diff --git a/policy-F13.patch b/policy-F13.patch
index ba935e4..8751001 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -562,6 +562,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
 +optional_policy(`
  	varnishd_manage_log(logrotate_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.fc serefpolicy-3.7.19/policy/modules/admin/logwatch.fc
+--- nsaserefpolicy/policy/modules/admin/logwatch.fc	2010-04-13 20:44:37.000000000 +0200
++++ serefpolicy-3.7.19/policy/modules/admin/logwatch.fc	2010-06-09 23:21:19.787458558 +0200
+@@ -1,7 +1,13 @@
++
++/usr/sbin/epylog 	-- gen_context(system_u:object_r:logwatch_exec_t,s0)
+ /usr/sbin/logcheck	--	gen_context(system_u:object_r:logwatch_exec_t,s0)
+ 
+ /usr/share/logwatch/scripts/logwatch\.pl -- gen_context(system_u:object_r:logwatch_exec_t, s0)
+ 
+ /var/cache/logwatch(/.*)?	gen_context(system_u:object_r:logwatch_cache_t, s0)
++
++/var/lib/epylog(/.*)?  		gen_context(system_u:object_r:logwatch_cache_t,s0)
+ /var/lib/logcheck(/.*)?		gen_context(system_u:object_r:logwatch_cache_t,s0)
++
+ /var/log/logcheck/.+	--	gen_context(system_u:object_r:logwatch_lock_t,s0)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.te serefpolicy-3.7.19/policy/modules/admin/mcelog.te
 --- nsaserefpolicy/policy/modules/admin/mcelog.te	2010-04-13 20:44:37.000000000 +0200
 +++ serefpolicy-3.7.19/policy/modules/admin/mcelog.te	2010-05-28 09:41:59.952610471 +0200
@@ -18895,7 +18912,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ##	All of the rules required to administrate 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.19/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ftp.te	2010-05-28 09:42:00.111610835 +0200
++++ serefpolicy-3.7.19/policy/modules/services/ftp.te	2010-06-09 23:01:26.359209225 +0200
 @@ -41,11 +41,51 @@
  
  ## <desc>
@@ -18974,7 +18991,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  #
  
 -allow ftpd_t self:capability { chown fowner fsetid setgid setuid sys_chroot sys_nice sys_resource };
-+allow ftpd_t self:capability { chown fowner fsetid setgid setuid sys_chroot sys_admin sys_nice sys_resource };
++allow ftpd_t self:capability { chown fowner fsetid ipc_lock setgid setuid sys_chroot sys_admin sys_nice sys_resource };
  dontaudit ftpd_t self:capability sys_tty_config;
 -allow ftpd_t self:process signal_perms;
 -allow ftpd_t self:process { getcap setcap setsched setrlimit };
@@ -20124,7 +20141,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  # Local hald dccm policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.7.19/policy/modules/services/icecast.te
 --- nsaserefpolicy/policy/modules/services/icecast.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/icecast.te	2010-06-09 16:38:02.472756824 +0200
++++ serefpolicy-3.7.19/policy/modules/services/icecast.te	2010-06-09 23:33:37.510220114 +0200
 @@ -38,6 +38,8 @@
  manage_files_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)
  files_pid_filetrans(icecast_t, icecast_var_run_t, { file dir })
@@ -20138,7 +20155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
  sysnet_dns_name_resolve(icecast_t)
  
  optional_policy(`
-+	apache_getattr_sys_content(icecast_t)
++	apache_read_sys_content(icecast_t)
 +')
 +
 +optional_policy(`
@@ -20180,7 +20197,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  		allow $1 self:udp_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.19/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/kerberos.te	2010-06-09 13:08:36.336506784 +0200
++++ serefpolicy-3.7.19/policy/modules/services/kerberos.te	2010-06-09 23:35:26.680218272 +0200
 @@ -112,6 +112,7 @@
  
  kernel_read_kernel_sysctls(kadmind_t)
@@ -20199,16 +20216,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  corenet_tcp_bind_reserved_port(kadmind_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(kadmind_t)
  corenet_sendrecv_kerberos_admin_server_packets(kadmind_t)
-@@ -198,7 +201,7 @@
+@@ -198,8 +201,7 @@
  allow krb5kdc_t krb5kdc_log_t:file manage_file_perms;
  logging_log_filetrans(krb5kdc_t, krb5kdc_log_t, file)
  
 -allow krb5kdc_t krb5kdc_principal_t:file read_file_perms;
+-dontaudit krb5kdc_t krb5kdc_principal_t:file write;
 +allow krb5kdc_t krb5kdc_principal_t:file rw_file_perms;
- dontaudit krb5kdc_t krb5kdc_principal_t:file write;
  
  manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
-@@ -283,7 +286,7 @@
+ manage_files_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+@@ -283,7 +285,7 @@
  allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
  allow kpropd_t self:tcp_socket create_stream_socket_perms;
  
@@ -27185,6 +27203,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
  
  remotelogin_domtrans(rlogind_t)
  remotelogin_signal(rlogind_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.7.19/policy/modules/services/rpcbind.te
+--- nsaserefpolicy/policy/modules/services/rpcbind.te	2010-04-13 20:44:37.000000000 +0200
++++ serefpolicy-3.7.19/policy/modules/services/rpcbind.te	2010-06-09 23:09:15.321208553 +0200
+@@ -72,3 +72,7 @@
+ ifdef(`hide_broken_symptoms',`
+ 	dontaudit rpcbind_t self:udp_socket listen;
+ ')
++
++optional_policy(`
++	nis_use_ypbind(rpcbind_t)
++') 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.19/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2010-04-13 20:44:37.000000000 +0200
 +++ serefpolicy-3.7.19/policy/modules/services/rpc.if	2010-05-28 09:42:00.175610487 +0200
@@ -33113,6 +33142,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
 +
 +	allow $1 iscsid_t:sem create_sem_perms;
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.19/policy/modules/system/iscsi.te
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2010-04-13 20:44:37.000000000 +0200
++++ serefpolicy-3.7.19/policy/modules/system/iscsi.te	2010-06-09 23:08:12.877208512 +0200
+@@ -77,6 +77,8 @@
+ 
+ dev_rw_sysfs(iscsid_t)
+ dev_rw_userio_dev(iscsid_t)
++dev_read_raw_memory(iscsid_t)
++dev_write_raw_memory(iscsid_t)
+ 
+ domain_use_interactive_fds(iscsid_t)
+ domain_dontaudit_read_all_domains_state(iscsid_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.19/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2010-04-13 20:44:37.000000000 +0200
 +++ serefpolicy-3.7.19/policy/modules/system/libraries.fc	2010-05-28 09:42:00.223612180 +0200
@@ -33567,7 +33608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  	domain_system_change_exemption($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.19/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/logging.te	2010-05-28 09:42:00.503610861 +0200
++++ serefpolicy-3.7.19/policy/modules/system/logging.te	2010-06-09 23:05:38.904506480 +0200
 @@ -61,6 +61,7 @@
  type syslogd_t;
  type syslogd_exec_t;
@@ -33608,16 +33649,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -268,6 +279,8 @@
+@@ -252,6 +263,8 @@
+ # Audit remote logger local policy
+ #
+ 
++allow audisp_remote_t self:process { getcap setcap };
++
+ allow audisp_remote_t self:tcp_socket create_socket_perms;
+ 
+ corenet_all_recvfrom_unlabeled(audisp_remote_t)
+@@ -268,6 +281,10 @@
  
  logging_send_syslog_msg(audisp_remote_t)
  
 +auth_use_nsswitch(audisp_remote_t)
 +
++init_telinit(audisp_remote_t)
++
  miscfiles_read_localization(audisp_remote_t)
  
  sysnet_dns_name_resolve(audisp_remote_t)
-@@ -372,8 +385,10 @@
+@@ -372,8 +389,10 @@
  manage_files_pattern(syslogd_t, syslogd_var_lib_t, syslogd_var_lib_t)
  files_search_var_lib(syslogd_t)
  
@@ -33630,7 +33682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  
  # manage pid file
  manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
-@@ -491,6 +506,10 @@
+@@ -491,6 +510,10 @@
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 97ad98b..215cbf9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 26%{?dist}
+Release: 27%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,11 @@ exit 0
 %endif
 
 %changelog
+* Wed Jun 9 2010 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-27
+- Allow ftpd ipc_lock capability
+- Allow audisp-remote to getcap and setcap
+- Allow iscsid to read and write raw memory devices
+
 * Wed Jun 9 2010 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-26
 - Allow krb5kdc to write krb5kdc_principal_t file
 - Allow hald to send generic signal to dhcp client