diff --git a/policy-20080710.patch b/policy-20080710.patch
index 87504bc..506d9b5 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -665,7 +665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.5.13/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/admin/logrotate.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/admin/logrotate.te 2009-03-30 16:34:18.000000000 +0200
@@ -119,6 +119,7 @@
seutil_dontaudit_read_config(logrotate_t)
@@ -674,7 +674,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
cron_system_entry(logrotate_t, logrotate_exec_t)
cron_search_spool(logrotate_t)
-@@ -186,9 +187,16 @@
+@@ -152,6 +153,10 @@
+ ')
+
+ optional_policy(`
++ bind_manage_cache(logrotate_t)
++')
++
++optional_policy(`
+ consoletype_exec(logrotate_t)
+ ')
+
+@@ -186,9 +191,16 @@
')
optional_policy(`
@@ -1869,8 +1880,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.5.13/policy/modules/apps/awstats.te
--- nsaserefpolicy/policy/modules/apps/awstats.te 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/awstats.te 2009-03-27 14:17:48.000000000 +0100
-@@ -47,6 +47,8 @@
++++ serefpolicy-3.5.13/policy/modules/apps/awstats.te 2009-03-30 14:37:02.000000000 +0200
+@@ -28,6 +28,8 @@
+ awstats_rw_pipes(awstats_t)
+ awstats_cgi_exec(awstats_t)
+
++can_exec(awstats_t, awstats_exec_t)
++
+ manage_dirs_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ manage_files_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
+@@ -47,6 +49,8 @@
# e.g. /usr/share/awstats/lang/awstats-en.txt
files_read_usr_files(awstats_t)
@@ -1879,7 +1899,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.
libs_read_lib_files(awstats_t)
libs_use_ld_so(awstats_t)
libs_use_shared_libs(awstats_t)
-@@ -55,6 +57,8 @@
+@@ -55,6 +59,8 @@
sysnet_dns_name_resolve(awstats_t)
@@ -13232,7 +13252,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.5.13/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/bind.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/bind.te 2009-03-30 11:05:25.000000000 +0200
@@ -173,7 +173,7 @@
')
@@ -13242,7 +13262,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
')
optional_policy(`
-@@ -247,6 +247,8 @@
+@@ -233,6 +233,7 @@
+ files_search_pids(ndc_t)
+
+ fs_getattr_xattr_fs(ndc_t)
++fs_list_inotifyfs(ndc_t)
+
+ init_use_fds(ndc_t)
+ init_use_script_ptys(ndc_t)
+@@ -247,6 +248,8 @@
sysnet_read_config(ndc_t)
sysnet_dns_name_resolve(ndc_t)
@@ -16014,7 +16042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.5.13/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/dcc.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/dcc.te 2009-03-30 16:36:54.000000000 +0200
@@ -105,6 +105,8 @@
files_read_etc_files(cdcc_t)
files_read_etc_runtime_files(cdcc_t)
@@ -17144,6 +17172,48 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
+ spamassassin_exec(exim_t)
+ spamassassin_exec_client(exim_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.5.13/policy/modules/services/fail2ban.if
+--- nsaserefpolicy/policy/modules/services/fail2ban.if 2008-10-17 14:49:11.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/fail2ban.if 2009-03-30 12:51:09.000000000 +0200
+@@ -79,6 +79,27 @@
+ allow $1 fail2ban_var_run_t:file read_file_perms;
+ ')
+
++#######################################
++##
++## Connect to fail2ban over a unix domain
++## stream socket.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`fail2ban_stream_connect',`
++ gen_require(`
++ type fail2ban_var_run_t, fail2ban_t;
++ ')
++
++ allow $1 fail2ban_t:unix_stream_socket connectto;
++ allow $1 fail2ban_var_run_t:sock_file { getattr write };
++ files_search_pids($1)
++')
++
+ ########################################
+ ##
+ ## All of the rules required to administrate
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.5.13/policy/modules/services/fail2ban.te
+--- nsaserefpolicy/policy/modules/services/fail2ban.te 2008-10-17 14:49:11.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/fail2ban.te 2009-03-30 12:52:34.000000000 +0200
+@@ -27,6 +27,7 @@
+ #
+
+ allow fail2ban_t self:process signal;
++dontaudit fail2ban_t self:capability sys_tty_config;
+ allow fail2ban_t self:fifo_file rw_fifo_file_perms;
+ allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
+ allow fail2ban_t self:tcp_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.5.13/policy/modules/services/fetchmail.fc
--- nsaserefpolicy/policy/modules/services/fetchmail.fc 2008-10-17 14:49:11.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/services/fetchmail.fc 2009-03-05 15:02:41.000000000 +0100
@@ -18655,7 +18725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
+/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.5.13/policy/modules/services/milter.if
--- nsaserefpolicy/policy/modules/services/milter.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.5.13/policy/modules/services/milter.if 2009-03-17 16:49:58.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/milter.if 2009-03-30 11:13:36.000000000 +0200
@@ -0,0 +1,104 @@
+## Milter mail filters
+
@@ -18751,7 +18821,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
+##
+##
+#
-+interface(`spamass_milter_manage_state',`
++interface(`milter_spamass_manage_state',`
+ gen_require(`
+ type spamass_milter_state_t;
+ ')
@@ -28361,7 +28431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.13/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-03-27 16:44:52.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-03-30 11:14:39.000000000 +0200
@@ -21,16 +21,24 @@
gen_tunable(spamd_enable_home_dirs, true)
@@ -28549,7 +28619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
')
optional_policy(`
-+ spamass_milter_manage_state(spamd_t)
++ milter_spamass_manage_state(spamd_t)
+')
+
+optional_policy(`
@@ -28674,7 +28744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+')
+
+optional_policy(`
-+ spamass_milter_manage_state(spamc_t)
++ milter_spamass_manage_state(spamc_t)
+')
+
+optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6035496..95011d6 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 53%{?dist}
+Release: 54%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,11 @@ exit 0
%endif
%changelog
+* Mon Mar 30 2009 Miroslav Grepl 3.5.13-54
+- Allow bitlbee_t to read /proc/meminfo
+- Fix lircd policy
+- Allow logrotate to manage BIND cache files
+
* Wed Mar 25 2009 Miroslav Grepl 3.5.13-53
- Add labeling for new devices
- Fix devices policy