diff --git a/policy-F13.patch b/policy-F13.patch
index 40ebc88..ab4f15e 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -1680,8 +1680,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.7.19/policy/modules/admin/shutdown.if
--- nsaserefpolicy/policy/modules/admin/shutdown.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.if 2010-04-14 10:48:18.000000000 -0400
-@@ -0,0 +1,118 @@
++++ serefpolicy-3.7.19/policy/modules/admin/shutdown.if 2010-05-17 16:36:19.000000000 -0400
+@@ -0,0 +1,136 @@
+
+## policy for shutdown
+
@@ -1800,6 +1800,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+ allow $1 shutdown_t:dbus send_msg;
+ allow shutdown_t $1:dbus send_msg;
+')
++
++########################################
++##
++## Get attributes of shutdown executable.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`shutdown_getattr_exec_files',`
++ gen_require(`
++ type shutdown_exec_t;
++ ')
++
++ allow $1 shutdown_exec_t:file getattr;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.7.19/policy/modules/admin/shutdown.te
--- nsaserefpolicy/policy/modules/admin/shutdown.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.te 2010-05-12 14:21:13.000000000 -0400
@@ -7453,7 +7471,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.19/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc 2010-05-14 14:16:38.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc 2010-05-19 10:46:23.000000000 -0400
@@ -108,6 +108,7 @@
/dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0)
/dev/ub[a-c] -c gen_context(system_u:object_r:usb_device_t,s0)
@@ -7470,6 +7488,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
/dev/usb/mdc800.* -c gen_context(system_u:object_r:scanner_device_t,s0)
/dev/usb/scanner.* -c gen_context(system_u:object_r:scanner_device_t,s0)
+@@ -186,3 +188,8 @@
+ /var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
+ /var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
+ ')
++
++#
++# /sys
++#
++/sys/.* gen_context(system_u:object_r:sysfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.19/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-03-05 10:46:32.000000000 -0500
+++ serefpolicy-3.7.19/policy/modules/kernel/devices.if 2010-05-17 11:06:34.000000000 -0400
@@ -7924,7 +7951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.19/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/kernel/files.fc 2010-04-30 08:55:43.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/kernel/files.fc 2010-05-19 10:30:53.000000000 -0400
@@ -18,6 +18,7 @@
/fsckoptions -- gen_context(system_u:object_r:etc_runtime_t,s0)
/halt -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -7978,7 +8005,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
HOME_ROOT/\.journal <>
HOME_ROOT/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
HOME_ROOT/lost\+found/.* <>
-@@ -205,15 +214,19 @@
+@@ -170,12 +179,6 @@
+ /srv/.* gen_context(system_u:object_r:var_t,s0)
+
+ #
+-# /sys
+-#
+-/sys -d <>
+-/sys/.* <>
+-
+-#
+ # /tmp
+ #
+ /tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+@@ -205,15 +208,19 @@
/usr/local/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/usr/local/lost\+found/.* <>
@@ -7998,7 +8038,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/usr/tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
/usr/tmp/.* <>
-@@ -229,6 +242,8 @@
+@@ -229,6 +236,8 @@
/var/ftp/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
@@ -8007,7 +8047,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/var/lib(/.*)? gen_context(system_u:object_r:var_lib_t,s0)
/var/lib/nfs/rpc_pipefs(/.*)? <>
-@@ -254,3 +269,5 @@
+@@ -254,3 +263,5 @@
ifdef(`distro_debian',`
/var/run/motd -- gen_context(system_u:object_r:etc_runtime_t,s0)
')
@@ -9778,7 +9818,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.19/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/kernel/terminal.if 2010-04-20 08:46:40.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/kernel/terminal.if 2010-05-19 11:01:47.000000000 -0400
@@ -292,9 +292,11 @@
interface(`term_dontaudit_use_console',`
gen_require(`
@@ -12697,7 +12737,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.19/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/services/apache.if 2010-05-06 15:41:04.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/apache.if 2010-05-19 14:04:37.000000000 -0400
@@ -13,17 +13,13 @@
#
template(`apache_content_template',`
@@ -13041,7 +13081,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.19/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/services/apache.te 2010-05-06 08:29:44.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/apache.te 2010-05-19 11:32:18.000000000 -0400
@@ -19,11 +19,13 @@
# Declarations
#
@@ -15577,7 +15617,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.19/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/services/consolekit.te 2010-04-14 10:48:18.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/consolekit.te 2010-05-19 14:06:05.000000000 -0400
@@ -16,12 +16,15 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -15633,10 +15673,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
')
optional_policy(`
-@@ -100,19 +110,33 @@
+@@ -100,19 +110,37 @@
')
optional_policy(`
++ networkmanager_append_log(consolekit_t)
++')
++
++optional_policy(`
+ policykit_dbus_chat(consolekit_t)
policykit_domtrans_auth(consolekit_t)
policykit_read_lib(consolekit_t)
@@ -20071,7 +20115,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
## All of the rules required to administrate
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.19/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/services/munin.te 2010-05-10 09:29:06.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/munin.te 2010-05-19 13:42:52.000000000 -0400
@@ -28,12 +28,26 @@
type munin_var_run_t alias lrrd_var_run_t;
files_pid_file(munin_var_run_t)
@@ -20132,7 +20176,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
')
optional_policy(`
-@@ -164,3 +185,149 @@
+@@ -164,3 +185,153 @@
optional_policy(`
udev_read_db(munin_t)
')
@@ -20212,6 +20256,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+allow munin_services_plugin_t self:udp_socket create_socket_perms;
+allow munin_services_plugin_t self:netlink_route_socket r_netlink_socket_perms;
+
++corecmd_exec_shell(munin_services_plugin_t)
++
+corenet_tcp_connect_all_ports(munin_services_plugin_t)
+corenet_tcp_connect_http_port(munin_services_plugin_t)
+
@@ -20282,6 +20328,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+sysnet_exec_ifconfig(munin_system_plugin_t)
+
+term_getattr_unallocated_ttys(munin_system_plugin_t)
++term_getattr_all_ptys(munin_system_plugin_t)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.19/policy/modules/services/mysql.te
--- nsaserefpolicy/policy/modules/services/mysql.te 2010-03-12 11:48:14.000000000 -0500
+++ serefpolicy-3.7.19/policy/modules/services/mysql.te 2010-04-14 10:48:18.000000000 -0400
@@ -20999,7 +21047,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.19/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.if 2010-04-29 12:21:46.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/networkmanager.if 2010-05-19 14:05:37.000000000 -0400
@@ -100,6 +100,27 @@
########################################
@@ -21053,7 +21101,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
## Read NetworkManager PID files.
##
##
-@@ -134,3 +173,71 @@
+@@ -134,3 +173,90 @@
files_search_pids($1)
allow $1 NetworkManager_var_run_t:file read_file_perms;
')
@@ -21124,7 +21172,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+ allow $1 self:tun_socket relabelto;
+')
+
++########################################
++##
++## Allow the specified domain to append
++## to Network Manager log files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`networkmanager_append_log',`
++ gen_require(`
++ type NetworkManager_log_t;
++ ')
+
++ logging_search_logs($1)
++ allow $1 NetworkManager_log_t:dir list_dir_perms;
++ append_files_pattern($1, NetworkManager_log_t, NetworkManagerlog_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.19/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.te 2010-05-17 09:28:33.000000000 -0400
@@ -23073,7 +23140,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.19/policy/modules/services/policykit.te
--- nsaserefpolicy/policy/modules/services/policykit.te 2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/services/policykit.te 2010-05-12 11:12:00.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/policykit.te 2010-05-18 15:32:40.000000000 -0400
@@ -25,6 +25,9 @@
type policykit_reload_t alias polkit_reload_t;
files_type(policykit_reload_t)
@@ -23108,7 +23175,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
+kernel_read_system_state(policykit_t)
kernel_read_kernel_sysctls(policykit_t)
-+domain_getattr_all_domains(policykit_t)
++domain_read_all_domains_state(policykit_t)
+
files_read_etc_files(policykit_t)
files_read_usr_files(policykit_t)
@@ -28052,7 +28119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+/root/\.shosts gen_context(system_u:object_r:home_ssh_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.19/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/services/ssh.if 2010-05-03 14:32:10.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/ssh.if 2010-05-17 16:37:12.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -28162,7 +28229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
# Allow checking users mail at login
mta_getattr_spool($1_t)
-@@ -265,9 +272,12 @@
+@@ -265,9 +272,16 @@
optional_policy(`
files_read_var_lib_symlinks($1_t)
@@ -28173,10 +28240,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+ optional_policy(`
+ rlogin_read_home_content($1_t)
+ ')
++
++ optional_policy(`
++ shutdown_getattr_exec_files($1_t)
++ ')
')
########################################
-@@ -388,6 +398,7 @@
+@@ -388,6 +402,7 @@
logging_send_syslog_msg($1_ssh_agent_t)
miscfiles_read_localization($1_ssh_agent_t)
@@ -28184,7 +28255,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
seutil_dontaudit_read_config($1_ssh_agent_t)
-@@ -395,6 +406,7 @@
+@@ -395,6 +410,7 @@
userdom_use_user_terminals($1_ssh_agent_t)
# for the transition back to normal privs upon exec
@@ -28192,7 +28263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
userdom_user_home_domtrans($1_ssh_agent_t, $3)
allow $3 $1_ssh_agent_t:fd use;
allow $3 $1_ssh_agent_t:fifo_file rw_file_perms;
-@@ -582,6 +594,25 @@
+@@ -582,6 +598,25 @@
domtrans_pattern($1, sshd_exec_t, sshd_t)
')
@@ -28218,7 +28289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
########################################
##
## Execute the ssh client in the caller domain.
-@@ -696,6 +727,50 @@
+@@ -696,6 +731,50 @@
dontaudit $1 sshd_key_t:file { getattr read };
')
@@ -28269,7 +28340,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
#######################################
##
## Delete from the ssh temp files.
-@@ -714,3 +789,50 @@
+@@ -714,3 +793,50 @@
files_search_tmp($1)
delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
')
@@ -28467,8 +28538,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
# Relabel and access ptys created by sshd
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.19/policy/modules/services/sssd.te
--- nsaserefpolicy/policy/modules/services/sssd.te 2010-04-05 14:44:26.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/services/sssd.te 2010-04-14 10:48:18.000000000 -0400
-@@ -81,6 +81,8 @@
++++ serefpolicy-3.7.19/policy/modules/services/sssd.te 2010-05-19 08:37:29.000000000 -0400
+@@ -32,6 +32,7 @@
+ allow sssd_t self:capability { dac_read_search dac_override kill sys_nice setgid setuid };
+ allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
+ allow sssd_t self:fifo_file rw_file_perms;
++allow sssd_t self:key manage_key_perms;
+ allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
+
+ manage_dirs_pattern(sssd_t, sssd_public_t, sssd_public_t)
+@@ -81,6 +82,8 @@
miscfiles_read_localization(sssd_t)
@@ -28502,6 +28581,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd
miscfiles_read_localization(tgtd_t)
+
+iscsi_manage_semaphores(tgtd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.7.19/policy/modules/services/tor.te
+--- nsaserefpolicy/policy/modules/services/tor.te 2010-04-05 14:44:26.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/services/tor.te 2010-05-17 16:55:56.000000000 -0400
+@@ -45,6 +45,7 @@
+ allow tor_t self:capability { setgid setuid sys_tty_config };
+ allow tor_t self:fifo_file rw_fifo_file_perms;
+ allow tor_t self:unix_stream_socket create_stream_socket_perms;
++allow tor_t self:unix_dgram_socket create_socket_perms;
+ allow tor_t self:netlink_route_socket r_netlink_socket_perms;
+ allow tor_t self:tcp_socket create_stream_socket_perms;
+
+@@ -101,6 +102,8 @@
+
+ auth_use_nsswitch(tor_t)
+
++logging_send_syslog_msg(tor_t)
++
+ miscfiles_read_localization(tor_t)
+
+ tunable_policy(`tor_bind_all_unreserved_ports', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.19/policy/modules/services/tuned.te
--- nsaserefpolicy/policy/modules/services/tuned.te 2010-03-23 10:55:15.000000000 -0400
+++ serefpolicy-3.7.19/policy/modules/services/tuned.te 2010-04-14 10:48:18.000000000 -0400
@@ -30581,8 +30680,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.19/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/system/application.te 2010-04-14 10:48:18.000000000 -0400
-@@ -7,6 +7,21 @@
++++ serefpolicy-3.7.19/policy/modules/system/application.te 2010-05-17 12:40:43.000000000 -0400
+@@ -7,6 +7,22 @@
# Executables to be run by user
attribute application_exec_type;
@@ -30599,6 +30698,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
+
+optional_policy(`
+ cron_rw_inherited_user_spool_files(application_domain_type)
++ cron_sigchld(application_domain_type)
+')
+
optional_policy(`
@@ -31879,7 +31979,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.19/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/system/iptables.te 2010-04-30 08:55:43.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/system/iptables.te 2010-05-19 13:44:44.000000000 -0400
@@ -14,9 +14,6 @@
type iptables_initrc_exec_t;
init_script_file(iptables_initrc_exec_t)
@@ -31925,7 +32025,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
fs_getattr_xattr_fs(iptables_t)
fs_search_auto_mountpoints(iptables_t)
-@@ -65,6 +70,7 @@
+@@ -65,11 +70,13 @@
mls_file_read_all_levels(iptables_t)
term_dontaudit_use_console(iptables_t)
@@ -31933,7 +32033,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
domain_use_interactive_fds(iptables_t)
-@@ -78,6 +84,7 @@
+ files_read_etc_files(iptables_t)
+ files_read_etc_runtime_files(iptables_t)
++files_read_usr_files(iptables_t)
+
+ auth_use_nsswitch(iptables_t)
+
+@@ -78,6 +85,7 @@
# to allow rules to be saved on reboot:
init_rw_script_tmp_files(iptables_t)
init_rw_script_stream_sockets(iptables_t)
@@ -31941,7 +32047,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
logging_send_syslog_msg(iptables_t)
-@@ -91,6 +98,7 @@
+@@ -91,6 +99,7 @@
optional_policy(`
fail2ban_append_log(iptables_t)
@@ -31976,8 +32082,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.19/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2010-03-23 11:19:40.000000000 -0400
-+++ serefpolicy-3.7.19/policy/modules/system/libraries.fc 2010-05-13 09:03:06.000000000 -0400
-@@ -131,7 +131,7 @@
++++ serefpolicy-3.7.19/policy/modules/system/libraries.fc 2010-05-19 08:43:58.000000000 -0400
+@@ -131,13 +131,13 @@
/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib64/vlc/codec/librealvideo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -31986,6 +32092,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib64/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libtfmessbsp\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/lib(64)?/catalyst/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/catalyst/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libADM5.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libatiadlxx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/win32/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -208,6 +208,7 @@
/usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)