diff --git a/policy-F13.patch b/policy-F13.patch
index 8c91688..974dac2 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -5901,7 +5901,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.10/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/devices.if	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/devices.if	2010-02-23 10:03:39.000000000 -0500
 @@ -436,6 +436,24 @@
  
  ########################################
@@ -6680,7 +6680,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.10/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/files.if	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/files.if	2010-02-23 12:00:47.000000000 -0500
 @@ -932,10 +932,8 @@
  	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
  	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -7911,8 +7911,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  # nfs_t is the default type for NFS file systems
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.10/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/kernel.if	2010-02-22 09:09:07.000000000 -0500
-@@ -1849,7 +1849,7 @@
++++ serefpolicy-3.7.10/policy/modules/kernel/kernel.if	2010-02-23 11:33:11.000000000 -0500
+@@ -144,6 +144,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Send a kill signal to kernel threads.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process sending the signal.
++##	</summary>
++## </param>
++#
++interface(`kernel_kill',`
++	gen_require(`
++		type kernel_t;
++	')
++
++	allow $1 kernel_t:process sigkill;
++')
++
++########################################
++## <summary>
+ ##	Send a generic signal to kernel threads.
+ ## </summary>
+ ## <param name="domain">
+@@ -1849,7 +1867,7 @@
  	')
  
  	dontaudit $1 sysctl_type:dir list_dir_perms;
@@ -7921,7 +7946,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ')
  
  ########################################
-@@ -1920,6 +1920,25 @@
+@@ -1920,6 +1938,25 @@
  
  ########################################
  ## <summary>
@@ -7947,7 +7972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ##	Send general signals to unlabeled processes.
  ## </summary>
  ## <param name="domain">
-@@ -2663,6 +2682,24 @@
+@@ -2663,6 +2700,24 @@
  
  ########################################
  ## <summary>
@@ -7972,7 +7997,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ##	Unconfined access to kernel module resources.
  ## </summary>
  ## <param name="domain">
-@@ -2678,3 +2715,22 @@
+@@ -2678,3 +2733,22 @@
  
  	typeattribute $1 kern_unconfined;
  ')
@@ -8161,7 +8186,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.10/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/terminal.if	2010-02-22 15:15:22.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/terminal.if	2010-02-23 12:04:44.000000000 -0500
 @@ -241,25 +241,6 @@
  
  ########################################
@@ -11750,7 +11775,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.10/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/apache.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/apache.te	2010-02-23 08:50:35.000000000 -0500
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -12279,15 +12304,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	')
  ')
  
-@@ -512,6 +698,7 @@
+@@ -512,6 +698,11 @@
  ')
  
  optional_policy(`
++	smokeping_getattr_lib_files(httpd_t)
++')
++
++optional_policy(`
 +	files_dontaudit_rw_usr_dirs(httpd_t)
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -539,6 +726,23 @@
+@@ -539,6 +730,23 @@
  
  userdom_use_user_terminals(httpd_helper_t)
  
@@ -12311,7 +12340,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ########################################
  #
  # Apache PHP script local policy
-@@ -568,20 +772,25 @@
+@@ -568,20 +776,25 @@
  
  fs_search_auto_mountpoints(httpd_php_t)
  
@@ -12343,7 +12372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -599,23 +808,24 @@
+@@ -599,23 +812,24 @@
  append_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
  read_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
  
@@ -12372,7 +12401,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -628,6 +838,7 @@
+@@ -628,6 +842,7 @@
  logging_send_syslog_msg(httpd_suexec_t)
  
  miscfiles_read_localization(httpd_suexec_t)
@@ -12380,7 +12409,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  tunable_policy(`httpd_can_network_connect',`
  	allow httpd_suexec_t self:tcp_socket create_stream_socket_perms;
-@@ -635,22 +846,31 @@
+@@ -635,22 +850,31 @@
  
  	corenet_all_recvfrom_unlabeled(httpd_suexec_t)
  	corenet_all_recvfrom_netlabel(httpd_suexec_t)
@@ -12419,7 +12448,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -676,16 +896,16 @@
+@@ -676,16 +900,16 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -12440,7 +12469,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
  
-@@ -700,15 +920,29 @@
+@@ -700,15 +924,29 @@
  files_search_var_lib(httpd_sys_script_t)
  files_search_spool(httpd_sys_script_t)
  
@@ -12472,7 +12501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -716,6 +950,35 @@
+@@ -716,6 +954,35 @@
  	fs_read_nfs_symlinks(httpd_sys_script_t)
  ')
  
@@ -12508,7 +12537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -728,6 +991,10 @@
+@@ -728,6 +995,10 @@
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -12519,7 +12548,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -739,6 +1006,8 @@
+@@ -739,6 +1010,8 @@
  # httpd_rotatelogs local policy
  #
  
@@ -12528,7 +12557,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
  
  kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-@@ -758,11 +1027,88 @@
+@@ -758,11 +1031,88 @@
  
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -12548,7 +12577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	userdom_search_user_home_content(httpd_t)
 +	userdom_search_user_home_content(httpd_suexec_t)
 +	userdom_search_user_home_content(httpd_user_script_t)
-+')
+ ')
 +
 +tunable_policy(`httpd_read_user_content',`
 +	userdom_read_user_home_content_files(httpd_user_script_t)
@@ -12598,7 +12627,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +optional_policy(`
 +	mysql_search_db(httpd_bugzilla_script_t)
 +	mysql_stream_connect(httpd_bugzilla_script_t)
- ')
++')
 +
 +optional_policy(`
 +	postgresql_stream_connect(httpd_bugzilla_script_t)
@@ -14918,8 +14947,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  dev_rw_printer(hplip_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.10/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/cvs.te	2010-02-22 09:09:07.000000000 -0500
-@@ -112,4 +112,5 @@
++++ serefpolicy-3.7.10/policy/modules/services/cvs.te	2010-02-23 09:16:44.000000000 -0500
+@@ -93,6 +93,7 @@
+ auth_can_read_shadow_passwords(cvs_t)
+ tunable_policy(`allow_cvs_read_shadow',`
+ 	auth_tunable_read_shadow(cvs_t)
++	allow cvs_t self:capability dac_override;
+ ')
+ 
+ optional_policy(`
+@@ -112,4 +113,5 @@
  	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
  	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
  	manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -22046,8 +22083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +/var/run/cluster/rgmanager\.sk        -s      gen_context(system_u:object_r:rgmanager_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.10/policy/modules/services/rgmanager.if
 --- nsaserefpolicy/policy/modules/services/rgmanager.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/rgmanager.if	2010-02-22 09:09:07.000000000 -0500
-@@ -0,0 +1,78 @@
++++ serefpolicy-3.7.10/policy/modules/services/rgmanager.if	2010-02-23 11:44:01.000000000 -0500
+@@ -0,0 +1,98 @@
 +## <summary>SELinux policy for rgmanager</summary>
 +
 +#######################################
@@ -22126,10 +22163,30 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +	manage_files_pattern($1, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
 +    manage_lnk_files_pattern($1, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
 +')
++
++######################################
++## <summary>
++##      Allow manage rgmanager tmp files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      The type of the process performing this action.
++##      </summary>
++## </param>
++#
++interface(`rgmanager_manage_tmp_files',`
++    gen_require(`
++        type rgmanager_tmp_t;
++    ')
++
++    fs_search_tmp($1)
++    manage_files_pattern($1, rgmanager_tmp_t, rgmanager_tmp_t)
++    manage_lnk_files_pattern($1, rgmanager_tmp_t, rgmanager_tmp_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.10/policy/modules/services/rgmanager.te
 --- nsaserefpolicy/policy/modules/services/rgmanager.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/rgmanager.te	2010-02-22 09:09:07.000000000 -0500
-@@ -0,0 +1,217 @@
++++ serefpolicy-3.7.10/policy/modules/services/rgmanager.te	2010-02-23 12:00:52.000000000 -0500
+@@ -0,0 +1,224 @@
 +
 +policy_module(rgmanager,1.0.0)
 +
@@ -22170,7 +22227,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +# rgmanager local policy
 +#
 +
-+allow rgmanager_t self:capability { sys_nice ipc_lock };
++allow rgmanager_t self:capability { dac_override sys_resource sys_nice ipc_lock };
 +dontaudit rgmanager_t self:capability { sys_ptrace };
 +allow rgmanager_t self:process { setsched signal };
 +dontaudit rgmanager_t self:process { ptrace };
@@ -22203,6 +22260,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +corecmd_exec_shell(rgmanager_t)
 +consoletype_exec(rgmanager_t)
 +
++kernel_kill(rgmanager_t)
 +kernel_read_kernel_sysctls(rgmanager_t)
 +kernel_read_rpc_sysctls(rgmanager_t)
 +kernel_read_system_state(rgmanager_t)
@@ -22229,6 +22287,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +
 +files_list_all(rgmanager_t)
 +files_getattr_all_symlinks(rgmanager_t)
++files_manage_mnt_dirs(rgmanager_t)
++files_manage_isid_type_dirs(rgmanager_t)
 +
 +files_create_var_run_dirs(rgmanager_t)
 +
@@ -22319,7 +22379,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +
 +	rpc_domtrans_nfsd(rgmanager_t)
 +	rpc_domtrans_rpcd(rgmanager_t)
-+       rpc_manage_nfs_state_data(rgmanager_t)
++	rpc_manage_nfs_state_data(rgmanager_t)
 +')
 +
 +optional_policy(`
@@ -22345,6 +22405,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
 +')
 +
 +optional_policy(`
++       unconfined_domain(rgmanager_t)
++')
++
++optional_policy(`
 +	xen_domtrans_xm(rgmanager_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.10/policy/modules/services/rhcs.fc
@@ -23164,7 +23228,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.10/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/rpc.if	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/rpc.if	2010-02-23 11:58:19.000000000 -0500
 @@ -54,7 +54,7 @@
  	allow $1_t self:unix_dgram_socket create_socket_perms;
  	allow $1_t self:unix_stream_socket create_stream_socket_perms;
@@ -23252,9 +23316,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  ########################################
  ## <summary>
  ##	Read NFS exported content.
+@@ -373,4 +414,5 @@
+ 
+ 	files_search_var_lib($1)
+ 	manage_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
++	allow $1 var_lib_nfs_t:file { relabelfrom relabelto };
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.10/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/rpc.te	2010-02-22 15:33:53.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/rpc.te	2010-02-23 11:44:59.000000000 -0500
 @@ -8,7 +8,7 @@
  
  ## <desc>
@@ -23304,7 +23374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  files_manage_mounttab(rpcd_t)
  files_getattr_all_dirs(rpcd_t)
  
-@@ -91,14 +100,22 @@
+@@ -91,14 +100,26 @@
  
  seutil_dontaudit_search_config(rpcd_t)
  
@@ -23314,6 +23384,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  optional_policy(`
  	automount_signal(rpcd_t)
 +	automount_dontaudit_write_pipes(rpcd_t)
++')
++
++optional_policy(`
++	domain_unconfined_signal(rpcd_t)
  ')
  
  optional_policy(`
@@ -23321,13 +23395,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  ')
  
 +optional_policy(`
-+	domain_unconfined_signal(rpcd_t)
++	rgmanager_manage_tmp_files(rpcd_t)
 +')
 +
  ########################################
  #
  # NFSD local policy
-@@ -127,6 +144,7 @@
+@@ -127,6 +148,7 @@
  files_getattr_tmp_dirs(nfsd_t) 
  # cjp: this should really have its own type
  files_manage_mounttab(nfsd_t)
@@ -23335,7 +23409,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  fs_mount_nfsd_fs(nfsd_t) 
  fs_search_nfsd_fs(nfsd_t) 
-@@ -135,6 +153,7 @@
+@@ -135,6 +157,7 @@
  fs_rw_nfsd_fs(nfsd_t) 
  
  storage_dontaudit_read_fixed_disk(nfsd_t)
@@ -23343,7 +23417,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  # Read access to public_content_t and public_content_rw_t
  miscfiles_read_public_files(nfsd_t)
-@@ -151,6 +170,7 @@
+@@ -151,6 +174,7 @@
  	fs_read_noxattr_fs_files(nfsd_t) 
  	auth_manage_all_files_except_shadow(nfsd_t)
  ')
@@ -23351,7 +23425,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  tunable_policy(`nfs_export_all_ro',`
  	dev_getattr_all_blk_files(nfsd_t)
-@@ -182,6 +202,7 @@
+@@ -182,6 +206,7 @@
  kernel_read_network_state(gssd_t)
  kernel_read_network_state_symlinks(gssd_t)	
  kernel_search_network_sysctl(gssd_t)	
@@ -23359,7 +23433,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  corecmd_exec_bin(gssd_t)
  
-@@ -189,8 +210,10 @@
+@@ -189,8 +214,10 @@
  fs_rw_rpc_sockets(gssd_t) 
  fs_read_rpc_files(gssd_t) 
  
@@ -23370,7 +23444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  auth_use_nsswitch(gssd_t)
  auth_manage_cache(gssd_t) 
-@@ -199,10 +222,14 @@
+@@ -199,10 +226,14 @@
  
  mount_signal(gssd_t)
  
@@ -24529,19 +24603,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.fc serefpolicy-3.7.10/policy/modules/services/smokeping.fc
 --- nsaserefpolicy/policy/modules/services/smokeping.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/smokeping.fc	2010-02-22 10:00:18.000000000 -0500
-@@ -0,0 +1,7 @@
++++ serefpolicy-3.7.10/policy/modules/services/smokeping.fc	2010-02-23 08:50:35.000000000 -0500
+@@ -0,0 +1,12 @@
++
 +/etc/rc\.d/init\.d/smokeping	--	gen_context(system_u:object_r:smokeping_initrc_exec_t,s0)
 +
++/usr/sbin/smokeping				--	gen_context(system_u:object_r:smokeping_exec_t,s0)
++
++/usr/share/smokeping/cgi(/.*)?		gen_context(system_u:object_r:httpd_smokeping_cgi_script_exec_t,s0)
++
 +/var/lib/smokeping(/.*)?			gen_context(system_u:object_r:smokeping_var_lib_t,s0)
 +
 +/var/run/smokeping(/.*)?			gen_context(system_u:object_r:smokeping_var_run_t,s0)
 +
-+/usr/sbin/smokeping	--	gen_context(system_u:object_r:smokeping_exec_t,s0)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.if serefpolicy-3.7.10/policy/modules/services/smokeping.if
 --- nsaserefpolicy/policy/modules/services/smokeping.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/smokeping.if	2010-02-22 10:00:18.000000000 -0500
-@@ -0,0 +1,200 @@
++++ serefpolicy-3.7.10/policy/modules/services/smokeping.if	2010-02-23 08:50:35.000000000 -0500
+@@ -0,0 +1,193 @@
 +
 +## <summary>policy for smokeping</summary>
 +
@@ -24632,12 +24711,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +##	</summary>
 +## </param>
 +#
-+interface(`smokeping_search_lib',`
++interface(`smokeping_getattr_lib_files',`
 +	gen_require(`
 +		type smokeping_var_lib_t;
 +	')
 +
-+	allow $1 smokeping_var_lib_t:dir search_dir_perms;
++	getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
 +	files_search_var_lib($1)
 +')
 +
@@ -24657,7 +24736,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +	')
 +
 +	files_search_var_lib($1)
-+        read_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
++	read_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
 +')
 +
 +########################################
@@ -24677,7 +24756,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +	')
 +
 +	files_search_var_lib($1)
-+        manage_files_pattern($1, smokeping_var_lib_t,  smokeping_var_lib_t)
++    manage_files_pattern($1, smokeping_var_lib_t,  smokeping_var_lib_t)
 +')
 +
 +########################################
@@ -24700,7 +24779,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +         manage_lnk_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
 +')
 +
-+
 +########################################
 +## <summary>
 +##	All of the rules required to administrate 
@@ -24720,18 +24798,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +#
 +interface(`smokeping_admin',`
 +	gen_require(`
-+		type smokeping_t;
++		type smokeping_t, smokeping_initrc_exec_t;
 +	')
 +
 +	allow $1 smokeping_t:process { ptrace signal_perms getattr };
 +	read_files_pattern($1, smokeping_t, smokeping_t)
-+	        
 +
-+	gen_require(`
-+		type smokeping_initrc_exec_t;
-+	')
-+
-+	# Allow smokeping_t to restart the apache service
 +	smokeping_initrc_domtrans($1)
 +	domain_system_change_exemption($1)
 +	role_transition $2 smokeping_initrc_exec_t system_r;
@@ -24744,8 +24816,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.7.10/policy/modules/services/smokeping.te
 --- nsaserefpolicy/policy/modules/services/smokeping.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/smokeping.te	2010-02-22 10:00:18.000000000 -0500
-@@ -0,0 +1,57 @@
++++ serefpolicy-3.7.10/policy/modules/services/smokeping.te	2010-02-23 08:50:35.000000000 -0500
+@@ -0,0 +1,81 @@
++
 +policy_module(smokeping,1.0.0)
 +
 +########################################
@@ -24773,14 +24846,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +# smokeping local policy
 +#
 +
++# to read /etc/shadow
++allow smokeping_t self:capability dac_override;
 +
-+# Init script handling
-+domain_use_interactive_fds(smokeping_t)
-+
-+# internal communication is often done using fifo and unix sockets.
 +allow smokeping_t self:fifo_file rw_fifo_file_perms;
++allow smokeping_t self:udp_socket create_socket_perms;
 +allow smokeping_t self:unix_stream_socket create_stream_socket_perms;
 +
++manage_dirs_pattern(smokeping_t, smokeping_var_run_t,  smokeping_var_run_t)
++manage_files_pattern(smokeping_t, smokeping_var_run_t,  smokeping_var_run_t)
++files_pid_filetrans(smokeping_t, smokeping_var_run_t, { file dir })
++
++manage_dirs_pattern(smokeping_t, smokeping_var_lib_t,  smokeping_var_lib_t)
++manage_files_pattern(smokeping_t, smokeping_var_lib_t,  smokeping_var_lib_t)
++files_var_lib_filetrans(smokeping_t, smokeping_var_lib_t, { file dir } )
++
++corecmd_read_bin_symlinks(smokeping_t)
++
++dev_read_urand(smokeping_t)
++
 +files_read_etc_files(smokeping_t)
 +files_read_usr_files(smokeping_t)
 +files_search_tmp(smokeping_t)
@@ -24796,13 +24880,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
 +
 +netutils_domtrans_ping(smokeping_t)
 +
-+manage_dirs_pattern(smokeping_t, smokeping_var_run_t,  smokeping_var_run_t)
-+manage_files_pattern(smokeping_t, smokeping_var_run_t,  smokeping_var_run_t)
-+files_pid_filetrans(smokeping_t, smokeping_var_run_t, { file dir })
++#######################################
++#
++# local policy for smokeping cgi scripts
++#
 +
-+manage_dirs_pattern(smokeping_t, smokeping_var_lib_t,  smokeping_var_lib_t)
-+manage_files_pattern(smokeping_t, smokeping_var_lib_t,  smokeping_var_lib_t)
-+files_var_lib_filetrans(smokeping_t, smokeping_var_lib_t, { file dir } )
++optional_policy(`
++    apache_content_template(smokeping_cgi)
++	
++	allow httpd_smokeping_cgi_script_t self:udp_socket create_socket_perms;
++
++	manage_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
++
++	getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)
++
++	files_search_tmp(httpd_smokeping_cgi_script_t)
++	files_search_var_lib(httpd_smokeping_cgi_script_t)
++
++	sysnet_dns_name_resolve(httpd_smokeping_cgi_script_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.7.10/policy/modules/services/snmp.if
 --- nsaserefpolicy/policy/modules/services/snmp.if	2010-01-07 14:53:53.000000000 -0500
 +++ serefpolicy-3.7.10/policy/modules/services/snmp.if	2010-02-22 09:09:07.000000000 -0500
@@ -25390,7 +25486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:home_ssh_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.10/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/ssh.if	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/ssh.if	2010-02-23 09:20:48.000000000 -0500
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -25451,7 +25547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  	files_pid_file($1_var_run_t)
  
 -	allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
-+	allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
++	allow $1_t self:capability { kill sys_chroot sys_nice sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
  	allow $1_t self:fifo_file rw_fifo_file_perms;
 -	allow $1_t self:process { signal getsched setsched setrlimit setexec setkeycreate };
 +	allow $1_t self:process { signal getsched setsched setrlimit setexec };
@@ -25560,7 +25656,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  ##	Delete from the ssh temp files.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.10/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/ssh.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/ssh.te	2010-02-23 13:28:02.000000000 -0500
 @@ -1,5 +1,5 @@
  
 -policy_module(ssh, 2.1.2)
@@ -25620,11 +25716,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  manage_dirs_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
  manage_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
  manage_sock_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
-@@ -291,23 +299,30 @@
- kernel_link_key(sshd_t)
+@@ -292,22 +300,30 @@
  
  term_use_all_ptys(sshd_t)
--term_setattr_all_ptys(sshd_t)
+ term_setattr_all_ptys(sshd_t)
 +term_setattr_all_ttys(sshd_t)
  term_relabelto_all_ptys(sshd_t)
  
@@ -25656,7 +25751,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  ')
  
  optional_policy(`
-@@ -315,7 +330,12 @@
+@@ -315,7 +331,12 @@
  ')
  
  optional_policy(`
@@ -25670,7 +25765,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  ')
  
  optional_policy(`
-@@ -323,6 +343,10 @@
+@@ -323,6 +344,10 @@
  ')
  
  optional_policy(`
@@ -25681,7 +25776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  	rpm_use_script_fds(sshd_t)
  ')
  
-@@ -333,10 +357,18 @@
+@@ -333,10 +358,18 @@
  ')
  
  optional_policy(`
@@ -27356,7 +27451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.10/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/xserver.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/xserver.te	2010-02-23 13:27:45.000000000 -0500
 @@ -36,6 +36,13 @@
  
  ## <desc>
@@ -27786,7 +27881,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  storage_dontaudit_read_fixed_disk(xdm_t)
  storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -447,6 +571,7 @@
+@@ -447,14 +571,17 @@
  storage_dontaudit_raw_write_removable_device(xdm_t)
  storage_dontaudit_setattr_removable_dev(xdm_t)
  storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -27794,7 +27889,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  term_setattr_console(xdm_t)
  term_use_unallocated_ttys(xdm_t)
-@@ -455,6 +580,7 @@
+ term_setattr_unallocated_ttys(xdm_t)
++term_relabel_all_ttys(xdm_t)
+ 
  auth_domtrans_pam_console(xdm_t)
  auth_manage_pam_pid(xdm_t)
  auth_manage_pam_console_data(xdm_t)
@@ -27802,7 +27899,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  auth_rw_faillog(xdm_t)
  auth_write_login_records(xdm_t)
  
-@@ -465,10 +591,12 @@
+@@ -465,10 +592,12 @@
  
  logging_read_generic_logs(xdm_t)
  
@@ -27817,7 +27914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  userdom_dontaudit_use_unpriv_user_fds(xdm_t)
  userdom_create_all_users_keys(xdm_t)
-@@ -477,6 +605,11 @@
+@@ -477,6 +606,11 @@
  # Search /proc for any user domain processes.
  userdom_read_all_users_state(xdm_t)
  userdom_signal_all_users(xdm_t)
@@ -27829,7 +27926,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  xserver_rw_session(xdm_t, xdm_tmpfs_t)
  xserver_unconfined(xdm_t)
-@@ -509,10 +642,12 @@
+@@ -509,10 +643,12 @@
  
  optional_policy(`
  	alsa_domtrans(xdm_t)
@@ -27842,7 +27939,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  optional_policy(`
-@@ -520,12 +655,49 @@
+@@ -520,12 +656,49 @@
  ')
  
  optional_policy(`
@@ -27892,7 +27989,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	hostname_exec(xdm_t)
  ')
  
-@@ -543,9 +715,43 @@
+@@ -543,9 +716,43 @@
  ')
  
  optional_policy(`
@@ -27936,7 +28033,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  optional_policy(`
  	seutil_sigchld_newrole(xdm_t)
  ')
-@@ -555,8 +761,9 @@
+@@ -555,8 +762,9 @@
  ')
  
  optional_policy(`
@@ -27948,7 +28045,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	ifndef(`distro_redhat',`
  		allow xdm_t self:process { execheap execmem };
-@@ -565,7 +772,6 @@
+@@ -565,7 +773,6 @@
  	ifdef(`distro_rhel4',`
  		allow xdm_t self:process { execheap execmem };
  	')
@@ -27956,7 +28053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  optional_policy(`
  	userhelper_dontaudit_search_config(xdm_t)
-@@ -576,6 +782,10 @@
+@@ -576,6 +783,10 @@
  ')
  
  optional_policy(`
@@ -27967,7 +28064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	xfs_stream_connect(xdm_t)
  ')
  
-@@ -600,10 +810,9 @@
+@@ -600,10 +811,9 @@
  # execheap needed until the X module loader is fixed.
  # NVIDIA Needs execstack
  
@@ -27979,7 +28076,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  allow xserver_t self:fd use;
  allow xserver_t self:fifo_file rw_fifo_file_perms;
  allow xserver_t self:sock_file read_sock_file_perms;
-@@ -615,6 +824,18 @@
+@@ -615,6 +825,18 @@
  allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
  allow xserver_t self:tcp_socket create_stream_socket_perms;
  allow xserver_t self:udp_socket create_socket_perms;
@@ -27998,7 +28095,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
  manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-@@ -634,12 +855,19 @@
+@@ -634,12 +856,19 @@
  manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
  files_search_var_lib(xserver_t)
  
@@ -28020,7 +28117,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  kernel_read_system_state(xserver_t)
  kernel_read_device_sysctls(xserver_t)
-@@ -673,7 +901,6 @@
+@@ -673,7 +902,6 @@
  dev_rw_agp(xserver_t)
  dev_rw_framebuffer(xserver_t)
  dev_manage_dri_dev(xserver_t)
@@ -28028,7 +28125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  dev_create_generic_dirs(xserver_t)
  dev_setattr_generic_dirs(xserver_t)
  # raw memory access is needed if not using the frame buffer
-@@ -683,9 +910,12 @@
+@@ -683,9 +911,12 @@
  dev_rw_xserver_misc(xserver_t)
  # read events - the synaptics touchpad driver reads raw events
  dev_rw_input_dev(xserver_t)
@@ -28042,7 +28139,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  files_read_etc_files(xserver_t)
  files_read_etc_runtime_files(xserver_t)
-@@ -700,8 +930,12 @@
+@@ -700,8 +931,12 @@
  fs_search_nfs(xserver_t)
  fs_search_auto_mountpoints(xserver_t)
  fs_search_ramfs(xserver_t)
@@ -28055,7 +28152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  selinux_validate_context(xserver_t)
  selinux_compute_access_vector(xserver_t)
-@@ -723,6 +957,7 @@
+@@ -723,6 +958,7 @@
  
  miscfiles_read_localization(xserver_t)
  miscfiles_read_fonts(xserver_t)
@@ -28063,7 +28160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  modutils_domtrans_insmod(xserver_t)
  
-@@ -779,12 +1014,20 @@
+@@ -779,12 +1015,20 @@
  ')
  
  optional_policy(`
@@ -28085,7 +28182,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	unconfined_domtrans(xserver_t)
  ')
  
-@@ -811,7 +1054,7 @@
+@@ -811,7 +1055,7 @@
  allow xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xserver_t xdm_var_lib_t:dir search;
  
@@ -28094,7 +28191,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -832,9 +1075,14 @@
+@@ -832,9 +1076,14 @@
  # to read ROLE_home_t - examine this in more detail
  # (xauth?)
  userdom_read_user_home_content_files(xserver_t)
@@ -28109,7 +28206,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  tunable_policy(`use_nfs_home_dirs',`
  	fs_manage_nfs_dirs(xserver_t)
  	fs_manage_nfs_files(xserver_t)
-@@ -849,11 +1097,14 @@
+@@ -849,11 +1098,14 @@
  
  optional_policy(`
  	dbus_system_bus_client(xserver_t)
@@ -28126,7 +28223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  optional_policy(`
-@@ -999,3 +1250,33 @@
+@@ -999,3 +1251,33 @@
  allow xserver_unconfined_type xextension_type:x_extension *;
  allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
  allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
@@ -28766,7 +28863,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
  daemontools_manage_svc(svc_start_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.10/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/system/fstools.fc	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/fstools.fc	2010-02-23 11:47:23.000000000 -0500
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -28784,6 +28881,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  /sbin/parted		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partprobe		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+@@ -40,6 +39,7 @@
+ /usr/bin/scsi_unique_id	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/bin/syslinux	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+ 
++/usr/sbin/clubufflush	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/smartctl	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+ 
+ /var/log/fsck(/.*)?		gen_context(system_u:object_r:fsadm_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.10/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2009-11-25 11:47:19.000000000 -0500
 +++ serefpolicy-3.7.10/policy/modules/system/fstools.te	2010-02-22 09:09:07.000000000 -0500
@@ -30652,7 +30757,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.10/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/system/locallogin.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/locallogin.te	2010-02-23 12:05:26.000000000 -0500
 @@ -33,7 +33,7 @@
  # Local login local policy
  #