diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 906d448..2050d8a 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -3582,7 +3582,7 @@ index 644d4d7..f9bcd44 100644
+/usr/lib/ruby/gems/.*/agents(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/virtualbox/VBoxManage -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
-index 9e9263a..7f08657 100644
+index 9e9263a..77e6c8c 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -8,6 +8,22 @@
@@ -3608,7 +3608,19 @@ index 9e9263a..7f08657 100644
########################################
##
## Make the specified type usable for files
-@@ -122,6 +138,7 @@ interface(`corecmd_search_bin',`
+@@ -68,9 +84,11 @@ interface(`corecmd_bin_alias',`
+ interface(`corecmd_bin_entry_type',`
+ gen_require(`
+ type bin_t;
++ type usr_t;
+ ')
+
+ domain_entry_file($1, bin_t)
++ domain_entry_file($1, usr_t)
+ ')
+
+ ########################################
+@@ -122,6 +140,7 @@ interface(`corecmd_search_bin',`
type bin_t;
')
@@ -3616,7 +3628,7 @@ index 9e9263a..7f08657 100644
search_dirs_pattern($1, bin_t, bin_t)
')
-@@ -158,6 +175,7 @@ interface(`corecmd_list_bin',`
+@@ -158,6 +177,7 @@ interface(`corecmd_list_bin',`
type bin_t;
')
@@ -3624,7 +3636,7 @@ index 9e9263a..7f08657 100644
list_dirs_pattern($1, bin_t, bin_t)
')
-@@ -203,7 +221,7 @@ interface(`corecmd_getattr_bin_files',`
+@@ -203,7 +223,7 @@ interface(`corecmd_getattr_bin_files',`
##
##
##
@@ -3633,7 +3645,7 @@ index 9e9263a..7f08657 100644
##
##
#
-@@ -231,6 +249,7 @@ interface(`corecmd_read_bin_files',`
+@@ -231,6 +251,7 @@ interface(`corecmd_read_bin_files',`
type bin_t;
')
@@ -3641,7 +3653,7 @@ index 9e9263a..7f08657 100644
read_files_pattern($1, bin_t, bin_t)
')
-@@ -254,6 +273,24 @@ interface(`corecmd_dontaudit_write_bin_files',`
+@@ -254,6 +275,24 @@ interface(`corecmd_dontaudit_write_bin_files',`
########################################
##
@@ -3666,7 +3678,7 @@ index 9e9263a..7f08657 100644
## Read symbolic links in bin directories.
##
##
-@@ -285,6 +322,7 @@ interface(`corecmd_read_bin_pipes',`
+@@ -285,6 +324,7 @@ interface(`corecmd_read_bin_pipes',`
type bin_t;
')
@@ -3674,7 +3686,7 @@ index 9e9263a..7f08657 100644
read_fifo_files_pattern($1, bin_t, bin_t)
')
-@@ -303,6 +341,7 @@ interface(`corecmd_read_bin_sockets',`
+@@ -303,6 +343,7 @@ interface(`corecmd_read_bin_sockets',`
type bin_t;
')
@@ -3682,7 +3694,7 @@ index 9e9263a..7f08657 100644
read_sock_files_pattern($1, bin_t, bin_t)
')
-@@ -345,6 +384,10 @@ interface(`corecmd_exec_bin',`
+@@ -345,6 +386,10 @@ interface(`corecmd_exec_bin',`
read_lnk_files_pattern($1, bin_t, bin_t)
list_dirs_pattern($1, bin_t, bin_t)
can_exec($1, bin_t)
@@ -3693,7 +3705,7 @@ index 9e9263a..7f08657 100644
')
########################################
-@@ -362,6 +405,7 @@ interface(`corecmd_manage_bin_files',`
+@@ -362,6 +407,7 @@ interface(`corecmd_manage_bin_files',`
type bin_t;
')
@@ -3701,7 +3713,7 @@ index 9e9263a..7f08657 100644
manage_files_pattern($1, bin_t, bin_t)
')
-@@ -398,6 +442,7 @@ interface(`corecmd_mmap_bin_files',`
+@@ -398,6 +444,7 @@ interface(`corecmd_mmap_bin_files',`
type bin_t;
')
@@ -3709,7 +3721,7 @@ index 9e9263a..7f08657 100644
mmap_files_pattern($1, bin_t, bin_t)
')
-@@ -440,10 +485,14 @@ interface(`corecmd_mmap_bin_files',`
+@@ -440,10 +487,14 @@ interface(`corecmd_mmap_bin_files',`
interface(`corecmd_bin_spec_domtrans',`
gen_require(`
type bin_t;
@@ -3724,7 +3736,7 @@ index 9e9263a..7f08657 100644
')
########################################
-@@ -483,10 +532,12 @@ interface(`corecmd_bin_spec_domtrans',`
+@@ -483,10 +534,12 @@ interface(`corecmd_bin_spec_domtrans',`
interface(`corecmd_bin_domtrans',`
gen_require(`
type bin_t;
@@ -3737,7 +3749,7 @@ index 9e9263a..7f08657 100644
')
########################################
-@@ -945,6 +996,7 @@ interface(`corecmd_shell_domtrans',`
+@@ -945,6 +998,7 @@ interface(`corecmd_shell_domtrans',`
interface(`corecmd_exec_chroot',`
gen_require(`
type chroot_exec_t;
@@ -3745,7 +3757,7 @@ index 9e9263a..7f08657 100644
')
read_lnk_files_pattern($1, bin_t, bin_t)
-@@ -954,6 +1006,24 @@ interface(`corecmd_exec_chroot',`
+@@ -954,6 +1008,24 @@ interface(`corecmd_exec_chroot',`
########################################
##
@@ -3770,7 +3782,7 @@ index 9e9263a..7f08657 100644
## Get the attributes of all executable files.
##
##
-@@ -1012,6 +1082,10 @@ interface(`corecmd_exec_all_executables',`
+@@ -1012,6 +1084,10 @@ interface(`corecmd_exec_all_executables',`
can_exec($1, exec_type)
list_dirs_pattern($1, bin_t, bin_t)
read_lnk_files_pattern($1, bin_t, exec_type)
@@ -3781,7 +3793,7 @@ index 9e9263a..7f08657 100644
')
########################################
-@@ -1049,6 +1123,7 @@ interface(`corecmd_manage_all_executables',`
+@@ -1049,6 +1125,7 @@ interface(`corecmd_manage_all_executables',`
type bin_t;
')
@@ -3789,7 +3801,7 @@ index 9e9263a..7f08657 100644
manage_files_pattern($1, bin_t, exec_type)
manage_lnk_files_pattern($1, bin_t, bin_t)
')
-@@ -1091,3 +1166,36 @@ interface(`corecmd_mmap_all_executables',`
+@@ -1091,3 +1168,36 @@ interface(`corecmd_mmap_all_executables',`
mmap_files_pattern($1, bin_t, exec_type)
')
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index c1ad325..35a932e 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -2023,16 +2023,17 @@ index 7f4dfbc..4d750fa 100644
/usr/sbin/amrecover -- gen_context(system_u:object_r:amanda_recover_exec_t,s0)
diff --git a/amanda.te b/amanda.te
-index ed45974..cd5a4fa 100644
+index ed45974..d4df671 100644
--- a/amanda.te
+++ b/amanda.te
-@@ -9,11 +9,13 @@ attribute_role amanda_recover_roles;
+@@ -9,11 +9,14 @@ attribute_role amanda_recover_roles;
roleattribute system_r amanda_recover_roles;
type amanda_t;
+type amanda_exec_t;
type amanda_inetd_exec_t;
-inetd_service_domain(amanda_t, amanda_inetd_exec_t)
++application_executable_file(amanda_exec_t)
+init_daemon_domain(amanda_t, amanda_inetd_exec_t)
+role system_r types amanda_t;
@@ -2043,7 +2044,7 @@ index ed45974..cd5a4fa 100644
type amanda_log_t;
logging_log_file(amanda_log_t)
-@@ -60,7 +62,7 @@ optional_policy(`
+@@ -60,7 +63,7 @@ optional_policy(`
#
allow amanda_t self:capability { chown dac_override setuid kill };
@@ -2052,7 +2053,7 @@ index ed45974..cd5a4fa 100644
allow amanda_t self:fifo_file rw_fifo_file_perms;
allow amanda_t self:unix_stream_socket { accept listen };
allow amanda_t self:tcp_socket { accept listen };
-@@ -71,6 +73,7 @@ allow amanda_t amanda_config_t:file read_file_perms;
+@@ -71,6 +74,7 @@ allow amanda_t amanda_config_t:file read_file_perms;
manage_dirs_pattern(amanda_t, amanda_data_t, amanda_data_t)
manage_files_pattern(amanda_t, amanda_data_t, amanda_data_t)
@@ -2060,7 +2061,7 @@ index ed45974..cd5a4fa 100644
filetrans_pattern(amanda_t, amanda_config_t, amanda_data_t, { file dir })
allow amanda_t amanda_dumpdates_t:file rw_file_perms;
-@@ -100,13 +103,14 @@ kernel_dontaudit_read_proc_symlinks(amanda_t)
+@@ -100,13 +104,14 @@ kernel_dontaudit_read_proc_symlinks(amanda_t)
corecmd_exec_shell(amanda_t)
corecmd_exec_bin(amanda_t)
@@ -2076,7 +2077,7 @@ index ed45974..cd5a4fa 100644
corenet_sendrecv_all_server_packets(amanda_t)
corenet_tcp_bind_all_rpc_ports(amanda_t)
corenet_tcp_bind_generic_port(amanda_t)
-@@ -170,7 +174,6 @@ kernel_read_system_state(amanda_recover_t)
+@@ -170,7 +175,6 @@ kernel_read_system_state(amanda_recover_t)
corecmd_exec_shell(amanda_recover_t)
corecmd_exec_bin(amanda_recover_t)
@@ -2084,7 +2085,7 @@ index ed45974..cd5a4fa 100644
corenet_all_recvfrom_netlabel(amanda_recover_t)
corenet_tcp_sendrecv_generic_if(amanda_recover_t)
corenet_udp_sendrecv_generic_if(amanda_recover_t)
-@@ -195,12 +198,16 @@ files_search_tmp(amanda_recover_t)
+@@ -195,12 +199,16 @@ files_search_tmp(amanda_recover_t)
auth_use_nsswitch(amanda_recover_t)
@@ -2682,10 +2683,10 @@ index 0000000..df5b3be
+')
diff --git a/antivirus.te b/antivirus.te
new file mode 100644
-index 0000000..849c983
+index 0000000..f44287f
--- /dev/null
+++ b/antivirus.te
-@@ -0,0 +1,256 @@
+@@ -0,0 +1,268 @@
+policy_module(antivirus, 1.0.0)
+
+########################################
@@ -2740,6 +2741,9 @@ index 0000000..849c983
+typealias antivirus_db_t alias { amavis_var_lib_t amavis_quarantine_t amavis_spool_t clamd_var_lib_t };
+files_type(antivirus_db_t)
+
++type antivirus_home_t;
++userdom_user_home_content(antivirus_home_t)
++
+type antivirus_tmp_t;
+typealias antivirus_tmp_t alias { amavis_tmp_t clamd_tmp_t clamscan_tmp_t };
+files_tmp_file(antivirus_tmp_t)
@@ -2766,6 +2770,11 @@ index 0000000..849c983
+manage_lnk_files_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
+manage_sock_files_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
+
++manage_files_pattern(antivirus_domain, antivirus_home_t, antivirus_home_t)
++manage_dirs_pattern(antivirus_domain, antivirus_home_t, antivirus_home_t)
++manage_lnk_files_pattern(antivirus_domain, antivirus_home_t, antivirus_home_t)
++manage_sock_files_pattern(antivirus_domain, antivirus_home_t, antivirus_home_t)
++
+manage_dirs_pattern(antivirus_domain, antivirus_tmp_t, antivirus_tmp_t)
+manage_files_pattern(antivirus_domain, antivirus_tmp_t, antivirus_tmp_t)
+manage_sock_files_pattern(antivirus_domain, antivirus_tmp_t, antivirus_tmp_t)
@@ -2783,14 +2792,12 @@ index 0000000..849c983
+
+can_exec(antivirus_domain, antivirus_exec_t)
+
++kernel_read_network_state(antivirus_t)
+kernel_read_net_sysctls(antivirus_t)
+kernel_read_kernel_sysctls(antivirus_domain)
+kernel_read_sysctl(antivirus_domain)
+kernel_read_system_state(antivirus_t)
+
-+kernel_dontaudit_list_proc(antivirus_domain)
-+kernel_dontaudit_read_proc_symlinks(antivirus_domain)
-+
+corecmd_exec_bin(antivirus_domain)
+corecmd_exec_shell(antivirus_domain)
+
@@ -2827,6 +2834,10 @@ index 0000000..849c983
+corenet_tcp_connect_http_port(antivirus_domain)
+corenet_tcp_sendrecv_http_port(antivirus_domain)
+
++corenet_sendrecv_http_cache_client_packets(antivirus_domain)
++corenet_tcp_connect_http_cache_port(antivirus_domain)
++corenet_tcp_sendrecv_http_cache_port(antivirus_domain)
++
+corenet_sendrecv_snmp_client_packets(antivirus_domain)
+corenet_tcp_connect_snmp_port(antivirus_domain)
+
@@ -2851,6 +2862,7 @@ index 0000000..849c983
+init_read_state(antivirus_domain)
+init_read_utmp(antivirus_domain)
+init_stream_connect_script(antivirus_domain)
++init_dontaudit_write_utmp(antivirus_domain)
+
+logging_send_syslog_msg(antivirus_t)
+
@@ -2858,6 +2870,7 @@ index 0000000..849c983
+
+sysnet_use_ldap(antivirus_domain)
+
++userdom_stream_connect(antivirus_domain)
+userdom_dontaudit_search_user_home_dirs(antivirus_domain)
+
+tunable_policy(`antivirus_can_scan_system',`
@@ -25152,7 +25165,7 @@ index 9eacb2c..229782f 100644
init_labeled_script_domtrans($1, { glance_api_initrc_exec_t glance_registry_initrc_exec_t })
domain_system_change_exemption($1)
diff --git a/glance.te b/glance.te
-index e0a4f46..95cf77c 100644
+index e0a4f46..16dcb5b 100644
--- a/glance.te
+++ b/glance.te
@@ -7,8 +7,7 @@ policy_module(glance, 1.0.2)
@@ -25233,7 +25246,7 @@ index e0a4f46..95cf77c 100644
logging_send_syslog_msg(glance_registry_t)
-@@ -108,13 +112,21 @@ manage_files_pattern(glance_api_t, glance_tmp_t, glance_tmp_t)
+@@ -108,13 +112,22 @@ manage_files_pattern(glance_api_t, glance_tmp_t, glance_tmp_t)
files_tmp_filetrans(glance_api_t, glance_tmp_t, { dir file })
can_exec(glance_api_t, glance_tmp_t)
@@ -25246,6 +25259,7 @@ index e0a4f46..95cf77c 100644
+corenet_tcp_bind_glance_port(glance_api_t)
corenet_sendrecv_glance_registry_client_packets(glance_api_t)
++corenet_tcp_connect_amqp_port(glance_api_t)
corenet_tcp_connect_glance_registry_port(glance_api_t)
+corenet_tcp_connect_mysqld_port(glance_api_t)
+corenet_tcp_connect_http_port(glance_api_t)
@@ -37646,7 +37660,7 @@ index 1d4eb19..650014e 100644
admin_pattern($1, memcached_var_run_t)
')
diff --git a/memcached.te b/memcached.te
-index 4926208..018a640 100644
+index 4926208..4396320 100644
--- a/memcached.te
+++ b/memcached.te
@@ -20,7 +20,7 @@ files_pid_file(memcached_var_run_t)
@@ -37658,7 +37672,15 @@ index 4926208..018a640 100644
dontaudit memcached_t self:capability sys_tty_config;
allow memcached_t self:process { setrlimit signal_perms };
allow memcached_t self:tcp_socket { accept listen };
-@@ -57,4 +57,3 @@ term_dontaudit_use_console(memcached_t)
+@@ -51,10 +51,11 @@ corenet_tcp_sendrecv_all_ports(memcached_t)
+ corenet_udp_bind_memcache_port(memcached_t)
+ corenet_udp_sendrecv_all_ports(memcached_t)
+
++dev_read_sysfs(memcached_t)
++
+ term_dontaudit_use_all_ptys(memcached_t)
+ term_dontaudit_use_all_ttys(memcached_t)
+ term_dontaudit_use_console(memcached_t)
auth_use_nsswitch(memcached_t)
@@ -40848,10 +40870,10 @@ index 5fa77c7..2e01c7d 100644
domain_system_change_exemption($1)
role_transition $2 mpd_initrc_exec_t system_r;
diff --git a/mpd.te b/mpd.te
-index 7c8afcc..2f41af9 100644
+index 7c8afcc..29d8881 100644
--- a/mpd.te
+++ b/mpd.te
-@@ -62,6 +62,9 @@ files_type(mpd_var_lib_t)
+@@ -62,18 +62,22 @@ files_type(mpd_var_lib_t)
type mpd_user_data_t;
userdom_user_home_content(mpd_user_data_t) # customizable
@@ -40861,7 +40883,13 @@ index 7c8afcc..2f41af9 100644
########################################
#
# Local policy
-@@ -74,6 +77,7 @@ allow mpd_t self:unix_stream_socket { accept connectto listen };
+ #
+
+ allow mpd_t self:capability { dac_override kill setgid setuid };
+-allow mpd_t self:process { getsched setsched setrlimit signal signull };
++allow mpd_t self:process { getsched setsched setrlimit signal signull setcap };
+ allow mpd_t self:fifo_file rw_fifo_file_perms;
+ allow mpd_t self:unix_stream_socket { accept connectto listen };
allow mpd_t self:unix_dgram_socket sendto;
allow mpd_t self:tcp_socket { accept listen };
allow mpd_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -48252,7 +48280,7 @@ index 97df768..852d1c6 100644
+ admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
')
diff --git a/nslcd.te b/nslcd.te
-index a3e56f0..8903423 100644
+index a3e56f0..f70a784 100644
--- a/nslcd.te
+++ b/nslcd.te
@@ -1,4 +1,4 @@
@@ -48278,8 +48306,12 @@ index a3e56f0..8903423 100644
allow nslcd_t nslcd_conf_t:file read_file_perms;
-@@ -38,12 +38,8 @@ kernel_read_system_state(nslcd_t)
+@@ -36,14 +36,12 @@ files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir })
+
+ kernel_read_system_state(nslcd_t)
++dev_read_sysfs(nslcd_t)
++
corenet_all_recvfrom_unlabeled(nslcd_t)
corenet_all_recvfrom_netlabel(nslcd_t)
-corenet_tcp_sendrecv_generic_if(nslcd_t)
@@ -48292,7 +48324,7 @@ index a3e56f0..8903423 100644
files_read_usr_symlinks(nslcd_t)
files_list_tmp(nslcd_t)
-@@ -52,10 +48,14 @@ auth_use_nsswitch(nslcd_t)
+@@ -52,10 +50,14 @@ auth_use_nsswitch(nslcd_t)
logging_send_syslog_msg(nslcd_t)
@@ -50565,10 +50597,17 @@ index 296a1d3..edc3e32 100644
+userdom_stream_connect(oddjob_mkhomedir_t)
+
diff --git a/openct.te b/openct.te
-index 8467596..66f068f 100644
+index 8467596..428ae48 100644
--- a/openct.te
+++ b/openct.te
-@@ -28,12 +28,12 @@ manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
+@@ -22,18 +22,19 @@ files_pid_file(openct_var_run_t)
+
+ dontaudit openct_t self:capability sys_tty_config;
+ allow openct_t self:process signal_perms;
++allow openct_t self:netlink_kobject_uevent_socket create_socket_perms;
+
+ manage_dirs_pattern(openct_t, openct_var_run_t, openct_var_run_t)
+ manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
manage_sock_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
files_pid_filetrans(openct_t, openct_var_run_t, { dir file sock_file })
@@ -50583,7 +50622,7 @@ index 8467596..66f068f 100644
dev_read_sysfs(openct_t)
dev_rw_usbfs(openct_t)
dev_rw_smartcard(openct_t)
-@@ -41,15 +41,12 @@ dev_rw_generic_usb_dev(openct_t)
+@@ -41,15 +42,12 @@ dev_rw_generic_usb_dev(openct_t)
domain_use_interactive_fds(openct_t)
@@ -67216,7 +67255,7 @@ index 951db7f..7736755 100644
+ allow $1 mdadm_exec_t:file { getattr_file_perms execute };
')
diff --git a/raid.te b/raid.te
-index 2c1730b..8e46216 100644
+index 2c1730b..6f60d73 100644
--- a/raid.te
+++ b/raid.te
@@ -15,6 +15,12 @@ role mdadm_roles types mdadm_t;
@@ -67268,7 +67307,7 @@ index 2c1730b..8e46216 100644
corecmd_exec_bin(mdadm_t)
corecmd_exec_shell(mdadm_t)
-@@ -49,19 +63,27 @@ corecmd_exec_shell(mdadm_t)
+@@ -49,19 +63,28 @@ corecmd_exec_shell(mdadm_t)
dev_rw_sysfs(mdadm_t)
dev_dontaudit_getattr_all_blk_files(mdadm_t)
dev_dontaudit_getattr_all_chr_files(mdadm_t)
@@ -67277,6 +67316,7 @@ index 2c1730b..8e46216 100644
dev_read_realtime_clock(mdadm_t)
dev_read_raw_memory(mdadm_t)
+dev_read_kvm(mdadm_t)
++dev_read_mei(mdadm_t)
+dev_read_nvram(mdadm_t)
+dev_read_generic_files(mdadm_t)
+dev_read_generic_usb_dev(mdadm_t)
@@ -67298,7 +67338,7 @@ index 2c1730b..8e46216 100644
mls_file_read_all_levels(mdadm_t)
mls_file_write_all_levels(mdadm_t)
-@@ -70,15 +92,20 @@ storage_dev_filetrans_fixed_disk(mdadm_t)
+@@ -70,15 +93,20 @@ storage_dev_filetrans_fixed_disk(mdadm_t)
storage_manage_fixed_disk(mdadm_t)
storage_read_scsi_generic(mdadm_t)
storage_write_scsi_generic(mdadm_t)
@@ -67320,7 +67360,7 @@ index 2c1730b..8e46216 100644
userdom_dontaudit_use_unpriv_user_fds(mdadm_t)
userdom_dontaudit_search_user_home_content(mdadm_t)
-@@ -97,9 +124,17 @@ optional_policy(`
+@@ -97,9 +125,17 @@ optional_policy(`
')
optional_policy(`
@@ -69813,7 +69853,7 @@ index 56bc01f..b8d154e 100644
+ allow $1 cluster_unit_file_t:service all_service_perms;
')
diff --git a/rhcs.te b/rhcs.te
-index 2c2de9a..6b7a0f6 100644
+index 2c2de9a..a499664 100644
--- a/rhcs.te
+++ b/rhcs.te
@@ -20,6 +20,27 @@ gen_tunable(fenced_can_network_connect, false)
@@ -70139,7 +70179,7 @@ index 2c2de9a..6b7a0f6 100644
allow dlm_controld_t self:netlink_kobject_uevent_socket create_socket_perms;
stream_connect_pattern(dlm_controld_t, fenced_var_run_t, fenced_var_run_t, fenced_t)
-@@ -98,6 +366,16 @@ fs_manage_configfs_dirs(dlm_controld_t)
+@@ -98,16 +366,30 @@ fs_manage_configfs_dirs(dlm_controld_t)
init_rw_script_tmp_files(dlm_controld_t)
@@ -70156,11 +70196,12 @@ index 2c2de9a..6b7a0f6 100644
#######################################
#
# fenced local policy
-@@ -105,9 +383,13 @@ init_rw_script_tmp_files(dlm_controld_t)
+ #
allow fenced_t self:capability { sys_rawio sys_resource };
- allow fenced_t self:process { getsched signal_perms };
+-allow fenced_t self:process { getsched signal_perms };
-allow fenced_t self:tcp_socket { accept listen };
++allow fenced_t self:process { getsched signal_perms setpgid };
+
+allow fenced_t self:tcp_socket create_stream_socket_perms;
+allow fenced_t self:udp_socket create_socket_perms;
@@ -70202,16 +70243,17 @@ index 2c2de9a..6b7a0f6 100644
tunable_policy(`fenced_can_network_connect',`
corenet_sendrecv_all_client_packets(fenced_t)
-@@ -182,7 +461,7 @@ optional_policy(`
+@@ -182,7 +461,8 @@ optional_policy(`
')
optional_policy(`
- corosync_exec(fenced_t)
+ rhcs_exec_cluster(fenced_t)
++ rhcs_rw_cluster_tmpfs(fenced_t)
')
optional_policy(`
-@@ -190,12 +469,12 @@ optional_policy(`
+@@ -190,12 +470,12 @@ optional_policy(`
')
optional_policy(`
@@ -70227,7 +70269,7 @@ index 2c2de9a..6b7a0f6 100644
')
optional_policy(`
-@@ -203,6 +482,13 @@ optional_policy(`
+@@ -203,6 +483,13 @@ optional_policy(`
snmp_manage_var_lib_dirs(fenced_t)
')
@@ -70241,7 +70283,7 @@ index 2c2de9a..6b7a0f6 100644
#######################################
#
# foghorn local policy
-@@ -221,16 +507,18 @@ corenet_sendrecv_agentx_client_packets(foghorn_t)
+@@ -221,16 +508,18 @@ corenet_sendrecv_agentx_client_packets(foghorn_t)
corenet_tcp_connect_agentx_port(foghorn_t)
corenet_tcp_sendrecv_agentx_port(foghorn_t)
@@ -70262,7 +70304,7 @@ index 2c2de9a..6b7a0f6 100644
snmp_stream_connect(foghorn_t)
')
-@@ -257,6 +545,8 @@ storage_getattr_removable_dev(gfs_controld_t)
+@@ -257,6 +546,8 @@ storage_getattr_removable_dev(gfs_controld_t)
init_rw_script_tmp_files(gfs_controld_t)
@@ -70271,7 +70313,7 @@ index 2c2de9a..6b7a0f6 100644
optional_policy(`
lvm_exec(gfs_controld_t)
dev_rw_lvm_control(gfs_controld_t)
-@@ -275,10 +565,39 @@ domtrans_pattern(groupd_t, fenced_exec_t, fenced_t)
+@@ -275,10 +566,39 @@ domtrans_pattern(groupd_t, fenced_exec_t, fenced_t)
dev_list_sysfs(groupd_t)
@@ -70313,7 +70355,7 @@ index 2c2de9a..6b7a0f6 100644
######################################
#
# qdiskd local policy
-@@ -321,6 +640,8 @@ storage_raw_write_fixed_disk(qdiskd_t)
+@@ -321,6 +641,8 @@ storage_raw_write_fixed_disk(qdiskd_t)
auth_use_nsswitch(qdiskd_t)
@@ -75694,7 +75736,7 @@ index aee75af..a6bab06 100644
+ allow $1 samba_unit_file_t:service all_service_perms;
')
diff --git a/samba.te b/samba.te
-index 57c034b..aa2be40 100644
+index 57c034b..d48911d 100644
--- a/samba.te
+++ b/samba.te
@@ -1,4 +1,4 @@
@@ -75880,7 +75922,7 @@ index 57c034b..aa2be40 100644
type swat_t;
type swat_exec_t;
-@@ -170,27 +154,28 @@ type winbind_exec_t;
+@@ -170,27 +154,29 @@ type winbind_exec_t;
init_daemon_domain(winbind_t, winbind_exec_t)
type winbind_helper_t;
@@ -75908,6 +75950,7 @@ index 57c034b..aa2be40 100644
#
-
allow samba_net_t self:capability { sys_chroot sys_nice dac_read_search dac_override };
++allow samba_net_t self:capability2 block_suspend;
allow samba_net_t self:process { getsched setsched };
-allow samba_net_t self:unix_stream_socket { accept listen };
+allow samba_net_t self:unix_dgram_socket create_socket_perms;
@@ -75917,7 +75960,7 @@ index 57c034b..aa2be40 100644
allow samba_net_t samba_etc_t:file read_file_perms;
-@@ -206,17 +191,22 @@ manage_files_pattern(samba_net_t, samba_var_t, samba_var_t)
+@@ -206,17 +192,22 @@ manage_files_pattern(samba_net_t, samba_var_t, samba_var_t)
manage_lnk_files_pattern(samba_net_t, samba_var_t, samba_var_t)
files_var_filetrans(samba_net_t, samba_var_t, dir, "samba")
@@ -75944,7 +75987,7 @@ index 57c034b..aa2be40 100644
dev_read_urand(samba_net_t)
-@@ -229,15 +219,16 @@ auth_manage_cache(samba_net_t)
+@@ -229,15 +220,16 @@ auth_manage_cache(samba_net_t)
logging_send_syslog_msg(samba_net_t)
@@ -75965,7 +76008,7 @@ index 57c034b..aa2be40 100644
')
optional_policy(`
-@@ -245,44 +236,56 @@ optional_policy(`
+@@ -245,44 +237,56 @@ optional_policy(`
')
optional_policy(`
@@ -76034,7 +76077,7 @@ index 57c034b..aa2be40 100644
manage_lnk_files_pattern(smbd_t, samba_share_t, samba_share_t)
allow smbd_t samba_share_t:filesystem { getattr quotaget };
-@@ -292,6 +295,8 @@ manage_lnk_files_pattern(smbd_t, samba_var_t, samba_var_t)
+@@ -292,6 +296,8 @@ manage_lnk_files_pattern(smbd_t, samba_var_t, samba_var_t)
manage_sock_files_pattern(smbd_t, samba_var_t, samba_var_t)
files_var_filetrans(smbd_t, samba_var_t, dir, "samba")
@@ -76043,7 +76086,7 @@ index 57c034b..aa2be40 100644
manage_dirs_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t)
manage_files_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t)
files_tmp_filetrans(smbd_t, smbd_tmp_t, { file dir })
-@@ -301,11 +306,11 @@ manage_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
+@@ -301,11 +307,11 @@ manage_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
manage_sock_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
files_pid_filetrans(smbd_t, smbd_var_run_t, { dir file })
@@ -76059,7 +76102,7 @@ index 57c034b..aa2be40 100644
kernel_getattr_core_if(smbd_t)
kernel_getattr_message_if(smbd_t)
-@@ -315,43 +320,33 @@ kernel_read_kernel_sysctls(smbd_t)
+@@ -315,43 +321,33 @@ kernel_read_kernel_sysctls(smbd_t)
kernel_read_software_raid_state(smbd_t)
kernel_read_system_state(smbd_t)
@@ -76114,7 +76157,7 @@ index 57c034b..aa2be40 100644
fs_getattr_all_fs(smbd_t)
fs_getattr_all_dirs(smbd_t)
fs_get_xattr_fs_quotas(smbd_t)
-@@ -360,44 +355,54 @@ fs_getattr_rpc_dirs(smbd_t)
+@@ -360,44 +356,54 @@ fs_getattr_rpc_dirs(smbd_t)
fs_list_inotifyfs(smbd_t)
fs_get_all_fs_quotas(smbd_t)
@@ -76180,7 +76223,7 @@ index 57c034b..aa2be40 100644
')
tunable_policy(`samba_domain_controller',`
-@@ -413,20 +418,10 @@ tunable_policy(`samba_domain_controller',`
+@@ -413,20 +419,10 @@ tunable_policy(`samba_domain_controller',`
')
tunable_policy(`samba_enable_home_dirs',`
@@ -76203,7 +76246,7 @@ index 57c034b..aa2be40 100644
tunable_policy(`samba_share_nfs',`
fs_manage_nfs_dirs(smbd_t)
fs_manage_nfs_files(smbd_t)
-@@ -435,6 +430,7 @@ tunable_policy(`samba_share_nfs',`
+@@ -435,6 +431,7 @@ tunable_policy(`samba_share_nfs',`
fs_manage_nfs_named_sockets(smbd_t)
')
@@ -76211,7 +76254,7 @@ index 57c034b..aa2be40 100644
tunable_policy(`samba_share_fusefs',`
fs_manage_fusefs_dirs(smbd_t)
fs_manage_fusefs_files(smbd_t)
-@@ -442,17 +438,6 @@ tunable_policy(`samba_share_fusefs',`
+@@ -442,17 +439,6 @@ tunable_policy(`samba_share_fusefs',`
fs_search_fusefs(smbd_t)
')
@@ -76229,7 +76272,7 @@ index 57c034b..aa2be40 100644
optional_policy(`
ccs_read_config(smbd_t)
')
-@@ -473,6 +458,11 @@ optional_policy(`
+@@ -473,6 +459,11 @@ optional_policy(`
')
optional_policy(`
@@ -76241,7 +76284,7 @@ index 57c034b..aa2be40 100644
lpd_exec_lpr(smbd_t)
')
-@@ -493,9 +483,33 @@ optional_policy(`
+@@ -493,9 +484,33 @@ optional_policy(`
udev_read_db(smbd_t)
')
@@ -76276,7 +76319,7 @@ index 57c034b..aa2be40 100644
#
dontaudit nmbd_t self:capability sys_tty_config;
-@@ -506,9 +520,11 @@ allow nmbd_t self:msg { send receive };
+@@ -506,9 +521,11 @@ allow nmbd_t self:msg { send receive };
allow nmbd_t self:msgq create_msgq_perms;
allow nmbd_t self:sem create_sem_perms;
allow nmbd_t self:shm create_shm_perms;
@@ -76291,7 +76334,7 @@ index 57c034b..aa2be40 100644
manage_dirs_pattern(nmbd_t, { smbd_var_run_t nmbd_var_run_t }, nmbd_var_run_t)
manage_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
-@@ -520,20 +536,15 @@ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
+@@ -520,20 +537,15 @@ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t)
@@ -76315,7 +76358,7 @@ index 57c034b..aa2be40 100644
kernel_getattr_core_if(nmbd_t)
kernel_getattr_message_if(nmbd_t)
-@@ -542,52 +553,40 @@ kernel_read_network_state(nmbd_t)
+@@ -542,52 +554,40 @@ kernel_read_network_state(nmbd_t)
kernel_read_software_raid_state(nmbd_t)
kernel_read_system_state(nmbd_t)
@@ -76380,7 +76423,7 @@ index 57c034b..aa2be40 100644
')
optional_policy(`
-@@ -600,17 +599,24 @@ optional_policy(`
+@@ -600,17 +600,24 @@ optional_policy(`
########################################
#
@@ -76409,7 +76452,7 @@ index 57c034b..aa2be40 100644
samba_read_config(smbcontrol_t)
samba_rw_var_files(smbcontrol_t)
samba_search_var(smbcontrol_t)
-@@ -620,16 +626,12 @@ domain_use_interactive_fds(smbcontrol_t)
+@@ -620,16 +627,12 @@ domain_use_interactive_fds(smbcontrol_t)
dev_read_urand(smbcontrol_t)
@@ -76427,7 +76470,7 @@ index 57c034b..aa2be40 100644
optional_policy(`
ctdbd_stream_connect(smbcontrol_t)
-@@ -637,22 +639,23 @@ optional_policy(`
+@@ -637,22 +640,23 @@ optional_policy(`
########################################
#
@@ -76459,7 +76502,7 @@ index 57c034b..aa2be40 100644
allow smbmount_t samba_secrets_t:file manage_file_perms;
-@@ -661,26 +664,22 @@ manage_files_pattern(smbmount_t, samba_var_t, samba_var_t)
+@@ -661,26 +665,22 @@ manage_files_pattern(smbmount_t, samba_var_t, samba_var_t)
manage_lnk_files_pattern(smbmount_t, samba_var_t, samba_var_t)
files_var_filetrans(smbmount_t, samba_var_t, dir, "samba")
@@ -76495,7 +76538,7 @@ index 57c034b..aa2be40 100644
fs_getattr_cifs(smbmount_t)
fs_mount_cifs(smbmount_t)
-@@ -692,58 +691,77 @@ fs_read_cifs_files(smbmount_t)
+@@ -692,58 +692,77 @@ fs_read_cifs_files(smbmount_t)
storage_raw_read_fixed_disk(smbmount_t)
storage_raw_write_fixed_disk(smbmount_t)
@@ -76587,7 +76630,7 @@ index 57c034b..aa2be40 100644
manage_dirs_pattern(swat_t, swat_tmp_t, swat_tmp_t)
manage_files_pattern(swat_t, swat_tmp_t, swat_tmp_t)
-@@ -752,17 +770,13 @@ files_tmp_filetrans(swat_t, swat_tmp_t, { file dir })
+@@ -752,17 +771,13 @@ files_tmp_filetrans(swat_t, swat_tmp_t, { file dir })
manage_files_pattern(swat_t, swat_var_run_t, swat_var_run_t)
files_pid_filetrans(swat_t, swat_var_run_t, file)
@@ -76611,7 +76654,7 @@ index 57c034b..aa2be40 100644
kernel_read_kernel_sysctls(swat_t)
kernel_read_system_state(swat_t)
-@@ -770,36 +784,25 @@ kernel_read_network_state(swat_t)
+@@ -770,36 +785,25 @@ kernel_read_network_state(swat_t)
corecmd_search_bin(swat_t)
@@ -76654,7 +76697,7 @@ index 57c034b..aa2be40 100644
auth_domtrans_chk_passwd(swat_t)
auth_use_nsswitch(swat_t)
-@@ -811,10 +814,11 @@ logging_send_syslog_msg(swat_t)
+@@ -811,10 +815,11 @@ logging_send_syslog_msg(swat_t)
logging_send_audit_msgs(swat_t)
logging_search_logs(swat_t)
@@ -76668,7 +76711,7 @@ index 57c034b..aa2be40 100644
optional_policy(`
cups_read_rw_config(swat_t)
cups_stream_connect(swat_t)
-@@ -834,16 +838,19 @@ optional_policy(`
+@@ -834,16 +839,19 @@ optional_policy(`
#
allow winbind_t self:capability { dac_override ipc_lock setuid sys_nice };
@@ -76692,7 +76735,7 @@ index 57c034b..aa2be40 100644
allow winbind_t samba_etc_t:dir list_dir_perms;
read_files_pattern(winbind_t, samba_etc_t, samba_etc_t)
-@@ -853,9 +860,7 @@ manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t)
+@@ -853,9 +861,7 @@ manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t)
filetrans_pattern(winbind_t, samba_etc_t, samba_secrets_t, file)
manage_dirs_pattern(winbind_t, samba_log_t, samba_log_t)
@@ -76703,7 +76746,7 @@ index 57c034b..aa2be40 100644
manage_lnk_files_pattern(winbind_t, samba_log_t, samba_log_t)
manage_dirs_pattern(winbind_t, samba_var_t, samba_var_t)
-@@ -866,23 +871,21 @@ files_var_filetrans(winbind_t, samba_var_t, dir, "samba")
+@@ -866,23 +872,21 @@ files_var_filetrans(winbind_t, samba_var_t, dir, "samba")
rw_files_pattern(winbind_t, smbd_tmp_t, smbd_tmp_t)
@@ -76733,7 +76776,7 @@ index 57c034b..aa2be40 100644
manage_sock_files_pattern(winbind_t, smbd_var_run_t, smbd_var_run_t)
kernel_read_network_state(winbind_t)
-@@ -891,13 +894,17 @@ kernel_read_system_state(winbind_t)
+@@ -891,13 +895,17 @@ kernel_read_system_state(winbind_t)
corecmd_exec_bin(winbind_t)
@@ -76754,7 +76797,7 @@ index 57c034b..aa2be40 100644
corenet_tcp_connect_smbd_port(winbind_t)
corenet_tcp_connect_epmap_port(winbind_t)
corenet_tcp_connect_all_unreserved_ports(winbind_t)
-@@ -905,10 +912,6 @@ corenet_tcp_connect_all_unreserved_ports(winbind_t)
+@@ -905,10 +913,6 @@ corenet_tcp_connect_all_unreserved_ports(winbind_t)
dev_read_sysfs(winbind_t)
dev_read_urand(winbind_t)
@@ -76765,7 +76808,7 @@ index 57c034b..aa2be40 100644
fs_getattr_all_fs(winbind_t)
fs_search_auto_mountpoints(winbind_t)
-@@ -917,18 +920,24 @@ auth_domtrans_chk_passwd(winbind_t)
+@@ -917,18 +921,24 @@ auth_domtrans_chk_passwd(winbind_t)
auth_use_nsswitch(winbind_t)
auth_manage_cache(winbind_t)
@@ -76792,7 +76835,7 @@ index 57c034b..aa2be40 100644
optional_policy(`
ctdbd_stream_connect(winbind_t)
-@@ -936,7 +945,12 @@ optional_policy(`
+@@ -936,7 +946,12 @@ optional_policy(`
')
optional_policy(`
@@ -76805,7 +76848,7 @@ index 57c034b..aa2be40 100644
')
optional_policy(`
-@@ -952,31 +966,29 @@ optional_policy(`
+@@ -952,31 +967,29 @@ optional_policy(`
# Winbind helper local policy
#
@@ -76843,7 +76886,7 @@ index 57c034b..aa2be40 100644
optional_policy(`
apache_append_log(winbind_helper_t)
-@@ -990,25 +1002,38 @@ optional_policy(`
+@@ -990,25 +1003,38 @@ optional_policy(`
########################################
#
@@ -89851,10 +89894,10 @@ index 0be8535..b96e329 100644
optional_policy(`
diff --git a/virt.fc b/virt.fc
-index c30da4c..b81eaa0 100644
+index c30da4c..459fbcf 100644
--- a/virt.fc
+++ b/virt.fc
-@@ -1,52 +1,86 @@
+@@ -1,52 +1,91 @@
-HOME_DIR/\.libvirt(/.*)? gen_context(system_u:object_r:virt_home_t,s0)
-HOME_DIR/\.libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_home_t,s0)
-HOME_DIR/\.virtinst(/.*)? gen_context(system_u:object_r:virt_home_t,s0)
@@ -89918,18 +89961,18 @@ index c30da4c..b81eaa0 100644
-/var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
-/var/lib/libvirt/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
-/var/lib/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0-mls_systemhigh)
--
--/var/log/log(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
--/var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
--/var/log/vdsm(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
--
--/var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
+/var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
+/var/lib/libvirt/boot(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
+/var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
+/var/lib/libvirt/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
+/var/lib/libvirt/qemu(/.*)? gen_context(system_u:object_r:qemu_var_run_t,s0-mls_systemhigh)
+-/var/log/log(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
+-/var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
+-/var/log/vdsm(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
+-
+-/var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
+-
-/var/run/libguestfs(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
+/var/lock/xl -- gen_context(system_u:object_r:virt_log_t,s0)
+/var/log/log(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
@@ -89969,16 +90012,21 @@ index c30da4c..b81eaa0 100644
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
+
-+/usr/libexec/qemu-ga(/.*)? gen_context(system_u:object_r:virt_qemu_ga_exec_t,s0)
++/etc/qemu-ga/fsfreeze-hook.d(/.*)? gen_context(system_u:object_r:virt_qemu_ga_unconfined_exec_t,s0)
+/usr/libexec/qemu-ga/fsfreeze-hook.d(/.*)? gen_context(system_u:object_r:virt_qemu_ga_unconfined_exec_t,s0)
++/var/run/qemu-ga/fsfreeze-hook.d(/.*)? gen_context(system_u:object_r:virt_qemu_ga_unconfined_exec_t,s0)
++
++/usr/libexec/qemu-ga(/.*)? gen_context(system_u:object_r:virt_qemu_ga_exec_t,s0)
+
+/usr/lib/systemd/system/virt.*\.service -- gen_context(system_u:object_r:virtd_unit_file_t,s0)
+/usr/lib/systemd/system/libvirt.*\.service -- gen_context(system_u:object_r:virtd_unit_file_t,s0)
+/usr/lib/systemd/system/.*xen.*\.service -- gen_context(system_u:object_r:virtd_unit_file_t,s0)
+
+/usr/bin/qemu-ga -- gen_context(system_u:object_r:virt_qemu_ga_exec_t,s0)
++
+/var/run/qemu-ga\.pid -- gen_context(system_u:object_r:virt_qemu_ga_var_run_t,s0)
+/var/run/qga\.state -- gen_context(system_u:object_r:virt_qemu_ga_var_run_t,s0)
++
+/var/log/qemu-ga\.log -- gen_context(system_u:object_r:virt_qemu_ga_log_t,s0)
diff --git a/virt.if b/virt.if
index 9dec06c..4e31afe 100644
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8e60b16..aeb892b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 74.2%{?dist}
+Release: 74.3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -539,6 +539,21 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Tue Sep 11 2013 Lukas Vrabec 3.12.1-74.3
+- Treat usr_t just like bin_t for transitions and executions
+- Allow memcache to read sysfs data
+- openct needs to be able to create netlink_object_uevent_sockets
+- Allow nslcd to read /sys/devices/system/cpu
+- Allow mdadm to read /dev/mei
+- amanda_exec_t needs to be executable file
+- Add additional labeling for qemu-ga/fsfreeze-hook.d scripts
+- Allow setpgid and r/w cluster tmpfs for fenced_t
+- Allow block_suspend cap for samba-net
+- Allow mpd setcap which is needed by pulseaudio
+- Add antivirus_home_t type for antivirus date in HOMEDIRS
+- Allow glance-api to connect to amqp port
+- Fix wrong capabilities in rhcs policy
+
* Fri Sep 06 2013 Lukas Vrabec 3.12.1-74.2
- Fix lsm.fc for pid files
- Allow init_t to transition to all inetd domains