diff --git a/.cvsignore b/.cvsignore
index f1ecbfe5..24a668de 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -196,3 +196,4 @@ serefpolicy-3.7.2.tgz
serefpolicy-3.7.3.tgz
serefpolicy-3.7.4.tgz
serefpolicy-3.7.5.tgz
+serefpolicy-3.7.6.tgz
diff --git a/policy-F13.patch b/policy-F13.patch
index a28d95b6..ffd7c0f4 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -437,7 +437,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.6/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.6/policy/modules/admin/prelink.te 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/admin/prelink.te 2010-01-08 12:08:33.000000000 -0500
@@ -21,8 +21,21 @@
type prelink_tmp_t;
files_tmp_file(prelink_tmp_t)
@@ -501,7 +501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
optional_policy(`
amanda_manage_lib(prelink_t)
-@@ -99,5 +117,57 @@
+@@ -99,5 +117,58 @@
')
optional_policy(`
@@ -524,6 +524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
+allow prelink_cron_system_t self:unix_dgram_socket { write bind create setopt };
+
+domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
++allow prelink_cron_system_t prelink_t:process noatsecure;
+
+read_files_pattern(prelink_cron_system_t, prelink_cache_t, prelink_cache_t)
+allow prelink_cron_system_t prelink_cache_t:file unlink;
@@ -5985,7 +5986,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.6/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-11-20 10:51:41.000000000 -0500
-+++ serefpolicy-3.7.6/policy/modules/kernel/devices.fc 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/kernel/devices.fc 2010-01-08 15:36:31.000000000 -0500
@@ -16,13 +16,16 @@
/dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/autofs.* -c gen_context(system_u:object_r:autofs_device_t,s0)
@@ -6011,9 +6012,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
/dev/usb.+ -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
ifdef(`distro_suse', `
+@@ -159,6 +163,8 @@
+ /dev/usb/mdc800.* -c gen_context(system_u:object_r:scanner_device_t,s0)
+ /dev/usb/scanner.* -c gen_context(system_u:object_r:scanner_device_t,s0)
+
++/dev/uio[0-9]+ -c gen_context(system_u:object_r:userio_device_t,s0)
++
+ /dev/xen/blktap.* -c gen_context(system_u:object_r:xen_device_t,s0)
+ /dev/xen/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.6/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.6/policy/modules/kernel/devices.if 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/kernel/devices.if 2010-01-08 15:36:31.000000000 -0500
@@ -801,6 +801,24 @@
########################################
@@ -6114,10 +6124,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
## Mount a usbfs filesystem.
##
##
+@@ -3703,6 +3775,24 @@
+ getattr_chr_files_pattern($1, device_t, v4l_device_t)
+ ')
+
++######################################
++##
++## Read or write userio device.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dev_rw_userio_dev',`
++ gen_require(`
++ type device_t, userio_device_t;
++ ')
++
++ rw_chr_files_pattern($1, device_t, userio_device_t)
++')
++
+ ########################################
+ ##
+ ## Do not audit attempts to get the attributes
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.6/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.6/policy/modules/kernel/devices.te 2010-01-07 15:28:30.000000000 -0500
-@@ -227,6 +227,12 @@
++++ serefpolicy-3.7.6/policy/modules/kernel/devices.te 2010-01-08 15:36:31.000000000 -0500
+@@ -227,11 +227,23 @@
genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
#
@@ -6130,6 +6165,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
# usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
#
type usb_device_t;
+ dev_node(usb_device_t)
+
++#
++# userio_device_t is the type for /dev/uio[0-9]+
++#
++type userio_device_t;
++dev_node(userio_device_t)
++
+ type v4l_device_t;
+ dev_node(v4l_device_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.6/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.7.6/policy/modules/kernel/domain.if 2010-01-07 15:28:30.000000000 -0500
@@ -10009,7 +10055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
## All of the rules required to administrate
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.6/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/services/abrt.te 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/services/abrt.te 2010-01-08 08:37:25.000000000 -0500
@@ -33,12 +33,24 @@
type abrt_var_run_t;
files_pid_file(abrt_var_run_t)
@@ -10057,7 +10103,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
kernel_read_ring_buffer(abrt_t)
-@@ -75,18 +90,36 @@
+@@ -75,18 +90,37 @@
corecmd_exec_bin(abrt_t)
corecmd_exec_shell(abrt_t)
@@ -10067,6 +10113,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
+corenet_tcp_connect_ftp_port(abrt_t)
+corenet_tcp_connect_all_ports(abrt_t)
++dev_getattr_all_chr_files(abrt_t)
dev_read_urand(abrt_t)
+dev_rw_sysfs(abrt_t)
+dev_dontaudit_read_memory_dev(abrt_t)
@@ -10094,7 +10141,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
sysnet_read_config(abrt_t)
-@@ -96,22 +129,93 @@
+@@ -96,22 +130,93 @@
miscfiles_read_certs(abrt_t)
miscfiles_read_localization(abrt_t)
@@ -14695,7 +14742,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.6/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/services/cups.te 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/services/cups.te 2010-01-08 11:58:33.000000000 -0500
@@ -23,6 +23,9 @@
type cupsd_initrc_exec_t;
init_script_file(cupsd_initrc_exec_t)
@@ -14870,7 +14917,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
########################################
#
# Cups lpd support
-@@ -542,6 +576,8 @@
+@@ -520,6 +554,7 @@
+ logging_send_syslog_msg(cupsd_lpd_t)
+
+ miscfiles_read_localization(cupsd_lpd_t)
++miscfiles_setattr_fonts_cache_dirs(cupsd_lpd_t)
+
+ cups_stream_connect(cupsd_lpd_t)
+
+@@ -542,6 +577,8 @@
manage_dirs_pattern(cups_pdf_t, cups_pdf_tmp_t, cups_pdf_tmp_t)
files_tmp_filetrans(cups_pdf_t, cups_pdf_tmp_t, { file dir })
@@ -14879,7 +14934,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
kernel_read_system_state(cups_pdf_t)
files_read_etc_files(cups_pdf_t)
-@@ -556,11 +592,15 @@
+@@ -556,11 +593,15 @@
miscfiles_read_fonts(cups_pdf_t)
userdom_home_filetrans_user_home_dir(cups_pdf_t)
@@ -14895,7 +14950,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(cups_pdf_t)
-@@ -601,6 +641,9 @@
+@@ -601,6 +642,9 @@
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
files_search_etc(hplip_t)
@@ -14905,7 +14960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file )
-@@ -627,6 +670,7 @@
+@@ -627,6 +671,7 @@
corenet_tcp_connect_ipp_port(hplip_t)
corenet_sendrecv_hplip_client_packets(hplip_t)
corenet_receive_hplip_server_packets(hplip_t)
@@ -15365,7 +15420,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.6/policy/modules/services/devicekit.te
--- nsaserefpolicy/policy/modules/services/devicekit.te 2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/services/devicekit.te 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/services/devicekit.te 2010-01-08 09:11:11.000000000 -0500
@@ -42,6 +42,8 @@
files_read_etc_files(devicekit_t)
@@ -15380,7 +15435,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
#
-allow devicekit_disk_t self:capability { chown dac_override fowner fsetid sys_nice sys_ptrace sys_rawio };
-+allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_nice sys_ptrace sys_rawio };
++allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_admin sys_nice sys_ptrace sys_rawio };
+allow devicekit_disk_t self:process signal_perms;
allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
+allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -15832,7 +15887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.6/policy/modules/services/fail2ban.if
--- nsaserefpolicy/policy/modules/services/fail2ban.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/services/fail2ban.if 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/services/fail2ban.if 2010-01-08 09:57:24.000000000 -0500
@@ -98,6 +98,46 @@
allow $1 fail2ban_var_run_t:file read_file_perms;
')
@@ -15880,6 +15935,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
########################################
##
## All of the rules required to administrate
+@@ -135,3 +175,21 @@
+ files_list_pids($1)
+ admin_pattern($1, fail2ban_var_run_t)
+ ')
++
++########################################
++##
++## Read and write to an fail2ban unix stream socket.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`fail2ban_rw_stream_sockets',`
++ gen_require(`
++ type fail2ban_t;
++ ')
++
++ allow $1 fail2ban_t:unix_stream_socket { getattr read write ioctl };
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.7.6/policy/modules/services/fetchmail.te
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2010-01-07 14:53:53.000000000 -0500
+++ serefpolicy-3.7.6/policy/modules/services/fetchmail.te 2010-01-07 15:28:30.000000000 -0500
@@ -23415,7 +23492,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.6/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/services/sendmail.if 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/services/sendmail.if 2010-01-08 09:57:13.000000000 -0500
@@ -59,20 +59,20 @@
########################################
@@ -23590,7 +23667,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.6/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/services/sendmail.te 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/services/sendmail.te 2010-01-08 09:55:32.000000000 -0500
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -23650,7 +23727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
auth_use_nsswitch(sendmail_t)
-@@ -89,23 +100,46 @@
+@@ -89,23 +100,47 @@
libs_read_lib_files(sendmail_t)
logging_send_syslog_msg(sendmail_t)
@@ -23692,6 +23769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+
+optional_policy(`
+ fail2ban_read_lib_files(sendmail_t)
++ fail2ban_rw_stream_sockets(sendmail_t)
+')
+
+optional_policy(`
@@ -23699,7 +23777,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
')
optional_policy(`
-@@ -113,13 +147,20 @@
+@@ -113,13 +148,20 @@
')
optional_policy(`
@@ -23721,7 +23799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
')
optional_policy(`
-@@ -127,24 +168,29 @@
+@@ -127,24 +169,29 @@
')
optional_policy(`
@@ -29582,11 +29660,48 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
udev_read_db(iptables_t)
')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-3.7.6/policy/modules/system/iscsi.fc
+--- nsaserefpolicy/policy/modules/system/iscsi.fc 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.7.6/policy/modules/system/iscsi.fc 2010-01-08 15:36:31.000000000 -0500
+@@ -1,4 +1,6 @@
+-/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
++
++/sbin/brcm_iscsiuio -- gen_context(system_u:object_r:iscsid_exec_t,s0)
++/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
+
+ /var/lib/iscsi(/.*)? gen_context(system_u:object_r:iscsi_var_lib_t,s0)
+ /var/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.6/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.6/policy/modules/system/iscsi.te 2010-01-07 15:28:30.000000000 -0500
-@@ -69,11 +69,18 @@
++++ serefpolicy-3.7.6/policy/modules/system/iscsi.te 2010-01-08 15:37:25.000000000 -0500
+@@ -35,10 +35,13 @@
+ allow iscsid_t self:unix_dgram_socket create_socket_perms;
+ allow iscsid_t self:sem create_sem_perms;
+ allow iscsid_t self:shm create_shm_perms;
+-allow iscsid_t self:netlink_socket create_socket_perms;
++allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms;
+ allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
++allow iscsid_t self:netlink_socket create_socket_perms;
+ allow iscsid_t self:tcp_socket create_stream_socket_perms;
+
++can_exec(iscsid_t, iscsid_exec_t)
++
+ manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
+ files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
+
+@@ -54,6 +57,7 @@
+ manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
+ files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
+
++kernel_read_network_state(iscsid_t)
+ kernel_read_system_state(iscsid_t)
+ kernel_search_debugfs(iscsid_t)
+
+@@ -67,13 +71,21 @@
+ corenet_tcp_connect_isns_port(iscsid_t)
+
dev_rw_sysfs(iscsid_t)
++dev_rw_userio_dev(iscsid_t)
domain_use_interactive_fds(iscsid_t)
+domain_dontaudit_read_all_domains_state(iscsid_t)
@@ -29606,7 +29721,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.6/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/system/libraries.fc 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/system/libraries.fc 2010-01-08 09:16:04.000000000 -0500
@@ -60,12 +60,15 @@
#
# /opt
@@ -29823,7 +29938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
') dnl end distro_redhat
#
-@@ -307,10 +317,131 @@
+@@ -307,10 +317,132 @@
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
@@ -29936,6 +30051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+
+/usr/lib(64)?/nmm/liba52\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/lampp/lib/libct\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/opt/lampp/lib/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/VirtualBox(/.*)?/VBox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+/usr/lib(64)?/chromium-browser/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30385,7 +30501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.6/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.6/policy/modules/system/miscfiles.if 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/system/miscfiles.if 2010-01-08 11:59:54.000000000 -0500
@@ -73,7 +73,8 @@
#
interface(`miscfiles_read_fonts',`
@@ -30407,7 +30523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
')
########################################
-@@ -167,6 +172,32 @@
+@@ -167,6 +172,51 @@
manage_dirs_pattern($1, fonts_t, fonts_t)
manage_files_pattern($1, fonts_t, fonts_t)
manage_lnk_files_pattern($1, fonts_t, fonts_t)
@@ -30416,6 +30532,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
+
+########################################
+##
++## Set the attributes on a fonts cache directory.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`miscfiles_setattr_fonts_cache_dirs',`
++ gen_require(`
++ type fonts_cache_t;
++ ')
++
++ allow $1 fonts_cache_t:dir setattr;
++')
++
++########################################
++##
+## Create, read, write, and delete fonts cache.
+##
+##
@@ -30427,7 +30562,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
+#
+interface(`miscfiles_manage_fonts_cache',`
+ gen_require(`
-+ type fonts_t;
++ type fonts_cache_t;
+ ')
+
+ # cjp: fonts can be in either of these dirs
@@ -32190,7 +32325,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.6/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.6/policy/modules/system/unconfined.if 2010-01-07 15:28:30.000000000 -0500
++++ serefpolicy-3.7.6/policy/modules/system/unconfined.if 2010-01-08 10:06:25.000000000 -0500
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -32207,7 +32342,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
allow $1 self:fifo_file manage_fifo_file_perms;
# Transition to myself, to make get_ordered_context_list happy.
-@@ -27,12 +26,13 @@
+@@ -27,12 +26,14 @@
# Write access is for setting attributes under /proc/self/attr.
allow $1 self:file rw_file_perms;
@@ -32222,10 +32357,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+ allow $1 self:dbus all_dbus_perms;
+ allow $1 self:passwd all_passwd_perms;
+ allow $1 self:association all_association_perms;
++ allow $1 self:socket_class_set create_socket_perms;
kernel_unconfined($1)
corenet_unconfined($1)
-@@ -44,6 +44,16 @@
+@@ -44,6 +45,16 @@
fs_unconfined($1)
selinux_unconfined($1)
@@ -32242,7 +32378,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
tunable_policy(`allow_execheap',`
# Allow making the stack executable via mprotect.
allow $1 self:process execheap;
-@@ -57,8 +67,8 @@
+@@ -57,8 +68,8 @@
tunable_policy(`allow_execstack',`
# Allow making the stack executable via mprotect;
@@ -32253,7 +32389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
# auditallow $1 self:process execstack;
')
-@@ -69,6 +79,7 @@
+@@ -69,6 +80,7 @@
optional_policy(`
# Communicate via dbusd.
dbus_system_bus_unconfined($1)
@@ -32261,7 +32397,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
')
optional_policy(`
-@@ -111,16 +122,16 @@
+@@ -111,16 +123,16 @@
##
#
interface(`unconfined_domain',`
@@ -32282,7 +32418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
')
########################################
-@@ -173,411 +184,3 @@
+@@ -173,411 +185,3 @@
refpolicywarn(`$0($1) has been deprecated.')
')
diff --git a/sources b/sources
index dcd63d31..1e4a3c00 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
3651679c4b12a31d2ba5f4305bba5540 config.tgz
-d3b12775aaeafb96c96a6a74e85e96ba serefpolicy-3.7.5.tgz
+0e56f0205d64ac083d61ec1d15873df7 serefpolicy-3.7.6.tgz