From 9156dc33a7080fe77896ac857f94bc28735cc464 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Feb 13 2009 13:04:08 +0000
Subject: - Fix mysql policy

- Fix qemu policy
- Fix nfs_selinux man page
- Do transitions outside of the booleans
- Add ftpd_connect_db boolean

---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index f22524b..e9a1dde 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -1,12 +1,12 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.3.1/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/failsafe_context	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/failsafe_context	2009-02-12 22:21:56.000000000 +0100
 @@ -1 +1 @@
 -sysadm_r:sysadm_t:s0
 +system_r:unconfined_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/guest_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/guest_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,6 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -16,7 +16,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u
 +guest_r:guest_t:s0		guest_r:guest_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/root_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/root_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -1,11 +1,7 @@
  system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
  system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -32,7 +32,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_de
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/staff_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/staff_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -5,6 +5,8 @@
  system_r:xdm_t:s0		staff_r:staff_t:s0
  staff_r:staff_su_t:s0		staff_r:staff_t:s0
@@ -44,7 +44,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/unconfined_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/unconfined_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/unconfined_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,11 @@
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0
 +system_r:initrc_t:s0		unconfined_r:unconfined_t:s0
@@ -59,13 +59,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfi
 +system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.3.1/config/appconfig-mcs/userhelper_context
 --- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/userhelper_context	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/userhelper_context	2009-02-12 22:21:56.000000000 +0100
 @@ -1 +1 @@
 -system_u:sysadm_r:sysadm_t:s0
 +system_u:system_r:unconfined_t:s0	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/user_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/user_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -5,4 +5,5 @@
  system_r:xdm_t:s0		user_r:user_t:s0
  user_r:user_su_t:s0		user_r:user_t:s0
@@ -75,7 +75,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_
 +user_r:user_t:s0		user_r:user_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/x_contexts serefpolicy-3.3.1/config/appconfig-mcs/x_contexts
 --- nsaserefpolicy/config/appconfig-mcs/x_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/x_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/x_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,188 @@
 +#
 +# Config file for XSELinux extension
@@ -267,7 +267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/x_conte
 +event *					system_u:object_r:default_xevent_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/xguest_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/xguest_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -278,7 +278,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.3.1/config/appconfig-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mls/guest_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mls/guest_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -286,7 +286,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u
 +system_r:crond_t:s0		guest_r:guest_crond_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/x_contexts serefpolicy-3.3.1/config/appconfig-mls/x_contexts
 --- nsaserefpolicy/config/appconfig-mls/x_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mls/x_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mls/x_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,188 @@
 +#
 +# Config file for XSELinux extension
@@ -478,7 +478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/x_conte
 +event *					system_u:object_r:default_xevent_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.3.1/config/appconfig-standard/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/guest_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/guest_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,4 @@
 +system_r:local_login_t	guest_r:guest_t
 +system_r:remote_login_t	guest_r:guest_t
@@ -486,7 +486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/gu
 +system_r:crond_t	guest_r:guest_crond_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.3.1/config/appconfig-standard/root_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/root_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/root_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/root_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -1,11 +1,7 @@
  system_r:crond_t	unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
  system_r:local_login_t  unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -502,7 +502,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/ro
 +system_r:sshd_t	unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/x_contexts serefpolicy-3.3.1/config/appconfig-standard/x_contexts
 --- nsaserefpolicy/config/appconfig-standard/x_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/x_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/x_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,188 @@
 +#
 +# Config file for XSELinux extension
@@ -694,7 +694,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/x_
 +event *					system_u:object_r:default_xevent_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.3.1/config/appconfig-standard/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/xguest_u_default_contexts	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/xguest_u_default_contexts	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,5 @@
 +system_r:local_login_t	xguest_r:xguest_t
 +system_r:remote_login_t	xguest_r:xguest_t
@@ -703,7 +703,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xg
 +system_r:xdm_t		xguest_r:xguest_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/global_booleans.xml serefpolicy-3.3.1/doc/global_booleans.xml
 --- nsaserefpolicy/doc/global_booleans.xml	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/global_booleans.xml	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/global_booleans.xml	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,25 @@
 +<bool name="secure_mode" dftval="false">
 +<desc>
@@ -732,7 +732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/global_booleans.xml sere
 +</bool>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/global_tunables.xml serefpolicy-3.3.1/doc/global_tunables.xml
 --- nsaserefpolicy/doc/global_tunables.xml	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/global_tunables.xml	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/global_tunables.xml	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,124 @@
 +<tunable name="allow_execheap" dftval="false">
 +<desc>
@@ -860,7 +860,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/global_tunables.xml sere
 +</tunable>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_acct.html serefpolicy-3.3.1/doc/html/admin_acct.html
 --- nsaserefpolicy/doc/html/admin_acct.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_acct.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_acct.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,376 @@
 +<html>
 +<head>
@@ -1240,7 +1240,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_acct.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_alsa.html serefpolicy-3.3.1/doc/html/admin_alsa.html
 --- nsaserefpolicy/doc/html/admin_alsa.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_alsa.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_alsa.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,418 @@
 +<html>
 +<head>
@@ -1662,7 +1662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_alsa.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_amanda.html serefpolicy-3.3.1/doc/html/admin_amanda.html
 --- nsaserefpolicy/doc/html/admin_amanda.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_amanda.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_amanda.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,581 @@
 +<html>
 +<head>
@@ -2247,7 +2247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_amanda.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_amtu.html serefpolicy-3.3.1/doc/html/admin_amtu.html
 --- nsaserefpolicy/doc/html/admin_amtu.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_amtu.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_amtu.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,329 @@
 +<html>
 +<head>
@@ -2580,7 +2580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_amtu.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_anaconda.html serefpolicy-3.3.1/doc/html/admin_anaconda.html
 --- nsaserefpolicy/doc/html/admin_anaconda.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_anaconda.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_anaconda.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,202 @@
 +<html>
 +<head>
@@ -2786,7 +2786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_anaconda.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_apt.html serefpolicy-3.3.1/doc/html/admin_apt.html
 --- nsaserefpolicy/doc/html/admin_apt.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_apt.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_apt.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,581 @@
 +<html>
 +<head>
@@ -3371,7 +3371,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_apt.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_backup.html serefpolicy-3.3.1/doc/html/admin_backup.html
 --- nsaserefpolicy/doc/html/admin_backup.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_backup.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_backup.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,329 @@
 +<html>
 +<head>
@@ -3704,7 +3704,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_backup.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_bootloader.html serefpolicy-3.3.1/doc/html/admin_bootloader.html
 --- nsaserefpolicy/doc/html/admin_bootloader.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_bootloader.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_bootloader.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,500 @@
 +<html>
 +<head>
@@ -4208,7 +4208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_bootloader.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_brctl.html serefpolicy-3.3.1/doc/html/admin_brctl.html
 --- nsaserefpolicy/doc/html/admin_brctl.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_brctl.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_brctl.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,250 @@
 +<html>
 +<head>
@@ -4462,7 +4462,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_brctl.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_certwatch.html serefpolicy-3.3.1/doc/html/admin_certwatch.html
 --- nsaserefpolicy/doc/html/admin_certwatch.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_certwatch.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_certwatch.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,412 @@
 +<html>
 +<head>
@@ -4878,7 +4878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_certwatch.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_consoletype.html serefpolicy-3.3.1/doc/html/admin_consoletype.html
 --- nsaserefpolicy/doc/html/admin_consoletype.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_consoletype.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_consoletype.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,373 @@
 +<html>
 +<head>
@@ -5255,7 +5255,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_consoletype.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_ddcprobe.html serefpolicy-3.3.1/doc/html/admin_ddcprobe.html
 --- nsaserefpolicy/doc/html/admin_ddcprobe.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_ddcprobe.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_ddcprobe.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,329 @@
 +<html>
 +<head>
@@ -5588,7 +5588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_ddcprobe.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_dmesg.html serefpolicy-3.3.1/doc/html/admin_dmesg.html
 --- nsaserefpolicy/doc/html/admin_dmesg.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_dmesg.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_dmesg.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,292 @@
 +<html>
 +<head>
@@ -5884,7 +5884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_dmesg.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_dmidecode.html serefpolicy-3.3.1/doc/html/admin_dmidecode.html
 --- nsaserefpolicy/doc/html/admin_dmidecode.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_dmidecode.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_dmidecode.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,329 @@
 +<html>
 +<head>
@@ -6217,7 +6217,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_dmidecode.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_dpkg.html serefpolicy-3.3.1/doc/html/admin_dpkg.html
 --- nsaserefpolicy/doc/html/admin_dpkg.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_dpkg.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_dpkg.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -6928,7 +6928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_dpkg.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_firstboot.html serefpolicy-3.3.1/doc/html/admin_firstboot.html
 --- nsaserefpolicy/doc/html/admin_firstboot.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_firstboot.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_firstboot.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,543 @@
 +<html>
 +<head>
@@ -7475,7 +7475,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_firstboot.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin.html serefpolicy-3.3.1/doc/html/admin.html
 --- nsaserefpolicy/doc/html/admin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,411 @@
 +<html>
 +<head>
@@ -7890,7 +7890,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin.html serefpol
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_kismet.html serefpolicy-3.3.1/doc/html/admin_kismet.html
 --- nsaserefpolicy/doc/html/admin_kismet.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_kismet.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_kismet.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,751 @@
 +<html>
 +<head>
@@ -8645,7 +8645,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_kismet.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_kudzu.html serefpolicy-3.3.1/doc/html/admin_kudzu.html
 --- nsaserefpolicy/doc/html/admin_kudzu.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_kudzu.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_kudzu.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,371 @@
 +<html>
 +<head>
@@ -9020,7 +9020,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_kudzu.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_logrotate.html serefpolicy-3.3.1/doc/html/admin_logrotate.html
 --- nsaserefpolicy/doc/html/admin_logrotate.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_logrotate.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_logrotate.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,497 @@
 +<html>
 +<head>
@@ -9521,7 +9521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_logrotate.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_logwatch.html serefpolicy-3.3.1/doc/html/admin_logwatch.html
 --- nsaserefpolicy/doc/html/admin_logwatch.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_logwatch.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_logwatch.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,292 @@
 +<html>
 +<head>
@@ -9817,7 +9817,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_logwatch.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_mrtg.html serefpolicy-3.3.1/doc/html/admin_mrtg.html
 --- nsaserefpolicy/doc/html/admin_mrtg.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_mrtg.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_mrtg.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,250 @@
 +<html>
 +<head>
@@ -10071,7 +10071,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_mrtg.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_netutils.html serefpolicy-3.3.1/doc/html/admin_netutils.html
 --- nsaserefpolicy/doc/html/admin_netutils.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_netutils.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_netutils.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1005 @@
 +<html>
 +<head>
@@ -11080,7 +11080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_netutils.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_portage.html serefpolicy-3.3.1/doc/html/admin_portage.html
 --- nsaserefpolicy/doc/html/admin_portage.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_portage.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_portage.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,587 @@
 +<html>
 +<head>
@@ -11671,7 +11671,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_portage.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_prelink.html serefpolicy-3.3.1/doc/html/admin_prelink.html
 --- nsaserefpolicy/doc/html/admin_prelink.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_prelink.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_prelink.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,497 @@
 +<html>
 +<head>
@@ -12172,7 +12172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_prelink.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_quota.html serefpolicy-3.3.1/doc/html/admin_quota.html
 --- nsaserefpolicy/doc/html/admin_quota.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_quota.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_quota.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,415 @@
 +<html>
 +<head>
@@ -12591,7 +12591,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_quota.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_readahead.html serefpolicy-3.3.1/doc/html/admin_readahead.html
 --- nsaserefpolicy/doc/html/admin_readahead.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_readahead.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_readahead.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,202 @@
 +<html>
 +<head>
@@ -12797,7 +12797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_readahead.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_rpm.html serefpolicy-3.3.1/doc/html/admin_rpm.html
 --- nsaserefpolicy/doc/html/admin_rpm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_rpm.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_rpm.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1365 @@
 +<html>
 +<head>
@@ -14166,7 +14166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_rpm.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_sudo.html serefpolicy-3.3.1/doc/html/admin_sudo.html
 --- nsaserefpolicy/doc/html/admin_sudo.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_sudo.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_sudo.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,301 @@
 +<html>
 +<head>
@@ -14471,7 +14471,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_sudo.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_su.html serefpolicy-3.3.1/doc/html/admin_su.html
 --- nsaserefpolicy/doc/html/admin_su.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_su.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_su.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,439 @@
 +<html>
 +<head>
@@ -14914,7 +14914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_su.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_sxid.html serefpolicy-3.3.1/doc/html/admin_sxid.html
 --- nsaserefpolicy/doc/html/admin_sxid.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_sxid.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_sxid.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,251 @@
 +<html>
 +<head>
@@ -15169,7 +15169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_sxid.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_tmpreaper.html serefpolicy-3.3.1/doc/html/admin_tmpreaper.html
 --- nsaserefpolicy/doc/html/admin_tmpreaper.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_tmpreaper.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_tmpreaper.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,250 @@
 +<html>
 +<head>
@@ -15423,7 +15423,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_tmpreaper.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_tripwire.html serefpolicy-3.3.1/doc/html/admin_tripwire.html
 --- nsaserefpolicy/doc/html/admin_tripwire.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_tripwire.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_tripwire.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,704 @@
 +<html>
 +<head>
@@ -16131,7 +16131,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_tripwire.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_tzdata.html serefpolicy-3.3.1/doc/html/admin_tzdata.html
 --- nsaserefpolicy/doc/html/admin_tzdata.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_tzdata.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_tzdata.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,328 @@
 +<html>
 +<head>
@@ -16463,7 +16463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_tzdata.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_updfstab.html serefpolicy-3.3.1/doc/html/admin_updfstab.html
 --- nsaserefpolicy/doc/html/admin_updfstab.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_updfstab.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_updfstab.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,250 @@
 +<html>
 +<head>
@@ -16717,7 +16717,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_updfstab.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_usbmodules.html serefpolicy-3.3.1/doc/html/admin_usbmodules.html
 --- nsaserefpolicy/doc/html/admin_usbmodules.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_usbmodules.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_usbmodules.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,330 @@
 +<html>
 +<head>
@@ -17051,7 +17051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_usbmodules.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_usermanage.html serefpolicy-3.3.1/doc/html/admin_usermanage.html
 --- nsaserefpolicy/doc/html/admin_usermanage.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_usermanage.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_usermanage.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,899 @@
 +<html>
 +<head>
@@ -17954,7 +17954,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_usermanage.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_vbetool.html serefpolicy-3.3.1/doc/html/admin_vbetool.html
 --- nsaserefpolicy/doc/html/admin_vbetool.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_vbetool.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_vbetool.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,250 @@
 +<html>
 +<head>
@@ -18208,7 +18208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_vbetool.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_vpn.html serefpolicy-3.3.1/doc/html/admin_vpn.html
 --- nsaserefpolicy/doc/html/admin_vpn.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/admin_vpn.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/admin_vpn.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,498 @@
 +<html>
 +<head>
@@ -18710,7 +18710,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/admin_vpn.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_ada.html serefpolicy-3.3.1/doc/html/apps_ada.html
 --- nsaserefpolicy/doc/html/apps_ada.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_ada.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_ada.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,314 @@
 +<html>
 +<head>
@@ -19028,7 +19028,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_ada.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_authbind.html serefpolicy-3.3.1/doc/html/apps_authbind.html
 --- nsaserefpolicy/doc/html/apps_authbind.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_authbind.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_authbind.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,235 @@
 +<html>
 +<head>
@@ -19267,7 +19267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_authbind.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_awstats.html serefpolicy-3.3.1/doc/html/apps_awstats.html
 --- nsaserefpolicy/doc/html/apps_awstats.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_awstats.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_awstats.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,280 @@
 +<html>
 +<head>
@@ -19551,7 +19551,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_awstats.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_calamaris.html serefpolicy-3.3.1/doc/html/apps_calamaris.html
 --- nsaserefpolicy/doc/html/apps_calamaris.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_calamaris.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_calamaris.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,235 @@
 +<html>
 +<head>
@@ -19790,7 +19790,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_calamaris.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_cdrecord.html serefpolicy-3.3.1/doc/html/apps_cdrecord.html
 --- nsaserefpolicy/doc/html/apps_cdrecord.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_cdrecord.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_cdrecord.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,311 @@
 +<html>
 +<head>
@@ -20105,7 +20105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_cdrecord.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_ethereal.html serefpolicy-3.3.1/doc/html/apps_ethereal.html
 --- nsaserefpolicy/doc/html/apps_ethereal.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_ethereal.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_ethereal.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,555 @@
 +<html>
 +<head>
@@ -20664,7 +20664,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_ethereal.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_evolution.html serefpolicy-3.3.1/doc/html/apps_evolution.html
 --- nsaserefpolicy/doc/html/apps_evolution.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_evolution.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_evolution.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,540 @@
 +<html>
 +<head>
@@ -21208,7 +21208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_evolution.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_games.html serefpolicy-3.3.1/doc/html/apps_games.html
 --- nsaserefpolicy/doc/html/apps_games.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_games.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_games.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,336 @@
 +<html>
 +<head>
@@ -21548,7 +21548,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_games.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_gift.html serefpolicy-3.3.1/doc/html/apps_gift.html
 --- nsaserefpolicy/doc/html/apps_gift.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_gift.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_gift.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,285 @@
 +<html>
 +<head>
@@ -21837,7 +21837,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_gift.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_gnome.html serefpolicy-3.3.1/doc/html/apps_gnome.html
 --- nsaserefpolicy/doc/html/apps_gnome.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_gnome.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_gnome.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,725 @@
 +<html>
 +<head>
@@ -22566,7 +22566,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_gnome.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_gpg.html serefpolicy-3.3.1/doc/html/apps_gpg.html
 --- nsaserefpolicy/doc/html/apps_gpg.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_gpg.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_gpg.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,428 @@
 +<html>
 +<head>
@@ -22998,7 +22998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_gpg.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps.html serefpolicy-3.3.1/doc/html/apps.html
 --- nsaserefpolicy/doc/html/apps.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,364 @@
 +<html>
 +<head>
@@ -23366,7 +23366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps.html serefpoli
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_irc.html serefpolicy-3.3.1/doc/html/apps_irc.html
 --- nsaserefpolicy/doc/html/apps_irc.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_irc.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_irc.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,285 @@
 +<html>
 +<head>
@@ -23655,7 +23655,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_irc.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_java.html serefpolicy-3.3.1/doc/html/apps_java.html
 --- nsaserefpolicy/doc/html/apps_java.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_java.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_java.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,685 @@
 +<html>
 +<head>
@@ -24344,7 +24344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_java.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_livecd.html serefpolicy-3.3.1/doc/html/apps_livecd.html
 --- nsaserefpolicy/doc/html/apps_livecd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_livecd.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_livecd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,314 @@
 +<html>
 +<head>
@@ -24662,7 +24662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_livecd.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_loadkeys.html serefpolicy-3.3.1/doc/html/apps_loadkeys.html
 --- nsaserefpolicy/doc/html/apps_loadkeys.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_loadkeys.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_loadkeys.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,355 @@
 +<html>
 +<head>
@@ -25021,7 +25021,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_loadkeys.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_lockdev.html serefpolicy-3.3.1/doc/html/apps_lockdev.html
 --- nsaserefpolicy/doc/html/apps_lockdev.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_lockdev.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_lockdev.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,286 @@
 +<html>
 +<head>
@@ -25311,7 +25311,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_lockdev.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_mono.html serefpolicy-3.3.1/doc/html/apps_mono.html
 --- nsaserefpolicy/doc/html/apps_mono.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_mono.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_mono.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,493 @@
 +<html>
 +<head>
@@ -25808,7 +25808,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_mono.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_mozilla.html serefpolicy-3.3.1/doc/html/apps_mozilla.html
 --- nsaserefpolicy/doc/html/apps_mozilla.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_mozilla.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_mozilla.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,708 @@
 +<html>
 +<head>
@@ -26520,7 +26520,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_mozilla.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_mplayer.html serefpolicy-3.3.1/doc/html/apps_mplayer.html
 --- nsaserefpolicy/doc/html/apps_mplayer.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_mplayer.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_mplayer.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,503 @@
 +<html>
 +<head>
@@ -27027,7 +27027,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_mplayer.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_nsplugin.html serefpolicy-3.3.1/doc/html/apps_nsplugin.html
 --- nsaserefpolicy/doc/html/apps_nsplugin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_nsplugin.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_nsplugin.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,941 @@
 +<html>
 +<head>
@@ -27972,7 +27972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_nsplugin.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_openoffice.html serefpolicy-3.3.1/doc/html/apps_openoffice.html
 --- nsaserefpolicy/doc/html/apps_openoffice.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_openoffice.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_openoffice.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,380 @@
 +<html>
 +<head>
@@ -28356,7 +28356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_openoffice.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_rssh.html serefpolicy-3.3.1/doc/html/apps_rssh.html
 --- nsaserefpolicy/doc/html/apps_rssh.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_rssh.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_rssh.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,342 @@
 +<html>
 +<head>
@@ -28702,7 +28702,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_rssh.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_screen.html serefpolicy-3.3.1/doc/html/apps_screen.html
 --- nsaserefpolicy/doc/html/apps_screen.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_screen.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_screen.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,285 @@
 +<html>
 +<head>
@@ -28991,7 +28991,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_screen.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_slocate.html serefpolicy-3.3.1/doc/html/apps_slocate.html
 --- nsaserefpolicy/doc/html/apps_slocate.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_slocate.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_slocate.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,277 @@
 +<html>
 +<head>
@@ -29272,7 +29272,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_slocate.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_thunderbird.html serefpolicy-3.3.1/doc/html/apps_thunderbird.html
 --- nsaserefpolicy/doc/html/apps_thunderbird.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_thunderbird.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_thunderbird.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,357 @@
 +<html>
 +<head>
@@ -29633,7 +29633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_thunderbird.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_tvtime.html serefpolicy-3.3.1/doc/html/apps_tvtime.html
 --- nsaserefpolicy/doc/html/apps_tvtime.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_tvtime.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_tvtime.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,285 @@
 +<html>
 +<head>
@@ -29922,7 +29922,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_tvtime.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_uml.html serefpolicy-3.3.1/doc/html/apps_uml.html
 --- nsaserefpolicy/doc/html/apps_uml.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_uml.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_uml.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,377 @@
 +<html>
 +<head>
@@ -30303,7 +30303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_uml.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_userhelper.html serefpolicy-3.3.1/doc/html/apps_userhelper.html
 --- nsaserefpolicy/doc/html/apps_userhelper.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_userhelper.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_userhelper.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,480 @@
 +<html>
 +<head>
@@ -30787,7 +30787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_userhelper.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_usernetctl.html serefpolicy-3.3.1/doc/html/apps_usernetctl.html
 --- nsaserefpolicy/doc/html/apps_usernetctl.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_usernetctl.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_usernetctl.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,314 @@
 +<html>
 +<head>
@@ -31105,7 +31105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_usernetctl.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_vmware.html serefpolicy-3.3.1/doc/html/apps_vmware.html
 --- nsaserefpolicy/doc/html/apps_vmware.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_vmware.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_vmware.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,419 @@
 +<html>
 +<head>
@@ -31528,7 +31528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_vmware.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_webalizer.html serefpolicy-3.3.1/doc/html/apps_webalizer.html
 --- nsaserefpolicy/doc/html/apps_webalizer.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_webalizer.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_webalizer.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,314 @@
 +<html>
 +<head>
@@ -31846,7 +31846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_webalizer.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_wine.html serefpolicy-3.3.1/doc/html/apps_wine.html
 --- nsaserefpolicy/doc/html/apps_wine.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_wine.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_wine.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,409 @@
 +<html>
 +<head>
@@ -32259,7 +32259,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_wine.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_yam.html serefpolicy-3.3.1/doc/html/apps_yam.html
 --- nsaserefpolicy/doc/html/apps_yam.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/apps_yam.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/apps_yam.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,356 @@
 +<html>
 +<head>
@@ -32619,7 +32619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/apps_yam.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/booleans.html serefpolicy-3.3.1/doc/html/booleans.html
 --- nsaserefpolicy/doc/html/booleans.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/booleans.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/booleans.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,948 @@
 +<html>
 +<head>
@@ -33571,7 +33571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/booleans.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/global_booleans.html serefpolicy-3.3.1/doc/html/global_booleans.html
 --- nsaserefpolicy/doc/html/global_booleans.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/global_booleans.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/global_booleans.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,936 @@
 +<html>
 +<head>
@@ -34511,7 +34511,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/global_booleans.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/global_tunables.html serefpolicy-3.3.1/doc/html/global_tunables.html
 --- nsaserefpolicy/doc/html/global_tunables.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/global_tunables.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/global_tunables.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1139 @@
 +<html>
 +<head>
@@ -35654,7 +35654,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/global_tunables.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/index.html serefpolicy-3.3.1/doc/html/index.html
 --- nsaserefpolicy/doc/html/index.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/index.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/index.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2465 @@
 +<html>
 +<head>
@@ -38123,7 +38123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/index.html serefpol
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/interfaces.html serefpolicy-3.3.1/doc/html/interfaces.html
 --- nsaserefpolicy/doc/html/interfaces.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/interfaces.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/interfaces.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,163031 @@
 +<html>
 +<head>
@@ -201158,7 +201158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/interfaces.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_corecommands.html serefpolicy-3.3.1/doc/html/kernel_corecommands.html
 --- nsaserefpolicy/doc/html/kernel_corecommands.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_corecommands.html	2009-02-04 10:54:47.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_corecommands.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2396 @@
 +<html>
 +<head>
@@ -203558,7 +203558,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_corecommands
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_corenetwork.html serefpolicy-3.3.1/doc/html/kernel_corenetwork.html
 --- nsaserefpolicy/doc/html/kernel_corenetwork.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_corenetwork.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_corenetwork.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,138688 @@
 +<html>
 +<head>
@@ -342250,7 +342250,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_corenetwork.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_devices.html serefpolicy-3.3.1/doc/html/kernel_devices.html
 --- nsaserefpolicy/doc/html/kernel_devices.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_devices.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_devices.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,8446 @@
 +<html>
 +<head>
@@ -350700,7 +350700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_devices.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_domain.html serefpolicy-3.3.1/doc/html/kernel_domain.html
 --- nsaserefpolicy/doc/html/kernel_domain.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_domain.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_domain.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2865 @@
 +<html>
 +<head>
@@ -353569,7 +353569,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_domain.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_files.html serefpolicy-3.3.1/doc/html/kernel_files.html
 --- nsaserefpolicy/doc/html/kernel_files.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_files.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_files.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,11323 @@
 +<html>
 +<head>
@@ -364896,7 +364896,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_files.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_filesystem.html serefpolicy-3.3.1/doc/html/kernel_filesystem.html
 --- nsaserefpolicy/doc/html/kernel_filesystem.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_filesystem.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_filesystem.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,8765 @@
 +<html>
 +<head>
@@ -373665,7 +373665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_filesystem.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel.html serefpolicy-3.3.1/doc/html/kernel.html
 --- nsaserefpolicy/doc/html/kernel.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,208 @@
 +<html>
 +<head>
@@ -373877,7 +373877,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel.html serefpo
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_kernel.html serefpolicy-3.3.1/doc/html/kernel_kernel.html
 --- nsaserefpolicy/doc/html/kernel_kernel.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_kernel.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_kernel.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,5734 @@
 +<html>
 +<head>
@@ -379615,7 +379615,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_kernel.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_mcs.html serefpolicy-3.3.1/doc/html/kernel_mcs.html
 --- nsaserefpolicy/doc/html/kernel_mcs.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_mcs.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_mcs.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,263 @@
 +<html>
 +<head>
@@ -379882,7 +379882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_mcs.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_mls.html serefpolicy-3.3.1/doc/html/kernel_mls.html
 --- nsaserefpolicy/doc/html/kernel_mls.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_mls.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_mls.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2111 @@
 +<html>
 +<head>
@@ -381997,7 +381997,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_mls.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_selinux.html serefpolicy-3.3.1/doc/html/kernel_selinux.html
 --- nsaserefpolicy/doc/html/kernel_selinux.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_selinux.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_selinux.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1163 @@
 +<html>
 +<head>
@@ -383164,7 +383164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_selinux.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_storage.html serefpolicy-3.3.1/doc/html/kernel_storage.html
 --- nsaserefpolicy/doc/html/kernel_storage.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_storage.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_storage.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1774 @@
 +<html>
 +<head>
@@ -384942,7 +384942,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_storage.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_terminal.html serefpolicy-3.3.1/doc/html/kernel_terminal.html
 --- nsaserefpolicy/doc/html/kernel_terminal.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/kernel_terminal.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/kernel_terminal.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2536 @@
 +<html>
 +<head>
@@ -387482,7 +387482,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/kernel_terminal.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_afs.html serefpolicy-3.3.1/doc/html/services_afs.html
 --- nsaserefpolicy/doc/html/services_afs.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_afs.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_afs.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -388024,7 +388024,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_afs.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_aide.html serefpolicy-3.3.1/doc/html/services_aide.html
 --- nsaserefpolicy/doc/html/services_aide.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_aide.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_aide.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,743 @@
 +<html>
 +<head>
@@ -388771,7 +388771,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_aide.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_amavis.html serefpolicy-3.3.1/doc/html/services_amavis.html
 --- nsaserefpolicy/doc/html/services_amavis.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_amavis.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_amavis.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1084 @@
 +<html>
 +<head>
@@ -389859,7 +389859,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_amavis.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_apache.html serefpolicy-3.3.1/doc/html/services_apache.html
 --- nsaserefpolicy/doc/html/services_apache.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_apache.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_apache.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2954 @@
 +<html>
 +<head>
@@ -392817,7 +392817,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_apache.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_apcupsd.html serefpolicy-3.3.1/doc/html/services_apcupsd.html
 --- nsaserefpolicy/doc/html/services_apcupsd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_apcupsd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_apcupsd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,918 @@
 +<html>
 +<head>
@@ -393739,7 +393739,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_apcupsd.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_apm.html serefpolicy-3.3.1/doc/html/services_apm.html
 --- nsaserefpolicy/doc/html/services_apm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_apm.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_apm.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,796 @@
 +<html>
 +<head>
@@ -394539,7 +394539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_apm.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_arpwatch.html serefpolicy-3.3.1/doc/html/services_arpwatch.html
 --- nsaserefpolicy/doc/html/services_arpwatch.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_arpwatch.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_arpwatch.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,876 @@
 +<html>
 +<head>
@@ -395419,7 +395419,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_arpwatch.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_asterisk.html serefpolicy-3.3.1/doc/html/services_asterisk.html
 --- nsaserefpolicy/doc/html/services_asterisk.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_asterisk.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_asterisk.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,665 @@
 +<html>
 +<head>
@@ -396088,7 +396088,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_asterisk.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_audioentropy.html serefpolicy-3.3.1/doc/html/services_audioentropy.html
 --- nsaserefpolicy/doc/html/services_audioentropy.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_audioentropy.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_audioentropy.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -396630,7 +396630,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_audioentro
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_automount.html serefpolicy-3.3.1/doc/html/services_automount.html
 --- nsaserefpolicy/doc/html/services_automount.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_automount.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_automount.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,918 @@
 +<html>
 +<head>
@@ -397552,7 +397552,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_automount.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_avahi.html serefpolicy-3.3.1/doc/html/services_avahi.html
 --- nsaserefpolicy/doc/html/services_avahi.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_avahi.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_avahi.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,960 @@
 +<html>
 +<head>
@@ -398516,7 +398516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_avahi.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_bind.html serefpolicy-3.3.1/doc/html/services_bind.html
 --- nsaserefpolicy/doc/html/services_bind.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_bind.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_bind.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1360 @@
 +<html>
 +<head>
@@ -399880,7 +399880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_bind.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_bitlbee.html serefpolicy-3.3.1/doc/html/services_bitlbee.html
 --- nsaserefpolicy/doc/html/services_bitlbee.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_bitlbee.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_bitlbee.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -400591,7 +400591,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_bitlbee.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_bluetooth.html serefpolicy-3.3.1/doc/html/services_bluetooth.html
 --- nsaserefpolicy/doc/html/services_bluetooth.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_bluetooth.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_bluetooth.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1055 @@
 +<html>
 +<head>
@@ -401650,7 +401650,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_bluetooth.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_canna.html serefpolicy-3.3.1/doc/html/services_canna.html
 --- nsaserefpolicy/doc/html/services_canna.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_canna.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_canna.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -402361,7 +402361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_canna.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ccs.html serefpolicy-3.3.1/doc/html/services_ccs.html
 --- nsaserefpolicy/doc/html/services_ccs.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ccs.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ccs.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,712 @@
 +<html>
 +<head>
@@ -403077,7 +403077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ccs.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cipe.html serefpolicy-3.3.1/doc/html/services_cipe.html
 --- nsaserefpolicy/doc/html/services_cipe.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_cipe.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_cipe.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -403619,7 +403619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cipe.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_clamav.html serefpolicy-3.3.1/doc/html/services_clamav.html
 --- nsaserefpolicy/doc/html/services_clamav.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_clamav.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_clamav.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,960 @@
 +<html>
 +<head>
@@ -404583,7 +404583,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_clamav.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_clockspeed.html serefpolicy-3.3.1/doc/html/services_clockspeed.html
 --- nsaserefpolicy/doc/html/services_clockspeed.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_clockspeed.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_clockspeed.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,664 @@
 +<html>
 +<head>
@@ -405251,7 +405251,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_clockspeed
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_comsat.html serefpolicy-3.3.1/doc/html/services_comsat.html
 --- nsaserefpolicy/doc/html/services_comsat.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_comsat.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_comsat.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -405793,7 +405793,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_comsat.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_consolekit.html serefpolicy-3.3.1/doc/html/services_consolekit.html
 --- nsaserefpolicy/doc/html/services_consolekit.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_consolekit.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_consolekit.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,671 @@
 +<html>
 +<head>
@@ -406468,7 +406468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_consolekit
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_courier.html serefpolicy-3.3.1/doc/html/services_courier.html
 --- nsaserefpolicy/doc/html/services_courier.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_courier.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_courier.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,849 @@
 +<html>
 +<head>
@@ -407321,7 +407321,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_courier.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cpucontrol.html serefpolicy-3.3.1/doc/html/services_cpucontrol.html
 --- nsaserefpolicy/doc/html/services_cpucontrol.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_cpucontrol.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_cpucontrol.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -407911,7 +407911,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cpucontrol
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cron.html serefpolicy-3.3.1/doc/html/services_cron.html
 --- nsaserefpolicy/doc/html/services_cron.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_cron.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_cron.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1500 @@
 +<html>
 +<head>
@@ -409415,7 +409415,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cron.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cups.html serefpolicy-3.3.1/doc/html/services_cups.html
 --- nsaserefpolicy/doc/html/services_cups.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_cups.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_cups.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1298 @@
 +<html>
 +<head>
@@ -410717,7 +410717,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cups.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cvs.html serefpolicy-3.3.1/doc/html/services_cvs.html
 --- nsaserefpolicy/doc/html/services_cvs.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_cvs.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_cvs.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,774 @@
 +<html>
 +<head>
@@ -411495,7 +411495,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cvs.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cyphesis.html serefpolicy-3.3.1/doc/html/services_cyphesis.html
 --- nsaserefpolicy/doc/html/services_cyphesis.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_cyphesis.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_cyphesis.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -412085,7 +412085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cyphesis.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cyrus.html serefpolicy-3.3.1/doc/html/services_cyrus.html
 --- nsaserefpolicy/doc/html/services_cyrus.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_cyrus.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_cyrus.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,750 @@
 +<html>
 +<head>
@@ -412839,7 +412839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_cyrus.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dante.html serefpolicy-3.3.1/doc/html/services_dante.html
 --- nsaserefpolicy/doc/html/services_dante.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dante.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dante.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -413381,7 +413381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dante.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dbskk.html serefpolicy-3.3.1/doc/html/services_dbskk.html
 --- nsaserefpolicy/doc/html/services_dbskk.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dbskk.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dbskk.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -413923,7 +413923,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dbskk.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dbus.html serefpolicy-3.3.1/doc/html/services_dbus.html
 --- nsaserefpolicy/doc/html/services_dbus.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dbus.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dbus.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1326 @@
 +<html>
 +<head>
@@ -415253,7 +415253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dbus.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dcc.html serefpolicy-3.3.1/doc/html/services_dcc.html
 --- nsaserefpolicy/doc/html/services_dcc.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dcc.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dcc.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,991 @@
 +<html>
 +<head>
@@ -416248,7 +416248,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dcc.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ddclient.html serefpolicy-3.3.1/doc/html/services_ddclient.html
 --- nsaserefpolicy/doc/html/services_ddclient.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ddclient.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ddclient.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -416959,7 +416959,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ddclient.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dhcp.html serefpolicy-3.3.1/doc/html/services_dhcp.html
 --- nsaserefpolicy/doc/html/services_dhcp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dhcp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dhcp.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,708 @@
 +<html>
 +<head>
@@ -417671,7 +417671,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dhcp.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dictd.html serefpolicy-3.3.1/doc/html/services_dictd.html
 --- nsaserefpolicy/doc/html/services_dictd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dictd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dictd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,708 @@
 +<html>
 +<head>
@@ -418383,7 +418383,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dictd.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_distcc.html serefpolicy-3.3.1/doc/html/services_distcc.html
 --- nsaserefpolicy/doc/html/services_distcc.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_distcc.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_distcc.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -418925,7 +418925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_distcc.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_djbdns.html serefpolicy-3.3.1/doc/html/services_djbdns.html
 --- nsaserefpolicy/doc/html/services_djbdns.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_djbdns.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_djbdns.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,587 @@
 +<html>
 +<head>
@@ -419516,7 +419516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_djbdns.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dnsmasq.html serefpolicy-3.3.1/doc/html/services_dnsmasq.html
 --- nsaserefpolicy/doc/html/services_dnsmasq.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dnsmasq.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dnsmasq.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,833 @@
 +<html>
 +<head>
@@ -420353,7 +420353,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dnsmasq.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dovecot.html serefpolicy-3.3.1/doc/html/services_dovecot.html
 --- nsaserefpolicy/doc/html/services_dovecot.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_dovecot.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_dovecot.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,833 @@
 +<html>
 +<head>
@@ -421190,7 +421190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_dovecot.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_exim.html serefpolicy-3.3.1/doc/html/services_exim.html
 --- nsaserefpolicy/doc/html/services_exim.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_exim.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_exim.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1025 @@
 +<html>
 +<head>
@@ -422219,7 +422219,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_exim.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_fail2ban.html serefpolicy-3.3.1/doc/html/services_fail2ban.html
 --- nsaserefpolicy/doc/html/services_fail2ban.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_fail2ban.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_fail2ban.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,834 @@
 +<html>
 +<head>
@@ -423057,7 +423057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_fail2ban.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_fetchmail.html serefpolicy-3.3.1/doc/html/services_fetchmail.html
 --- nsaserefpolicy/doc/html/services_fetchmail.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_fetchmail.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_fetchmail.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,623 @@
 +<html>
 +<head>
@@ -423684,7 +423684,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_fetchmail.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_finger.html serefpolicy-3.3.1/doc/html/services_finger.html
 --- nsaserefpolicy/doc/html/services_finger.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_finger.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_finger.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,628 @@
 +<html>
 +<head>
@@ -424316,7 +424316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_finger.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ftp.html serefpolicy-3.3.1/doc/html/services_ftp.html
 --- nsaserefpolicy/doc/html/services_ftp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ftp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ftp.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1111 @@
 +<html>
 +<head>
@@ -425431,7 +425431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ftp.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gamin.html serefpolicy-3.3.1/doc/html/services_gamin.html
 --- nsaserefpolicy/doc/html/services_gamin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_gamin.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_gamin.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,670 @@
 +<html>
 +<head>
@@ -426105,7 +426105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gamin.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gatekeeper.html serefpolicy-3.3.1/doc/html/services_gatekeeper.html
 --- nsaserefpolicy/doc/html/services_gatekeeper.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_gatekeeper.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_gatekeeper.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -426647,7 +426647,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gatekeeper
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gnomeclock.html serefpolicy-3.3.1/doc/html/services_gnomeclock.html
 --- nsaserefpolicy/doc/html/services_gnomeclock.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_gnomeclock.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_gnomeclock.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,708 @@
 +<html>
 +<head>
@@ -427359,7 +427359,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gnomeclock
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gpm.html serefpolicy-3.3.1/doc/html/services_gpm.html
 --- nsaserefpolicy/doc/html/services_gpm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_gpm.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_gpm.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,717 @@
 +<html>
 +<head>
@@ -428080,7 +428080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_gpm.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_hal.html serefpolicy-3.3.1/doc/html/services_hal.html
 --- nsaserefpolicy/doc/html/services_hal.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_hal.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_hal.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1307 @@
 +<html>
 +<head>
@@ -429391,7 +429391,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_hal.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_howl.html serefpolicy-3.3.1/doc/html/services_howl.html
 --- nsaserefpolicy/doc/html/services_howl.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_howl.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_howl.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -429981,7 +429981,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_howl.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services.html serefpolicy-3.3.1/doc/html/services.html
 --- nsaserefpolicy/doc/html/services.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1311 @@
 +<html>
 +<head>
@@ -431296,7 +431296,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_i18n_input.html serefpolicy-3.3.1/doc/html/services_i18n_input.html
 --- nsaserefpolicy/doc/html/services_i18n_input.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_i18n_input.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_i18n_input.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -431886,7 +431886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_i18n_input
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_imaze.html serefpolicy-3.3.1/doc/html/services_imaze.html
 --- nsaserefpolicy/doc/html/services_imaze.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_imaze.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_imaze.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -432428,7 +432428,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_imaze.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_inetd.html serefpolicy-3.3.1/doc/html/services_inetd.html
 --- nsaserefpolicy/doc/html/services_inetd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_inetd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_inetd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1005 @@
 +<html>
 +<head>
@@ -433437,7 +433437,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_inetd.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_inn.html serefpolicy-3.3.1/doc/html/services_inn.html
 --- nsaserefpolicy/doc/html/services_inn.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_inn.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_inn.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1045 @@
 +<html>
 +<head>
@@ -434486,7 +434486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_inn.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ircd.html serefpolicy-3.3.1/doc/html/services_ircd.html
 --- nsaserefpolicy/doc/html/services_ircd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ircd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ircd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -435028,7 +435028,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ircd.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_irqbalance.html serefpolicy-3.3.1/doc/html/services_irqbalance.html
 --- nsaserefpolicy/doc/html/services_irqbalance.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_irqbalance.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_irqbalance.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -435570,7 +435570,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_irqbalance
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_jabber.html serefpolicy-3.3.1/doc/html/services_jabber.html
 --- nsaserefpolicy/doc/html/services_jabber.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_jabber.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_jabber.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -436281,7 +436281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_jabber.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_kerberos.html serefpolicy-3.3.1/doc/html/services_kerberos.html
 --- nsaserefpolicy/doc/html/services_kerberos.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_kerberos.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_kerberos.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1240 @@
 +<html>
 +<head>
@@ -437525,7 +437525,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_kerberos.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_kerneloops.html serefpolicy-3.3.1/doc/html/services_kerneloops.html
 --- nsaserefpolicy/doc/html/services_kerneloops.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_kerneloops.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_kerneloops.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,835 @@
 +<html>
 +<head>
@@ -438364,7 +438364,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_kerneloops
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ktalk.html serefpolicy-3.3.1/doc/html/services_ktalk.html
 --- nsaserefpolicy/doc/html/services_ktalk.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ktalk.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ktalk.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -438906,7 +438906,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ktalk.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ldap.html serefpolicy-3.3.1/doc/html/services_ldap.html
 --- nsaserefpolicy/doc/html/services_ldap.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ldap.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ldap.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,834 @@
 +<html>
 +<head>
@@ -439744,7 +439744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ldap.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_lpd.html serefpolicy-3.3.1/doc/html/services_lpd.html
 --- nsaserefpolicy/doc/html/services_lpd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_lpd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_lpd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1165 @@
 +<html>
 +<head>
@@ -440913,7 +440913,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_lpd.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mailman.html serefpolicy-3.3.1/doc/html/services_mailman.html
 --- nsaserefpolicy/doc/html/services_mailman.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_mailman.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_mailman.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1194 @@
 +<html>
 +<head>
@@ -442111,7 +442111,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mailman.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mailscanner.html serefpolicy-3.3.1/doc/html/services_mailscanner.html
 --- nsaserefpolicy/doc/html/services_mailscanner.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_mailscanner.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_mailscanner.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,671 @@
 +<html>
 +<head>
@@ -442786,7 +442786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mailscanne
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_monop.html serefpolicy-3.3.1/doc/html/services_monop.html
 --- nsaserefpolicy/doc/html/services_monop.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_monop.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_monop.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -443328,7 +443328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_monop.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mta.html serefpolicy-3.3.1/doc/html/services_mta.html
 --- nsaserefpolicy/doc/html/services_mta.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_mta.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_mta.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2262 @@
 +<html>
 +<head>
@@ -445594,7 +445594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mta.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_munin.html serefpolicy-3.3.1/doc/html/services_munin.html
 --- nsaserefpolicy/doc/html/services_munin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_munin.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_munin.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,921 @@
 +<html>
 +<head>
@@ -446519,7 +446519,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_munin.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mysql.html serefpolicy-3.3.1/doc/html/services_mysql.html
 --- nsaserefpolicy/doc/html/services_mysql.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_mysql.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_mysql.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1002 @@
 +<html>
 +<head>
@@ -447525,7 +447525,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_mysql.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nagios.html serefpolicy-3.3.1/doc/html/services_nagios.html
 --- nsaserefpolicy/doc/html/services_nagios.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_nagios.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_nagios.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,794 @@
 +<html>
 +<head>
@@ -448323,7 +448323,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nagios.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nessus.html serefpolicy-3.3.1/doc/html/services_nessus.html
 --- nsaserefpolicy/doc/html/services_nessus.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_nessus.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_nessus.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -448913,7 +448913,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nessus.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_networkmanager.html serefpolicy-3.3.1/doc/html/services_networkmanager.html
 --- nsaserefpolicy/doc/html/services_networkmanager.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_networkmanager.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_networkmanager.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,882 @@
 +<html>
 +<head>
@@ -449799,7 +449799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_networkman
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nis.html serefpolicy-3.3.1/doc/html/services_nis.html
 --- nsaserefpolicy/doc/html/services_nis.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_nis.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_nis.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1184 @@
 +<html>
 +<head>
@@ -450987,7 +450987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nis.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nscd.html serefpolicy-3.3.1/doc/html/services_nscd.html
 --- nsaserefpolicy/doc/html/services_nscd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_nscd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_nscd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1167 @@
 +<html>
 +<head>
@@ -452158,7 +452158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nscd.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nsd.html serefpolicy-3.3.1/doc/html/services_nsd.html
 --- nsaserefpolicy/doc/html/services_nsd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_nsd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_nsd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,628 @@
 +<html>
 +<head>
@@ -452790,7 +452790,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nsd.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ntop.html serefpolicy-3.3.1/doc/html/services_ntop.html
 --- nsaserefpolicy/doc/html/services_ntop.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ntop.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ntop.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -453332,7 +453332,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ntop.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ntp.html serefpolicy-3.3.1/doc/html/services_ntp.html
 --- nsaserefpolicy/doc/html/services_ntp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ntp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ntp.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,791 @@
 +<html>
 +<head>
@@ -454127,7 +454127,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ntp.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nx.html serefpolicy-3.3.1/doc/html/services_nx.html
 --- nsaserefpolicy/doc/html/services_nx.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_nx.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_nx.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -454717,7 +454717,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_nx.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_oav.html serefpolicy-3.3.1/doc/html/services_oav.html
 --- nsaserefpolicy/doc/html/services_oav.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_oav.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_oav.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,665 @@
 +<html>
 +<head>
@@ -455386,7 +455386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_oav.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_oddjob.html serefpolicy-3.3.1/doc/html/services_oddjob.html
 --- nsaserefpolicy/doc/html/services_oddjob.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_oddjob.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_oddjob.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,814 @@
 +<html>
 +<head>
@@ -456204,7 +456204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_oddjob.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_openca.html serefpolicy-3.3.1/doc/html/services_openca.html
 --- nsaserefpolicy/doc/html/services_openca.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_openca.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_openca.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,713 @@
 +<html>
 +<head>
@@ -456921,7 +456921,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_openca.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_openct.html serefpolicy-3.3.1/doc/html/services_openct.html
 --- nsaserefpolicy/doc/html/services_openct.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_openct.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_openct.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,754 @@
 +<html>
 +<head>
@@ -457679,7 +457679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_openct.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_openvpn.html serefpolicy-3.3.1/doc/html/services_openvpn.html
 --- nsaserefpolicy/doc/html/services_openvpn.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_openvpn.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_openvpn.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,979 @@
 +<html>
 +<head>
@@ -458662,7 +458662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_openvpn.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pcscd.html serefpolicy-3.3.1/doc/html/services_pcscd.html
 --- nsaserefpolicy/doc/html/services_pcscd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_pcscd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_pcscd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,670 @@
 +<html>
 +<head>
@@ -459336,7 +459336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pcscd.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pegasus.html serefpolicy-3.3.1/doc/html/services_pegasus.html
 --- nsaserefpolicy/doc/html/services_pegasus.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_pegasus.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_pegasus.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -459878,7 +459878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pegasus.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_perdition.html serefpolicy-3.3.1/doc/html/services_perdition.html
 --- nsaserefpolicy/doc/html/services_perdition.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_perdition.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_perdition.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -460468,7 +460468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_perdition.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pki.html serefpolicy-3.3.1/doc/html/services_pki.html
 --- nsaserefpolicy/doc/html/services_pki.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_pki.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_pki.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1364 @@
 +<html>
 +<head>
@@ -461836,7 +461836,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pki.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_podsleuth.html serefpolicy-3.3.1/doc/html/services_podsleuth.html
 --- nsaserefpolicy/doc/html/services_podsleuth.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_podsleuth.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_podsleuth.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,665 @@
 +<html>
 +<head>
@@ -462505,7 +462505,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_podsleuth.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_polkit.html serefpolicy-3.3.1/doc/html/services_polkit.html
 --- nsaserefpolicy/doc/html/services_polkit.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_polkit.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_polkit.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1014 @@
 +<html>
 +<head>
@@ -463523,7 +463523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_polkit.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_portmap.html serefpolicy-3.3.1/doc/html/services_portmap.html
 --- nsaserefpolicy/doc/html/services_portmap.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_portmap.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_portmap.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,792 @@
 +<html>
 +<head>
@@ -464319,7 +464319,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_portmap.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_portslave.html serefpolicy-3.3.1/doc/html/services_portslave.html
 --- nsaserefpolicy/doc/html/services_portslave.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_portslave.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_portslave.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -464909,7 +464909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_portslave.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postfix.html serefpolicy-3.3.1/doc/html/services_postfix.html
 --- nsaserefpolicy/doc/html/services_postfix.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_postfix.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_postfix.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1774 @@
 +<html>
 +<head>
@@ -466687,7 +466687,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postfix.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postfixpolicyd.html serefpolicy-3.3.1/doc/html/services_postfixpolicyd.html
 --- nsaserefpolicy/doc/html/services_postfixpolicyd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_postfixpolicyd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_postfixpolicyd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,665 @@
 +<html>
 +<head>
@@ -467356,7 +467356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postfixpol
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postgresql.html serefpolicy-3.3.1/doc/html/services_postgresql.html
 --- nsaserefpolicy/doc/html/services_postgresql.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_postgresql.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_postgresql.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1371 @@
 +<html>
 +<head>
@@ -468731,7 +468731,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postgresql
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postgrey.html serefpolicy-3.3.1/doc/html/services_postgrey.html
 --- nsaserefpolicy/doc/html/services_postgrey.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_postgrey.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_postgrey.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,749 @@
 +<html>
 +<head>
@@ -469484,7 +469484,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_postgrey.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ppp.html serefpolicy-3.3.1/doc/html/services_ppp.html
 --- nsaserefpolicy/doc/html/services_ppp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ppp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ppp.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1414 @@
 +<html>
 +<head>
@@ -470902,7 +470902,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ppp.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_prelude.html serefpolicy-3.3.1/doc/html/services_prelude.html
 --- nsaserefpolicy/doc/html/services_prelude.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_prelude.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_prelude.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,917 @@
 +<html>
 +<head>
@@ -471823,7 +471823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_prelude.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_privoxy.html serefpolicy-3.3.1/doc/html/services_privoxy.html
 --- nsaserefpolicy/doc/html/services_privoxy.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_privoxy.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_privoxy.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,665 @@
 +<html>
 +<head>
@@ -472492,7 +472492,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_privoxy.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_procmail.html serefpolicy-3.3.1/doc/html/services_procmail.html
 --- nsaserefpolicy/doc/html/services_procmail.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_procmail.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_procmail.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,712 @@
 +<html>
 +<head>
@@ -473208,7 +473208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_procmail.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_publicfile.html serefpolicy-3.3.1/doc/html/services_publicfile.html
 --- nsaserefpolicy/doc/html/services_publicfile.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_publicfile.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_publicfile.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -473750,7 +473750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_publicfile
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pxe.html serefpolicy-3.3.1/doc/html/services_pxe.html
 --- nsaserefpolicy/doc/html/services_pxe.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_pxe.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_pxe.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -474292,7 +474292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pxe.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pyzor.html serefpolicy-3.3.1/doc/html/services_pyzor.html
 --- nsaserefpolicy/doc/html/services_pyzor.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_pyzor.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_pyzor.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,856 @@
 +<html>
 +<head>
@@ -475152,7 +475152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_pyzor.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_qmail.html serefpolicy-3.3.1/doc/html/services_qmail.html
 --- nsaserefpolicy/doc/html/services_qmail.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_qmail.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_qmail.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,887 @@
 +<html>
 +<head>
@@ -476043,7 +476043,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_qmail.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_radius.html serefpolicy-3.3.1/doc/html/services_radius.html
 --- nsaserefpolicy/doc/html/services_radius.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_radius.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_radius.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -476754,7 +476754,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_radius.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_radvd.html serefpolicy-3.3.1/doc/html/services_radvd.html
 --- nsaserefpolicy/doc/html/services_radvd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_radvd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_radvd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,665 @@
 +<html>
 +<head>
@@ -477423,7 +477423,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_radvd.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_razor.html serefpolicy-3.3.1/doc/html/services_razor.html
 --- nsaserefpolicy/doc/html/services_razor.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_razor.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_razor.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,854 @@
 +<html>
 +<head>
@@ -478281,7 +478281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_razor.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rdisc.html serefpolicy-3.3.1/doc/html/services_rdisc.html
 --- nsaserefpolicy/doc/html/services_rdisc.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rdisc.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rdisc.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -478871,7 +478871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rdisc.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_remotelogin.html serefpolicy-3.3.1/doc/html/services_remotelogin.html
 --- nsaserefpolicy/doc/html/services_remotelogin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_remotelogin.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_remotelogin.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,628 @@
 +<html>
 +<head>
@@ -479503,7 +479503,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_remotelogi
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_resmgr.html serefpolicy-3.3.1/doc/html/services_resmgr.html
 --- nsaserefpolicy/doc/html/services_resmgr.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_resmgr.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_resmgr.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,587 @@
 +<html>
 +<head>
@@ -480094,7 +480094,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_resmgr.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rhgb.html serefpolicy-3.3.1/doc/html/services_rhgb.html
 --- nsaserefpolicy/doc/html/services_rhgb.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rhgb.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rhgb.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1007 @@
 +<html>
 +<head>
@@ -481105,7 +481105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rhgb.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ricci.html serefpolicy-3.3.1/doc/html/services_ricci.html
 --- nsaserefpolicy/doc/html/services_ricci.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ricci.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ricci.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,924 @@
 +<html>
 +<head>
@@ -482033,7 +482033,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ricci.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rlogin.html serefpolicy-3.3.1/doc/html/services_rlogin.html
 --- nsaserefpolicy/doc/html/services_rlogin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rlogin.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rlogin.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -482623,7 +482623,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rlogin.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_roundup.html serefpolicy-3.3.1/doc/html/services_roundup.html
 --- nsaserefpolicy/doc/html/services_roundup.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_roundup.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_roundup.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,665 @@
 +<html>
 +<head>
@@ -483292,7 +483292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_roundup.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rpcbind.html serefpolicy-3.3.1/doc/html/services_rpcbind.html
 --- nsaserefpolicy/doc/html/services_rpcbind.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rpcbind.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rpcbind.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,876 @@
 +<html>
 +<head>
@@ -484172,7 +484172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rpcbind.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rpc.html serefpolicy-3.3.1/doc/html/services_rpc.html
 --- nsaserefpolicy/doc/html/services_rpc.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rpc.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rpc.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1275 @@
 +<html>
 +<head>
@@ -485451,7 +485451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rpc.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rshd.html serefpolicy-3.3.1/doc/html/services_rshd.html
 --- nsaserefpolicy/doc/html/services_rshd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rshd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rshd.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -486041,7 +486041,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rshd.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rsync.html serefpolicy-3.3.1/doc/html/services_rsync.html
 --- nsaserefpolicy/doc/html/services_rsync.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rsync.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rsync.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,815 @@
 +<html>
 +<head>
@@ -486860,7 +486860,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rsync.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rwho.html serefpolicy-3.3.1/doc/html/services_rwho.html
 --- nsaserefpolicy/doc/html/services_rwho.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_rwho.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_rwho.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,918 @@
 +<html>
 +<head>
@@ -487782,7 +487782,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_rwho.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_samba.html serefpolicy-3.3.1/doc/html/services_samba.html
 --- nsaserefpolicy/doc/html/services_samba.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_samba.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_samba.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,2301 @@
 +<html>
 +<head>
@@ -490087,7 +490087,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_samba.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_sasl.html serefpolicy-3.3.1/doc/html/services_sasl.html
 --- nsaserefpolicy/doc/html/services_sasl.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_sasl.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_sasl.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,731 @@
 +<html>
 +<head>
@@ -490822,7 +490822,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_sasl.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_sendmail.html serefpolicy-3.3.1/doc/html/services_sendmail.html
 --- nsaserefpolicy/doc/html/services_sendmail.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_sendmail.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_sendmail.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,1123 @@
 +<html>
 +<head>
@@ -491949,7 +491949,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_sendmail.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_setroubleshoot.html serefpolicy-3.3.1/doc/html/services_setroubleshoot.html
 --- nsaserefpolicy/doc/html/services_setroubleshoot.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_setroubleshoot.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_setroubleshoot.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,749 @@
 +<html>
 +<head>
@@ -492702,7 +492702,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_setroubles
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_slattach.html serefpolicy-3.3.1/doc/html/services_slattach.html
 --- nsaserefpolicy/doc/html/services_slattach.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_slattach.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_slattach.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -493292,7 +493292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_slattach.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_slrnpull.html serefpolicy-3.3.1/doc/html/services_slrnpull.html
 --- nsaserefpolicy/doc/html/services_slrnpull.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_slrnpull.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_slrnpull.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,629 @@
 +<html>
 +<head>
@@ -493925,7 +493925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_slrnpull.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_smartmon.html serefpolicy-3.3.1/doc/html/services_smartmon.html
 --- nsaserefpolicy/doc/html/services_smartmon.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_smartmon.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_smartmon.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -494636,7 +494636,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_smartmon.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_snmp.html serefpolicy-3.3.1/doc/html/services_snmp.html
 --- nsaserefpolicy/doc/html/services_snmp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_snmp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_snmp.html	2009-02-12 22:21:56.000000000 +0100
 @@ -0,0 +1,875 @@
 +<html>
 +<head>
@@ -495515,7 +495515,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_snmp.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_snort.html serefpolicy-3.3.1/doc/html/services_snort.html
 --- nsaserefpolicy/doc/html/services_snort.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_snort.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_snort.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,753 @@
 +<html>
 +<head>
@@ -496272,7 +496272,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_snort.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_soundserver.html serefpolicy-3.3.1/doc/html/services_soundserver.html
 --- nsaserefpolicy/doc/html/services_soundserver.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_soundserver.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_soundserver.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -496983,7 +496983,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_soundserve
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_spamassassin.html serefpolicy-3.3.1/doc/html/services_spamassassin.html
 --- nsaserefpolicy/doc/html/services_spamassassin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_spamassassin.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_spamassassin.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1567 @@
 +<html>
 +<head>
@@ -498554,7 +498554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_spamassass
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_speedtouch.html serefpolicy-3.3.1/doc/html/services_speedtouch.html
 --- nsaserefpolicy/doc/html/services_speedtouch.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_speedtouch.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_speedtouch.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -499096,7 +499096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_speedtouch
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_squid.html serefpolicy-3.3.1/doc/html/services_squid.html
 --- nsaserefpolicy/doc/html/services_squid.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_squid.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_squid.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1028 @@
 +<html>
 +<head>
@@ -500128,7 +500128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_squid.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ssh.html serefpolicy-3.3.1/doc/html/services_ssh.html
 --- nsaserefpolicy/doc/html/services_ssh.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ssh.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ssh.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1335 @@
 +<html>
 +<head>
@@ -501467,7 +501467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ssh.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_stunnel.html serefpolicy-3.3.1/doc/html/services_stunnel.html
 --- nsaserefpolicy/doc/html/services_stunnel.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_stunnel.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_stunnel.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,604 @@
 +<html>
 +<head>
@@ -502075,7 +502075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_stunnel.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_sysstat.html serefpolicy-3.3.1/doc/html/services_sysstat.html
 --- nsaserefpolicy/doc/html/services_sysstat.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_sysstat.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_sysstat.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -502665,7 +502665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_sysstat.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_tcpd.html serefpolicy-3.3.1/doc/html/services_tcpd.html
 --- nsaserefpolicy/doc/html/services_tcpd.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_tcpd.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_tcpd.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,647 @@
 +<html>
 +<head>
@@ -503316,7 +503316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_tcpd.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_telnet.html serefpolicy-3.3.1/doc/html/services_telnet.html
 --- nsaserefpolicy/doc/html/services_telnet.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_telnet.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_telnet.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -503858,7 +503858,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_telnet.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_tftp.html serefpolicy-3.3.1/doc/html/services_tftp.html
 --- nsaserefpolicy/doc/html/services_tftp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_tftp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_tftp.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,648 @@
 +<html>
 +<head>
@@ -504510,7 +504510,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_tftp.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_timidity.html serefpolicy-3.3.1/doc/html/services_timidity.html
 --- nsaserefpolicy/doc/html/services_timidity.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_timidity.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_timidity.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -505052,7 +505052,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_timidity.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_tor.html serefpolicy-3.3.1/doc/html/services_tor.html
 --- nsaserefpolicy/doc/html/services_tor.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_tor.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_tor.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,707 @@
 +<html>
 +<head>
@@ -505763,7 +505763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_tor.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_transproxy.html serefpolicy-3.3.1/doc/html/services_transproxy.html
 --- nsaserefpolicy/doc/html/services_transproxy.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_transproxy.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_transproxy.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -506305,7 +506305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_transproxy
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ucspitcp.html serefpolicy-3.3.1/doc/html/services_ucspitcp.html
 --- nsaserefpolicy/doc/html/services_ucspitcp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_ucspitcp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_ucspitcp.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,608 @@
 +<html>
 +<head>
@@ -506917,7 +506917,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_ucspitcp.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_uptime.html serefpolicy-3.3.1/doc/html/services_uptime.html
 --- nsaserefpolicy/doc/html/services_uptime.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_uptime.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_uptime.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -507459,7 +507459,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_uptime.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_uucp.html serefpolicy-3.3.1/doc/html/services_uucp.html
 --- nsaserefpolicy/doc/html/services_uucp.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_uucp.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_uucp.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,751 @@
 +<html>
 +<head>
@@ -508214,7 +508214,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_uucp.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_uwimap.html serefpolicy-3.3.1/doc/html/services_uwimap.html
 --- nsaserefpolicy/doc/html/services_uwimap.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_uwimap.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_uwimap.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -508804,7 +508804,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_uwimap.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_w3c.html serefpolicy-3.3.1/doc/html/services_w3c.html
 --- nsaserefpolicy/doc/html/services_w3c.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_w3c.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_w3c.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,586 @@
 +<html>
 +<head>
@@ -509394,7 +509394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_w3c.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_watchdog.html serefpolicy-3.3.1/doc/html/services_watchdog.html
 --- nsaserefpolicy/doc/html/services_watchdog.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_watchdog.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_watchdog.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -509936,7 +509936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_watchdog.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_xfs.html serefpolicy-3.3.1/doc/html/services_xfs.html
 --- nsaserefpolicy/doc/html/services_xfs.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_xfs.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_xfs.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,672 @@
 +<html>
 +<head>
@@ -510612,7 +510612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_xfs.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_xprint.html serefpolicy-3.3.1/doc/html/services_xprint.html
 --- nsaserefpolicy/doc/html/services_xprint.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_xprint.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_xprint.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,538 @@
 +<html>
 +<head>
@@ -511154,7 +511154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_xprint.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_xserver.html serefpolicy-3.3.1/doc/html/services_xserver.html
 --- nsaserefpolicy/doc/html/services_xserver.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_xserver.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_xserver.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3783 @@
 +<html>
 +<head>
@@ -514941,7 +514941,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_xserver.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_zabbix.html serefpolicy-3.3.1/doc/html/services_zabbix.html
 --- nsaserefpolicy/doc/html/services_zabbix.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_zabbix.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_zabbix.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,834 @@
 +<html>
 +<head>
@@ -515779,7 +515779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_zabbix.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_zebra.html serefpolicy-3.3.1/doc/html/services_zebra.html
 --- nsaserefpolicy/doc/html/services_zebra.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/services_zebra.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/services_zebra.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,731 @@
 +<html>
 +<head>
@@ -516514,7 +516514,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/services_zebra.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/style.css serefpolicy-3.3.1/doc/html/style.css
 --- nsaserefpolicy/doc/html/style.css	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/style.css	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/style.css	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,216 @@
 +body {
 +	margin:0px;
@@ -516734,7 +516734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/style.css serefpoli
 +body>#Menu {width:160px;}
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_application.html serefpolicy-3.3.1/doc/html/system_application.html
 --- nsaserefpolicy/doc/html/system_application.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_application.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_application.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,417 @@
 +<html>
 +<head>
@@ -517155,7 +517155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_application.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_authlogin.html serefpolicy-3.3.1/doc/html/system_authlogin.html
 --- nsaserefpolicy/doc/html/system_authlogin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_authlogin.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_authlogin.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3362 @@
 +<html>
 +<head>
@@ -520521,7 +520521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_authlogin.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_clock.html serefpolicy-3.3.1/doc/html/system_clock.html
 --- nsaserefpolicy/doc/html/system_clock.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_clock.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_clock.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,434 @@
 +<html>
 +<head>
@@ -520959,7 +520959,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_clock.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_daemontools.html serefpolicy-3.3.1/doc/html/system_daemontools.html
 --- nsaserefpolicy/doc/html/system_daemontools.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_daemontools.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_daemontools.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,503 @@
 +<html>
 +<head>
@@ -521466,7 +521466,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_daemontools.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_fstools.html serefpolicy-3.3.1/doc/html/system_fstools.html
 --- nsaserefpolicy/doc/html/system_fstools.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_fstools.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_fstools.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,562 @@
 +<html>
 +<head>
@@ -522032,7 +522032,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_fstools.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_getty.html serefpolicy-3.3.1/doc/html/system_getty.html
 --- nsaserefpolicy/doc/html/system_getty.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_getty.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_getty.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,397 @@
 +<html>
 +<head>
@@ -522433,7 +522433,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_getty.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_hostname.html serefpolicy-3.3.1/doc/html/system_hostname.html
 --- nsaserefpolicy/doc/html/system_hostname.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_hostname.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_hostname.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,350 @@
 +<html>
 +<head>
@@ -522787,7 +522787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_hostname.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_hotplug.html serefpolicy-3.3.1/doc/html/system_hotplug.html
 --- nsaserefpolicy/doc/html/system_hotplug.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_hotplug.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_hotplug.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,570 @@
 +<html>
 +<head>
@@ -523361,7 +523361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_hotplug.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system.html serefpolicy-3.3.1/doc/html/system.html
 --- nsaserefpolicy/doc/html/system.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,350 @@
 +<html>
 +<head>
@@ -523715,7 +523715,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system.html serefpo
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_init.html serefpolicy-3.3.1/doc/html/system_init.html
 --- nsaserefpolicy/doc/html/system_init.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_init.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_init.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3317 @@
 +<html>
 +<head>
@@ -527036,7 +527036,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_init.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_ipsec.html serefpolicy-3.3.1/doc/html/system_ipsec.html
 --- nsaserefpolicy/doc/html/system_ipsec.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_ipsec.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_ipsec.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,728 @@
 +<html>
 +<head>
@@ -527768,7 +527768,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_ipsec.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_iptables.html serefpolicy-3.3.1/doc/html/system_iptables.html
 --- nsaserefpolicy/doc/html/system_iptables.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_iptables.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_iptables.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,350 @@
 +<html>
 +<head>
@@ -528122,7 +528122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_iptables.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_iscsi.html serefpolicy-3.3.1/doc/html/system_iscsi.html
 --- nsaserefpolicy/doc/html/system_iscsi.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_iscsi.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_iscsi.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,229 @@
 +<html>
 +<head>
@@ -528355,7 +528355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_iscsi.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_libraries.html serefpolicy-3.3.1/doc/html/system_libraries.html
 --- nsaserefpolicy/doc/html/system_libraries.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_libraries.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_libraries.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1300 @@
 +<html>
 +<head>
@@ -529659,7 +529659,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_libraries.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_locallogin.html serefpolicy-3.3.1/doc/html/system_locallogin.html
 --- nsaserefpolicy/doc/html/system_locallogin.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_locallogin.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_locallogin.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,481 @@
 +<html>
 +<head>
@@ -530144,7 +530144,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_locallogin.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_logging.html serefpolicy-3.3.1/doc/html/system_logging.html
 --- nsaserefpolicy/doc/html/system_logging.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_logging.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_logging.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,2281 @@
 +<html>
 +<head>
@@ -532429,7 +532429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_logging.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_lvm.html serefpolicy-3.3.1/doc/html/system_lvm.html
 --- nsaserefpolicy/doc/html/system_lvm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_lvm.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_lvm.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,391 @@
 +<html>
 +<head>
@@ -532824,7 +532824,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_lvm.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_miscfiles.html serefpolicy-3.3.1/doc/html/system_miscfiles.html
 --- nsaserefpolicy/doc/html/system_miscfiles.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_miscfiles.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_miscfiles.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1282 @@
 +<html>
 +<head>
@@ -534110,7 +534110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_miscfiles.ht
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_modutils.html serefpolicy-3.3.1/doc/html/system_modutils.html
 --- nsaserefpolicy/doc/html/system_modutils.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_modutils.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_modutils.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,889 @@
 +<html>
 +<head>
@@ -535003,7 +535003,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_modutils.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_mount.html serefpolicy-3.3.1/doc/html/system_mount.html
 --- nsaserefpolicy/doc/html/system_mount.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_mount.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_mount.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,595 @@
 +<html>
 +<head>
@@ -535602,7 +535602,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_mount.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_netlabel.html serefpolicy-3.3.1/doc/html/system_netlabel.html
 --- nsaserefpolicy/doc/html/system_netlabel.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_netlabel.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_netlabel.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,308 @@
 +<html>
 +<head>
@@ -535914,7 +535914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_netlabel.htm
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_pcmcia.html serefpolicy-3.3.1/doc/html/system_pcmcia.html
 --- nsaserefpolicy/doc/html/system_pcmcia.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_pcmcia.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_pcmcia.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,562 @@
 +<html>
 +<head>
@@ -536480,7 +536480,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_pcmcia.html 
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_qemu.html serefpolicy-3.3.1/doc/html/system_qemu.html
 --- nsaserefpolicy/doc/html/system_qemu.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_qemu.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_qemu.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,864 @@
 +<html>
 +<head>
@@ -537348,7 +537348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_qemu.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_raid.html serefpolicy-3.3.1/doc/html/system_raid.html
 --- nsaserefpolicy/doc/html/system_raid.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_raid.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_raid.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,281 @@
 +<html>
 +<head>
@@ -537633,7 +537633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_raid.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_selinuxutil.html serefpolicy-3.3.1/doc/html/system_selinuxutil.html
 --- nsaserefpolicy/doc/html/system_selinuxutil.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_selinuxutil.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_selinuxutil.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3130 @@
 +<html>
 +<head>
@@ -540767,7 +540767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_selinuxutil.
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_setrans.html serefpolicy-3.3.1/doc/html/system_setrans.html
 --- nsaserefpolicy/doc/html/system_setrans.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_setrans.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_setrans.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,271 @@
 +<html>
 +<head>
@@ -541042,7 +541042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_setrans.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_sysnetwork.html serefpolicy-3.3.1/doc/html/system_sysnetwork.html
 --- nsaserefpolicy/doc/html/system_sysnetwork.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_sysnetwork.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_sysnetwork.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1543 @@
 +<html>
 +<head>
@@ -542589,7 +542589,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_sysnetwork.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_udev.html serefpolicy-3.3.1/doc/html/system_udev.html
 --- nsaserefpolicy/doc/html/system_udev.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_udev.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_udev.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,525 @@
 +<html>
 +<head>
@@ -543118,7 +543118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_udev.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_unconfined.html serefpolicy-3.3.1/doc/html/system_unconfined.html
 --- nsaserefpolicy/doc/html/system_unconfined.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_unconfined.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_unconfined.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1875 @@
 +<html>
 +<head>
@@ -544997,7 +544997,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_unconfined.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_userdomain.html serefpolicy-3.3.1/doc/html/system_userdomain.html
 --- nsaserefpolicy/doc/html/system_userdomain.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_userdomain.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_userdomain.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,12383 @@
 +<html>
 +<head>
@@ -557384,7 +557384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_userdomain.h
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_virt.html serefpolicy-3.3.1/doc/html/system_virt.html
 --- nsaserefpolicy/doc/html/system_virt.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_virt.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_virt.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,896 @@
 +<html>
 +<head>
@@ -558284,7 +558284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_virt.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_xen.html serefpolicy-3.3.1/doc/html/system_xen.html
 --- nsaserefpolicy/doc/html/system_xen.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/system_xen.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/system_xen.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,679 @@
 +<html>
 +<head>
@@ -558967,7 +558967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/system_xen.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/templates.html serefpolicy-3.3.1/doc/html/templates.html
 --- nsaserefpolicy/doc/html/templates.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/templates.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/templates.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,8469 @@
 +<html>
 +<head>
@@ -567440,7 +567440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/templates.html sere
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/tunables.html serefpolicy-3.3.1/doc/html/tunables.html
 --- nsaserefpolicy/doc/html/tunables.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/tunables.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/tunables.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3167 @@
 +<html>
 +<head>
@@ -570611,7 +570611,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/tunables.html seref
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_auditadm.html serefpolicy-3.3.1/doc/html/users_auditadm.html
 --- nsaserefpolicy/doc/html/users_auditadm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_auditadm.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_auditadm.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,112 @@
 +<html>
 +<head>
@@ -570727,7 +570727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_auditadm.html
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_guest.html serefpolicy-3.3.1/doc/html/users_guest.html
 --- nsaserefpolicy/doc/html/users_guest.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_guest.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_guest.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,112 @@
 +<html>
 +<head>
@@ -570843,7 +570843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_guest.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users.html serefpolicy-3.3.1/doc/html/users.html
 --- nsaserefpolicy/doc/html/users.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,161 @@
 +<html>
 +<head>
@@ -571008,7 +571008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users.html serefpol
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_logadm.html serefpolicy-3.3.1/doc/html/users_logadm.html
 --- nsaserefpolicy/doc/html/users_logadm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_logadm.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_logadm.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,112 @@
 +<html>
 +<head>
@@ -571124,7 +571124,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_logadm.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_secadm.html serefpolicy-3.3.1/doc/html/users_secadm.html
 --- nsaserefpolicy/doc/html/users_secadm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_secadm.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_secadm.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,112 @@
 +<html>
 +<head>
@@ -571240,7 +571240,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_secadm.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_staff.html serefpolicy-3.3.1/doc/html/users_staff.html
 --- nsaserefpolicy/doc/html/users_staff.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_staff.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_staff.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,112 @@
 +<html>
 +<head>
@@ -571356,7 +571356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_staff.html se
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_user.html serefpolicy-3.3.1/doc/html/users_user.html
 --- nsaserefpolicy/doc/html/users_user.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_user.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_user.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,112 @@
 +<html>
 +<head>
@@ -571472,7 +571472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_user.html ser
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_webadm.html serefpolicy-3.3.1/doc/html/users_webadm.html
 --- nsaserefpolicy/doc/html/users_webadm.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_webadm.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_webadm.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,112 @@
 +<html>
 +<head>
@@ -571588,7 +571588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_webadm.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_xguest.html serefpolicy-3.3.1/doc/html/users_xguest.html
 --- nsaserefpolicy/doc/html/users_xguest.html	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/doc/html/users_xguest.html	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/doc/html/users_xguest.html	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,166 @@
 +<html>
 +<head>
@@ -571758,7 +571758,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/html/users_xguest.html s
 +</html>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.3.1/Makefile
 --- nsaserefpolicy/Makefile	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/Makefile	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/Makefile	2009-02-12 22:21:57.000000000 +0100
 @@ -235,7 +235,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -571814,7 +571814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.3.1/M
  	$(verbose) $(INSTALL) -m 644 $< $@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.3.1/man/man8/ftpd_selinux.8
 --- nsaserefpolicy/man/man8/ftpd_selinux.8	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/man/man8/ftpd_selinux.8	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/man/man8/ftpd_selinux.8	2009-02-12 22:21:57.000000000 +0100
 @@ -1,52 +1,65 @@
 -.TH  "ftpd_selinux"  "8"  "17 Jan 2005" "dwalsh@redhat.com" "ftpd Selinux Policy documentation"
 +.TH  "ftpd_selinux"  "8"  "17 Jan 2005" "dwalsh@redhat.com" "ftpd SELinux policy documentation"
@@ -571922,7 +571922,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere
 +selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.3.1/man/man8/httpd_selinux.8
 --- nsaserefpolicy/man/man8/httpd_selinux.8	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/man/man8/httpd_selinux.8	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/man/man8/httpd_selinux.8	2009-02-12 22:21:57.000000000 +0100
 @@ -22,23 +22,19 @@
  .EX
  httpd_sys_content_t 
@@ -571952,9 +571952,53 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 ser
  .EX
  httpd_unconfined_script_exec_t  
  .EE 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-3.3.1/man/man8/nfs_selinux.8
+--- nsaserefpolicy/man/man8/nfs_selinux.8	2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/man/man8/nfs_selinux.8	2009-02-13 09:38:47.000000000 +0100
+@@ -1,24 +1,25 @@
+-.TH  "nfs_selinux"  "8"  "17 Jan 2005" "dwalsh@redhat.com" "nfs Selinux Policy documentation"
++.TH  "nfs_selinux"  "8"  "13 Feb 2009" "dwalsh@redhat.com" "NFS SELinux Policy documentation"
+ .SH "NAME"
+-nfs_selinux \- Security Enhanced Linux Policy for NFS
++nfs_selinux \- Security-Enhanced Linux Policy for NFS
+ .SH "DESCRIPTION"
+ 
+-Security-Enhanced Linux secures the nfs server via flexible mandatory access
++Security-Enhanced Linux secures the NFS server via flexible mandatory access
+ control.  
+ .SH BOOLEANS
+-SELinux policy is customizable based on least access required.  So by 
+-default SElinux policy does not allow nfs to share files.  If you want to 
+-setup this machine to share nfs partitions read only, you must set the boolean nfs_export_all_ro boolean.
++SELinux policy is customizable based on the least level of access required. By default, SELinux policy does not allow NFS to share files. If you want to share NFS partitions, and only allow read-only access to those NFS partitions, turn the nfs_export_all_ro boolean on:
+ 
+ .TP
+ setsebool -P nfs_export_all_ro 1
+ .TP
+-If you want to share files read/write you must set the nfs_export_all_rw boolean.
++If you want to share NFS partitions, and allow read and write access to those NFS partitions, turn the nfs_export_all_rw boolean on:
+ .TP
+ setsebool -P nfs_export_all_rw 1
+ 
+ .TP
+-If you want to use a remote NFS server for the home directories on this machine, you must set the use_nfs_home_dir boolean.
++These booleans are not required when files to be shared are labeled with the public_content_t or public_content_rw_t types. NFS can share files labeled with the public_content_t or public_content_rw_t types even if the nfs_export_all_ro and nfs_export_all_rw booleans are off.
++
++.TP
++If you want to use a remote NFS server for the home directories on this machine, you must set the use_nfs_home_dirs boolean:
+ .TP
+ setsebool -P use_nfs_home_dirs 1
+ .TP
+@@ -26,5 +27,5 @@
+ .SH AUTHOR	
+ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+ 
+-.SH "SEE ALSpppO"
++.SH "SEE ALSO"
+ selinux(8), chcon(1), setsebool(8)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.3.1/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/flask/access_vectors	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/flask/access_vectors	2009-02-12 22:21:57.000000000 +0100
 @@ -125,6 +125,7 @@
  	reparent
  	search
@@ -572241,7 +572285,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors 
 +}
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-3.3.1/policy/flask/security_classes
 --- nsaserefpolicy/policy/flask/security_classes	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/flask/security_classes	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/flask/security_classes	2009-02-12 22:21:57.000000000 +0100
 @@ -50,21 +50,19 @@
  # passwd/chfn/chsh
  class passwd			# userspace
@@ -572290,7 +572334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classe
  # FLASK
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.3.1/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/global_tunables	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/global_tunables	2009-02-12 22:21:57.000000000 +0100
 @@ -34,7 +34,7 @@
  
  ## <desc>
@@ -572331,7 +572375,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.3.1/policy/mls
 --- nsaserefpolicy/policy/mls	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/mls	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/mls	2009-02-12 22:21:57.000000000 +0100
 @@ -371,78 +371,53 @@
  
  
@@ -572613,7 +572657,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.3.1
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.3.1/policy/modules/admin/alsa.te
 --- nsaserefpolicy/policy/modules/admin/alsa.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/alsa.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/alsa.te	2009-02-12 22:21:57.000000000 +0100
 @@ -48,6 +48,7 @@
  
  files_search_home(alsa_t)
@@ -572624,7 +572668,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-3.3.1/policy/modules/admin/amanda.fc
 --- nsaserefpolicy/policy/modules/admin/amanda.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -3,6 +3,7 @@
  /etc/amanda/.*/tapelist(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
  /etc/amandates				gen_context(system_u:object_r:amanda_amandates_t,s0)
@@ -572635,7 +572679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te
 --- nsaserefpolicy/policy/modules/admin/amanda.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2009-02-12 22:21:57.000000000 +0100
 @@ -82,8 +82,9 @@
  allow amanda_t amanda_config_t:file { getattr read };
  
@@ -572685,7 +572729,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
  libs_use_shared_libs(amanda_recover_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.3.1/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/anaconda.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/anaconda.te	2009-02-12 22:21:57.000000000 +0100
 @@ -31,15 +31,14 @@
  modutils_domtrans_insmod(anaconda_t)
  
@@ -572708,7 +572752,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.if serefpolicy-3.3.1/policy/modules/admin/bootloader.if
 --- nsaserefpolicy/policy/modules/admin/bootloader.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/bootloader.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/bootloader.if	2009-02-12 22:21:57.000000000 +0100
 @@ -49,6 +49,10 @@
  
  	role $2 types bootloader_t;
@@ -572722,7 +572766,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-3.3.1/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/bootloader.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/bootloader.te	2009-02-12 22:21:57.000000000 +0100
 @@ -215,3 +215,7 @@
  	userdom_dontaudit_search_staff_home_dirs(bootloader_t)
  	userdom_dontaudit_search_sysadm_home_dirs(bootloader_t)
@@ -572733,7 +572777,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.3.1/policy/modules/admin/brctl.te
 --- nsaserefpolicy/policy/modules/admin/brctl.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/brctl.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/brctl.te	2009-02-12 22:21:57.000000000 +0100
 @@ -33,6 +33,8 @@
  
  files_read_etc_files(brctl_t)
@@ -572745,7 +572789,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.t
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.3.1/policy/modules/admin/certwatch.te
 --- nsaserefpolicy/policy/modules/admin/certwatch.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/certwatch.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/certwatch.te	2009-02-12 22:21:57.000000000 +0100
 @@ -18,6 +18,9 @@
  
  files_read_etc_files(certwatch_t)
@@ -572758,7 +572802,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.3.1/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/consoletype.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/consoletype.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,9 +8,11 @@
  
  type consoletype_t;
@@ -572784,7 +572828,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
  init_use_fds(consoletype_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-3.3.1/policy/modules/admin/firstboot.if
 --- nsaserefpolicy/policy/modules/admin/firstboot.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/firstboot.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/firstboot.if	2009-02-12 22:21:57.000000000 +0100
 @@ -141,4 +141,6 @@
  	')
  
@@ -572794,7 +572838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.3.1/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/firstboot.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/firstboot.te	2009-02-12 22:21:57.000000000 +0100
 @@ -35,9 +35,6 @@
  
  allow firstboot_t firstboot_etc_t:file { getattr read };
@@ -572843,7 +572887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
  ') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.fc serefpolicy-3.3.1/policy/modules/admin/kismet.fc
 --- nsaserefpolicy/policy/modules/admin/kismet.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,4 @@
 +/usr/bin/kismet			--	gen_context(system_u:object_r:kismet_exec_t,s0)
 +/var/lib/kismet(/.*)?			gen_context(system_u:object_r:kismet_var_lib_t,s0)
@@ -572851,7 +572895,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +/var/run/kismet_server.pid	--	gen_context(system_u:object_r:kismet_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.3.1/policy/modules/admin/kismet.if
 --- nsaserefpolicy/policy/modules/admin/kismet.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,252 @@
 +## <summary>Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.</summary>
 +
@@ -573107,7 +573151,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.3.1/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,77 @@
 +
 +policy_module(kismet, 1.0.2)
@@ -573188,7 +573232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.3.1/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kudzu.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kudzu.te	2009-02-12 22:21:57.000000000 +0100
 @@ -21,8 +21,8 @@
  # Local policy
  #
@@ -573249,7 +573293,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.3.1/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te	2009-02-12 22:21:57.000000000 +0100
 @@ -96,9 +96,11 @@
  files_read_etc_files(logrotate_t)
  files_read_etc_runtime_files(logrotate_t)
@@ -573273,7 +573317,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.3.1/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/logwatch.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/logwatch.te	2009-02-12 22:21:57.000000000 +0100
 @@ -43,6 +43,8 @@
  kernel_read_fs_sysctls(logwatch_t)
  kernel_read_kernel_sysctls(logwatch_t)
@@ -573332,7 +573376,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.3.1/policy/modules/admin/mrtg.te
 --- nsaserefpolicy/policy/modules/admin/mrtg.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te	2009-02-12 22:21:57.000000000 +0100
 @@ -78,6 +78,7 @@
  dev_read_urand(mrtg_t)
  
@@ -573398,7 +573442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.3.1/policy/modules/admin/netutils.if
 --- nsaserefpolicy/policy/modules/admin/netutils.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.if	2009-02-12 22:21:57.000000000 +0100
 @@ -124,6 +124,24 @@
  
  ########################################
@@ -573426,7 +573470,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.3.1/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.te	2009-02-12 22:21:57.000000000 +0100
 @@ -50,6 +50,7 @@
  files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
  
@@ -573549,7 +573593,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.3.1/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/prelink.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/prelink.te	2009-02-12 22:21:57.000000000 +0100
 @@ -26,7 +26,7 @@
  # Local policy
  #
@@ -573609,7 +573653,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.3.1/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/readahead.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/readahead.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,7 +22,7 @@
  # Local policy
  #
@@ -573621,7 +573665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.3.1/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,5 @@
  
 +/usr/bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -573658,7 +573702,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc 
  ifdef(`distro_suse', `
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.3.1/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.if	2009-02-12 22:21:57.000000000 +0100
 @@ -152,6 +152,24 @@
  
  ########################################
@@ -573948,18 +573992,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.3.1/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.te	2009-02-04 10:54:48.000000000 +0100
-@@ -31,6 +31,9 @@
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.te	2009-02-13 09:39:36.000000000 +0100
+@@ -31,6 +31,10 @@
  files_type(rpm_var_lib_t)
  typealias rpm_var_lib_t alias var_lib_rpm_t;
  
 +type rpm_var_run_t;
 +files_pid_file(rpm_var_run_t)
++mta_mailcontent(rpm_var_run_t)
 +
  type rpm_script_t;
  type rpm_script_exec_t;
  domain_obj_id_change_exemption(rpm_script_t)
-@@ -52,7 +55,7 @@
+@@ -52,7 +56,7 @@
  # rpm Local policy
  #
  
@@ -573968,7 +574013,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow rpm_t self:process { getattr setexec setfscreate setrlimit };
  allow rpm_t self:fd use;
-@@ -89,8 +92,12 @@
+@@ -89,8 +93,12 @@
  manage_files_pattern(rpm_t,rpm_var_lib_t,rpm_var_lib_t)
  files_var_lib_filetrans(rpm_t,rpm_var_lib_t,dir)
  
@@ -573981,7 +574026,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  corecmd_exec_all_executables(rpm_t)
  
-@@ -117,6 +124,7 @@
+@@ -117,6 +125,7 @@
  fs_manage_nfs_symlinks(rpm_t)
  fs_getattr_all_fs(rpm_t)
  fs_search_auto_mountpoints(rpm_t)
@@ -573989,7 +574034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  mls_file_read_all_levels(rpm_t)
  mls_file_write_all_levels(rpm_t)
-@@ -179,7 +187,17 @@
+@@ -179,7 +188,17 @@
  ')
  
  optional_policy(`
@@ -574008,7 +574053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  ')
  
  optional_policy(`
-@@ -190,6 +208,7 @@
+@@ -190,6 +209,7 @@
  	unconfined_domain(rpm_t)
  	# yum-updatesd requires this
  	unconfined_dbus_chat(rpm_t)
@@ -574016,7 +574061,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  ')
  
  ifdef(`TODO',`
-@@ -215,8 +234,8 @@
+@@ -215,8 +235,8 @@
  # rpm-script Local policy
  #
  
@@ -574027,7 +574072,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  allow rpm_script_t self:fd use;
  allow rpm_script_t self:fifo_file rw_fifo_file_perms;
  allow rpm_script_t self:unix_dgram_socket create_socket_perms;
-@@ -227,12 +246,15 @@
+@@ -227,12 +247,15 @@
  allow rpm_script_t self:sem create_sem_perms;
  allow rpm_script_t self:msgq create_msgq_perms;
  allow rpm_script_t self:msg { send receive };
@@ -574043,7 +574088,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
  
  manage_dirs_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
-@@ -285,6 +307,7 @@
+@@ -285,6 +308,7 @@
  auth_use_nsswitch(rpm_script_t)
  # ideally we would not need this
  auth_manage_all_files_except_shadow(rpm_script_t)
@@ -574051,7 +574096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  corecmd_exec_all_executables(rpm_script_t)
  
-@@ -298,6 +321,7 @@
+@@ -298,6 +322,7 @@
  files_exec_etc_files(rpm_script_t)
  files_read_etc_runtime_files(rpm_script_t)
  files_exec_usr_files(rpm_script_t)
@@ -574059,7 +574104,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  init_domtrans_script(rpm_script_t)
  
-@@ -317,6 +341,7 @@
+@@ -317,6 +342,7 @@
  seutil_domtrans_loadpolicy(rpm_script_t)
  seutil_domtrans_setfiles(rpm_script_t)
  seutil_domtrans_semanage(rpm_script_t)
@@ -574067,7 +574112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  userdom_use_all_users_fds(rpm_script_t)
  
-@@ -335,6 +360,10 @@
+@@ -335,6 +361,10 @@
  ')
  
  optional_policy(`
@@ -574078,7 +574123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  	tzdata_domtrans(rpm_t)
  	tzdata_domtrans(rpm_script_t)
  ')
-@@ -342,6 +371,7 @@
+@@ -342,6 +372,7 @@
  optional_policy(`
  	unconfined_domain(rpm_script_t)
  	unconfined_domtrans(rpm_script_t)
@@ -574086,7 +574131,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  	optional_policy(`
  		java_domtrans(rpm_script_t)
-@@ -353,6 +383,11 @@
+@@ -353,6 +384,11 @@
  ')
  
  optional_policy(`
@@ -574100,7 +574145,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.3.1/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/sudo.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/sudo.if	2009-02-12 22:21:57.000000000 +0100
 @@ -55,7 +55,7 @@
  	#
  
@@ -574210,7 +574255,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.3.1/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/su.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/su.if	2009-02-12 22:21:57.000000000 +0100
 @@ -41,15 +41,13 @@
  
  	allow $2 $1_su_t:process signal;
@@ -574371,7 +574416,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  #######################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2009-02-12 22:21:57.000000000 +0100
 @@ -26,8 +26,12 @@
  files_read_etc_files(tmpreaper_t)
  files_read_var_lib_files(tmpreaper_t)
@@ -574422,7 +574467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.3.1/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te	2009-02-12 22:21:57.000000000 +0100
 @@ -97,6 +97,7 @@
  
  # allow checking if a shell is executable
@@ -574499,7 +574544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.3.1/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te	2009-02-12 22:21:57.000000000 +0100
 @@ -23,6 +23,9 @@
  dev_rwx_zero(vbetool_t)
  dev_read_sysfs(vbetool_t)
@@ -574521,7 +574566,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-3.3.1/policy/modules/admin/vpn.fc
 --- nsaserefpolicy/policy/modules/admin/vpn.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -6,6 +6,7 @@
  #
  # /usr
@@ -574532,7 +574577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc 
  /var/run/vpnc(/.*)?		gen_context(system_u:object_r:vpnc_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.3.1/policy/modules/admin/vpn.if
 --- nsaserefpolicy/policy/modules/admin/vpn.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.if	2009-02-12 22:21:57.000000000 +0100
 @@ -15,7 +15,7 @@
  		type vpnc_t, vpnc_exec_t;
  	')
@@ -574597,7 +574642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if 
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2009-02-12 22:21:57.000000000 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(vpn,1.7.1)
@@ -574638,7 +574683,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te 
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.3.1/policy/modules/apps/ethereal.fc
 --- nsaserefpolicy/policy/modules/apps/ethereal.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.ethereal(/.*)? 		gen_context(system_u:object_r:ROLE_ethereal_home_t,s0)
 +HOME_DIR/\.ethereal(/.*)? 		gen_context(system_u:object_r:user_ethereal_home_t,s0)
@@ -574647,7 +574692,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
  /usr/sbin/tethereal.*		--	gen_context(system_u:object_r:tethereal_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.if serefpolicy-3.3.1/policy/modules/apps/ethereal.if
 --- nsaserefpolicy/policy/modules/apps/ethereal.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`ethereal_per_role_template',`
  
@@ -574705,7 +574750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
  #######################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.te serefpolicy-3.3.1/policy/modules/apps/ethereal.te
 --- nsaserefpolicy/policy/modules/apps/ethereal.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,13 @@
  type tethereal_tmp_t;
  files_tmp_file(tethereal_tmp_t)
@@ -574722,7 +574767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
  # Tethereal policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolution.fc serefpolicy-3.3.1/policy/modules/apps/evolution.fc
 --- nsaserefpolicy/policy/modules/apps/evolution.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/evolution.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/evolution.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -2,13 +2,13 @@
  # HOME_DIR/
  #
@@ -574742,7 +574787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolutio
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolution.if serefpolicy-3.3.1/policy/modules/apps/evolution.if
 --- nsaserefpolicy/policy/modules/apps/evolution.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/evolution.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/evolution.if	2009-02-12 22:21:57.000000000 +0100
 @@ -247,7 +247,7 @@
  
  	mta_read_config($1_evolution_t)
@@ -574781,7 +574826,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolutio
  		nscd_socket_use($1_evolution_webcal_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.3.1/policy/modules/apps/games.if
 --- nsaserefpolicy/policy/modules/apps/games.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/games.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/games.if	2009-02-12 22:21:57.000000000 +0100
 @@ -146,7 +146,7 @@
  	')
  
@@ -574817,7 +574862,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.fc serefpolicy-3.3.1/policy/modules/apps/gift.fc
 --- nsaserefpolicy/policy/modules/apps/gift.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.giFT(/.*)?			gen_context(system_u:object_r:ROLE_gift_home_t,s0)
 +HOME_DIR/\.giFT(/.*)?			gen_context(system_u:object_r:user_gift_home_t,s0)
@@ -574826,7 +574871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.fc 
  /usr/(local/)?bin/giftd		--	gen_context(system_u:object_r:giftd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.if serefpolicy-3.3.1/policy/modules/apps/gift.if
 --- nsaserefpolicy/policy/modules/apps/gift.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.if	2009-02-12 22:21:57.000000000 +0100
 @@ -43,9 +43,9 @@
  	application_domain($1_gift_t,gift_exec_t)
  	role $3 types $1_gift_t;
@@ -574900,7 +574945,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.if 
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.te serefpolicy-3.3.1/policy/modules/apps/gift.te
 --- nsaserefpolicy/policy/modules/apps/gift.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.te	2009-02-12 22:21:57.000000000 +0100
 @@ -11,3 +11,7 @@
  
  type giftd_exec_t;
@@ -574911,7 +574956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.te 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.3.1/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,8 +1,8 @@
 -HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:ROLE_gnome_home_t,s0)
 -HOME_DIR/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:ROLE_gconf_home_t,s0)
@@ -574928,7 +574973,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
  /usr/libexec/gconfd-2 	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.3.1/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.if	2009-02-12 22:21:57.000000000 +0100
 @@ -33,9 +33,60 @@
  ## </param>
  #
@@ -575164,7 +575209,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.3.1/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,8 +8,19 @@
  
  attribute gnomedomain;
@@ -575190,7 +575235,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
 +typealias user_gconf_tmp_t alias unconfined_gconf_tmp_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.3.1/policy/modules/apps/gpg.fc
 --- nsaserefpolicy/policy/modules/apps/gpg.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,9 +1,9 @@
 -HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
 +HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:user_gpg_secret_t,s0)
@@ -575207,7 +575252,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
 +/usr/lib(64)?/gnupg/gpgkeys.* --	gen_context(system_u:object_r:gpg_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.3.1/policy/modules/apps/gpg.if
 --- nsaserefpolicy/policy/modules/apps/gpg.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.if	2009-02-12 22:21:57.000000000 +0100
 @@ -38,6 +38,10 @@
  	gen_require(`
  		type gpg_exec_t, gpg_helper_exec_t;
@@ -575533,7 +575578,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.3.1/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.te	2009-02-12 22:21:57.000000000 +0100
 @@ -7,15 +7,243 @@
  #
  
@@ -575784,7 +575829,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.3.1/policy/modules/apps/irc.fc
 --- nsaserefpolicy/policy/modules/apps/irc.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,7 +1,7 @@
  #
  # /home
@@ -575796,7 +575841,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.3.1/policy/modules/apps/irc.if
 --- nsaserefpolicy/policy/modules/apps/irc.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`irc_per_role_template',`
  	gen_require(`
@@ -575853,7 +575898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s
  	domtrans_pattern($2,irc_exec_t,$1_irc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.3.1/policy/modules/apps/irc.te
 --- nsaserefpolicy/policy/modules/apps/irc.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,3 +8,10 @@
  
  type irc_exec_t;
@@ -575867,7 +575912,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
 +	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.3.1/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -3,14 +3,15 @@
  #
  /opt/(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
@@ -575901,7 +575946,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
 +/usr/bin/octave-[^/]*  	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.if	2009-02-12 22:21:57.000000000 +0100
 @@ -32,7 +32,7 @@
  ##	</summary>
  ## </param>
@@ -576169,7 +576214,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.3.1/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.te	2009-02-12 22:21:57.000000000 +0100
 @@ -6,16 +6,10 @@
  # Declarations
  #
@@ -576222,13 +576267,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.3.1/policy/modules/apps/livecd.fc
 --- nsaserefpolicy/policy/modules/apps/livecd.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.3.1/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,56 @@
 +
 +## <summary>policy for livecd</summary>
@@ -576288,7 +576333,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.3.1/policy/modules/apps/livecd.te
 --- nsaserefpolicy/policy/modules/apps/livecd.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,22 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -576314,7 +576359,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.3.1/policy/modules/apps/loadkeys.te
 --- nsaserefpolicy/policy/modules/apps/loadkeys.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te	2009-02-12 22:21:57.000000000 +0100
 @@ -44,3 +44,7 @@
  optional_policy(`
  	nscd_dontaudit_search_pid(loadkeys_t)
@@ -576325,7 +576370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
 +userdom_dontaudit_list_sysadm_home_dirs(loadkeys_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2009-02-12 22:21:57.000000000 +0100
 @@ -18,3 +18,122 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, mono_exec_t, mono_t)
@@ -576451,7 +576496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.3.1/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mono.te	2009-02-12 22:21:57.000000000 +0100
 @@ -15,7 +15,7 @@
  # Local policy
  #
@@ -576471,7 +576516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.3.1/policy/modules/apps/mozilla.fc
 --- nsaserefpolicy/policy/modules/apps/mozilla.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,8 +1,8 @@
 -HOME_DIR/\.galeon(/.*)?			gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
 -HOME_DIR/\.java(/.*)?			gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
@@ -576502,7 +576547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.3.1/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,7 +35,10 @@
  template(`mozilla_per_role_template',`
  	gen_require(`
@@ -577003,7 +577048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.3.1/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.te	2009-02-12 22:21:57.000000000 +0100
 @@ -6,15 +6,19 @@
  # Declarations
  #
@@ -577033,7 +577078,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.3.1/policy/modules/apps/mplayer.fc
 --- nsaserefpolicy/policy/modules/apps/mplayer.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,13 +1,8 @@
  #
 -# /etc
@@ -577051,7 +577096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
 +HOME_DIR/\.mplayer(/.*)?        gen_context(system_u:object_r:user_mplayer_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.3.1/policy/modules/apps/mplayer.if
 --- nsaserefpolicy/policy/modules/apps/mplayer.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`mplayer_per_role_template',`
  	gen_require(`
@@ -577202,7 +577247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.3.1/policy/modules/apps/mplayer.te
 --- nsaserefpolicy/policy/modules/apps/mplayer.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,3 +22,7 @@
  type mplayer_exec_t;
  corecmd_executable_file(mplayer_exec_t)
@@ -577213,7 +577258,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc
 --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,8 @@
 +
 +/usr/lib(64)?/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
@@ -577225,7 +577270,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +HOME_DIR/\.gstreamer-.*			gen_context(system_u:object_r:user_nsplugin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,378 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -577607,7 +577652,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,235 @@
 +
 +policy_module(nsplugin,1.0.0)
@@ -577846,14 +577891,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.3.1/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.3.1/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,98 @@
 +## <summary>Openoffice</summary>
 +
@@ -577955,7 +578000,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.3.1/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,14 @@
 +
 +policy_module(openoffice,1.0.0)
@@ -577973,7 +578018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.3.1/policy/modules/apps/screen.fc
 --- nsaserefpolicy/policy/modules/apps/screen.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,7 +1,7 @@
  #
  # /home
@@ -577985,7 +578030,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.f
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.3.1/policy/modules/apps/screen.if
 --- nsaserefpolicy/policy/modules/apps/screen.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`screen_per_role_template',`
  	gen_require(`
@@ -578040,7 +578085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.i
  	kernel_read_kernel_sysctls($1_screen_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.te serefpolicy-3.3.1/policy/modules/apps/screen.te
 --- nsaserefpolicy/policy/modules/apps/screen.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.te	2009-02-12 22:21:57.000000000 +0100
 @@ -11,3 +11,7 @@
  
  type screen_exec_t;
@@ -578051,7 +578096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.3.1/policy/modules/apps/slocate.te
 --- nsaserefpolicy/policy/modules/apps/slocate.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/slocate.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/slocate.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,7 +22,7 @@
  #
  
@@ -578071,7 +578116,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
  files_read_etc_files(locate_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.fc serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc
 --- nsaserefpolicy/policy/modules/apps/thunderbird.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -3,4 +3,4 @@
  #
  /usr/bin/thunderbird.*			--	gen_context(system_u:object_r:thunderbird_exec_t,s0)
@@ -578080,7 +578125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
 +HOME_DIR/\.thunderbird(/.*)?			gen_context(system_u:object_r:user_thunderbird_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.if serefpolicy-3.3.1/policy/modules/apps/thunderbird.if
 --- nsaserefpolicy/policy/modules/apps/thunderbird.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.if	2009-02-12 22:21:57.000000000 +0100
 @@ -43,9 +43,9 @@
  	application_domain($1_thunderbird_t,thunderbird_exec_t)
  	role $3 types $1_thunderbird_t;
@@ -578139,7 +578184,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.te serefpolicy-3.3.1/policy/modules/apps/thunderbird.te
 --- nsaserefpolicy/policy/modules/apps/thunderbird.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,3 +8,7 @@
  
  type thunderbird_exec_t;
@@ -578150,7 +578195,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.if serefpolicy-3.3.1/policy/modules/apps/tvtime.if
 --- nsaserefpolicy/policy/modules/apps/tvtime.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/tvtime.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/tvtime.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`tvtime_per_role_template',`
  	gen_require(`
@@ -578228,7 +578273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.i
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.te serefpolicy-3.3.1/policy/modules/apps/tvtime.te
 --- nsaserefpolicy/policy/modules/apps/tvtime.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/tvtime.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/tvtime.te	2009-02-12 22:21:57.000000000 +0100
 @@ -11,3 +11,9 @@
  
  type tvtime_dir_t;
@@ -578241,7 +578286,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.t
 +files_tmp_file(user_tvtime_tmp_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc serefpolicy-3.3.1/policy/modules/apps/uml.fc
 --- nsaserefpolicy/policy/modules/apps/uml.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/uml.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/uml.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,7 +1,7 @@
  #
  # HOME_DIR/
@@ -578253,7 +578298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc s
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.3.1/policy/modules/apps/userhelper.if
 --- nsaserefpolicy/policy/modules/apps/userhelper.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/userhelper.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/userhelper.if	2009-02-12 22:21:57.000000000 +0100
 @@ -181,24 +181,6 @@
  		nscd_socket_use($1_userhelper_t)
  	')
@@ -578320,7 +578365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
  	allow $2 $1_userhelper_t:process sigchld;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetctl.if serefpolicy-3.3.1/policy/modules/apps/usernetctl.if
 --- nsaserefpolicy/policy/modules/apps/usernetctl.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.if	2009-02-12 22:21:57.000000000 +0100
 @@ -63,4 +63,8 @@
  	optional_policy(`
  		modutils_run_insmod(usernetctl_t,$2,$3)
@@ -578332,7 +578377,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetc
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetctl.te serefpolicy-3.3.1/policy/modules/apps/usernetctl.te
 --- nsaserefpolicy/policy/modules/apps/usernetctl.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.te	2009-02-12 22:21:57.000000000 +0100
 @@ -49,15 +49,21 @@
  
  fs_search_auto_mountpoints(usernetctl_t)
@@ -578357,7 +578402,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetc
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.3.1/policy/modules/apps/vmware.fc
 --- nsaserefpolicy/policy/modules/apps/vmware.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,9 +1,9 @@
  #
  # HOME_DIR/
@@ -578408,7 +578453,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.f
 +/usr/lib/vmware-tools/sbin64/vmware.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.3.1/policy/modules/apps/vmware.if
 --- nsaserefpolicy/policy/modules/apps/vmware.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.if	2009-02-12 22:21:57.000000000 +0100
 @@ -164,7 +164,7 @@
  	sysnet_dns_name_resolve($1_vmware_t)
  	sysnet_read_config($1_vmware_t)
@@ -578443,7 +578488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.i
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.3.1/policy/modules/apps/vmware.te
 --- nsaserefpolicy/policy/modules/apps/vmware.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,17 +22,21 @@
  type vmware_var_run_t;
  files_pid_file(vmware_var_run_t)
@@ -578511,7 +578556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.3.1/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,6 @@
  /usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
  
@@ -578523,7 +578568,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc 
 +HOME_DIR/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.3.1/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.if	2009-02-12 22:21:57.000000000 +0100
 @@ -49,3 +49,53 @@
  	role $2 types wine_t;
  	allow wine_t $3:chr_file rw_term_perms;
@@ -578580,7 +578625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.3.1/policy/modules/apps/wine.te
 --- nsaserefpolicy/policy/modules/apps/wine.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.te	2009-02-12 22:21:57.000000000 +0100
 @@ -9,6 +9,7 @@
  type wine_t;
  type wine_exec_t;
@@ -578612,7 +578657,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc	2009-02-12 22:39:01.000000000 +0100
 @@ -7,11 +7,11 @@
  /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
  /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
@@ -578672,7 +578717,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
-@@ -178,6 +178,8 @@
+@@ -175,9 +175,13 @@
+ /usr/lib(64)?/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
+ 
++/usr/lib/wicd/monitor.py       --       gen_context(system_u:object_r:bin_t, s0)
++
  /usr/lib(64)?/xen/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  
  /usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
@@ -578681,7 +578731,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
  
  /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
-@@ -185,8 +187,12 @@
+@@ -185,8 +189,12 @@
  /usr/local/Brother(/.*)?/lpd(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  /usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
  /usr/local/Printer/[^/]*/lpd(/.*)?     	gen_context(system_u:object_r:bin_t,s0)
@@ -578694,7 +578744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
-@@ -213,9 +219,11 @@
+@@ -213,9 +221,11 @@
  /etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
  
  /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -578707,7 +578757,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/authconfig/authconfig\.py --	gen_context(system_u:object_r:bin_t,s0)
-@@ -223,7 +231,6 @@
+@@ -223,7 +233,6 @@
  /usr/share/clamav/clamd-gen	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/clamav/freshclam-sleep --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/fedora-usermgmt/wrapper --	gen_context(system_u:object_r:bin_t,s0)
@@ -578715,7 +578765,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /usr/share/hwbrowser/hwbrowser --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/pydict/pydict\.py	--	gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +291,12 @@
+@@ -284,3 +293,12 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -578730,7 +578780,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.3.1/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.if	2009-02-12 22:21:57.000000000 +0100
 @@ -875,6 +875,7 @@
  
  	read_lnk_files_pattern($1,bin_t,bin_t)
@@ -578741,7 +578791,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,60874 @@
 +#
 +# This is a generated file!  Instead of modifying this file, the
@@ -639619,7 +639669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in	2009-02-12 22:21:57.000000000 +0100
 @@ -1441,10 +1441,11 @@
  #
  interface(`corenet_tcp_bind_all_unreserved_ports',`
@@ -639650,7 +639700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,1754 @@
 +#
 +# This is a generated file!  Instead of modifying this file, the
@@ -641408,7 +641458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
 +allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2009-02-12 22:21:57.000000000 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(corenetwork,1.2.15)
@@ -641522,7 +641572,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(xen, tcp,8002,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.3.1/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,7 +1,7 @@
  
  /dev			-d	gen_context(system_u:object_r:device_t,s0)
@@ -641651,7 +641701,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.3.1/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.if	2009-02-12 22:21:57.000000000 +0100
 @@ -65,7 +65,7 @@
  
  	relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -642078,7 +642128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.3.1/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.te	2009-02-12 22:21:57.000000000 +0100
 @@ -32,6 +32,12 @@
  type apm_bios_t;
  dev_node(apm_bios_t)
@@ -642146,7 +642196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  type power_device_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.3.1/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.if	2009-02-12 22:21:57.000000000 +0100
 @@ -525,7 +525,7 @@
  	')
  
@@ -642196,7 +642246,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  ##	all protocols (TCP, UDP, etc)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2009-02-12 22:21:57.000000000 +0100
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -642271,7 +642321,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.3.1/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -32,6 +32,7 @@
  /boot/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
  /boot/lost\+found/.*		<<none>>
@@ -642282,7 +642332,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  # /emul
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2009-02-12 22:21:57.000000000 +0100
 @@ -110,6 +110,11 @@
  ## </param>
  #
@@ -642670,7 +642720,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.3.1/policy/modules/kernel/files.te
 --- nsaserefpolicy/policy/modules/kernel/files.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.te	2009-02-12 22:21:57.000000000 +0100
 @@ -50,11 +50,15 @@
  #
  # etc_t is the type of the system etc directories.
@@ -642710,7 +642760,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2009-02-12 22:21:57.000000000 +0100
 @@ -310,6 +310,25 @@
  
  ########################################
@@ -643112,7 +643162,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.3.1/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te	2009-02-12 22:21:57.000000000 +0100
 @@ -21,10 +21,11 @@
  
  # Use xattrs for the following filesystem types.
@@ -643176,7 +643226,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.3.1/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if	2009-02-12 22:21:57.000000000 +0100
 @@ -330,6 +330,11 @@
  
  	allow $1 self:capability sys_module;
@@ -643847,7 +643897,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te	2009-02-12 22:21:57.000000000 +0100
 @@ -45,6 +45,15 @@
  sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
  
@@ -643940,7 +643990,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-3.3.1/policy/modules/kernel/mls.if
 --- nsaserefpolicy/policy/modules/kernel/mls.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/mls.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/mls.if	2009-02-12 22:21:57.000000000 +0100
 @@ -612,6 +612,26 @@
  ########################################
  ## <summary>
@@ -643997,7 +644047,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.3.1/policy/modules/kernel/selinux.if
 --- nsaserefpolicy/policy/modules/kernel/selinux.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/selinux.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/selinux.if	2009-02-12 22:21:57.000000000 +0100
 @@ -164,6 +164,7 @@
  		type security_t;
  	')
@@ -644118,7 +644168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-3.3.1/policy/modules/kernel/selinux.te
 --- nsaserefpolicy/policy/modules/kernel/selinux.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/selinux.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/selinux.te	2009-02-12 22:21:57.000000000 +0100
 @@ -10,6 +10,7 @@
  attribute can_setenforce;
  attribute can_setsecparam;
@@ -644142,7 +644192,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
  neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.3.1/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/storage.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/storage.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -13,6 +13,7 @@
  /dev/cm20.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/dasd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -644178,7 +644228,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  /dev/ataraid/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.3.1/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/storage.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/storage.if	2009-02-12 22:21:57.000000000 +0100
 @@ -81,6 +81,26 @@
  
  ########################################
@@ -644208,7 +644258,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  ##	SELinux protections for filesystem objects, and
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.3.1/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/terminal.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/terminal.if	2009-02-12 22:21:57.000000000 +0100
 @@ -525,11 +525,13 @@
  interface(`term_use_generic_ptys',`
  	gen_require(`
@@ -644237,7 +644287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.if serefpolicy-3.3.1/policy/modules/services/aide.if
 --- nsaserefpolicy/policy/modules/services/aide.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/aide.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/aide.if	2009-02-12 22:21:57.000000000 +0100
 @@ -79,10 +79,12 @@
  
  	allow $1 aide_t:process { ptrace signal_perms };
@@ -644255,7 +644305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.fc serefpolicy-3.3.1/policy/modules/services/amavis.fc
 --- nsaserefpolicy/policy/modules/services/amavis.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -3,6 +3,7 @@
  /etc/amavisd(/.*)?		--	gen_context(system_u:object_r:amavis_etc_t,s0)
  
@@ -644272,7 +644322,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
 +/etc/rc\.d/init\.d/amavis	--	gen_context(system_u:object_r:amavis_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.3.1/policy/modules/services/amavis.if
 --- nsaserefpolicy/policy/modules/services/amavis.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.if	2009-02-12 22:21:57.000000000 +0100
 @@ -189,6 +189,25 @@
  
  ########################################
@@ -644346,7 +644396,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.3.1/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.te	2009-02-12 22:21:57.000000000 +0100
 @@ -13,7 +13,7 @@
  
  # configuration files
@@ -644377,7 +644427,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
  read_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,28 +1,28 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
 -
@@ -644474,7 +644524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +/etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.if	2009-02-12 22:21:57.000000000 +0100
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -645127,7 +645177,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.te	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -645769,7 +645819,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +manage_lnk_files_pattern(httpd_t,httpdcontent,httpd_rw_content)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.3.1/policy/modules/services/apcupsd.fc
 --- nsaserefpolicy/policy/modules/services/apcupsd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -13,3 +13,5 @@
  /var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
  /var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
@@ -645778,7 +645828,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +/etc/rc\.d/init\.d/apcupsd	--	gen_context(system_u:object_r:apcupsd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.3.1/policy/modules/services/apcupsd.if
 --- nsaserefpolicy/policy/modules/services/apcupsd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -90,10 +90,102 @@
  ## </summary>
  ## </param>
@@ -645885,7 +645935,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.3.1/policy/modules/services/apcupsd.te
 --- nsaserefpolicy/policy/modules/services/apcupsd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,6 +22,9 @@
  type apcupsd_var_run_t;
  files_pid_file(apcupsd_var_run_t)
@@ -645910,7 +645960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.3.1/policy/modules/services/apm.te
 --- nsaserefpolicy/policy/modules/services/apm.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apm.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apm.te	2009-02-12 22:21:57.000000000 +0100
 @@ -190,6 +190,10 @@
  	dbus_stub(apmd_t)
  
@@ -645924,7 +645974,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.fc serefpolicy-3.3.1/policy/modules/services/arpwatch.fc
 --- nsaserefpolicy/policy/modules/services/arpwatch.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -9,3 +9,5 @@
  #
  /var/arpwatch(/.*)?		gen_context(system_u:object_r:arpwatch_data_t,s0)
@@ -645933,7 +645983,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
 +/etc/rc\.d/init\.d/arpwatch	--	gen_context(system_u:object_r:arpwatch_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.3.1/policy/modules/services/arpwatch.if
 --- nsaserefpolicy/policy/modules/services/arpwatch.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.if	2009-02-12 22:21:57.000000000 +0100
 @@ -90,3 +90,73 @@
  
  	dontaudit $1 arpwatch_t:packet_socket { read write };
@@ -646010,7 +646060,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.3.1/policy/modules/services/arpwatch.te
 --- nsaserefpolicy/policy/modules/services/arpwatch.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.te	2009-02-12 22:21:57.000000000 +0100
 @@ -19,6 +19,9 @@
  type arpwatch_var_run_t;
  files_pid_file(arpwatch_var_run_t)
@@ -646023,7 +646073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.fc serefpolicy-3.3.1/policy/modules/services/asterisk.fc
 --- nsaserefpolicy/policy/modules/services/asterisk.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -6,3 +6,4 @@
  /var/log/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_log_t,s0)
  /var/run/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_var_run_t,s0)
@@ -646031,7 +646081,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
 +/etc/rc\.d/init\.d/asterisk	--	gen_context(system_u:object_r:asterisk_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.3.1/policy/modules/services/asterisk.if
 --- nsaserefpolicy/policy/modules/services/asterisk.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,83 @@
  ## <summary>Asterisk IP telephony server</summary>
 +
@@ -646118,7 +646168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.3.1/policy/modules/services/asterisk.te
 --- nsaserefpolicy/policy/modules/services/asterisk.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.te	2009-02-12 22:21:57.000000000 +0100
 @@ -31,6 +31,9 @@
  type asterisk_var_run_t;
  files_pid_file(asterisk_var_run_t)
@@ -646131,7 +646181,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-3.3.1/policy/modules/services/automount.fc
 --- nsaserefpolicy/policy/modules/services/automount.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -12,4 +12,7 @@
  # /var
  #
@@ -646143,7 +646193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.3.1/policy/modules/services/automount.if
 --- nsaserefpolicy/policy/modules/services/automount.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.if	2009-02-12 22:21:57.000000000 +0100
 @@ -74,3 +74,109 @@
  
  	dontaudit $1 automount_tmp_t:dir getattr;
@@ -646256,7 +646306,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.3.1/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.te	2009-02-04 11:09:17.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.te	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,9 @@
  files_tmp_file(automount_tmp_t)
  files_mountpoint(automount_tmp_t)
@@ -646362,7 +646412,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.3.1/policy/modules/services/avahi.fc
 --- nsaserefpolicy/policy/modules/services/avahi.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,5 +1,9 @@
 +/etc/rc\.d/init\.d/avahi.*	--	gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
  
@@ -646375,7 +646425,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
  /var/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.3.1/policy/modules/services/avahi.if
 --- nsaserefpolicy/policy/modules/services/avahi.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.if	2009-02-12 22:21:57.000000000 +0100
 @@ -2,6 +2,103 @@
  
  ########################################
@@ -646528,7 +646578,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.3.1/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.te	2009-02-12 22:21:57.000000000 +0100
 @@ -10,6 +10,12 @@
  type avahi_exec_t;
  init_daemon_domain(avahi_t,avahi_exec_t)
@@ -646580,7 +646630,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.3.1/policy/modules/services/bind.fc
 --- nsaserefpolicy/policy/modules/services/bind.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -49,3 +49,5 @@
  /var/named/chroot/var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
  /var/named/dynamic(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
@@ -646589,7 +646639,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 +/etc/rc\.d/init\.d/named	--	gen_context(system_u:object_r:named_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.3.1/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.if	2009-02-12 22:21:57.000000000 +0100
 @@ -38,6 +38,42 @@
  
  ########################################
@@ -646730,7 +646780,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.3.1/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.te	2009-02-12 22:21:57.000000000 +0100
 @@ -53,6 +53,9 @@
  init_system_domain(ndc_t,ndc_exec_t)
  role system_r types ndc_t;
@@ -646769,7 +646819,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  domain_use_interactive_fds(ndc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.fc serefpolicy-3.3.1/policy/modules/services/bitlbee.fc
 --- nsaserefpolicy/policy/modules/services/bitlbee.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,3 +1,6 @@
  /usr/sbin/bitlbee	--	gen_context(system_u:object_r:bitlbee_exec_t,s0)
  /etc/bitlbee(/.*)?		gen_context(system_u:object_r:bitlbee_conf_t,s0)
@@ -646779,7 +646829,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
 +/etc/rc\.d/init\.d/bitlbee	--	gen_context(system_u:object_r:bitlbee_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.if serefpolicy-3.3.1/policy/modules/services/bitlbee.if
 --- nsaserefpolicy/policy/modules/services/bitlbee.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.if	2009-02-12 22:21:57.000000000 +0100
 @@ -20,3 +20,70 @@
  	allow $1 bitlbee_conf_t:file { read getattr };
  ')
@@ -646853,7 +646903,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
 --- nsaserefpolicy/policy/modules/services/bitlbee.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2009-02-12 22:21:57.000000000 +0100
 @@ -17,6 +17,12 @@
  type bitlbee_var_t;
  files_type(bitlbee_var_t)
@@ -646907,7 +646957,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.3.1/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -22,3 +22,8 @@
  #
  /var/lib/bluetooth(/.*)?	gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
@@ -646919,7 +646969,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
 +/etc/rc\.d/init\.d/pand	--	gen_context(system_u:object_r:bluetooth_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.3.1/policy/modules/services/bluetooth.if
 --- nsaserefpolicy/policy/modules/services/bluetooth.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,7 +35,7 @@
  template(`bluetooth_per_role_template',`
  	gen_require(`
@@ -647029,7 +647079,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.3.1/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.te	2009-02-12 22:21:57.000000000 +0100
 @@ -32,19 +32,22 @@
  type bluetooth_var_run_t;
  files_pid_file(bluetooth_var_run_t)
@@ -647100,7 +647150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.fc serefpolicy-3.3.1/policy/modules/services/canna.fc
 --- nsaserefpolicy/policy/modules/services/canna.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -20,3 +20,5 @@
  /var/run/\.iroha_unix	-d	gen_context(system_u:object_r:canna_var_run_t,s0)
  /var/run/\.iroha_unix/.* -s	gen_context(system_u:object_r:canna_var_run_t,s0)
@@ -647109,7 +647159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
 +/etc/rc\.d/init\.d/canna	--	gen_context(system_u:object_r:canna_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.if serefpolicy-3.3.1/policy/modules/services/canna.if
 --- nsaserefpolicy/policy/modules/services/canna.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.if	2009-02-12 22:21:57.000000000 +0100
 @@ -18,3 +18,74 @@
  	files_search_pids($1)
  	stream_connect_pattern($1,canna_var_run_t,canna_var_run_t,canna_t)
@@ -647187,7 +647237,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.te serefpolicy-3.3.1/policy/modules/services/canna.te
 --- nsaserefpolicy/policy/modules/services/canna.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.te	2009-02-12 22:21:57.000000000 +0100
 @@ -19,6 +19,9 @@
  type canna_var_run_t;
  files_pid_file(canna_var_run_t)
@@ -647200,7 +647250,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.3.1/policy/modules/services/clamav.fc
 --- nsaserefpolicy/policy/modules/services/clamav.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -5,16 +5,18 @@
  /usr/bin/freshclam		--	gen_context(system_u:object_r:freshclam_exec_t,s0)
  
@@ -647227,7 +647277,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +/etc/rc\.d/init\.d/clamd-wrapper	--	gen_context(system_u:object_r:clamd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.3.1/policy/modules/services/clamav.if
 --- nsaserefpolicy/policy/modules/services/clamav.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.if	2009-02-12 22:21:57.000000000 +0100
 @@ -38,6 +38,27 @@
  
  ########################################
@@ -647375,7 +647425,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.3.1/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2009-02-12 22:21:57.000000000 +0100
 @@ -13,7 +13,7 @@
  
  # configuration files
@@ -647465,7 +647515,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.3.1/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,3 +1,6 @@
  /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
  
@@ -647475,7 +647525,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +/var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.3.1/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.if	2009-02-12 22:21:57.000000000 +0100
 @@ -38,3 +38,24 @@
  	allow $1 consolekit_t:dbus send_msg;
  	allow consolekit_t $1:dbus send_msg;
@@ -647503,7 +647553,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.3.1/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.te	2009-02-12 22:21:57.000000000 +0100
 @@ -13,6 +13,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -647621,7 +647671,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
 --- nsaserefpolicy/policy/modules/services/courier.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,5 @@
  /etc/courier(/.*)?				gen_context(system_u:object_r:courier_etc_t,s0)
 +/etc/authlib(/.*)?				gen_context(system_u:object_r:courier_etc_t,s0)
@@ -647657,7 +647707,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +/var/spool/authdaemon(/.*)?		gen_context(system_u:object_r:courier_spool_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
 --- nsaserefpolicy/policy/modules/services/courier.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.if	2009-02-12 22:21:57.000000000 +0100
 @@ -123,3 +123,77 @@
  
  	domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
@@ -647738,7 +647788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.te	2009-02-12 22:21:57.000000000 +0100
 @@ -9,7 +9,10 @@
  courier_domain_template(authdaemon)
  
@@ -647771,7 +647821,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
  # Calendar (PCP) local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.3.1/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -17,6 +17,8 @@
  /var/run/fcron\.fifo		-s	gen_context(system_u:object_r:crond_var_run_t,s0)
  /var/run/fcron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -647788,7 +647838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.3.1/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,38 +35,24 @@
  #
  template(`cron_per_role_template',`
@@ -648143,7 +648193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.3.1/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.te	2009-02-12 22:21:57.000000000 +0100
 @@ -12,14 +12,6 @@
  
  ## <desc>
@@ -648421,7 +648471,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 -') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.3.1/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -8,24 +8,35 @@
  /etc/cups/ppd/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -648493,7 +648543,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.3.1/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.if	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,30 @@
  
  ########################################
@@ -648653,7 +648703,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.3.1/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.te	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,9 @@
  type cupsd_etc_t;
  files_config_file(cupsd_etc_t)
@@ -649050,7 +649100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-3.3.1/policy/modules/services/cvs.fc
 --- nsaserefpolicy/policy/modules/services/cvs.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -5,3 +5,6 @@
  
  /var/cvs(/.*)?		gen_context(system_u:object_r:cvs_data_t,s0)
@@ -649060,7 +649110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
 +/var/www/cgi-bin/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.3.1/policy/modules/services/cvs.if
 --- nsaserefpolicy/policy/modules/services/cvs.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.if	2009-02-12 22:21:57.000000000 +0100
 @@ -36,3 +36,72 @@
  
  	can_exec($1,cvs_exec_t)
@@ -649136,7 +649186,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.3.1/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.te	2009-02-12 22:21:57.000000000 +0100
 @@ -28,6 +28,9 @@
  type cvs_var_run_t;
  files_pid_file(cvs_var_run_t)
@@ -649192,7 +649242,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
 +files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.fc serefpolicy-3.3.1/policy/modules/services/cyphesis.fc
 --- nsaserefpolicy/policy/modules/services/cyphesis.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,6 @@
 +
 +/usr/bin/cyphesis		--	gen_context(system_u:object_r:cyphesis_exec_t,s0)
@@ -649202,7 +649252,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +/var/run/cyphesis(/.*)?		gen_context(system_u:object_r:cyphesis_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.if serefpolicy-3.3.1/policy/modules/services/cyphesis.if
 --- nsaserefpolicy/policy/modules/services/cyphesis.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,19 @@
 +## <summary>policy for cyphesis</summary>
 +
@@ -649225,7 +649275,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.3.1/policy/modules/services/cyphesis.te
 --- nsaserefpolicy/policy/modules/services/cyphesis.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,92 @@
 +policy_module(cyphesis,1.0.0)
 +
@@ -649321,7 +649371,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.3.1/policy/modules/services/cyrus.fc
 --- nsaserefpolicy/policy/modules/services/cyrus.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -2,3 +2,5 @@
  /usr/lib(64)?/cyrus-imapd/cyrus-master	--	gen_context(system_u:object_r:cyrus_exec_t,s0)
  
@@ -649330,7 +649380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
 +/etc/rc\.d/init\.d/cyrus	--	gen_context(system_u:object_r:cyrus_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.if serefpolicy-3.3.1/policy/modules/services/cyrus.if
 --- nsaserefpolicy/policy/modules/services/cyrus.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.if	2009-02-12 22:21:57.000000000 +0100
 @@ -39,3 +39,74 @@
  	files_search_var_lib($1)
  	stream_connect_pattern($1,cyrus_var_lib_t,cyrus_var_lib_t,cyrus_t)
@@ -649408,7 +649458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.3.1/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.te	2009-02-12 22:21:57.000000000 +0100
 @@ -19,6 +19,9 @@
  type cyrus_var_run_t;
  files_pid_file(cyrus_var_run_t)
@@ -649421,7 +649471,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.3.1/policy/modules/services/dbus.fc
 --- nsaserefpolicy/policy/modules/services/dbus.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -4,6 +4,9 @@
  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:system_dbusd_exec_t,s0)
  /bin/dbus-daemon 	--	gen_context(system_u:object_r:system_dbusd_exec_t,s0)
@@ -649434,7 +649484,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2009-02-12 22:21:57.000000000 +0100
 @@ -53,6 +53,7 @@
  	gen_require(`
  		type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -649723,7 +649773,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.3.1/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.te	2009-02-12 22:21:57.000000000 +0100
 @@ -9,9 +9,10 @@
  #
  # Delcarations
@@ -649846,7 +649896,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.3.1/policy/modules/services/dcc.if
 --- nsaserefpolicy/policy/modules/services/dcc.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dcc.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dcc.if	2009-02-12 22:21:57.000000000 +0100
 @@ -72,6 +72,24 @@
  
  ########################################
@@ -649874,7 +649924,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.3.1/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dcc.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dcc.te	2009-02-12 22:21:57.000000000 +0100
 @@ -105,6 +105,8 @@
  files_read_etc_files(cdcc_t)
  files_read_etc_runtime_files(cdcc_t)
@@ -650036,7 +650086,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.fc serefpolicy-3.3.1/policy/modules/services/ddclient.fc
 --- nsaserefpolicy/policy/modules/services/ddclient.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -9,3 +9,5 @@
  /var/log/ddtcd\.log.*	--	gen_context(system_u:object_r:ddclient_log_t,s0)
  /var/run/ddclient\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
@@ -650045,7 +650095,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.3.1/policy/modules/services/ddclient.if
 --- nsaserefpolicy/policy/modules/services/ddclient.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.if	2009-02-12 22:21:57.000000000 +0100
 @@ -18,3 +18,81 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, ddclient_exec_t, ddclient_t)
@@ -650130,7 +650180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.te serefpolicy-3.3.1/policy/modules/services/ddclient.te
 --- nsaserefpolicy/policy/modules/services/ddclient.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.te	2009-02-12 22:21:57.000000000 +0100
 @@ -11,7 +11,7 @@
  init_daemon_domain(ddclient_t,ddclient_exec_t)
  
@@ -650152,7 +650202,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
  # Declarations
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.fc serefpolicy-3.3.1/policy/modules/services/dhcp.fc
 --- nsaserefpolicy/policy/modules/services/dhcp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -5,3 +5,6 @@
  /var/lib/dhcp(3)?/dhcpd\.leases.* --	gen_context(system_u:object_r:dhcpd_state_t,s0)
  
@@ -650162,7 +650212,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.3.1/policy/modules/services/dhcp.if
 --- nsaserefpolicy/policy/modules/services/dhcp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.if	2009-02-12 22:21:57.000000000 +0100
 @@ -19,3 +19,71 @@
  	sysnet_search_dhcp_state($1)
  	allow $1 dhcpd_state_t:file setattr;
@@ -650237,7 +650287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.3.1/policy/modules/services/dhcp.te
 --- nsaserefpolicy/policy/modules/services/dhcp.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.te	2009-02-12 22:21:57.000000000 +0100
 @@ -19,18 +19,20 @@
  type dhcpd_var_run_t;
  files_pid_file(dhcpd_var_run_t)
@@ -650303,7 +650353,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.3.1/policy/modules/services/dictd.fc
 --- nsaserefpolicy/policy/modules/services/dictd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -4,3 +4,6 @@
  /usr/sbin/dictd		--	gen_context(system_u:object_r:dictd_exec_t,s0)
  
@@ -650313,7 +650363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
 +/etc/rc\.d/init\.d/dictd	--	gen_context(system_u:object_r:dictd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.if serefpolicy-3.3.1/policy/modules/services/dictd.if
 --- nsaserefpolicy/policy/modules/services/dictd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -14,3 +14,73 @@
  interface(`dictd_tcp_connect',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -650390,7 +650440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.te serefpolicy-3.3.1/policy/modules/services/dictd.te
 --- nsaserefpolicy/policy/modules/services/dictd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,12 @@
  type dictd_var_lib_t alias var_lib_dictd_t;
  files_type(dictd_var_lib_t)
@@ -650416,7 +650466,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc
 --- nsaserefpolicy/policy/modules/services/dnsmasq.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,7 @@
  /usr/sbin/dnsmasq		--	gen_context(system_u:object_r:dnsmasq_exec_t,s0)
  
@@ -650427,7 +650477,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
 +/etc/rc\.d/init\.d/dnsmasq	--	gen_context(system_u:object_r:dnsmasq_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.3.1/policy/modules/services/dnsmasq.if
 --- nsaserefpolicy/policy/modules/services/dnsmasq.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,144 @@
  ## <summary>dnsmasq DNS forwarder and DHCP server</summary>
 +
@@ -650575,7 +650625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.3.1/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.te	2009-02-13 09:44:20.000000000 +0100
 @@ -16,6 +16,9 @@
  type dnsmasq_var_run_t;
  files_pid_file(dnsmasq_var_run_t)
@@ -650613,17 +650663,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
  corenet_udp_bind_dhcpd_port(dnsmasq_t)
  corenet_sendrecv_dns_server_packets(dnsmasq_t)
  corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
-@@ -94,3 +97,7 @@
+@@ -94,3 +97,8 @@
  optional_policy(`
  	udev_read_db(dnsmasq_t)
  ')
 +
 +optional_policy(`
 +	virt_manage_lib_files(dnsmasq_t)
++	virt_manage_pid_files(dnsmasq_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.3.1/policy/modules/services/dovecot.fc
 --- nsaserefpolicy/policy/modules/services/dovecot.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -17,23 +17,24 @@
  
  ifdef(`distro_debian', `
@@ -650656,7 +650707,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +/etc/rc\.d/init\.d/dovecot	--	gen_context(system_u:object_r:dovecot_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.3.1/policy/modules/services/dovecot.if
 --- nsaserefpolicy/policy/modules/services/dovecot.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.if	2009-02-12 22:21:57.000000000 +0100
 @@ -21,7 +21,46 @@
  
  ########################################
@@ -650797,7 +650848,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.3.1/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2009-02-12 22:21:57.000000000 +0100
 @@ -15,6 +15,15 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -650954,7 +651005,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.3.1/policy/modules/services/exim.if
 --- nsaserefpolicy/policy/modules/services/exim.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/exim.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/exim.if	2009-02-12 22:21:57.000000000 +0100
 @@ -97,6 +97,26 @@
  
  ########################################
@@ -651008,7 +651059,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.3.1/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/exim.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/exim.te	2009-02-12 22:21:57.000000000 +0100
 @@ -21,9 +21,20 @@
  ## </desc>
  gen_tunable(exim_manage_user_files,false)
@@ -651197,7 +651248,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-3.3.1/policy/modules/services/fail2ban.fc
 --- nsaserefpolicy/policy/modules/services/fail2ban.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,3 +1,8 @@
  /usr/bin/fail2ban	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
 +/usr/bin/fail2ban-server --	gen_context(system_u:object_r:fail2ban_exec_t,s0)
@@ -651210,7 +651261,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.3.1/policy/modules/services/fail2ban.if
 --- nsaserefpolicy/policy/modules/services/fail2ban.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.if	2009-02-12 22:21:57.000000000 +0100
 @@ -78,3 +78,68 @@
  	files_search_pids($1)
  	allow $1 fail2ban_var_run_t:file read_file_perms;
@@ -651282,7 +651333,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2009-02-12 22:21:57.000000000 +0100
 @@ -18,6 +18,9 @@
  type fail2ban_var_run_t;
  files_pid_file(fail2ban_var_run_t)
@@ -651356,7 +651407,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.3.1/policy/modules/services/fetchmail.fc
 --- nsaserefpolicy/policy/modules/services/fetchmail.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -17,3 +17,4 @@
  
  /var/run/fetchmail/.*		--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
@@ -651364,7 +651415,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.3.1/policy/modules/services/fetchmail.if
 --- nsaserefpolicy/policy/modules/services/fetchmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,44 @@
  ## <summary>Remote-mail retrieval and forwarding utility</summary>
 +
@@ -651412,7 +651463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.3.1/policy/modules/services/fetchmail.te
 --- nsaserefpolicy/policy/modules/services/fetchmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te	2009-02-12 22:21:57.000000000 +0100
 @@ -14,7 +14,7 @@
  files_pid_file(fetchmail_var_run_t)
  
@@ -651435,7 +651486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.3.1/policy/modules/services/ftp.fc
 --- nsaserefpolicy/policy/modules/services/ftp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -27,3 +27,6 @@
  /var/log/vsftpd.*	--	gen_context(system_u:object_r:xferlog_t,s0)
  /var/log/xferlog.*	--	gen_context(system_u:object_r:xferlog_t,s0)
@@ -651445,7 +651496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +/etc/rc\.d/init\.d/proftpd	--	gen_context(system_u:object_r:ftp_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.3.1/policy/modules/services/ftp.if
 --- nsaserefpolicy/policy/modules/services/ftp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.if	2009-02-12 22:21:57.000000000 +0100
 @@ -28,11 +28,13 @@
  		type ftpd_t;
  	')
@@ -651564,7 +651615,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.3.1/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-02-04 10:56:21.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-02-13 10:49:16.000000000 +0100
 @@ -26,7 +26,7 @@
  ## <desc>
  ## <p>
@@ -651583,7 +651634,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ## </p>
  ## </desc>
  gen_tunable(allow_ftpd_use_nfs,false)
-@@ -75,6 +75,9 @@
+@@ -46,6 +46,13 @@
+ ## </desc>
+ gen_tunable(ftp_home_dir,false)
+ 
++## <desc>
++## <p>
++## Allow ftp servers to use connect to mysql database
++## </p>
++## </desc>
++gen_tunable(ftpd_connect_db, false)
++
+ type ftpd_t;
+ type ftpd_exec_t;
+ init_daemon_domain(ftpd_t,ftpd_exec_t)
+@@ -75,6 +82,9 @@
  type xferlog_t;
  logging_log_file(xferlog_t)
  
@@ -651593,7 +651658,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ########################################
  #
  # ftpd local policy
-@@ -106,9 +109,10 @@
+@@ -106,9 +116,10 @@
  manage_sock_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
  fs_tmpfs_filetrans(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
  
@@ -651605,7 +651670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  # proftpd requires the client side to bind a socket so that
  # it can stat the socket to perform access control decisions,
-@@ -123,6 +127,7 @@
+@@ -123,6 +134,7 @@
  
  kernel_read_kernel_sysctls(ftpd_t)
  kernel_read_system_state(ftpd_t)
@@ -651613,7 +651678,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  dev_read_sysfs(ftpd_t)
  dev_read_urand(ftpd_t)
-@@ -169,7 +174,9 @@
+@@ -169,7 +181,9 @@
  libs_use_ld_so(ftpd_t)
  libs_use_shared_libs(ftpd_t)
  
@@ -651623,7 +651688,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  miscfiles_read_localization(ftpd_t)
  miscfiles_read_public_files(ftpd_t)
-@@ -218,6 +225,11 @@
+@@ -209,6 +223,11 @@
+ 	auth_manage_all_files_except_shadow(ftpd_t)
+ ')
+ 
++tunable_policy(`ftpd_connect_db',`
++        corenet_tcp_connect_mysqld_port(ftpd_t)
++        corenet_tcp_connect_postgresql_port(ftpd_t)
++')
++
+ tunable_policy(`ftp_home_dir',`
+ 	allow ftpd_t self:capability { dac_override dac_read_search };
+ 
+@@ -218,7 +237,13 @@
  	userdom_manage_all_users_home_content_dirs(ftpd_t)
  	userdom_manage_all_users_home_content_files(ftpd_t)
  	userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -651633,9 +651710,30 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +	auth_read_all_files_except_shadow(ftpd_t)
 +	auth_read_all_symlinks_except_shadow(ftpd_t)
  ')
++userdom_generic_user_home_dir_filetrans_generic_user_home_content(ftpd_t, { dir file lnk_file })
  
  tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
-@@ -253,7 +265,9 @@
+ 	fs_manage_nfs_files(ftpd_t)
+@@ -237,6 +262,18 @@
+ ')
+ 
+ optional_policy(`
++       tunable_policy(`ftpd_connect_db',`
++               mysql_stream_connect(ftpd_t)
++       ')
++')
++
++optional_policy(`
++        tunable_policy(`ftpd_connect_db',`
++                postgresql_stream_connect(ftpd_t)
++        ')
++')
++
++optional_policy(`
+ 	corecmd_exec_shell(ftpd_t)
+ 
+ 	files_read_usr_files(ftpd_t)
+@@ -253,7 +290,9 @@
  ')
  
  optional_policy(`
@@ -651646,7 +651744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ')
  
  optional_policy(`
-@@ -265,6 +279,14 @@
+@@ -265,6 +304,14 @@
  ')
  
  optional_policy(`
@@ -651663,13 +651761,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.fc serefpolicy-3.3.1/policy/modules/services/gamin.fc
 --- nsaserefpolicy/policy/modules/services/gamin.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,2 @@
 +
 +/usr/libexec/gam_server	--	gen_context(system_u:object_r:gamin_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.if serefpolicy-3.3.1/policy/modules/services/gamin.if
 --- nsaserefpolicy/policy/modules/services/gamin.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,57 @@
 +
 +## <summary>policy for gamin</summary>
@@ -651730,7 +651828,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gami
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.te serefpolicy-3.3.1/policy/modules/services/gamin.te
 --- nsaserefpolicy/policy/modules/services/gamin.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,42 @@
 +policy_module(gamin,1.0.0)
 +
@@ -651776,14 +651874,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gami
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc
 --- nsaserefpolicy/policy/modules/services/gnomeclock.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3 @@
 +
 +/usr/libexec/gnome-clock-applet-mechanism	--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.3.1/policy/modules/services/gnomeclock.if
 --- nsaserefpolicy/policy/modules/services/gnomeclock.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,75 @@
 +
 +## <summary>policy for gnomeclock</summary>
@@ -651862,7 +651960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.3.1/policy/modules/services/gnomeclock.te
 --- nsaserefpolicy/policy/modules/services/gnomeclock.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,55 @@
 +policy_module(gnomeclock,1.0.0)
 +########################################
@@ -651921,7 +652019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.3.1/policy/modules/services/gpm.te
 --- nsaserefpolicy/policy/modules/services/gpm.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gpm.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gpm.te	2009-02-12 22:21:57.000000000 +0100
 @@ -41,8 +41,8 @@
  allow gpm_t gpm_var_run_t:file manage_file_perms;
  files_pid_filetrans(gpm_t,gpm_var_run_t,file)
@@ -651935,7 +652033,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.
  kernel_read_kernel_sysctls(gpm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.3.1/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -8,6 +8,8 @@
  /usr/libexec/hal-hotplug-map 		--	gen_context(system_u:object_r:hald_exec_t,s0)
  /usr/libexec/hal-system-sonypic	 	--	gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
@@ -651963,7 +652061,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.3.1/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.if	2009-02-12 22:21:57.000000000 +0100
 @@ -302,3 +302,42 @@
  	files_search_pids($1)
  	allow $1 hald_var_run_t:file rw_file_perms;
@@ -652009,7 +652107,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.3.1/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.te	2009-02-12 22:21:57.000000000 +0100
 @@ -49,6 +49,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -652250,7 +652348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.3.1/policy/modules/services/inetd.fc
 --- nsaserefpolicy/policy/modules/services/inetd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,6 +1,8 @@
  
  /usr/sbin/identd	--	gen_context(system_u:object_r:inetd_child_exec_t,s0)
@@ -652262,7 +652360,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
  /usr/sbin/xinetd	--	gen_context(system_u:object_r:inetd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.3.1/policy/modules/services/inetd.if
 --- nsaserefpolicy/policy/modules/services/inetd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -115,6 +115,10 @@
  
  	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
@@ -652276,7 +652374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.3.1/policy/modules/services/inetd.te
 --- nsaserefpolicy/policy/modules/services/inetd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -30,6 +30,10 @@
  type inetd_child_var_run_t;
  files_pid_file(inetd_child_var_run_t)
@@ -652332,7 +652430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.fc serefpolicy-3.3.1/policy/modules/services/inn.fc
 --- nsaserefpolicy/policy/modules/services/inn.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -64,3 +64,5 @@
  /var/run/news(/.*)?	 		gen_context(system_u:object_r:innd_var_run_t,s0)
  
@@ -652341,7 +652439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
 +/etc/rc\.d/init\.d/innd		--	gen_context(system_u:object_r:innd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.3.1/policy/modules/services/inn.if
 --- nsaserefpolicy/policy/modules/services/inn.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.if	2009-02-12 22:21:57.000000000 +0100
 @@ -54,8 +54,7 @@
  	')
  
@@ -652435,7 +652533,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.3.1/policy/modules/services/inn.te
 --- nsaserefpolicy/policy/modules/services/inn.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,7 +22,10 @@
  files_pid_file(innd_var_run_t)
  
@@ -652450,7 +652548,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.3.1/policy/modules/services/jabber.fc
 --- nsaserefpolicy/policy/modules/services/jabber.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -2,3 +2,4 @@
  
  /var/lib/jabber(/.*)?		gen_context(system_u:object_r:jabberd_var_lib_t,s0)
@@ -652458,7 +652556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
 +/etc/rc\.d/init\.d/jabber	--	gen_context(system_u:object_r:jabber_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.3.1/policy/modules/services/jabber.if
 --- nsaserefpolicy/policy/modules/services/jabber.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.if	2009-02-12 22:21:57.000000000 +0100
 @@ -13,3 +13,73 @@
  interface(`jabber_tcp_connect',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -652535,7 +652633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.3.1/policy/modules/services/jabber.te
 --- nsaserefpolicy/policy/modules/services/jabber.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.te	2009-02-12 22:21:57.000000000 +0100
 @@ -19,6 +19,9 @@
  type jabberd_var_run_t;
  files_pid_file(jabberd_var_run_t)
@@ -652548,7 +652646,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.3.1/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -7,12 +7,22 @@
  
  /usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
@@ -652574,7 +652672,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +/etc/rc\.d/init\.d/krb5kdc	--	gen_context(system_u:object_r:kerberos_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.3.1/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.if	2009-02-12 22:21:57.000000000 +0100
 @@ -23,6 +23,25 @@
  
  ########################################
@@ -652859,7 +652957,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.3.1/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,7 @@
  type kadmind_t;
  type kadmind_exec_t;
@@ -653051,7 +653149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +kerberos_use(kpropd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.fc serefpolicy-3.3.1/policy/modules/services/kerneloops.fc
 --- nsaserefpolicy/policy/modules/services/kerneloops.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,4 @@
 +
 +/usr/sbin/kerneloops	--	gen_context(system_u:object_r:kerneloops_exec_t,s0)
@@ -653059,7 +653157,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
 +/etc/rc\.d/init\.d/kerneloops	--	gen_context(system_u:object_r:kerneloops_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.3.1/policy/modules/services/kerneloops.if
 --- nsaserefpolicy/policy/modules/services/kerneloops.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,140 @@
 +
 +## <summary>policy for kerneloops</summary>
@@ -653203,7 +653301,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.3.1/policy/modules/services/kerneloops.te
 --- nsaserefpolicy/policy/modules/services/kerneloops.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,63 @@
 +policy_module(kerneloops,1.0.0)
 +
@@ -653270,7 +653368,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.3.1/policy/modules/services/ldap.fc
 --- nsaserefpolicy/policy/modules/services/ldap.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -14,3 +14,5 @@
  /var/run/openldap(/.*)?		gen_context(system_u:object_r:slapd_var_run_t,s0)
  /var/run/slapd\.args	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
@@ -653279,7 +653377,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
 +/etc/rc\.d/init\.d/ldap	--	gen_context(system_u:object_r:ldap_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.3.1/policy/modules/services/ldap.if
 --- nsaserefpolicy/policy/modules/services/ldap.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.if	2009-02-12 22:21:57.000000000 +0100
 @@ -73,3 +73,80 @@
  	allow $1 slapd_var_run_t:sock_file write;
  	allow $1 slapd_t:unix_stream_socket connectto;
@@ -653363,7 +653461,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.3.1/policy/modules/services/ldap.te
 --- nsaserefpolicy/policy/modules/services/ldap.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.te	2009-02-12 22:21:57.000000000 +0100
 @@ -31,6 +31,9 @@
  type slapd_var_run_t;
  files_pid_file(slapd_var_run_t)
@@ -653376,7 +653474,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.3.1/policy/modules/services/lpd.fc
 --- nsaserefpolicy/policy/modules/services/lpd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/lpd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/lpd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -3,6 +3,8 @@
  #
  /dev/printer		-s	gen_context(system_u:object_r:printer_t,s0)
@@ -653404,7 +653502,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.3.1/policy/modules/services/lpd.if
 --- nsaserefpolicy/policy/modules/services/lpd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/lpd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/lpd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -336,10 +336,8 @@
  	')
  
@@ -653419,7 +653517,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.3.1/policy/modules/services/mailman.fc
 --- nsaserefpolicy/policy/modules/services/mailman.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -31,3 +31,4 @@
  /var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
  /var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
@@ -653427,7 +653525,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +/usr/lib/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.3.1/policy/modules/services/mailman.if
 --- nsaserefpolicy/policy/modules/services/mailman.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.if	2009-02-12 22:21:57.000000000 +0100
 @@ -31,6 +31,12 @@
  	allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
  	allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -653485,7 +653583,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.3.1/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.te	2009-02-12 22:21:57.000000000 +0100
 @@ -53,10 +53,9 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -653533,13 +653631,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.3.1/policy/modules/services/mailscanner.fc
 --- nsaserefpolicy/policy/modules/services/mailscanner.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,2 @@
 +/var/spool/MailScanner(/.*)?	gen_context(system_u:object_r:mailscanner_spool_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.3.1/policy/modules/services/mailscanner.if
 --- nsaserefpolicy/policy/modules/services/mailscanner.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,59 @@
 +## <summary>Anti-Virus and Anti-Spam Filter</summary>
 +
@@ -653602,7 +653700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.3.1/policy/modules/services/mailscanner.te
 --- nsaserefpolicy/policy/modules/services/mailscanner.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,5 @@
 +
 +policy_module(mailscanner,1.0.0)
@@ -653611,7 +653709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +files_type(mailscanner_spool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.3.1/policy/modules/services/milter.fc
 --- nsaserefpolicy/policy/modules/services/milter.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/milter.fc	2009-02-04 14:30:04.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/milter.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,8 @@
 +
 +/usr/sbin/milter-regex				--	gen_context(system_u:object_r:regex_milter_exec_t,s0)
@@ -653623,8 +653721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
 +/var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.3.1/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/milter.if	2009-02-04 14:30:04.000000000 +0100
-@@ -0,0 +1,121 @@
++++ serefpolicy-3.3.1/policy/modules/services/milter.if	2009-02-13 09:54:07.000000000 +0100
+@@ -0,0 +1,84 @@
 +## <summary>Milter mail filters</summary>
 +
 +########################################
@@ -653709,46 +653807,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
 +	getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
 +')
 +
-+#######################################
-+## <summary>
-+##      Read milter data.
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      Domain allowed access.
-+##      </summary>
-+## </param>
-+#
-+interface(`milter_read_data',`
-+        gen_require(`
-+                attribute milter_data_type;
-+        ')
-+
-+        read_files_pattern($1, milter_data_type, milter_data_type)
-+')
-+
-+######################################
-+## <summary>
-+##      Read milter data.
-+## </summary>
-+## <param name="domain">
-+##      <summary>
-+##      Domain allowed access.
-+##      </summary>
-+## </param>
-+#
-+interface(`milter_manage_data',`
-+        gen_require(`
-+                attribute milter_data_type;
-+        ')
-+	manage_dirs_pattern($1, milter_data_type, milter_data_type)
-+        manage_files_pattern($1, milter_data_type, milter_data_type)
-+')
-+
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.3.1/policy/modules/services/milter.te
 --- nsaserefpolicy/policy/modules/services/milter.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/milter.te	2009-02-04 14:30:04.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/milter.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,55 @@
 +
 +policy_module(milter, 1.0.0)
@@ -653807,7 +653868,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
 +spamassassin_domtrans_spamc(spamass_milter_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.3.1/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mta.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -8,12 +8,14 @@
  /etc/postfix/aliases.*		gen_context(system_u:object_r:etc_aliases_t,s0)
  ')
@@ -653834,7 +653895,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.3.1/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mta.if	2009-02-12 22:21:57.000000000 +0100
 @@ -133,6 +133,15 @@
  		sendmail_create_log($1_mail_t)
  	')
@@ -654035,7 +654096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te	2009-02-04 14:39:29.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mta.te	2009-02-12 22:21:57.000000000 +0100
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -654216,7 +654277,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.3.1/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -6,6 +6,9 @@
  /usr/share/munin/plugins/.*	--	gen_context(system_u:object_r:munin_exec_t,s0)
  
@@ -654231,7 +654292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +/etc/rc\.d/init\.d/munin-node	--	gen_context(system_u:object_r:munin_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.3.1/policy/modules/services/munin.if
 --- nsaserefpolicy/policy/modules/services/munin.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.if	2009-02-12 22:21:57.000000000 +0100
 @@ -80,3 +80,123 @@
  
  	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
@@ -654358,7 +654419,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.3.1/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.te	2009-02-12 22:21:57.000000000 +0100
 @@ -25,26 +25,33 @@
  type munin_var_run_t alias lrrd_var_run_t;
  files_pid_file(munin_var_run_t)
@@ -654507,8 +654568,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.3.1/policy/modules/services/mysql.fc
 --- nsaserefpolicy/policy/modules/services/mysql.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.fc	2009-02-04 10:54:48.000000000 +0100
-@@ -22,3 +22,5 @@
++++ serefpolicy-3.3.1/policy/modules/services/mysql.fc	2009-02-13 10:03:03.000000000 +0100
+@@ -11,6 +11,8 @@
+ #
+ /usr/libexec/mysqld	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
+ 
++/usr/bin/mysqld_safe    --      gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
++
+ /usr/sbin/mysqld(-max)?	--	gen_context(system_u:object_r:mysqld_exec_t,s0)
+ 
+ #
+@@ -22,3 +24,5 @@
  /var/log/mysql.*	--	gen_context(system_u:object_r:mysqld_log_t,s0)
  
  /var/run/mysqld(/.*)?		gen_context(system_u:object_r:mysqld_var_run_t,s0)
@@ -654516,7 +654586,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +/etc/rc\.d/init\.d/mysqld	--	gen_context(system_u:object_r:mysqld_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.3.1/policy/modules/services/mysql.if
 --- nsaserefpolicy/policy/modules/services/mysql.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.if	2009-02-13 10:52:23.000000000 +0100
 @@ -32,9 +32,11 @@
  interface(`mysql_stream_connect',`
  	gen_require(`
@@ -654529,11 +654599,40 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  ')
  
  ########################################
-@@ -157,3 +159,74 @@
+@@ -77,7 +79,8 @@
+ 	')
+ 
+ 	files_search_var_lib($1)
+-	allow $1 mysqld_db_t:dir search;
++	search_dirs_pattern($1,mysqld_db_t,mysqld_db_t)
++	#allow $1 mysqld_db_t:dir search;
+ ')
+ 
+ ########################################
+@@ -157,3 +160,93 @@
  	logging_search_logs($1)
  	allow $1 mysqld_log_t:file { write append setattr ioctl };
  ')
 +
++####################################
++## <summary>
++##      Search MySQL PID files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++##
++#
++interface(`mysql_search_pid_files',`
++        gen_require(`
++                type mysqld_var_run_t;
++        ')
++
++        search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
++')
++
 +########################################
 +## <summary>
 +##	Execute mysql server in the mysqld domain.
@@ -654606,8 +654705,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.3.1/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.te	2009-02-04 10:54:48.000000000 +0100
-@@ -25,6 +25,9 @@
++++ serefpolicy-3.3.1/policy/modules/services/mysql.te	2009-02-13 10:02:36.000000000 +0100
+@@ -10,6 +10,10 @@
+ type mysqld_exec_t;
+ init_daemon_domain(mysqld_t,mysqld_exec_t)
+ 
++type mysqld_safe_t;
++type mysqld_safe_exec_t;
++init_daemon_domain(mysqld_safe_t, mysqld_safe_exec_t)
++
+ type mysqld_var_run_t;
+ files_pid_file(mysqld_var_run_t)
+ 
+@@ -25,15 +29,19 @@
  type mysqld_tmp_t;
  files_tmp_file(mysqld_tmp_t)
  
@@ -654616,8 +654726,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +
  ########################################
  #
- # Local policy
-@@ -33,7 +36,8 @@
+-# Local policy
++# Local mysqld policy
+ #
+ 
  allow mysqld_t self:capability { dac_override setgid setuid sys_resource net_bind_service };
  dontaudit mysqld_t self:capability sys_tty_config;
  allow mysqld_t self:process { setsched getsched setrlimit signal_perms rlimitinh };
@@ -654627,7 +654739,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
  allow mysqld_t self:tcp_socket create_stream_socket_perms;
  allow mysqld_t self:udp_socket create_socket_perms;
-@@ -79,6 +83,7 @@
+@@ -79,6 +87,7 @@
  
  fs_getattr_all_fs(mysqld_t)
  fs_search_auto_mountpoints(mysqld_t)
@@ -654635,9 +654747,42 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  
  domain_use_interactive_fds(mysqld_t)
  
+@@ -119,3 +128,32 @@
+ optional_policy(`
+ 	udev_read_db(mysqld_t)
+ ')
++
++######################################
++#
++# Local mysqld_safe policy
++#
++
++domtrans_pattern(mysqld_safe_t,mysqld_exec_t,mysqld_t)
++
++allow mysqld_safe_t self:capability { dac_override fowner chown };
++allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
++
++mysql_read_config(mysqld_safe_t)
++mysql_search_db(mysqld_safe_t)
++mysql_search_pid_files(mysqld_safe_t)
++mysql_write_log(mysqld_safe_t)
++
++kernel_read_system_state(mysqld_safe_t)
++
++files_read_etc_files(mysqld_safe_t)
++
++corecmd_exec_bin(mysqld_safe_t)
++
++libs_use_ld_so(mysqld_safe_t)
++libs_use_shared_libs(mysqld_safe_t)
++
++miscfiles_read_localization(mysqld_safe_t)
++
++permissive mysqld_safe_t;
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.3.1/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -4,13 +4,17 @@
  /usr/bin/nagios			--	gen_context(system_u:object_r:nagios_exec_t,s0)
  /usr/bin/nrpe			--	gen_context(system_u:object_r:nrpe_exec_t,s0)
@@ -654662,7 +654807,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.3.1/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.if	2009-02-12 22:21:57.000000000 +0100
 @@ -44,7 +44,7 @@
  
  ########################################
@@ -654774,7 +654919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.3.1/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,11 +8,7 @@
  
  type nagios_t;
@@ -654882,17 +655027,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.3.1/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc	2009-02-04 10:54:48.000000000 +0100
-@@ -1,7 +1,16 @@
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc	2009-02-12 22:45:07.000000000 +0100
+@@ -1,7 +1,24 @@
++/etc/rc\.d/init\.d/wicd         --      gen_context(system_u:object_r:NetworkManager_script_exec_t, s0)
++
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
 +
 +/sbin/wpa_supplicant		--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 +
++/usr/sbin/wicd                  --      gen_context(system_u:object_r:NetworkManager_exec_t, s0)
++
  /usr/s?bin/NetworkManager	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
  /usr/s?bin/wpa_supplicant	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 +/usr/sbin/NetworkManagerDispatcher	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 +/usr/sbin/nm-system-settings	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 +
++/var/lib/wicd(/.*)?                    gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
++
++/var/log/wicd(/.*)?                    gen_context(system_u:object_r:NetworkManager_log_t,s0)
++
 +/var/log/wpa_supplicant.*	--	gen_context(system_u:object_r:NetworkManager_log_t,s0)
  
  /var/run/NetworkManager\.pid	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
@@ -654902,7 +655055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +/var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.3.1/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if	2009-02-12 22:21:57.000000000 +0100
 @@ -74,7 +74,7 @@
  	')
  
@@ -654973,7 +655126,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2009-02-12 22:47:15.000000000 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(networkmanager,1.9.0)
@@ -654981,7 +655134,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  ########################################
  #
-@@ -8,11 +8,24 @@
+@@ -8,11 +8,27 @@
  
  type NetworkManager_t;
  type NetworkManager_exec_t;
@@ -654996,6 +655149,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +
 +type NetworkManager_tmp_t;
 +files_tmp_file(NetworkManager_tmp_t)
++
++type NetworkManager_var_lib_t;
++files_type(NetworkManager_var_lib_t)
  
  type NetworkManager_var_run_t;
  files_pid_file(NetworkManager_var_run_t)
@@ -655007,7 +655163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ########################################
  #
  # Local policy
-@@ -20,9 +33,9 @@
+@@ -20,9 +36,9 @@
  
  # networkmanager will ptrace itself if gdb is installed
  # and it receives a unexpected signal (rh bug #204161) 
@@ -655019,7 +655175,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
  allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
  allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
-@@ -31,17 +44,27 @@
+@@ -31,17 +47,29 @@
  allow NetworkManager_t self:udp_socket create_socket_perms;
  allow NetworkManager_t self:packet_socket create_socket_perms;
  
@@ -655030,6 +655186,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 -manage_dirs_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
 -manage_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
 -manage_sock_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
++manage_files_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
++
 +manage_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
 +logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
 +
@@ -655050,7 +655208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  corenet_all_recvfrom_unlabeled(NetworkManager_t)
  corenet_all_recvfrom_netlabel(NetworkManager_t)
-@@ -64,9 +87,12 @@
+@@ -64,9 +92,12 @@
  dev_read_sysfs(NetworkManager_t)
  dev_read_rand(NetworkManager_t)
  dev_read_urand(NetworkManager_t)
@@ -655063,7 +655221,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  mls_file_read_all_levels(NetworkManager_t)
  
-@@ -83,9 +109,14 @@
+@@ -83,9 +114,14 @@
  files_read_etc_runtime_files(NetworkManager_t)
  files_read_usr_files(NetworkManager_t)
  
@@ -655078,7 +655236,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  libs_use_ld_so(NetworkManager_t)
  libs_use_shared_libs(NetworkManager_t)
  
-@@ -98,26 +129,42 @@
+@@ -98,26 +134,42 @@
  
  seutil_read_config(NetworkManager_t)
  
@@ -655129,7 +655287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -129,8 +176,23 @@
+@@ -129,8 +181,23 @@
  ')
  
  optional_policy(`
@@ -655155,7 +655313,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -138,39 +200,86 @@
+@@ -138,39 +205,86 @@
  ')
  
  optional_policy(`
@@ -655250,7 +655408,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +term_dontaudit_use_console(wpa_cli_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.3.1/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -4,9 +4,14 @@
  /sbin/ypbind		--	gen_context(system_u:object_r:ypbind_exec_t,s0)
  
@@ -655268,7 +655426,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +/etc/rc\.d/init\.d/ypxfrd	--	gen_context(system_u:object_r:nis_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.3.1/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.if	2009-02-12 22:21:57.000000000 +0100
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -655411,7 +655569,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.3.1/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.te	2009-02-12 22:21:57.000000000 +0100
 @@ -44,6 +44,9 @@
  type ypxfr_exec_t;
  init_daemon_domain(ypxfr_t,ypxfr_exec_t)
@@ -655479,7 +655637,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  corenet_tcp_connect_all_ports(ypxfr_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.3.1/policy/modules/services/nscd.fc
 --- nsaserefpolicy/policy/modules/services/nscd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -9,3 +9,5 @@
  /var/run/\.nscd_socket	-s	gen_context(system_u:object_r:nscd_var_run_t,s0)
  
@@ -655488,7 +655646,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.3.1/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -2,6 +2,24 @@
  
  ########################################
@@ -655628,7 +655786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.3.1/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -23,19 +23,22 @@
  type nscd_log_t;
  logging_log_file(nscd_log_t)
@@ -655722,7 +655880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.fc serefpolicy-3.3.1/policy/modules/services/ntp.fc
 --- nsaserefpolicy/policy/modules/services/ntp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -17,3 +17,8 @@
  /var/log/xntpd.*		--	gen_context(system_u:object_r:ntpd_log_t,s0)
  
@@ -655734,7 +655892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
 +/etc/rc\.d/init\.d/ntpd	--	gen_context(system_u:object_r:ntpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.3.1/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.if	2009-02-12 22:21:57.000000000 +0100
 @@ -53,3 +53,76 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1,ntpdate_exec_t,ntpd_t)
@@ -655814,7 +655972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.3.1/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.te	2009-02-12 22:21:57.000000000 +0100
 @@ -25,6 +25,12 @@
  type ntpdate_exec_t;
  init_system_domain(ntpd_t,ntpdate_exec_t)
@@ -655890,7 +656048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.3.1/policy/modules/services/nx.fc
 --- nsaserefpolicy/policy/modules/services/nx.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nx.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nx.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,3 +1,5 @@
 +
 +/usr/libexec/nx/nxserver	--	gen_context(system_u:object_r:nx_server_exec_t,s0)
@@ -655899,7 +656057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.f
  /opt/NX/home/nx/\.ssh(/.*)?		gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oav.te serefpolicy-3.3.1/policy/modules/services/oav.te
 --- nsaserefpolicy/policy/modules/services/oav.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oav.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oav.te	2009-02-12 22:21:57.000000000 +0100
 @@ -12,7 +12,7 @@
  
  # cjp: may be collapsable to etc_t
@@ -655920,7 +656078,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oav.
  logging_log_file(scannerdaemon_log_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.3.1/policy/modules/services/oddjob.fc
 --- nsaserefpolicy/policy/modules/services/oddjob.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,4 @@
 -/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 +/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -655929,7 +656087,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.3.1/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.if	2009-02-12 22:21:57.000000000 +0100
 @@ -44,6 +44,7 @@
  	')
  
@@ -655975,7 +656133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.3.1/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.te	2009-02-12 22:21:57.000000000 +0100
 @@ -10,14 +10,21 @@
  type oddjob_exec_t;
  domain_type(oddjob_t)
@@ -656044,7 +656202,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(oddjob_mkhomedir_t,notdevfile_class_set)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openca.te serefpolicy-3.3.1/policy/modules/services/openca.te
 --- nsaserefpolicy/policy/modules/services/openca.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openca.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openca.te	2009-02-12 22:21:57.000000000 +0100
 @@ -18,7 +18,7 @@
  
  # /etc/openca standard files
@@ -656056,7 +656214,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  type openca_etc_in_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.te serefpolicy-3.3.1/policy/modules/services/openct.te
 --- nsaserefpolicy/policy/modules/services/openct.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openct.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openct.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,6 +22,7 @@
  allow openct_t self:process signal_perms;
  
@@ -656067,7 +656225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  kernel_read_kernel_sysctls(openct_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.3.1/policy/modules/services/openvpn.fc
 --- nsaserefpolicy/policy/modules/services/openvpn.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -2,6 +2,7 @@
  # /etc
  #
@@ -656087,7 +656245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +/etc/rc\.d/init\.d/openvpn	--	gen_context(system_u:object_r:openvpn_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.3.1/policy/modules/services/openvpn.if
 --- nsaserefpolicy/policy/modules/services/openvpn.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.if	2009-02-12 22:21:57.000000000 +0100
 @@ -70,6 +70,43 @@
  
  ########################################
@@ -656209,7 +656367,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.3.1/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,7 +8,7 @@
  
  ## <desc>
@@ -656284,7 +656442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.3.1/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pcscd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pcscd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -45,6 +45,7 @@
  files_read_etc_files(pcscd_t)
  files_read_etc_runtime_files(pcscd_t)
@@ -656295,7 +656453,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
  libs_use_ld_so(pcscd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.3.1/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pegasus.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pegasus.te	2009-02-12 22:21:57.000000000 +0100
 @@ -42,6 +42,7 @@
  allow pegasus_t pegasus_conf_t:file { read_file_perms link unlink };
  allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
@@ -656344,7 +656502,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.fc serefpolicy-3.3.1/policy/modules/services/pki.fc
 --- nsaserefpolicy/policy/modules/services/pki.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,46 @@
 +
 +/etc/rc\.d/init\.d/pki-ca	--	gen_context(system_u:object_r:pki_ca_script_exec_t,s0)
@@ -656394,7 +656552,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
 +/var/run/pki-tps\.pid		--	gen_context(system_u:object_r:pki_tks_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.if serefpolicy-3.3.1/policy/modules/services/pki.if
 --- nsaserefpolicy/policy/modules/services/pki.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,643 @@
 +
 +## <summary>policy for pki</summary>
@@ -657041,7 +657199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.te serefpolicy-3.3.1/policy/modules/services/pki.te
 --- nsaserefpolicy/policy/modules/services/pki.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,91 @@
 +policy_module(pki,1.0.0)
 +
@@ -657136,14 +657294,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.fc serefpolicy-3.3.1/policy/modules/services/podsleuth.fc
 --- nsaserefpolicy/policy/modules/services/podsleuth.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,3 @@
 +/usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
 +/usr/libexec/hal-podsleuth       --      gen_context(system_u:object_r:podsleuth_exec_t,s0)
 +/var/cache/podsleuth(/.*)?		gen_context(system_u:object_r:podsleuth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.if serefpolicy-3.3.1/policy/modules/services/podsleuth.if
 --- nsaserefpolicy/policy/modules/services/podsleuth.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,55 @@
 +
 +## <summary>policy for podsleuth</summary>
@@ -657202,7 +657360,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pods
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.te serefpolicy-3.3.1/policy/modules/services/podsleuth.te
 --- nsaserefpolicy/policy/modules/services/podsleuth.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,73 @@
 +policy_module(podsleuth,1.0.0)
 +
@@ -657279,7 +657437,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pods
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.3.1/policy/modules/services/polkit.fc
 --- nsaserefpolicy/policy/modules/services/polkit.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,9 @@
 +
 +/usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -657292,7 +657450,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,213 @@
 +
 +## <summary>policy for polkit_auth</summary>
@@ -657509,7 +657667,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,221 @@
 +policy_module(polkit_auth,1.0.0)
 +
@@ -657734,7 +657892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portmap.te serefpolicy-3.3.1/policy/modules/services/portmap.te
 --- nsaserefpolicy/policy/modules/services/portmap.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/portmap.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/portmap.te	2009-02-12 22:21:57.000000000 +0100
 @@ -41,6 +41,7 @@
  manage_files_pattern(portmap_t,portmap_var_run_t,portmap_var_run_t)
  files_pid_filetrans(portmap_t,portmap_var_run_t,file)
@@ -657745,7 +657903,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
  kernel_read_proc_symlinks(portmap_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portslave.te serefpolicy-3.3.1/policy/modules/services/portslave.te
 --- nsaserefpolicy/policy/modules/services/portslave.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/portslave.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/portslave.te	2009-02-12 22:21:57.000000000 +0100
 @@ -12,7 +12,7 @@
  init_daemon_domain(portslave_t,portslave_exec_t)
  
@@ -657757,7 +657915,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
  files_lock_file(portslave_lock_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.3.1/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -657785,7 +657943,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /var/spool/postfix/pid/.*	gen_context(system_u:object_r:postfix_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.3.1/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.if	2009-02-12 22:21:57.000000000 +0100
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -657937,7 +658095,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.fc serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc
 --- nsaserefpolicy/policy/modules/services/postfixpolicyd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -3,3 +3,5 @@
  /usr/sbin/policyd		--	gen_context(system_u:object_r:postfix_policyd_exec_t, s0)
  
@@ -657946,7 +658104,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +/etc/rc\.d/init\.d/postfixpolicyd	--	gen_context(system_u:object_r:postfixpolicyd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.if serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if
 --- nsaserefpolicy/policy/modules/services/postfixpolicyd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,68 @@
  ## <summary>Postfix policy server</summary>
 +
@@ -658018,7 +658176,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.te serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te
 --- nsaserefpolicy/policy/modules/services/postfixpolicyd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,9 @@
  type postfix_policyd_var_run_t;
  files_pid_file(postfix_policyd_var_run_t)
@@ -658031,7 +658189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # Local Policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2009-02-04 14:40:43.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2009-02-12 22:21:57.000000000 +0100
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -658341,7 +658499,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  corecmd_exec_bin(postfix_virtual_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.3.1/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -6,8 +6,8 @@
  #
  # /usr
@@ -658374,7 +658532,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +/etc/rc\.d/init\.d/postgresql	--	gen_context(system_u:object_r:postgresql_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.3.1/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1,5 +1,205 @@
  ## <summary>PostgreSQL relational database</summary>
  
@@ -658724,7 +658882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.3.1/policy/modules/services/postgresql.te
 --- nsaserefpolicy/policy/modules/services/postgresql.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.te	2009-02-12 22:21:57.000000000 +0100
 @@ -1,13 +1,30 @@
  
 -policy_module(postgresql,1.5.0)
@@ -659009,7 +659167,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.fc serefpolicy-3.3.1/policy/modules/services/postgrey.fc
 --- nsaserefpolicy/policy/modules/services/postgrey.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -7,3 +7,7 @@
  
  /var/run/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_var_run_t,s0)
@@ -659020,7 +659178,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +/var/spool/postfix/postgrey(/.*)?	gen_context(system_u:object_r:postgrey_spool_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.3.1/policy/modules/services/postgrey.if
 --- nsaserefpolicy/policy/modules/services/postgrey.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.if	2009-02-12 22:21:57.000000000 +0100
 @@ -12,10 +12,100 @@
  #
  interface(`postgrey_stream_connect',`
@@ -659126,7 +659284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.3.1/policy/modules/services/postgrey.te
 --- nsaserefpolicy/policy/modules/services/postgrey.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.te	2009-02-12 22:21:57.000000000 +0100
 @@ -13,26 +13,38 @@
  type postgrey_etc_t;
  files_config_file(postgrey_etc_t)
@@ -659181,7 +659339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.3.1/policy/modules/services/ppp.fc
 --- nsaserefpolicy/policy/modules/services/ppp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,6 +1,8 @@
  #
  # /etc
@@ -659193,7 +659351,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  /etc/ppp/peers(/.*)?			gen_context(system_u:object_r:pppd_etc_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.3.1/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.if	2009-02-12 22:21:57.000000000 +0100
 @@ -39,6 +39,25 @@
  
  ########################################
@@ -659356,7 +659514,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.3.1/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.te	2009-02-12 22:21:57.000000000 +0100
 @@ -71,7 +71,7 @@
  # PPPD Local policy
  #
@@ -659476,7 +659634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.3.1/policy/modules/services/prelude.fc
 --- nsaserefpolicy/policy/modules/services/prelude.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/prelude.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,24 @@
 +/sbin/audisp-prelude		--	gen_context(system_u:object_r:prelude_audisp_exec_t,s0)
 +
@@ -659504,7 +659662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.3.1/policy/modules/services/prelude.if
 --- nsaserefpolicy/policy/modules/services/prelude.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/prelude.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,191 @@
 +## <summary>Prelude hybrid intrusion detection system</summary>
 +
@@ -659699,7 +659857,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.3.1/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,339 @@
 +
 +policy_module(prelude, 1.0.0)
@@ -660042,7 +660200,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.3.1/policy/modules/services/privoxy.fc
 --- nsaserefpolicy/policy/modules/services/privoxy.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,6 +1,10 @@
  
  /etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -660056,7 +660214,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.3.1/policy/modules/services/privoxy.if
 --- nsaserefpolicy/policy/modules/services/privoxy.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.if	2009-02-12 22:21:57.000000000 +0100
 @@ -2,6 +2,25 @@
  
  ########################################
@@ -660115,7 +660273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.3.1/policy/modules/services/privoxy.te
 --- nsaserefpolicy/policy/modules/services/privoxy.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.te	2009-02-12 22:21:57.000000000 +0100
 @@ -19,6 +19,9 @@
  type privoxy_var_run_t;
  files_pid_file(privoxy_var_run_t)
@@ -660136,7 +660294,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
  corenet_sendrecv_http_cache_server_packets(privoxy_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.3.1/policy/modules/services/procmail.fc
 --- nsaserefpolicy/policy/modules/services/procmail.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,2 +1,5 @@
  
  /usr/bin/procmail	--	gen_context(system_u:object_r:procmail_exec_t,s0)
@@ -660145,7 +660303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0) 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.3.1/policy/modules/services/procmail.if
 --- nsaserefpolicy/policy/modules/services/procmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.if	2009-02-12 22:21:57.000000000 +0100
 @@ -39,3 +39,41 @@
  	corecmd_search_bin($1)
  	can_exec($1,procmail_exec_t)
@@ -660190,7 +660348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.3.1/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2009-02-12 22:21:57.000000000 +0100
 @@ -14,6 +14,10 @@
  type procmail_tmp_t;
  files_tmp_file(procmail_tmp_t)
@@ -660270,13 +660428,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/publicfile.if serefpolicy-3.3.1/policy/modules/services/publicfile.if
 --- nsaserefpolicy/policy/modules/services/publicfile.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/publicfile.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/publicfile.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>publicfile supplies files to the public through HTTP and FTP</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.3.1/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,9 +1,11 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
  
@@ -660292,7 +660450,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.3.1/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.if	2009-02-04 11:07:06.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.if	2009-02-12 22:21:57.000000000 +0100
 @@ -25,16 +25,15 @@
  #
  template(`pyzor_per_role_template',`
@@ -660417,7 +660575,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.3.1/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.te	2009-02-12 22:21:57.000000000 +0100
 @@ -17,7 +17,7 @@
  init_daemon_domain(pyzord_t,pyzord_exec_t)
  
@@ -660476,7 +660634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.if serefpolicy-3.3.1/policy/modules/services/qmail.if
 --- nsaserefpolicy/policy/modules/services/qmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/qmail.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/qmail.if	2009-02-12 22:21:57.000000000 +0100
 @@ -197,3 +197,4 @@
  
          domtrans_pattern(qmail_smtpd_t, $2, $1)
@@ -660484,7 +660642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.3.1/policy/modules/services/qmail.te
 --- nsaserefpolicy/policy/modules/services/qmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/qmail.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/qmail.te	2009-02-12 22:21:57.000000000 +0100
 @@ -14,7 +14,7 @@
  qmail_child_domain_template(qmail_clean, qmail_start_t)
  
@@ -660542,7 +660700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.fc serefpolicy-3.3.1/policy/modules/services/radius.fc
 --- nsaserefpolicy/policy/modules/services/radius.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -20,3 +20,5 @@
  
  /var/run/radiusd(/.*)?		gen_context(system_u:object_r:radiusd_var_run_t,s0)
@@ -660551,7 +660709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
 +/etc/rc\.d/init\.d/radiusd	--	gen_context(system_u:object_r:radius_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.3.1/policy/modules/services/radius.if
 --- nsaserefpolicy/policy/modules/services/radius.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.if	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,25 @@
  
  ########################################
@@ -660617,7 +660775,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.3.1/policy/modules/services/radius.te
 --- nsaserefpolicy/policy/modules/services/radius.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.te	2009-02-12 22:21:57.000000000 +0100
 @@ -25,6 +25,9 @@
  type radiusd_var_run_t;
  files_pid_file(radiusd_var_run_t)
@@ -660685,7 +660843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.fc serefpolicy-3.3.1/policy/modules/services/radvd.fc
 --- nsaserefpolicy/policy/modules/services/radvd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -5,3 +5,4 @@
  
  /var/run/radvd\.pid	--	gen_context(system_u:object_r:radvd_var_run_t,s0)
@@ -660693,7 +660851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
 +/etc/rc\.d/init\.d/radvd	--	gen_context(system_u:object_r:radvd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.if serefpolicy-3.3.1/policy/modules/services/radvd.if
 --- nsaserefpolicy/policy/modules/services/radvd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.if	2009-02-12 22:21:57.000000000 +0100
 @@ -2,6 +2,25 @@
  
  ########################################
@@ -660749,7 +660907,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.3.1/policy/modules/services/radvd.te
 --- nsaserefpolicy/policy/modules/services/radvd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -15,11 +15,14 @@
  type radvd_etc_t;
  files_config_file(radvd_etc_t)
@@ -660776,7 +660934,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.3.1/policy/modules/services/razor.fc
 --- nsaserefpolicy/policy/modules/services/razor.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:ROLE_razor_home_t,s0)
 +HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:user_razor_home_t,s0)
@@ -660785,7 +660943,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.3.1/policy/modules/services/razor.if
 --- nsaserefpolicy/policy/modules/services/razor.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.if	2009-02-12 22:21:57.000000000 +0100
 @@ -137,6 +137,7 @@
  template(`razor_per_role_template',`
  	gen_require(`
@@ -660877,7 +661035,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.3.1/policy/modules/services/razor.te
 --- nsaserefpolicy/policy/modules/services/razor.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.te	2009-02-12 22:21:57.000000000 +0100
 @@ -23,6 +23,12 @@
  
  razor_common_domain_template(razor)
@@ -660893,7 +661051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.if serefpolicy-3.3.1/policy/modules/services/rdisc.if
 --- nsaserefpolicy/policy/modules/services/rdisc.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rdisc.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rdisc.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,20 @@
  ## <summary>Network router discovery daemon</summary>
 +
@@ -660917,7 +661075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdis
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.te serefpolicy-3.3.1/policy/modules/services/rdisc.te
 --- nsaserefpolicy/policy/modules/services/rdisc.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rdisc.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rdisc.te	2009-02-12 22:21:57.000000000 +0100
 @@ -45,6 +45,8 @@
  libs_use_ld_so(rdisc_t)
  libs_use_shared_libs(rdisc_t)
@@ -660929,7 +661087,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdis
  sysnet_read_config(rdisc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.if serefpolicy-3.3.1/policy/modules/services/remotelogin.if
 --- nsaserefpolicy/policy/modules/services/remotelogin.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/remotelogin.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/remotelogin.if	2009-02-12 22:21:57.000000000 +0100
 @@ -35,3 +35,4 @@
  
  	allow $1 remote_login_t:process signal;
@@ -660937,7 +661095,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-3.3.1/policy/modules/services/remotelogin.te
 --- nsaserefpolicy/policy/modules/services/remotelogin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/remotelogin.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/remotelogin.te	2009-02-12 22:21:57.000000000 +0100
 @@ -85,6 +85,7 @@
  
  miscfiles_read_localization(remote_login_t)
@@ -660948,7 +661106,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
  # Only permit unprivileged user domains to be entered via rlogin,
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.3.1/policy/modules/services/rhgb.te
 --- nsaserefpolicy/policy/modules/services/rhgb.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rhgb.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rhgb.te	2009-02-12 22:21:57.000000000 +0100
 @@ -92,6 +92,7 @@
  term_getattr_pty_fs(rhgb_t)
  
@@ -660967,7 +661125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb
  	consoletype_exec(rhgb_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.3.1/policy/modules/services/ricci.if
 --- nsaserefpolicy/policy/modules/services/ricci.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ricci.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ricci.if	2009-02-12 22:21:57.000000000 +0100
 @@ -165,3 +165,4 @@
  
  	domtrans_pattern($1,ricci_modstorage_exec_t,ricci_modstorage_t)
@@ -660975,7 +661133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.3.1/policy/modules/services/rlogin.te
 --- nsaserefpolicy/policy/modules/services/rlogin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rlogin.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rlogin.te	2009-02-12 22:21:57.000000000 +0100
 @@ -36,6 +36,8 @@
  allow rlogind_t rlogind_devpts_t:chr_file { rw_chr_file_perms setattr };
  term_create_pty(rlogind_t,rlogind_devpts_t)
@@ -661015,7 +661173,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.3.1/policy/modules/services/roundup.fc
 --- nsaserefpolicy/policy/modules/services/roundup.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -7,3 +7,5 @@
  # /var
  #
@@ -661024,7 +661182,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
 +/etc/rc\.d/init\.d/roundup	--	gen_context(system_u:object_r:roundup_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.if serefpolicy-3.3.1/policy/modules/services/roundup.if
 --- nsaserefpolicy/policy/modules/services/roundup.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,68 @@
  ## <summary>Roundup Issue Tracking System policy</summary>
 +
@@ -661096,7 +661254,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.te serefpolicy-3.3.1/policy/modules/services/roundup.te
 --- nsaserefpolicy/policy/modules/services/roundup.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,9 @@
  type roundup_var_lib_t;
  files_type(roundup_var_lib_t)
@@ -661109,7 +661267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.3.1/policy/modules/services/rpcbind.fc
 --- nsaserefpolicy/policy/modules/services/rpcbind.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -5,3 +5,5 @@
  /var/run/rpc.statd\.pid	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
  /var/run/rpcbind\.lock	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
@@ -661118,7 +661276,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
 +/etc/rc\.d/init\.d/rpcbind	--	gen_context(system_u:object_r:rpcbind_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.3.1/policy/modules/services/rpcbind.if
 --- nsaserefpolicy/policy/modules/services/rpcbind.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.if	2009-02-12 22:21:57.000000000 +0100
 @@ -95,3 +95,70 @@
  	manage_files_pattern($1,rpcbind_var_lib_t,rpcbind_var_lib_t)
  	files_search_var_lib($1)
@@ -661192,7 +661350,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.3.1/policy/modules/services/rpcbind.te
 --- nsaserefpolicy/policy/modules/services/rpcbind.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,16 +16,21 @@
  type rpcbind_var_lib_t;
  files_type(rpcbind_var_lib_t)
@@ -661226,7 +661384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
  corenet_all_recvfrom_unlabeled(rpcbind_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.3.1/policy/modules/services/rpc.fc
 --- nsaserefpolicy/policy/modules/services/rpc.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -12,6 +12,7 @@
  # /usr
  #
@@ -661237,7 +661395,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  /usr/sbin/rpc\.nfsd	--	gen_context(system_u:object_r:nfsd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.3.1/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.if	2009-02-12 22:21:57.000000000 +0100
 @@ -88,8 +88,11 @@
  	# bind to arbitary unused ports
  	corenet_tcp_bind_generic_port($1_t)
@@ -661301,7 +661459,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.3.1/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2009-02-13 10:22:49.000000000 +0100
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write,false)
  
@@ -661371,15 +661529,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  fs_rw_nfsd_fs(nfsd_t) 
  
  term_use_controlling_term(nfsd_t) 
-@@ -124,6 +143,7 @@
+@@ -124,11 +143,20 @@
  tunable_policy(`nfs_export_all_rw',`
  	fs_read_noxattr_fs_files(nfsd_t) 
  	auth_manage_all_files_except_shadow(nfsd_t)
-+	userdom_generic_user_home_dir_filetrans_generic_user_home_content(nfsd_t, { file dir })
++	dev_getattr_all_blk_files(nfsd_t)
++        dev_getattr_all_chr_files(nfsd_t)
++	#userdom_generic_user_home_dir_filetrans_generic_user_home_content(nfsd_t, { file dir })
  ')
++userdom_generic_user_home_dir_filetrans_generic_user_home_content(nfsd_t, { file dir })
  
  tunable_policy(`nfs_export_all_ro',`
-@@ -144,6 +164,7 @@
+ 	fs_read_noxattr_fs_files(nfsd_t) 
+ 	auth_read_all_files_except_shadow(nfsd_t)
++	auth_read_all_dirs_except_shadow(nfsd_t)
++        files_getattr_all_pipes(nfsd_t)
++        files_getattr_all_sockets(nfsd_t)
++        dev_getattr_all_blk_files(nfsd_t)
++        dev_getattr_all_chr_files(nfsd_t)
+ ')
+ 
+ ########################################
+@@ -144,6 +172,7 @@
  manage_files_pattern(gssd_t,gssd_tmp_t,gssd_tmp_t)
  files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
  
@@ -661387,7 +661558,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  kernel_read_network_state(gssd_t)
  kernel_read_network_state_symlinks(gssd_t)	
  kernel_search_network_sysctl(gssd_t)	
-@@ -157,8 +178,15 @@
+@@ -157,8 +186,15 @@
  files_list_tmp(gssd_t) 
  files_read_usr_symlinks(gssd_t) 
  
@@ -661403,7 +661574,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  tunable_policy(`allow_gssd_read_tmp',`
  	userdom_list_unpriv_users_tmp(gssd_t) 
  	userdom_read_unpriv_users_tmp_files(gssd_t) 
-@@ -166,8 +194,7 @@
+@@ -166,8 +202,7 @@
  ')
  
  optional_policy(`
@@ -661415,7 +661586,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.3.1/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rshd.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rshd.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,7 +16,7 @@
  #
  # Local policy
@@ -661479,7 +661650,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.fc serefpolicy-3.3.1/policy/modules/services/rsync.fc
 --- nsaserefpolicy/policy/modules/services/rsync.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,2 +1,6 @@
  
  /usr/bin/rsync		--	gen_context(system_u:object_r:rsync_exec_t,s0)
@@ -661489,7 +661660,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +/var/run/rsyncd\.lock      --	gen_context(system_u:object_r:rsync_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.3.1/policy/modules/services/rsync.if
 --- nsaserefpolicy/policy/modules/services/rsync.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.if	2009-02-12 22:21:57.000000000 +0100
 @@ -103,3 +103,5 @@
  
  	can_exec($1,rsync_exec_t)
@@ -661498,7 +661669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.3.1/policy/modules/services/rsync.te
 --- nsaserefpolicy/policy/modules/services/rsync.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.te	2009-02-12 22:21:57.000000000 +0100
 @@ -31,6 +31,9 @@
  type rsync_data_t;
  files_type(rsync_data_t)
@@ -661546,7 +661717,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.fc serefpolicy-3.3.1/policy/modules/services/rwho.fc
 --- nsaserefpolicy/policy/modules/services/rwho.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -3,3 +3,5 @@
  /var/spool/rwho(/.*)?		gen_context(system_u:object_r:rwho_spool_t,s0)
  
@@ -661555,7 +661726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
 +/etc/rc\.d/init\.d/rwhod	--	gen_context(system_u:object_r:rwho_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-3.3.1/policy/modules/services/rwho.if
 --- nsaserefpolicy/policy/modules/services/rwho.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.if	2009-02-12 22:21:57.000000000 +0100
 @@ -118,6 +118,25 @@
  
  ########################################
@@ -661608,7 +661779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.3.1/policy/modules/services/rwho.te
 --- nsaserefpolicy/policy/modules/services/rwho.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,9 @@
  type rwho_spool_t;
  files_type(rwho_spool_t)
@@ -661621,7 +661792,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
  # rwho local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.3.1/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -15,6 +15,7 @@
  /usr/bin/ntlm_auth		--	gen_context(system_u:object_r:winbind_helper_exec_t,s0)
  /usr/bin/smbmount		--	gen_context(system_u:object_r:smbmount_exec_t,s0)
@@ -661645,7 +661816,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.if	2009-02-12 22:21:57.000000000 +0100
 @@ -33,8 +33,8 @@
  	')
  
@@ -662014,7 +662185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.te	2009-02-04 14:48:41.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.te	2009-02-13 10:19:03.000000000 +0100
 @@ -17,6 +17,13 @@
  
  ## <desc>
@@ -662207,15 +662378,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  optional_policy(`
-@@ -363,10 +419,18 @@
+@@ -363,10 +419,19 @@
  	udev_read_db(smbd_t)
  ')
  
 +tunable_policy(`samba_create_home_dirs',`
 +	allow smbd_t self:capability chown;
 +	userdom_create_generic_home_dir_files(smbd_t)
-+	userdom_home_filetrans_generic_user_home_dir(smbd_t)
++	#userdom_home_filetrans_generic_user_home_dir(smbd_t)
 +')
++userdom_home_filetrans_generic_user_home_dir(smbd_t)
 +
  tunable_policy(`samba_export_all_ro',`
  	fs_read_noxattr_fs_files(smbd_t) 
@@ -662226,7 +662398,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  	auth_read_all_files_except_shadow(nmbd_t)
  ')
  
-@@ -391,7 +455,7 @@
+@@ -375,8 +440,9 @@
+ 	auth_manage_all_files_except_shadow(smbd_t)
+ 	fs_read_noxattr_fs_files(nmbd_t) 
+ 	auth_manage_all_files_except_shadow(nmbd_t)
+-	userdom_generic_user_home_dir_filetrans_generic_user_home_content(nmbd_t, { file dir })
++	#userdom_generic_user_home_dir_filetrans_generic_user_home_content(nmbd_t, { file dir })
+ ')
++userdom_generic_user_home_dir_filetrans_generic_user_home_content(nmbd_t, { file dir })
+ 
+ ########################################
+ #
+@@ -391,7 +457,7 @@
  allow nmbd_t self:msgq create_msgq_perms;
  allow nmbd_t self:sem create_sem_perms;
  allow nmbd_t self:shm create_shm_perms;
@@ -662235,7 +662418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow nmbd_t self:tcp_socket create_stream_socket_perms;
  allow nmbd_t self:udp_socket create_socket_perms;
  allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -403,8 +467,7 @@
+@@ -403,8 +469,7 @@
  read_files_pattern(nmbd_t,samba_etc_t,samba_etc_t)
  
  manage_dirs_pattern(nmbd_t,samba_log_t,samba_log_t)
@@ -662245,7 +662428,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  read_files_pattern(nmbd_t,samba_log_t,samba_log_t)
  create_files_pattern(nmbd_t,samba_log_t,samba_log_t)
-@@ -439,6 +502,7 @@
+@@ -439,6 +504,7 @@
  dev_getattr_mtrr_dev(nmbd_t)
  
  fs_getattr_all_fs(nmbd_t)
@@ -662253,7 +662436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  fs_search_auto_mountpoints(nmbd_t)
  
  domain_use_interactive_fds(nmbd_t)
-@@ -522,6 +586,7 @@
+@@ -522,6 +588,7 @@
  storage_raw_write_fixed_disk(smbmount_t)
  
  term_list_ptys(smbmount_t)
@@ -662261,7 +662444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  corecmd_list_bin(smbmount_t)
  
-@@ -533,41 +598,50 @@
+@@ -533,41 +600,50 @@
  
  auth_use_nsswitch(smbmount_t)
  
@@ -662322,7 +662505,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow swat_t smbd_var_run_t:file read;
  
  manage_dirs_pattern(swat_t,swat_tmp_t,swat_tmp_t)
-@@ -577,7 +651,9 @@
+@@ -577,7 +653,9 @@
  manage_files_pattern(swat_t,swat_var_run_t,swat_var_run_t)
  files_pid_filetrans(swat_t,swat_var_run_t,file)
  
@@ -662333,7 +662516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  kernel_read_kernel_sysctls(swat_t)
  kernel_read_system_state(swat_t)
-@@ -602,10 +678,12 @@
+@@ -602,10 +680,12 @@
  
  dev_read_urand(swat_t)
  
@@ -662346,7 +662529,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  auth_domtrans_chk_passwd(swat_t)
  auth_use_nsswitch(swat_t)
-@@ -614,6 +692,7 @@
+@@ -614,6 +694,7 @@
  libs_use_shared_libs(swat_t)
  
  logging_send_syslog_msg(swat_t)
@@ -662354,7 +662537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  logging_search_logs(swat_t)
  
  miscfiles_read_localization(swat_t)
-@@ -631,6 +710,17 @@
+@@ -631,6 +712,17 @@
  	kerberos_use(swat_t)
  ')
  
@@ -662372,7 +662555,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ########################################
  #
  # Winbind local policy
-@@ -673,12 +763,15 @@
+@@ -673,12 +765,15 @@
  
  manage_dirs_pattern(winbind_t,winbind_tmp_t,winbind_tmp_t)
  manage_files_pattern(winbind_t,winbind_tmp_t,winbind_tmp_t)
@@ -662388,7 +662571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  kernel_read_kernel_sysctls(winbind_t)
  kernel_list_proc(winbind_t)
  kernel_read_proc_symlinks(winbind_t)
-@@ -764,8 +857,13 @@
+@@ -764,8 +859,13 @@
  miscfiles_read_localization(winbind_helper_t) 
  
  optional_policy(`
@@ -662402,7 +662585,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -774,19 +872,64 @@
+@@ -774,19 +874,64 @@
  #
  
  optional_policy(`
@@ -662484,7 +662667,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +allow smbcontrol_t nmbd_var_run_t:file { read lock };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.fc serefpolicy-3.3.1/policy/modules/services/sasl.fc
 --- nsaserefpolicy/policy/modules/services/sasl.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -8,3 +8,5 @@
  # /var
  #
@@ -662493,7 +662676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
 +/etc/rc\.d/init\.d/sasl	--	gen_context(system_u:object_r:sasl_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.3.1/policy/modules/services/sasl.if
 --- nsaserefpolicy/policy/modules/services/sasl.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.if	2009-02-12 22:21:57.000000000 +0100
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -662561,7 +662744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.3.1/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.te	2009-02-12 22:21:57.000000000 +0100
 @@ -23,6 +23,9 @@
  type saslauthd_var_run_t;
  files_pid_file(saslauthd_var_run_t)
@@ -662594,7 +662777,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.3.1/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2009-02-12 22:21:57.000000000 +0100
 @@ -149,3 +149,104 @@
  
  	logging_log_filetrans($1,sendmail_log_t,file)
@@ -662702,7 +662885,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2009-02-04 14:41:21.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2009-02-12 22:21:57.000000000 +0100
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -662867,7 +663050,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 -') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -5,3 +5,5 @@
  /var/log/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
  
@@ -662876,7 +663059,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +/etc/rc\.d/init\.d/setroubleshoot	--	gen_context(system_u:object_r:setroubleshoot_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if	2009-02-12 22:21:57.000000000 +0100
 @@ -16,14 +16,13 @@
  	')
  
@@ -662976,7 +663159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,13 +22,16 @@
  type setroubleshoot_var_run_t;
  files_pid_file(setroubleshoot_var_run_t)
@@ -663058,13 +663241,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.fc serefpolicy-3.3.1/policy/modules/services/slattach.fc
 --- nsaserefpolicy/policy/modules/services/slattach.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,2 @@
 +
 +/sbin/slattach	--	gen_context(system_u:object_r:slattach_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.if serefpolicy-3.3.1/policy/modules/services/slattach.if
 --- nsaserefpolicy/policy/modules/services/slattach.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,22 @@
 +
 +## <summary>policy for slattach</summary>
@@ -663090,7 +663273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slat
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.te serefpolicy-3.3.1/policy/modules/services/slattach.te
 --- nsaserefpolicy/policy/modules/services/slattach.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,31 @@
 +policy_module(slattach,1.0.0)
 +
@@ -663125,7 +663308,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slat
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.fc serefpolicy-3.3.1/policy/modules/services/smartmon.fc
 --- nsaserefpolicy/policy/modules/services/smartmon.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -8,3 +8,4 @@
  #
  /var/run/smartd\.pid	--	gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
@@ -663133,7 +663316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
 +/etc/rc\.d/init\.d/smartd	--	gen_context(system_u:object_r:fsdaemon_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.3.1/policy/modules/services/smartmon.if
 --- nsaserefpolicy/policy/modules/services/smartmon.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.if	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,25 @@
  
  ########################################
@@ -663190,7 +663373,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.3.1/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.te	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,10 @@
  type fsdaemon_tmp_t;
  files_tmp_file(fsdaemon_tmp_t)
@@ -663229,7 +663412,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
  userdom_dontaudit_search_sysadm_home_dirs(fsdaemon_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.3.1/policy/modules/services/snmp.fc
 --- nsaserefpolicy/policy/modules/services/snmp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -8,6 +8,7 @@
  #
  # /var
@@ -663247,7 +663430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
 +/etc/rc\.d/init\.d/snmptrapd --	gen_context(system_u:object_r:snmp_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.3.1/policy/modules/services/snmp.if
 --- nsaserefpolicy/policy/modules/services/snmp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.if	2009-02-12 22:21:57.000000000 +0100
 @@ -87,6 +87,25 @@
  
  ########################################
@@ -663310,7 +663493,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.3.1/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.te	2009-02-12 22:21:57.000000000 +0100
 @@ -18,12 +18,16 @@
  type snmpd_var_lib_t;
  files_type(snmpd_var_lib_t)
@@ -663393,7 +663576,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.fc serefpolicy-3.3.1/policy/modules/services/snort.fc
 --- nsaserefpolicy/policy/modules/services/snort.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,6 +1,10 @@
 +/usr/s?bin/snort	--	gen_context(system_u:object_r:snort_exec_t,s0)
 +/usr/sbin/snort-plain	--	gen_context(system_u:object_r:snort_exec_t,s0)
@@ -663410,7 +663593,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
 +/etc/rc\.d/init\.d/snortd	--	gen_context(system_u:object_r:snort_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.3.1/policy/modules/services/snort.if
 --- nsaserefpolicy/policy/modules/services/snort.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,95 @@
 -## <summary>Snort network intrusion detection system</summary>
 +## <summary>SELinux policy for Snort IDS</summary>
@@ -663510,7 +663693,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.3.1/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,10 +8,13 @@
  
  type snort_t;
@@ -663561,7 +663744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.fc serefpolicy-3.3.1/policy/modules/services/soundserver.fc
 --- nsaserefpolicy/policy/modules/services/soundserver.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,10 +1,12 @@
 -/etc/nas(/.*)?			gen_context(system_u:object_r:soundd_etc_t,s0)
 -/etc/yiff(/.*)?			gen_context(system_u:object_r:soundd_etc_t,s0)
@@ -663580,7 +663763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
 +/etc/rc\.d/init\.d/nasd	--	gen_context(system_u:object_r:soundd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.3.1/policy/modules/services/soundserver.if
 --- nsaserefpolicy/policy/modules/services/soundserver.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.if	2009-02-12 22:21:57.000000000 +0100
 @@ -13,3 +13,74 @@
  interface(`soundserver_tcp_connect',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -663658,7 +663841,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.te serefpolicy-3.3.1/policy/modules/services/soundserver.te
 --- nsaserefpolicy/policy/modules/services/soundserver.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.te	2009-02-12 22:21:57.000000000 +0100
 @@ -10,9 +10,6 @@
  type soundd_exec_t;
  init_daemon_domain(soundd_t,soundd_exec_t)
@@ -663729,7 +663912,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.3.1/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc	2009-02-04 14:41:59.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:user_spamassassin_home_t,s0)
@@ -663757,7 +663940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +/etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.3.1/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if	2009-02-12 22:21:57.000000000 +0100
 @@ -34,10 +34,11 @@
  # cjp: when tunables are available, spamc stuff should be
  # toggled on activation of spamc, and similarly for spamd.
@@ -664326,7 +664509,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.3.1/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te	2009-02-04 11:07:37.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te	2009-02-12 22:21:57.000000000 +0100
 @@ -21,8 +21,10 @@
  gen_tunable(spamd_enable_home_dirs,true)
  
@@ -664691,7 +664874,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.3.1/policy/modules/services/squid.fc
 --- nsaserefpolicy/policy/modules/services/squid.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -12,3 +12,8 @@
  /var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
  
@@ -664703,7 +664886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.3.1/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.if	2009-02-12 22:21:57.000000000 +0100
 @@ -131,3 +131,95 @@
  interface(`squid_use',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -664802,7 +664985,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.3.1/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.te	2009-02-12 22:21:57.000000000 +0100
 @@ -31,12 +31,15 @@
  type squid_var_run_t;
  files_pid_file(squid_var_run_t)
@@ -664891,7 +665074,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.3.1/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:ROLE_home_ssh_t,s0)
 +HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:user_ssh_home_t,s0)
@@ -664900,7 +665083,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  /etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.3.1/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.if	2009-02-12 22:21:57.000000000 +0100
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -665164,7 +665347,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.3.1/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.te	2009-02-13 09:41:34.000000000 +0100
 @@ -24,7 +24,7 @@
  
  # Type for the ssh-agent executable.
@@ -665174,7 +665357,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  
  # ssh client executable.
  type ssh_exec_t;
-@@ -57,6 +57,13 @@
+@@ -57,6 +57,16 @@
  	init_ranged_daemon_domain(sshd_t,sshd_exec_t,s0 - mcs_systemhigh)
  ')
  
@@ -665185,10 +665368,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
 +type user_ssh_tmp_t;
 +files_tmp_file(user_ssh_tmp_t)
 +
++type sshd_tmpfs_t;
++files_tmpfs_file(sshd_tmpfs_t)
++
  #################################
  #
  # sshd local policy
-@@ -80,6 +87,11 @@
+@@ -73,6 +83,9 @@
+ manage_sock_files_pattern(sshd_t,sshd_tmp_t,sshd_tmp_t)
+ files_tmp_filetrans(sshd_t, sshd_tmp_t, { dir file sock_file })
+ 
++manage_files_pattern(sshd_t, sshd_tmpfs_t, sshd_tmpfs_t)
++fs_tmpfs_filetrans(sshd_t, sshd_tmpfs_t, file)
++
+ kernel_search_key(sshd_t)
+ kernel_link_key(sshd_t)
+ 
+@@ -80,6 +93,11 @@
  corenet_tcp_bind_xserver_port(sshd_t)
  corenet_sendrecv_xserver_server_packets(sshd_t)
  
@@ -665200,7 +665396,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  tunable_policy(`ssh_sysadm_login',`
  	# Relabel and access ptys created by sshd
  	# ioctl is necessary for logout() processing for utmp entry and for w to
-@@ -101,6 +113,10 @@
+@@ -101,6 +119,10 @@
  ')
  
  optional_policy(`
@@ -665211,7 +665407,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  	daemontools_service_domain(sshd_t, sshd_exec_t)
  ')
  
-@@ -119,7 +135,11 @@
+@@ -119,7 +141,11 @@
  ')
  
  optional_policy(`
@@ -665226,7 +665422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.3.1/policy/modules/services/stunnel.fc
 --- nsaserefpolicy/policy/modules/services/stunnel.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -2,5 +2,6 @@
  /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
  
@@ -665236,7 +665432,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
  /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.3.1/policy/modules/services/stunnel.if
 --- nsaserefpolicy/policy/modules/services/stunnel.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,25 @@
  ## <summary>SSL Tunneling Proxy</summary>
 +
@@ -665265,7 +665461,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.3.1/policy/modules/services/stunnel.te
 --- nsaserefpolicy/policy/modules/services/stunnel.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.te	2009-02-12 22:21:57.000000000 +0100
 @@ -20,7 +20,7 @@
  ')
  
@@ -665286,7 +665482,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
  corenet_tcp_sendrecv_all_if(stunnel_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.3.1/policy/modules/services/telnet.te
 --- nsaserefpolicy/policy/modules/services/telnet.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/telnet.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/telnet.te	2009-02-12 22:21:57.000000000 +0100
 @@ -37,6 +37,8 @@
  allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr };
  term_create_pty(telnetd_t,telnetd_devpts_t)
@@ -665338,7 +665534,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/teln
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.3.1/policy/modules/services/tftp.fc
 --- nsaserefpolicy/policy/modules/services/tftp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -4,5 +4,5 @@
  
  /tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
@@ -665348,7 +665544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.3.1/policy/modules/services/tftp.if
 --- nsaserefpolicy/policy/modules/services/tftp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.if	2009-02-12 22:21:57.000000000 +0100
 @@ -24,17 +24,17 @@
  #
  interface(`tftp_admin',`
@@ -665376,7 +665572,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.3.1/policy/modules/services/tftp.te
 --- nsaserefpolicy/policy/modules/services/tftp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.te	2009-02-12 22:21:57.000000000 +0100
 @@ -37,7 +37,6 @@
  allow tftpd_t self:udp_socket create_socket_perms;
  allow tftpd_t self:unix_dgram_socket create_socket_perms;
@@ -665421,13 +665617,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/timidity.if serefpolicy-3.3.1/policy/modules/services/timidity.if
 --- nsaserefpolicy/policy/modules/services/timidity.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/timidity.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/timidity.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>MIDI to WAV converter and player configured as a service</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.3.1/policy/modules/services/tor.fc
 --- nsaserefpolicy/policy/modules/services/tor.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,8 +1,10 @@
  /etc/tor(/.*)?			gen_context(system_u:object_r:tor_etc_t,s0)
  
@@ -665442,7 +665638,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
 +/etc/rc\.d/init\.d/tor	--	gen_context(system_u:object_r:tor_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.3.1/policy/modules/services/tor.if
 --- nsaserefpolicy/policy/modules/services/tor.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.if	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,25 @@
  
  ########################################
@@ -665506,7 +665702,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.3.1/policy/modules/services/tor.te
 --- nsaserefpolicy/policy/modules/services/tor.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.te	2009-02-12 22:21:57.000000000 +0100
 @@ -26,11 +26,15 @@
  type tor_var_run_t;
  files_pid_file(tor_var_run_t)
@@ -665541,7 +665737,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.3.1/policy/modules/services/uucp.if
 --- nsaserefpolicy/policy/modules/services/uucp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/uucp.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/uucp.if	2009-02-12 22:21:57.000000000 +0100
 @@ -85,27 +85,27 @@
  #
  interface(`uucp_admin',`
@@ -665583,7 +665779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.3.1/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/uucp.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/uucp.te	2009-02-12 22:21:57.000000000 +0100
 @@ -116,6 +116,8 @@
  
  files_read_etc_files(uux_t)
@@ -665603,13 +665799,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.fc serefpolicy-3.3.1/policy/modules/services/w3c.fc
 --- nsaserefpolicy/policy/modules/services/w3c.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,2 @@
 +/usr/share/w3c-markup-validator(/.*)?		gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
 +/usr/share/w3c-markup-validator/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.if serefpolicy-3.3.1/policy/modules/services/w3c.if
 --- nsaserefpolicy/policy/modules/services/w3c.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,20 @@
 +## <summary>W3C</summary>
 +
@@ -665633,7 +665829,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.3.1/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,14 @@
 +policy_module(w3c,1.2.1)
 +
@@ -665651,19 +665847,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
 +miscfiles_read_certs(httpd_w3c_validator_script_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/watchdog.if serefpolicy-3.3.1/policy/modules/services/watchdog.if
 --- nsaserefpolicy/policy/modules/services/watchdog.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/watchdog.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/watchdog.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>Software watchdog</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xprint.if serefpolicy-3.3.1/policy/modules/services/xprint.if
 --- nsaserefpolicy/policy/modules/services/xprint.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xprint.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xprint.if	2009-02-12 22:21:57.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>X print server</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.3.1/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,13 +1,13 @@
  #
  # HOME_DIR
@@ -665734,7 +665930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2009-02-12 22:21:57.000000000 +0100
 @@ -12,9 +12,15 @@
  ##	</summary>
  ## </param>
@@ -667224,7 +667420,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,6 +8,14 @@
  
  ## <desc>
@@ -667891,7 +668087,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-3.3.1/policy/modules/services/zabbix.fc
 --- nsaserefpolicy/policy/modules/services/zabbix.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,5 +1,8 @@
 +
  /usr/bin/zabbix_server	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
@@ -667903,7 +668099,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
 +/etc/rc\.d/init\.d/zabbix	--	gen_context(system_u:object_r:zabbix_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-3.3.1/policy/modules/services/zabbix.if
 --- nsaserefpolicy/policy/modules/services/zabbix.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.if	2009-02-12 22:21:57.000000000 +0100
 @@ -79,6 +79,25 @@
  
  ########################################
@@ -667962,7 +668158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.3.1/policy/modules/services/zabbix.te
 --- nsaserefpolicy/policy/modules/services/zabbix.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.te	2009-02-12 22:21:57.000000000 +0100
 @@ -18,6 +18,9 @@
  type zabbix_var_run_t;
  files_pid_file(zabbix_var_run_t)
@@ -667975,7 +668171,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
  # zabbix local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.fc serefpolicy-3.3.1/policy/modules/services/zebra.fc
 --- nsaserefpolicy/policy/modules/services/zebra.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -14,3 +14,10 @@
  /var/run/\.zebra	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
  /var/run/\.zserv	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
@@ -667989,7 +668185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
 +/etc/rc\.d/init\.d/zebra	--	gen_context(system_u:object_r:zebra_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.3.1/policy/modules/services/zebra.if
 --- nsaserefpolicy/policy/modules/services/zebra.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.if	2009-02-12 22:21:57.000000000 +0100
 @@ -18,12 +18,32 @@
  
  	files_search_etc($1)
@@ -668066,7 +668262,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.3.1/policy/modules/services/zebra.te
 --- nsaserefpolicy/policy/modules/services/zebra.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.te	2009-02-12 22:21:57.000000000 +0100
 @@ -30,6 +30,9 @@
  type zebra_var_run_t;
  files_pid_file(zebra_var_run_t)
@@ -668096,7 +668292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.3.1/policy/modules/system/application.te
 --- nsaserefpolicy/policy/modules/system/application.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/application.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/application.te	2009-02-12 22:21:57.000000000 +0100
 @@ -7,6 +7,12 @@
  # Executables to be run by user
  attribute application_exec_type;
@@ -668112,7 +668308,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
  	ssh_rw_stream_sockets(application_domain_type)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.3.1/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -7,12 +7,10 @@
  /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
  /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
@@ -668141,7 +668337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.3.1/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.if	2009-02-13 10:11:38.000000000 +0100
 @@ -56,10 +56,6 @@
  	miscfiles_read_localization($1_chkpwd_t)
  
@@ -668272,11 +668468,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 -	sysnet_dns_name_resolve($1)
 -	sysnet_use_ldap($1)
 -
--	optional_policy(`
+ 	optional_policy(`
 -		kerberos_use($1)
 -	')
 -
- 	optional_policy(`
+-	optional_policy(`
 -		nis_use_ypbind($1)
 +		kerberos_read_keytab($1)
 +		kerberos_524_connect($1)
@@ -668335,18 +668531,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
  
  ########################################
-@@ -1447,6 +1512,10 @@
+@@ -1447,6 +1512,14 @@
  	')
  
  	optional_policy(`
 +		kerberos_use($1)
 +	')
++	
++	optional_policy(`
++        	ldap_stream_connect($1)
++	')
 +
 +	optional_policy(`
  		nis_use_ypbind($1)
  	')
  
-@@ -1457,6 +1526,7 @@
+@@ -1457,6 +1530,7 @@
  	optional_policy(`
  		samba_stream_connect_winbind($1)
  		samba_read_var_files($1)
@@ -668354,7 +668554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  ')
  
-@@ -1491,3 +1561,80 @@
+@@ -1491,3 +1565,80 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -668437,7 +668637,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.3.1/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.te	2009-02-13 09:55:18.000000000 +0100
 @@ -59,6 +59,9 @@
  type utempter_exec_t;
  application_domain(utempter_t,utempter_exec_t)
@@ -668502,16 +668702,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  dev_read_urand(pam_console_t)
  
  mls_file_read_all_levels(pam_console_t)
-@@ -269,6 +289,8 @@
+@@ -269,6 +289,10 @@
  
  domain_dontaudit_use_interactive_fds(system_chkpwd_t)
  
++fs_rw_anon_inodefs_files(system_chkpwd_t)
++
 +nis_authenticate(system_chkpwd_t)
 +
  term_dontaudit_use_unallocated_ttys(system_chkpwd_t)
  term_dontaudit_use_generic_ptys(system_chkpwd_t)
  
-@@ -282,6 +304,11 @@
+@@ -282,6 +306,11 @@
  	')
  ')
  
@@ -668523,7 +668725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ########################################
  #
  # updpwd local policy
-@@ -297,8 +324,10 @@
+@@ -297,8 +326,10 @@
  files_manage_etc_files(updpwd_t)
  
  term_dontaudit_use_console(updpwd_t)
@@ -668535,7 +668737,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  auth_manage_shadow(updpwd_t)
  auth_use_nsswitch(updpwd_t)
-@@ -359,11 +388,6 @@
+@@ -359,11 +390,6 @@
  ')
  
  optional_policy(`
@@ -668549,7 +668751,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.3.1/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -668565,7 +668767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.if serefpolicy-3.3.1/policy/modules/system/fstools.if
 --- nsaserefpolicy/policy/modules/system/fstools.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.if	2009-02-12 22:21:57.000000000 +0100
 @@ -142,3 +142,21 @@
  
  	allow $1 swapfile_t:file getattr;
@@ -668590,7 +668792,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.3.1/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.te	2009-02-12 22:21:57.000000000 +0100
 @@ -97,6 +97,10 @@
  fs_getattr_tmpfs_dirs(fsadm_t)
  fs_read_tmpfs_symlinks(fsadm_t)
@@ -668614,7 +668816,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-3.3.1/policy/modules/system/getty.fc
 --- nsaserefpolicy/policy/modules/system/getty.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -8,5 +8,5 @@
  
  /var/run/mgetty\.pid.*	--	gen_context(system_u:object_r:getty_var_run_t,s0)
@@ -668625,7 +668827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
 +/var/spool/voice(/.*)?		gen_context(system_u:object_r:getty_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.3.1/policy/modules/system/getty.te
 --- nsaserefpolicy/policy/modules/system/getty.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.te	2009-02-12 22:21:57.000000000 +0100
 @@ -9,6 +9,7 @@
  type getty_t;
  type getty_exec_t;
@@ -668636,7 +668838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
  type getty_etc_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.3.1/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hostname.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hostname.te	2009-02-12 22:21:57.000000000 +0100
 @@ -8,7 +8,9 @@
  
  type hostname_t;
@@ -668650,7 +668852,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.3.1/policy/modules/system/hotplug.te
 --- nsaserefpolicy/policy/modules/system/hotplug.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hotplug.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hotplug.te	2009-02-12 22:21:57.000000000 +0100
 @@ -120,6 +120,7 @@
  	optional_policy(`
  		# for arping used for static IP addresses on PCMCIA ethernet
@@ -668669,7 +668871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.3.1/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -4,8 +4,7 @@
  /etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
  
@@ -668687,7 +668889,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
 -
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.3.1/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.if	2009-02-12 22:21:57.000000000 +0100
 @@ -211,6 +211,16 @@
  			kernel_dontaudit_use_fds($1)
  		')
@@ -669065,7 +669267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.te	2009-02-12 22:21:57.000000000 +0100
 @@ -10,6 +10,20 @@
  # Declarations
  #
@@ -669402,7 +669604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.3.1/policy/modules/system/ipsec.fc
 --- nsaserefpolicy/policy/modules/system/ipsec.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -16,6 +16,8 @@
  /usr/lib(64)?/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/lib(64)?/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -669422,7 +669624,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.3.1/policy/modules/system/ipsec.if
 --- nsaserefpolicy/policy/modules/system/ipsec.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.if	2009-02-12 22:21:57.000000000 +0100
 @@ -152,6 +152,25 @@
  
  ########################################
@@ -669451,7 +669653,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te	2009-02-12 22:21:57.000000000 +0100
 @@ -55,11 +55,13 @@
  
  allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -669481,7 +669683,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  can_exec(ipsec_t, ipsec_mgmt_exec_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.3.1/policy/modules/system/iptables.if
 --- nsaserefpolicy/policy/modules/system/iptables.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.if	2009-02-12 22:21:57.000000000 +0100
 @@ -49,6 +49,12 @@
  	iptables_domtrans($1)
  	role $2 types iptables_t;
@@ -669497,7 +669699,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2009-02-12 22:21:57.000000000 +0100
 @@ -27,7 +27,7 @@
  allow iptables_t self:process { sigchld sigkill sigstop signull signal };
  allow iptables_t self:rawip_socket create_socket_perms;
@@ -669550,7 +669752,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-3.3.1/policy/modules/system/iscsi.fc
 --- nsaserefpolicy/policy/modules/system/iscsi.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,5 +1,5 @@
  /sbin/iscsid		--	gen_context(system_u:object_r:iscsid_exec_t,s0)
  
@@ -669561,7 +669763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  /var/run/iscsid\.pid	--	gen_context(system_u:object_r:iscsi_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.3.1/policy/modules/system/iscsi.te
 --- nsaserefpolicy/policy/modules/system/iscsi.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.te	2009-02-12 22:21:57.000000000 +0100
 @@ -28,8 +28,8 @@
  # iscsid local policy
  #
@@ -669592,7 +669794,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-02-13 09:43:12.000000000 +0100
 @@ -69,8 +69,10 @@
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
@@ -669617,7 +669819,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  
  /usr/(.*/)?java/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
-@@ -118,6 +122,7 @@
+@@ -118,11 +122,13 @@
  /usr/lib/vlc/codec/libdmo_plugin\.so	   --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/vlc/codec/librealaudio_plugin\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -669625,7 +669827,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  /usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libsipphoneapi\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -133,6 +138,7 @@
+ /usr/lib(64)?/ati-fglrx/.+\.so(\..*)?	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/fglrx/.*\.so(\.[^/]*)*    --      gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libGLU\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libjs\.so.*     		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -133,6 +139,7 @@
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -669633,7 +669841,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  /usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xulrunner-[^/]*/libxul\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
-@@ -164,7 +170,8 @@
+@@ -164,7 +171,8 @@
  # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
  # 	HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
  /usr/lib(64)?/gstreamer-.*/[^/]*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -669643,7 +669851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  
  /usr/lib/firefox-[^/]*/plugins/nppdf.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/libFLAC\.so.*			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -183,6 +190,7 @@
+@@ -183,6 +191,7 @@
  /usr/lib(64)?/libdv\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/plugins/[^/]*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/codecs/[^/]*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -669651,7 +669859,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  /usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -242,12 +250,13 @@
+@@ -242,12 +251,13 @@
  
  # Flash plugin, Macromedia
  HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -669667,7 +669875,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  
  # Jai, Sun Microsystems (Jpackage SPRM)
  /usr/lib(64)?/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -263,6 +272,8 @@
+@@ -263,6 +273,8 @@
  /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -669676,7 +669884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  # Java, Sun Microsystems (JPackage SRPM)
  /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -287,11 +298,15 @@
+@@ -287,11 +299,15 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -669692,7 +669900,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
  
-@@ -301,6 +316,23 @@
+@@ -301,6 +317,23 @@
  /var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
  ')
  
@@ -669718,7 +669926,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.3.1/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.te	2009-02-12 22:21:57.000000000 +0100
 @@ -23,6 +23,9 @@
  init_system_domain(ldconfig_t,ldconfig_exec_t)
  role system_r types ldconfig_t;
@@ -669797,7 +670005,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.3.1/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/locallogin.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/locallogin.te	2009-02-12 22:21:57.000000000 +0100
 @@ -131,6 +131,7 @@
  
  miscfiles_read_localization(local_login_t)
@@ -669866,7 +670074,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.3.1/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -4,6 +4,8 @@
  /etc/syslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
  /etc/audit(/.*)?		gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
@@ -669914,7 +670122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +/var/cfengine/outputs(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.if	2009-02-12 22:21:57.000000000 +0100
 @@ -213,12 +213,7 @@
  ## </param>
  #
@@ -670167,7 +670375,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.3.1/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.te	2009-02-12 22:21:57.000000000 +0100
 @@ -61,10 +61,29 @@
  logging_log_file(var_log_t)
  files_mountpoint(var_log_t)
@@ -670420,7 +670628,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.3.1/policy/modules/system/lvm.fc
 --- nsaserefpolicy/policy/modules/system/lvm.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -55,6 +55,7 @@
  /sbin/lvs		--	gen_context(system_u:object_r:lvm_exec_t,s0)
  /sbin/lvscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -670436,7 +670644,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
 +/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.3.1/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,7 +22,7 @@
  role system_r types lvm_t;
  
@@ -670615,7 +670823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.3.1/policy/modules/system/miscfiles.fc
 --- nsaserefpolicy/policy/modules/system/miscfiles.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -11,6 +11,7 @@
  /etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)
  /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
@@ -670631,7 +670839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
 +HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.3.1/policy/modules/system/miscfiles.if
 --- nsaserefpolicy/policy/modules/system/miscfiles.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if	2009-02-12 22:21:57.000000000 +0100
 @@ -489,3 +489,65 @@
  	manage_lnk_files_pattern($1,locale_t,locale_t)
  ')
@@ -670700,7 +670908,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.3.1/policy/modules/system/miscfiles.te
 --- nsaserefpolicy/policy/modules/system/miscfiles.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,14 @@
  files_type(fonts_t)
  
@@ -670718,7 +670926,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
  type hwdata_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.3.1/policy/modules/system/modutils.if
 --- nsaserefpolicy/policy/modules/system/modutils.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.if	2009-02-12 22:21:57.000000000 +0100
 @@ -66,6 +66,25 @@
  
  ########################################
@@ -670755,7 +670963,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.3.1/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.te	2009-02-12 22:21:57.000000000 +0100
 @@ -22,6 +22,8 @@
  type insmod_exec_t;
  application_domain(insmod_t,insmod_exec_t)
@@ -670898,7 +671106,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  #################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.3.1/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,6 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -670910,7 +671118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +/usr/bin/fusermount            --      gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.3.1/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.if	2009-02-04 14:59:39.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.if	2009-02-12 22:21:57.000000000 +0100
 @@ -48,7 +48,9 @@
  
  	mount_domtrans($1)
@@ -670948,7 +671156,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.3.1/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.te	2009-02-12 22:21:57.000000000 +0100
 @@ -18,17 +18,18 @@
  init_system_domain(mount_t,mount_exec_t)
  role system_r types mount_t;
@@ -671109,7 +671317,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-3.3.1/policy/modules/system/netlabel.te
 --- nsaserefpolicy/policy/modules/system/netlabel.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/netlabel.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/netlabel.te	2009-02-12 22:21:57.000000000 +0100
 @@ -9,6 +9,7 @@
  type netlabel_mgmt_t;
  type netlabel_mgmt_exec_t;
@@ -671120,15 +671328,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlab
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.fc serefpolicy-3.3.1/policy/modules/system/qemu.fc
 --- nsaserefpolicy/policy/modules/system/qemu.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.fc	2009-02-04 10:54:48.000000000 +0100
-@@ -0,0 +1,3 @@
++++ serefpolicy-3.3.1/policy/modules/system/qemu.fc	2009-02-13 09:48:32.000000000 +0100
+@@ -0,0 +1,6 @@
 +
 +/usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
++
++/var/run/libvirt/qemu(/.*)? -- gen_context(system_u:object_r:qemu_var_run_t,s0)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.3.1/policy/modules/system/qemu.if
 --- nsaserefpolicy/policy/modules/system/qemu.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.if	2009-02-04 10:54:48.000000000 +0100
-@@ -0,0 +1,336 @@
++++ serefpolicy-3.3.1/policy/modules/system/qemu.if	2009-02-13 09:47:42.000000000 +0100
+@@ -0,0 +1,341 @@
 +
 +## <summary>policy for qemu</summary>
 +
@@ -671386,7 +671597,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
 +	files_tmp_file($1_tmp_t)
 +	type $1_tmpfs_t;
 +	files_tmpfs_file($1_tmpfs_t)
-+
++	type $1_var_run_t;
++	files_pid_file($1_var_run_t)
++	
 +	domain_use_interactive_fds($1_t)
 +
 +	allow $1_t self:capability { dac_read_search dac_override };
@@ -671407,6 +671620,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
 +	manage_files_pattern($1_t,$1_tmp_t,$1_tmp_t)
 +	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
 +
++	manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
++	files_pid_filetrans($1_t, $1_var_run_t, file)
++
 +	dev_read_sound($1_t)
 +	dev_write_sound($1_t)
 +
@@ -671467,7 +671683,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.3.1/policy/modules/system/qemu.te
 --- nsaserefpolicy/policy/modules/system/qemu.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,79 @@
 +policy_module(qemu,1.0.0)
 +
@@ -671550,7 +671766,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.3.1/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/raid.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/raid.te	2009-02-12 22:21:57.000000000 +0100
 @@ -19,7 +19,7 @@
  # Local policy
  #
@@ -671578,7 +671794,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -38,7 +38,7 @@
  /usr/sbin/restorecond		--	gen_context(system_u:object_r:restorecond_exec_t,s0)
  /usr/sbin/run_init		--	gen_context(system_u:object_r:run_init_exec_t,s0)
@@ -671599,7 +671815,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +/var/lib/selinux(/.*)?			gen_context(system_u:object_r:selinux_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.3.1/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if	2009-02-12 22:21:57.000000000 +0100
 @@ -389,7 +389,7 @@
  ##	</summary>
  ## </param>
@@ -672099,7 +672315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.3.1/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te	2009-02-12 22:21:57.000000000 +0100
 @@ -23,6 +23,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -672462,7 +672678,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-3.3.1/policy/modules/system/setrans.fc
 --- nsaserefpolicy/policy/modules/system/setrans.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,3 +1,5 @@
  /sbin/mcstransd	--	gen_context(system_u:object_r:setrans_exec_t,s0)
  
@@ -672471,7 +672687,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
 +/etc/rc\.d/init\.d/mcstrans	--	gen_context(system_u:object_r:setrans_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.3.1/policy/modules/system/setrans.if
 --- nsaserefpolicy/policy/modules/system/setrans.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.if	2009-02-12 22:21:57.000000000 +0100
 @@ -13,6 +13,7 @@
  interface(`setrans_translate_context',`
  	gen_require(`
@@ -672506,7 +672722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.3.1/policy/modules/system/setrans.te
 --- nsaserefpolicy/policy/modules/system/setrans.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.te	2009-02-12 22:21:57.000000000 +0100
 @@ -14,6 +14,9 @@
  files_pid_file(setrans_var_run_t)
  mls_trusted_object(setrans_var_run_t)
@@ -672536,8 +672752,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc
 --- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc	2009-02-04 10:54:48.000000000 +0100
-@@ -57,3 +57,5 @@
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc	2009-02-12 22:45:41.000000000 +0100
+@@ -22,6 +22,10 @@
+ /etc/sysconfig/networking/profiles/.*/resolv\.conf -- gen_context(system_u:object_r:net_conf_t,s0)
+ ')
+ 
++/etc/wicd/manager-settings.conf  -- gen_context(system_u:object_r:net_conf_t, s0)
++/etc/wicd/wireless-settings.conf -- gen_context(system_u:object_r:net_conf_t, s0)
++/etc/wicd/wired-settings.conf   -- gen_context(system_u:object_r:net_conf_t, s0)
++
+ #
+ # /sbin
+ #
+@@ -57,3 +61,5 @@
  ifdef(`distro_gentoo',`
  /var/lib/dhcpc(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
  ')
@@ -672545,7 +672772,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2009-02-12 22:21:57.000000000 +0100
 @@ -145,6 +145,25 @@
  
  ########################################
@@ -672683,7 +672910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2009-02-12 22:21:57.000000000 +0100
 @@ -20,6 +20,10 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -672884,7 +673111,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  	xen_append_log(ifconfig_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.3.1/policy/modules/system/udev.if
 --- nsaserefpolicy/policy/modules/system/udev.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.if	2009-02-12 22:21:57.000000000 +0100
 @@ -96,6 +96,24 @@
  
  ########################################
@@ -672940,7 +673167,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.3.1/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.te	2009-02-12 22:21:57.000000000 +0100
 @@ -83,6 +83,7 @@
  kernel_rw_unix_dgram_sockets(udev_t)
  kernel_dgram_send(udev_t)
@@ -672998,7 +673225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.3.1/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,16 +1,26 @@
  # Add programs here which should not be confined by SELinux
  # e.g.:
@@ -673034,7 +673261,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.3.1/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.if	2009-02-12 22:21:57.000000000 +0100
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -673390,7 +673617,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2009-02-12 22:21:57.000000000 +0100
 @@ -6,35 +6,72 @@
  # Declarations
  #
@@ -673731,7 +673958,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.3.1/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -1,4 +1,5 @@
 -HOME_DIR	-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
 -HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -673744,7 +673971,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2009-02-04 14:47:08.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2009-02-12 22:21:57.000000000 +0100
 @@ -29,9 +29,14 @@
  	')
  
@@ -676905,7 +677132,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.3.1/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.te	2009-02-12 22:21:57.000000000 +0100
 @@ -2,12 +2,7 @@
  policy_module(userdomain,2.5.0)
  
@@ -677231,7 +677458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.fc serefpolicy-3.3.1/policy/modules/system/virt.fc
 --- nsaserefpolicy/policy/modules/system/virt.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,13 @@
 +
 +/usr/sbin/libvirtd	--	gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -677248,8 +677475,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.f
 +/etc/libvirt/.*/.*		gen_context(system_u:object_r:virt_etc_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.3.1/policy/modules/system/virt.if
 --- nsaserefpolicy/policy/modules/system/virt.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.if	2009-02-04 10:54:48.000000000 +0100
-@@ -0,0 +1,343 @@
++++ serefpolicy-3.3.1/policy/modules/system/virt.if	2009-02-13 10:43:16.000000000 +0100
+@@ -0,0 +1,361 @@
 +
 +## <summary>policy for virt</summary>
 +
@@ -677310,6 +677537,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.i
 +	allow $1 virt_var_run_t:file read_file_perms;
 +')
 +
++#######################################
++## <summary>
++##      Manage virt pid files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`virt_manage_pid_files',`
++        gen_require(`
++                type virt_var_run_t;
++        ')
++
++         manage_files_pattern($1, virt_var_run_t, virt_var_run_t)
++')
++
 +########################################
 +## <summary>
 +##	Read virt config files.
@@ -677595,7 +677840,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
 --- nsaserefpolicy/policy/modules/system/virt.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,204 @@
 +
 +policy_module(virt,1.0.0)
@@ -677803,7 +678048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.3.1/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.if	2009-02-12 22:21:57.000000000 +0100
 @@ -167,11 +167,14 @@
  #
  interface(`xen_stream_connect',`
@@ -677847,7 +678092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.3.1/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.te	2009-02-12 22:21:57.000000000 +0100
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -678057,17 +678302,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.fc serefpolicy-3.3.1/policy/modules/users/auditadm.fc
 --- nsaserefpolicy/policy/modules/users/auditadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No auditadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.if serefpolicy-3.3.1/policy/modules/users/auditadm.if
 --- nsaserefpolicy/policy/modules/users/auditadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for auditadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.te serefpolicy-3.3.1/policy/modules/users/auditadm.te
 --- nsaserefpolicy/policy/modules/users/auditadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,25 @@
 +policy_module(auditadm,1.0.1)
 +gen_require(`
@@ -678096,17 +678341,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditad
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.3.1/policy/modules/users/guest.fc
 --- nsaserefpolicy/policy/modules/users/guest.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No guest file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.3.1/policy/modules/users/guest.if
 --- nsaserefpolicy/policy/modules/users/guest.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for guest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.3.1/policy/modules/users/guest.te
 --- nsaserefpolicy/policy/modules/users/guest.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,33 @@
 +policy_module(guest,1.0.1)
 +userdom_restricted_user_template(guest)
@@ -678143,17 +678388,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.3.1/policy/modules/users/logadm.fc
 --- nsaserefpolicy/policy/modules/users/logadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No logadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.3.1/policy/modules/users/logadm.if
 --- nsaserefpolicy/policy/modules/users/logadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for logadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.3.1/policy/modules/users/logadm.te
 --- nsaserefpolicy/policy/modules/users/logadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,11 @@
 +policy_module(logadm,1.0.0)
 +
@@ -678168,22 +678413,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.
 +logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.3.1/policy/modules/users/metadata.xml
 --- nsaserefpolicy/policy/modules/users/metadata.xml	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/metadata.xml	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/metadata.xml	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +<summary>Policy modules for users</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.fc serefpolicy-3.3.1/policy/modules/users/secadm.fc
 --- nsaserefpolicy/policy/modules/users/secadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No secadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.3.1/policy/modules/users/secadm.if
 --- nsaserefpolicy/policy/modules/users/secadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for secadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.3.1/policy/modules/users/secadm.te
 --- nsaserefpolicy/policy/modules/users/secadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,39 @@
 +policy_module(secadm,1.0.1)
 +gen_require(`
@@ -678226,17 +678471,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.3.1/policy/modules/users/staff.fc
 --- nsaserefpolicy/policy/modules/users/staff.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No staff file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.3.1/policy/modules/users/staff.if
 --- nsaserefpolicy/policy/modules/users/staff.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for staff user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.3.1/policy/modules/users/staff.te
 --- nsaserefpolicy/policy/modules/users/staff.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,30 @@
 +policy_module(staff,1.0.1)
 +userdom_admin_login_user_template(staff)
@@ -678270,17 +678515,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.3.1/policy/modules/users/user.fc
 --- nsaserefpolicy/policy/modules/users/user.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No user file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.3.1/policy/modules/users/user.if
 --- nsaserefpolicy/policy/modules/users/user.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for user user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.3.1/policy/modules/users/user.te
 --- nsaserefpolicy/policy/modules/users/user.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,18 @@
 +policy_module(user,1.0.1)
 +userdom_unpriv_user_template(user)
@@ -678302,17 +678547,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.3.1/policy/modules/users/webadm.fc
 --- nsaserefpolicy/policy/modules/users/webadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No webadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.3.1/policy/modules/users/webadm.if
 --- nsaserefpolicy/policy/modules/users/webadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for webadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.3.1/policy/modules/users/webadm.te
 --- nsaserefpolicy/policy/modules/users/webadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,41 @@
 +policy_module(webadm,1.0.0)
 +
@@ -678357,17 +678602,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.
 +userdom_role_change_template(staff, webadm)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.3.1/policy/modules/users/xguest.fc
 --- nsaserefpolicy/policy/modules/users/xguest.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.fc	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.fc	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +# No xguest file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.3.1/policy/modules/users/xguest.if
 --- nsaserefpolicy/policy/modules/users/xguest.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.if	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.if	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for xguest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.3.1/policy/modules/users/xguest.te
 --- nsaserefpolicy/policy/modules/users/xguest.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.te	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.te	2009-02-12 22:21:57.000000000 +0100
 @@ -0,0 +1,69 @@
 +policy_module(xguest,1.0.1)
 +
@@ -678440,7 +678685,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.3.1/policy/support/file_patterns.spt
 --- nsaserefpolicy/policy/support/file_patterns.spt	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/file_patterns.spt	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/file_patterns.spt	2009-02-12 22:21:57.000000000 +0100
 @@ -537,3 +537,23 @@
  	allow $1 $2:dir rw_dir_perms;
  	type_transition $1 $2:$4 $3;
@@ -678467,7 +678712,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.3.1/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt	2009-02-12 22:21:57.000000000 +0100
 @@ -193,7 +193,7 @@
  define(`create_dir_perms',`{ getattr create }')
  define(`rename_dir_perms',`{ getattr rename }')
@@ -678547,7 +678792,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3.1/policy/users
 --- nsaserefpolicy/policy/users	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/users	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/policy/users	2009-02-12 22:21:57.000000000 +0100
 @@ -16,7 +16,7 @@
  # and a user process should never be assigned the system user
  # identity.
@@ -678583,7 +678828,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.3.1/Rules.modular
 --- nsaserefpolicy/Rules.modular	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.modular	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/Rules.modular	2009-02-12 22:21:57.000000000 +0100
 @@ -73,8 +73,8 @@
  $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
  	@echo "Compliling $(NAME) $(@F) module"
@@ -678615,7 +678860,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.
  $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.3.1/Rules.monolithic
 --- nsaserefpolicy/Rules.monolithic	2008-02-26 14:23:13.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.monolithic	2009-02-04 10:54:48.000000000 +0100
++++ serefpolicy-3.3.1/Rules.monolithic	2009-02-12 22:21:57.000000000 +0100
 @@ -96,7 +96,7 @@
  #
  # Load the binary policy
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 730ff99..6fd95d4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 121%{?dist}
+Release: 122%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,13 @@ exit 0
 %endif
 
 %changelog
+* Fri Feb 13 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-122
+- Fix mysql policy
+- Fix qemu policy
+- Fix nfs_selinux man page
+- Do transitions outside of the booleans
+- Add ftpd_connect_db boolean
+
 * Wed Feb 4 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-121
 - Add milter policy