diff --git a/modules-minimum.conf b/modules-minimum.conf
index 28ad58f..cd6fd42 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -505,6 +505,13 @@ hal = module
#
polkit = module
+# Layer: apps
+# Module: ptchown
+#
+# helper function for grantpt(3), changes ownship and permissions of pseudotty
+#
+ptchown = module
+
# Layer: services
# Module: psad
#
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 152f015..d91ca9b 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -519,6 +519,13 @@ hal = module
#
polkit = module
+# Layer: apps
+# Module: ptchown
+#
+# helper function for grantpt(3), changes ownship and permissions of pseudotty
+#
+ptchown = module
+
# Layer: services
# Module: psad
#
diff --git a/policy-20080710.patch b/policy-20080710.patch
index 9013b0f..1f9f40e 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -5403,6 +5403,80 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut
miscfiles_read_localization(podsleuth_t)
dbus_system_bus_client_template(podsleuth, podsleuth_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.fc serefpolicy-3.5.13/policy/modules/apps/ptchown.fc
+--- nsaserefpolicy/policy/modules/apps/ptchown.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/apps/ptchown.fc 2009-08-14 14:12:49.000000000 +0200
+@@ -0,0 +1,2 @@
++
++/usr/libexec/pt_chown -- gen_context(system_u:object_r:ptchown_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.if serefpolicy-3.5.13/policy/modules/apps/ptchown.if
+--- nsaserefpolicy/policy/modules/apps/ptchown.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/apps/ptchown.if 2009-08-14 14:12:49.000000000 +0200
+@@ -0,0 +1,22 @@
++
++## helper function for grantpt(3), changes ownship and permissions of pseudotty
++
++########################################
++##
++## Execute a domain transition to run ptchown.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++#
++interface(`ptchown_domtrans',`
++ gen_require(`
++ type ptchown_t;
++ type ptchown_exec_t;
++ ')
++
++ domtrans_pattern($1,ptchown_exec_t,ptchown_t)
++')
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.te serefpolicy-3.5.13/policy/modules/apps/ptchown.te
+--- nsaserefpolicy/policy/modules/apps/ptchown.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/apps/ptchown.te 2009-08-14 14:13:12.000000000 +0200
+@@ -0,0 +1,38 @@
++policy_module(ptchown,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type ptchown_t;
++type ptchown_exec_t;
++application_domain(ptchown_t, ptchown_exec_t)
++role system_r types ptchown_t;
++
++permissive ptchown_t;
++
++########################################
++#
++# ptchown local policy
++#
++
++allow ptchown_t self:capability { fowner chown setuid };
++allow ptchown_t self:process { getcap setcap };
++
++# Init script handling
++domain_use_interactive_fds(ptchown_t)
++
++# internal communication is often done using fifo and unix sockets.
++allow ptchown_t self:fifo_file rw_file_perms;
++allow ptchown_t self:unix_stream_socket create_stream_socket_perms;
++
++files_read_etc_files(ptchown_t)
++
++fs_rw_anon_inodefs_files(ptchown_t)
++
++term_use_generic_ptys(ptchown_t)
++term_setattr_generic_ptys(ptchown_t)
++term_setattr_all_user_ptys(ptchown_t)
++
++miscfiles_read_localization(ptchown_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.5.13/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2008-10-17 14:49:14.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/apps/qemu.fc 2009-02-25 19:55:15.000000000 +0100
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 25f4cdd..bddd661 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 68%{?dist}
+Release: 69%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -462,6 +462,9 @@ exit 0
%endif
%changelog
+* Fri Aug 14 2009 Miroslav Grepl 3.5.13-69
+- Add ptchown policy from Dan Walsh
+
* Fri Jul 31 2009 Miroslav Grepl 3.5.13-68
- Allow lircd read/write input event devices