diff --git a/policy-20100106.patch b/policy-20100106.patch
index 816aab0..b1ecaa3 100644
--- a/policy-20100106.patch
+++ b/policy-20100106.patch
@@ -1,3 +1,75 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.fc serefpolicy-3.6.32/policy/modules/admin/dmesg.fc
+--- nsaserefpolicy/policy/modules/admin/dmesg.fc	2010-01-18 18:24:22.545542516 +0100
++++ serefpolicy-3.6.32/policy/modules/admin/dmesg.fc	2010-02-03 20:56:22.897834567 +0100
+@@ -1,4 +1,3 @@
+ 
+ /bin/dmesg		--		gen_context(system_u:object_r:dmesg_exec_t,s0)
+ 
+-/usr/sbin/mcelog	--		gen_context(system_u:object_r:dmesg_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.fc serefpolicy-3.6.32/policy/modules/admin/mcelog.fc
+--- nsaserefpolicy/policy/modules/admin/mcelog.fc	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/admin/mcelog.fc	2010-02-03 17:54:52.841394806 +0100
+@@ -0,0 +1,2 @@
++
++/usr/sbin/mcelog	--	gen_context(system_u:object_r:mcelog_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.if serefpolicy-3.6.32/policy/modules/admin/mcelog.if
+--- nsaserefpolicy/policy/modules/admin/mcelog.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/admin/mcelog.if	2010-02-03 17:55:31.442144688 +0100
+@@ -0,0 +1,20 @@
++
++## <summary>policy for mcelog</summary>
++
++########################################
++## <summary>
++##	Execute a domain transition to run mcelog.
++## </summary>
++## <param name="domain">
++## <summary>
++##	Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`mcelog_domtrans',`
++	gen_require(`
++		type mcelog_t, mcelog_exec_t;
++	')
++
++	domtrans_pattern($1, mcelog_exec_t, mcelog_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.te serefpolicy-3.6.32/policy/modules/admin/mcelog.te
+--- nsaserefpolicy/policy/modules/admin/mcelog.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/admin/mcelog.te	2010-02-03 17:55:20.114145133 +0100
+@@ -0,0 +1,30 @@
++
++policy_module(mcelog,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type mcelog_t;
++type mcelog_exec_t;
++application_domain(mcelog_t, mcelog_exec_t)
++cron_system_entry(mcelog_t, mcelog_exec_t)
++
++permissive mcelog_t;
++
++########################################
++#
++# mcelog local policy
++#
++
++kernel_read_system_state(mcelog_t)
++
++dev_read_raw_memory(mcelog_t)
++dev_read_kmsg(mcelog_t)
++
++files_read_etc_files(mcelog_t)
++
++miscfiles_read_localization(mcelog_t)
++
++logging_send_syslog_msg(mcelog_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.32/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2010-01-18 18:24:22.564530406 +0100
 +++ serefpolicy-3.6.32/policy/modules/admin/prelink.te	2010-02-01 20:30:49.318160848 +0100
@@ -100,8 +172,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.32/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2010-01-18 18:24:22.594539949 +0100
-+++ serefpolicy-3.6.32/policy/modules/apps/gnome.fc	2010-01-21 18:31:02.867611919 +0100
-@@ -3,6 +3,14 @@
++++ serefpolicy-3.6.32/policy/modules/apps/gnome.fc	2010-02-03 10:39:06.085145272 +0100
+@@ -3,6 +3,15 @@
  HOME_DIR/\.gnome2(/.*)?		gen_context(system_u:object_r:gnome_home_t,s0)
  HOME_DIR/\.local.*		gen_context(system_u:object_r:gconf_home_t,s0)
  HOME_DIR/\.pulse(/.*)?		gen_context(system_u:object_r:gnome_home_t,s0)
@@ -113,19 +185,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root/\.local.*		gen_context(system_u:object_r:gconf_home_t,s0)
 +/root/\.pulse(/.*)?	gen_context(system_u:object_r:gnome_home_t,s0)
 +/root/\.gstreamer-.*	gen_context(system_u:object_r:gstreamer_home_t,s0)
++/root/\.Xdefaults 	--	gen_context(system_u:object_r:gnome_home_t,s0)
  
  /etc/gconf(/.*)?		gen_context(system_u:object_r:gconf_etc_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.6.32/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2010-01-18 18:24:22.595534558 +0100
-+++ serefpolicy-3.6.32/policy/modules/apps/gnome.if	2010-02-02 15:10:12.321068500 +0100
++++ serefpolicy-3.6.32/policy/modules/apps/gnome.if	2010-02-03 22:59:15.907072357 +0100
 @@ -72,6 +72,24 @@
  	domtrans_pattern($1, gconfd_exec_t, gconfd_t)
  ')
  
 +#######################################
 +## <summary>
-+##  Dontaudit search gnome homedir content (.config)
++##  Dontaudit search gnome homedir content 
 +## </summary>
 +## <param name="user_domain">
 +##  <summary>
@@ -190,7 +263,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 +#######################################
 +## <summary>
-+## Read gnome homedir content (.config)
++## Read gnome homedir content
 +## </summary>
 +## <param name="user_domain">
 +## <summary>
@@ -200,10 +273,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +template(`gnome_list_home_config',`
 +	gen_require(`
-+		type config_home_t;
++		type gnome_home_t;
 +	')
 +
-+	allow $1 config_home_t:dir list_dir_perms;
++	allow $1 gnome_home_t:dir list_dir_perms;
 +')
 +
  ########################################
@@ -255,8 +328,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.32/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2010-01-18 18:24:22.596529936 +0100
-+++ serefpolicy-3.6.32/policy/modules/apps/gnome.te	2010-01-21 18:31:15.086614286 +0100
-@@ -7,6 +7,7 @@
++++ serefpolicy-3.6.32/policy/modules/apps/gnome.te	2010-02-03 22:11:10.235822052 +0100
+@@ -7,11 +7,12 @@
  #
  
  attribute gnomedomain;
@@ -264,6 +337,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  type gconf_etc_t;
  files_config_file(gconf_etc_t)
+ 
+-type gconf_home_t;
++type gconf_home_t, gnome_home_type;
+ typealias gconf_home_t alias { user_gconf_home_t staff_gconf_home_t sysadm_gconf_home_t };
+ typealias gconf_home_t alias { auditadm_gconf_home_t secadm_gconf_home_t };
+ typealias gconf_home_t alias unconfined_gconf_home_t;
 @@ -31,12 +32,15 @@
  application_domain(gconfd_t, gconfd_exec_t)
  ubac_constrained(gconfd_t)
@@ -983,7 +1062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ######################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2010-01-18 18:24:22.727540243 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2010-01-27 15:33:53.900626544 +0100
++++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2010-02-03 15:45:55.176148406 +0100
 @@ -96,6 +96,7 @@
  corenet_tcp_connect_ftp_port(abrt_t)
  corenet_tcp_connect_all_ports(abrt_t)
@@ -992,7 +1071,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_urand(abrt_t)
  dev_rw_sysfs(abrt_t)
  dev_dontaudit_read_memory_dev(abrt_t)
-@@ -200,10 +201,13 @@
+@@ -176,6 +177,13 @@
+ 	sssd_stream_connect(abrt_t)
+ ')
+ 
++ifdef(`hide_broken_symptoms', `
++	gen_require(`
++        attribute domain;
++	')
++	allow abrt_t domain:file write;
++')
++
+ permissive abrt_t;
+ 
+ ########################################
+@@ -200,10 +208,13 @@
  files_read_etc_files(abrt_helper_t)
  files_dontaudit_all_non_security_leaks(abrt_helper_t)
  
@@ -1116,7 +1209,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Do not audit attempts to read and write Apache
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.32/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2010-01-18 18:24:22.739530246 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/apache.te	2010-02-02 14:56:02.348068014 +0100
++++ serefpolicy-3.6.32/policy/modules/services/apache.te	2010-02-03 20:16:18.858822145 +0100
 @@ -309,7 +309,7 @@
  manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
  manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
@@ -1126,6 +1219,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Allow the httpd_t to read the web servers config files
  allow httpd_t httpd_config_t:dir list_dir_perms;
+@@ -363,10 +363,10 @@
+ manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
+ files_var_lib_filetrans(httpd_t, httpd_var_lib_t, file)
+ 
+-setattr_dirs_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
++manage_dirs_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
+ manage_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
+ manage_sock_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
+-files_pid_filetrans(httpd_t, httpd_var_run_t, { file sock_file })
++files_pid_filetrans(httpd_t, httpd_var_run_t, { file sock_file dir })
+ 
+ manage_dirs_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
+ manage_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
 @@ -400,6 +400,7 @@
  dev_rw_crypto(httpd_t)
  
@@ -1229,13 +1335,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.32/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2010-01-18 18:24:22.769530360 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/cron.te	2010-01-29 09:59:49.239614360 +0100
++++ serefpolicy-3.6.32/policy/modules/services/cron.te	2010-02-03 21:39:39.157822554 +0100
 @@ -323,6 +323,10 @@
  	udev_read_db(crond_t)
  ')
  
 +optional_policy(`
-+	mta_system_content(cron_var_run_t)
++	mta_system_content(crond_var_run_t)
 +')
 +
  ########################################
@@ -2202,6 +2308,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.32/policy/modules/services/setroubleshoot.te
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2010-01-18 18:24:22.891530024 +0100
++++ serefpolicy-3.6.32/policy/modules/services/setroubleshoot.te	2010-02-03 22:59:41.283821731 +0100
+@@ -177,6 +177,10 @@
+ userdom_signull_unpriv_users(setroubleshoot_fixit_t)
+ 
+ optional_policy(`
++	gnome_dontaudit_search_config(setroubleshoot_fixit_t)
++')
++
++optional_policy(`
+ 	rpm_signull(setroubleshoot_fixit_t)
+ 	rpm_read_db(setroubleshoot_fixit_t)
+ 	rpm_dontaudit_manage_db(setroubleshoot_fixit_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.32/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2010-01-18 18:24:22.892539860 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/snmp.te	2010-01-19 14:20:15.303858953 +0100
@@ -2676,10 +2796,42 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  logging_send_syslog_msg(tgtd_t)
  
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.fc serefpolicy-3.6.32/policy/modules/services/tuned.fc
+--- nsaserefpolicy/policy/modules/services/tuned.fc	2010-01-18 18:24:22.907534364 +0100
++++ serefpolicy-3.6.32/policy/modules/services/tuned.fc	2010-02-03 17:28:43.165143461 +0100
+@@ -3,4 +3,7 @@
+ 
+ /usr/sbin/tuned			--	gen_context(system_u:object_r:tuned_exec_t,s0)
+ 
++/var/log/tuned(/.*)?      	gen_context(system_u:object_r:tuned_log_t,s0)
++/var/log/tuned\.log    	--  gen_context(system_u:object_r:tuned_log_t,s0)
++
+ /var/run/tuned\.pid		--	gen_context(system_u:object_r:tuned_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.6.32/policy/modules/services/tuned.te
 --- nsaserefpolicy/policy/modules/services/tuned.te	2010-01-18 18:24:22.909530847 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/tuned.te	2010-02-02 19:06:55.670067778 +0100
-@@ -36,7 +36,7 @@
++++ serefpolicy-3.6.32/policy/modules/services/tuned.te	2010-02-03 17:35:32.298159249 +0100
+@@ -13,6 +13,9 @@
+ type tuned_initrc_exec_t;
+ init_script_file(tuned_initrc_exec_t)
+ 
++type tuned_log_t;
++logging_log_file(tuned_log_t)
++
+ type tuned_var_run_t;
+ files_pid_file(tuned_var_run_t)
+ 
+@@ -26,6 +29,10 @@
+ dontaudit tuned_t self:capability { dac_override sys_tty_config };
+ allow tuned_t self:fifo_file rw_fifo_file_perms;
+ 
++manage_dirs_pattern(tuned_t, tuned_log_t, tuned_log_t)
++manage_files_pattern(tuned_t, tuned_log_t, tuned_log_t)
++logging_log_filetrans(tuned_t, tuned_log_t, file)
++
+ manage_files_pattern(tuned_t, tuned_var_run_t, tuned_var_run_t)
+ files_pid_filetrans(tuned_t, tuned_var_run_t, { file })
+ 
+@@ -36,7 +43,7 @@
  kernel_read_system_state(tuned_t)
  
  dev_read_sysfs(tuned_t)
@@ -2768,7 +2920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.te serefpolicy-3.6.32/policy/modules/services/usbmuxd.te
 --- nsaserefpolicy/policy/modules/services/usbmuxd.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/usbmuxd.te	2010-02-02 18:58:37.916068136 +0100
++++ serefpolicy-3.6.32/policy/modules/services/usbmuxd.te	2010-02-02 19:28:04.029318349 +0100
 @@ -0,0 +1,44 @@
 +
 +policy_module(usbmuxd,1.0.0)
@@ -2793,7 +2945,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +
 +allow usbmuxd_t self:capability { kill setgid setuid };
-+allow usbmuxd_t self:process { fork signal signull };
++allow usbmuxd_t self:process { fork };
 +
 +# Init script handling
 +domain_use_interactive_fds(usbmuxd_t)
@@ -2845,7 +2997,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_rw_kvm(virt_domain)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.32/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2010-01-18 18:24:22.917530119 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.fc	2010-02-01 14:37:29.435332322 +0100
++++ serefpolicy-3.6.32/policy/modules/services/xserver.fc	2010-02-03 14:24:48.062145095 +0100
 @@ -65,6 +65,8 @@
  /usr/(s)?bin/[xgkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
  /usr/bin/gpe-dm		--	gen_context(system_u:object_r:xdm_exec_t,s0)
@@ -2863,7 +3015,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/nvidia-installer\.log.* --	gen_context(system_u:object_r:xserver_log_t,s0)
  
  /var/spool/gdm(/.*)?	 	gen_context(system_u:object_r:xdm_spool_t,s0)
-@@ -116,6 +119,9 @@
+@@ -116,7 +119,11 @@
  /var/run/[gx]dm\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
  /var/run/xdmctl(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
  /var/run/xauth(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
@@ -2871,11 +3023,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/lxdm\.auth -- 	gen_context(system_u:object_r:xdm_var_run_t,s0)
 +/var/run/lxdm(/*.)?  	gen_context(system_u:object_r:xdm_var_run_t,s0)   
  /var/run/slim\.auth	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
++/var/run/slim.*  	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
  
  /var/run/video.rom	--	gen_context(system_u:object_r:xserver_var_run_t,s0)
+ /var/run/xorg(/.*)?		gen_context(system_u:object_r:xserver_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.32/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2010-01-18 18:24:22.923530253 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.te	2010-02-01 17:25:59.218331954 +0100
++++ serefpolicy-3.6.32/policy/modules/services/xserver.te	2010-02-03 10:39:48.878145130 +0100
 @@ -301,6 +301,9 @@
  manage_files_pattern(xauth_t, xauth_tmp_t, xauth_tmp_t)
  files_tmp_filetrans(xauth_t, xauth_tmp_t, { file dir })
@@ -2886,7 +3040,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  domain_use_interactive_fds(xauth_t)
  
  dev_rw_xserver_misc(xauth_t)
-@@ -309,7 +312,10 @@
+@@ -309,8 +312,12 @@
  files_read_usr_files(xauth_t)
  files_search_pids(xauth_t)
  files_dontaudit_getattr_all_dirs(xauth_t)
@@ -2895,9 +3049,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 +fs_dontaudit_leaks(xauth_t)
  fs_getattr_all_fs(xauth_t)
++fs_read_nfs_symlinks(xauth_t)
  fs_search_auto_mountpoints(xauth_t)
  
-@@ -506,6 +512,7 @@
+ # cjp: why?
+@@ -506,6 +513,7 @@
  dev_dontaudit_rw_misc(xdm_t)
  dev_getattr_video_dev(xdm_t)
  dev_setattr_video_dev(xdm_t)
@@ -2905,7 +3061,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_getattr_scanner_dev(xdm_t)
  dev_setattr_scanner_dev(xdm_t)
  dev_read_sound(xdm_t)
-@@ -582,6 +589,7 @@
+@@ -582,6 +590,7 @@
  userdom_read_all_users_state(xdm_t)
  userdom_signal_all_users(xdm_t)
  userdom_stream_connect(xdm_t)
@@ -2913,7 +3069,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_manage_user_tmp_dirs(xdm_t)
  userdom_manage_user_tmp_sockets(xdm_t)
  userdom_manage_tmpfs_role(system_r, xdm_t)
-@@ -668,6 +676,7 @@
+@@ -668,6 +677,7 @@
  
  optional_policy(`
  	gnome_read_gconf_config(xdm_t)
@@ -2921,7 +3077,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -675,6 +684,10 @@
+@@ -675,6 +685,10 @@
  ')
  
  optional_policy(`
@@ -2932,7 +3088,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	loadkeys_exec(xdm_t)
  ')
  
-@@ -712,6 +725,7 @@
+@@ -712,6 +726,7 @@
  optional_policy(`
  	pulseaudio_exec(xdm_t)
  	pulseaudio_dbus_chat(xdm_t)
@@ -2940,6 +3096,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  # On crash gdm execs gdb to dump stack
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.32/policy/modules/system/application.te
+--- nsaserefpolicy/policy/modules/system/application.te	2010-01-18 18:24:22.925530368 +0100
++++ serefpolicy-3.6.32/policy/modules/system/application.te	2010-02-03 15:31:03.649144986 +0100
+@@ -15,6 +15,10 @@
+ files_dontaudit_search_all_dirs(application_domain_type)
+ 
+ optional_policy(`
++	afs_rw_udp_sockets(application_domain_type)
++')
++
++optional_policy(`
+ 	ssh_sigchld(application_domain_type)
+ 	ssh_rw_stream_sockets(application_domain_type)
+ ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.32/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2010-01-18 18:24:22.930540014 +0100
 +++ serefpolicy-3.6.32/policy/modules/system/fstools.fc	2010-01-27 18:13:10.349614395 +0100
@@ -2989,8 +3159,51 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.32/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2010-01-18 18:24:22.933540325 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/init.if	2010-02-02 15:33:20.194067768 +0100
-@@ -1686,3 +1686,25 @@
++++ serefpolicy-3.6.32/policy/modules/system/init.if	2010-02-03 22:20:50.365821844 +0100
+@@ -165,6 +165,7 @@
+ 		type init_t;
+ 		role system_r;
+ 		attribute daemon;
++		attribute initrc_transition_domain;
+ 	')
+ 
+ 	typeattribute $1 daemon;
+@@ -180,6 +181,7 @@
+ 	# Handle upstart direct transition to a executable
+ 	domtrans_pattern(init_t,$2,$1)
+ 	allow init_t $1:process siginh;
++	allow $1 initrc_transition_domain:fifo_file rw_inherited_fifo_file_perms;
+ 
+ 	# daemons started from init will
+ 	# inherit fds from init for the console
+@@ -273,6 +275,7 @@
+ 	gen_require(`
+ 		type initrc_t;
+ 		role system_r;
++		attribute initrc_transition_domain;
+ 	')
+ 
+ 	application_domain($1,$2)
+@@ -281,6 +284,7 @@
+ 
+ 	domtrans_pattern(initrc_t,$2,$1)
+ 	allow initrc_t $1:process siginh;
++	allow $1 initrc_transition_domain:fifo_file rw_inherited_fifo_file_perms;
+ 
+ 	ifdef(`hide_broken_symptoms',`
+ 		# RHEL4 systems seem to have a stray
+@@ -775,8 +779,10 @@
+ interface(`init_labeled_script_domtrans',`
+ 	gen_require(`
+ 		type initrc_t;
++		attribute initrc_transition_domain;
+ 	')
+ 
++	typeattribute $1 initrc_transition_domain;
+ 	domtrans_pattern($1, $2, initrc_t)
+ 	files_search_etc($1)
+ ')
+@@ -1686,3 +1692,26 @@
  	allow $1 initrc_t:sem rw_sem_perms;
  ')
  
@@ -3010,6 +3223,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +
 +	dontaudit $1 initrc_t:tcp_socket { read write };
++	dontaudit $1 initrc_t:udp_socket { read write };
 +	dontaudit $1 initrc_t:unix_dgram_socket { read write };
 +	dontaudit $1 initrc_t:unix_stream_socket { read write };
 +	dontaudit $1 initrc_t:shm rw_shm_perms;
@@ -3018,8 +3232,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +') 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.32/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2010-01-18 18:24:22.936530091 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/init.te	2010-01-18 18:27:02.782531248 +0100
-@@ -212,6 +212,10 @@
++++ serefpolicy-3.6.32/policy/modules/system/init.te	2010-02-03 22:20:55.858821762 +0100
+@@ -40,6 +40,7 @@
+ attribute init_script_domain_type;
+ attribute init_script_file_type;
+ attribute init_run_all_scripts_domain;
++attribute initrc_transition_domain;
+ 
+ # Mark process types as daemons
+ attribute daemon;
+@@ -212,6 +213,10 @@
  ')
  
  optional_policy(`
@@ -3030,7 +3252,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	# /var/run/dovecot/login/ssl-parameters.dat is a hard link to
  	# /var/lib/dovecot/ssl-parameters.dat and init tries to clean up
  	# the directory. But we do not want to allow this.
-@@ -872,6 +876,7 @@
+@@ -872,6 +877,7 @@
  
  optional_policy(`
  	unconfined_domain(initrc_t)
@@ -3316,6 +3538,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_kernel_sysctls(dhcpc_t)
  kernel_request_load_module(dhcpc_t)
  kernel_use_fds(dhcpc_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.32/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te	2010-01-18 18:24:22.973540245 +0100
++++ serefpolicy-3.6.32/policy/modules/system/udev.te	2010-02-03 14:37:00.939144600 +0100
+@@ -273,6 +273,10 @@
+ ')
+ 
+ optional_policy(`
++	usbmuxd_domtrans(udev_t)
++')
++
++optional_policy(`
+ 	vbetool_domtrans(udev_t)
+ ')
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.32/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2010-01-18 18:24:22.975530582 +0100
 +++ serefpolicy-3.6.32/policy/modules/system/unconfined.if	2010-01-18 18:27:02.790542463 +0100