diff --git a/policy-20071130.patch b/policy-20071130.patch
index b0ffc66..e1b7d9b 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -1600,6 +1600,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.3.1
  
  
  #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.3.1/policy/modules/admin/alsa.te
+--- nsaserefpolicy/policy/modules/admin/alsa.te	2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/alsa.te	2008-09-15 14:54:38.000000000 -0400
+@@ -48,6 +48,7 @@
+ 
+ files_search_home(alsa_t)
+ files_read_etc_files(alsa_t)
++files_read_usr_files(alsa_t)
+ 
+ auth_use_nsswitch(alsa_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-3.3.1/policy/modules/admin/amanda.fc
 --- nsaserefpolicy/policy/modules/admin/amanda.fc	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc	2008-09-08 11:45:12.000000000 -0400
@@ -1613,7 +1624,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te
 --- nsaserefpolicy/policy/modules/admin/amanda.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2008-09-16 11:22:18.000000000 -0400
 @@ -82,8 +82,9 @@
  allow amanda_t amanda_config_t:file { getattr read };
  
@@ -1635,7 +1646,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
  
  manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
  manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
-@@ -146,6 +147,8 @@
+@@ -128,6 +129,8 @@
+ corenet_tcp_bind_all_nodes(amanda_t)
+ corenet_udp_bind_all_nodes(amanda_t)
+ corenet_tcp_bind_all_rpc_ports(amanda_t)
++corenet_tcp_bind_generic_port(amanda_t)
++corenet_dontaudit_tcp_bind_all_ports(amanda_t)
+ 
+ dev_getattr_all_blk_files(amanda_t)
+ dev_getattr_all_chr_files(amanda_t)
+@@ -146,6 +149,8 @@
  fs_list_all(amanda_t)
  
  storage_raw_read_fixed_disk(amanda_t)
@@ -1644,7 +1664,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
  
  # Added for targeted policy
  term_use_unallocated_ttys(amanda_t)
-@@ -220,6 +223,7 @@
+@@ -220,6 +225,7 @@
  auth_use_nsswitch(amanda_recover_t)
  
  fstools_domtrans(amanda_t)
@@ -2845,7 +2865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.3.1/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.te	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.te	2008-09-16 09:14:37.000000000 -0400
 @@ -31,6 +31,9 @@
  files_type(rpm_var_lib_t)
  typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -2856,7 +2876,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  type rpm_script_t;
  type rpm_script_exec_t;
  domain_obj_id_change_exemption(rpm_script_t)
-@@ -89,6 +92,9 @@
+@@ -52,7 +55,7 @@
+ # rpm Local policy
+ #
+ 
+-allow rpm_t self:capability { chown dac_override fowner fsetid setgid setuid sys_chroot sys_tty_config mknod };
++allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock setgid setuid sys_chroot sys_nice sys_tty_config mknod };
+ allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+ allow rpm_t self:process { getattr setexec setfscreate setrlimit };
+ allow rpm_t self:fd use;
+@@ -89,8 +92,12 @@
  manage_files_pattern(rpm_t,rpm_var_lib_t,rpm_var_lib_t)
  files_var_lib_filetrans(rpm_t,rpm_var_lib_t,dir)
  
@@ -2865,8 +2894,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
 +
  kernel_read_system_state(rpm_t)
  kernel_read_kernel_sysctls(rpm_t)
++kernel_read_network_state_symlinks(rpm_t)
  
-@@ -179,7 +185,17 @@
+ corecmd_exec_all_executables(rpm_t)
+ 
+@@ -117,6 +124,7 @@
+ fs_manage_nfs_symlinks(rpm_t)
+ fs_getattr_all_fs(rpm_t)
+ fs_search_auto_mountpoints(rpm_t)
++fs_list_inotifyfs(rpm_t)
+ 
+ mls_file_read_all_levels(rpm_t)
+ mls_file_write_all_levels(rpm_t)
+@@ -179,7 +187,17 @@
  ')
  
  optional_policy(`
@@ -2885,7 +2925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  ')
  
  optional_policy(`
-@@ -190,6 +206,7 @@
+@@ -190,6 +208,7 @@
  	unconfined_domain(rpm_t)
  	# yum-updatesd requires this
  	unconfined_dbus_chat(rpm_t)
@@ -2893,16 +2933,42 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  ')
  
  ifdef(`TODO',`
-@@ -216,7 +233,7 @@
+@@ -215,8 +234,8 @@
+ # rpm-script Local policy
  #
  
- allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
+-allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
 -allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
++allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_admin sys_chroot sys_ptrace sys_nice mknod kill };
 +allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execheap };
  allow rpm_script_t self:fd use;
  allow rpm_script_t self:fifo_file rw_fifo_file_perms;
  allow rpm_script_t self:unix_dgram_socket create_socket_perms;
-@@ -317,6 +334,7 @@
+@@ -227,12 +246,15 @@
+ allow rpm_script_t self:sem create_sem_perms;
+ allow rpm_script_t self:msgq create_msgq_perms;
+ allow rpm_script_t self:msg { send receive };
++allow rpm_script_t self:netlink_kobject_uevent_socket create_socket_perms;
+ 
+ allow rpm_script_t rpm_tmp_t:file read_file_perms;
+ 
+ allow rpm_script_t rpm_script_tmp_t:dir mounton;
+ manage_dirs_pattern(rpm_script_t,rpm_script_tmp_t,rpm_script_tmp_t)
+ manage_files_pattern(rpm_script_t,rpm_script_tmp_t,rpm_script_tmp_t)
++manage_blk_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
++manage_chr_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
+ files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
+ 
+ manage_dirs_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
+@@ -298,6 +320,7 @@
+ files_exec_etc_files(rpm_script_t)
+ files_read_etc_runtime_files(rpm_script_t)
+ files_exec_usr_files(rpm_script_t)
++files_relabel_all_files(rpm_script_t)
+ 
+ init_domtrans_script(rpm_script_t)
+ 
+@@ -317,6 +340,7 @@
  seutil_domtrans_loadpolicy(rpm_script_t)
  seutil_domtrans_setfiles(rpm_script_t)
  seutil_domtrans_semanage(rpm_script_t)
@@ -2910,7 +2976,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  userdom_use_all_users_fds(rpm_script_t)
  
-@@ -342,6 +360,7 @@
+@@ -335,6 +359,10 @@
+ ')
+ 
+ optional_policy(`
++	lvm_domtrans(rpm_script_t)
++')
++
++optional_policy(`
+ 	tzdata_domtrans(rpm_t)
+ 	tzdata_domtrans(rpm_script_t)
+ ')
+@@ -342,6 +370,7 @@
  optional_policy(`
  	unconfined_domain(rpm_script_t)
  	unconfined_domtrans(rpm_script_t)
@@ -2918,7 +2995,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  	optional_policy(`
  		java_domtrans(rpm_script_t)
-@@ -353,6 +372,11 @@
+@@ -353,6 +382,11 @@
  ')
  
  optional_policy(`
@@ -3675,7 +3752,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
  /usr/libexec/gconfd-2 	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.3.1/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.if	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.if	2008-09-15 14:56:50.000000000 -0400
 @@ -33,9 +33,60 @@
  ## </param>
  #
@@ -3875,7 +3952,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
  ##	manage gnome homedir content (.config)
  ## </summary>
  ## <param name="userdomain_prefix">
-@@ -186,9 +278,29 @@
+@@ -186,9 +278,30 @@
  #
  template(`gnome_manage_user_gnome_config',`
  	gen_require(`
@@ -3885,6 +3962,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
 +
 +	manage_dirs_pattern($2, user_gnome_home_t, user_gnome_home_t)
 +	manage_files_pattern($2, user_gnome_home_t, user_gnome_home_t)
++	manage_lnk_files_pattern($2, user_gnome_home_t, user_gnome_home_t)
 +')
 +
 +########################################
@@ -5781,7 +5859,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
 +HOME_DIR/\.mplayer(/.*)?        gen_context(system_u:object_r:user_mplayer_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.3.1/policy/modules/apps/mplayer.if
 --- nsaserefpolicy/policy/modules/apps/mplayer.if	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if	2008-09-15 13:04:22.000000000 -0400
 @@ -35,6 +35,7 @@
  template(`mplayer_per_role_template',`
  	gen_require(`
@@ -6315,8 +6393,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-09-08 11:45:12.000000000 -0400
-@@ -0,0 +1,230 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-09-15 13:10:07.000000000 -0400
+@@ -0,0 +1,232 @@
 +
 +policy_module(nsplugin,1.0.0)
 +
@@ -6395,6 +6473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +dev_read_video_dev(nsplugin_t)
 +dev_write_video_dev(nsplugin_t)
 +dev_getattr_dri_dev(nsplugin_t)
++dev_rwx_zero(nsplugin_t)
 +
 +kernel_read_kernel_sysctls(nsplugin_t)
 +kernel_read_system_state(nsplugin_t)
@@ -6458,6 +6537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +
 +optional_policy(`
 +	mplayer_exec(nsplugin_t)
++	mplayer_read_user_home_files(user, nsplugin_t)
 +')
 +
 +optional_policy(`
@@ -6481,7 +6561,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +# nsplugin_config local policy
 +#
 +
-+allow nsplugin_config_t self:capability { sys_nice setuid setgid };
++allow nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
 +allow nsplugin_config_t self:process { setsched sigkill getsched execmem };
 +
 +allow nsplugin_config_t self:fifo_file rw_file_perms;
@@ -13526,7 +13606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.3.1/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/cron.if	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cron.if	2008-09-12 13:45:31.000000000 -0400
 @@ -35,38 +35,24 @@
  #
  template(`cron_per_role_template',`
@@ -14390,7 +14470,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.3.1/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/cups.te	2008-09-08 11:55:51.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cups.te	2008-09-12 13:42:32.000000000 -0400
 @@ -43,14 +43,13 @@
  
  type cupsd_var_run_t;
@@ -26933,8 +27013,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
  userdom_dontaudit_search_sysadm_home_dirs(fsdaemon_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.3.1/policy/modules/services/snmp.fc
 --- nsaserefpolicy/policy/modules/services/snmp.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.fc	2008-09-08 11:45:13.000000000 -0400
-@@ -17,3 +17,6 @@
++++ serefpolicy-3.3.1/policy/modules/services/snmp.fc	2008-09-15 12:30:57.000000000 -0400
+@@ -8,6 +8,7 @@
+ #
+ # /var
+ #
++/var/agentx(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+ /var/lib/net-snmp(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+ /var/lib/snmp(/.*)?		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+ 
+@@ -17,3 +18,6 @@
  
  /var/run/snmpd		-d	gen_context(system_u:object_r:snmpd_var_run_t,s0)
  /var/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
@@ -32929,8 +33017,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.te	2008-09-08 11:45:13.000000000 -0400
-@@ -69,8 +69,8 @@
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te	2008-09-12 11:17:23.000000000 -0400
+@@ -55,11 +55,12 @@
+ 
+ allow ipsec_t self:capability { net_admin dac_override dac_read_search };
+ dontaudit ipsec_t self:capability sys_tty_config;
+-allow ipsec_t self:process signal;
++allow ipsec_t self:process { signal setsched };
+ allow ipsec_t self:netlink_route_socket r_netlink_socket_perms;
+ allow ipsec_t self:tcp_socket create_stream_socket_perms;
+ allow ipsec_t self:key_socket { create write read setopt };
+ allow ipsec_t self:fifo_file { read getattr };
++allow ipsec_t self:netlink_xfrm_socket create_socket_perms;
+ 
+ allow ipsec_t ipsec_conf_file_t:dir list_dir_perms;
+ read_files_pattern(ipsec_t,ipsec_conf_file_t,ipsec_conf_file_t)
+@@ -69,8 +70,8 @@
  read_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
  read_lnk_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
  
@@ -33526,7 +33628,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.3.1/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/logging.te	2008-09-08 11:45:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.te	2008-09-15 13:03:33.000000000 -0400
 @@ -61,10 +61,29 @@
  logging_log_file(var_log_t)
  files_mountpoint(var_log_t)
@@ -33565,7 +33667,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  domain_read_all_domains_state(auditctl_t)
  domain_use_interactive_fds(auditctl_t)
  
-@@ -158,9 +178,12 @@
+@@ -112,6 +132,7 @@
+ allow auditd_t self:file { getattr read write };
+ allow auditd_t self:unix_dgram_socket create_socket_perms;
+ allow auditd_t self:fifo_file rw_file_perms;
++allow auditd_t self:tcp_socket create_stream_socket_perms;
+ 
+ allow auditd_t auditd_etc_t:dir list_dir_perms;
+ allow auditd_t auditd_etc_t:file read_file_perms;
+@@ -133,9 +154,18 @@
+ 
+ fs_getattr_all_fs(auditd_t)
+ fs_search_auto_mountpoints(auditd_t)
++fs_rw_anon_inodefs_files(auditd_t)
+ 
+ selinux_search_fs(auditctl_t)
+ 
++corenet_all_recvfrom_unlabeled(auditd_t)
++corenet_all_recvfrom_netlabel(auditd_t)
++corenet_tcp_sendrecv_all_if(auditd_t)
++corenet_tcp_sendrecv_all_nodes(auditd_t)
++corenet_tcp_sendrecv_all_ports(auditd_t)
++corenet_tcp_bind_all_nodes(auditd_t)
++corenet_tcp_bind_audit_port(auditd_t)
++
+ # Needs to be able to run dispatcher.  see /etc/audit/auditd.conf
+ # Probably want a transition, and a new auditd_helper app
+ corecmd_exec_bin(auditd_t)
+@@ -158,9 +188,12 @@
  
  mls_file_read_all_levels(auditd_t)
  mls_file_write_all_levels(auditd_t) # Need to be able to write to /var/run/ directory
@@ -33578,7 +33707,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  userdom_dontaudit_use_unpriv_user_fds(auditd_t)
  userdom_dontaudit_search_sysadm_home_dirs(auditd_t)
  
-@@ -171,6 +194,10 @@
+@@ -171,6 +204,10 @@
  ')
  
  optional_policy(`
@@ -33589,7 +33718,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  	seutil_sigchld_newrole(auditd_t)
  ')
  
-@@ -208,6 +235,7 @@
+@@ -208,6 +245,7 @@
  
  fs_getattr_all_fs(klogd_t)
  fs_search_auto_mountpoints(klogd_t)
@@ -33597,7 +33726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  
  domain_use_interactive_fds(klogd_t)
  
-@@ -252,7 +280,6 @@
+@@ -252,7 +290,6 @@
  dontaudit syslogd_t self:capability sys_tty_config;
  # setpgid for metalog
  allow syslogd_t self:process { signal_perms setpgid };
@@ -33605,7 +33734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  # receive messages to be logged
  allow syslogd_t self:unix_dgram_socket create_socket_perms;
  allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -262,7 +289,7 @@
+@@ -262,7 +299,7 @@
  allow syslogd_t self:tcp_socket create_stream_socket_perms;
  
  allow syslogd_t syslog_conf_t:file read_file_perms;
@@ -33614,7 +33743,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  # Create and bind to /dev/log or /var/run/log.
  allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
  files_pid_filetrans(syslogd_t,devlog_t,sock_file)
-@@ -274,6 +301,9 @@
+@@ -274,6 +311,9 @@
  # Allow access for syslog-ng
  allow syslogd_t var_log_t:dir { create setattr };
  
@@ -33624,7 +33753,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  # manage temporary files
  manage_dirs_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
  manage_files_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
-@@ -289,12 +319,14 @@
+@@ -289,12 +329,14 @@
  manage_files_pattern(syslogd_t,syslogd_var_run_t,syslogd_var_run_t)
  files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
  
@@ -33639,7 +33768,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  
  dev_filetrans(syslogd_t,devlog_t,sock_file)
  dev_read_sysfs(syslogd_t)
-@@ -327,6 +359,8 @@
+@@ -327,6 +369,8 @@
  # Allow users to define additional syslog ports to connect to
  corenet_tcp_bind_syslogd_port(syslogd_t)
  corenet_tcp_connect_syslogd_port(syslogd_t)
@@ -33648,7 +33777,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  
  # syslog-ng can send or receive logs
  corenet_sendrecv_syslogd_client_packets(syslogd_t)
-@@ -339,19 +373,20 @@
+@@ -339,19 +383,20 @@
  domain_use_interactive_fds(syslogd_t)
  
  files_read_etc_files(syslogd_t)
@@ -33671,7 +33800,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  miscfiles_read_localization(syslogd_t)
  
  userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
-@@ -380,15 +415,11 @@
+@@ -380,15 +425,11 @@
  ')
  
  optional_policy(`
@@ -33689,7 +33818,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  optional_policy(`
-@@ -399,3 +430,67 @@
+@@ -399,3 +440,67 @@
  	# log to the xconsole
  	xserver_rw_console(syslogd_t)
  ')