diff --git a/policy-F13.patch b/policy-F13.patch
index 8d86409..519ed94 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -11606,7 +11606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.19/policy/modules/roles/sysadm.te
 --- nsaserefpolicy/policy/modules/roles/sysadm.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/sysadm.te	2010-06-16 12:29:00.917864530 +0200
++++ serefpolicy-3.7.19/policy/modules/roles/sysadm.te	2010-08-11 15:20:33.403085139 +0200
 @@ -28,17 +28,29 @@
  
  corecmd_exec_shell(sysadm_t)
@@ -11743,17 +11743,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	hostname_run(sysadm_t, sysadm_r)
-@@ -205,6 +236,9 @@
+@@ -205,6 +236,13 @@
  	ipsec_stream_connect(sysadm_t)
  	# for lsof
  	ipsec_getattr_key_sockets(sysadm_t)
 +	ipsec_run_setkey(sysadm_t, sysadm_r)
 +	ipsec_run_racoon(sysadm_t, sysadm_r)
 +	ipsec_stream_connect_racoon(sysadm_t)
++')
++
++optional_policy(`
++	ipsec_mgmt_dbus_chat(sysadm_t)
  ')
  
  optional_policy(`
-@@ -212,12 +246,22 @@
+@@ -212,12 +250,22 @@
  ')
  
  optional_policy(`
@@ -11776,7 +11780,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	kudzu_run(sysadm_t, sysadm_r)
-@@ -227,9 +271,11 @@
+@@ -227,9 +275,11 @@
  	libs_run_ldconfig(sysadm_t, sysadm_r)
  ')
  
@@ -11788,7 +11792,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	logrotate_run(sysadm_t, sysadm_r)
-@@ -252,8 +298,10 @@
+@@ -252,8 +302,10 @@
  
  optional_policy(`
  	mount_run(sysadm_t, sysadm_r)
@@ -11799,7 +11803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  optional_policy(`
  	mozilla_role(sysadm_r, sysadm_t)
  ')
-@@ -261,6 +309,7 @@
+@@ -261,6 +313,7 @@
  optional_policy(`
  	mplayer_role(sysadm_r, sysadm_t)
  ')
@@ -11807,7 +11811,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	mta_role(sysadm_r, sysadm_t)
-@@ -308,8 +357,14 @@
+@@ -308,8 +361,14 @@
  ')
  
  optional_policy(`
@@ -11822,7 +11826,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	quota_run(sysadm_t, sysadm_r)
-@@ -319,9 +374,11 @@
+@@ -319,9 +378,11 @@
  	raid_domtrans_mdadm(sysadm_t)
  ')
  
@@ -11834,7 +11838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	rpc_domtrans_nfsd(sysadm_t)
-@@ -331,9 +388,11 @@
+@@ -331,9 +392,11 @@
  	rpm_run(sysadm_t, sysadm_r)
  ')
  
@@ -11846,7 +11850,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	rsync_exec(sysadm_t)
-@@ -358,8 +417,14 @@
+@@ -358,8 +421,14 @@
  ')
  
  optional_policy(`
@@ -11861,7 +11865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	ssh_role_template(sysadm, sysadm_r, sysadm_t)
-@@ -382,9 +447,11 @@
+@@ -382,9 +451,11 @@
  	sysnet_run_dhcpc(sysadm_t, sysadm_r)
  ')
  
@@ -11873,7 +11877,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	tripwire_run_siggen(sysadm_t, sysadm_r)
-@@ -393,17 +460,21 @@
+@@ -393,17 +464,21 @@
  	tripwire_run_twprint(sysadm_t, sysadm_r)
  ')
  
@@ -11895,7 +11899,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	unconfined_domtrans(sysadm_t)
-@@ -417,9 +488,11 @@
+@@ -417,9 +492,11 @@
  	usbmodules_run(sysadm_t, sysadm_r)
  ')
  
@@ -11907,7 +11911,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
-@@ -427,9 +500,15 @@
+@@ -427,9 +504,15 @@
  	usermanage_run_useradd(sysadm_t, sysadm_r)
  ')
  
@@ -11923,7 +11927,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  
  optional_policy(`
  	vpn_run(sysadm_t, sysadm_r)
-@@ -440,13 +519,30 @@
+@@ -440,13 +523,30 @@
  ')
  
  optional_policy(`
@@ -12641,8 +12645,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te	2010-08-10 16:44:03.298084894 +0200
-@@ -0,0 +1,444 @@
++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te	2010-08-11 11:43:12.141085035 +0200
+@@ -0,0 +1,448 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -12910,6 +12914,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +		gnomeclock_dbus_chat(unconfined_usertype)
 +		gnome_dbus_chat_gconfdefault(unconfined_usertype)
 +	')
++	
++	optional_policy(`
++		ipsec_mgmt_dbus_chat(unconfined_usertype)
++	')
 +
 +	optional_policy(`
 +		kerneloops_dbus_chat(unconfined_usertype)
@@ -14841,7 +14849,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.19/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/apache.te	2010-08-10 17:36:26.308085089 +0200
++++ serefpolicy-3.7.19/policy/modules/services/apache.te	2010-08-11 13:56:26.586085235 +0200
 @@ -19,11 +19,13 @@
  # Declarations
  #
@@ -15130,7 +15138,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_ssi_exec',`
  	corecmd_shell_domtrans(httpd_t, httpd_sys_script_t)
  	allow httpd_sys_script_t httpd_t:fd use;
-@@ -514,6 +627,9 @@
+@@ -500,8 +613,11 @@
+ # are dontaudited here.
+ tunable_policy(`httpd_tty_comm',`
+ 	userdom_use_user_terminals(httpd_t)
++	userdom_use_user_terminals(httpd_suexec_t)
++
+ ',`
+ 	userdom_dontaudit_use_user_terminals(httpd_t)
++	userdom_dontaudit_use_user_terminals(httpd_suexec_t)
+ ')
+ 
+ optional_policy(`
+@@ -514,6 +630,9 @@
  
  optional_policy(`
  	cobbler_search_lib(httpd_t)
@@ -15140,7 +15160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -528,7 +644,7 @@
+@@ -528,7 +647,7 @@
  	daemontools_service_domain(httpd_t, httpd_exec_t)
  ')
  
@@ -15149,7 +15169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	dbus_system_bus_client(httpd_t)
  
  	tunable_policy(`httpd_dbus_avahi',`
-@@ -537,8 +653,12 @@
+@@ -537,8 +656,12 @@
  ')
  
  optional_policy(`
@@ -15163,7 +15183,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	')
  ')
  
-@@ -557,6 +677,7 @@
+@@ -557,6 +680,7 @@
  
  optional_policy(`
  	# Allow httpd to work with mysql
@@ -15171,7 +15191,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	mysql_stream_connect(httpd_t)
  	mysql_rw_db_sockets(httpd_t)
  
-@@ -567,6 +688,7 @@
+@@ -567,6 +691,7 @@
  
  optional_policy(`
  	nagios_read_config(httpd_t)
@@ -15179,7 +15199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -577,12 +699,23 @@
+@@ -577,12 +702,23 @@
  ')
  
  optional_policy(`
@@ -15203,7 +15223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	')
  ')
  
-@@ -591,6 +724,11 @@
+@@ -591,6 +727,11 @@
  ')
  
  optional_policy(`
@@ -15215,7 +15235,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -618,6 +756,10 @@
+@@ -618,6 +759,10 @@
  
  userdom_use_user_terminals(httpd_helper_t)
  
@@ -15226,7 +15246,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ########################################
  #
  # Apache PHP script local policy
-@@ -699,17 +841,18 @@
+@@ -699,17 +844,18 @@
  manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -15248,16 +15268,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -724,6 +867,8 @@
- miscfiles_read_localization(httpd_suexec_t)
- miscfiles_read_public_files(httpd_suexec_t)
- 
-+userdom_dontaudit_use_user_terminals(httpd_suexec_t)
-+
- tunable_policy(`httpd_can_network_connect',`
- 	allow httpd_suexec_t self:tcp_socket create_stream_socket_perms;
- 	allow httpd_suexec_t self:udp_socket create_socket_perms;
-@@ -740,10 +885,21 @@
+@@ -740,10 +886,21 @@
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
  ')
  
@@ -15280,7 +15291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -769,6 +925,12 @@
+@@ -769,6 +926,12 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -15293,7 +15304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ########################################
  #
  # Apache system script local policy
-@@ -792,9 +954,13 @@
+@@ -792,9 +955,13 @@
  files_search_var_lib(httpd_sys_script_t)
  files_search_spool(httpd_sys_script_t)
  
@@ -15307,7 +15318,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ifdef(`distro_redhat',`
  	allow httpd_sys_script_t httpd_log_t:file append_file_perms;
  ')
-@@ -803,6 +969,22 @@
+@@ -803,6 +970,22 @@
  	mta_send_mail(httpd_sys_script_t)
  ')
  
@@ -15330,7 +15341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
  	allow httpd_sys_script_t self:tcp_socket create_stream_socket_perms;
  	allow httpd_sys_script_t self:udp_socket create_socket_perms;
-@@ -830,6 +1012,16 @@
+@@ -830,6 +1013,16 @@
  	fs_read_nfs_symlinks(httpd_sys_script_t)
  ')
  
@@ -15347,7 +15358,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -842,6 +1034,7 @@
+@@ -842,6 +1035,7 @@
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -15355,7 +15366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -891,11 +1084,33 @@
+@@ -891,11 +1085,33 @@
  
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -15898,8 +15909,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.7.19/policy/modules/services/boinc.te
 --- nsaserefpolicy/policy/modules/services/boinc.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/boinc.te	2010-07-28 14:59:48.453071939 +0200
-@@ -0,0 +1,148 @@
++++ serefpolicy-3.7.19/policy/modules/services/boinc.te	2010-08-11 11:26:59.359084985 +0200
+@@ -0,0 +1,150 @@
 +
 +policy_module(boinc,1.0.0)
 +
@@ -16020,6 +16031,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
 +allow boinc_project_t self:process { ptrace setsched signal signull sigkill sigstop };
 +allow boinc_project_t self:process { execmem execstack };
 +
++allow boinc_project_t self:fifo_file rw_fifo_file_perms;
++
 +allow boinc_project_t boinc_project_var_lib_t:file entrypoint;
 +exec_files_pattern(boinc_project_t, boinc_project_var_lib_t,  boinc_project_var_lib_t)
 +manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t,  boinc_project_var_lib_t)
@@ -18815,7 +18828,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.19/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cups.te	2010-07-19 16:37:40.119151948 +0200
++++ serefpolicy-3.7.19/policy/modules/services/cups.te	2010-08-11 14:30:44.731085160 +0200
 @@ -16,6 +16,7 @@
  type cupsd_t;
  type cupsd_exec_t;
@@ -19044,7 +19057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  kernel_read_system_state(cups_pdf_t)
  
  files_read_etc_files(cups_pdf_t)
-@@ -554,15 +598,21 @@
+@@ -554,15 +598,22 @@
  
  miscfiles_read_localization(cups_pdf_t)
  miscfiles_read_fonts(cups_pdf_t)
@@ -19054,6 +19067,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +userdom_user_home_dir_filetrans_pattern(cups_pdf_t, { file dir })
  userdom_manage_user_home_content_dirs(cups_pdf_t)
  userdom_manage_user_home_content_files(cups_pdf_t)
++userdom_dontaudit_search_admin_dir(cups_pdf_t)
  
  lpd_manage_spool(cups_pdf_t)
  
@@ -19066,7 +19080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	fs_manage_nfs_dirs(cups_pdf_t)
  	fs_manage_nfs_files(cups_pdf_t)
  ')
-@@ -601,6 +651,9 @@
+@@ -601,6 +652,9 @@
  read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
  files_search_etc(hplip_t)
  
@@ -19076,7 +19090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
  files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file )
  
-@@ -627,6 +680,7 @@
+@@ -627,6 +681,7 @@
  corenet_tcp_connect_ipp_port(hplip_t)
  corenet_sendrecv_hplip_client_packets(hplip_t)
  corenet_receive_hplip_server_packets(hplip_t)
@@ -19084,7 +19098,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  dev_read_sysfs(hplip_t)
  dev_rw_printer(hplip_t)
-@@ -647,6 +701,8 @@
+@@ -647,6 +702,8 @@
  files_read_etc_files(hplip_t)
  files_read_etc_runtime_files(hplip_t)
  files_read_usr_files(hplip_t)
@@ -33950,7 +33964,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.19/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/xserver.te	2010-08-10 16:24:14.554085406 +0200
++++ serefpolicy-3.7.19/policy/modules/services/xserver.te	2010-08-11 15:18:48.297085092 +0200
 @@ -1,5 +1,5 @@
  
 -policy_module(xserver, 3.3.2)
@@ -34306,7 +34320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +fs_read_noxattr_fs_files(xdm_t)
 +fs_dontaudit_list_fusefs(xdm_t)
 +fs_manage_cgroup_dirs(xdm_t)
-+fs_rw_cgroup_files(xdm_t)
++fs_manage_cgroup_files(xdm_t)
 +
 +manage_files_pattern(xdm_t, user_fonts_t, user_fonts_t)
 +
@@ -35309,7 +35323,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.7.19/policy/modules/system/hotplug.te
 --- nsaserefpolicy/policy/modules/system/hotplug.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/hotplug.te	2010-06-16 22:36:40.831110052 +0200
++++ serefpolicy-3.7.19/policy/modules/system/hotplug.te	2010-08-11 15:18:19.642089570 +0200
 @@ -24,7 +24,7 @@
  #
  
@@ -35319,6 +35333,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
  # for access("/etc/bashrc", X_OK) on Red Hat
  dontaudit hotplug_t self:capability { dac_override dac_read_search };
  allow hotplug_t self:process { setpgid getsession getattr signal_perms };
+@@ -47,7 +47,7 @@
+ kernel_setpgid(hotplug_t)
+ kernel_read_system_state(hotplug_t)
+ kernel_read_kernel_sysctls(hotplug_t)
+-kernel_read_net_sysctls(hotplug_t)
++kernel_rw_net_sysctls(hotplug_t)
+ 
+ files_read_kernel_modules(hotplug_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.19/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2010-04-13 20:44:37.000000000 +0200
 +++ serefpolicy-3.7.19/policy/modules/system/init.fc	2010-05-28 09:42:00.214610824 +0200
@@ -36120,7 +36143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  /var/run/pluto(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.7.19/policy/modules/system/ipsec.if
 --- nsaserefpolicy/policy/modules/system/ipsec.if	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/ipsec.if	2010-07-01 15:59:17.968602268 +0200
++++ serefpolicy-3.7.19/policy/modules/system/ipsec.if	2010-08-11 11:42:38.707085427 +0200
 @@ -18,6 +18,24 @@
  	domtrans_pattern($1, ipsec_exec_t, ipsec_t)
  ')
@@ -36146,7 +36169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  ########################################
  ## <summary>
  ##	Connect to IPSEC using a unix domain stream socket.
-@@ -273,3 +291,57 @@
+@@ -273,3 +291,78 @@
  	ipsec_domtrans_setkey($1)
  	role $2 types setkey_t;
  ')
@@ -36204,6 +36227,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
 +
 +    allow $1 ipsec_mgmt_t:process signull;
 +')
++
++#######################################
++## <summary>
++##      Send and receive messages from
++##      ipsec-mgmt over dbus.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`ipsec_mgmt_dbus_chat',`
++        gen_require(`
++                type ipsec_mgmt_t;
++                class dbus send_msg;
++        ')
++
++        allow $1 ipsec_mgmt_t:dbus send_msg;
++        allow ipsec_mgmt_t $1:dbus send_msg;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.19/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2010-04-13 20:44:37.000000000 +0200
 +++ serefpolicy-3.7.19/policy/modules/system/ipsec.te	2010-08-10 17:44:19.793085351 +0200
@@ -36535,9 +36579,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  domain_dontaudit_read_all_domains_state(iscsid_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.7.19/policy/modules/system/kdump.te
 --- nsaserefpolicy/policy/modules/system/kdump.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/kdump.te	2010-08-04 15:02:29.137102846 +0200
-@@ -30,6 +30,7 @@
++++ serefpolicy-3.7.19/policy/modules/system/kdump.te	2010-08-11 11:35:47.007335356 +0200
+@@ -28,8 +28,10 @@
+ files_read_etc_runtime_files(kdump_t)
+ files_read_kernel_img(kdump_t)
  
++kernel_read_debugfs(kdump_t) 
  kernel_read_system_state(kdump_t)
  kernel_read_core_if(kdump_t)
 +kernel_request_load_module(kdump_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index bf0b38f..a5f8bbf 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 45%{?dist}
+Release: 46%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,10 @@ exit 0
 %endif
 
 %changelog
+* Wed Aug 11 2010 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-46
+- Allow ipsec-mgmt to dbus chat with unconfined
+- Fixes for boinc policy
+
 * Tue Aug 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-45
 - Fixes for cgroup policy
 - Fixes for ncftool policy