diff --git a/policy-F12.patch b/policy-F12.patch
index 1af1cb3..ccf49a9 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -5909,7 +5909,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/named/chroot/dev/zero -c	gen_context(system_u:object_r:zero_device_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.32/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/devices.if	2009-10-29 08:29:49.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/kernel/devices.if	2009-10-29 14:35:22.000000000 -0400
 @@ -1692,6 +1692,78 @@
  
  ########################################
@@ -11704,7 +11704,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/cluster/ccsd\.sock     -s      gen_context(system_u:object_r:ccs_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.6.32/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/ccs.te	2009-10-17 06:50:43.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/ccs.te	2009-10-29 11:16:33.000000000 -0400
 @@ -10,23 +10,21 @@
  type ccs_exec_t;
  init_daemon_domain(ccs_t, ccs_exec_t)
@@ -12316,8 +12316,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.32/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/consolekit.te	2009-10-22 09:04:43.000000000 -0400
-@@ -62,12 +62,15 @@
++++ serefpolicy-3.6.32/policy/modules/services/consolekit.te	2009-10-29 14:34:49.000000000 -0400
+@@ -59,15 +59,19 @@
+ term_use_all_terms(consolekit_t)
+ 
+ auth_use_nsswitch(consolekit_t)
++auth_manage_pam_console_data(consolekit_t)
  
  init_telinit(consolekit_t)
  init_rw_utmp(consolekit_t)
@@ -12333,7 +12337,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_dontaudit_read_user_home_content_files(consolekit_t)
  userdom_read_user_tmp_files(consolekit_t)
  
-@@ -84,9 +87,12 @@
+@@ -84,9 +88,12 @@
  ')
  
  optional_policy(`
@@ -12347,7 +12351,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		hal_dbus_chat(consolekit_t)
  	')
  
-@@ -100,6 +106,7 @@
+@@ -100,6 +107,7 @@
  ')
  
  optional_policy(`
@@ -12355,7 +12359,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	policykit_domtrans_auth(consolekit_t)
  	policykit_read_lib(consolekit_t)
  	policykit_read_reload(consolekit_t)
-@@ -108,10 +115,21 @@
+@@ -108,10 +116,21 @@
  optional_policy(`
  	xserver_read_xdm_pid(consolekit_t)
  	xserver_read_user_xauth(consolekit_t)
@@ -16703,7 +16707,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(openvpn_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.32/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/pcscd.te	2009-09-30 16:12:48.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/pcscd.te	2009-10-29 14:35:35.000000000 -0400
 @@ -29,6 +29,7 @@
  
  manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
@@ -16712,7 +16716,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
  files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
  
-@@ -46,6 +47,8 @@
+@@ -40,12 +41,15 @@
+ corenet_tcp_connect_http_port(pcscd_t)
+ 
+ dev_rw_generic_usb_dev(pcscd_t)
++dev_rw_smartcard(pcscd_t)
+ dev_rw_usbfs(pcscd_t)
+ dev_search_sysfs(pcscd_t)
+ 
  files_read_etc_files(pcscd_t)
  files_read_etc_runtime_files(pcscd_t)
  
@@ -24172,7 +24183,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.32/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.te	2009-10-29 08:27:01.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/xserver.te	2009-10-29 11:16:45.000000000 -0400
 @@ -34,6 +34,13 @@
  
  ## <desc>
@@ -24336,15 +24347,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  domain_use_interactive_fds(xauth_t)
  
  files_read_etc_files(xauth_t)
-@@ -278,6 +299,7 @@
- 
+@@ -279,6 +300,12 @@
  userdom_use_user_terminals(xauth_t)
  userdom_read_user_tmp_files(xauth_t)
-+userdom_dontaudit_rw_stream(xauth_t)
  
++ifdef(`hide_broken_symptoms', `
++     userdom_manage_user_home_content_files(xauth_t)
++')
++
++userdom_dontaudit_rw_stream(xauth_t)
++
  xserver_rw_xdm_tmp_files(xauth_t)
  
-@@ -300,20 +322,31 @@
+ tunable_policy(`use_nfs_home_dirs',`
+@@ -300,20 +327,31 @@
  # XDM Local policy
  #
  
@@ -24379,7 +24395,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Allow gdm to run gdm-binary
  can_exec(xdm_t, xdm_exec_t)
-@@ -325,26 +358,43 @@
+@@ -325,26 +363,43 @@
  # this is ugly, daemons should not create files under /etc!
  manage_files_pattern(xdm_t, xdm_rw_etc_t, xdm_rw_etc_t)
  
@@ -24430,7 +24446,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow xdm_t xserver_t:process signal;
  allow xdm_t xserver_t:unix_stream_socket connectto;
-@@ -358,6 +408,7 @@
+@@ -358,6 +413,7 @@
  allow xdm_t xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
  
  allow xdm_t xserver_t:shm rw_shm_perms;
@@ -24438,7 +24454,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # connect to xdm xserver over stream socket
  stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -366,10 +417,14 @@
+@@ -366,10 +422,14 @@
  delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
  delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
  
@@ -24454,7 +24470,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  kernel_read_system_state(xdm_t)
  kernel_read_kernel_sysctls(xdm_t)
-@@ -389,11 +444,13 @@
+@@ -389,11 +449,13 @@
  corenet_udp_sendrecv_all_ports(xdm_t)
  corenet_tcp_bind_generic_node(xdm_t)
  corenet_udp_bind_generic_node(xdm_t)
@@ -24468,7 +24484,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_rand(xdm_t)
  dev_read_sysfs(xdm_t)
  dev_getattr_framebuffer_dev(xdm_t)
-@@ -401,6 +458,7 @@
+@@ -401,6 +463,7 @@
  dev_getattr_mouse_dev(xdm_t)
  dev_setattr_mouse_dev(xdm_t)
  dev_rw_apm_bios(xdm_t)
@@ -24476,7 +24492,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_setattr_apm_bios_dev(xdm_t)
  dev_rw_dri(xdm_t)
  dev_rw_agp(xdm_t)
-@@ -413,14 +471,17 @@
+@@ -413,14 +476,17 @@
  dev_setattr_video_dev(xdm_t)
  dev_getattr_scanner_dev(xdm_t)
  dev_setattr_scanner_dev(xdm_t)
@@ -24496,7 +24512,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(xdm_t)
  files_read_var_files(xdm_t)
-@@ -431,9 +492,13 @@
+@@ -431,9 +497,13 @@
  files_read_usr_files(xdm_t)
  # Poweroff wants to create the /poweroff file when run from xdm
  files_create_boot_flag(xdm_t)
@@ -24510,7 +24526,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  storage_dontaudit_read_fixed_disk(xdm_t)
  storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -442,6 +507,7 @@
+@@ -442,6 +512,7 @@
  storage_dontaudit_raw_write_removable_device(xdm_t)
  storage_dontaudit_setattr_removable_dev(xdm_t)
  storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -24518,7 +24534,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  term_setattr_console(xdm_t)
  term_use_unallocated_ttys(xdm_t)
-@@ -450,6 +516,7 @@
+@@ -450,6 +521,7 @@
  auth_domtrans_pam_console(xdm_t)
  auth_manage_pam_pid(xdm_t)
  auth_manage_pam_console_data(xdm_t)
@@ -24526,7 +24542,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_rw_faillog(xdm_t)
  auth_write_login_records(xdm_t)
  
-@@ -460,10 +527,11 @@
+@@ -460,10 +532,11 @@
  
  logging_read_generic_logs(xdm_t)
  
@@ -24540,7 +24556,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  userdom_dontaudit_use_unpriv_user_fds(xdm_t)
  userdom_create_all_users_keys(xdm_t)
-@@ -472,6 +540,9 @@
+@@ -472,6 +545,9 @@
  # Search /proc for any user domain processes.
  userdom_read_all_users_state(xdm_t)
  userdom_signal_all_users(xdm_t)
@@ -24550,7 +24566,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  xserver_rw_session(xdm_t, xdm_tmpfs_t)
  xserver_unconfined(xdm_t)
-@@ -504,10 +575,12 @@
+@@ -504,10 +580,12 @@
  
  optional_policy(`
  	alsa_domtrans(xdm_t)
@@ -24563,7 +24579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -515,12 +588,46 @@
+@@ -515,12 +593,46 @@
  ')
  
  optional_policy(`
@@ -24610,7 +24626,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	hostname_exec(xdm_t)
  ')
  
-@@ -542,6 +649,38 @@
+@@ -542,6 +654,38 @@
  ')
  
  optional_policy(`
@@ -24649,7 +24665,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	seutil_sigchld_newrole(xdm_t)
  ')
  
-@@ -550,8 +689,9 @@
+@@ -550,8 +694,9 @@
  ')
  
  optional_policy(`
@@ -24661,7 +24677,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	ifndef(`distro_redhat',`
  		allow xdm_t self:process { execheap execmem };
-@@ -560,7 +700,6 @@
+@@ -560,7 +705,6 @@
  	ifdef(`distro_rhel4',`
  		allow xdm_t self:process { execheap execmem };
  	')
@@ -24669,7 +24685,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	userhelper_dontaudit_search_config(xdm_t)
-@@ -571,6 +710,10 @@
+@@ -571,6 +715,10 @@
  ')
  
  optional_policy(`
@@ -24680,7 +24696,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xfs_stream_connect(xdm_t)
  ')
  
-@@ -587,10 +730,9 @@
+@@ -587,10 +735,9 @@
  # execheap needed until the X module loader is fixed.
  # NVIDIA Needs execstack
  
@@ -24692,7 +24708,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow xserver_t self:fd use;
  allow xserver_t self:fifo_file rw_fifo_file_perms;
  allow xserver_t self:sock_file read_sock_file_perms;
-@@ -602,9 +744,12 @@
+@@ -602,9 +749,12 @@
  allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
  allow xserver_t self:tcp_socket create_stream_socket_perms;
  allow xserver_t self:udp_socket create_socket_perms;
@@ -24705,7 +24721,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow xserver_t { input_xevent_t input_xevent_type }:x_event send;
  
-@@ -616,13 +761,14 @@
+@@ -616,13 +766,14 @@
  type_transition xserver_t xserver_t:{ x_drawable x_colormap } rootwindow_t;
  
  allow xserver_t { rootwindow_t x_domain }:x_drawable send;
@@ -24721,7 +24737,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
  manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-@@ -635,9 +781,19 @@
+@@ -635,9 +786,19 @@
  manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
  files_search_var_lib(xserver_t)
  
@@ -24741,7 +24757,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  kernel_read_system_state(xserver_t)
  kernel_read_device_sysctls(xserver_t)
-@@ -671,7 +827,6 @@
+@@ -671,7 +832,6 @@
  dev_rw_agp(xserver_t)
  dev_rw_framebuffer(xserver_t)
  dev_manage_dri_dev(xserver_t)
@@ -24749,7 +24765,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_create_generic_dirs(xserver_t)
  dev_setattr_generic_dirs(xserver_t)
  # raw memory access is needed if not using the frame buffer
-@@ -681,9 +836,12 @@
+@@ -681,9 +841,12 @@
  dev_rw_xserver_misc(xserver_t)
  # read events - the synaptics touchpad driver reads raw events
  dev_rw_input_dev(xserver_t)
@@ -24763,7 +24779,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(xserver_t)
  files_read_etc_runtime_files(xserver_t)
-@@ -698,8 +856,12 @@
+@@ -698,8 +861,12 @@
  fs_search_nfs(xserver_t)
  fs_search_auto_mountpoints(xserver_t)
  fs_search_ramfs(xserver_t)
@@ -24776,7 +24792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  selinux_validate_context(xserver_t)
  selinux_compute_access_vector(xserver_t)
-@@ -721,6 +883,7 @@
+@@ -721,6 +888,7 @@
  
  miscfiles_read_localization(xserver_t)
  miscfiles_read_fonts(xserver_t)
@@ -24784,7 +24800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  modutils_domtrans_insmod(xserver_t)
  
-@@ -743,7 +906,7 @@
+@@ -743,7 +911,7 @@
  ')
  
  ifdef(`enable_mls',`
@@ -24793,7 +24809,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
  ')
  
-@@ -775,12 +938,20 @@
+@@ -775,12 +943,20 @@
  ')
  
  optional_policy(`
@@ -24815,7 +24831,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	unconfined_domtrans(xserver_t)
  ')
  
-@@ -807,12 +978,12 @@
+@@ -807,12 +983,12 @@
  allow xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xserver_t xdm_var_lib_t:dir search;
  
@@ -24832,7 +24848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Run xkbcomp.
  allow xserver_t xkb_var_lib_t:lnk_file read;
-@@ -828,9 +999,14 @@
+@@ -828,9 +1004,14 @@
  # to read ROLE_home_t - examine this in more detail
  # (xauth?)
  userdom_read_user_home_content_files(xserver_t)
@@ -24847,7 +24863,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`use_nfs_home_dirs',`
  	fs_manage_nfs_dirs(xserver_t)
  	fs_manage_nfs_files(xserver_t)
-@@ -845,11 +1021,14 @@
+@@ -845,11 +1026,14 @@
  
  optional_policy(`
  	dbus_system_bus_client(xserver_t)
@@ -24863,7 +24879,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -882,6 +1061,8 @@
+@@ -882,6 +1066,8 @@
  # X Server
  # can read server-owned resources
  allow x_domain xserver_t:x_resource read;
@@ -24872,7 +24888,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # can mess with own clients
  allow x_domain self:x_client { manage destroy };
  
-@@ -906,6 +1087,8 @@
+@@ -906,6 +1092,8 @@
  # operations allowed on my windows
  allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
  
@@ -24881,7 +24897,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # X Colormaps
  # can use the default colormap
  allow x_domain rootwindow_t:x_colormap { read use add_color };
-@@ -973,17 +1156,49 @@
+@@ -973,17 +1161,49 @@
  allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
  allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
  
@@ -25029,7 +25045,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.32/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/authlogin.if	2009-10-28 09:49:28.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/authlogin.if	2009-10-29 14:34:39.000000000 -0400
 @@ -40,17 +40,76 @@
  ##	</summary>
  ## </param>
@@ -30389,7 +30405,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.32/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/userdomain.if	2009-10-29 08:26:32.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/userdomain.if	2009-10-29 11:16:09.000000000 -0400
 @@ -30,8 +30,9 @@
  	')
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2bc027a..53944d9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -445,6 +445,11 @@ exit 0
 %endif
 
 %changelog
+* Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-37
+- Allow consolekit to manage /var/run/console directory
+- Allow pcsd to r/w smartcard devices
+- Temporarily allow xauth to read/write user_home_t
+
 * Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-36
 - Change labeling of /usr/share/yumex/yumex-yum-backend
 - Allow initrc_t to request loading kernel modules