diff --git a/policy-F16.patch b/policy-F16.patch
index ea02e3f..1d06c3d 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -70578,7 +70578,7 @@ index f5afe78..a4534c4 100644
+ type_transition $1 gkeyringd_exec_t:process $2;
+')
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
-index 2505654..ab3d95f 100644
+index 2505654..ddcd035 100644
--- a/policy/modules/apps/gnome.te
+++ b/policy/modules/apps/gnome.te
@@ -6,11 +6,31 @@ policy_module(gnome, 2.1.0)
@@ -70651,7 +70651,7 @@ index 2505654..ab3d95f 100644
##############################
#
# Local Policy
-@@ -75,3 +118,165 @@ optional_policy(`
+@@ -75,3 +118,167 @@ optional_policy(`
xserver_use_xdm_fds(gconfd_t)
xserver_rw_xdm_pipes(gconfd_t)
')
@@ -70667,6 +70667,8 @@ index 2505654..ab3d95f 100644
+
+corecmd_search_bin(gconfdefaultsm_t)
+
++auth_read_passwd(gconfdefaultsm_t)
++
+files_read_etc_files(gconfdefaultsm_t)
+files_read_usr_files(gconfdefaultsm_t)
+
@@ -72445,7 +72447,7 @@ index fbb5c5a..d85053e 100644
+')
+
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index 2e9318b..a73bf97 100644
+index 2e9318b..af2f857 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -7,11 +7,32 @@ policy_module(mozilla, 2.3.3)
@@ -72636,14 +72638,14 @@ index 2e9318b..a73bf97 100644
-files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
-userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
+manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
-+files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
++files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file lnk_file })
+userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
+xserver_xdm_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file lnk_file })
+can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t)
manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-@@ -322,39 +363,61 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plug
+@@ -322,39 +363,62 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plug
manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
@@ -72691,6 +72693,7 @@ index 2e9318b..a73bf97 100644
+corenet_tcp_connect_commplex_port(mozilla_plugin_t)
+corenet_tcp_connect_couchdb_port(mozilla_plugin_t)
+corenet_tcp_connect_monopd_port(mozilla_plugin_t)
++corenet_tcp_connect_whois_port(mozilla_plugin_t)
+corenet_tcp_connect_all_ephemeral_ports(mozilla_plugin_t)
+corenet_tcp_bind_generic_node(mozilla_plugin_t)
+corenet_udp_bind_generic_node(mozilla_plugin_t)
@@ -72712,7 +72715,7 @@ index 2e9318b..a73bf97 100644
domain_use_interactive_fds(mozilla_plugin_t)
domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
-@@ -362,15 +425,24 @@ domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
+@@ -362,15 +426,24 @@ domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
files_read_config_files(mozilla_plugin_t)
files_read_usr_files(mozilla_plugin_t)
files_list_mnt(mozilla_plugin_t)
@@ -72737,7 +72740,7 @@ index 2e9318b..a73bf97 100644
logging_send_syslog_msg(mozilla_plugin_t)
miscfiles_read_localization(mozilla_plugin_t)
-@@ -383,34 +455,31 @@ sysnet_dns_name_resolve(mozilla_plugin_t)
+@@ -383,34 +456,31 @@ sysnet_dns_name_resolve(mozilla_plugin_t)
term_getattr_all_ttys(mozilla_plugin_t)
term_getattr_all_ptys(mozilla_plugin_t)
@@ -72787,7 +72790,7 @@ index 2e9318b..a73bf97 100644
')
optional_policy(`
-@@ -421,24 +490,35 @@ optional_policy(`
+@@ -421,35 +491,155 @@ optional_policy(`
optional_policy(`
dbus_system_bus_client(mozilla_plugin_t)
dbus_session_bus_client(mozilla_plugin_t)
@@ -72827,9 +72830,10 @@ index 2e9318b..a73bf97 100644
')
optional_policy(`
-@@ -446,10 +526,118 @@ optional_policy(`
+ pulseaudio_exec(mozilla_plugin_t)
pulseaudio_stream_connect(mozilla_plugin_t)
pulseaudio_setattr_home_dir(mozilla_plugin_t)
++ pulseaudio_manage_home_dirs(mozilla_plugin_t)
pulseaudio_manage_home_files(mozilla_plugin_t)
+ pulseaudio_manage_home_symlinks(mozilla_plugin_t)
')
@@ -74244,7 +74248,7 @@ index 84f23dc..5be2738 100644
/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
diff --git a/policy/modules/apps/pulseaudio.if b/policy/modules/apps/pulseaudio.if
-index f40c64d..a3352d3 100644
+index f40c64d..0f93f7f 100644
--- a/policy/modules/apps/pulseaudio.if
+++ b/policy/modules/apps/pulseaudio.if
@@ -35,6 +35,9 @@ interface(`pulseaudio_role',`
@@ -74272,7 +74276,35 @@ index f40c64d..a3352d3 100644
')
########################################
-@@ -257,4 +262,68 @@ interface(`pulseaudio_manage_home_files',`
+@@ -241,6 +246,27 @@ interface(`pulseaudio_rw_home_files',`
+ ########################################
+ ##
+ ## Create, read, write, and delete pulseaudio
++## home directories.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`pulseaudio_manage_home_dirs',`
++ gen_require(`
++ type pulseaudio_home_t;
++ ')
++
++ userdom_search_user_home_dirs($1)
++ manage_dirs_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
++ #pulseaudio_filetrans_home_content($1)
++')
++
++########################################
++##
++## Create, read, write, and delete pulseaudio
+ ## home directory files.
+ ##
+ ##
+@@ -257,4 +283,68 @@ interface(`pulseaudio_manage_home_files',`
userdom_search_user_home_dirs($1)
manage_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
@@ -77683,7 +77715,7 @@ index 223ad43..d95e720 100644
rsync_exec(yam_t)
')
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 3fae11a..5120d22 100644
+index 3fae11a..6b770fd 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -1,9 +1,10 @@
@@ -77781,7 +77813,7 @@ index 3fae11a..5120d22 100644
/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -179,67 +186,94 @@ ifdef(`distro_gentoo',`
+@@ -179,67 +186,95 @@ ifdef(`distro_gentoo',`
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -77820,6 +77852,7 @@ index 3fae11a..5120d22 100644
+/usr/lib(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/libreoffice/ure/bin/javaldx -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/wicd/monitor\.py -- gen_context(system_u:object_r:bin_t, s0)
@@ -77921,7 +77954,7 @@ index 3fae11a..5120d22 100644
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec/git-core/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -247,11 +281,18 @@ ifdef(`distro_gentoo',`
+@@ -247,11 +282,18 @@ ifdef(`distro_gentoo',`
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
@@ -77941,7 +77974,7 @@ index 3fae11a..5120d22 100644
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -267,6 +308,10 @@ ifdef(`distro_gentoo',`
+@@ -267,6 +309,10 @@ ifdef(`distro_gentoo',`
/usr/share/cluster/.*\.sh gen_context(system_u:object_r:bin_t,s0)
/usr/share/cluster/ocf-shellfuncs -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
@@ -77952,7 +77985,7 @@ index 3fae11a..5120d22 100644
/usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gitolite/hooks/common/update -- gen_context(system_u:object_r:bin_t,s0)
-@@ -286,15 +331,20 @@ ifdef(`distro_gentoo',`
+@@ -286,15 +332,20 @@ ifdef(`distro_gentoo',`
/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
@@ -77974,7 +78007,7 @@ index 3fae11a..5120d22 100644
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -306,10 +356,12 @@ ifdef(`distro_redhat', `
+@@ -306,10 +357,12 @@ ifdef(`distro_redhat', `
/etc/gdm/[^/]+ -d gen_context(system_u:object_r:bin_t,s0)
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
@@ -77989,7 +78022,7 @@ index 3fae11a..5120d22 100644
/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -319,9 +371,12 @@ ifdef(`distro_redhat', `
+@@ -319,9 +372,12 @@ ifdef(`distro_redhat', `
/usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/createrepo(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -78002,7 +78035,7 @@ index 3fae11a..5120d22 100644
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -363,20 +418,22 @@ ifdef(`distro_redhat', `
+@@ -363,20 +419,22 @@ ifdef(`distro_redhat', `
ifdef(`distro_suse', `
/usr/lib/cron/run-crons -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/samba/classic/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -78029,7 +78062,7 @@ index 3fae11a..5120d22 100644
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -385,3 +442,13 @@ ifdef(`distro_suse', `
+@@ -385,3 +443,13 @@ ifdef(`distro_suse', `
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -91179,7 +91212,7 @@ index 0b827c5..ac79ca6 100644
+ dontaudit $1 abrt_t:sock_file write;
')
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
-index 30861ec..6de6194 100644
+index 30861ec..586cb4a 100644
--- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te
@@ -5,13 +5,34 @@ policy_module(abrt, 1.2.0)
@@ -91302,7 +91335,7 @@ index 30861ec..6de6194 100644
# abrt var/cache files
manage_files_pattern(abrt_t, abrt_var_cache_t, abrt_var_cache_t)
-@@ -82,10 +142,10 @@ manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
+@@ -82,10 +142,11 @@ manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
manage_dirs_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
manage_sock_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
manage_lnk_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
@@ -91311,11 +91344,12 @@ index 30861ec..6de6194 100644
kernel_read_ring_buffer(abrt_t)
-kernel_read_system_state(abrt_t)
++kernel_read_network_state(abrt_t)
+kernel_request_load_module(abrt_t)
kernel_rw_kernel_sysctl(abrt_t)
corecmd_exec_bin(abrt_t)
-@@ -104,6 +164,8 @@ corenet_tcp_connect_all_ports(abrt_t)
+@@ -104,6 +165,8 @@ corenet_tcp_connect_all_ports(abrt_t)
corenet_sendrecv_http_client_packets(abrt_t)
dev_getattr_all_chr_files(abrt_t)
@@ -91324,7 +91358,7 @@ index 30861ec..6de6194 100644
dev_read_urand(abrt_t)
dev_rw_sysfs(abrt_t)
dev_dontaudit_read_raw_memory(abrt_t)
-@@ -113,7 +175,8 @@ domain_read_all_domains_state(abrt_t)
+@@ -113,7 +176,8 @@ domain_read_all_domains_state(abrt_t)
domain_signull_all_domains(abrt_t)
files_getattr_all_files(abrt_t)
@@ -91334,7 +91368,7 @@ index 30861ec..6de6194 100644
files_read_var_symlinks(abrt_t)
files_read_var_lib_files(abrt_t)
files_read_usr_files(abrt_t)
-@@ -121,6 +184,9 @@ files_read_generic_tmp_files(abrt_t)
+@@ -121,6 +185,9 @@ files_read_generic_tmp_files(abrt_t)
files_read_kernel_modules(abrt_t)
files_dontaudit_list_default(abrt_t)
files_dontaudit_read_default_files(abrt_t)
@@ -91344,7 +91378,7 @@ index 30861ec..6de6194 100644
fs_list_inotifyfs(abrt_t)
fs_getattr_all_fs(abrt_t)
-@@ -131,22 +197,34 @@ fs_read_nfs_files(abrt_t)
+@@ -131,22 +198,34 @@ fs_read_nfs_files(abrt_t)
fs_read_nfs_symlinks(abrt_t)
fs_search_all(abrt_t)
@@ -91383,7 +91417,7 @@ index 30861ec..6de6194 100644
')
optional_policy(`
-@@ -167,6 +245,7 @@ optional_policy(`
+@@ -167,6 +246,7 @@ optional_policy(`
rpm_exec(abrt_t)
rpm_dontaudit_manage_db(abrt_t)
rpm_manage_cache(abrt_t)
@@ -91391,7 +91425,7 @@ index 30861ec..6de6194 100644
rpm_manage_pid_files(abrt_t)
rpm_read_db(abrt_t)
rpm_signull(abrt_t)
-@@ -178,12 +257,39 @@ optional_policy(`
+@@ -178,12 +258,39 @@ optional_policy(`
')
optional_policy(`
@@ -91432,7 +91466,7 @@ index 30861ec..6de6194 100644
#
allow abrt_helper_t self:capability { chown setgid sys_nice };
-@@ -200,23 +306,22 @@ files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir })
+@@ -200,23 +307,22 @@ files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir })
read_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
read_lnk_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
@@ -91461,7 +91495,7 @@ index 30861ec..6de6194 100644
userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
dev_dontaudit_read_all_blk_files(abrt_helper_t)
-@@ -224,4 +329,147 @@ ifdef(`hide_broken_symptoms', `
+@@ -224,4 +330,147 @@ ifdef(`hide_broken_symptoms', `
dev_dontaudit_write_all_chr_files(abrt_helper_t)
dev_dontaudit_write_all_blk_files(abrt_helper_t)
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
@@ -92372,7 +92406,7 @@ index deca9d3..1aa76b0 100644
spamassassin_exec_client(amavis_t)
spamassassin_read_lib_files(amavis_t)
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
-index 9e39aa5..5a21117 100644
+index 9e39aa5..2dd7d9b 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
@@ -1,41 +1,59 @@
@@ -92394,7 +92428,7 @@ index 9e39aa5..5a21117 100644
+/etc/init\.d/cherokee -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
/etc/lighttpd(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
/etc/mock/koji(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-+/etc/owncloud/config\.php -- gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
++/etc/owncloud(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
/etc/rc\.d/init\.d/lighttpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0)
@@ -93386,7 +93420,7 @@ index 6480167..ba0521d 100644
+ filetrans_pattern($1, { httpd_user_content_t httpd_user_script_exec_t }, httpd_user_htaccess_t, file, ".htaccess")
')
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
-index 3136c6a..30b1abf 100644
+index 3136c6a..ca7882f 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -18,136 +18,275 @@ policy_module(apache, 2.2.1)
@@ -94274,11 +94308,12 @@ index 3136c6a..30b1abf 100644
# Allow httpd to work with postgresql
postgresql_stream_connect(httpd_t)
postgresql_unpriv_client(httpd_t)
-@@ -591,6 +1000,11 @@ optional_policy(`
+@@ -591,6 +1000,12 @@ optional_policy(`
')
optional_policy(`
+ smokeping_read_lib_files(httpd_t)
++ smokeping_read_pid_files(httpd_t)
+')
+
+optional_policy(`
@@ -94286,7 +94321,7 @@ index 3136c6a..30b1abf 100644
snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
')
-@@ -603,6 +1017,12 @@ optional_policy(`
+@@ -603,6 +1018,12 @@ optional_policy(`
yam_read_content(httpd_t)
')
@@ -94299,7 +94334,7 @@ index 3136c6a..30b1abf 100644
########################################
#
# Apache helper local policy
-@@ -616,7 +1036,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
+@@ -616,7 +1037,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
logging_send_syslog_msg(httpd_helper_t)
@@ -94312,7 +94347,7 @@ index 3136c6a..30b1abf 100644
########################################
#
-@@ -654,28 +1078,30 @@ libs_exec_lib_files(httpd_php_t)
+@@ -654,28 +1079,30 @@ libs_exec_lib_files(httpd_php_t)
userdom_use_unpriv_users_fds(httpd_php_t)
tunable_policy(`httpd_can_network_connect_db',`
@@ -94356,7 +94391,7 @@ index 3136c6a..30b1abf 100644
')
########################################
-@@ -685,6 +1111,8 @@ optional_policy(`
+@@ -685,6 +1112,8 @@ optional_policy(`
allow httpd_suexec_t self:capability { setuid setgid };
allow httpd_suexec_t self:process signal_perms;
@@ -94365,7 +94400,7 @@ index 3136c6a..30b1abf 100644
allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms;
domtrans_pattern(httpd_t, httpd_suexec_exec_t, httpd_suexec_t)
-@@ -699,17 +1127,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
+@@ -699,17 +1128,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
@@ -94391,7 +94426,7 @@ index 3136c6a..30b1abf 100644
files_read_etc_files(httpd_suexec_t)
files_read_usr_files(httpd_suexec_t)
-@@ -740,13 +1173,31 @@ tunable_policy(`httpd_can_network_connect',`
+@@ -740,13 +1174,31 @@ tunable_policy(`httpd_can_network_connect',`
corenet_sendrecv_all_client_packets(httpd_suexec_t)
')
@@ -94424,7 +94459,7 @@ index 3136c6a..30b1abf 100644
fs_read_nfs_files(httpd_suexec_t)
fs_read_nfs_symlinks(httpd_suexec_t)
fs_exec_nfs_files(httpd_suexec_t)
-@@ -769,6 +1220,25 @@ optional_policy(`
+@@ -769,6 +1221,25 @@ optional_policy(`
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
@@ -94450,7 +94485,7 @@ index 3136c6a..30b1abf 100644
########################################
#
# Apache system script local policy
-@@ -789,12 +1259,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
+@@ -789,12 +1260,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
kernel_read_kernel_sysctls(httpd_sys_script_t)
@@ -94468,7 +94503,7 @@ index 3136c6a..30b1abf 100644
ifdef(`distro_redhat',`
allow httpd_sys_script_t httpd_log_t:file append_file_perms;
')
-@@ -803,18 +1278,50 @@ tunable_policy(`httpd_can_sendmail',`
+@@ -803,18 +1279,50 @@ tunable_policy(`httpd_can_sendmail',`
mta_send_mail(httpd_sys_script_t)
')
@@ -94525,7 +94560,7 @@ index 3136c6a..30b1abf 100644
corenet_tcp_sendrecv_all_ports(httpd_sys_script_t)
corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
corenet_tcp_connect_all_ports(httpd_sys_script_t)
-@@ -822,14 +1329,39 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
+@@ -822,14 +1330,39 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
')
tunable_policy(`httpd_enable_homedirs',`
@@ -94566,7 +94601,7 @@ index 3136c6a..30b1abf 100644
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -842,10 +1374,20 @@ optional_policy(`
+@@ -842,10 +1375,20 @@ optional_policy(`
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
@@ -94587,7 +94622,7 @@ index 3136c6a..30b1abf 100644
')
########################################
-@@ -891,11 +1433,146 @@ optional_policy(`
+@@ -891,11 +1434,146 @@ optional_policy(`
tunable_policy(`httpd_enable_cgi && httpd_unified',`
allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -99658,10 +99693,10 @@ index 0000000..7f55959
+')
diff --git a/policy/modules/services/cloudform.te b/policy/modules/services/cloudform.te
new file mode 100644
-index 0000000..7643855
+index 0000000..76faaf5
--- /dev/null
+++ b/policy/modules/services/cloudform.te
-@@ -0,0 +1,204 @@
+@@ -0,0 +1,205 @@
+policy_module(cloudform, 1.0)
+########################################
+#
@@ -99846,6 +99881,7 @@ index 0000000..7643855
+
+corenet_tcp_bind_generic_node(mongod_t)
+corenet_tcp_bind_mongod_port(mongod_t)
++corenet_tcp_connect_mongod_port(mongod_t)
+corenet_tcp_connect_postgresql_port(mongod_t)
+
+kernel_read_vm_sysctls(mongod_t)
@@ -100780,7 +100816,7 @@ index 733e4e6..fa2c3cb 100644
+ ps_process_pattern($1, colord_t)
+')
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
-index 74505cc..0b4939f 100644
+index 74505cc..bd25188 100644
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -8,6 +8,7 @@ policy_module(colord, 1.0.0)
@@ -100863,7 +100899,7 @@ index 74505cc..0b4939f 100644
-sysnet_dns_name_resolve(colord_t)
+fs_getattr_tmpfs(colord_t)
+userdom_rw_user_tmpfs_files(colord_t)
-+
++userdom_list_user_home_content(colord_t)
+userdom_home_reader(colord_t)
tunable_policy(`use_nfs_home_dirs',`
@@ -106463,7 +106499,7 @@ index 5e2cea8..2ab8a14 100644
+ allow $1 dhcpd_unit_file_t:service all_service_perms;
')
diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
-index d4424ad..2d44f1e 100644
+index d4424ad..953dab4 100644
--- a/policy/modules/services/dhcp.te
+++ b/policy/modules/services/dhcp.te
@@ -12,6 +12,9 @@ init_daemon_domain(dhcpd_t, dhcpd_exec_t)
@@ -106481,10 +106517,10 @@ index d4424ad..2d44f1e 100644
#
-allow dhcpd_t self:capability { net_raw sys_resource };
-+allow dhcpd_t self:capability { chown dac_override sys_chroot net_raw setgid setuid sys_resource };
++allow dhcpd_t self:capability { chown dac_override sys_chroot net_raw setgid setuid sys_resource sys_nice };
dontaudit dhcpd_t self:capability { net_admin sys_tty_config };
-allow dhcpd_t self:process signal_perms;
-+allow dhcpd_t self:process { getcap setcap signal_perms };
++allow dhcpd_t self:process { getcap setcap signal_perms setsched getsched };
allow dhcpd_t self:fifo_file rw_fifo_file_perms;
allow dhcpd_t self:unix_dgram_socket create_socket_perms;
allow dhcpd_t self:unix_stream_socket create_socket_perms;
@@ -116101,10 +116137,10 @@ index 93c14ca..640bd3e 100644
+ mozilla_plugin_dontaudit_rw_tmp_files(lpr_t)
+')
diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
-index 14ad189..c7daa85 100644
+index 14ad189..1164ed3 100644
--- a/policy/modules/services/mailman.fc
+++ b/policy/modules/services/mailman.fc
-@@ -1,11 +1,14 @@
+@@ -1,11 +1,17 @@
-/usr/lib(64)?/mailman/bin/mailmanctl -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-/usr/lib/mailman/cron/.* -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
@@ -116113,12 +116149,15 @@ index 14ad189..c7daa85 100644
-/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
-/var/log/mailman(/.*)? gen_context(system_u:object_r:mailman_log_t,s0)
-/var/run/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
++/usr/lib/mailman/bin/mailmanctl -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+/usr/lib/mailman.*/bin/mailmanctl -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
++/usr/lib/mailman/bin/mm-handler.* -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+/usr/lib/mailman.*/bin/mm-handler.* -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+/usr/lib/mailman.*/cron/.* -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
+/usr/share/doc/mailman.*/mm-handler.* -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+
+/var/lib/mailman.* gen_context(system_u:object_r:mailman_data_t,s0)
++/var/lib/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
+/var/lib/mailman.*/archives(/.*)? gen_context(system_u:object_r:mailman_archive_t,s0)
+/var/lock/mailman.* gen_context(system_u:object_r:mailman_lock_t,s0)
+/var/log/mailman.* gen_context(system_u:object_r:mailman_log_t,s0)
@@ -116126,7 +116165,7 @@ index 14ad189..c7daa85 100644
#
# distro_debian
-@@ -23,12 +26,12 @@ ifdef(`distro_debian', `
+@@ -23,12 +29,12 @@ ifdef(`distro_debian', `
# distro_redhat
#
ifdef(`distro_redhat', `
@@ -116146,7 +116185,7 @@ index 14ad189..c7daa85 100644
+/var/spool/mailman.* gen_context(system_u:object_r:mailman_data_t,s0)
')
diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if
-index 67c7fdd..d7338be 100644
+index 67c7fdd..8bcc9cb 100644
--- a/policy/modules/services/mailman.if
+++ b/policy/modules/services/mailman.if
@@ -16,7 +16,7 @@
@@ -116199,6 +116238,30 @@ index 67c7fdd..d7338be 100644
#######################################
##
## Execute mailman CGI scripts in the
+@@ -295,6 +320,23 @@ interface(`mailman_append_log',`
+
+ #######################################
+ ##
++## Allow domain to read and write to mailman logs.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`mailman_rw_log',`
++ gen_require(`
++ type mailman_log_t;
++ ')
++
++ rw_files_pattern($1, mailman_log_t, mailman_log_t)
++')
++#######################################
++##
+ ## Create, read, write, and delete
+ ## mailman logs.
+ ##
diff --git a/policy/modules/services/mailman.te b/policy/modules/services/mailman.te
index af4d572..e0f41bb 100644
--- a/policy/modules/services/mailman.te
@@ -152220,7 +152283,7 @@ index 94fd8dd..09f0ac4 100644
+ allow $1 init_t:system undefined;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index 29a9565..72897c6 100644
+index 29a9565..259ffb7 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -16,6 +16,34 @@ gen_require(`
@@ -152446,11 +152509,12 @@ index 29a9565..72897c6 100644
+storage_raw_rw_fixed_disk(init_t)
+
-+optional_policy(`
+ optional_policy(`
+- auth_rw_login_records(init_t)
+ modutils_domtrans_insmod(init_t)
-+')
-+
-+optional_policy(`
+ ')
+
+ optional_policy(`
+ postfix_exec(init_t)
+ postfix_list_spool(init_t)
+ mta_read_aliases(init_t)
@@ -152555,12 +152619,11 @@ index 29a9565..72897c6 100644
+auth_use_nsswitch(init_t)
+auth_rw_login_records(init_t)
+
- optional_policy(`
-- auth_rw_login_records(init_t)
++optional_policy(`
+ lvm_rw_pipes(init_t)
- ')
-
- optional_policy(`
++')
++
++optional_policy(`
+ consolekit_manage_log(init_t)
+')
+
@@ -152844,7 +152907,7 @@ index 29a9565..72897c6 100644
miscfiles_read_fonts(initrc_t)
miscfiles_read_hwdata(initrc_t)
-@@ -522,8 +786,35 @@ ifdef(`distro_redhat',`
+@@ -522,8 +786,39 @@ ifdef(`distro_redhat',`
')
optional_policy(`
@@ -152875,12 +152938,16 @@ index 29a9565..72897c6 100644
+ ldap_read_db_files(initrc_t)
+ ')
+
++ optional_policy(`
++ mailman_rw_log(initrc_t)
++ ')
++
+ optional_policy(`
+ pulseaudio_stream_connect(initrc_t)
')
optional_policy(`
-@@ -531,14 +822,27 @@ ifdef(`distro_redhat',`
+@@ -531,14 +826,27 @@ ifdef(`distro_redhat',`
rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t)
')
@@ -152908,7 +152975,7 @@ index 29a9565..72897c6 100644
')
')
-@@ -549,6 +853,41 @@ ifdef(`distro_suse',`
+@@ -549,6 +857,41 @@ ifdef(`distro_suse',`
')
')
@@ -152950,7 +153017,7 @@ index 29a9565..72897c6 100644
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -561,6 +900,8 @@ optional_policy(`
+@@ -561,6 +904,8 @@ optional_policy(`
optional_policy(`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
@@ -152959,7 +153026,7 @@ index 29a9565..72897c6 100644
')
optional_policy(`
-@@ -577,6 +918,7 @@ optional_policy(`
+@@ -577,6 +922,7 @@ optional_policy(`
optional_policy(`
cgroup_stream_connect_cgred(initrc_t)
@@ -152967,7 +153034,7 @@ index 29a9565..72897c6 100644
')
optional_policy(`
-@@ -589,6 +931,17 @@ optional_policy(`
+@@ -589,6 +935,17 @@ optional_policy(`
')
optional_policy(`
@@ -152985,7 +153052,7 @@ index 29a9565..72897c6 100644
dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t)
-@@ -605,9 +958,13 @@ optional_policy(`
+@@ -605,9 +962,13 @@ optional_policy(`
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -152999,7 +153066,7 @@ index 29a9565..72897c6 100644
')
optional_policy(`
-@@ -632,6 +989,10 @@ optional_policy(`
+@@ -632,6 +993,10 @@ optional_policy(`
')
optional_policy(`
@@ -153010,7 +153077,7 @@ index 29a9565..72897c6 100644
gpm_setattr_gpmctl(initrc_t)
')
-@@ -649,6 +1010,15 @@ optional_policy(`
+@@ -649,6 +1014,15 @@ optional_policy(`
')
optional_policy(`
@@ -153026,7 +153093,7 @@ index 29a9565..72897c6 100644
inn_exec_config(initrc_t)
')
-@@ -689,6 +1059,7 @@ optional_policy(`
+@@ -689,6 +1063,7 @@ optional_policy(`
lpd_list_spool(initrc_t)
lpd_read_config(initrc_t)
@@ -153034,7 +153101,7 @@ index 29a9565..72897c6 100644
')
optional_policy(`
-@@ -706,7 +1077,13 @@ optional_policy(`
+@@ -706,7 +1081,13 @@ optional_policy(`
')
optional_policy(`
@@ -153048,7 +153115,7 @@ index 29a9565..72897c6 100644
mta_dontaudit_read_spool_symlinks(initrc_t)
')
-@@ -729,6 +1106,10 @@ optional_policy(`
+@@ -729,6 +1110,10 @@ optional_policy(`
')
optional_policy(`
@@ -153059,7 +153126,7 @@ index 29a9565..72897c6 100644
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-@@ -738,10 +1119,20 @@ optional_policy(`
+@@ -738,10 +1123,20 @@ optional_policy(`
')
optional_policy(`
@@ -153080,7 +153147,7 @@ index 29a9565..72897c6 100644
quota_manage_flags(initrc_t)
')
-@@ -750,6 +1141,10 @@ optional_policy(`
+@@ -750,6 +1145,10 @@ optional_policy(`
')
optional_policy(`
@@ -153091,7 +153158,7 @@ index 29a9565..72897c6 100644
fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t)
-@@ -771,8 +1166,6 @@ optional_policy(`
+@@ -771,8 +1170,6 @@ optional_policy(`
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -153100,7 +153167,7 @@ index 29a9565..72897c6 100644
')
optional_policy(`
-@@ -781,6 +1174,10 @@ optional_policy(`
+@@ -781,6 +1178,10 @@ optional_policy(`
')
optional_policy(`
@@ -153111,7 +153178,7 @@ index 29a9565..72897c6 100644
# shorewall-init script run /var/lib/shorewall/firewall
shorewall_lib_domtrans(initrc_t)
')
-@@ -790,10 +1187,12 @@ optional_policy(`
+@@ -790,10 +1191,12 @@ optional_policy(`
squid_manage_logs(initrc_t)
')
@@ -153124,7 +153191,7 @@ index 29a9565..72897c6 100644
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -805,7 +1204,6 @@ optional_policy(`
+@@ -805,7 +1208,6 @@ optional_policy(`
')
optional_policy(`
@@ -153132,7 +153199,7 @@ index 29a9565..72897c6 100644
udev_manage_pid_files(initrc_t)
udev_manage_rules_files(initrc_t)
')
-@@ -815,11 +1213,30 @@ optional_policy(`
+@@ -815,11 +1217,30 @@ optional_policy(`
')
optional_policy(`
@@ -153164,7 +153231,7 @@ index 29a9565..72897c6 100644
ifdef(`distro_redhat',`
# system-config-services causes avc messages that should be dontaudited
-@@ -829,6 +1246,18 @@ optional_policy(`
+@@ -829,6 +1250,18 @@ optional_policy(`
optional_policy(`
mono_domtrans(initrc_t)
')
@@ -153183,7 +153250,7 @@ index 29a9565..72897c6 100644
')
optional_policy(`
-@@ -844,6 +1273,10 @@ optional_policy(`
+@@ -844,6 +1277,10 @@ optional_policy(`
')
optional_policy(`
@@ -153194,7 +153261,7 @@ index 29a9565..72897c6 100644
# Set device ownerships/modes.
xserver_setattr_console_pipes(initrc_t)
-@@ -854,3 +1287,170 @@ optional_policy(`
+@@ -854,3 +1291,170 @@ optional_policy(`
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -153869,7 +153936,7 @@ index ddbd8be..b267b3f 100644
domain_use_interactive_fds(iscsid_t)
domain_dontaudit_read_all_domains_state(iscsid_t)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
-index 560dc48..64acf0b 100644
+index 560dc48..1540998 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -28,26 +28,24 @@ ifdef(`distro_redhat',`
@@ -154026,7 +154093,7 @@ index 560dc48..64acf0b 100644
')
ifdef(`distro_gentoo',`
-@@ -195,7 +196,6 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_t
+@@ -195,94 +196,95 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_t
/usr/lib/allegro/(.*/)?alleg-vga\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/firefox-[^/]*/extensions(/.*)?/libqfaservices.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -154034,7 +154101,8 @@ index 560dc48..64acf0b 100644
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/mozilla/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -203,86 +203,87 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_t
++/usr/lib/mozilla/plugins/nswrapper_.*\.nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/nx/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/VBoxVMM\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -154179,7 +154247,7 @@ index 560dc48..64acf0b 100644
/usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -303,8 +304,7 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te
+@@ -303,8 +305,7 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -154189,7 +154257,7 @@ index 560dc48..64acf0b 100644
') dnl end distro_redhat
#
-@@ -312,17 +312,157 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te
+@@ -312,17 +313,157 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te
#
/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ldconfig_cache_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f643b00..0663bc9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 170%{?dist}
+Release: 171%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -479,6 +479,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Jul 16 2013 Miroslav Grepl 3.10.0-171
+- Latest F17 fixes before EOL
+
* Thu Jun 6 2013 Miroslav Grepl 3.10.0-170
- Back port to allow l2tpd to read NM conf file
- Add labeling for /run/nm-xl2tpd.conf