined_script_exec_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.7.14/policy/modules/services/sasl.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.7.15/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/sasl.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/sasl.te	2010-03-18 10:44:43.000000000 -0400
 @@ -31,7 +31,7 @@
  # Local policy
  #
@@ -24635,9 +24350,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
  	seutil_sigchld_newrole(saslauthd_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.14/policy/modules/services/sendmail.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.15/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2010-01-11 09:40:36.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/sendmail.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/sendmail.if	2010-03-18 10:44:43.000000000 -0400
 @@ -277,3 +277,22 @@
  	sendmail_domtrans_unconfined($1)
  	role $2 types unconfined_sendmail_t;
@@ -24661,9 +24376,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +	domtrans_pattern($1, sendmail_exec_t, unconfined_sendmail_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.14/policy/modules/services/sendmail.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.15/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2010-01-11 09:40:36.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/sendmail.te	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/sendmail.te	2010-03-18 10:44:43.000000000 -0400
 @@ -30,7 +30,7 @@
  #
  
@@ -24742,18 +24457,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +	unconfined_domain_noaudit(unconfined_sendmail_t)
  ')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.7.14/policy/modules/services/setroubleshoot.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.7.15/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/setroubleshoot.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/setroubleshoot.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -5,3 +5,5 @@
  /var/log/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
  
  /var/lib/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
 +
 +/usr/share/setroubleshoot/SetroubleshootFixit\.py* 	--	gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.7.14/policy/modules/services/setroubleshoot.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.7.15/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/setroubleshoot.if	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/setroubleshoot.if	2010-03-18 10:44:43.000000000 -0400
 @@ -16,8 +16,8 @@
  	')
  
@@ -24891,9 +24606,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +	files_list_pids($1)
 +	admin_pattern($1, setroubleshoot_var_run_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.7.14/policy/modules/services/setroubleshoot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.7.15/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/setroubleshoot.te	2010-03-15 17:01:04.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/setroubleshoot.te	2010-03-18 10:44:43.000000000 -0400
 @@ -22,13 +22,19 @@
  type setroubleshoot_var_run_t;
  files_pid_file(setroubleshoot_var_run_t)
@@ -25041,9 +24756,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +        policykit_dbus_chat(setroubleshoot_fixit_t)
 +	userdom_read_all_users_state(setroubleshoot_fixit_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.fc serefpolicy-3.7.14/policy/modules/services/smokeping.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.fc serefpolicy-3.7.15/policy/modules/services/smokeping.fc
 --- nsaserefpolicy/policy/modules/services/smokeping.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/smokeping.fc	2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/smokeping.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,12 @@
 +
 +/etc/rc\.d/init\.d/smokeping	--	gen_context(system_u:object_r:smokeping_initrc_exec_t,s0)
@@ -25057,9 +24772,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +/var/run/smokeping(/.*)?			gen_context(system_u:object_r:smokeping_var_run_t,s0)
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.if serefpolicy-3.7.14/policy/modules/services/smokeping.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.if serefpolicy-3.7.15/policy/modules/services/smokeping.if
 --- nsaserefpolicy/policy/modules/services/smokeping.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/smokeping.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/smokeping.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,193 @@
 +
 +## <summary>policy for smokeping</summary>
@@ -25254,9 +24969,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +	smokeping_manage_var_lib($1)
 +
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.7.14/policy/modules/services/smokeping.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.7.15/policy/modules/services/smokeping.te
 --- nsaserefpolicy/policy/modules/services/smokeping.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/smokeping.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/smokeping.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,81 @@
 +
 +policy_module(smokeping,1.0.0)
@@ -25339,9 +25054,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +
 +	sysnet_dns_name_resolve(httpd_smokeping_cgi_script_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.7.14/policy/modules/services/snmp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.7.15/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/snmp.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/snmp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -25,7 +25,7 @@
  #
  # Local policy
@@ -25351,9 +25066,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
  dontaudit snmpd_t self:capability { sys_module sys_tty_config };
  allow snmpd_t self:process { signal_perms getsched setsched };
  allow snmpd_t self:fifo_file rw_fifo_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.7.14/policy/modules/services/snort.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.7.15/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/snort.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/snort.te	2010-03-18 10:44:43.000000000 -0400
 @@ -37,6 +37,7 @@
  allow snort_t self:tcp_socket create_stream_socket_perms;
  allow snort_t self:udp_socket create_socket_perms;
@@ -25387,9 +25102,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
  
  domain_use_interactive_fds(snort_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.7.14/policy/modules/services/spamassassin.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.7.15/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/spamassassin.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/spamassassin.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,15 +1,26 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
@@ -25419,9 +25134,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
  /var/spool/spamd(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
 +/var/spool/MD-Quarantine(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
 +/var/spool/MIMEDefang(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.7.14/policy/modules/services/spamassassin.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.7.15/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/spamassassin.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/spamassassin.if	2010-03-18 10:44:43.000000000 -0400
 @@ -111,6 +111,45 @@
  	')
  
@@ -25548,9 +25263,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +	files_list_pids($1)
 +	admin_pattern($1, spamd_var_run_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.7.14/policy/modules/services/spamassassin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.7.15/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/spamassassin.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/spamassassin.te	2010-03-18 10:44:43.000000000 -0400
 @@ -20,6 +20,35 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs, true)
@@ -25856,10 +25571,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +optional_policy(`
  	udev_read_db(spamd_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.7.14/policy/modules/services/squid.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.7.15/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/squid.te	2010-03-12 09:30:01.000000000 -0500
-@@ -67,7 +67,9 @@
++++ serefpolicy-3.7.15/policy/modules/services/squid.te	2010-03-18 10:44:43.000000000 -0400
+@@ -14,6 +14,13 @@
+ ## </desc>
+ gen_tunable(squid_connect_any, false)
+ 
++## <desc>
++## <p>
++## Allow squid to run as a transparent proxy (TPROXY)
++## </p>
++## </desc>
++gen_tunable(squid_use_tproxy, false)
++
+ type squid_t;
+ type squid_exec_t;
+ init_daemon_domain(squid_t, squid_exec_t)
+@@ -67,7 +74,9 @@
  
  can_exec(squid_t, squid_exec_t)
  
@@ -25869,7 +25598,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
  logging_log_filetrans(squid_t, squid_log_t, { file dir })
  
  manage_files_pattern(squid_t, squid_var_run_t, squid_var_run_t)
-@@ -118,6 +120,8 @@
+@@ -118,6 +127,8 @@
  
  fs_getattr_all_fs(squid_t)
  fs_search_auto_mountpoints(squid_t)
@@ -25878,7 +25607,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
  fs_list_inotifyfs(squid_t)
  
  selinux_dontaudit_getattr_dir(squid_t)
-@@ -186,8 +190,3 @@
+@@ -157,6 +168,11 @@
+ 	corenet_sendrecv_all_packets(squid_t)
+ ')
+ 
++tunable_policy(`squid_use_tproxy',`
++	allow squid_t self:capability net_admin;
++	corenet_tcp_bind_netport_port(squid_t)
++')
++
+ optional_policy(`
+ 	apache_content_template(squid)
+ 
+@@ -186,8 +202,3 @@
  optional_policy(`
  	udev_read_db(squid_t)
  ')
@@ -25887,18 +25628,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 -#squid requires the following when run in diskd mode, the recommended setting
 -allow squid_t tmpfs_t:file { read write };
 -') dnl end TODO
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.7.14/policy/modules/services/ssh.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.7.15/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2010-01-18 15:04:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ssh.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ssh.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -14,3 +14,5 @@
  /usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
  
  /var/run/sshd\.init\.pid	--	gen_context(system_u:object_r:sshd_var_run_t,s0)
 +
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.14/policy/modules/services/ssh.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.15/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ssh.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ssh.if	2010-03-18 10:44:43.000000000 -0400
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -26066,9 +25807,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  #######################################
  ## <summary>
  ##	Delete from the ssh temp files.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.14/policy/modules/services/ssh.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.15/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/ssh.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ssh.te	2010-03-18 10:44:43.000000000 -0400
 @@ -114,6 +114,7 @@
  manage_dirs_pattern(ssh_t, ssh_home_t, ssh_home_t)
  manage_sock_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
@@ -26201,9 +25942,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  ifdef(`TODO',`
  tunable_policy(`ssh_sysadm_login',`
  	# Relabel and access ptys created by sshd
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.7.14/policy/modules/services/sssd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.7.15/policy/modules/services/sssd.fc
 --- nsaserefpolicy/policy/modules/services/sssd.fc	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/sssd.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/sssd.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -4,6 +4,8 @@
  
  /var/lib/sss(/.*)?		gen_context(system_u:object_r:sssd_var_lib_t,s0)
@@ -26214,9 +25955,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
 +/var/log/sssd(/.*)?		gen_context(system_u:object_r:sssd_var_log_t,s0)
  
  /var/run/sssd.pid	--	gen_context(system_u:object_r:sssd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.7.14/policy/modules/services/sssd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.7.15/policy/modules/services/sssd.if
 --- nsaserefpolicy/policy/modules/services/sssd.if	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/sssd.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/sssd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -38,6 +38,25 @@
  
  ########################################
@@ -26295,9 +26036,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
 +
 +	admin_pattern($1, sssd_public_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.14/policy/modules/services/sssd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.15/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/sssd.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/sssd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -13,6 +13,9 @@
  type sssd_initrc_exec_t;
  init_script_file(sssd_initrc_exec_t)
@@ -26352,9 +26093,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
  optional_policy(`
  	dbus_system_bus_client(sssd_t)
  	dbus_connect_system_bus(sssd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.7.14/policy/modules/services/sysstat.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.7.15/policy/modules/services/sysstat.te
 --- nsaserefpolicy/policy/modules/services/sysstat.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/sysstat.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/sysstat.te	2010-03-18 10:44:43.000000000 -0400
 @@ -19,14 +19,15 @@
  # Local policy
  #
@@ -26373,9 +26114,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/syss
  logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
  
  # get info from /proc
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.7.14/policy/modules/services/telnet.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.7.15/policy/modules/services/telnet.te
 --- nsaserefpolicy/policy/modules/services/telnet.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/telnet.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/telnet.te	2010-03-18 10:44:43.000000000 -0400
 @@ -85,6 +85,7 @@
  remotelogin_domtrans(telnetd_t)
  
@@ -26384,9 +26125,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/teln
  
  optional_policy(`
  	kerberos_keytab_template(telnetd, telnetd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.7.14/policy/modules/services/tftp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.7.15/policy/modules/services/tftp.te
 --- nsaserefpolicy/policy/modules/services/tftp.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/tftp.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/tftp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -50,9 +50,8 @@
  manage_files_pattern(tftpd_t, tftpd_var_run_t, tftpd_var_run_t)
  files_pid_filetrans(tftpd_t, tftpd_var_run_t, file)
@@ -26398,9 +26139,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
  
  corenet_all_recvfrom_unlabeled(tftpd_t)
  corenet_all_recvfrom_netlabel(tftpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.7.14/policy/modules/services/tor.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.7.15/policy/modules/services/tor.fc
 --- nsaserefpolicy/policy/modules/services/tor.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/tor.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/tor.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -5,5 +5,8 @@
  /usr/sbin/tor		--	gen_context(system_u:object_r:tor_exec_t,s0)
  
@@ -26410,9 +26151,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
  /var/log/tor(/.*)?		gen_context(system_u:object_r:tor_var_log_t,s0)
 +
  /var/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.7.14/policy/modules/services/tor.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.7.15/policy/modules/services/tor.te
 --- nsaserefpolicy/policy/modules/services/tor.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/tor.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/tor.te	2010-03-18 10:44:43.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -26444,9 +26185,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
 +tunable_policy(`tor_bind_all_unreserved_ports', `
 +	corenet_tcp_bind_all_unreserved_ports(tor_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.fc serefpolicy-3.7.14/policy/modules/services/tuned.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.fc serefpolicy-3.7.15/policy/modules/services/tuned.fc
 --- nsaserefpolicy/policy/modules/services/tuned.fc	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/tuned.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/tuned.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -2,4 +2,7 @@
  
  /usr/sbin/tuned			--	gen_context(system_u:object_r:tuned_exec_t,s0)
@@ -26455,9 +26196,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
 +/var/log/tuned\.log     --  gen_context(system_u:object_r:tuned_log_t,s0)
 +
  /var/run/tuned\.pid		--	gen_context(system_u:object_r:tuned_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.14/policy/modules/services/tuned.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.15/policy/modules/services/tuned.te
 --- nsaserefpolicy/policy/modules/services/tuned.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/tuned.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/tuned.te	2010-03-18 10:44:43.000000000 -0400
 @@ -13,6 +13,9 @@
  type tuned_initrc_exec_t;
  init_script_file(tuned_initrc_exec_t)
@@ -26511,9 +26252,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
  # to allow network interface tuning
  optional_policy(`
  	sysnet_domtrans_ifconfig(tuned_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.7.14/policy/modules/services/ucspitcp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.7.15/policy/modules/services/ucspitcp.te
 --- nsaserefpolicy/policy/modules/services/ucspitcp.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/ucspitcp.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/ucspitcp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -92,3 +92,8 @@
  	daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t)
  	daemontools_read_svc(ucspitcp_t)
@@ -26523,17 +26264,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp
 +    daemontools_sigchld_run(ucspitcp_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.fc serefpolicy-3.7.14/policy/modules/services/usbmuxd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.fc serefpolicy-3.7.15/policy/modules/services/usbmuxd.fc
 --- nsaserefpolicy/policy/modules/services/usbmuxd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/usbmuxd.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/usbmuxd.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,4 @@
 +
 +/usr/sbin/usbmuxd	--	gen_context(system_u:object_r:usbmuxd_exec_t,s0)
 +
 +/var/run/usbmuxd	-s 	gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.if serefpolicy-3.7.14/policy/modules/services/usbmuxd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.if serefpolicy-3.7.15/policy/modules/services/usbmuxd.if
 --- nsaserefpolicy/policy/modules/services/usbmuxd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/usbmuxd.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/usbmuxd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,39 @@
 +## <summary>Daemon for communicating with Apple's iPod Touch and iPhone</summary>
 +
@@ -26574,9 +26315,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbm
 +        files_search_pids($1)
 +        stream_connect_pattern($1, usbmuxd_var_run_t, usbmuxd_var_run_t, usbmuxd_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.te serefpolicy-3.7.14/policy/modules/services/usbmuxd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.te serefpolicy-3.7.15/policy/modules/services/usbmuxd.te
 --- nsaserefpolicy/policy/modules/services/usbmuxd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/usbmuxd.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/usbmuxd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,50 @@
 +policy_module(usbmuxd,1.0.0)
 +
@@ -26628,9 +26369,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbm
 +auth_use_nsswitch(usbmuxd_t)
 +
 +logging_send_syslog_msg(usbmuxd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.7.14/policy/modules/services/uucp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.7.15/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2010-01-11 09:40:36.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/uucp.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/uucp.te	2010-03-18 10:44:43.000000000 -0400
 @@ -90,6 +90,7 @@
  fs_getattr_xattr_fs(uucpd_t)
  
@@ -26648,9 +26389,38 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
  optional_policy(`
  	cron_system_entry(uucpd_t, uucpd_exec_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.fc serefpolicy-3.7.14/policy/modules/services/vhostmd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.if serefpolicy-3.7.15/policy/modules/services/varnishd.if
+--- nsaserefpolicy/policy/modules/services/varnishd.if	2009-07-23 14:11:04.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/varnishd.if	2010-03-18 10:44:43.000000000 -0400
+@@ -56,6 +56,25 @@
+ 	read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
+ ')
+ 
++#####################################
++## <summary>
++##  Read varnish lib files.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`varnishd_read_lib_files',`
++    gen_require(`
++        type varnishd_var_lib_t;
++    ')
++
++    files_search_var_lib($1)
++    read_files_pattern($1, varnishd_var_lib_t, varnishd_var_lib_t)
++')
++
+ #######################################
+ ## <summary>
+ ##	Read varnish logs.
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.fc serefpolicy-3.7.15/policy/modules/services/vhostmd.fc
 --- nsaserefpolicy/policy/modules/services/vhostmd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/vhostmd.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/vhostmd.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,6 @@
 +
 +/usr/sbin/vhostmd	        --	gen_context(system_u:object_r:vhostmd_exec_t,s0)
@@ -26658,9 +26428,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
 +/etc/rc.d/init.d/vhostmd	--	gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0)
 +/var/run/vhostmd.pid		--	gen_context(system_u:object_r:vhostmd_var_run_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.if serefpolicy-3.7.14/policy/modules/services/vhostmd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.if serefpolicy-3.7.15/policy/modules/services/vhostmd.if
 --- nsaserefpolicy/policy/modules/services/vhostmd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/vhostmd.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/vhostmd.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,228 @@
 +
 +## <summary>policy for vhostmd</summary>
@@ -26890,9 +26660,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
 +	vhostmd_manage_var_run($1)
 +
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.te serefpolicy-3.7.14/policy/modules/services/vhostmd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.te serefpolicy-3.7.15/policy/modules/services/vhostmd.te
 --- nsaserefpolicy/policy/modules/services/vhostmd.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/vhostmd.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/vhostmd.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,84 @@
 +
 +policy_module(vhostmd,1.0.0)
@@ -26978,9 +26748,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
 +    xen_stream_connect_xenstore(vhostmd_t)
 +    xen_stream_connect_xm(vhostmd_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.7.14/policy/modules/services/virt.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.7.15/policy/modules/services/virt.fc
 --- nsaserefpolicy/policy/modules/services/virt.fc	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/virt.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/virt.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -8,6 +8,10 @@
  /etc/libvirt/.*/.*		gen_context(system_u:object_r:virt_etc_rw_t,s0)
  /etc/rc\.d/init\.d/libvirtd --	gen_context(system_u:object_r:virtd_initrc_exec_t,s0)
@@ -26992,9 +26762,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  /usr/sbin/libvirtd	--	gen_context(system_u:object_r:virtd_exec_t,s0)
  
  /var/cache/libvirt(/.*)?	gen_context(system_u:object_r:svirt_cache_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.7.14/policy/modules/services/virt.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.7.15/policy/modules/services/virt.if
 --- nsaserefpolicy/policy/modules/services/virt.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/virt.if	2010-03-12 12:21:38.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/virt.if	2010-03-18 10:44:43.000000000 -0400
 @@ -22,6 +22,11 @@
  	domain_type($1_t)
  	role system_r types $1_t;
@@ -27073,9 +26843,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +		ptchown_run(svirt_t, $2)
 +	')
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.14/policy/modules/services/virt.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.15/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/virt.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/virt.te	2010-03-18 10:44:43.000000000 -0400
 @@ -15,6 +15,13 @@
  
  ## <desc>
@@ -27266,9 +27036,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  auth_use_nsswitch(virt_domain)
  
  logging_send_syslog_msg(virt_domain)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.7.14/policy/modules/services/w3c.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.7.15/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/w3c.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/w3c.te	2010-03-18 10:44:43.000000000 -0400
 @@ -8,11 +8,18 @@
  
  apache_content_template(w3c_validator)
@@ -27288,9 +27058,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
  corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
  corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
  corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.7.14/policy/modules/services/xserver.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.7.15/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/xserver.fc	2010-03-16 16:05:59.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/xserver.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -3,12 +3,21 @@
  #
  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -27399,9 +27169,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +/var/lib/pqsql/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 +/var/lib/pqsql/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.14/policy/modules/services/xserver.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.15/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/xserver.if	2010-03-15 09:51:26.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/xserver.if	2010-03-18 10:44:43.000000000 -0400
 @@ -19,9 +19,10 @@
  interface(`xserver_restricted_role',`
  	gen_require(`
@@ -27906,9 +27676,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 +	manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.14/policy/modules/services/xserver.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.15/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/xserver.te	2010-03-17 08:37:53.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/services/xserver.te	2010-03-18 10:44:43.000000000 -0400
 @@ -36,6 +36,13 @@
  
  ## <desc>
@@ -28747,9 +28517,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +tunable_policy(`use_samba_home_dirs',`
 +	fs_append_cifs_files(xdmhomewriter)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.7.14/policy/modules/services/zebra.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.7.15/policy/modules/services/zebra.if
 --- nsaserefpolicy/policy/modules/services/zebra.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/services/zebra.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/services/zebra.if	2010-03-18 10:44:43.000000000 -0400
 @@ -24,6 +24,26 @@
  
  ########################################
@@ -28777,9 +28547,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  ##	All of the rules required to administrate 
  ##	an zebra environment
  ## </summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.14/policy/modules/system/application.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.15/policy/modules/system/application.te
 --- nsaserefpolicy/policy/modules/system/application.te	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/application.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/application.te	2010-03-18 10:44:43.000000000 -0400
 @@ -7,6 +7,17 @@
  # Executables to be run by user
  attribute application_exec_type;
@@ -28798,16 +28568,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
  optional_policy(`
  	ssh_sigchld(application_domain_type)
  	ssh_rw_stream_sockets(application_domain_type)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.7.14/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/authlogin.fc	2010-03-12 09:30:01.000000000 -0500
-@@ -7,12 +7,10 @@
- /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
- /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
- 
--/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
--/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
--
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.7.15/policy/modules/system/authlogin.fc
+--- nsaserefpolicy/policy/modules/system/authlogin.fc	2010-03-18 10:35:11.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/authlogin.fc	2010-03-18 10:44:43.000000000 -0400
+@@ -10,6 +10,7 @@
  /sbin/pam_console_apply	 --	gen_context(system_u:object_r:pam_console_exec_t,s0)
  /sbin/pam_timestamp_check --	gen_context(system_u:object_r:pam_exec_t,s0)
  /sbin/unix_chkpwd	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
@@ -28815,73 +28579,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  /sbin/unix_update	--	gen_context(system_u:object_r:updpwd_exec_t,s0)
  /sbin/unix_verify	--	gen_context(system_u:object_r:chkpwd_exec_t,s0)
  ifdef(`distro_suse', `
-@@ -42,6 +40,8 @@
- /var/log/wtmp.*		--	gen_context(system_u:object_r:wtmp_t,s0)
- 
- /var/run/console(/.*)?	 	gen_context(system_u:object_r:pam_var_console_t,s0)
--
- /var/run/pam_mount(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
-+/var/run/pam_ssh(/.*)?	gen_context(system_u:object_r:var_auth_t,s0)
-+/var/run/sepermit(/.*)? 	gen_context(system_u:object_r:pam_var_run_t,s0)
- /var/run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.14/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/authlogin.if	2010-03-12 09:30:01.000000000 -0500
-@@ -40,17 +40,76 @@
- ##	</summary>
- ## </param>
- #
-+interface(`auth_use_pam',`
-+
-+	# for SSP/ProPolice
-+	dev_read_urand($1)
-+	# for encrypted homedir
-+	dev_read_sysfs($1)
-+
-+	auth_domtrans_chk_passwd($1)
-+	auth_domtrans_upd_passwd($1)
-+	auth_dontaudit_read_shadow($1)
-+	auth_read_login_records($1)
-+	auth_append_login_records($1)
-+	auth_rw_lastlog($1)
-+	auth_rw_faillog($1)
-+	auth_exec_pam($1)
-+	auth_use_nsswitch($1)
-+
-+	logging_send_audit_msgs($1)
-+	logging_send_syslog_msg($1)
-+
-+	optional_policy(`
-+		dbus_system_bus_client($1)
-+		optional_policy(`
-+			consolekit_dbus_chat($1)
-+		')
-+	')
-+
-+	optional_policy(`
-+		kerberos_manage_host_rcache($1)
-+		kerberos_read_config($1)
-+	')
-+
-+	optional_policy(`
-+		nis_authenticate($1)
-+	')
-+')
-+
-+########################################
-+## <summary>
-+##	Make the specified domain used for a login program.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain type used for a login program domain.
-+##	</summary>
-+## </param>
-+#
- interface(`auth_login_pgm_domain',`
- 	gen_require(`
- 		type var_auth_t, auth_cache_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.15/policy/modules/system/authlogin.if
+--- nsaserefpolicy/policy/modules/system/authlogin.if	2010-03-18 10:35:11.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/authlogin.if	2010-03-18 10:52:29.000000000 -0400
+@@ -94,6 +94,8 @@
  	')
  
  	domain_type($1)
@@ -28890,58 +28591,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	domain_subj_id_change_exemption($1)
  	domain_role_change_exemption($1)
  	domain_obj_id_change_exemption($1)
- 	role system_r types $1;
- 
-+	# Needed for pam_selinux_permit to cleanup properly
-+	domain_read_all_domains_state($1)
-+	domain_kill_all_domains($1)
-+
-+	# pam_keyring
-+	allow $1 self:capability ipc_lock;
-+	allow $1 self:process setkeycreate;
-+	allow $1 self:key manage_key_perms;
+@@ -107,6 +109,7 @@
+ 	allow $1 self:capability ipc_lock;
+ 	allow $1 self:process setkeycreate;
+ 	allow $1 self:key manage_key_perms;
 +	userdom_manage_all_users_keys($1)
-+
+ 
  	files_list_var_lib($1)
  	manage_files_pattern($1, var_auth_t, var_auth_t)
- 
-@@ -62,8 +121,6 @@
- 	manage_sock_files_pattern($1, auth_cache_t, auth_cache_t)
- 	files_var_filetrans($1, auth_cache_t, dir)
- 
--	# for SSP/ProPolice
--	dev_read_urand($1)
- 	# for fingerprint readers
- 	dev_rw_input_dev($1)
- 	dev_rw_generic_usb_dev($1)
-@@ -86,27 +143,45 @@
+@@ -141,6 +144,7 @@
  	mls_process_set_level($1)
  	mls_fd_share_all_levels($1)
  
--	auth_domtrans_chk_passwd($1)
--	auth_domtrans_upd_passwd($1)
--	auth_dontaudit_read_shadow($1)
--	auth_read_login_records($1)
--	auth_append_login_records($1)
--	auth_rw_lastlog($1)
--	auth_rw_faillog($1)
--	auth_exec_pam($1)
--	auth_use_nsswitch($1)
 +	auth_manage_pam_pid($1)
-+	auth_use_pam($1)
+ 	auth_use_pam($1)
  
  	init_rw_utmp($1)
- 
--	logging_send_audit_msgs($1)
--	logging_send_syslog_msg($1)
- 	logging_set_loginuid($1)
-+	logging_set_tty_audit($1)
- 
+@@ -151,6 +155,36 @@
  	seutil_read_config($1)
  	seutil_read_default_contexts($1)
  
--	tunable_policy(`allow_polyinstantiation',`
--		files_polyinstantiate_all($1)
 +	userdom_set_rlimitnh($1)
 +	userdom_read_user_home_content_symlinks($1)
 +	userdom_delete_user_tmp_files($1)
@@ -28970,42 +28639,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +		ssh_agent_exec($1)
 +		ssh_read_user_home_files($1)
 +		userdom_read_user_home_content_files($1)
- 	')
- ')
- 
-@@ -258,6 +333,7 @@
- 		type auth_cache_t;
- 	')
- 
-+	manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
- 	manage_files_pattern($1, auth_cache_t, auth_cache_t)
- ')
- 
-@@ -305,29 +381,50 @@
- 	dev_read_rand($1)
- 	dev_read_urand($1)
- 
-+	auth_use_nsswitch($1)
-+	auth_rw_faillog($1)
++	')
 +
- 	logging_send_audit_msgs($1)
- 
- 	miscfiles_read_certs($1)
- 
--	sysnet_dns_name_resolve($1)
--	sysnet_use_ldap($1)
--
- 	optional_policy(`
--		kerberos_use($1)
-+		kerberos_read_keytab($1)
-+		kerberos_connect_524($1)
+ 	tunable_policy(`allow_polyinstantiation',`
+ 		files_polyinstantiate_all($1)
+ 	')
+@@ -365,13 +399,15 @@
  	')
  
  	optional_policy(`
--		nis_use_ypbind($1)
--	')
--
--	optional_policy(`
 -		pcscd_read_pub_files($1)
 +		pcscd_manage_pub_files($1)
 +		pcscd_manage_pub_pipes($1)
@@ -29016,32 +28658,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  		samba_stream_connect_winbind($1)
  	')
 +	auth_domtrans_upd_passwd($1)
-+')
-+
-+########################################
-+## <summary>
-+##	Run unix_chkpwd to check a password.
-+## 	Stripped down version to be called within boolean
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`auth_domtrans_chkpwd',`
-+	gen_require(`
-+		type chkpwd_t, chkpwd_exec_t, shadow_t;
-+	')
-+
-+	corecmd_search_bin($1)
-+	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
-+	dontaudit $1 shadow_t:file { getattr read };
-+	auth_domtrans_upd_passwd($1)
  ')
  
  ########################################
-@@ -352,6 +449,7 @@
+@@ -418,6 +454,7 @@
  
  	auth_domtrans_chk_passwd($1)
  	role $2 types chkpwd_t;
@@ -29049,66 +28669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
  
  ########################################
-@@ -1129,6 +1227,32 @@
- 
- ########################################
- ## <summary>
-+##	rw all files on the filesystem, except
-+##	the shadow passwords and listed exceptions.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the domain perfoming this action.
-+##	</summary>
-+## </param>
-+## <param name="exception_types" optional="true">
-+##	<summary>
-+##	The types to be excluded.  Each type or attribute
-+##	must be negated by the caller.
-+##	</summary>
-+## </param>
-+#
-+
-+interface(`auth_rw_all_files_except_shadow',`
-+	gen_require(`
-+		type shadow_t;
-+	')
-+
-+	files_rw_all_files($1,$2 -shadow_t)
-+')
-+
-+########################################
-+## <summary>
- ##	Manage all files on the filesystem, except
- ##	the shadow passwords and listed exceptions.
- ## </summary>
-@@ -1254,6 +1378,25 @@
- 
- ########################################
- ## <summary>
-+##	dontaudit read login records files (/var/log/wtmp).
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`auth_dontaudit_read_login_records',`
-+	gen_require(`
-+		type wtmp_t;
-+	')
-+
-+	dontaudit $1 wtmp_t:file read_file_perms;
-+')
-+
-+########################################
-+## <summary>
- ##	Do not audit attempts to write to
- ##	login records files.
- ## </summary>
-@@ -1388,6 +1531,8 @@
+@@ -1500,6 +1537,8 @@
  #
  interface(`auth_use_nsswitch',`
  
@@ -29117,19 +28678,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	files_list_var_lib($1)
  
  	# read /etc/nsswitch.conf
-@@ -1403,16 +1548,33 @@
- 	')
- 
- 	optional_policy(`
-+		ldap_stream_connect($1)
-+	')
-+
-+	optional_policy(`
-+		kerberos_use($1)
-+	')
-+
-+	optional_policy(`
- 		nis_use_ypbind($1)
+@@ -1531,7 +1570,15 @@
  	')
  
  	optional_policy(`
@@ -29146,48 +28695,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  
  	optional_policy(`
- 		samba_stream_connect_winbind($1)
- 		samba_read_var_files($1)
-+		samba_dontaudit_write_var_files($1)
- 	')
- ')
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.7.14/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/authlogin.te	2010-03-12 09:30:01.000000000 -0500
-@@ -103,8 +103,10 @@
- 
- fs_dontaudit_getattr_xattr_fs(chkpwd_t)
- 
-+term_dontaudit_use_console(chkpwd_t)
- term_dontaudit_use_unallocated_ttys(chkpwd_t)
- term_dontaudit_use_generic_ptys(chkpwd_t)
-+term_dontaudit_use_all_ptys(chkpwd_t)
- 
- auth_use_nsswitch(chkpwd_t)
- 
-@@ -125,9 +127,18 @@
- ')
- 
- optional_policy(`
-+	# apache leaks file descriptors
-+	apache_dontaudit_rw_tcp_sockets(chkpwd_t)
-+')
-+
-+optional_policy(`
- 	kerberos_use(chkpwd_t)
- ')
- 
-+optional_policy(`
-+	nis_authenticate(chkpwd_t)
-+')
-+
- ########################################
- #
- # PAM local policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.if serefpolicy-3.7.14/policy/modules/system/daemontools.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.if serefpolicy-3.7.15/policy/modules/system/daemontools.if
 --- nsaserefpolicy/policy/modules/system/daemontools.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/daemontools.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/daemontools.if	2010-03-18 10:44:43.000000000 -0400
 @@ -71,6 +71,32 @@
  	domtrans_pattern($1, svc_start_exec_t, svc_start_t)
  ')
@@ -29268,9 +28778,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
 +
 +    allow $1 svc_run_t:process sigchld;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.te serefpolicy-3.7.14/policy/modules/system/daemontools.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.te serefpolicy-3.7.15/policy/modules/system/daemontools.te
 --- nsaserefpolicy/policy/modules/system/daemontools.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/daemontools.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/daemontools.te	2010-03-18 10:44:43.000000000 -0400
 @@ -39,7 +39,10 @@
  # multilog creates /service/*/log/status
  manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t)
@@ -29343,9 +28853,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
 +
  daemontools_domtrans_run(svc_start_t)
  daemontools_manage_svc(svc_start_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.14/policy/modules/system/fstools.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.15/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/fstools.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/fstools.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -29359,9 +28869,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  /sbin/parted		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partprobe		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.14/policy/modules/system/fstools.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.15/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/fstools.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/fstools.te	2010-03-18 10:44:43.000000000 -0400
 @@ -118,6 +118,8 @@
  fs_search_tmpfs(fsadm_t)
  fs_getattr_tmpfs_dirs(fsadm_t)
@@ -29380,9 +28890,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  
  ifdef(`distro_redhat',`
  	optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.7.14/policy/modules/system/getty.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.7.15/policy/modules/system/getty.te
 --- nsaserefpolicy/policy/modules/system/getty.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/getty.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/getty.te	2010-03-18 10:44:43.000000000 -0400
 @@ -56,11 +56,10 @@
  manage_files_pattern(getty_t, getty_var_run_t, getty_var_run_t)
  files_pid_filetrans(getty_t, getty_var_run_t, file)
@@ -29398,9 +28908,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
  
  dev_read_sysfs(getty_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.7.14/policy/modules/system/hostname.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.7.15/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/hostname.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/hostname.te	2010-03-18 10:44:43.000000000 -0400
 @@ -27,15 +27,18 @@
  
  dev_read_sysfs(hostname_t)
@@ -29420,22 +28930,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
  fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
  
  term_dontaudit_use_console(hostname_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.14/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/init.fc	2010-03-12 09:30:01.000000000 -0500
-@@ -4,10 +4,10 @@
- /etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
- 
- /etc/rc\.d/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
--/etc/rc\.d/rc\.sysinit	--	gen_context(system_u:object_r:initrc_exec_t,s0)
--/etc/rc\.d/rc\.local	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-+/etc/rc\.d/rc\.[^/]+	--	gen_context(system_u:object_r:initrc_exec_t,s0)
- 
- /etc/rc\.d/init\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)
-+/etc/sysconfig/network-scripts/ifup-ipsec  	--	gen_context(system_u:object_r:initrc_exec_t,s0)
- 
- /etc/X11/prefdm		--	gen_context(system_u:object_r:initrc_exec_t,s0)
- 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.15/policy/modules/system/init.fc
+--- nsaserefpolicy/policy/modules/system/init.fc	2010-03-18 10:35:11.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/init.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -44,6 +44,9 @@
  
  /usr/sbin/apachectl	-- 	gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -29446,9 +28943,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
  
  #
  # /var
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.7.14/policy/modules/system/init.if
---- nsaserefpolicy/policy/modules/system/init.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/init.if	2010-03-14 23:44:09.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.7.15/policy/modules/system/init.if
+--- nsaserefpolicy/policy/modules/system/init.if	2010-03-18 10:35:11.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/init.if	2010-03-18 10:56:08.000000000 -0400
 @@ -193,8 +193,10 @@
  	gen_require(`
  		attribute direct_run_init, direct_init, direct_init_entry;
@@ -29540,17 +29037,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
  ')
  
  ########################################
-@@ -681,7 +726,8 @@
+@@ -681,7 +726,9 @@
  
  		# upstart uses a datagram socket instead of initctl pipe
  		allow $1 self:unix_dgram_socket create_socket_perms;
 -		allow $1 init_t:unix_dgram_socket sendto;
++		allow $1 init_t:unix_stream_socket sendto;
 +		allow $1 init_t:unix_stream_socket connectto;
 +		init_chat($1)
  	')
  ')
  
-@@ -754,18 +800,19 @@
+@@ -754,18 +801,19 @@
  #
  interface(`init_spec_domtrans_script',`
  	gen_require(`
@@ -29574,7 +29072,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
  	')
  ')
  
-@@ -781,19 +828,39 @@
+@@ -781,23 +829,43 @@
  #
  interface(`init_domtrans_script',`
  	gen_require(`
@@ -29595,11 +29093,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
  	ifdef(`enable_mls',`
 -		range_transition $1 initrc_exec_t:process s0 - mls_systemhigh;
 +		range_transition $1 init_script_file_type:process s0 - mls_systemhigh;
-+	')
-+')
-+
-+########################################
-+## <summary>
+ 	')
+ ')
+ 
+ ########################################
+ ## <summary>
 +##	Execute a file in a bin directory
 +##	in the initrc_t domain 
 +## </summary>
@@ -29612,13 +29110,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +interface(`init_bin_domtrans_spec',`
 +	gen_require(`
 +		type initrc_t;
- 	')
++	')
 +
 +	corecmd_bin_domtrans($1, initrc_t)
- ')
- 
- ########################################
-@@ -849,8 +916,10 @@
++')
++
++########################################
++## <summary>
+ ##	Execute a init script in a specified domain.
+ ## </summary>
+ ## <desc>
+@@ -849,8 +917,10 @@
  interface(`init_labeled_script_domtrans',`
  	gen_require(`
  		type initrc_t;
@@ -29629,67 +29131,54 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
  	domtrans_pattern($1, $2, initrc_t)
  	files_search_etc($1)
  ')
-@@ -1058,6 +1127,24 @@
- 	allow $1 init_script_file_type:file read_file_perms;
- ')
+@@ -1444,7 +1514,7 @@
  
-+#######################################
-+## <summary>
-+##      Dontaudit read all init script files.
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      Domain allowed access.
-+##      </summary>
-+## </param>
-+#
-+interface(`dontaudit_init_read_all_script_files',`
-+        gen_require(`
-+                attribute init_script_file_type;
-+        ')
-+
-+        dontaudit $1 init_script_file_type:file read_file_perms;
-+')
-+
  ########################################
  ## <summary>
- ##	Execute all init scripts in the caller domain.
-@@ -1277,7 +1364,7 @@
- 		type initrc_t;
+-##	Read init script temporary data.
++##	Read and write init script temporary data.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+@@ -1452,18 +1522,18 @@
+ ##	</summary>
+ ## </param>
+ #
+-interface(`init_read_script_tmp_files',`
++interface(`init_rw_script_tmp_files',`
+ 	gen_require(`
+ 		type initrc_tmp_t;
  	')
  
--	allow $1 initrc_t:unix_stream_socket { read write };
-+	allow $1 initrc_t:unix_stream_socket rw_socket_perms;
+ 	files_search_tmp($1)
+-	read_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
++	rw_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
  ')
  
  ########################################
-@@ -1445,6 +1532,25 @@
- 
- ########################################
  ## <summary>
+-##	Read and write init script temporary data.
 +##	Read init script temporary data.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+@@ -1471,13 +1541,13 @@
+ ##	</summary>
+ ## </param>
+ #
+-interface(`init_rw_script_tmp_files',`
 +interface(`init_read_script_tmp_files',`
-+	gen_require(`
-+		type initrc_tmp_t;
-+	')
-+
-+	files_search_tmp($1)
+ 	gen_require(`
+ 		type initrc_tmp_t;
+ 	')
+ 
+ 	files_search_tmp($1)
+-	rw_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
 +	read_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
-+')
-+
-+########################################
-+## <summary>
- ##	Create files in a init script
- ##	temporary data directory.
- ## </summary>
-@@ -1600,7 +1706,7 @@
+ ')
+ 
+ ########################################
+@@ -1637,7 +1707,7 @@
  		type initrc_var_run_t;
  	')
  
@@ -29698,7 +29187,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
  ')
  
  ########################################
-@@ -1675,3 +1781,76 @@
+@@ -1712,3 +1782,76 @@
  	')
  	corenet_udp_recvfrom_labeled($1, daemon)
  ')
@@ -29775,9 +29264,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +	init_dontaudit_use_script_fds($1)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.14/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/init.te	2010-03-12 09:30:01.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.15/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te	2010-03-18 10:35:11.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/init.te	2010-03-18 10:44:43.000000000 -0400
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart, false)
@@ -29844,23 +29333,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  
  # For /var/run/shutdown.pid.
  allow init_t init_var_run_t:file manage_file_perms;
-@@ -122,6 +140,7 @@
- 
- dev_read_sysfs(init_t)
- 
-+domain_getpgid_all_domains(init_t)
- domain_kill_all_domains(init_t)
- domain_signal_all_domains(init_t)
- domain_signull_all_domains(init_t)
-@@ -140,6 +159,7 @@
- files_dontaudit_rw_root_files(init_t)
- files_dontaudit_rw_root_chr_files(init_t)
- 
-+fs_list_inotifyfs(init_t)
- # cjp: this may be related to /dev/log
- fs_write_ramfs_sockets(init_t)
- 
-@@ -167,11 +187,14 @@
+@@ -169,6 +187,8 @@
  
  miscfiles_read_localization(init_t)
  
@@ -29869,13 +29342,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ifdef(`distro_gentoo',`
  	allow init_t self:process { getcap setcap };
  ')
- 
- ifdef(`distro_redhat',`
-+	fs_read_tmpfs_symlinks(init_t)
- 	fs_rw_tmpfs_chr_files(init_t)
- 	fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
- ')
-@@ -189,10 +212,31 @@
+@@ -192,10 +212,23 @@
  ')
  
  optional_policy(`
@@ -29884,10 +29351,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +
 +optional_policy(`
 +	dbus_connect_system_bus(init_t)
-+	dbus_system_bus_client(init_t)
-+')
-+
-+optional_policy(`
+ 	dbus_system_bus_client(init_t)
+ ')
+ 
+ optional_policy(`
 +	# /var/run/dovecot/login/ssl-parameters.dat is a hard link to
 +	# /var/lib/dovecot/ssl-parameters.dat and init tries to clean up
 +	# the directory. But we do not want to allow this.
@@ -29899,15 +29366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	nscd_socket_use(init_t)
  ')
  
- optional_policy(`
-+	sssd_stream_connect(init_t)
-+')
-+
-+optional_policy(`
- 	unconfined_domain(init_t)
- ')
- 
-@@ -202,9 +246,10 @@
+@@ -213,7 +246,7 @@
  #
  
  allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -29915,36 +29374,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +allow initrc_t self:capability ~{ audit_control audit_write sys_admin sys_module };
  dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
  allow initrc_t self:passwd rootok;
-+allow initrc_t self:key manage_key_perms;
- 
- # Allow IPC with self
- allow initrc_t self:unix_dgram_socket create_socket_perms;
-@@ -217,7 +262,8 @@
- term_create_pty(initrc_t, initrc_devpts_t)
+ allow initrc_t self:key manage_key_perms;
+@@ -230,6 +263,7 @@
  
  # Going to single user mode
--init_exec(initrc_t)
-+init_telinit(initrc_t)
+ init_telinit(initrc_t)
 +init_chat(initrc_t)
  
  can_exec(initrc_t, init_script_file_type)
  
-@@ -230,10 +276,12 @@
+@@ -242,6 +276,7 @@
  
  allow initrc_t initrc_var_run_t:file manage_file_perms;
  files_pid_filetrans(initrc_t, initrc_var_run_t, file)
 +files_manage_generic_pids_symlinks(initrc_t)
  
  can_exec(initrc_t, initrc_tmp_t)
--allow initrc_t initrc_tmp_t:file manage_file_perms;
--allow initrc_t initrc_tmp_t:dir manage_dir_perms;
-+manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
-+manage_dirs_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
-+manage_lnk_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
- files_tmp_filetrans(initrc_t, initrc_tmp_t, { file dir })
- 
- init_write_initctl(initrc_t)
-@@ -246,13 +294,19 @@
+ manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
+@@ -259,13 +294,19 @@
  kernel_clear_ring_buffer(initrc_t)
  kernel_get_sysvipc_info(initrc_t)
  kernel_read_all_sysctls(initrc_t)
@@ -29966,38 +29413,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  
  corenet_all_recvfrom_unlabeled(initrc_t)
  corenet_all_recvfrom_netlabel(initrc_t)
-@@ -267,21 +321,29 @@
- 
- dev_read_rand(initrc_t)
- dev_read_urand(initrc_t)
-+dev_write_kmsg(initrc_t)
- dev_write_rand(initrc_t)
- dev_write_urand(initrc_t)
- dev_rw_sysfs(initrc_t)
- dev_list_usbfs(initrc_t)
- dev_read_framebuffer(initrc_t)
-+dev_write_framebuffer(initrc_t)
- dev_read_realtime_clock(initrc_t)
- dev_read_sound_mixer(initrc_t)
- dev_write_sound_mixer(initrc_t)
+@@ -293,12 +334,14 @@
  dev_setattr_all_chr_files(initrc_t)
--dev_read_lvm_control(initrc_t)
-+dev_rw_lvm_control(initrc_t)
+ dev_rw_lvm_control(initrc_t)
  dev_delete_lvm_control_dev(initrc_t)
 +dev_delete_null(initrc_t)
  dev_manage_generic_symlinks(initrc_t)
  dev_manage_generic_files(initrc_t)
  # Wants to remove udev.tbl:
  dev_delete_generic_symlinks(initrc_t)
-+dev_getattr_all_blk_files(initrc_t)
-+dev_getattr_all_chr_files(initrc_t)
+ dev_getattr_all_blk_files(initrc_t)
+ dev_getattr_all_chr_files(initrc_t)
 +dev_rw_xserver_misc(initrc_t)
-+
-+corecmd_exec_all_executables(initrc_t)
  
- domain_kill_all_domains(initrc_t)
- domain_signal_all_domains(initrc_t)
-@@ -291,7 +353,7 @@
+ corecmd_exec_all_executables(initrc_t)
+ 
+@@ -310,7 +353,7 @@
  domain_sigchld_all_domains(initrc_t)
  domain_read_all_domains_state(initrc_t)
  domain_getattr_all_domains(initrc_t)
@@ -30006,7 +29437,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  domain_getsession_all_domains(initrc_t)
  domain_use_interactive_fds(initrc_t)
  # for lsof which is used by alsa shutdown:
-@@ -306,14 +368,15 @@
+@@ -325,8 +368,10 @@
  files_getattr_all_pipes(initrc_t)
  files_getattr_all_sockets(initrc_t)
  files_purge_tmp(initrc_t)
@@ -30018,24 +29449,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  files_delete_all_pids(initrc_t)
  files_delete_all_pid_dirs(initrc_t)
  files_read_etc_files(initrc_t)
- files_manage_etc_runtime_files(initrc_t)
- files_etc_filetrans_etc_runtime(initrc_t, file)
--files_manage_generic_locks(initrc_t)
- files_exec_etc_files(initrc_t)
- files_read_usr_files(initrc_t)
- files_manage_urandom_seed(initrc_t)
-@@ -324,7 +387,10 @@
+@@ -342,6 +387,8 @@
  files_mounton_isid_type_dirs(initrc_t)
  files_list_default(initrc_t)
  files_mounton_default(initrc_t)
 +files_manage_mnt_dirs(initrc_t)
 +files_manage_mnt_files(initrc_t)
  
-+fs_list_inotifyfs(initrc_t)
+ fs_list_inotifyfs(initrc_t)
  fs_register_binary_executable_type(initrc_t)
- # rhgb-console writes to ramfs
- fs_write_ramfs_pipes(initrc_t)
-@@ -333,6 +399,11 @@
+@@ -352,6 +399,11 @@
  fs_unmount_all_fs(initrc_t)
  fs_remount_all_fs(initrc_t)
  fs_getattr_all_fs(initrc_t)
@@ -30047,17 +29470,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  
  # initrc_t needs to do a pidof which requires ptrace
  mcs_ptrace_all(initrc_t)
-@@ -365,7 +436,9 @@
- 
- libs_rw_ld_so_cache(initrc_t)
- libs_exec_lib_files(initrc_t)
-+libs_exec_ld_so(initrc_t)
- 
-+logging_send_audit_msgs(initrc_t)
- logging_send_syslog_msg(initrc_t)
- logging_manage_generic_logs(initrc_t)
- logging_read_all_logs(initrc_t)
-@@ -374,19 +447,22 @@
+@@ -395,19 +447,22 @@
  
  miscfiles_read_localization(initrc_t)
  # slapd needs to read cert files from its initscript
@@ -30071,7 +29484,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  
 +userdom_read_admin_home_files(initrc_t)
  userdom_read_user_home_content_files(initrc_t)
- # Allow access to the sysadm TTYs. Note that this will give access to the 
+-# Allow access to the sysadm TTYs. Note that this will give access to the
++# Allow access to the sysadm TTYs. Note that this will give access to the 
  # TTYs to any process in the initrc_t domain. Therefore, daemons and such
  # started from init should be placed in their own domain.
  userdom_use_user_terminals(initrc_t)
@@ -30081,16 +29495,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ifdef(`distro_debian',`
  	dev_setattr_generic_dirs(initrc_t)
  
-@@ -431,7 +507,7 @@
- 	# /lib/rcscripts/net/system.sh rewrites resolv.conf :(
- 	sysnet_create_config(initrc_t)
- 	sysnet_write_config(initrc_t)
--	sysnet_setattr_config(initrc_t)	
-+	sysnet_setattr_config(initrc_t)
- 
- 	optional_policy(`
- 		arpwatch_manage_data_files(initrc_t)
-@@ -450,11 +526,9 @@
+@@ -471,7 +526,7 @@
  
  	# Red Hat systems seem to have a stray
  	# fd open from the initrd
@@ -30098,35 +29503,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +	kernel_use_fds(initrc_t)
  	files_dontaudit_read_root_files(initrc_t)
  
--	selinux_set_enforce_mode(initrc_t)
--
  	# These seem to be from the initrd
- 	# during device initialization:
- 	dev_create_generic_dirs(initrc_t)
-@@ -464,6 +538,7 @@
- 	storage_raw_read_fixed_disk(initrc_t)
- 	storage_raw_write_fixed_disk(initrc_t)
- 
-+	files_create_boot_dirs(initrc_t)
- 	files_create_boot_flag(initrc_t)
- 	files_rw_boot_symlinks(initrc_t)
- 	# wants to read /.fonts directory
-@@ -472,6 +547,7 @@
- 	# Needs to cp localtime to /var dirs
- 	files_write_var_dirs(initrc_t)
- 
-+	fs_read_tmpfs_symlinks(initrc_t)
- 	fs_rw_tmpfs_chr_files(initrc_t)
- 
- 	storage_manage_fixed_disk(initrc_t)
-@@ -490,17 +566,32 @@
- 	miscfiles_read_hwdata(initrc_t)
- 
+@@ -517,6 +572,15 @@
  	optional_policy(`
-+		alsa_manage_rw_config(initrc_t)
-+	')
-+
-+	optional_policy(`
  		bind_manage_config_dirs(initrc_t)
  		bind_write_config(initrc_t)
 +		bind_setattr_zone_dirs(initrc_t)
@@ -30141,18 +29520,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	')
  
  	optional_policy(`
- 		#for /etc/rc.d/init.d/nfs to create /etc/exports
- 		rpc_write_exports(initrc_t)
-+		rpc_manage_nfs_state_data(initrc_t)
- 	')
- 
- 	optional_policy(`
- 		sysnet_rw_dhcp_config(initrc_t)
-+		sysnet_manage_config(initrc_t)
- 	')
- 
- 	optional_policy(`
-@@ -515,6 +606,34 @@
+@@ -542,6 +606,34 @@
  	')
  ')
  
@@ -30187,7 +29555,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  optional_policy(`
  	amavis_search_lib(initrc_t)
  	amavis_setattr_pid_files(initrc_t)
-@@ -527,6 +646,8 @@
+@@ -554,6 +646,8 @@
  optional_policy(`
  	apache_read_config(initrc_t)
  	apache_list_modules(initrc_t)
@@ -30196,38 +29564,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -567,10 +688,19 @@
+@@ -594,6 +688,7 @@
  	dbus_connect_system_bus(initrc_t)
  	dbus_system_bus_client(initrc_t)
  	dbus_read_config(initrc_t)
 +	dbus_manage_lib_files(initrc_t)
-+
-+	optional_policy(`
-+		consolekit_dbus_chat(initrc_t)
-+	')
  
  	optional_policy(`
- 		networkmanager_dbus_chat(initrc_t)
- 	')
-+
-+	optional_policy(`
-+		policykit_dbus_chat(initrc_t)
-+	')
+ 		consolekit_dbus_chat(initrc_t)
+@@ -647,11 +742,6 @@
  ')
  
  optional_policy(`
-@@ -590,6 +720,10 @@
+-	iscsi_stream_connect(initrc_t)
+-	iscsi_read_lib_files(initrc_t)
+-')
+-
+-optional_policy(`
+ 	kerberos_use(initrc_t)
  ')
  
- optional_policy(`
-+	hal_write_log(initrc_t)
-+')
-+
-+optional_policy(`
- 	dev_read_usbfs(initrc_t)
- 
- 	# init scripts run /etc/hotplug/usb.rc
-@@ -646,20 +780,20 @@
+@@ -690,12 +780,18 @@
  ')
  
  optional_policy(`
@@ -30245,32 +29602,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +	mta_write_config(initrc_t)
  	mta_dontaudit_read_spool_symlinks(initrc_t)
  ')
--# cjp: require doesnt work in the else of optionals :\
--# this also would result in a type transition
--# conflict if sendmail is enabled
--#optional_policy(`',`
--#	mta_send_mail(initrc_t)
--#')
- 
- optional_policy(`
- 	ifdef(`distro_redhat',`
-@@ -668,6 +802,7 @@
  
- 	mysql_stream_connect(initrc_t)
- 	mysql_write_log(initrc_t)
-+	mysql_read_config(initrc_t)
- ')
- 
- optional_policy(`
-@@ -700,7 +835,6 @@
- ')
- 
- optional_policy(`
--	corecmd_shell_entry_type(initrc_t)
- 	fs_write_ramfs_sockets(initrc_t)
- 	fs_search_ramfs(initrc_t)
- 
-@@ -722,8 +856,6 @@
+@@ -760,8 +856,6 @@
  	# bash tries ioctl for some reason
  	files_dontaudit_ioctl_all_pids(initrc_t)
  
@@ -30279,7 +29612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -736,13 +868,16 @@
+@@ -774,10 +868,12 @@
  	squid_manage_logs(initrc_t)
  ')
  
@@ -30292,37 +29625,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  
  optional_policy(`
  	ssh_dontaudit_read_server_keys(initrc_t)
-+	ssh_setattr_key_files(initrc_t)
- ')
- 
- optional_policy(`
-@@ -751,6 +886,7 @@
- 
- optional_policy(`
- 	udev_rw_db(initrc_t)
-+	udev_manage_pid_files(initrc_t)
- ')
- 
- optional_policy(`
-@@ -758,7 +894,17 @@
+@@ -801,8 +897,14 @@
+ 	virt_manage_svirt_cache(initrc_t)
  ')
  
- optional_policy(`
-+	virt_manage_svirt_cache(initrc_t)
-+')
-+
 +# Cron jobs used to start and stop services
 +optional_policy(`
 +	cron_rw_pipes(daemon)
 +')
 +
-+optional_policy(`
+ optional_policy(`
  	unconfined_domain(initrc_t)
 +	domain_role_change_exemption(initrc_t)
  
  	ifdef(`distro_redhat',`
  		# system-config-services causes avc messages that should be dontaudited
-@@ -768,6 +914,25 @@
+@@ -812,6 +914,25 @@
  	optional_policy(`
  		mono_domtrans(initrc_t)
  	')
@@ -30348,7 +29666,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -793,3 +958,34 @@
+@@ -837,3 +958,34 @@
  optional_policy(`
  	zebra_read_config(initrc_t)
  ')
@@ -30383,134 +29701,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +optional_policy(`
 +	fail2ban_read_lib_files(daemon)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.7.14/policy/modules/system/ipsec.fc
---- nsaserefpolicy/policy/modules/system/ipsec.fc	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/ipsec.fc	2010-03-12 09:30:01.000000000 -0500
-@@ -37,6 +37,8 @@
- 
- /var/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
- 
-+/var/log/pluto\.log		--	gen_context(system_u:object_r:ipsec_log_t,s0)
-+
- /var/run/pluto(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
-+/var/run/racoon\.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
- 
--/var/run/racoon.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.7.14/policy/modules/system/ipsec.if
---- nsaserefpolicy/policy/modules/system/ipsec.if	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/ipsec.if	2010-03-12 09:30:01.000000000 -0500
-@@ -39,6 +39,25 @@
- 
- ########################################
- ## <summary>
-+##	Connect to racoon using a unix domain stream socket.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the process performing this action.
-+##	</summary>
-+## </param>
-+#
-+interface(`ipsec_stream_connect_racoon',`
-+	gen_require(`
-+		type racoon_t, ipsec_var_run_t;
-+	')
-+
-+	files_search_pids($1)
-+	stream_connect_pattern($1, ipsec_var_run_t, ipsec_var_run_t, racoon_t)
-+')
-+
-+########################################
-+## <summary>
- ##	Get the attributes of an IPSEC key socket.
- ## </summary>
- ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.14/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/ipsec.te	2010-03-12 15:16:06.000000000 -0500
-@@ -29,9 +29,15 @@
- type ipsec_key_file_t;
- files_type(ipsec_key_file_t)
- 
-+type ipsec_log_t;
-+logging_log_file(ipsec_log_t)
-+
- # Default type for IPSEC SPD entries
- type ipsec_spd_t;
- 
-+type ipsec_tmp_t;
-+files_tmp_file(ipsec_tmp_t)
-+
- # type for runtime files, including pluto.ctl
- type ipsec_var_run_t;
- files_pid_file(ipsec_var_run_t)
-@@ -66,8 +72,8 @@
- # ipsec Local policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.15/policy/modules/system/ipsec.te
+--- nsaserefpolicy/policy/modules/system/ipsec.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/ipsec.te	2010-03-18 10:44:43.000000000 -0400
+@@ -73,7 +73,7 @@
  #
  
--allow ipsec_t self:capability { net_admin dac_override dac_read_search sys_nice };
+ allow ipsec_t self:capability { net_admin dac_override dac_read_search setpcap sys_nice };
 -dontaudit ipsec_t self:capability sys_tty_config;
-+allow ipsec_t self:capability { dac_override dac_read_search net_admin setpcap sys_nice };
 +dontaudit ipsec_t self:capability { sys_ptrace sys_tty_config };
  allow ipsec_t self:process { getcap setcap getsched signal setsched };
  allow ipsec_t self:tcp_socket create_stream_socket_perms;
  allow ipsec_t self:udp_socket create_socket_perms;
-@@ -85,6 +91,10 @@
- manage_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
- read_lnk_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
- 
-+manage_dirs_pattern(ipsec_t, ipsec_tmp_t, ipsec_tmp_t)
-+manage_files_pattern(ipsec_t, ipsec_tmp_t, ipsec_tmp_t)
-+files_tmp_filetrans(ipsec_t, ipsec_tmp_t, { dir file }) 
-+
- manage_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
- manage_sock_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
- files_pid_filetrans(ipsec_t, ipsec_var_run_t, { file sock_file })
-@@ -98,7 +108,9 @@
- corecmd_shell_domtrans(ipsec_t, ipsec_mgmt_t)
- allow ipsec_mgmt_t ipsec_t:fd use;
- allow ipsec_mgmt_t ipsec_t:fifo_file rw_fifo_file_perms;
-+dontaudit ipsec_mgmt_t ipsec_t:unix_stream_socket { read write };
- allow ipsec_mgmt_t ipsec_t:process sigchld;
-+sysnet_domtrans_ifconfig(ipsec_t)
- 
- kernel_read_kernel_sysctls(ipsec_t)
- kernel_list_proc(ipsec_t)
-@@ -171,8 +183,9 @@
- # ipsec_mgmt Local policy
- #
- 
--allow ipsec_mgmt_t self:capability { net_admin sys_tty_config dac_override dac_read_search };
--allow ipsec_mgmt_t self:process { signal setrlimit };
-+allow ipsec_mgmt_t self:capability { dac_override dac_read_search net_admin setpcap sys_nice };
-+dontaudit ipsec_mgmt_t self:capability sys_tty_config;
+@@ -186,7 +186,7 @@
+ 
+ allow ipsec_mgmt_t self:capability { dac_override dac_read_search net_admin setpcap sys_nice };
+ dontaudit ipsec_mgmt_t self:capability sys_tty_config;
+-allow ipsec_mgmt_t self:process { getsched ptrace setrlimit signal };
 +allow ipsec_mgmt_t self:process { getsched ptrace setrlimit setsched signal };
  allow ipsec_mgmt_t self:unix_stream_socket create_stream_socket_perms;
  allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
  allow ipsec_mgmt_t self:udp_socket create_socket_perms;
-@@ -182,6 +195,13 @@
- allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
- files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file)
- 
-+manage_dirs_pattern(ipsec_mgmt_t, ipsec_tmp_t, ipsec_tmp_t)
-+manage_files_pattern(ipsec_mgmt_t, ipsec_tmp_t, ipsec_tmp_t)
-+files_tmp_filetrans(ipsec_mgmt_t, ipsec_tmp_t, { dir file }) 
-+
-+manage_files_pattern(ipsec_mgmt_t, ipsec_log_t, ipsec_log_t)
-+logging_log_filetrans(ipsec_mgmt_t, ipsec_log_t, file)
-+
- allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file manage_file_perms;
- files_pid_filetrans(ipsec_mgmt_t, ipsec_mgmt_var_run_t, file)
- 
-@@ -209,7 +229,6 @@
- # whack needs to connect to pluto
- stream_connect_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t, ipsec_t)
- 
--can_exec(ipsec_mgmt_t, ipsec_exec_t)
- can_exec(ipsec_mgmt_t, ipsec_mgmt_exec_t)
- allow ipsec_mgmt_t ipsec_mgmt_exec_t:lnk_file read;
- 
-@@ -238,7 +257,7 @@
+@@ -258,7 +258,7 @@
  
  domain_use_interactive_fds(ipsec_mgmt_t)
  # denials when ps tries to search /proc. Do not audit these denials.
@@ -30519,34 +29731,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  # suppress audit messages about unnecessary socket access
  # cjp: this seems excessive
  domain_dontaudit_rw_all_udp_sockets(ipsec_mgmt_t)
-@@ -247,8 +266,10 @@
- files_read_etc_files(ipsec_mgmt_t)
- files_exec_etc_files(ipsec_mgmt_t)
- files_read_etc_runtime_files(ipsec_mgmt_t)
-+files_read_usr_files(ipsec_mgmt_t)
- files_dontaudit_getattr_default_dirs(ipsec_mgmt_t)
- files_dontaudit_getattr_default_files(ipsec_mgmt_t)
-+files_list_tmp(ipsec_mgmt_t)
- 
- fs_getattr_xattr_fs(ipsec_mgmt_t)
- fs_list_tmpfs(ipsec_mgmt_t)
-@@ -259,6 +280,7 @@
- init_use_script_ptys(ipsec_mgmt_t)
- init_exec_script_files(ipsec_mgmt_t)
- init_use_fds(ipsec_mgmt_t)
-+init_labeled_script_domtrans(ipsec_mgmt_t, ipsec_initrc_exec_t)
- 
- logging_send_syslog_msg(ipsec_mgmt_t)
- 
-@@ -323,6 +345,7 @@
- 
- kernel_read_system_state(racoon_t)
- kernel_read_network_state(racoon_t)
-+kernel_request_load_module(racoon_t)
- 
- corecmd_exec_shell(racoon_t)
- corecmd_exec_bin(racoon_t)
-@@ -362,6 +385,8 @@
+@@ -386,6 +386,8 @@
  
  sysnet_exec_ifconfig(racoon_t)
  
@@ -30555,15 +29740,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  auth_can_read_shadow_passwords(racoon_t)
  tunable_policy(`racoon_read_shadow',`
  	auth_tunable_read_shadow(racoon_t)
-@@ -380,12 +405,15 @@
- read_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
- read_lnk_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
- 
-+kernel_request_load_module(setkey_t)
-+
- # allow setkey utility to set contexts on SA's and policy
- domain_ipsec_setcontext_all_domains(setkey_t)
- 
+@@ -412,6 +414,7 @@
  files_read_etc_files(setkey_t)
  
  init_dontaudit_use_fds(setkey_t)
@@ -30571,14 +29748,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  
  # allow setkey to set the context for ipsec SAs and policy.
  ipsec_setcontext_default_spd(setkey_t)
-@@ -397,3 +425,4 @@
+@@ -423,3 +426,4 @@
  seutil_read_config(setkey_t)
  
  userdom_use_user_terminals(setkey_t)
 +userdom_read_user_tmp_files(setkey_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.7.14/policy/modules/system/iptables.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.7.15/policy/modules/system/iptables.fc
 --- nsaserefpolicy/policy/modules/system/iptables.fc	2010-02-12 16:41:05.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/iptables.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/iptables.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,6 +1,4 @@
  /etc/rc\.d/init\.d/ip6?tables	--	gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
 -/etc/sysconfig/ip6?tables.*	--	gen_context(system_u:object_r:iptables_conf_t,s0)
@@ -30586,9 +29763,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  /sbin/ipchains.*		--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /sbin/ip6?tables		--	gen_context(system_u:object_r:iptables_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.14/policy/modules/system/iptables.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.15/policy/modules/system/iptables.if
 --- nsaserefpolicy/policy/modules/system/iptables.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/iptables.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/iptables.if	2010-03-18 10:44:43.000000000 -0400
 @@ -17,6 +17,10 @@
  
  	corecmd_search_bin($1)
@@ -30600,9 +29777,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.14/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/iptables.te	2010-03-14 23:44:16.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.15/policy/modules/system/iptables.te
+--- nsaserefpolicy/policy/modules/system/iptables.te	2010-03-18 10:35:11.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/iptables.te	2010-03-18 10:44:43.000000000 -0400
 @@ -14,9 +14,6 @@
  type iptables_initrc_exec_t;
  init_script_file(iptables_initrc_exec_t)
@@ -30613,10 +29790,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  type iptables_tmp_t;
  files_tmp_file(iptables_tmp_t)
  
-@@ -30,11 +27,12 @@
+@@ -30,12 +27,12 @@
  
  allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
  dontaudit iptables_t self:capability sys_tty_config;
+-allow iptables_t self:fifo_file rw_fifo_file_perms;
 +allow iptables_t self:fifo_file rw_file_perms;
  allow iptables_t self:process { sigchld sigkill sigstop signull signal };
  allow iptables_t self:rawip_socket create_socket_perms;
@@ -30628,11 +29806,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  manage_files_pattern(iptables_t, iptables_var_run_t, iptables_var_run_t)
  files_pid_filetrans(iptables_t, iptables_var_run_t, file)
-@@ -53,8 +51,12 @@
- kernel_use_fds(iptables_t)
- 
- corenet_relabelto_all_packets(iptables_t)
-+corenet_dontaudit_rw_tun_tap_dev(iptables_t)
+@@ -57,6 +54,9 @@
+ corenet_dontaudit_rw_tun_tap_dev(iptables_t)
  
  dev_read_sysfs(iptables_t)
 +ifdef(`hide_broken_symptoms',`
@@ -30641,7 +29816,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  fs_getattr_xattr_fs(iptables_t)
  fs_search_auto_mountpoints(iptables_t)
-@@ -63,6 +65,7 @@
+@@ -65,6 +65,7 @@
  mls_file_read_all_levels(iptables_t)
  
  term_dontaudit_use_console(iptables_t)
@@ -30649,7 +29824,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  domain_use_interactive_fds(iptables_t)
  
-@@ -76,6 +79,7 @@
+@@ -78,6 +79,7 @@
  # to allow rules to be saved on reboot:
  init_rw_script_tmp_files(iptables_t)
  init_rw_script_stream_sockets(iptables_t)
@@ -30657,7 +29832,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  logging_send_syslog_msg(iptables_t)
  
-@@ -89,6 +93,7 @@
+@@ -91,6 +93,7 @@
  
  optional_policy(`
  	fail2ban_append_log(iptables_t)
@@ -30665,20 +29840,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  ')
  
  optional_policy(`
-@@ -122,5 +127,10 @@
- ')
- 
- optional_policy(`
-+	shorewall_rw_lib_files(iptables_t)
-+')
-+
-+optional_policy(`
- 	udev_read_db(iptables_t)
- ')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.14/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.15/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/libraries.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/libraries.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -31039,9 +30203,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +
 +/usr/lib(64)?/libGTL.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.14/policy/modules/system/libraries.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.15/policy/modules/system/libraries.if
 --- nsaserefpolicy/policy/modules/system/libraries.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/libraries.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/libraries.if	2010-03-18 10:44:43.000000000 -0400
 @@ -17,6 +17,7 @@
  
  	corecmd_search_bin($1)
@@ -31068,9 +30232,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  	allow $1 lib_t:dir list_dir_perms;
  	read_lnk_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
  	mmap_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.14/policy/modules/system/libraries.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.15/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/libraries.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/libraries.te	2010-03-18 10:44:43.000000000 -0400
 @@ -58,11 +58,11 @@
  # ldconfig local policy
  #
@@ -31143,9 +30307,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +optional_policy(`
 +	unconfined_domain(ldconfig_t) 
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.14/policy/modules/system/locallogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.15/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/locallogin.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/locallogin.te	2010-03-18 10:44:43.000000000 -0400
 @@ -33,9 +33,8 @@
  # Local login local policy
  #
@@ -31246,9 +30410,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
 -optional_policy(`
 -	nscd_socket_use(sulogin_t)
 -')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.7.14/policy/modules/system/logging.fc
---- nsaserefpolicy/policy/modules/system/logging.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/logging.fc	2010-03-12 09:30:01.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.7.15/policy/modules/system/logging.fc
+--- nsaserefpolicy/policy/modules/system/logging.fc	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/logging.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -17,6 +17,10 @@
  /sbin/syslogd		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
  /sbin/syslog-ng		--	gen_context(system_u:object_r:syslogd_exec_t,s0)
@@ -31260,11 +30424,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  /usr/sbin/klogd		--	gen_context(system_u:object_r:klogd_exec_t,s0)
  /usr/sbin/metalog	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
  /usr/sbin/rklogd	--	gen_context(system_u:object_r:klogd_exec_t,s0)
-@@ -51,17 +55,23 @@
- 
- ifdef(`distro_redhat',`
- /var/named/chroot/var/log -d	gen_context(system_u:object_r:var_log_t,s0)
-+/var/named/chroot/dev/log -s	gen_context(system_u:object_r:devlog_t,s0)
+@@ -54,10 +58,10 @@
+ /var/named/chroot/dev/log -s	gen_context(system_u:object_r:devlog_t,s0)
  ')
  
 -/var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
@@ -31278,41 +30439,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  /var/run/klogd\.pid	--	gen_context(system_u:object_r:klogd_var_run_t,s0)
  /var/run/log		-s	gen_context(system_u:object_r:devlog_t,s0)
  /var/run/metalog\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
- /var/run/syslogd\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
- 
-+/var/spool/bacula/log(/.*)? 	gen_context(system_u:object_r:var_log_t,s0)
- /var/spool/postfix/pid	-d	gen_context(system_u:object_r:var_run_t,s0)
-+/var/spool/plymouth/boot.log	gen_context(system_u:object_r:var_log_t,s0)
-+/var/spool/rsyslog(/.*)? 	gen_context(system_u:object_r:var_log_t,s0)
+@@ -69,3 +73,5 @@
+ /var/spool/rsyslog(/.*)? 	gen_context(system_u:object_r:var_log_t,s0)
  
  /var/tinydns/log/main(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 +
 +/var/webmin(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.7.14/policy/modules/system/logging.if
---- nsaserefpolicy/policy/modules/system/logging.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/logging.if	2010-03-12 09:30:01.000000000 -0500
-@@ -96,6 +96,20 @@
- 
- ########################################
- ## <summary>
-+##	Set tty auditing
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`logging_set_tty_audit',`
-+	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_tty_audit };
-+')
-+
-+########################################
-+## <summary>
- ##	Set up audit
- ## </summary>
- ## <param name="domain">
-@@ -701,7 +715,25 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.7.15/policy/modules/system/logging.if
+--- nsaserefpolicy/policy/modules/system/logging.if	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/logging.if	2010-03-18 10:44:43.000000000 -0400
+@@ -715,7 +715,25 @@
  	')
  
  	files_search_var($1)
@@ -31339,7 +30475,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -784,7 +816,9 @@
+@@ -798,7 +816,9 @@
  
  	files_search_var($1)
  	manage_files_pattern($1, logfile, logfile)
@@ -31350,31 +30486,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.14/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/logging.te	2010-03-13 09:50:12.000000000 -0500
-@@ -101,6 +101,7 @@
- 
- kernel_read_kernel_sysctls(auditctl_t)
- kernel_read_proc_symlinks(auditctl_t)
-+kernel_setsched(auditctl_t)
- 
- domain_read_all_domains_state(auditctl_t)
- domain_use_interactive_fds(auditctl_t)
-@@ -123,10 +124,10 @@
- 
- allow auditd_t self:capability { chown fsetid sys_nice sys_resource };
- dontaudit auditd_t self:capability sys_tty_config;
--allow auditd_t self:process { signal_perms setpgid setsched };
-+allow auditd_t self:process { getcap signal_perms setcap setpgid setsched };
- allow auditd_t self:file rw_file_perms;
- allow auditd_t self:unix_dgram_socket create_socket_perms;
--allow auditd_t self:fifo_file rw_file_perms;
-+allow auditd_t self:fifo_file rw_fifo_file_perms;
- allow auditd_t self:tcp_socket create_stream_socket_perms;
- 
- allow auditd_t auditd_etc_t:dir list_dir_perms;
-@@ -179,6 +180,8 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.15/policy/modules/system/logging.te
+--- nsaserefpolicy/policy/modules/system/logging.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/logging.te	2010-03-18 10:44:43.000000000 -0400
+@@ -180,6 +180,8 @@
  logging_domtrans_dispatcher(auditd_t)
  logging_signal_dispatcher(auditd_t)
  
@@ -31383,31 +30498,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  miscfiles_read_localization(auditd_t)
  
  mls_file_read_all_levels(auditd_t)
-@@ -215,9 +218,9 @@
- # audit dispatcher local policy
- #
- 
--allow audisp_t self:capability sys_nice;
--allow audisp_t self:process setsched;
--allow audisp_t self:fifo_file rw_file_perms;
-+allow audisp_t self:capability { dac_override setpcap sys_nice };
-+allow audisp_t self:process { getcap signal_perms setcap setsched };
-+allow audisp_t self:fifo_file rw_fifo_file_perms;
- allow audisp_t self:unix_stream_socket create_stream_socket_perms;
- allow audisp_t self:unix_dgram_socket create_socket_perms;
- 
-@@ -226,13 +229,19 @@
- manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
- files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
- 
--corecmd_search_bin(audisp_t)
-+corecmd_exec_bin(audisp_t)
-+corecmd_exec_shell(audisp_t)
- 
- domain_use_interactive_fds(audisp_t)
- 
+@@ -235,7 +237,11 @@
  files_read_etc_files(audisp_t)
-+files_read_etc_runtime_files(audisp_t)
+ files_read_etc_runtime_files(audisp_t)
  
 +mls_file_read_all_levels(audisp_t)
  mls_file_write_all_levels(audisp_t)
@@ -31417,30 +30510,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  
  logging_send_syslog_msg(audisp_t)
  
-@@ -240,6 +249,14 @@
- 
- sysnet_dns_name_resolve(audisp_t)
+@@ -245,6 +251,10 @@
  
-+optional_policy(`
-+	dbus_system_bus_client(audisp_t)
+ optional_policy(`
+ 	dbus_system_bus_client(audisp_t)
 +
 +	optional_policy(`
 +		setroubleshoot_dbus_chat(audisp_t)
 +	')
-+')
-+
- ########################################
- #
- # Audit remote logger local policy
-@@ -253,11 +270,16 @@
- corenet_tcp_sendrecv_generic_node(audisp_remote_t)
- corenet_tcp_connect_audit_port(audisp_remote_t)
- corenet_sendrecv_audit_client_packets(audisp_remote_t)
-+corenet_tcp_bind_audit_port(audisp_remote_t)
-+corenet_tcp_sendrecv_all_ports(audisp_remote_t)
-+corenet_tcp_bind_generic_node(audisp_remote_t)
+ ')
  
- files_read_etc_files(audisp_remote_t)
+ ########################################
+@@ -268,6 +278,8 @@
  
  logging_send_syslog_msg(audisp_remote_t)
  
@@ -31449,42 +30530,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  miscfiles_read_localization(audisp_remote_t)
  
  sysnet_dns_name_resolve(audisp_remote_t)
-@@ -332,13 +354,12 @@
- allow syslogd_t self:capability { dac_override sys_resource sys_tty_config net_admin sys_admin chown fsetid };
- dontaudit syslogd_t self:capability sys_tty_config;
- # setpgid for metalog
--# setrlimit for syslog-ng
--allow syslogd_t self:process { signal_perms setpgid setrlimit };
-+allow syslogd_t self:process { signal_perms setpgid };
- # receive messages to be logged
- allow syslogd_t self:unix_dgram_socket create_socket_perms;
- allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
- allow syslogd_t self:unix_dgram_socket sendto;
--allow syslogd_t self:fifo_file rw_file_perms;
-+allow syslogd_t self:fifo_file rw_fifo_file_perms;
- allow syslogd_t self:udp_socket create_socket_perms;
- allow syslogd_t self:tcp_socket create_stream_socket_perms;
- 
-@@ -462,10 +483,18 @@
- ')
- 
- optional_policy(`
-+	bind_search_cache(syslogd_t)
-+')
-+
-+optional_policy(`
- 	inn_manage_log(syslogd_t)
- ')
- 
- optional_policy(`
-+	mysql_stream_connect(syslogd_t)
-+')
-+
-+optional_policy(`
- 	postgresql_stream_connect(syslogd_t)
- ')
- 
-@@ -474,6 +503,10 @@
+@@ -491,6 +503,10 @@
  ')
  
  optional_policy(`
@@ -31495,9 +30541,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  	udev_read_db(syslogd_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.7.14/policy/modules/system/lvm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.7.15/policy/modules/system/lvm.fc
 --- nsaserefpolicy/policy/modules/system/lvm.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/lvm.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/lvm.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -28,6 +28,7 @@
  #
  /lib/lvm-10/.*		--	gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -31506,9 +30552,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
  
  #
  # /sbin
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.7.14/policy/modules/system/lvm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.7.15/policy/modules/system/lvm.if
 --- nsaserefpolicy/policy/modules/system/lvm.if	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/lvm.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/lvm.if	2010-03-18 10:44:43.000000000 -0400
 @@ -34,7 +34,7 @@
  		type lvm_exec_t;
  	')
@@ -31518,9 +30564,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if
  	can_exec($1, lvm_exec_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.7.14/policy/modules/system/lvm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.7.15/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/lvm.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/lvm.te	2010-03-18 10:44:43.000000000 -0400
 @@ -142,6 +142,11 @@
  ')
  
@@ -31580,9 +30626,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  	bootloader_rw_tmp_files(lvm_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.7.14/policy/modules/system/modutils.te
---- nsaserefpolicy/policy/modules/system/modutils.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/modutils.te	2010-03-12 09:30:01.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.7.15/policy/modules/system/modutils.te
+--- nsaserefpolicy/policy/modules/system/modutils.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/modutils.te	2010-03-18 10:44:43.000000000 -0400
 @@ -19,6 +19,7 @@
  type insmod_exec_t;
  application_domain(insmod_t, insmod_exec_t)
@@ -31631,15 +30677,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  # Rules for /proc/sys/kernel/tainted
  kernel_read_kernel_sysctls(insmod_t)
  kernel_rw_kernel_sysctl(insmod_t)
-@@ -136,7 +141,6 @@
- corecmd_exec_shell(insmod_t)
- 
- dev_rw_sysfs(insmod_t)
--dev_mount_usbfs(insmod_t)
- dev_search_usbfs(insmod_t)
- dev_rw_mtrr(insmod_t)
- dev_read_urand(insmod_t)
-@@ -144,6 +148,7 @@
+@@ -143,6 +148,7 @@
  dev_read_sound(insmod_t)
  dev_write_sound(insmod_t)
  dev_rw_apm_bios(insmod_t)
@@ -31647,11 +30685,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  
  domain_signal_all_domains(insmod_t)
  domain_use_interactive_fds(insmod_t)
-@@ -161,11 +166,15 @@
- files_write_kernel_modules(insmod_t)
+@@ -161,11 +167,14 @@
  
  fs_getattr_xattr_fs(insmod_t)
-+fs_dontaudit_use_tmpfs_chr_dev(insmod_t)
+ fs_dontaudit_use_tmpfs_chr_dev(insmod_t)
 +fs_mount_rpc_pipefs(insmod_t)
  
  init_rw_initctl(insmod_t)
@@ -31663,7 +30700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  
  logging_send_syslog_msg(insmod_t)
  logging_search_logs(insmod_t)
-@@ -174,10 +183,13 @@
+@@ -174,8 +183,7 @@
  
  seutil_read_file_contexts(insmod_t)
  
@@ -31672,25 +30709,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
 +term_use_all_terms(insmod_t)
  userdom_dontaudit_search_user_home_dirs(insmod_t)
  
-+optional_policy(`
-+	unconfined_domain(insmod_t)
-+')
-+
  if( ! secure_mode_insmod ) {
- 	kernel_domtrans_to(insmod_t, insmod_exec_t)
- }
-@@ -231,7 +243,7 @@
- ')
- 
- optional_policy(`
--	unconfined_domain(insmod_t)
-+	unconfined_dontaudit_rw_pipes(insmod_t)
- ')
- 
- optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.7.14/policy/modules/system/mount.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.7.15/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/mount.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/mount.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,4 +1,10 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -31703,9 +30725,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 -/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
 +/var/cache/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 +/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.14/policy/modules/system/mount.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.15/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/mount.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/mount.if	2010-03-18 10:44:43.000000000 -0400
 @@ -16,6 +16,14 @@
  	')
  
@@ -31879,9 +30901,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +    mount_domtrans_showmount($1)
 +    role $2 types showmount_t;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.7.14/policy/modules/system/mount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.7.15/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/mount.te	2010-03-16 17:04:35.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/mount.te	2010-03-18 10:44:43.000000000 -0400
 @@ -18,8 +18,15 @@
  init_system_domain(mount_t, mount_exec_t)
  role system_r types mount_t;
@@ -32159,9 +31181,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +sysnet_dns_name_resolve(showmount_t)
 +
 +userdom_use_user_terminals(showmount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.7.14/policy/modules/system/raid.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.7.15/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2010-03-12 09:24:22.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/raid.te	2010-03-12 09:33:39.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/raid.te	2010-03-18 10:44:43.000000000 -0400
 @@ -58,6 +58,7 @@
  
  files_read_etc_files(mdadm_t)
@@ -32170,9 +31192,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
  
  fs_search_auto_mountpoints(mdadm_t)
  fs_dontaudit_list_tmpfs(mdadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.7.14/policy/modules/system/selinuxutil.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.7.15/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/selinuxutil.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/selinuxutil.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -6,13 +6,13 @@
  /etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
  /etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
@@ -32212,9 +31234,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +
 +/etc/share/selinux/targeted(/.*)?	gen_context(system_u:object_r:semanage_store_t,s0)
 +/etc/share/selinux/mls(/.*)?		gen_context(system_u:object_r:semanage_store_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.14/policy/modules/system/selinuxutil.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.15/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/selinuxutil.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/selinuxutil.if	2010-03-18 10:44:43.000000000 -0400
 @@ -361,6 +361,27 @@
  
  ########################################
@@ -32591,9 +31613,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +	hotplug_use_fds($1)
 +')
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.14/policy/modules/system/selinuxutil.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.15/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/selinuxutil.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/selinuxutil.te	2010-03-18 10:44:43.000000000 -0400
 @@ -23,6 +23,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -32978,15 +32000,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 -	hotplug_use_fds(setfiles_t)
 +	unconfined_domain(setfiles_mac_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.7.14/policy/modules/system/sosreport.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.7.15/policy/modules/system/sosreport.fc
 --- nsaserefpolicy/policy/modules/system/sosreport.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/sosreport.fc	2010-03-15 14:03:14.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/sosreport.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,2 @@
 +
 +/usr/sbin/sosreport	--	gen_context(system_u:object_r:sosreport_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.7.14/policy/modules/system/sosreport.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.7.15/policy/modules/system/sosreport.if
 --- nsaserefpolicy/policy/modules/system/sosreport.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/sosreport.if	2010-03-15 14:03:14.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/sosreport.if	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,74 @@
 +
 +## <summary>policy for sosreport</summary>
@@ -33062,9 +32084,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
 +	ps_process_pattern($2, sosreport_t)
 +	allow $2 sosreport_t:process signal;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.7.14/policy/modules/system/sosreport.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.7.15/policy/modules/system/sosreport.te
 --- nsaserefpolicy/policy/modules/system/sosreport.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/sosreport.te	2010-03-15 14:03:14.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/sosreport.te	2010-03-18 10:44:43.000000000 -0400
 @@ -0,0 +1,129 @@
 +
 +policy_module(sosreport,1.0.0)
@@ -33195,9 +32217,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
 +	unconfined_domain_noaudit(sosreport_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.7.14/policy/modules/system/sysnetwork.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.7.15/policy/modules/system/sysnetwork.fc
 --- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/sysnetwork.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/sysnetwork.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -13,6 +13,9 @@
  /etc/dhcpd\.conf	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
  /etc/dhcp/dhcpd\.conf	--	gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -33231,9 +32253,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ')
 +
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.14/policy/modules/system/sysnetwork.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.15/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/sysnetwork.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/sysnetwork.if	2010-03-18 10:44:43.000000000 -0400
 @@ -43,6 +43,41 @@
  
  	sysnet_domtrans_dhcpc($1)
@@ -33437,9 +32459,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +
 +	role_transition $1 dhcpc_exec_t system_r;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.14/policy/modules/system/sysnetwork.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.15/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/sysnetwork.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/sysnetwork.te	2010-03-18 10:44:43.000000000 -0400
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t, dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -33652,17 +32674,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +	hal_dontaudit_rw_pipes(ifconfig_t)
 +	hal_dontaudit_rw_dgram_sockets(ifconfig_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.7.14/policy/modules/system/udev.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.7.15/policy/modules/system/udev.fc
 --- nsaserefpolicy/policy/modules/system/udev.fc	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/udev.fc	2010-03-12 14:18:08.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/udev.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -22,3 +22,4 @@
  /usr/bin/udevinfo --	gen_context(system_u:object_r:udev_exec_t,s0)
  
  /var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
 +/var/run/libgpod(/.*)?	        gen_context(system_u:object_r:udev_var_run_t,s0)    
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.7.14/policy/modules/system/udev.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.7.15/policy/modules/system/udev.if
 --- nsaserefpolicy/policy/modules/system/udev.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/udev.if	2010-03-16 15:36:01.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/udev.if	2010-03-18 10:44:43.000000000 -0400
 @@ -20,6 +20,24 @@
  
  ########################################
@@ -33696,9 +32718,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.14/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/udev.te	2010-03-13 09:50:22.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.15/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te	2010-03-18 06:48:09.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/udev.te	2010-03-18 10:44:43.000000000 -0400
 @@ -50,6 +50,7 @@
  allow udev_t self:unix_stream_socket connectto;
  allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -33707,15 +32729,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  
  allow udev_t udev_exec_t:file write;
  can_exec(udev_t, udev_exec_t)
-@@ -99,6 +100,7 @@
- # udev_node.c/node_symlink() symlink labels are explicitly
- # preserved, instead of short circuiting the relabel
- dev_relabel_generic_symlinks(udev_t)
-+dev_manage_generic_symlinks(udev_t)
- 
- domain_read_all_domains_state(udev_t)
- domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
-@@ -210,6 +212,10 @@
+@@ -211,6 +212,10 @@
  ')
  
  optional_policy(`
@@ -33726,24 +32740,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  	consoletype_exec(udev_t)
  ')
  
-@@ -236,6 +242,7 @@
- 
- optional_policy(`
- 	hal_dgram_send(udev_t)
-+	hal_dontaudit_rw_dgram_sockets(udev_t)
- ')
- 
- optional_policy(`
-@@ -263,7 +270,7 @@
- ')
- 
- optional_policy(`
--	unconfined_signal(udev_t)
-+	rpm_search_log(udev_t)
- ')
- 
- optional_policy(`
-@@ -271,6 +278,14 @@
+@@ -268,6 +273,10 @@
  ')
  
  optional_policy(`
@@ -33751,16 +32748,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
 +')
 +
 +optional_policy(`
-+	unconfined_signal(udev_t)
-+')
-+
-+optional_policy(`
- 	kernel_write_xen_state(udev_t)
- 	kernel_read_xen_state(udev_t)
- 	xen_manage_log(udev_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.7.14/policy/modules/system/unconfined.fc
+ 	unconfined_signal(udev_t)
+ ')
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.7.15/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/unconfined.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/unconfined.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,15 +1 @@
  # Add programs here which should not be confined by SELinux
 -# e.g.:
@@ -33777,9 +32770,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 -ifdef(`distro_gentoo',`
 -/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 -')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.14/policy/modules/system/unconfined.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.15/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/unconfined.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/unconfined.if	2010-03-18 10:44:43.000000000 -0400
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -34274,9 +33267,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 -
 -	allow $1 unconfined_t:dbus acquire_svc;
 -')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.7.14/policy/modules/system/unconfined.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.7.15/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/unconfined.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/unconfined.te	2010-03-18 10:44:43.000000000 -0400
 @@ -5,227 +5,5 @@
  #
  # Declarations
@@ -34506,9 +33499,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 -		hal_dbus_chat(unconfined_execmem_t)
 -	')
 -')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.7.14/policy/modules/system/userdomain.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.7.15/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/modules/system/userdomain.fc	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/userdomain.fc	2010-03-18 10:44:43.000000000 -0400
 @@ -1,4 +1,10 @@
  HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
 +HOME_DIR	-l	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -34521,9 +33514,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +HOME_DIR/\.cert(/.*)?	gen_context(system_u:object_r:home_cert_t,s0)
 +HOME_DIR/\.pki(/.*)?		gen_context(system_u:object_r:home_cert_t,s0)
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.14/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.15/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/userdomain.if	2010-03-15 09:50:07.000000000 -0400
++++ serefpolicy-3.7.15/policy/modules/system/userdomain.if	2010-03-18 10:44:43.000000000 -0400
 @@ -30,8 +30,9 @@
  	')
  
@@ -36683,9 +35676,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +
 +	allow $1 user_tmp_t:file delete_file_perms;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.7.14/policy/modules/system/userdomain.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.7.15/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/userdomain.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/userdomain.te	2010-03-18 10:44:43.000000000 -0400
 @@ -29,10 +29,10 @@
  
  ## <desc>
@@ -36760,9 +35753,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +')
 +
 +allow userdomain userdomain:process signull;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.7.14/policy/modules/system/xen.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.7.15/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/xen.if	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/xen.if	2010-03-18 10:44:43.000000000 -0400
 @@ -180,6 +180,25 @@
  
  ########################################
@@ -36799,9 +35792,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
 +	typeattribute $1 xm_transition_domain;
  	domtrans_pattern($1, xm_exec_t, xm_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.7.14/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.7.15/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/xen.te	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/modules/system/xen.te	2010-03-18 10:44:43.000000000 -0400
 @@ -5,6 +5,7 @@
  #
  # Declarations
@@ -36901,9 +35894,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
  	#Should have a boolean wrapping these
  	fs_list_auto_mountpoints(xend_t)
  	files_search_mnt(xend_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-3.7.14/policy/support/misc_patterns.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-3.7.15/policy/support/misc_patterns.spt
 --- nsaserefpolicy/policy/support/misc_patterns.spt	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.14/policy/support/misc_patterns.spt	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/support/misc_patterns.spt	2010-03-18 10:44:43.000000000 -0400
 @@ -15,7 +15,7 @@
  	domain_transition_pattern($1,$2,$3)
  
@@ -36922,9 +35915,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
  	allow $3 $1:process sigchld;
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.14/policy/support/obj_perm_sets.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.15/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2010-03-04 11:44:07.000000000 -0500
-+++ serefpolicy-3.7.14/policy/support/obj_perm_sets.spt	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/support/obj_perm_sets.spt	2010-03-18 10:44:43.000000000 -0400
 @@ -28,7 +28,7 @@
  #
  # All socket classes.
@@ -37015,9 +36008,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
 +define(`all_dbus_perms', `{ acquire_svc send_msg } ')
 +define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
 +define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.7.14/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.7.15/policy/users
 --- nsaserefpolicy/policy/users	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.14/policy/users	2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.15/policy/users	2010-03-18 10:44:43.000000000 -0400
 @@ -6,7 +6,7 @@
  #
  # gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])