-+##
-+## Allow mysqld to connect to all ports
-+##
-+##
-+gen_tunable(mysql_connect_any, false)
-+
- ########################################
- #
- # Declarations
-@@ -47,7 +54,7 @@
- # Local policy
- #
-
--allow mysqld_t self:capability { dac_override setgid setuid sys_resource net_bind_service };
-+allow mysqld_t self:capability { dac_override ipc_lock setgid setuid sys_resource net_bind_service };
- dontaudit mysqld_t self:capability sys_tty_config;
- allow mysqld_t self:process { setsched getsched setrlimit signal_perms rlimitinh };
- allow mysqld_t self:fifo_file rw_fifo_file_perms;
-@@ -120,6 +127,11 @@
- # for /root/.my.cnf - should not be needed:
- userdom_read_user_home_content_files(mysqld_t)
-
-+tunable_policy(`mysql_connect_any',`
-+ corenet_tcp_connect_all_ports(mysqld_t)
-+ corenet_sendrecv_all_client_packets(mysqld_t)
-+')
-+
- ifdef(`distro_redhat',`
- # because Fedora has the sock_file in the database directory
- type_transition mysqld_t mysqld_db_t:sock_file mysqld_var_run_t;
-@@ -142,20 +154,26 @@
- # Local mysqld_safe policy
- #
-
--allow mysqld_safe_t self:capability { dac_override fowner chown };
-+allow mysqld_safe_t self:capability { chown dac_override fowner kill };
-+dontaudit mysqld_safe_t self:capability sys_ptrace;
- allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
-
- domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t)
-
- allow mysqld_safe_t mysqld_log_t:file manage_file_perms;
-
--allow mysqld_safe_t mysqld_var_run_t:sock_file unlink;
-+manage_files_pattern(mysqld_safe_t, mysqld_var_run_t, mysqld_var_run_t)
-+delete_sock_files_pattern(mysqld_safe_t, mysqld_var_run_t, mysqld_var_run_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.14/policy/modules/services/mysql.te
+--- nsaserefpolicy/policy/modules/services/mysql.te 2010-03-12 11:48:14.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/mysql.te 2010-03-12 12:00:19.000000000 -0500
+@@ -176,6 +176,7 @@
domain_read_all_domains_state(mysqld_safe_t)
+files_dontaudit_search_all_mountpoints(mysqld_safe_t)
-+files_dontaudit_getattr_all_dirs(mysqld_safe_t)
-+
- logging_log_filetrans(mysqld_safe_t, mysqld_log_t, file)
-
- kernel_read_system_state(mysqld_safe_t)
-+kernel_read_kernel_sysctls(mysqld_safe_t)
-
- dev_list_sysfs(mysqld_safe_t)
-
-@@ -169,6 +187,7 @@
- miscfiles_read_localization(mysqld_safe_t)
-
- mysql_manage_db_files(mysqld_safe_t)
-+read_lnk_files_pattern(mysqld_safe_t, mysqld_db_t, mysqld_db_t)
- mysql_read_config(mysqld_safe_t)
- mysql_search_pid_files(mysqld_safe_t)
- mysql_write_log(mysqld_safe_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.13/policy/modules/services/nagios.fc
+ files_read_etc_files(mysqld_safe_t)
+ files_read_usr_files(mysqld_safe_t)
+ files_dontaudit_getattr_all_dirs(mysqld_safe_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.14/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nagios.fc 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nagios.fc 2010-03-12 09:30:00.000000000 -0500
@@ -1,16 +1,89 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -19074,9 +18571,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+
+# unconfined plugins
+/usr/lib(64)?/nagios/plugins/check_by_ssh -- gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.13/policy/modules/services/nagios.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.14/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nagios.if 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nagios.if 2010-03-12 09:30:00.000000000 -0500
@@ -64,8 +64,8 @@
########################################
@@ -19240,9 +18737,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+
+ admin_pattern($1, nrpe_etc_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.13/policy/modules/services/nagios.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.14/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nagios.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nagios.te 2010-03-12 09:30:00.000000000 -0500
@@ -6,17 +6,23 @@
# Declarations
#
@@ -19627,9 +19124,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+optional_policy(`
+ init_read_utmp(nagios_system_plugin_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.13/policy/modules/services/networkmanager.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.14/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/networkmanager.fc 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/networkmanager.fc 2010-03-12 09:30:00.000000000 -0500
@@ -1,12 +1,32 @@
+/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -19663,9 +19160,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.13/policy/modules/services/networkmanager.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.14/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/networkmanager.if 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/networkmanager.if 2010-03-12 09:30:00.000000000 -0500
@@ -118,6 +118,24 @@
########################################
@@ -19763,9 +19260,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.13/policy/modules/services/networkmanager.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.14/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/networkmanager.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/networkmanager.te 2010-03-12 09:30:00.000000000 -0500
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@@ -20009,9 +19506,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.13/policy/modules/services/nis.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.14/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nis.fc 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nis.fc 2010-03-12 09:30:00.000000000 -0500
@@ -1,4 +1,7 @@
-
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -20030,9 +19527,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
+/var/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0)
+/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
+/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.13/policy/modules/services/nis.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.14/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.13/policy/modules/services/nis.if 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nis.if 2010-03-12 09:30:00.000000000 -0500
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -20150,9 +19647,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
+ nis_domtrans_ypbind($1)
+ role $2 types ypbind_t;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.13/policy/modules/services/nis.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.14/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nis.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nis.te 2010-03-12 09:30:00.000000000 -0500
@@ -13,6 +13,9 @@
type ypbind_exec_t;
init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -20224,9 +19721,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
corenet_tcp_bind_all_rpc_ports(ypxfr_t)
corenet_udp_bind_all_rpc_ports(ypxfr_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.13/policy/modules/services/nscd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.14/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nscd.if 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nscd.if 2010-03-12 09:30:00.000000000 -0500
@@ -121,6 +121,24 @@
########################################
@@ -20261,9 +19758,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.13/policy/modules/services/nscd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.14/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.13/policy/modules/services/nscd.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nscd.te 2010-03-12 09:30:00.000000000 -0500
@@ -1,10 +1,17 @@
-policy_module(nscd, 1.10.0)
@@ -20308,9 +19805,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+optional_policy(`
+ unconfined_dontaudit_rw_packet_sockets(nscd_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.fc serefpolicy-3.7.13/policy/modules/services/ntop.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.fc serefpolicy-3.7.14/policy/modules/services/ntop.fc
--- nsaserefpolicy/policy/modules/services/ntop.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/ntop.fc 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/ntop.fc 2010-03-12 09:30:00.000000000 -0500
@@ -1,7 +1,6 @@
/etc/ntop(/.*)? gen_context(system_u:object_r:ntop_etc_t,s0)
@@ -20319,9 +19816,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop
/var/lib/ntop(/.*)? gen_context(system_u:object_r:ntop_var_lib_t,s0)
/var/run/ntop\.pid -- gen_context(system_u:object_r:ntop_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.7.13/policy/modules/services/ntop.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.7.14/policy/modules/services/ntop.te
--- nsaserefpolicy/policy/modules/services/ntop.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/ntop.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/ntop.te 2010-03-12 09:30:00.000000000 -0500
@@ -11,12 +11,12 @@
init_daemon_domain(ntop_t, ntop_exec_t)
application_domain(ntop_t, ntop_exec_t)
@@ -20412,9 +19909,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop
seutil_sigchld_newrole(ntop_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.13/policy/modules/services/ntp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.14/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.13/policy/modules/services/ntp.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/ntp.te 2010-03-12 09:30:00.000000000 -0500
@@ -100,6 +100,8 @@
fs_getattr_all_fs(ntpd_t)
@@ -20424,9 +19921,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
term_use_ptmx(ntpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.13/policy/modules/services/nut.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.14/policy/modules/services/nut.te
--- nsaserefpolicy/policy/modules/services/nut.te 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.13/policy/modules/services/nut.te 2010-03-11 16:49:45.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nut.te 2010-03-12 09:30:00.000000000 -0500
@@ -29,7 +29,8 @@
# Local policy for upsd
#
@@ -20482,9 +19979,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.
+
+ sysnet_dns_name_resolve(httpd_nutups_cgi_script_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.13/policy/modules/services/nx.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.14/policy/modules/services/nx.fc
--- nsaserefpolicy/policy/modules/services/nx.fc 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.13/policy/modules/services/nx.fc 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nx.fc 2010-03-12 09:30:00.000000000 -0500
@@ -1,7 +1,15 @@
/opt/NX/bin/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0)
@@ -20503,9 +20000,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.f
+/var/lib/nxserver(/.*)? gen_context(system_u:object_r:nx_server_var_lib_t,s0)
+
/usr/libexec/nx/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.13/policy/modules/services/nx.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.14/policy/modules/services/nx.if
--- nsaserefpolicy/policy/modules/services/nx.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nx.if 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nx.if 2010-03-12 09:30:00.000000000 -0500
@@ -17,3 +17,70 @@
spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
@@ -20577,9 +20074,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.i
+
+ filetrans_pattern($1, nx_server_var_lib_t, $2, $3)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.13/policy/modules/services/nx.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.14/policy/modules/services/nx.te
--- nsaserefpolicy/policy/modules/services/nx.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/nx.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/nx.te 2010-03-12 09:30:00.000000000 -0500
@@ -25,6 +25,12 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -20614,9 +20111,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.t
kernel_read_system_state(nx_server_t)
kernel_read_kernel_sysctls(nx_server_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.13/policy/modules/services/oddjob.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.14/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/oddjob.if 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/oddjob.if 2010-03-12 09:30:00.000000000 -0500
@@ -44,6 +44,7 @@
')
@@ -20625,9 +20122,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.7.13/policy/modules/services/oddjob.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.7.14/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.13/policy/modules/services/oddjob.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/oddjob.te 2010-03-12 09:30:00.000000000 -0500
@@ -100,8 +100,7 @@
# Add/remove user home directories
@@ -20639,9 +20136,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
+userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
+userdom_manage_user_home_content(oddjob_mkhomedir_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.13/policy/modules/services/openvpn.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.14/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.13/policy/modules/services/openvpn.te 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/openvpn.te 2010-03-12 09:30:00.000000000 -0500
@@ -41,7 +41,7 @@
# openvpn local policy
#
@@ -20677,9 +20174,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
sysnet_etc_filetrans_config(openvpn_t)
userdom_use_user_terminals(openvpn_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.13/policy/modules/services/pcscd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.14/policy/modules/services/pcscd.if
--- nsaserefpolicy/policy/modules/services/pcscd.if 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.13/policy/modules/services/pcscd.if 2010-03-11 08:56:13.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/pcscd.if 2010-03-12 09:30:00.000000000 -0500
@@ -39,6 +39,44 @@
########################################
@@ -20725,9 +20222,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
## Connect to pcscd over an unix stream socket.
##