diff --git a/policy-F15.patch b/policy-F15.patch
index 1b291a4..33a544e 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -6799,10 +6799,10 @@ index 0000000..4f9cb05
+')
diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te
new file mode 100644
-index 0000000..6cc919e
+index 0000000..3ce0256
--- /dev/null
+++ b/policy/modules/apps/nsplugin.te
-@@ -0,0 +1,323 @@
+@@ -0,0 +1,327 @@
+policy_module(nsplugin, 1.0.0)
+
+########################################
@@ -6982,6 +6982,10 @@ index 0000000..6cc919e
+')
+
+optional_policy(`
++ devicekit_dontaudit_dbus_chat_power(nsplugin_t)
++')
++
++optional_policy(`
+ dbus_session_bus_client(nsplugin_t)
+ dbus_connect_session_bus(nsplugin_t)
+ dbus_system_bus_client(nsplugin_t)
@@ -21858,10 +21862,10 @@ index 0000000..939d76e
+')
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
new file mode 100644
-index 0000000..52ad073
+index 0000000..7aa11b6
--- /dev/null
+++ b/policy/modules/services/colord.te
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,110 @@
+policy_module(colord,1.0.0)
+
+########################################
@@ -21908,6 +21912,7 @@ index 0000000..52ad073
+manage_files_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
+files_var_lib_filetrans(colord_t, colord_var_lib_t, { file dir })
+
++kernel_getattr_proc_files(colord_t)
+kernel_read_device_sysctls(colord_t)
+
+corenet_udp_bind_generic_node(colord_t)
@@ -24052,7 +24057,7 @@ index 418a5a0..28d9e41 100644
/var/run/udisks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
/var/run/upower(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
diff --git a/policy/modules/services/devicekit.if b/policy/modules/services/devicekit.if
-index f706b99..30954ba 100644
+index f706b99..9ed1b7c 100644
--- a/policy/modules/services/devicekit.if
+++ b/policy/modules/services/devicekit.if
@@ -5,9 +5,9 @@
@@ -24095,12 +24100,33 @@ index f706b99..30954ba 100644
## Send signal devicekit power
##
##
-@@ -118,6 +139,44 @@ interface(`devicekit_dbus_chat_power',`
+@@ -118,6 +139,65 @@ interface(`devicekit_dbus_chat_power',`
allow devicekit_power_t $1:dbus send_msg;
')
+#######################################
+##
++## Send and receive messages from
++## devicekit power over dbus.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`devicekit_dontaudit_dbus_chat_power',`
++ gen_require(`
++ type devicekit_power_t;
++ class dbus send_msg;
++ ')
++
++ dontaudit $1 devicekit_power_t:dbus send_msg;
++ dontaudit devicekit_power_t $1:dbus send_msg;
++')
++
++#######################################
++##
+## Do not audit attempts to write the devicekit
+## log files.
+##
@@ -24140,7 +24166,7 @@ index f706b99..30954ba 100644
########################################
##
## Read devicekit PID files.
-@@ -139,22 +198,52 @@ interface(`devicekit_read_pid_files',`
+@@ -139,22 +219,52 @@ interface(`devicekit_read_pid_files',`
########################################
##
@@ -24200,7 +24226,7 @@ index f706b99..30954ba 100644
##
##
##
-@@ -165,21 +254,21 @@ interface(`devicekit_admin',`
+@@ -165,21 +275,21 @@ interface(`devicekit_admin',`
type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t;
')
@@ -28118,6 +28144,22 @@ index 9fab1dc..dc7dd01 100644
mta_send_mail(innd_t)
+diff --git a/policy/modules/services/irqbalance.te b/policy/modules/services/irqbalance.te
+index 9aeeaf9..e0ed328 100644
+--- a/policy/modules/services/irqbalance.te
++++ b/policy/modules/services/irqbalance.te
+@@ -47,6 +47,11 @@ miscfiles_read_localization(irqbalance_t)
+ userdom_dontaudit_use_unpriv_user_fds(irqbalance_t)
+ userdom_dontaudit_search_user_home_dirs(irqbalance_t)
+
++ifdef(`hide_broken_symptoms',`
++ # caused by some bogus kernel code
++ dontaudit irqbalance_t self:capability sys_module;
++')
++
+ optional_policy(`
+ seutil_sigchld_newrole(irqbalance_t)
+ ')
diff --git a/policy/modules/services/jabber.fc b/policy/modules/services/jabber.fc
index 4c9acec..deef4c7 100644
--- a/policy/modules/services/jabber.fc
@@ -48601,10 +48643,10 @@ index 882c6a2..d0ff4ec 100644
')
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
-index 354ce93..f97fbb7 100644
+index 354ce93..b8b14b9 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
-@@ -33,6 +33,19 @@ ifdef(`distro_gentoo', `
+@@ -33,9 +33,24 @@ ifdef(`distro_gentoo', `
#
# /sbin
#
@@ -48624,7 +48666,12 @@ index 354ce93..f97fbb7 100644
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
# because nowadays, /sbin/init is often a symlink to /sbin/upstart
/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
-@@ -55,6 +68,9 @@ ifdef(`distro_gentoo', `
++# for Fedora
++/lib/upstart/init -- gen_context(system_u:object_r:init_exec_t,s0)
+
+ ifdef(`distro_gentoo', `
+ /sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
+@@ -55,6 +70,9 @@ ifdef(`distro_gentoo', `
/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -48634,7 +48681,7 @@ index 354ce93..f97fbb7 100644
#
# /var
-@@ -76,3 +92,4 @@ ifdef(`distro_suse', `
+@@ -76,3 +94,4 @@ ifdef(`distro_suse', `
/var/run/setleds-on -- gen_context(system_u:object_r:initrc_var_run_t,s0)
/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0)
')
@@ -54203,7 +54250,7 @@ index ff80d0a..7f1a21c 100644
+ role_transition $1 dhcpc_exec_t system_r;
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index df32316..a228139 100644
+index df32316..37f1cfa 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -5,6 +5,13 @@ policy_module(sysnetwork, 1.11.1)
@@ -54400,7 +54447,7 @@ index df32316..a228139 100644
userdom_use_user_terminals(ifconfig_t)
userdom_use_all_users_fds(ifconfig_t)
-@@ -314,6 +363,10 @@ ifdef(`distro_ubuntu',`
+@@ -314,7 +363,15 @@ ifdef(`distro_ubuntu',`
')
')
@@ -54409,9 +54456,14 @@ index df32316..a228139 100644
+')
+
ifdef(`hide_broken_symptoms',`
++
++ # caused by some bogus kernel code
++ dontaudit ifconfig_t self:capability sys_module;
++
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -325,12 +378,31 @@ ifdef(`hide_broken_symptoms',`
+ ')
+@@ -325,12 +382,31 @@ ifdef(`hide_broken_symptoms',`
')
optional_policy(`
@@ -54443,7 +54495,7 @@ index df32316..a228139 100644
')
optional_policy(`
-@@ -355,3 +427,9 @@ optional_policy(`
+@@ -355,3 +431,9 @@ optional_policy(`
xen_append_log(ifconfig_t)
xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1e408e7..a22ada4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.16
-Release: 22%{?dist}
+Release: 23%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,11 @@ exit 0
%endif
%changelog
+* Fri May 6 2011 Miroslav Grepl 3.9.16-23
+- Add label for /lib/upstart/init
+- Allow colord to getattr on /proc/scsi/scsi
+- Dontaudit sys_module for ifconfig and irqbalance
+
* Thu May 5 2011 Miroslav Grepl 3.9.16-22
- Make telepathy working with confined users
- Allow colord signal