diff --git a/policy-20100106.patch b/policy-20100106.patch
index 2d62bd0..f3a5722 100644
--- a/policy-20100106.patch
+++ b/policy-20100106.patch
@@ -569,7 +569,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.32/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2010-01-18 18:24:22.633540020 +0100
-+++ serefpolicy-3.6.32/policy/modules/apps/pulseaudio.te	2010-02-01 17:25:54.881332083 +0100
++++ serefpolicy-3.6.32/policy/modules/apps/pulseaudio.te	2010-02-12 17:14:46.763717264 +0100
 @@ -11,6 +11,9 @@
  application_domain(pulseaudio_t, pulseaudio_exec_t)
  role system_r types pulseaudio_t;
@@ -592,6 +592,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  can_exec(pulseaudio_t, pulseaudio_exec_t)
  
  kernel_getattr_proc(pulseaudio_t)
+@@ -72,6 +80,8 @@
+ ')
+ 
+ optional_policy(`
++	dbus_system_domain(pulseaudio_t, pulseaudio_exec_t)
++
+ 	dbus_system_bus_client(pulseaudio_t)
+ 	dbus_session_bus_client(pulseaudio_t)
+ 	dbus_connect_session_bus(pulseaudio_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.32/policy/modules/apps/sambagui.te
 --- nsaserefpolicy/policy/modules/apps/sambagui.te	2010-01-18 18:24:22.646540277 +0100
 +++ serefpolicy-3.6.32/policy/modules/apps/sambagui.te	2010-02-08 10:39:43.173336716 +0100
@@ -2118,6 +2127,49 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +init_dontaudit_use_script_fds(djbdns_tinydns_t)
 +
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.6.32/policy/modules/services/dnsmasq.fc
+--- nsaserefpolicy/policy/modules/services/dnsmasq.fc	2009-09-16 16:01:19.000000000 +0200
++++ serefpolicy-3.6.32/policy/modules/services/dnsmasq.fc	2010-02-12 17:25:06.991714829 +0100
+@@ -5,5 +5,7 @@
+ /var/lib/misc/dnsmasq\.leases	--	gen_context(system_u:object_r:dnsmasq_lease_t,s0)
+ /var/lib/dnsmasq(/.*)?			gen_context(system_u:object_r:dnsmasq_lease_t,s0)
+ 
++/var/log/dnsmasq\.log   	--	gen_context(system_u:object_r:dnsmasq_var_log_t,s0) 
++
+ /var/run/dnsmasq\.pid		--	gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+ /var/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.32/policy/modules/services/dnsmasq.te
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te	2010-01-18 18:24:22.780530921 +0100
++++ serefpolicy-3.6.32/policy/modules/services/dnsmasq.te	2010-02-12 17:24:31.727729095 +0100
+@@ -16,6 +16,9 @@
+ type dnsmasq_lease_t;
+ files_type(dnsmasq_lease_t)
+ 
++type dnsmasq_var_log_t;
++logging_log_file(dnsmasq_var_log_t)
++
+ type dnsmasq_var_run_t;
+ files_pid_file(dnsmasq_var_run_t)
+ 
+@@ -24,7 +27,7 @@
+ # Local policy
+ #
+ 
+-allow dnsmasq_t self:capability { net_admin setgid setuid net_bind_service net_raw };
++allow dnsmasq_t self:capability { dac_override chown net_admin setgid setuid net_bind_service net_raw };
+ dontaudit dnsmasq_t self:capability sys_tty_config;
+ allow dnsmasq_t self:process { getcap setcap signal_perms };
+ allow dnsmasq_t self:fifo_file rw_fifo_file_perms;
+@@ -38,6 +41,9 @@
+ manage_files_pattern(dnsmasq_t, dnsmasq_lease_t, dnsmasq_lease_t)
+ files_var_lib_filetrans(dnsmasq_t, dnsmasq_lease_t, file)
+ 
++manage_files_pattern(dnsmasq_t, dnsmasq_var_log_t, dnsmasq_var_log_t)
++logging_log_filetrans(dnsmasq_t, dnsmasq_var_log_t, file)
++
+ manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
+ files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.32/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2010-01-18 18:24:22.782530547 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/dovecot.te	2010-02-08 11:55:25.971336166 +0100
@@ -4799,7 +4851,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/tuned\.pid		--	gen_context(system_u:object_r:tuned_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.6.32/policy/modules/services/tuned.te
 --- nsaserefpolicy/policy/modules/services/tuned.te	2010-01-18 18:24:22.909530847 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/tuned.te	2010-02-03 17:35:32.298159249 +0100
++++ serefpolicy-3.6.32/policy/modules/services/tuned.te	2010-02-12 09:35:29.523875558 +0100
 @@ -13,6 +13,9 @@
  type tuned_initrc_exec_t;
  init_script_file(tuned_initrc_exec_t)
@@ -4830,6 +4882,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # to allow cpu tuning
  dev_rw_netcontrol(tuned_t)
  
+@@ -46,6 +53,8 @@
+ 
+ userdom_dontaudit_search_user_home_dirs(tuned_t)
+ 
++logging_send_syslog_msg(tuned_t)
++
+ miscfiles_read_localization(tuned_t)
+ 
+ # to allow disk tuning
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.6.32/policy/modules/services/ucspitcp.te
 --- nsaserefpolicy/policy/modules/services/ucspitcp.te	2009-09-16 16:01:19.000000000 +0200
 +++ serefpolicy-3.6.32/policy/modules/services/ucspitcp.te	2010-02-11 14:18:05.345868624 +0100
@@ -5079,7 +5140,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.32/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2010-01-18 18:24:22.923530253 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.te	2010-02-10 13:42:43.220607710 +0100
++++ serefpolicy-3.6.32/policy/modules/services/xserver.te	2010-02-12 16:53:54.085716333 +0100
 @@ -253,6 +253,7 @@
  allow xdm_t iceauth_home_t:file read_file_perms;
  
@@ -5121,7 +5182,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -506,6 +517,7 @@
+@@ -373,6 +384,8 @@
+ allow xdm_t self:appletalk_socket create_socket_perms;
+ allow xdm_t self:key { search link write };
+ 
++allow xdm_t xserver_t:process { signal signull };
++
+ allow xdm_t xauth_home_t:file manage_file_perms;
+ 
+ allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
+@@ -506,6 +519,7 @@
  dev_dontaudit_rw_misc(xdm_t)
  dev_getattr_video_dev(xdm_t)
  dev_setattr_video_dev(xdm_t)
@@ -5129,7 +5199,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_getattr_scanner_dev(xdm_t)
  dev_setattr_scanner_dev(xdm_t)
  dev_read_sound(xdm_t)
-@@ -582,6 +594,7 @@
+@@ -582,6 +596,7 @@
  userdom_read_all_users_state(xdm_t)
  userdom_signal_all_users(xdm_t)
  userdom_stream_connect(xdm_t)
@@ -5137,7 +5207,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_manage_user_tmp_dirs(xdm_t)
  userdom_manage_user_tmp_sockets(xdm_t)
  userdom_manage_tmpfs_role(system_r, xdm_t)
-@@ -668,6 +681,7 @@
+@@ -668,6 +683,7 @@
  
  optional_policy(`
  	gnome_read_gconf_config(xdm_t)
@@ -5145,7 +5215,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -675,6 +689,10 @@
+@@ -675,6 +691,10 @@
  ')
  
  optional_policy(`
@@ -5156,7 +5226,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	loadkeys_exec(xdm_t)
  ')
  
-@@ -712,6 +730,7 @@
+@@ -712,6 +732,7 @@
  optional_policy(`
  	pulseaudio_exec(xdm_t)
  	pulseaudio_dbus_chat(xdm_t)
@@ -5484,7 +5554,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +') 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.32/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2010-01-18 18:24:22.936530091 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/init.te	2010-02-10 12:35:56.244868320 +0100
++++ serefpolicy-3.6.32/policy/modules/system/init.te	2010-02-12 16:51:50.962967747 +0100
 @@ -40,6 +40,7 @@
  attribute init_script_domain_type;
  attribute init_script_file_type;
@@ -5569,7 +5639,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	fs_rw_tmpfs_chr_files(initrc_t)
  
  	storage_manage_fixed_disk(initrc_t)
-@@ -872,6 +891,7 @@
+@@ -584,6 +603,7 @@
+ domain_dontaudit_use_interactive_fds(daemon)
+ 
+ userdom_dontaudit_list_admin_dir(daemon)
++userdom_dontaduit_search_user_tmp(daemon)
+ 
+ tunable_policy(`allow_daemons_use_tty',`
+ 	term_use_unallocated_ttys(daemon)
+@@ -872,6 +892,7 @@
  
  optional_policy(`
  	unconfined_domain(initrc_t)
@@ -5577,7 +5655,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	ifdef(`distro_redhat',`
  		# system-config-services causes avc messages that should be dontaudited
-@@ -885,6 +905,9 @@
+@@ -885,6 +906,9 @@
  	# Allow SELinux aware applications to request rpm_script_t execution
  	rpm_transition_script(initrc_t)
  
@@ -6050,8 +6128,33 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  HOME_DIR/\.gvfs(/.*)?	<<none>>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.32/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2010-01-18 18:24:22.983531669 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/userdomain.if	2010-02-01 20:32:18.731160012 +0100
-@@ -3631,6 +3631,24 @@
++++ serefpolicy-3.6.32/policy/modules/system/userdomain.if	2010-02-12 16:51:07.923978020 +0100
+@@ -2316,6 +2316,24 @@
+ 	dontaudit $1 user_tmp_t:dir list_dir_perms;
+ ')
+ 
++#######################################
++## <summary>
++## Dontaudit search user temporary directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_dontaduit_search_user_tmp',`
++	gen_require(`
++		type user_tmp_t;
++	')
++
++	dontaudit $1 user_tmp_t:dir search_dir_perms;
++')
++
+ ########################################
+ ## <summary>
+ ##	Do not audit attempts to manage users
+@@ -3631,6 +3649,24 @@
  
  ########################################
  ## <summary>
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3d46d43..824d827 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.32
-Release: 89%{?dist}
+Release: 90%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Feb 12 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.32-90
+- Allow dnsmasq to create log file
+
 * Thu Feb 11 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.32-89
 - Allow rpcd to read files with default file type