diff --git a/modules-minimum.conf b/modules-minimum.conf
index 1dcf9338..9fac6fc9 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -185,9 +185,9 @@ certwatch = module
# Layer: admin
# Module: certmaster
#
-# Digital Certificate Tracking
+# Digital Certificate master
#
-certmanager = module
+certmaster = module
# Layer: services
# Module: cipe
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 1dcf9338..9fac6fc9 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -185,9 +185,9 @@ certwatch = module
# Layer: admin
# Module: certmaster
#
-# Digital Certificate Tracking
+# Digital Certificate master
#
-certmanager = module
+certmaster = module
# Layer: services
# Module: cipe
diff --git a/policy-20080710.patch b/policy-20080710.patch
index beb93c96..2fe1e1d9 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -676,7 +676,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_suse', `
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.13/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/admin/rpm.if 2008-11-03 11:41:00.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/admin/rpm.if 2008-11-03 17:02:00.000000000 -0500
@@ -152,6 +152,24 @@
########################################
@@ -755,7 +755,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
##
-+## Create, read, write, and delete the RPM log.
++## Search RPM log directory.
+##
+##
+##
@@ -8902,7 +8902,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.13/policy/modules/roles/sysadm.te
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:02:23.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-11-03 17:03:51.000000000 -0500
@@ -15,7 +14,7 @@
role sysadm_r;
@@ -8945,12 +8945,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -328,3 +327,5 @@
- optional_policy(`
- yam_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
- ')
-+
-+#gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.if serefpolicy-3.5.13/policy/modules/roles/unprivuser.if
--- nsaserefpolicy/policy/modules/roles/unprivuser.if 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.if 2008-10-30 13:58:02.000000000 -0400
@@ -12178,8 +12172,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-11-03 15:55:54.000000000 -0500
-@@ -0,0 +1,132 @@
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-11-03 17:32:32.000000000 -0500
+@@ -0,0 +1,128 @@
+## policy for certmaster
+
+########################################
@@ -12214,7 +12208,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## Domain allowed access.
+##
+##
-+##
+#
+interface(`certmaster_read_log',`
+ gen_require(`
@@ -12233,7 +12226,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## Domain allowed access.
+##
+##
-+##
+#
+interface(`certmaster_append_log',`
+ gen_require(`
@@ -12253,7 +12245,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## Domain allowed access.
+##
+##
-+##
+#
+interface(`certmaster_manage_log',`
+ gen_require(`
@@ -12281,12 +12272,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+##
+##
+#
-+
+interface(`certmaster_admin',`
+ gen_require(`
+ type certmaster_t, certmaster_var_run_t, certmaster_var_lib_t;
+ type certmaster_etc_rw_t, certmaster_var_log_t;
-+ certmaster_initrc_exec_t;
++ type certmaster_initrc_exec_t;
+ ')
+
+ allow $1 certmaster_t:process { ptrace signal_perms };
@@ -12314,8 +12304,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-10-30 14:48:03.000000000 -0400
-@@ -0,0 +1,85 @@
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-11-03 17:19:28.000000000 -0500
+@@ -0,0 +1,81 @@
+policy_module(certmaster,1.0.0)
+
+########################################
@@ -12337,7 +12327,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+# config files
+type certmaster_etc_rw_t;
-+files_config_type(certmaster_etc_rw_t)
++files_config_file(certmaster_etc_rw_t)
+
+# log files
+type certmaster_var_log_t;
@@ -12354,10 +12344,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+allow certmaster_t self:tcp_socket create_stream_socket_perms;
+
-+# certification files
-+manage_dirs_pattern(certmaster_t,certmaster_cert_t,certmaster_cert_t)
-+manage_files_pattern(certmaster_t, certmaster_cert_t, certmaster_cert_t)
-+
+# config files
+list_dirs_pattern(certmaster_t,certmaster_etc_rw_t,certmaster_etc_rw_t)
+manage_files_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t)
@@ -17638,7 +17624,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.5.13/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/nis.if 2008-11-03 14:12:23.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/nis.if 2008-11-03 17:06:55.000000000 -0500
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -17685,7 +17671,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Execute ypbind in the ypbind domain.
##
##
-@@ -244,3 +263,105 @@
+@@ -244,3 +263,104 @@
corecmd_search_bin($1)
domtrans_pattern($1, ypxfr_exec_t, ypxfr_t)
')
@@ -17719,7 +17705,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+##
+##
+#
-+#
+interface(`nis_ypbind_initrc_domtrans',`
+ gen_require(`
+ type ypbind_initrc_exec_t;
@@ -28186,7 +28171,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.5.13/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/miscfiles.if 2008-10-31 11:01:20.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/miscfiles.if 2008-11-03 17:18:22.000000000 -0500
@@ -23,6 +23,45 @@
########################################
@@ -28200,7 +28185,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+##
+##
+#
-+interface(`
++interface(`miscfiles_manage_cert_dirs',`
+ gen_require(`
+ type cert_t;
+ ')
@@ -30572,7 +30557,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-10-30 16:14:16.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-03 17:15:19.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
@@ -32685,31 +32670,32 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
allow $1 userdomain:process getattr;
-@@ -5429,7 +5528,7 @@
+@@ -5447,6 +5546,24 @@
########################################
##
--## Send general signals to all user domains.
+## Send signull to all user domains.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`userdom_signull_all_users',`
++ gen_require(`
++ attribute userdomain;
++ ')
++
++ allow $1 userdomain:process signull;
++')
++
++########################################
++##
+ ## Send a SIGCHLD signal to all user domains.
##
##
- ##
-@@ -5437,12 +5536,12 @@
- ##
- ##
- #
--interface(`userdom_signal_all_users',`
-+interface(`userdom_signull_all_users',`
- gen_require(`
- attribute userdomain;
- ')
-
-- allow $1 userdomain:process signal;
-+ allow $1 userdomain:process signull;
- ')
-
- ########################################
-@@ -5483,6 +5582,42 @@
+@@ -5483,6 +5600,42 @@
########################################
##
@@ -32752,7 +32738,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Send a dbus message to all user domains.
##
##
-@@ -5513,3 +5648,546 @@
+@@ -5513,3 +5666,546 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')