diff --git a/policy-20071130.patch b/policy-20071130.patch
index b60cd16d..fa11367d 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -972,7 +972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.2.5/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2007-05-18 11:12:44.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/admin/rpm.if	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/admin/rpm.if	2008-01-29 10:17:11.000000000 -0500
 @@ -152,6 +152,24 @@
  
  ########################################
@@ -1276,7 +1276,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
  		java_domtrans(rpm_script_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.2.5/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2007-12-04 11:02:51.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/admin/sudo.if	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/admin/sudo.if	2008-01-29 16:49:45.000000000 -0500
 @@ -55,7 +55,7 @@
  	#
  
@@ -1286,7 +1286,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  	allow $1_sudo_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  	allow $1_sudo_t self:process { setexec setrlimit };
  	allow $1_sudo_t self:fd use;
-@@ -68,27 +68,26 @@
+@@ -68,33 +68,32 @@
  	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
  	allow $1_sudo_t self:unix_dgram_socket sendto;
  	allow $1_sudo_t self:unix_stream_socket connectto;
@@ -1316,7 +1316,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  	# sudo stores a token in the pam_pid directory
  	auth_manage_pam_pid($1_sudo_t)
  	auth_use_nsswitch($1_sudo_t)
-@@ -106,12 +105,14 @@
+ 
+ 	corecmd_read_bin_symlinks($1_sudo_t)
+-	corecmd_getattr_all_executables($1_sudo_t)
++	corecmd_exec_all_executables($1_sudo_t)
+ 
+ 	domain_use_interactive_fds($1_sudo_t)
+ 	domain_sigchld_interactive_fds($1_sudo_t)
+@@ -106,16 +105,20 @@
  	files_getattr_usr_files($1_sudo_t)
  	# for some PAM modules and for cwd
  	files_dontaudit_search_home($1_sudo_t)
@@ -1331,7 +1338,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  	logging_send_syslog_msg($1_sudo_t)
  
  	miscfiles_read_localization($1_sudo_t)
-@@ -125,13 +126,4 @@
+ 
++	mta_per_role_template($1, $1_sudo_t, $3)
++
+ 	userdom_manage_user_home_content_files($1,$1_sudo_t)
+ 	userdom_manage_user_home_content_symlinks($1,$1_sudo_t)
+ 	userdom_manage_user_tmp_files($1,$1_sudo_t)
+@@ -125,13 +128,12 @@
  	# for some PAM modules and for cwd
  	userdom_dontaudit_search_all_users_home_content($1_sudo_t)
  
@@ -1344,6 +1357,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
 -	')
 -
 -	') dnl end TODO
++	domain_role_change_exemption($1_sudo_t)
++	userdom_spec_domtrans_all_users($1_sudo_t)
++	selinux_validate_context($1_sudo_t)
++	selinux_compute_relabel_context($1_sudo_t)
++	term_use_all_user_ttys($1_sudo_t)
++	term_use_all_user_ptys($1_sudo_t)
++	term_relabel_all_user_ttys($1_sudo_t)
++	term_relabel_all_user_ptys($1_sudo_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.2.5/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2007-10-12 08:56:09.000000000 -0400
@@ -4777,7 +4798,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.2.5/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2007-11-14 08:17:58.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/kernel/corecommands.if	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/kernel/corecommands.if	2008-01-29 16:49:06.000000000 -0500
 @@ -875,6 +875,7 @@
  
  	read_lnk_files_pattern($1,bin_t,bin_t)
@@ -8076,7 +8097,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +/var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.2.5/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/consolekit.te	2008-01-28 11:46:35.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/consolekit.te	2008-01-29 13:05:07.000000000 -0500
 @@ -13,6 +13,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -8131,7 +8152,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  	hal_dbus_chat(consolekit_t)
  
  	optional_policy(`
-@@ -67,3 +86,14 @@
+@@ -64,6 +83,21 @@
+ ')
+ 
+ optional_policy(`
++	polkit_domtrans_auth(consolekit_t)
++')
++
++optional_policy(`
  	xserver_read_all_users_xauth(consolekit_t)
  	xserver_stream_connect_xdm_xserver(consolekit_t)
  ')
@@ -9443,7 +9471,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.2.5/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/dbus.if	2008-01-25 14:07:09.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/dbus.if	2008-01-29 10:21:26.000000000 -0500
 @@ -53,6 +53,7 @@
  	gen_require(`
  		type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -9666,7 +9694,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.2.5/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/dbus.te	2008-01-18 14:09:36.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/dbus.te	2008-01-29 10:21:10.000000000 -0500
 @@ -9,6 +9,7 @@
  #
  # Delcarations
@@ -9675,6 +9703,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  
  type dbusd_etc_t alias etc_dbusd_t;
  files_type(dbusd_etc_t)
+@@ -21,7 +22,7 @@
+ files_tmp_file(system_dbusd_tmp_t)
+ 
+ type system_dbusd_var_lib_t;
+-files_pid_file(system_dbusd_var_lib_t)
++files_type(system_dbusd_var_lib_t)
+ 
+ type system_dbusd_var_run_t;
+ files_pid_file(system_dbusd_var_run_t)
 @@ -65,6 +66,7 @@
  
  fs_getattr_all_fs(system_dbusd_t)
@@ -9952,8 +9989,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.2.5/policy/modules/services/dhcp.te
 --- nsaserefpolicy/policy/modules/services/dhcp.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/dhcp.te	2008-01-18 12:40:46.000000000 -0500
-@@ -19,6 +19,9 @@
++++ serefpolicy-3.2.5/policy/modules/services/dhcp.te	2008-01-29 08:02:57.000000000 -0500
+@@ -19,18 +19,20 @@
  type dhcpd_var_run_t;
  files_pid_file(dhcpd_var_run_t)
  
@@ -9963,7 +10000,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
  ########################################
  #
  # Local policy
-@@ -30,7 +33,6 @@
+ #
+ 
+-allow dhcpd_t self:capability net_raw;
++allow dhcpd_t self:capability { net_raw sys_resource };
+ dontaudit dhcpd_t self:capability { net_admin sys_tty_config };
+ allow dhcpd_t self:process signal_perms;
  allow dhcpd_t self:fifo_file { read write getattr };
  allow dhcpd_t self:unix_dgram_socket create_socket_perms;
  allow dhcpd_t self:unix_stream_socket create_socket_perms;
@@ -11986,7 +12028,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.2.5/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/mailman.te	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/mailman.te	2008-01-29 09:37:11.000000000 -0500
 @@ -53,10 +53,9 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -12000,11 +12042,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ')
  
  ########################################
-@@ -65,6 +64,10 @@
+@@ -65,6 +64,11 @@
  #
  
  allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
 +allow mailman_mail_t initrc_t:process signal;
++allow mailman_mail_t self:process signal;
 +allow mailman_mail_t self:capability { setuid setgid };
 +
 +files_search_spool(mailman_mail_t)
@@ -13950,7 +13993,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.2.5/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/polkit.if	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/polkit.if	2008-01-29 13:04:40.000000000 -0500
 @@ -0,0 +1,59 @@
 +
 +## <summary>policy for polkit_auth</summary>
@@ -14946,7 +14989,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0) 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.2.5/policy/modules/services/procmail.if
 --- nsaserefpolicy/policy/modules/services/procmail.if	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/procmail.if	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/procmail.if	2008-01-28 15:44:39.000000000 -0500
 @@ -39,3 +39,22 @@
  	corecmd_search_bin($1)
  	can_exec($1,procmail_exec_t)
@@ -16471,7 +16514,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.2.5/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/samba.te	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/samba.te	2008-01-28 14:28:32.000000000 -0500
 @@ -26,28 +26,28 @@
  
  ## <desc>
@@ -16505,7 +16548,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ## </p>
  ## </desc>
  gen_tunable(samba_run_unconfined,false)
-@@ -139,6 +139,14 @@
+@@ -73,11 +73,9 @@
+ logging_log_file(samba_log_t)
+ 
+ type samba_net_t;
+-domain_type(samba_net_t)
+-role system_r types samba_net_t;
+-
+ type samba_net_exec_t;
+-domain_entry_file(samba_net_t,samba_net_exec_t)
++role system_r types samba_net_t;
++application_domain(samba_net_t, samba_net_exec_t)
+ 
+ type samba_net_tmp_t;
+ files_tmp_file(samba_net_tmp_t)
+@@ -139,6 +137,14 @@
  type winbind_var_run_t;
  files_pid_file(winbind_var_run_t)
  
@@ -16520,7 +16577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ########################################
  #
  # Samba net local policy
-@@ -193,6 +201,8 @@
+@@ -193,6 +199,8 @@
  
  miscfiles_read_localization(samba_net_t) 
  
@@ -16529,7 +16586,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  userdom_dontaudit_search_sysadm_home_dirs(samba_net_t)
  
  optional_policy(`
-@@ -213,7 +223,7 @@
+@@ -213,7 +221,7 @@
  allow smbd_t self:msgq create_msgq_perms;
  allow smbd_t self:sem create_sem_perms;
  allow smbd_t self:shm create_shm_perms;
@@ -16538,7 +16595,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow smbd_t self:tcp_socket create_stream_socket_perms;
  allow smbd_t self:udp_socket create_socket_perms;
  allow smbd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -221,10 +231,8 @@
+@@ -221,10 +229,8 @@
  
  allow smbd_t samba_etc_t:file { rw_file_perms setattr };
  
@@ -16551,7 +16608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  allow smbd_t samba_net_tmp_t:file getattr;
  
-@@ -234,6 +242,7 @@
+@@ -234,6 +240,7 @@
  manage_dirs_pattern(smbd_t,samba_share_t,samba_share_t)
  manage_files_pattern(smbd_t,samba_share_t,samba_share_t)
  manage_lnk_files_pattern(smbd_t,samba_share_t,samba_share_t)
@@ -16559,7 +16616,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  manage_dirs_pattern(smbd_t,samba_var_t,samba_var_t)
  manage_files_pattern(smbd_t,samba_var_t,samba_var_t)
-@@ -251,7 +260,7 @@
+@@ -251,7 +258,7 @@
  manage_sock_files_pattern(smbd_t,smbd_var_run_t,smbd_var_run_t)
  files_pid_filetrans(smbd_t,smbd_var_run_t,file)
  
@@ -16568,7 +16625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  kernel_getattr_core_if(smbd_t)
  kernel_getattr_message_if(smbd_t)
-@@ -340,6 +349,17 @@
+@@ -340,6 +347,17 @@
  tunable_policy(`samba_share_nfs',`
  	fs_manage_nfs_dirs(smbd_t)
  	fs_manage_nfs_files(smbd_t)
@@ -16586,7 +16643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  optional_policy(`
-@@ -391,7 +411,7 @@
+@@ -391,7 +409,7 @@
  allow nmbd_t self:msgq create_msgq_perms;
  allow nmbd_t self:sem create_sem_perms;
  allow nmbd_t self:shm create_shm_perms;
@@ -16595,7 +16652,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow nmbd_t self:tcp_socket create_stream_socket_perms;
  allow nmbd_t self:udp_socket create_socket_perms;
  allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -403,8 +423,7 @@
+@@ -403,8 +421,7 @@
  read_files_pattern(nmbd_t,samba_etc_t,samba_etc_t)
  
  manage_dirs_pattern(nmbd_t,samba_log_t,samba_log_t)
@@ -16605,7 +16662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  read_files_pattern(nmbd_t,samba_log_t,samba_log_t)
  create_files_pattern(nmbd_t,samba_log_t,samba_log_t)
-@@ -439,6 +458,7 @@
+@@ -439,6 +456,7 @@
  dev_getattr_mtrr_dev(nmbd_t)
  
  fs_getattr_all_fs(nmbd_t)
@@ -16613,7 +16670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  fs_search_auto_mountpoints(nmbd_t)
  
  domain_use_interactive_fds(nmbd_t)
-@@ -522,6 +542,7 @@
+@@ -522,6 +540,7 @@
  storage_raw_write_fixed_disk(smbmount_t)
  
  term_list_ptys(smbmount_t)
@@ -16621,7 +16678,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  corecmd_list_bin(smbmount_t)
  
-@@ -546,28 +567,37 @@
+@@ -546,28 +565,37 @@
  
  userdom_use_all_users_fds(smbmount_t)
  
@@ -16666,7 +16723,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow swat_t smbd_var_run_t:file read;
  
  manage_dirs_pattern(swat_t,swat_tmp_t,swat_tmp_t)
-@@ -577,7 +607,9 @@
+@@ -577,7 +605,9 @@
  manage_files_pattern(swat_t,swat_var_run_t,swat_var_run_t)
  files_pid_filetrans(swat_t,swat_var_run_t,file)
  
@@ -16677,7 +16734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  kernel_read_kernel_sysctls(swat_t)
  kernel_read_system_state(swat_t)
-@@ -602,6 +634,7 @@
+@@ -602,6 +632,7 @@
  
  dev_read_urand(swat_t)
  
@@ -16685,7 +16742,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  files_read_etc_files(swat_t)
  files_search_home(swat_t)
  files_read_usr_files(swat_t)
-@@ -614,6 +647,7 @@
+@@ -614,6 +645,7 @@
  libs_use_shared_libs(swat_t)
  
  logging_send_syslog_msg(swat_t)
@@ -16693,7 +16750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  logging_search_logs(swat_t)
  
  miscfiles_read_localization(swat_t)
-@@ -631,6 +665,17 @@
+@@ -631,6 +663,17 @@
  	kerberos_use(swat_t)
  ')
  
@@ -16711,7 +16768,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ########################################
  #
  # Winbind local policy
-@@ -679,6 +724,8 @@
+@@ -679,6 +722,8 @@
  manage_sock_files_pattern(winbind_t,winbind_var_run_t,winbind_var_run_t)
  files_pid_filetrans(winbind_t,winbind_var_run_t,file)
  
@@ -16720,7 +16777,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  kernel_read_kernel_sysctls(winbind_t)
  kernel_list_proc(winbind_t)
  kernel_read_proc_symlinks(winbind_t)
-@@ -766,6 +813,7 @@
+@@ -766,6 +811,7 @@
  optional_policy(`
  	squid_read_log(winbind_helper_t)
  	squid_append_log(winbind_helper_t)
@@ -16728,7 +16785,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -790,3 +838,37 @@
+@@ -790,3 +836,37 @@
  		domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
  	')
  ')
@@ -20678,7 +20735,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.2.5/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/authlogin.fc	2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/authlogin.fc	2008-01-29 16:36:06.000000000 -0500
 @@ -29,7 +29,6 @@
  /var/db/shadow.*	--	gen_context(system_u:object_r:shadow_t,s0)
  
@@ -20687,8 +20744,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  /var/log/btmp.*		--	gen_context(system_u:object_r:faillog_t,s0)
  /var/log/dmesg		--	gen_context(system_u:object_r:var_log_t,s0)
-@@ -42,3 +41,6 @@
+@@ -40,5 +39,10 @@
+ /var/log/wtmp.*		--	gen_context(system_u:object_r:wtmp_t,s0)
+ 
  /var/run/console(/.*)?	 	gen_context(system_u:object_r:pam_var_console_t,s0)
++/var/run/pam_mount(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
++/var/run/sepermit(/.*)?	 	gen_context(system_u:object_r:pam_var_run_t,s0)
  
  /var/run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
 +/var/run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
@@ -21512,6 +21573,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  
  dev_read_urand(racoon_t)
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.2.5/policy/modules/system/iscsi.te
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2007-12-19 05:32:17.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/iscsi.te	2008-01-29 09:44:07.000000000 -0500
+@@ -29,7 +29,7 @@
+ #
+ 
+ allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
+-allow iscsid_t self:process setsched;
++allow iscsid_t self:process { setrlimit setsched };
+ allow iscsid_t self:fifo_file { read write };
+ allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow iscsid_t self:unix_dgram_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.2.5/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-12-12 11:35:28.000000000 -0500
 +++ serefpolicy-3.2.5/policy/modules/system/libraries.fc	2008-01-18 12:40:46.000000000 -0500
@@ -22119,12 +22192,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  #################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.2.5/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/mount.fc	2008-01-18 12:40:46.000000000 -0500
-@@ -1,4 +1,3 @@
++++ serefpolicy-3.2.5/policy/modules/system/mount.fc	2008-01-29 09:05:12.000000000 -0500
+@@ -1,4 +1,5 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 -
 -/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
++/sbin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
++/sbin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 +/usr/bin/fusermount            --      gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.2.5/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2007-12-19 05:32:17.000000000 -0500
@@ -22597,7 +22672,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.2.5/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te	2008-01-21 15:06:00.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te	2008-01-29 15:11:06.000000000 -0500
 @@ -75,7 +75,6 @@
  type restorecond_exec_t;
  init_daemon_domain(restorecond_t,restorecond_exec_t)
@@ -26908,7 +26983,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.i
 +## <summary>Policy for staff user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.2.5/policy/modules/users/staff.te
 --- nsaserefpolicy/policy/modules/users/staff.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/staff.te	2008-01-24 16:05:12.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/users/staff.te	2008-01-29 15:10:46.000000000 -0500
 @@ -0,0 +1,47 @@
 +policy_module(staff,1.0.1)
 +userdom_unpriv_user_template(staff)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d8525d18..47134dbd 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.2.5
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Jan 28 2008 Dan Walsh <dwalsh@redhat.com> 3.2.5-21
+- Allow all user roles to executae samba net command
+
 * Fri Jan 25 2008 Dan Walsh <dwalsh@redhat.com> 3.2.5-20
 - Allow usertypes to read/write noxattr file systems