diff --git a/policy-20070703.patch b/policy-20070703.patch
index 861116e..8c59509 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -4147,7 +4147,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2007-12-31 07:13:11.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2008-01-16 16:09:09.000000000 -0500
@@ -55,6 +55,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -4182,7 +4182,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(innd, tcp,119,s0)
network_port(ipp, tcp,631,s0, udp,631,s0)
network_port(ircd, tcp,6667,s0)
-@@ -108,12 +115,16 @@
+@@ -108,12 +115,17 @@
network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
network_port(ktalkd, udp,517,s0, udp,518,s0)
@@ -4195,13 +4195,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(monopd, tcp,1234,s0)
-network_port(mysqld, tcp,3306,s0)
+network_port(msnp, tcp,1863,s0, udp,1863,s0)
++network_port(munin, tcp,4949,s0, udp,4949,s0)
+network_port(mythtv, tcp,6543,s0, udp,6543,s0)
+network_port(mysqld, tcp,3306,s0, tcp,1186,s0)
+portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
network_port(nessus, tcp,1241,s0)
network_port(netsupport, tcp,5405,s0, udp,5405,s0)
network_port(nmbd, udp,137,s0, udp,138,s0)
-@@ -122,6 +133,7 @@
+@@ -122,6 +134,7 @@
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
@@ -4209,7 +4210,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
network_port(portmap, udp,111,s0, tcp,111,s0)
network_port(postgresql, tcp,5432,s0)
-@@ -141,12 +153,12 @@
+@@ -141,12 +154,12 @@
network_port(rsh, tcp,514,s0)
network_port(rsync, tcp,873,s0, udp,873,s0)
network_port(rwho, udp,513,s0)
@@ -4224,7 +4225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
-@@ -160,13 +172,19 @@
+@@ -160,13 +173,19 @@
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
network_port(uucpd, tcp,540,s0)
network_port(vnc, tcp,5900,s0)
@@ -4684,7 +4685,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/usr/src/kernels/.+/lib(/.*)? gen_context(system_u:object_r:usr_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.8/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/files.if 2008-01-08 06:14:55.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/files.if 2008-01-16 08:57:05.000000000 -0500
@@ -343,8 +343,7 @@
########################################
@@ -5064,7 +5065,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
')
########################################
-@@ -4560,6 +4712,8 @@
+@@ -4285,6 +4437,25 @@
+
+ ########################################
+ ##
++## Delete generic process ID files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`files_unlink_generic_pids',`
++ gen_require(`
++ type var_t, var_run_t;
++ ')
++
++ list_dirs_pattern($1,var_t,var_run_t)
++ delete_files_pattern($1,var_run_t,var_run_t)
++')
++
++########################################
++##
+ ## Do not audit attempts to write to daemon runtime data files.
+ ##
+ ##
+@@ -4560,6 +4731,8 @@
# Need to give access to /selinux/member
selinux_compute_member($1)
@@ -5073,7 +5100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
# Need sys_admin capability for mounting
allow $1 self:capability { chown fsetid sys_admin };
-@@ -4582,6 +4736,11 @@
+@@ -4582,6 +4755,11 @@
# Default type for mountpoints
allow $1 poly_t:dir { create mounton };
fs_unmount_xattr_fs($1)
@@ -5085,7 +5112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
')
########################################
-@@ -4619,3 +4778,28 @@
+@@ -4619,3 +4797,28 @@
allow $1 { file_type -security_file_type }:dir manage_dir_perms;
')
@@ -10298,7 +10325,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.0.8/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mta.te 2008-01-11 14:43:25.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/mta.te 2008-01-16 06:23:56.000000000 -0500
@@ -1,11 +1,13 @@
-policy_module(mta,1.7.1)
@@ -10383,7 +10410,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
logrotate_read_tmp_files(system_mail_t)
')
-@@ -136,11 +158,30 @@
+@@ -136,11 +158,33 @@
')
optional_policy(`
@@ -10399,6 +10426,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
-# should break this up among sections:
++init_stream_connect_script(mailserver_delivery)
++init_rw_script_stream_sockets(mailserver_delivery)
++
+tunable_policy(`use_samba_home_dirs',`
+ fs_manage_cifs_dirs(mailserver_delivery)
+ fs_manage_cifs_files(mailserver_delivery)
@@ -10415,33 +10445,36 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
optional_policy(`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +195,4 @@
+@@ -154,3 +198,4 @@
cron_read_system_job_tmp_files(mta_user_agent)
')
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.0.8/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/munin.fc 2007-12-26 20:33:19.000000000 -0500
-@@ -6,6 +6,6 @@
++++ serefpolicy-3.0.8/policy/modules/services/munin.fc 2008-01-16 16:07:35.000000000 -0500
+@@ -6,6 +6,7 @@
/usr/share/munin/plugins/.* -- gen_context(system_u:object_r:munin_exec_t,s0)
/var/lib/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
-/var/log/munin.* -- gen_context(system_u:object_r:munin_log_t,s0)
+/var/log/munin.* gen_context(system_u:object_r:munin_log_t,s0)
/var/run/munin(/.*)? gen_context(system_u:object_r:munin_var_run_t,s0)
- /var/www/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
+-/var/www/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
++/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
++/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.0.8/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/munin.if 2007-12-02 21:15:34.000000000 -0500
-@@ -61,3 +61,21 @@
++++ serefpolicy-3.0.8/policy/modules/services/munin.if 2008-01-16 16:07:44.000000000 -0500
+@@ -61,3 +61,22 @@
allow $1 munin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
+
+#######################################
+##
-+## dontaudit Search munin library directories.
++## Do not audit attempts to search
++## munin library directories.
+##
+##
+##
@@ -10456,6 +10489,71 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+
+ dontaudit $1 munin_var_lib_t:dir search_dir_perms;
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.0.8/policy/modules/services/munin.te
+--- nsaserefpolicy/policy/modules/services/munin.te 2007-10-22 13:21:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/munin.te 2008-01-16 16:07:27.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(munin,1.3.0)
++policy_module(munin,1.4.0)
+
+ ########################################
+ #
+@@ -30,21 +30,25 @@
+ # Local policy
+ #
+
+-allow munin_t self:capability { setgid setuid };
++allow munin_t self:capability { dac_override setgid setuid };
+ dontaudit munin_t self:capability sys_tty_config;
+ allow munin_t self:process { getsched setsched signal_perms };
+ allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow munin_t self:unix_dgram_socket { create_socket_perms sendto };
+ allow munin_t self:tcp_socket create_stream_socket_perms;
+ allow munin_t self:udp_socket create_socket_perms;
++allow munin_t self:fifo_file manage_fifo_file_perms;
++
++can_exec(munin_t, munin_exec_t)
+
+ allow munin_t munin_etc_t:dir list_dir_perms;
+ read_files_pattern(munin_t,munin_etc_t,munin_etc_t)
+ read_lnk_files_pattern(munin_t,munin_etc_t,munin_etc_t)
+ files_search_etc(munin_t)
+
+-allow munin_t munin_log_t:file manage_file_perms;
+-logging_log_filetrans(munin_t,munin_log_t,file)
++manage_dirs_pattern(munin_t, munin_log_t, munin_log_t)
++manage_files_pattern(munin_t, munin_log_t, munin_log_t)
++logging_log_filetrans(munin_t,munin_log_t,{ file dir })
+
+ manage_dirs_pattern(munin_t,munin_tmp_t,munin_tmp_t)
+ manage_files_pattern(munin_t,munin_tmp_t,munin_tmp_t)
+@@ -73,6 +77,7 @@
+ corenet_udp_sendrecv_all_nodes(munin_t)
+ corenet_tcp_sendrecv_all_ports(munin_t)
+ corenet_udp_sendrecv_all_ports(munin_t)
++corenet_tcp_connect_munin_port(munin_t)
+
+ dev_read_sysfs(munin_t)
+ dev_read_urand(munin_t)
+@@ -91,6 +96,7 @@
+
+ logging_send_syslog_msg(munin_t)
+
++miscfiles_read_fonts(munin_t)
+ miscfiles_read_localization(munin_t)
+
+ sysnet_read_config(munin_t)
+@@ -118,3 +124,9 @@
+ optional_policy(`
+ udev_read_db(munin_t)
+ ')
++
++#============= http munin policy ==============
++apache_content_template(munin)
++
++manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
++manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.0.8/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2007-10-22 13:21:36.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/mysql.fc 2007-12-02 21:15:34.000000000 -0500
@@ -10789,7 +10887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2007-12-26 20:31:56.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2008-01-16 08:25:11.000000000 -0500
@@ -13,6 +13,9 @@
type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t)
@@ -10819,7 +10917,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
kernel_read_kernel_sysctls(NetworkManager_t)
-@@ -129,15 +135,13 @@
+@@ -82,6 +88,8 @@
+ files_read_etc_files(NetworkManager_t)
+ files_read_etc_runtime_files(NetworkManager_t)
+ files_read_usr_files(NetworkManager_t)
++files_read_all_pids(NetworkManager_t)
++files_unlink_generic_pids(NetworkManager_t)
+
+ init_read_utmp(NetworkManager_t)
+ init_domtrans_script(NetworkManager_t)
+@@ -129,15 +137,13 @@
')
optional_policy(`
@@ -10837,7 +10944,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -151,6 +155,8 @@
+@@ -151,6 +157,8 @@
optional_policy(`
nscd_socket_use(NetworkManager_t)
nscd_signal(NetworkManager_t)
@@ -10846,7 +10953,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -162,6 +168,7 @@
+@@ -162,6 +170,7 @@
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
ppp_signal(NetworkManager_t)
@@ -10854,7 +10961,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -173,8 +180,10 @@
+@@ -173,8 +182,10 @@
')
optional_policy(`
@@ -12107,7 +12214,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.0.8/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/procmail.te 2008-01-08 11:06:01.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/procmail.te 2008-01-16 15:44:12.000000000 -0500
@@ -30,6 +30,8 @@
allow procmail_t procmail_tmp_t:file manage_file_perms;
files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
@@ -12125,16 +12232,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
auth_use_nsswitch(procmail_t)
-@@ -65,6 +68,8 @@
+@@ -65,6 +68,9 @@
libs_use_ld_so(procmail_t)
libs_use_shared_libs(procmail_t)
+logging_send_syslog_msg(procmail_t)
++loggin_search_logs(procmail_t)
+
miscfiles_read_localization(procmail_t)
# only works until we define a different type for maildir
-@@ -97,17 +102,20 @@
+@@ -97,21 +103,25 @@
')
optional_policy(`
@@ -12157,7 +12265,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
')
optional_policy(`
-@@ -125,7 +133,13 @@
+ pyzor_domtrans(procmail_t)
++ pyzor_signal(procmail_t)
+ ')
+
+ optional_policy(`
+@@ -125,7 +135,13 @@
corenet_udp_bind_generic_port(procmail_t)
corenet_dontaudit_udp_bind_all_ports(procmail_t)
@@ -17033,7 +17146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-15 08:23:50.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-16 15:53:47.000000000 -0500
@@ -65,11 +65,15 @@
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -17091,15 +17204,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/xorg/modules/drivers/nvidia_drv\.o -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -223,6 +234,7 @@
+@@ -223,8 +234,10 @@
/usr/lib(64)?/libmp3lame\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Flash plugin, Macromedia
+HOME_DIR/\.gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -236,6 +248,8 @@
+ /usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -236,6 +249,8 @@
/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libdivxencore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -17108,7 +17224,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# vmware
-@@ -284,3 +298,14 @@
+@@ -284,3 +299,15 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
@@ -17123,6 +17239,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+
+/usr/lib/libswscale\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib64/libswscale\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/libavdevice\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.0.8/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/libraries.te 2007-12-10 16:27:26.000000000 -0500
@@ -18099,7 +18216,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.8/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/mount.te 2008-01-14 10:34:46.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/mount.te 2008-01-16 10:54:29.000000000 -0500
@@ -8,6 +8,13 @@
##
@@ -18182,7 +18299,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
libs_use_ld_so(mount_t)
libs_use_shared_libs(mount_t)
-@@ -127,10 +141,15 @@
+@@ -118,6 +132,7 @@
+ seutil_read_config(mount_t)
+
+ userdom_use_all_users_fds(mount_t)
++userdom_read_sysadm_home_content_files(mount_t)
+
+ ifdef(`distro_redhat',`
+ optional_policy(`
+@@ -127,10 +142,15 @@
')
')
@@ -18199,7 +18324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
')
optional_policy(`
-@@ -159,13 +178,9 @@
+@@ -159,13 +179,9 @@
fs_search_rpc(mount_t)
@@ -18214,7 +18339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
')
optional_policy(`
-@@ -180,17 +195,18 @@
+@@ -180,17 +196,18 @@
')
')
@@ -18237,7 +18362,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
')
########################################
-@@ -201,4 +217,29 @@
+@@ -201,4 +218,29 @@
optional_policy(`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
@@ -18894,7 +19019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.0.8/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/sysnetwork.if 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/sysnetwork.if 2008-01-16 08:56:54.000000000 -0500
@@ -145,6 +145,25 @@
########################################
@@ -19747,7 +19872,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-15 13:51:31.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-16 10:54:03.000000000 -0500
@@ -29,8 +29,9 @@
')