diff --git a/policy-20070703.patch b/policy-20070703.patch
index b8afb7a..b62608e 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -1272,7 +1272,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+/var/log/kismet(/.*)? gen_context(system_u:object_r:kismet_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.0.8/policy/modules/admin/kismet.if
--- nsaserefpolicy/policy/modules/admin/kismet.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/admin/kismet.if 2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/admin/kismet.if 2008-03-17 15:27:18.000000000 -0400
@@ -0,0 +1,277 @@
+
+## policy for kismet
@@ -1509,7 +1509,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+
+ kismet_domtrans($1)
+ role $2 types kismet_t;
-+ dontaudit kismet_t $3:chr_file rw_term_perms;
++ allow kismet_t $3:chr_file rw_term_perms;
+')
+
+
@@ -3070,7 +3070,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.0.8/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/java.if 2008-03-11 20:02:09.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/apps/java.if 2008-03-13 18:22:46.000000000 -0400
@@ -32,7 +32,7 @@
##
##
@@ -3895,7 +3895,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.0.8/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/slocate.te 2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/apps/slocate.te 2008-03-11 20:54:24.000000000 -0400
@@ -39,6 +39,7 @@
files_list_all(locate_t)
@@ -3904,6 +3904,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
files_getattr_all_sockets(locate_t)
files_read_etc_runtime_files(locate_t)
files_read_etc_files(locate_t)
+@@ -46,6 +47,8 @@
+ fs_getattr_all_fs(locate_t)
+ fs_getattr_all_files(locate_t)
+ fs_list_all(locate_t)
++fs_getattr_all_pipes(locate_t)
++fs_getattr_all_symlinks(locate_t)
+
+ # getpwnam
+ auth_use_nsswitch(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.0.8/policy/modules/apps/userhelper.if
--- nsaserefpolicy/policy/modules/apps/userhelper.if 2007-10-22 13:21:40.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/apps/userhelper.if 2008-01-17 09:03:07.000000000 -0500
@@ -5895,7 +5904,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.0.8/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.te 2008-02-21 11:17:46.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.te 2008-03-17 11:04:15.000000000 -0400
@@ -21,6 +21,7 @@
# Use xattrs for the following filesystem types.
@@ -5948,6 +5957,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
type vxfs_t;
fs_noxattr_type(vxfs_t)
files_mountpoint(vxfs_t)
+@@ -222,6 +237,8 @@
+ genfscon hfs / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
++genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
++genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
+
+ ########################################
+ #
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.0.8/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-10-22 13:21:42.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/kernel/kernel.if 2008-01-30 11:09:40.000000000 -0500
@@ -7929,6 +7947,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
+/var/log/clamd.* gen_context(system_u:object_r:clamd_var_log_t,s0)
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.0.8/policy/modules/services/clamav.if
+--- nsaserefpolicy/policy/modules/services/clamav.if 2007-10-22 13:21:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/clamav.if 2008-03-17 09:23:39.000000000 -0400
+@@ -91,3 +91,22 @@
+
+ domtrans_pattern($1,clamscan_exec_t,clamscan_t)
+ ')
++
++########################################
++##
++## Execute clamscan without a transition.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`clamav_exec_clamscan',`
++ gen_require(`
++ type clamscan_exec_t;
++ ')
++
++ can_exec($1,clamscan_exec_t)
++
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.0.8/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2007-10-22 13:21:36.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/clamav.te 2008-03-03 09:51:53.000000000 -0500
@@ -9290,7 +9334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.0.8/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.te 2008-02-19 15:28:48.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dbus.te 2008-03-17 09:12:34.000000000 -0400
@@ -23,6 +23,9 @@
type system_dbusd_var_run_t;
files_pid_file(system_dbusd_var_run_t)
@@ -9310,15 +9354,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
manage_files_pattern(system_dbusd_t,system_dbusd_var_run_t,system_dbusd_var_run_t)
manage_sock_files_pattern(system_dbusd_t,system_dbusd_var_run_t,system_dbusd_var_run_t)
files_pid_filetrans(system_dbusd_t,system_dbusd_var_run_t,file)
-@@ -60,6 +65,7 @@
+@@ -60,6 +65,8 @@
fs_getattr_all_fs(system_dbusd_t)
fs_search_auto_mountpoints(system_dbusd_t)
+fs_list_inotifyfs(system_dbusd_t)
++fs_dontaudit_list_nfs(system_dbusd_t)
selinux_get_fs_mount(system_dbusd_t)
selinux_validate_context(system_dbusd_t)
-@@ -116,9 +122,18 @@
+@@ -116,9 +123,18 @@
')
optional_policy(`
@@ -10182,7 +10227,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
+/var/run/fail2ban\.sock -s gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.0.8/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/fail2ban.te 2008-03-06 16:54:33.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/fail2ban.te 2008-03-17 09:28:00.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(fail2ban,1.0.0)
@@ -10190,6 +10235,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
########################################
#
+@@ -25,7 +25,7 @@
+
+ allow fail2ban_t self:process signal;
+ allow fail2ban_t self:fifo_file rw_fifo_file_perms;
+-allow fail2ban_t self:unix_stream_socket create_stream_socket_perms;
++allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
+
+ # log files
+ allow fail2ban_t fail2ban_log_t:dir setattr;
@@ -33,8 +33,9 @@
logging_log_filetrans(fail2ban_t,fail2ban_log_t,file)
@@ -10201,9 +10255,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
kernel_read_system_state(fail2ban_t)
-@@ -47,14 +48,23 @@
+@@ -46,15 +47,25 @@
+ domain_use_interactive_fds(fail2ban_t)
files_read_etc_files(fail2ban_t)
++files_read_etc_runtime_files(fail2ban_t)
files_read_usr_files(fail2ban_t)
+files_list_var(fail2ban_t)
+files_search_var_lib(fail2ban_t)
@@ -10226,7 +10282,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
optional_policy(`
apache_read_log(fail2ban_t)
')
-@@ -64,5 +74,11 @@
+@@ -64,5 +75,11 @@
')
optional_policy(`
@@ -10907,7 +10963,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.0.8/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/lpd.fc 2008-02-19 10:01:56.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/lpd.fc 2008-03-17 09:33:51.000000000 -0400
@@ -22,6 +22,8 @@
/usr/sbin/lpinfo -- gen_context(system_u:object_r:lpr_exec_t,s0)
/usr/sbin/lpmove -- gen_context(system_u:object_r:lpr_exec_t,s0)
@@ -10917,11 +10973,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
/usr/share/printconf/.* -- gen_context(system_u:object_r:printconf_t,s0)
#
-@@ -29,3 +31,4 @@
+@@ -29,3 +31,5 @@
#
/var/spool/lpd(/.*)? gen_context(system_u:object_r:print_spool_t,s0)
/var/run/lprng(/.*)? gen_context(system_u:object_r:lpd_var_run_t,s0)
+/var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
++/var/spool/cups-pdf(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.0.8/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2007-10-22 13:21:36.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/lpd.if 2008-01-17 09:03:07.000000000 -0500
@@ -11524,7 +11581,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.0.8/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/munin.te 2008-01-21 17:08:25.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/munin.te 2008-03-17 15:48:59.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(munin,1.3.0)
@@ -11561,22 +11618,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
manage_dirs_pattern(munin_t,munin_tmp_t,munin_tmp_t)
manage_files_pattern(munin_t,munin_tmp_t,munin_tmp_t)
-@@ -62,8 +66,11 @@
+@@ -61,9 +65,11 @@
+ files_pid_filetrans(munin_t,munin_var_run_t,file)
kernel_read_system_state(munin_t)
- kernel_read_kernel_sysctls(munin_t)
+-kernel_read_kernel_sysctls(munin_t)
+kernel_read_network_state(munin_t)
-+kernel_read_sysctl(munin_t)
++kernel_read_all_sysctls(munin_t)
corecmd_exec_bin(munin_t)
+corecmd_exec_shell(munin_t)
corenet_all_recvfrom_unlabeled(munin_t)
corenet_all_recvfrom_netlabel(munin_t)
-@@ -73,11 +80,15 @@
+@@ -73,27 +79,36 @@
corenet_udp_sendrecv_all_nodes(munin_t)
corenet_tcp_sendrecv_all_ports(munin_t)
corenet_udp_sendrecv_all_ports(munin_t)
++corenet_tcp_bind_munin_port(munin_t)
+corenet_tcp_connect_munin_port(munin_t)
+corenet_tcp_connect_http_port(munin_t)
+corenet_tcp_bind_all_nodes(munin_t)
@@ -11589,7 +11648,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
files_read_etc_files(munin_t)
files_read_etc_runtime_files(munin_t)
-@@ -86,14 +97,17 @@
+ files_read_usr_files(munin_t)
++files_list_spool(munin_t)
+
fs_getattr_all_fs(munin_t)
fs_search_auto_mountpoints(munin_t)
@@ -11608,7 +11669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
userdom_dontaudit_use_unpriv_user_fds(munin_t)
userdom_dontaudit_search_sysadm_home_dirs(munin_t)
-@@ -108,7 +122,19 @@
+@@ -108,7 +123,20 @@
')
optional_policy(`
@@ -11621,15 +11682,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+')
+
+optional_policy(`
-+ sendmail_read_log(munin_t)
++ mysql_read_config(munin_t)
++ mysql_stream_connect(munin_t)
+')
+
+optional_policy(`
-+ mysql_stream_connect(munin_t)
++ sendmail_read_log(munin_t)
')
optional_policy(`
-@@ -118,3 +144,10 @@
+@@ -118,3 +146,9 @@
optional_policy(`
udev_read_db(munin_t)
')
@@ -11639,7 +11701,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+
+manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
-+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.0.8/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2007-10-22 13:21:36.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/mysql.fc 2008-01-17 09:03:07.000000000 -0500
@@ -12940,7 +13001,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.0.8/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/postfix.te 2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/postfix.te 2008-03-17 09:23:20.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -13032,7 +13093,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
mta_read_aliases(postfix_local_t)
mta_delete_spool(postfix_local_t)
# For reading spamassasin
-@@ -275,6 +302,8 @@
+@@ -270,11 +297,14 @@
+
+ optional_policy(`
+ clamav_search_lib(postfix_local_t)
++ clamav_exec_clamscan(postfix_local_t)
+ ')
+
optional_policy(`
# for postalias
mailman_manage_data_files(postfix_local_t)
@@ -13041,7 +13108,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
optional_policy(`
-@@ -327,6 +356,8 @@
+@@ -327,6 +357,8 @@
files_read_etc_runtime_files(postfix_map_t)
files_dontaudit_search_var(postfix_map_t)
@@ -13050,7 +13117,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
libs_use_ld_so(postfix_map_t)
libs_use_shared_libs(postfix_map_t)
-@@ -334,10 +365,6 @@
+@@ -334,10 +366,6 @@
miscfiles_read_localization(postfix_map_t)
@@ -13061,7 +13128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
tunable_policy(`read_default_t',`
files_list_default(postfix_map_t)
files_read_default_files(postfix_map_t)
-@@ -350,10 +377,6 @@
+@@ -350,10 +378,6 @@
locallogin_dontaudit_use_fds(postfix_map_t)
')
@@ -13072,7 +13139,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
########################################
#
# Postfix pickup local policy
-@@ -377,7 +400,7 @@
+@@ -377,7 +401,7 @@
# Postfix pipe local policy
#
@@ -13081,7 +13148,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
-@@ -386,6 +409,10 @@
+@@ -386,6 +410,10 @@
rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
optional_policy(`
@@ -13092,7 +13159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
procmail_domtrans(postfix_pipe_t)
')
-@@ -394,6 +421,10 @@
+@@ -394,6 +422,10 @@
')
optional_policy(`
@@ -13103,7 +13170,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
uucp_domtrans_uux(postfix_pipe_t)
')
-@@ -418,14 +449,17 @@
+@@ -418,14 +450,17 @@
term_dontaudit_use_all_user_ptys(postfix_postdrop_t)
term_dontaudit_use_all_user_ttys(postfix_postdrop_t)
@@ -13123,7 +13190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
optional_policy(`
ppp_use_fds(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t)
-@@ -454,8 +488,6 @@
+@@ -454,8 +489,6 @@
init_sigchld_script(postfix_postqueue_t)
init_use_script_fds(postfix_postqueue_t)
@@ -13132,7 +13199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
########################################
#
# Postfix qmgr local policy
-@@ -498,15 +530,11 @@
+@@ -498,15 +531,11 @@
term_use_all_user_ptys(postfix_showq_t)
term_use_all_user_ttys(postfix_showq_t)
@@ -13148,7 +13215,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
# connect to master process
stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
-@@ -514,6 +542,8 @@
+@@ -514,6 +543,8 @@
allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
@@ -13157,7 +13224,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
optional_policy(`
cyrus_stream_connect(postfix_smtp_t)
')
-@@ -538,9 +568,45 @@
+@@ -538,9 +569,45 @@
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
@@ -16246,7 +16313,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.0.8/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/squid.te 2008-02-15 16:43:23.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/squid.te 2008-03-17 14:58:51.000000000 -0400
@@ -36,7 +36,7 @@
# Local policy
#
@@ -16256,16 +16323,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
dontaudit squid_t self:capability sys_tty_config;
allow squid_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
allow squid_t self:fifo_file rw_fifo_file_perms;
-@@ -53,6 +53,8 @@
+@@ -53,6 +53,9 @@
allow squid_t self:tcp_socket create_stream_socket_perms;
allow squid_t self:udp_socket create_socket_perms;
+auth_use_nsswitch(squid_t)
++auth_domtrans_chkpwd(squid_t)
+
# Grant permissions to create, access, and delete cache files.
manage_dirs_pattern(squid_t,squid_cache_t,squid_cache_t)
manage_files_pattern(squid_t,squid_cache_t,squid_cache_t)
-@@ -85,6 +87,7 @@
+@@ -85,6 +88,7 @@
corenet_udp_sendrecv_all_ports(squid_t)
corenet_tcp_bind_all_nodes(squid_t)
corenet_udp_bind_all_nodes(squid_t)
@@ -16273,7 +16341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
corenet_tcp_bind_http_cache_port(squid_t)
corenet_udp_bind_http_cache_port(squid_t)
corenet_tcp_bind_ftp_port(squid_t)
-@@ -92,10 +95,12 @@
+@@ -92,10 +96,12 @@
corenet_udp_bind_gopher_port(squid_t)
corenet_tcp_bind_squid_port(squid_t)
corenet_udp_bind_squid_port(squid_t)
@@ -16286,7 +16354,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
corenet_sendrecv_http_client_packets(squid_t)
corenet_sendrecv_ftp_client_packets(squid_t)
corenet_sendrecv_gopher_client_packets(squid_t)
-@@ -109,6 +114,8 @@
+@@ -109,6 +115,8 @@
fs_getattr_all_fs(squid_t)
fs_search_auto_mountpoints(squid_t)
@@ -16295,7 +16363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
selinux_dontaudit_getattr_dir(squid_t)
-@@ -137,9 +144,6 @@
+@@ -137,9 +145,6 @@
miscfiles_read_certs(squid_t)
miscfiles_read_localization(squid_t)
@@ -16305,7 +16373,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
userdom_use_unpriv_users_fds(squid_t)
userdom_dontaudit_use_unpriv_user_fds(squid_t)
userdom_dontaudit_search_sysadm_home_dirs(squid_t)
-@@ -149,19 +153,7 @@
+@@ -149,19 +154,7 @@
')
optional_policy(`
@@ -16326,7 +16394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
')
optional_policy(`
-@@ -176,7 +168,12 @@
+@@ -176,7 +169,12 @@
udev_read_db(squid_t)
')
@@ -18213,7 +18281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-02-11 17:22:41.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-03-17 09:11:31.000000000 -0400
@@ -9,6 +9,13 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -18249,7 +18317,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
########################################
#
# PAM local policy
-@@ -94,10 +108,14 @@
+@@ -94,36 +108,37 @@
allow pam_t pam_tmp_t:file manage_file_perms;
files_tmp_filetrans(pam_t, pam_tmp_t, { file dir })
@@ -18264,7 +18332,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
term_use_all_user_ttys(pam_t)
term_use_all_user_ptys(pam_t)
-@@ -111,19 +129,16 @@
+-init_dontaudit_rw_utmp(pam_t)
++init_read_utmp(pam_t)
++init_dontaudit_write_utmp(pam_t)
+
+ files_read_etc_files(pam_t)
+-
+ libs_use_ld_so(pam_t)
+ libs_use_shared_libs(pam_t)
+
logging_send_syslog_msg(pam_t)
userdom_use_unpriv_users_fds(pam_t)
@@ -18817,7 +18893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.0.8/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.te 2008-02-27 23:24:47.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/init.te 2008-03-12 08:36:13.000000000 -0400
@@ -10,6 +10,20 @@
# Declarations
#
@@ -20147,7 +20223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+#logging_audisp_system_domain(zos_remote_t, zos_remote_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.0.8/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/lvm.fc 2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/lvm.fc 2008-03-12 07:01:57.000000000 -0400
@@ -15,6 +15,7 @@
#
/etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0)
@@ -20156,6 +20232,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
/etc/lvm/archive(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
+@@ -96,3 +97,4 @@
+ /var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
+ /var/run/multipathd.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
+ /var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
++/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.0.8/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-10-22 13:21:40.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/lvm.te 2008-03-11 19:07:04.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 44d7b76..fa5a5c2 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 93%{?dist}
+Release: 94%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,8 @@ exit 0
%endif
%changelog
+* Mon Mar 17 2008 Dan Walsh 3.0.8-94
+
* Tue Mar 11 2008 Dan Walsh 3.0.8-93
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files