From 155bd87c7f592272fdec89551ecdafbdad9f94c9 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Jul 02 2008 20:53:30 +0000
Subject: - Handle updated NetworkManager


---

diff --git a/policy-20070703.patch b/policy-20070703.patch
index 297dfaf..92c5d60 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -1050,6 +1050,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
 +	hal_use_fds(alsa_t)
 +	hal_write_log(alsa_t)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-3.0.8/policy/modules/admin/amanda.fc
+--- nsaserefpolicy/policy/modules/admin/amanda.fc	2008-06-12 23:37:55.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/amanda.fc	2008-06-22 06:34:09.000000000 -0400
+@@ -3,6 +3,7 @@
+ /etc/amanda/.*/tapelist(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
+ /etc/amandates				gen_context(system_u:object_r:amanda_amandates_t,s0)
+ /etc/dumpdates				gen_context(system_u:object_r:amanda_dumpdates_t,s0)
++/etc/amanda/.*/index(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
+ 
+ /root/restore			-d	gen_context(system_u:object_r:amanda_recover_dir_t,s0)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-3.0.8/policy/modules/admin/amanda.if
 --- nsaserefpolicy/policy/modules/admin/amanda.if	2008-06-12 23:37:55.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/admin/amanda.if	2008-06-12 23:37:59.000000000 -0400
@@ -5932,7 +5943,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.0.8/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2008-06-12 23:37:56.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.if	2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.if	2008-06-22 06:45:05.000000000 -0400
 @@ -271,45 +271,6 @@
  
  ########################################
@@ -6121,6 +6132,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ##	Search inotifyfs filesystem. 
  ## </summary>
  ## <param name="domain">
+@@ -1625,7 +1705,7 @@
+ 		type nfs_t;
+ 	')
+ 
+-	dontaudit $1 nfs_t:file { read write };
++	dontaudit $1 nfs_t:file rw_file_perms;
+ ')
+ 
+ ########################################
 @@ -2139,6 +2219,7 @@
  	rw_files_pattern($1,nfsd_fs_t,nfsd_fs_t)
  ')
@@ -8102,7 +8122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 +/var/named/chroot/var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.0.8/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/bind.te	2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/bind.te	2008-06-22 07:35:58.000000000 -0400
 @@ -66,7 +66,6 @@
  allow named_t self:unix_dgram_socket create_socket_perms;
  allow named_t self:tcp_socket create_stream_socket_perms;
@@ -8120,7 +8140,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  corenet_all_recvfrom_unlabeled(named_t)
  corenet_all_recvfrom_netlabel(named_t)
  corenet_tcp_sendrecv_all_if(named_t)
-@@ -119,15 +120,11 @@
+@@ -112,22 +113,18 @@
+ corenet_tcp_bind_all_nodes(named_t)
+ corenet_udp_bind_all_nodes(named_t)
+ corenet_tcp_bind_dns_port(named_t)
+-corenet_udp_bind_dns_port(named_t)
++corenet_udp_bind_all_ports(named_t)
+ corenet_tcp_bind_rndc_port(named_t)
+ corenet_tcp_connect_all_ports(named_t)
+ corenet_sendrecv_dns_server_packets(named_t)
  corenet_sendrecv_dns_client_packets(named_t)
  corenet_sendrecv_rndc_server_packets(named_t)
  corenet_sendrecv_rndc_client_packets(named_t)
@@ -8693,7 +8721,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.0.8/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cron.if	2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/cron.if	2008-07-02 15:53:34.000000000 -0400
 @@ -35,6 +35,7 @@
  #
  template(`cron_per_role_template',`
@@ -8849,6 +8877,29 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  ##	Read, and write cron daemon TCP sockets.
  ## </summary>
  ## <param name="domain">
+@@ -583,3 +586,22 @@
+ 
+ 	dontaudit $1 system_crond_tmp_t:file append;
+ ')
++
++########################################
++## <summary>
++##	Read temporary files from the system cron jobs.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`cron_read_system_job_lib_files',`
++	gen_require(`
++		type system_crond_var_lib_t;
++	')
++
++
++	read_files_pattern($1, system_crond_var_lib_t,  system_crond_var_lib_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.0.8/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2008-06-12 23:37:57.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/cron.te	2008-06-12 23:37:58.000000000 -0400
@@ -12735,7 +12786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2008-07-02 15:53:02.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(networkmanager,1.7.1)
@@ -12762,10 +12813,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  # networkmanager will ptrace itself if gdb is installed
  # and it receives a unexpected signal (rh bug #204161) 
 -allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
-+allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
++allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
  dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
 -allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms };
-+allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched signal_perms };
++allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
  allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
  allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
  allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
@@ -12796,8 +12847,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  mls_file_read_all_levels(NetworkManager_t)
  
-@@ -84,8 +97,11 @@
+@@ -82,10 +95,16 @@
+ files_read_etc_files(NetworkManager_t)
+ files_read_etc_runtime_files(NetworkManager_t)
  files_read_usr_files(NetworkManager_t)
++files_list_tmp(NetworkManager_t)
++
++storage_getattr_fixed_disk_dev(NetworkManager_t)
  
  init_read_utmp(NetworkManager_t)
 +init_dontaudit_write_utmp(NetworkManager_t)
@@ -12808,15 +12864,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  libs_use_ld_so(NetworkManager_t)
  libs_use_shared_libs(NetworkManager_t)
  
-@@ -113,6 +129,7 @@
+@@ -113,6 +132,9 @@
  userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
  # Read gnome-keyring
  userdom_read_unpriv_users_home_content_files(NetworkManager_t)
 +userdom_unpriv_users_stream_connect(NetworkManager_t)
++
++cron_read_system_job_lib_files(NetworkManager_t)
  
  optional_policy(`
  	bind_domtrans(NetworkManager_t)
-@@ -129,28 +146,22 @@
+@@ -129,28 +151,22 @@
  ')
  
  optional_policy(`
@@ -12851,7 +12909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -162,19 +173,20 @@
+@@ -162,19 +178,20 @@
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
@@ -18719,7 +18777,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2008-06-22 06:46:13.000000000 -0400
 @@ -26,7 +26,8 @@
  	type $1_chkpwd_t, can_read_shadow_passwords;
  	application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -19178,7 +19236,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-06-22 06:47:13.000000000 -0400
+@@ -1,4 +1,4 @@
+-
++	
+ policy_module(authlogin,1.7.1)
+ 
+ ########################################
 @@ -9,6 +9,13 @@
  attribute can_read_shadow_passwords;
  attribute can_write_shadow_passwords;
@@ -19214,7 +19278,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ########################################
  #
  # PAM local policy
-@@ -94,36 +108,38 @@
+@@ -94,36 +108,39 @@
  allow pam_t pam_tmp_t:file manage_file_perms;
  files_tmp_filetrans(pam_t, pam_tmp_t, { file dir })
  
@@ -19247,6 +19311,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +userdom_dontaudit_write_user_home_content_files(user, pam_t)
 +userdom_append_unpriv_users_home_content_files(pam_t)
 +userdom_dontaudit_read_user_tmp_files(user, pam_t)
++userdom_dontaudit_write_user_home_content_files(unconfined, pam_t)
  
  optional_policy(`
  	locallogin_use_fds(pam_t)
@@ -19263,7 +19328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ########################################
  #
  # PAM console local policy
-@@ -149,6 +165,8 @@
+@@ -149,6 +166,8 @@
  dev_setattr_apm_bios_dev(pam_console_t)
  dev_getattr_dri_dev(pam_console_t)
  dev_setattr_dri_dev(pam_console_t)
@@ -19272,7 +19337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  dev_getattr_framebuffer_dev(pam_console_t)
  dev_setattr_framebuffer_dev(pam_console_t)
  dev_getattr_generic_usb_dev(pam_console_t)
-@@ -159,6 +177,8 @@
+@@ -159,6 +178,8 @@
  dev_setattr_mouse_dev(pam_console_t)
  dev_getattr_power_mgmt_dev(pam_console_t)
  dev_setattr_power_mgmt_dev(pam_console_t)
@@ -19281,7 +19346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  dev_getattr_scanner_dev(pam_console_t)
  dev_setattr_scanner_dev(pam_console_t)
  dev_getattr_sound_dev(pam_console_t)
-@@ -168,6 +188,8 @@
+@@ -168,6 +189,8 @@
  dev_getattr_xserver_misc_dev(pam_console_t)
  dev_setattr_xserver_misc_dev(pam_console_t)
  dev_read_urand(pam_console_t)
@@ -19290,7 +19355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  mls_file_read_all_levels(pam_console_t)
  mls_file_write_all_levels(pam_console_t)
-@@ -200,6 +222,7 @@
+@@ -200,6 +223,7 @@
  
  fs_list_auto_mountpoints(pam_console_t)
  fs_list_noxattr_fs(pam_console_t)
@@ -19298,7 +19363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  init_use_fds(pam_console_t)
  init_use_script_ptys(pam_console_t)
-@@ -236,7 +259,7 @@
+@@ -236,7 +260,7 @@
  
  optional_policy(`
  	xserver_read_xdm_pid(pam_console_t)
@@ -19307,7 +19372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
  
  ########################################
-@@ -256,6 +279,7 @@
+@@ -256,6 +280,7 @@
  userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t)
  userdom_dontaudit_use_unpriv_users_ptys(system_chkpwd_t)
  userdom_dontaudit_use_sysadm_terms(system_chkpwd_t)
@@ -19315,7 +19380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  ########################################
  #
-@@ -302,3 +326,31 @@
+@@ -302,3 +327,31 @@
  	xserver_use_xdm_fds(utempter_t)
  	xserver_rw_xdm_pipes(utempter_t)
  ')
@@ -23379,7 +23444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2008-06-27 07:07:05.000000000 -0400
 @@ -29,8 +29,9 @@
  	')
  
@@ -24684,7 +24749,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -4895,7 +5111,7 @@
+@@ -4670,6 +4886,8 @@
+ 	')
+ 
+ 	dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
++	fs_dontaudit_list_nfs($1)
++	fs_dontaudit_list_cifs($1)
+ ')
+ 
+ ########################################
+@@ -4895,7 +5113,7 @@
  		type user_home_dir_t, user_home_t;
  	')
  
@@ -24693,7 +24767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	filetrans_pattern($1,user_home_dir_t,user_home_t,$2)
  ')
  
-@@ -4933,7 +5149,7 @@
+@@ -4933,7 +5151,7 @@
  		type user_home_dir_t;
  	')
  
@@ -24702,7 +24776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow $1 user_home_dir_t:dir manage_dir_perms;
  ')
  
-@@ -4954,7 +5170,7 @@
+@@ -4954,7 +5172,7 @@
  		type user_home_t;
  	')
  
@@ -24711,7 +24785,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	manage_dirs_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
  ')
  
-@@ -4973,7 +5189,7 @@
+@@ -4973,7 +5191,7 @@
  		type staff_home_dir_t;
  	')
  
@@ -24720,7 +24794,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow $1 user_home_dir_t:dir relabelto;
  ')
  
-@@ -4992,7 +5208,7 @@
+@@ -4992,7 +5210,7 @@
  		type user_home_t, user_home_dir_t;
  	')
  
@@ -24729,7 +24803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow $1 user_home_t:dir list_dir_perms;
  	read_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
  ')
-@@ -5013,7 +5229,7 @@
+@@ -5013,7 +5231,7 @@
  		type user_home_t;
  	')
  
@@ -24738,7 +24812,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow $1 user_home_t:file execute;
  ')
  
-@@ -5033,7 +5249,7 @@
+@@ -5033,7 +5251,7 @@
  		type user_home_dir_t, user_home_t;
  	')
  
@@ -24747,7 +24821,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	manage_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
  ')
  
-@@ -5072,7 +5288,7 @@
+@@ -5072,7 +5290,7 @@
  		type user_home_t;
  	')
  
@@ -24756,7 +24830,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	manage_lnk_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
  ')
  
-@@ -5092,7 +5308,7 @@
+@@ -5092,7 +5310,7 @@
  		type user_home_t;
  	')
  
@@ -24765,7 +24839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	manage_fifo_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
  ')
  
-@@ -5112,7 +5328,7 @@
+@@ -5112,7 +5330,7 @@
  		type user_home_t;
  	')
  
@@ -24774,7 +24848,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	manage_sock_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
  ')
  
-@@ -5131,7 +5347,7 @@
+@@ -5131,7 +5349,7 @@
  		attribute user_home_dir_type;
  	')
  
@@ -24783,7 +24857,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow $1 user_home_dir_type:dir search_dir_perms;
  ')
  
-@@ -5151,7 +5367,7 @@
+@@ -5151,7 +5369,7 @@
  		attribute user_home_dir_type, user_home_type;
  	')
  
@@ -24792,7 +24866,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow $1 user_home_type:dir list_dir_perms;
  	read_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
  	read_lnk_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
-@@ -5173,7 +5389,7 @@
+@@ -5173,7 +5391,7 @@
  		attribute user_home_dir_type, user_home_type;
  	')
  
@@ -24801,7 +24875,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	manage_dirs_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
  ')
  
-@@ -5193,7 +5409,7 @@
+@@ -5193,7 +5411,7 @@
  		attribute user_home_dir_type, user_home_type;
  	')
  
@@ -24810,7 +24884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	manage_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
  ')
  
-@@ -5323,7 +5539,7 @@
+@@ -5323,7 +5541,7 @@
  		attribute user_tmpfile;
  	')
  
@@ -24819,7 +24893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -5346,6 +5562,25 @@
+@@ -5346,6 +5564,25 @@
  
  ########################################
  ## <summary>
@@ -24845,7 +24919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Write all unprivileged users files in /tmp
  ## </summary>
  ## <param name="domain">
-@@ -5529,6 +5764,24 @@
+@@ -5529,6 +5766,24 @@
  
  ########################################
  ## <summary>
@@ -24870,7 +24944,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5559,3 +5812,420 @@
+@@ -5559,3 +5814,420 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4c2a7ca..7b08ad7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 109%{?dist}
+Release: 111%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,12 @@ exit 0
 %endif
 
 %changelog
+* Wed Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-111
+- Handle updated NetworkManager
+
+* Mon Jun 18 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-110
+- Add cxoffice homedir context
+
 * Thu May 29 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-109
 - Remove extra context for dbus