diff -u refpolicy-2.20110726/policy/modules/apps/gpg.fc refpolicy-2.20110726/policy/modules/apps/gpg.fc
--- refpolicy-2.20110726/policy/modules/apps/gpg.fc
+++ refpolicy-2.20110726/policy/modules/apps/gpg.fc
@@ -1,5 +1,4 @@
 HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:gpg_secret_t,s0)
-HOME_DIR/\.gnupg/gpg.conf	gen_context(system_u:object_r:user_home_t,s0)
 HOME_DIR/\.gnupg/log-socket	gen_context(system_u:object_r:gpg_agent_tmp_t,s0)
 
 /usr/bin/gpg(2)?	--	gen_context(system_u:object_r:gpg_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/apps/screen.fc
+++ refpolicy-2.20110726.orig/policy/modules/apps/screen.fc
@@ -13,6 +13,3 @@
 # /var
 #
 /var/run/screen(/.*)?			gen_context(system_u:object_r:screen_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/screen(/.*)?			gen_context(system_u:object_r:screen_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/apps/pulseaudio.fc
+++ refpolicy-2.20110726.orig/policy/modules/apps/pulseaudio.fc
@@ -5,6 +5,3 @@
 
 /var/lib/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
 /var/run/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/apps/uml.fc
+++ refpolicy-2.20110726.orig/policy/modules/apps/uml.fc
@@ -12,6 +12,3 @@
 # /var
 #
 /var/run/uml-utilities(/.*)?	gen_context(system_u:object_r:uml_switch_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/uml-utilities(/.*)?	gen_context(system_u:object_r:uml_switch_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/apps/mozilla.te refpolicy-2.20110726/policy/modules/apps/mozilla.te
--- refpolicy-2.20110726/policy/modules/apps/mozilla.te
+++ refpolicy-2.20110726/policy/modules/apps/mozilla.te
@@ -126,7 +126,7 @@
 manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
 manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
 manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
-userdom_search_user_home_dirs(mozilla_t)
+userdom_search_user_home_content(mozilla_t)
 userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
 
 # Mozpluggerrc
@@ -134,6 +134,8 @@
 
 manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
 manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
+manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
+manage_sock_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
 files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
 
 manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
reverted:
--- refpolicy-2.20110726/policy/modules/admin/rpm.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/rpm.fc
@@ -37,13 +37,7 @@
 /var/log/yum\.log.*		--	gen_context(system_u:object_r:rpm_log_t,s0)
 
 /var/run/yum.*			--	gen_context(system_u:object_r:rpm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/yum.*			--	gen_context(system_u:object_r:rpm_var_run_t,s0)
-')
 /var/run/PackageKit(/.*)?		gen_context(system_u:object_r:rpm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/PackageKit(/.*)?		gen_context(system_u:object_r:rpm_var_run_t,s0)
-')
 
 # SuSE
 ifdef(`distro_suse', `
diff -u refpolicy-2.20110726/policy/modules/admin/certwatch.if refpolicy-2.20110726/policy/modules/admin/certwatch.if
--- refpolicy-2.20110726/policy/modules/admin/certwatch.if
+++ refpolicy-2.20110726/policy/modules/admin/certwatch.if
@@ -51,28 +50,0 @@
-########################################
-## <summary>
-##	Execute certwatch in the certwatch domain, and
-##	allow the specified role the certwatch domain,
-##	and use the caller's terminal. Has a sigchld
-##	backchannel.  (Deprecated)
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="terminal">
-##	<summary>
-##	The type of the terminal allow the certwatch domain to use.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`certwatach_run',`
-	refpolicyerr(`$0($*) has been deprecated, please use certwatch_run() instead.')
-	certwatch_run($*)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/admin/kismet.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/kismet.fc
@@ -4,6 +4,3 @@
 /var/lib/kismet(/.*)?			gen_context(system_u:object_r:kismet_var_lib_t,s0)
 /var/log/kismet(/.*)?			gen_context(system_u:object_r:kismet_log_t,s0)
 /var/run/kismet_server.pid	--	gen_context(system_u:object_r:kismet_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/kismet_server.pid	--	gen_context(system_u:object_r:kismet_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/admin/apt.fc refpolicy-2.20110726/policy/modules/admin/apt.fc
--- refpolicy-2.20110726/policy/modules/admin/apt.fc
+++ refpolicy-2.20110726/policy/modules/admin/apt.fc
@@ -14,10 +14,6 @@
 
 # aptitude lock
 /var/lock/aptitude			gen_context(system_u:object_r:apt_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/aptitude			gen_context(system_u:object_r:apt_lock_t,s0)
-/run/lock/aptitude			gen_context(system_u:object_r:apt_lock_t,s0)
-')
 # aptitude log
 /var/log/aptitude.*			gen_context(system_u:object_r:apt_var_log_t,s0)
 
reverted:
--- refpolicy-2.20110726/policy/modules/admin/vpn.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/vpn.fc
@@ -11,6 +11,3 @@
 /usr/sbin/vpnc		--	gen_context(system_u:object_r:vpnc_exec_t,s0)
 
 /var/run/vpnc(/.*)?		gen_context(system_u:object_r:vpnc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/vpnc(/.*)?		gen_context(system_u:object_r:vpnc_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/admin/mrtg.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/mrtg.fc
@@ -14,12 +14,5 @@
 #
 /var/lib/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_var_lib_t,s0)
 /var/lock/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_lock_t,s0)
-/run/lock/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_lock_t,s0)
-')
 /var/log/mrtg(/.*)?		gen_context(system_u:object_r:mrtg_log_t,s0)
 /var/run/mrtg\.pid		gen_context(system_u:object_r:mrtg_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mrtg\.pid		gen_context(system_u:object_r:mrtg_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/admin/dpkg.te refpolicy-2.20110726/policy/modules/admin/dpkg.te
--- refpolicy-2.20110726/policy/modules/admin/dpkg.te
+++ refpolicy-2.20110726/policy/modules/admin/dpkg.te
@@ -150,6 +150,8 @@
 # for installing kernel packages
 storage_raw_read_fixed_disk(dpkg_t)
 
+term_list_ptys(dpkg_t)
+
 auth_relabel_all_files_except_auth_files(dpkg_t)
 auth_manage_all_files_except_auth_files(dpkg_t)
 auth_dontaudit_read_shadow(dpkg_t)
diff -u refpolicy-2.20110726/policy/modules/system/mount.te refpolicy-2.20110726/policy/modules/system/mount.te
--- refpolicy-2.20110726/policy/modules/system/mount.te
+++ refpolicy-2.20110726/policy/modules/system/mount.te
@@ -56,6 +56,7 @@
 kernel_read_kernel_sysctls(mount_t)
 kernel_dontaudit_getattr_core_if(mount_t)
 kernel_dontaudit_write_debugfs_dirs(mount_t)
+kernel_search_debugfs(mount_t)
 kernel_dontaudit_write_proc_dirs(mount_t)
 # To load binfmt_misc kernel module
 kernel_request_load_module(mount_t)
reverted:
--- refpolicy-2.20110726/policy/modules/system/lvm.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/lvm.fc
@@ -97,15 +97,5 @@
 /var/cache/multipathd(/.*)?	gen_context(system_u:object_r:lvm_metadata_t,s0)
 /var/lib/multipath(/.*)?	gen_context(system_u:object_r:lvm_var_lib_t,s0)
 /var/lock/lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
-/run/lock/lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
-')
 /var/run/multipathd\.sock -s	gen_context(system_u:object_r:lvm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/multipathd\.sock -s	gen_context(system_u:object_r:lvm_var_run_t,s0)
-')
 /var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/system/ipsec.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/ipsec.fc
@@ -43,10 +43,4 @@
 /var/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
 
 /var/run/pluto(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pluto(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
-')
 /var/run/racoon\.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/racoon\.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/system/xen.te refpolicy-2.20110726/policy/modules/system/xen.te
--- refpolicy-2.20110726/policy/modules/system/xen.te
+++ refpolicy-2.20110726/policy/modules/system/xen.te
@@ -323,7 +323,9 @@
 
 logging_send_syslog_msg(xend_t)
 
-lvm_domtrans(xend_t)
+optional_policy(`
+	lvm_domtrans(xend_t)
+')
 
 miscfiles_read_localization(xend_t)
 miscfiles_read_hwdata(xend_t)
reverted:
--- refpolicy-2.20110726/policy/modules/system/xen.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/xen.fc
@@ -32,36 +32,12 @@
 /var/log/xend-debug\.log --	gen_context(system_u:object_r:xend_var_log_t,s0)
 
 /var/run/evtchnd	-s	gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/evtchnd	-s	gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-')
 /var/run/evtchnd\.pid	--	gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/evtchnd\.pid	--	gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-')
 /var/run/xenconsoled\.pid --	gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenconsoled\.pid --	gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
-')
 /var/run/xend(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xend(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
-')
 /var/run/xend\.pid	--	gen_context(system_u:object_r:xend_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xend\.pid	--	gen_context(system_u:object_r:xend_var_run_t,s0)
-')
 /var/run/xenner(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenner(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
-')
 /var/run/xenstore\.pid	--	gen_context(system_u:object_r:xenstored_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenstore\.pid	--	gen_context(system_u:object_r:xenstored_var_run_t,s0)
-')
 /var/run/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_run_t,s0)
-')
 
 /xen(/.*)?			gen_context(system_u:object_r:xen_image_t,s0)
diff -u refpolicy-2.20110726/policy/modules/system/init.fc refpolicy-2.20110726/policy/modules/system/init.fc
--- refpolicy-2.20110726/policy/modules/system/init.fc
+++ refpolicy-2.20110726/policy/modules/system/init.fc
@@ -15,16 +15,6 @@
 /etc/vmware/init\.d/vmware --	gen_context(system_u:object_r:initrc_exec_t,s0)
 /etc/x11/startDM\.sh	--	gen_context(system_u:object_r:initrc_exec_t,s0)
 ')
-ifdef(`distro_debian',`
-/var/run/hotkey-setup	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hotkey-setup	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-/var/run/kdm/.*		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/kdm/.*		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-')
 
 #
 # /dev
@@ -74,6 +64,13 @@
 /var/run/random-seed	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 /var/run/setmixer_flag	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 
+ifdef(`distro_debian',`
+/var/run/hotkey-setup	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
+/var/run/kdm/.*		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
+/etc/network/if-down.d/.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
+/etc/network/if-up.d/.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
+')
+
 ifdef(`distro_gentoo', `
 /var/lib/init\.d(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)
 /var/run/svscan\.pid	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
diff -u refpolicy-2.20110726/policy/modules/system/sysnetwork.fc refpolicy-2.20110726/policy/modules/system/sysnetwork.fc
--- refpolicy-2.20110726/policy/modules/system/sysnetwork.fc
+++ refpolicy-2.20110726/policy/modules/system/sysnetwork.fc
@@ -30,10 +30,6 @@
 
 ifdef(`distro_debian', `
 /dev/shm/network(/.*)?			gen_context(system_u:object_r:net_conf_t,s0)
-ifdef(`distro_debian', `
-/run/shm/network(/.*)?			gen_context(system_u:object_r:net_conf_t,s0)
-/var/run/shm/network(/.*)?			gen_context(system_u:object_r:net_conf_t,s0)
-')
 ')
 #
 # /sbin
@@ -67,9 +63,6 @@
 /var/lib/wifiroamd(/.*)?	gen_context(system_u:object_r:dhcpc_state_t,s0)
 
 /var/run/dhclient.*	--	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dhclient.*	--	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-')
 
 ifdef(`distro_gentoo',`
 /var/lib/dhcpc(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/system/pcmcia.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/pcmcia.fc
@@ -7,10 +7,4 @@
 /var/lib/pcmcia(/.*)?		gen_context(system_u:object_r:cardmgr_var_run_t,s0)
 
 /var/run/cardmgr\.pid	--	gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cardmgr\.pid	--	gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-')
 /var/run/stab		--	gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/stab		--	gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/system/getty.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/getty.fc
@@ -7,9 +7,6 @@
 /var/log/vgetty\.log\..* --	gen_context(system_u:object_r:getty_log_t,s0)
 
 /var/run/mgetty\.pid.*	--	gen_context(system_u:object_r:getty_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mgetty\.pid.*	--	gen_context(system_u:object_r:getty_var_run_t,s0)
-')
 
 /var/spool/fax(/.*)?		gen_context(system_u:object_r:getty_var_run_t,s0)
 /var/spool/voice(/.*)?		gen_context(system_u:object_r:getty_var_run_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/system/hotplug.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/hotplug.fc
@@ -8,10 +8,4 @@
 /sbin/netplugd		--	gen_context(system_u:object_r:hotplug_exec_t,s0)
 
 /var/run/usb(/.*)?		gen_context(system_u:object_r:hotplug_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/usb(/.*)?		gen_context(system_u:object_r:hotplug_var_run_t,s0)
-')
 /var/run/hotplug(/.*)?		gen_context(system_u:object_r:hotplug_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hotplug(/.*)?		gen_context(system_u:object_r:hotplug_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/system/udev.fc refpolicy-2.20110726/policy/modules/system/udev.fc
--- refpolicy-2.20110726/policy/modules/system/udev.fc
+++ refpolicy-2.20110726/policy/modules/system/udev.fc
@@ -14,9 +14,6 @@
 ifdef(`distro_debian', `
 /lib/udev/create_static_nodes -- gen_context(system_u:object_r:udev_exec_t,s0)
 /var/run/xen-hotplug -d gen_context(system_u:object_r:udev_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xen-hotplug -d gen_context(system_u:object_r:udev_var_run_t,s0)
-')
 ', `
 /sbin/start_udev --	gen_context(system_u:object_r:udev_exec_t,s0)
 ')
reverted:
--- refpolicy-2.20110726/policy/modules/system/setrans.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/setrans.fc
@@ -3,6 +3,3 @@
 /sbin/mcstransd		--	gen_context(system_u:object_r:setrans_exec_t,s0)
 
 /var/run/setrans(/.*)?		gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
-ifdef(`distro_debian', `
-/run/setrans(/.*)?		gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
-')
diff -u refpolicy-2.20110726/policy/modules/system/raid.fc refpolicy-2.20110726/policy/modules/system/raid.fc
--- refpolicy-2.20110726/policy/modules/system/raid.fc
+++ refpolicy-2.20110726/policy/modules/system/raid.fc
@@ -2,8 +2,6 @@
+/run/mdadm/map		--	gen_context(system_u:object_r:mdadm_map_t,s0)
 
 /sbin/mdadm		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 /sbin/mdmpd		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 
 /var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/system/unconfined.fc refpolicy-2.20110726/policy/modules/system/unconfined.fc
--- refpolicy-2.20110726/policy/modules/system/unconfined.fc
+++ refpolicy-2.20110726/policy/modules/system/unconfined.fc
@@ -1,5 +1,4 @@
 # Add programs here which should not be confined by SELinux
-/opt/google/chrome/chrome 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/bin/vncserver		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
 
reverted:
--- refpolicy-2.20110726/policy/modules/system/iscsi.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/iscsi.fc
@@ -3,12 +3,5 @@
 
 /var/lib/iscsi(/.*)?		gen_context(system_u:object_r:iscsi_var_lib_t,s0)
 /var/lock/iscsi(/.*)?		gen_context(system_u:object_r:iscsi_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/iscsi(/.*)?		gen_context(system_u:object_r:iscsi_lock_t,s0)
-/run/lock/iscsi(/.*)?		gen_context(system_u:object_r:iscsi_lock_t,s0)
-')
 /var/log/brcm-iscsi\.log --	gen_context(system_u:object_r:iscsi_log_t,s0)
 /var/run/iscsid\.pid	--	gen_context(system_u:object_r:iscsi_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/iscsid\.pid	--	gen_context(system_u:object_r:iscsi_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/system/selinuxutil.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/selinuxutil.fc
@@ -46,6 +46,3 @@
 # /var/run
 #
 /var/run/restorecond\.pid	--	gen_context(system_u:object_r:restorecond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/restorecond\.pid	--	gen_context(system_u:object_r:restorecond_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/dbus.fc refpolicy-2.20110726/policy/modules/services/dbus.fc
--- refpolicy-2.20110726/policy/modules/services/dbus.fc
+++ refpolicy-2.20110726/policy/modules/services/dbus.fc
@@ -16,13 +16,7 @@
 /var/lib/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
 
 /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-')
 
-ifdef(`distro_debian',`
-/usr/lib/gnome-vfs-2.0/gnome-vfs-daemon -- gen_context(system_u:object_r:bin_t,s0)
-')
 ifdef(`distro_redhat',`
 /var/named/chroot/var/run/dbus(/.*)?	gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 ')
diff -u refpolicy-2.20110726/policy/modules/services/fetchmail.fc refpolicy-2.20110726/policy/modules/services/fetchmail.fc
--- refpolicy-2.20110726/policy/modules/services/fetchmail.fc
+++ refpolicy-2.20110726/policy/modules/services/fetchmail.fc
@@ -17,7 +17,4 @@
 
 /var/run/fetchmail/.*		--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fetchmail/.*		--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
-')
 /var/mail/\.fetchmail-UIDL-cache --	gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
 /var/lib/fetchmail(/.*)?		gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ftp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ftp.fc
@@ -23,9 +23,6 @@
 # /var
 #
 /var/run/proftpd.* 		gen_context(system_u:object_r:ftpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/proftpd.* 		gen_context(system_u:object_r:ftpd_var_run_t,s0)
-')
 
 /var/log/muddleftpd\.log.* --	gen_context(system_u:object_r:xferlog_t,s0)
 /var/log/proftpd(/.*)?		gen_context(system_u:object_r:xferlog_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ricci.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ricci.fc
@@ -12,14 +12,5 @@
 /var/log/clumond\.log 		--	gen_context(system_u:object_r:ricci_modcluster_var_log_t,s0)
 
 /var/run/clumond\.sock 		-s	gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clumond\.sock 		-s	gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-')
 /var/run/modclusterd\.pid	--	gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/modclusterd\.pid	--	gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-')
 /var/run/ricci\.pid		--	gen_context(system_u:object_r:ricci_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ricci\.pid		--	gen_context(system_u:object_r:ricci_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/aisexec.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/aisexec.fc
@@ -7,6 +7,3 @@
 /var/log/cluster/aisexec\.log		--	gen_context(system_u:object_r:aisexec_var_log_t,s0)
 
 /var/run/aisexec\.pid			--	gen_context(system_u:object_r:aisexec_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/aisexec\.pid			--	gen_context(system_u:object_r:aisexec_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/dhcp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dhcp.fc
@@ -6,6 +6,3 @@
 /var/lib/dhcp(3)?/dhcpd\.leases.* --	gen_context(system_u:object_r:dhcpd_state_t,s0)
 
 /var/run/dhcpd\.pid		--	gen_context(system_u:object_r:dhcpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dhcpd\.pid		--	gen_context(system_u:object_r:dhcpd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/xserver.fc refpolicy-2.20110726/policy/modules/services/xserver.fc
--- refpolicy-2.20110726/policy/modules/services/xserver.fc
+++ refpolicy-2.20110726/policy/modules/services/xserver.fc
@@ -91,17 +91,8 @@
 /var/log/Xorg.*		--	gen_context(system_u:object_r:xserver_log_t,s0)
 
 /var/run/[gx]dm\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/[gx]dm\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
-')
 /var/run/xdmctl(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xdmctl(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
-')
 /var/run/xauth(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xauth(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
-')
 
 ifdef(`distro_suse',`
 /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/devicekit.fc refpolicy-2.20110726/policy/modules/services/devicekit.fc
--- refpolicy-2.20110726/policy/modules/services/devicekit.fc
+++ refpolicy-2.20110726/policy/modules/services/devicekit.fc
@@ -3,7 +3,6 @@
 /usr/libexec/devkit-power-daemon --	gen_context(system_u:object_r:devicekit_power_exec_t,s0)
 /usr/libexec/udisks-daemon	--	gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
 /usr/lib/udisks/udisks-daemon	--	gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
-/usr/lib/udisks/.*		--	gen_context(system_u:object_r:bin_t,s0)
 ifdef(`distro_debian',`
 /usr/lib/upower/upowerd		--	gen_context(system_u:object_r:devicekit_power_exec_t,s0)
 ', `
@@ -18,15 +17,3 @@
-ifdef(`distro_debian', `
-/run/devkit(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
 /var/run/DeviceKit-disks(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/DeviceKit-disks(/.*)?		gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
 /var/run/udisks(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/udisks(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
 /var/run/upower(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/upower(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/openct.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/openct.fc
@@ -8,6 +8,3 @@
 # /var
 #
 /var/run/openct(/.*)?		gen_context(system_u:object_r:openct_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/openct(/.*)?		gen_context(system_u:object_r:openct_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/smartmon.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/smartmon.fc
@@ -9,7 +9,4 @@
 # /var
 #
 /var/run/smartd\.pid	--	gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/smartd\.pid	--	gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
-')
 
reverted:
--- refpolicy-2.20110726/policy/modules/services/zebra.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/zebra.fc
@@ -18,14 +18,5 @@
 /var/log/zebra(/.*)?		gen_context(system_u:object_r:zebra_log_t,s0)
 
 /var/run/\.zebra	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.zebra	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
-')
 /var/run/\.zserv	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.zserv	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
-')
 /var/run/quagga(/.*)?		gen_context(system_u:object_r:zebra_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/quagga(/.*)?		gen_context(system_u:object_r:zebra_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/stunnel.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/stunnel.fc
@@ -5,6 +5,3 @@
 /usr/sbin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
 
 /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/clogd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/clogd.fc
@@ -1,6 +1,3 @@
 /usr/sbin/clogd			--	gen_context(system_u:object_r:clogd_exec_t,s0)
 
 /var/run/clogd\.pid		--	gen_context(system_u:object_r:clogd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clogd\.pid		--	gen_context(system_u:object_r:clogd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/samba.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/samba.fc
@@ -37,53 +37,17 @@
 /var/log/samba(/.*)?			gen_context(system_u:object_r:samba_log_t,s0)
 
 /var/run/samba/brlock\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/brlock\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
 /var/run/samba/connections\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/connections\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
 /var/run/samba/gencache\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/gencache\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
 /var/run/samba/locking\.tdb 	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/locking\.tdb 	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
 /var/run/samba/messages\.tdb	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/messages\.tdb	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
 /var/run/samba/namelist\.debug	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/namelist\.debug	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
 /var/run/samba/nmbd\.pid	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/nmbd\.pid	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
 /var/run/samba/sessionid\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/sessionid\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
 /var/run/samba/share_info\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/share_info\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
 /var/run/samba/smbd\.pid	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/smbd\.pid	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
 /var/run/samba/unexpected\.tdb	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/unexpected\.tdb	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
 
 /var/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
-')
 
 /var/spool/samba(/.*)?			gen_context(system_u:object_r:samba_var_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/corosync.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/corosync.fc
@@ -9,10 +9,4 @@
 /var/log/cluster/corosync\.log	--	gen_context(system_u:object_r:corosync_var_log_t,s0)
 
 /var/run/cman_.*		-s	gen_context(system_u:object_r:corosync_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cman_.*		-s	gen_context(system_u:object_r:corosync_var_run_t,s0)
-')
 /var/run/corosync\.pid		--	gen_context(system_u:object_r:corosync_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/corosync\.pid		--	gen_context(system_u:object_r:corosync_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/soundserver.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/soundserver.fc
@@ -8,12 +8,6 @@
 /usr/sbin/yiff		--	gen_context(system_u:object_r:soundd_exec_t,s0)
 
 /var/run/nasd(/.*)?		gen_context(system_u:object_r:soundd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nasd(/.*)?		gen_context(system_u:object_r:soundd_var_run_t,s0)
-')
 /var/run/yiff-[0-9]+\.pid --	gen_context(system_u:object_r:soundd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/yiff-[0-9]+\.pid --	gen_context(system_u:object_r:soundd_var_run_t,s0)
-')
 
 /var/state/yiff(/.*)?		gen_context(system_u:object_r:soundd_state_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/asterisk.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/asterisk.fc
@@ -6,7 +6,4 @@
 /var/lib/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_var_lib_t,s0)
 /var/log/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_log_t,s0)
 /var/run/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_var_run_t,s0)
-')
 /var/spool/asterisk(/.*)?	gen_context(system_u:object_r:asterisk_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ssh.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ssh.fc
@@ -14,6 +14,3 @@
 /usr/sbin/sshd			--	gen_context(system_u:object_r:sshd_exec_t,s0)
 
 /var/run/sshd\.init\.pid	--	gen_context(system_u:object_r:sshd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sshd\.init\.pid	--	gen_context(system_u:object_r:sshd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/portmap.fc refpolicy-2.20110726/policy/modules/services/portmap.fc
--- refpolicy-2.20110726/policy/modules/services/portmap.fc
+++ refpolicy-2.20110726/policy/modules/services/portmap.fc
@@ -8,12 +8,6 @@
-ifdef(`distro_debian', `
-/run/portmap_mapping --	gen_context(system_u:object_r:portmap_var_run_t,s0)
-')
 ', `
 /usr/sbin/pmap_dump	--	gen_context(system_u:object_r:portmap_helper_exec_t,s0)
 /usr/sbin/pmap_set	--	gen_context(system_u:object_r:portmap_helper_exec_t,s0)
 ')
 
 /var/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/tor.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/tor.fc
@@ -10,6 +10,3 @@
 /var/log/tor(/.*)?		gen_context(system_u:object_r:tor_var_log_t,s0)
 
 /var/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/apache.fc refpolicy-2.20110726/policy/modules/services/apache.fc
--- refpolicy-2.20110726/policy/modules/services/apache.fc
+++ refpolicy-2.20110726/policy/modules/services/apache.fc
@@ -98,29 +98,11 @@
 ')
 
 /var/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
 /var/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
 /var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
 /var/run/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lighttpd(/.*)?			gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
 /var/run/mod_.*				gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mod_.*				gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
 /var/run/wsgi.*			-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wsgi.*			-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
 
 /var/spool/gosa(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
 /var/spool/squirrelmail(/.*)?		gen_context(system_u:object_r:squirrelmail_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/avahi.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/avahi.fc
@@ -5,8 +5,5 @@
 /usr/sbin/avahi-autoipd 	--	gen_context(system_u:object_r:avahi_exec_t,s0)
 
 /var/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
-')
 
 /var/lib/avahi-autoipd(/.*)?		gen_context(system_u:object_r:avahi_var_lib_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/munin.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/munin.fc
@@ -65,8 +65,5 @@
 /var/lib/munin(/.*)?			gen_context(system_u:object_r:munin_var_lib_t,s0)
 /var/log/munin.*			gen_context(system_u:object_r:munin_log_t,s0)
 /var/run/munin(/.*)?			gen_context(system_u:object_r:munin_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/munin(/.*)?			gen_context(system_u:object_r:munin_var_run_t,s0)
-')
 /var/www/html/munin(/.*)?		gen_context(system_u:object_r:httpd_munin_content_t,s0)
 /var/www/html/munin/cgi(/.*)?		gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/fail2ban.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/fail2ban.fc
@@ -6,6 +6,3 @@
 /var/lib/fail2ban(/.*)?		gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
 /var/log/fail2ban\.log	--	gen_context(system_u:object_r:fail2ban_log_t,s0)
 /var/run/fail2ban.*		gen_context(system_u:object_r:fail2ban_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fail2ban.*		gen_context(system_u:object_r:fail2ban_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/inn.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/inn.fc
@@ -62,12 +62,6 @@
 /var/log/news(/.*)?			gen_context(system_u:object_r:innd_log_t,s0)
 
 /var/run/innd(/.*)?			gen_context(system_u:object_r:innd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/innd(/.*)?			gen_context(system_u:object_r:innd_var_run_t,s0)
-')
 /var/run/news(/.*)?	 		gen_context(system_u:object_r:innd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/news(/.*)?	 		gen_context(system_u:object_r:innd_var_run_t,s0)
-')
 
 /var/spool/news(/.*)?			gen_context(system_u:object_r:news_spool_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/dcc.fc refpolicy-2.20110726/policy/modules/services/dcc.fc
--- refpolicy-2.20110726/policy/modules/services/dcc.fc
+++ refpolicy-2.20110726/policy/modules/services/dcc.fc
@@ -30,11 +30,2 @@
-ifdef(`distro_debian', `
-/run/dcc(/.*)?			gen_context(system_u:object_r:dcc_var_run_t,s0)
-')
 /var/run/dcc/map		--	gen_context(system_u:object_r:dcc_client_map_t,s0)
-ifdef(`distro_debian', `
-/run/dcc/map		--	gen_context(system_u:object_r:dcc_client_map_t,s0)
-')
 /var/run/dcc/dccifd		-s	gen_context(system_u:object_r:dccifd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dcc/dccifd		-s	gen_context(system_u:object_r:dccifd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/mysql.fc refpolicy-2.20110726/policy/modules/services/mysql.fc
--- refpolicy-2.20110726/policy/modules/services/mysql.fc
+++ refpolicy-2.20110726/policy/modules/services/mysql.fc
@@ -32,7 +32 @@
-ifdef(`distro_debian', `
-/run/mysqld(/.*)?		gen_context(system_u:object_r:mysqld_var_run_t,s0)
-')
 /var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ntp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ntp.fc
@@ -20,6 +20,3 @@
 /var/log/xntpd.*		--	gen_context(system_u:object_r:ntpd_log_t,s0)
 
 /var/run/ntpd\.pid		--	gen_context(system_u:object_r:ntpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ntpd\.pid		--	gen_context(system_u:object_r:ntpd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/spamassassin.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/spamassassin.fc
@@ -10,9 +10,6 @@
 /var/lib/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_lib_t,s0)
 
 /var/run/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-')
 
 /var/spool/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_spool_t,s0)
 /var/spool/spamd(/.*)?		gen_context(system_u:object_r:spamd_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/exim.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/exim.fc
@@ -1,14 +1,8 @@
 /usr/sbin/exim[0-9]?		--	gen_context(system_u:object_r:exim_exec_t,s0)
 /var/log/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_log_t,s0)
 /var/run/exim[0-9]?\.pid	--	gen_context(system_u:object_r:exim_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/exim[0-9]?\.pid	--	gen_context(system_u:object_r:exim_var_run_t,s0)
-')
 /var/spool/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_spool_t,s0)
 
 ifdef(`distro_debian',`
 /var/run/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/exim[0-9]?(/.*)?		gen_context(system_u:object_r:exim_var_run_t,s0)
-')
 ')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ldap.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ldap.fc
@@ -5,25 +5,13 @@
 /usr/sbin/slapd		--	gen_context(system_u:object_r:slapd_exec_t,s0)
 
 ifdef(`distro_debian',`
+/usr/lib/slapd		--	gen_context(system_u:object_r:slapd_exec_t,s0)
-/usr/lib/slapd         --      gen_context(system_u:object_r:slapd_exec_t,s0)
 ')
 
 /var/lib/ldap(/.*)?		gen_context(system_u:object_r:slapd_db_t,s0)
 /var/lib/ldap/replog(/.*)?	gen_context(system_u:object_r:slapd_replog_t,s0)
 
 /var/run/ldapi		-s	gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ldapi		-s	gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
 /var/run/openldap(/.*)?		gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/openldap(/.*)?		gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
 /var/run/slapd\.args	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/slapd\.args	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
 /var/run/slapd\.pid	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/slapd\.pid	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ntop.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ntop.fc
@@ -4,6 +4,3 @@
 
 /var/lib/ntop(/.*)?		gen_context(system_u:object_r:ntop_var_lib_t,s0)
 /var/run/ntop\.pid	--	gen_context(system_u:object_r:ntop_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ntop\.pid	--	gen_context(system_u:object_r:ntop_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/mailman.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/mailman.fc
@@ -4,15 +4,8 @@
 /var/lib/mailman(/.*)?			gen_context(system_u:object_r:mailman_data_t,s0)
 /var/lib/mailman/archives(/.*)?		gen_context(system_u:object_r:mailman_archive_t,s0)
 /var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
-/run/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
-')
 /var/log/mailman(/.*)?			gen_context(system_u:object_r:mailman_log_t,s0)
 /var/run/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
-ifdef(`distro_debian', `
-/run/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
-')
 
 #
 # distro_debian
reverted:
--- refpolicy-2.20110726/policy/modules/services/nsd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nsd.fc
@@ -12,6 +12,3 @@
 /var/lib/nsd(/.*)?		gen_context(system_u:object_r:nsd_zone_t,s0)
 /var/lib/nsd/nsd\.db	--	gen_context(system_u:object_r:nsd_db_t,s0)
 /var/run/nsd\.pid	--	gen_context(system_u:object_r:nsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nsd\.pid	--	gen_context(system_u:object_r:nsd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/uucp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/uucp.fc
@@ -7,9 +7,5 @@
 /var/spool/uucppublic(/.*)?	gen_context(system_u:object_r:uucpd_spool_t,s0)
 
 /var/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
-/run/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
-')
 
 /var/log/uucp(/.*)?		gen_context(system_u:object_r:uucpd_log_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/apm.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/apm.fc
@@ -14,21 +14,9 @@
 /var/log/acpid.*	--	gen_context(system_u:object_r:apmd_log_t,s0)
 
 /var/run/\.?acpid\.socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.?acpid\.socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
 /var/run/apmd\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/apmd\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
 /var/run/powersaved\.pid --	gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/powersaved\.pid --	gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
 /var/run/powersave_socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/powersave_socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
 
 ifdef(`distro_suse',`
 /var/lib/acpi(/.*)?		gen_context(system_u:object_r:apmd_var_lib_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/policykit.fc refpolicy-2.20110726/policy/modules/services/policykit.fc
--- refpolicy-2.20110726/policy/modules/services/policykit.fc
+++ refpolicy-2.20110726/policy/modules/services/policykit.fc
@@ -16,5 +16,2 @@
 /var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
-')
 
reverted:
--- refpolicy-2.20110726/policy/modules/services/canna.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/canna.fc
@@ -19,14 +19,5 @@
 /var/log/wnn(/.*)?		gen_context(system_u:object_r:canna_log_t,s0)
 
 /var/run/\.iroha_unix	-d	gen_context(system_u:object_r:canna_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.iroha_unix	-d	gen_context(system_u:object_r:canna_var_run_t,s0)
-')
 /var/run/\.iroha_unix/.* -s	gen_context(system_u:object_r:canna_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.iroha_unix/.* -s	gen_context(system_u:object_r:canna_var_run_t,s0)
-')
 /var/run/wnn-unix(/.*)		gen_context(system_u:object_r:canna_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wnn-unix(/.*)		gen_context(system_u:object_r:canna_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/psad.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/psad.fc
@@ -6,6 +6,3 @@
 /var/lib/psad(/.*)?			gen_context(system_u:object_r:psad_var_lib_t,s0)
 /var/log/psad(/.*)?			gen_context(system_u:object_r:psad_var_log_t,s0)
 /var/run/psad(/.*)?			gen_context(system_u:object_r:psad_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/psad(/.*)?			gen_context(system_u:object_r:psad_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/snort.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/snort.fc
@@ -7,6 +7,3 @@
 /var/log/snort(/.*)?		gen_context(system_u:object_r:snort_log_t,s0)
 
 /var/run/snort.*	--	gen_context(system_u:object_r:snort_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/snort.*	--	gen_context(system_u:object_r:snort_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/transproxy.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/transproxy.fc
@@ -1,6 +1,3 @@
 /usr/sbin/tproxy	--	gen_context(system_u:object_r:transproxy_exec_t,s0)
 
 /var/run/tproxy\.pid	--	gen_context(system_u:object_r:transproxy_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tproxy\.pid	--	gen_context(system_u:object_r:transproxy_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pxe.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pxe.fc
@@ -4,6 +4,3 @@
 /var/log/pxe\.log	--	gen_context(system_u:object_r:pxe_log_t,s0)
 
 /var/run/pxe\.pid	--	gen_context(system_u:object_r:pxe_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pxe\.pid	--	gen_context(system_u:object_r:pxe_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/snmp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/snmp.fc
@@ -21,10 +21,4 @@
 /var/net-snmp(/.*)		gen_context(system_u:object_r:snmpd_var_lib_t,s0)
 
 /var/run/snmpd(/.*)?		gen_context(system_u:object_r:snmpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/snmpd(/.*)?		gen_context(system_u:object_r:snmpd_var_run_t,s0)
-')
 /var/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ccs.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ccs.fc
@@ -3,10 +3,4 @@
 /sbin/ccsd		--	gen_context(system_u:object_r:ccs_exec_t,s0)
 
 /var/run/cluster/ccsd\.pid --	gen_context(system_u:object_r:ccs_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/ccsd\.pid --	gen_context(system_u:object_r:ccs_var_run_t,s0)
-')
 /var/run/cluster/ccsd\.sock -s	gen_context(system_u:object_r:ccs_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/ccsd\.sock -s	gen_context(system_u:object_r:ccs_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/cron.fc refpolicy-2.20110726/policy/modules/services/cron.fc
--- refpolicy-2.20110726/policy/modules/services/cron.fc
+++ refpolicy-2.20110726/policy/modules/services/cron.fc
@@ -13,29 +13,11 @@
 /usr/sbin/fcron			--	gen_context(system_u:object_r:crond_exec_t,s0)
 
 /var/run/anacron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/anacron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-')
 /var/run/atd\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/atd\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-')
 /var/run/crond?\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/crond?\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-')
 /var/run/crond\.reboot		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/crond\.reboot		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-')
 /var/run/fcron\.fifo		-s	gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fcron\.fifo		-s	gen_context(system_u:object_r:crond_var_run_t,s0)
-')
 /var/run/fcron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fcron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
-')
 
 ifdef(`distro_debian', `
 /var/spool/cron/atspool        -d      gen_context(system_u:object_r:cron_spool_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/milter.te refpolicy-2.20110726/policy/modules/services/milter.te
--- refpolicy-2.20110726/policy/modules/services/milter.te
+++ refpolicy-2.20110726/policy/modules/services/milter.te
@@ -100,0 +101,4 @@
+
+optional_policy(`
+	postfix_search_spool(spamass_milter_t)
+')
reverted:
--- refpolicy-2.20110726/policy/modules/services/i18n_input.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/i18n_input.fc
@@ -17,6 +17,3 @@
 #
 
 /var/run/iiim(/.*)?		 gen_context(system_u:object_r:i18n_input_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/iiim(/.*)?		 gen_context(system_u:object_r:i18n_input_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/memcached.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/memcached.fc
@@ -3,6 +3,3 @@
 /usr/bin/memcached		--	gen_context(system_u:object_r:memcached_exec_t,s0)
 
 /var/run/memcached(/.*)?		gen_context(system_u:object_r:memcached_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/memcached(/.*)?		gen_context(system_u:object_r:memcached_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pads.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pads.fc
@@ -8,6 +8,3 @@
 /usr/bin/pads		--	gen_context(system_u:object_r:pads_exec_t, s0)
 
 /var/run/pads.pid	--	gen_context(system_u:object_r:pads_var_run_t, s0)
-ifdef(`distro_debian', `
-/run/pads.pid	--	gen_context(system_u:object_r:pads_var_run_t, s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/nscd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nscd.fc
@@ -8,15 +8,6 @@
 /var/log/nscd\.log.*	--	gen_context(system_u:object_r:nscd_log_t,s0)
 
 /var/run/nscd\.pid	--	gen_context(system_u:object_r:nscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nscd\.pid	--	gen_context(system_u:object_r:nscd_var_run_t,s0)
-')
 /var/run/\.nscd_socket	-s	gen_context(system_u:object_r:nscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.nscd_socket	-s	gen_context(system_u:object_r:nscd_var_run_t,s0)
-')
 
 /var/run/nscd(/.*)?		gen_context(system_u:object_r:nscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nscd(/.*)?		gen_context(system_u:object_r:nscd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/postfix.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postfix.fc
@@ -29,8 +29,6 @@
 /usr/lib(64)?/postfix/bounce	-- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
 /usr/lib(64)?/postfix/pipe	-- gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
 /usr/lib(64)?/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
-/etc/network/if-down.d/postfix -- gen_context(system_u:object_r:initrc_exec_t,s0)
-/etc/network/if-up.d/postfix -- gen_context(system_u:object_r:initrc_exec_t,s0)
 ')
 /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
 /etc/postfix/prng_exch	--	gen_context(system_u:object_r:postfix_prng_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/dante.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dante.fc
@@ -4,6 +4,3 @@
 /usr/sbin/sockd		--	gen_context(system_u:object_r:dante_exec_t,s0)
 
 /var/run/sockd\.pid	--	gen_context(system_u:object_r:dante_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sockd\.pid	--	gen_context(system_u:object_r:dante_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/openvpn.fc refpolicy-2.20110726/policy/modules/services/openvpn.fc
--- refpolicy-2.20110726/policy/modules/services/openvpn.fc
+++ refpolicy-2.20110726/policy/modules/services/openvpn.fc
@@ -18,7 +18 @@
-ifdef(`distro_debian', `
-/run/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_var_run_t,s0)
-')
 /var/run/openvpn.client.* --    gen_context(system_u:object_r:openvpn_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/openvpn.client.* --    gen_context(system_u:object_r:openvpn_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/fetchmail.te refpolicy-2.20110726/policy/modules/services/fetchmail.te
--- refpolicy-2.20110726/policy/modules/services/fetchmail.te
+++ refpolicy-2.20110726/policy/modules/services/fetchmail.te
@@ -38,13 +38,16 @@
 allow fetchmail_t self:udp_socket create_socket_perms;
 
 allow fetchmail_t fetchmail_etc_t:file read_file_perms;
+files_read_usr_files(fetchmail_t)
 
+allow fetchmail_t fetchmail_uidl_cache_t:dir manage_dir_perms;
 allow fetchmail_t fetchmail_uidl_cache_t:file manage_file_perms;
 mta_spool_filetrans(fetchmail_t, fetchmail_uidl_cache_t, file)
 
 manage_dirs_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
 manage_files_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
 files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, { dir file })
+files_search_var_lib(fetchmail_t)
 
 kernel_read_kernel_sysctls(fetchmail_t)
 kernel_list_proc(fetchmail_t)
reverted:
--- refpolicy-2.20110726/policy/modules/services/lircd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/lircd.fc
@@ -6,14 +6,5 @@
 /usr/sbin/lircd		--	gen_context(system_u:object_r:lircd_exec_t,s0)
 
 /var/run/lirc(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lirc(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-')
 /var/run/lircd(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lircd(/.*)?		gen_context(system_u:object_r:lircd_var_run_t,s0)
-')
 /var/run/lircd\.pid		gen_context(system_u:object_r:lircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lircd\.pid		gen_context(system_u:object_r:lircd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/puppet.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/puppet.fc
@@ -9,6 +9,3 @@
 /var/lib/puppet(/.*)?			gen_context(system_u:object_r:puppet_var_lib_t,s0)
 /var/log/puppet(/.*)?			gen_context(system_u:object_r:puppet_log_t,s0)
 /var/run/puppet(/.*)?			gen_context(system_u:object_r:puppet_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/puppet(/.*)?			gen_context(system_u:object_r:puppet_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rsync.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rsync.fc
@@ -5,6 +5,3 @@
 /var/log/rsync\.log	--	gen_context(system_u:object_r:rsync_log_t,s0)
 
 /var/run/rsyncd\.lock	--	gen_context(system_u:object_r:rsync_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rsyncd\.lock	--	gen_context(system_u:object_r:rsync_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/tuned.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/tuned.fc
@@ -6,6 +6,3 @@
 /var/log/tuned\.log		--	gen_context(system_u:object_r:tuned_log_t,s0)
 
 /var/run/tuned\.pid		--	gen_context(system_u:object_r:tuned_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tuned\.pid		--	gen_context(system_u:object_r:tuned_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rhcs.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rhcs.fc
@@ -6,10 +6,6 @@
 /usr/sbin/qdiskd			--	gen_context(system_u:object_r:qdiskd_exec_t,s0)
 
 /var/lock/fence_manual\.lock		--	gen_context(system_u:object_r:fenced_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/fence_manual\.lock		--	gen_context(system_u:object_r:fenced_lock_t,s0)
-/run/lock/fence_manual\.lock		--	gen_context(system_u:object_r:fenced_lock_t,s0)
-')
 
 /var/lib/qdiskd(/.*)?				gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
 
@@ -19,26 +15,8 @@
 /var/log/cluster/qdiskd\.log.*		--	gen_context(system_u:object_r:qdiskd_var_log_t,s0)
 
 /var/run/cluster/fenced_override	--	gen_context(system_u:object_r:fenced_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/fenced_override	--	gen_context(system_u:object_r:fenced_var_run_t,s0)
-')
 /var/run/dlm_controld\.pid		--	gen_context(system_u:object_r:dlm_controld_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dlm_controld\.pid		--	gen_context(system_u:object_r:dlm_controld_var_run_t,s0)
-')
 /var/run/fenced\.pid			--	gen_context(system_u:object_r:fenced_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fenced\.pid			--	gen_context(system_u:object_r:fenced_var_run_t,s0)
-')
 /var/run/gfs_controld\.pid		--	gen_context(system_u:object_r:gfs_controld_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gfs_controld\.pid		--	gen_context(system_u:object_r:gfs_controld_var_run_t,s0)
-')
 /var/run/groupd\.pid			--	gen_context(system_u:object_r:groupd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/groupd\.pid			--	gen_context(system_u:object_r:groupd_var_run_t,s0)
-')
 /var/run/qdiskd\.pid			--	gen_context(system_u:object_r:qdiskd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/qdiskd\.pid			--	gen_context(system_u:object_r:qdiskd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ifplugd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ifplugd.fc
@@ -5,6 +5,3 @@
 /usr/sbin/ifplugd		--	gen_context(system_u:object_r:ifplugd_exec_t,s0)
 
 /var/run/ifplugd.*			gen_context(system_u:object_r:ifplugd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ifplugd.*			gen_context(system_u:object_r:ifplugd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/cpucontrol.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/cpucontrol.fc
@@ -8,6 +8,3 @@
 /usr/sbin/powernowd	--	gen_context(system_u:object_r:cpuspeed_exec_t,s0)
 
 /var/run/cpufreqd\.pid	--	gen_context(system_u:object_r:cpuspeed_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cpufreqd\.pid	--	gen_context(system_u:object_r:cpuspeed_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pyicqt.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pyicqt.fc
@@ -3,8 +3,5 @@
 /usr/share/pyicq-t/PyICQt\.py	--	gen_context(system_u:object_r:pyicqt_exec_t,s0)
 
 /var/run/pyicq-t(/.*)?			gen_context(system_u:object_r:pyicqt_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pyicq-t(/.*)?			gen_context(system_u:object_r:pyicqt_var_run_t,s0)
-')
 
 /var/spool/pyicq-t(/.*)?		gen_context(system_u:object_r:pyicqt_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ddclient.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ddclient.fc
@@ -9,10 +9,4 @@
 /var/lib/ddt-client(/.*)?	gen_context(system_u:object_r:ddclient_var_lib_t,s0)
 /var/log/ddtcd\.log.*	--	gen_context(system_u:object_r:ddclient_log_t,s0)
 /var/run/ddclient\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ddclient\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
-')
 /var/run/ddtcd\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ddtcd\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ppp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ppp.fc
@@ -29,22 +29,10 @@
 # /var
 #
 /var/run/(i)?ppp.*pid[^/]*	--	gen_context(system_u:object_r:pppd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/(i)?ppp.*pid[^/]*	--	gen_context(system_u:object_r:pppd_var_run_t,s0)
-')
 /var/run/pppd[0-9]*\.tdb	--	gen_context(system_u:object_r:pppd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pppd[0-9]*\.tdb	--	gen_context(system_u:object_r:pppd_var_run_t,s0)
-')
 /var/run/ppp(/.*)?			gen_context(system_u:object_r:pppd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ppp(/.*)?			gen_context(system_u:object_r:pppd_var_run_t,s0)
-')
 # Fix pptp sockets
 /var/run/pptp(/.*)?			gen_context(system_u:object_r:pptp_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pptp(/.*)?			gen_context(system_u:object_r:pptp_var_run_t,s0)
-')
 
 /var/log/ppp-connect-errors.*	--	gen_context(system_u:object_r:pppd_log_t,s0)
 /var/log/ppp/.*			--	gen_context(system_u:object_r:pppd_log_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ircd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ircd.fc
@@ -5,6 +5,3 @@
 /var/lib/dancer-ircd(/.*)?	gen_context(system_u:object_r:ircd_var_lib_t,s0)
 /var/log/(dancer-)?ircd(/.*)?	gen_context(system_u:object_r:ircd_log_t,s0)
 /var/run/dancer-ircd(/.*)?	gen_context(system_u:object_r:ircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dancer-ircd(/.*)?	gen_context(system_u:object_r:ircd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rpcbind.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rpcbind.fc
@@ -5,14 +5,5 @@
 /var/lib/rpcbind(/.*)?		gen_context(system_u:object_r:rpcbind_var_lib_t,s0)
 
 /var/run/rpc.statd\.pid	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpc.statd\.pid	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-')
 /var/run/rpcbind\.lock	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpcbind\.lock	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-')
 /var/run/rpcbind\.sock	-s	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpcbind\.sock	-s	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/varnishd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/varnishd.fc
@@ -14,14 +14,5 @@
 /var/log/varnish(/.*)?			gen_context(system_u:object_r:varnishlog_log_t,s0)
 
 /var/run/varnish\.pid		--	gen_context(system_u:object_r:varnishd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/varnish\.pid		--	gen_context(system_u:object_r:varnishd_var_run_t,s0)
-')
 /var/run/varnishlog\.pid	--	gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/varnishlog\.pid	--	gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-')
 /var/run/varnishncsa\.pid	--	gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/varnishncsa\.pid	--	gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/hal.fc refpolicy-2.20110726/policy/modules/services/hal.fc
--- refpolicy-2.20110726/policy/modules/services/hal.fc
+++ refpolicy-2.20110726/policy/modules/services/hal.fc
@@ -22,29 +22,11 @@
 /var/log/pm-.*\.log.*				gen_context(system_u:object_r:hald_log_t,s0)
 
 /var/run/hald(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hald(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-')
 /var/run/haldaemon\.pid	--	 		gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/haldaemon\.pid	--	 		gen_context(system_u:object_r:hald_var_run_t,s0)
-')
 /var/run/pm(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pm(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-')
 /var/run/pm-utils(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pm-utils(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
-')
 /var/run/synce.*	 			gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/synce.*	 			gen_context(system_u:object_r:hald_var_run_t,s0)
-')
 /var/run/vbe.*	 	--			gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/vbe.*	 	--			gen_context(system_u:object_r:hald_var_run_t,s0)
-')
 
 ifdef(`distro_gentoo',`
 /var/lib/cache/hald(/.*)?			gen_context(system_u:object_r:hald_cache_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/nut.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nut.fc
@@ -6,9 +6,6 @@
 /usr/sbin/upsmon --	gen_context(system_u:object_r:nut_upsmon_exec_t,s0)
 
 /var/run/nut(/.*)?	gen_context(system_u:object_r:nut_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nut(/.*)?	gen_context(system_u:object_r:nut_var_run_t,s0)
-')
 
 /var/www/nut-cgi-bin/upsimage\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
 /var/www/nut-cgi-bin/upsset\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/vhostmd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/vhostmd.fc
@@ -3,6 +3,3 @@
 /usr/sbin/vhostmd		--	gen_context(system_u:object_r:vhostmd_exec_t,s0)
 
 /var/run/vhostmd.pid		--	gen_context(system_u:object_r:vhostmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/vhostmd.pid		--	gen_context(system_u:object_r:vhostmd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/sssd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/sssd.fc
@@ -9,6 +9,3 @@
 /var/log/sssd(/.*)?		gen_context(system_u:object_r:sssd_var_log_t,s0)
 
 /var/run/sssd.pid	--	gen_context(system_u:object_r:sssd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sssd.pid	--	gen_context(system_u:object_r:sssd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/nagios.fc refpolicy-2.20110726/policy/modules/services/nagios.fc
--- refpolicy-2.20110726/policy/modules/services/nagios.fc
+++ refpolicy-2.20110726/policy/modules/services/nagios.fc
@@ -1,5 +1,5 @@
 /etc/nagios(/.*)?					gen_context(system_u:object_r:nagios_etc_t,s0)
-/etc/nagios/nrpe\.*				--	gen_context(system_u:object_r:nrpe_etc_t,s0)
+/etc/nagios/nrpe\.cfg				--	gen_context(system_u:object_r:nrpe_etc_t,s0)
 ifndef(`distro_debian', `
 /etc/rc\.d/init\.d/nagios			--	gen_context(system_u:object_r:nagios_initrc_exec_t,s0)
 /etc/rc\.d/init\.d/nrpe				--	gen_context(system_u:object_r:nagios_initrc_exec_t,s0)
@@ -15,9 +15,6 @@
 /var/log/netsaint(/.*)?					gen_context(system_u:object_r:nagios_log_t,s0)
 
 /var/run/nagios.*					gen_context(system_u:object_r:nagios_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nagios.*					gen_context(system_u:object_r:nagios_var_run_t,s0)
-')
 
 /var/spool/nagios(/.*)?					gen_context(system_u:object_r:nagios_spool_t,s0)
 
reverted:
--- refpolicy-2.20110726/policy/modules/services/dkim.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dkim.fc
@@ -5,14 +5,5 @@
 /var/db/dkim(/.*)?			gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
 
 /var/run/dkim-filter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/dkim-filter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
-')
 /var/run/dkim-milter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/dkim-milter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
-')
 /var/run/dkim-milter\.pid	--	gen_context(system_u:object_r:dkim_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/dkim-milter\.pid	--	gen_context(system_u:object_r:dkim_milter_data_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/watchdog.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/watchdog.fc
@@ -3,6 +3,3 @@
 /var/log/watchdog(/.*)?		gen_context(system_u:object_r:watchdog_log_t,s0)
 
 /var/run/watchdog\.pid	--	gen_context(system_u:object_r:watchdog_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/watchdog\.pid	--	gen_context(system_u:object_r:watchdog_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/postfixpolicyd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postfixpolicyd.fc
@@ -4,6 +4,3 @@
 /usr/sbin/policyd		--	gen_context(system_u:object_r:postfix_policyd_exec_t, s0)
 
 /var/run/policyd\.pid		--	gen_context(system_u:object_r:postfix_policyd_var_run_t, s0)
-ifdef(`distro_debian', `
-/run/policyd\.pid		--	gen_context(system_u:object_r:postfix_policyd_var_run_t, s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/lpd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/lpd.fc
@@ -35,6 +35,3 @@
 /var/spool/cups-pdf(/.*)?	gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
 /var/spool/lpd(/.*)?		gen_context(system_u:object_r:print_spool_t,s0)
 /var/run/lprng(/.*)?		gen_context(system_u:object_r:lpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lprng(/.*)?		gen_context(system_u:object_r:lpd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/denyhosts.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/denyhosts.fc
@@ -4,8 +4,4 @@
 
 /var/lib/denyhosts(/.*)?		gen_context(system_u:object_r:denyhosts_var_lib_t,s0)
 /var/lock/subsys/denyhosts	--	gen_context(system_u:object_r:denyhosts_var_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/subsys/denyhosts	--	gen_context(system_u:object_r:denyhosts_var_lock_t,s0)
-/run/lock/subsys/denyhosts	--	gen_context(system_u:object_r:denyhosts_var_lock_t,s0)
-')
 /var/log/denyhosts(/.*)?		gen_context(system_u:object_r:denyhosts_var_log_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/icecast.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/icecast.fc
@@ -5,6 +5,3 @@
 /var/log/icecast(/.*)?			gen_context(system_u:object_r:icecast_log_t,s0)
 
 /var/run/icecast(/.*)?			gen_context(system_u:object_r:icecast_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/icecast(/.*)?			gen_context(system_u:object_r:icecast_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/networkmanager.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/networkmanager.fc
@@ -20,22 +20,7 @@
 /var/log/wpa_supplicant.*	--	gen_context(system_u:object_r:NetworkManager_log_t,s0)
 
 /var/run/NetworkManager\.pid	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/NetworkManager\.pid	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
 /var/run/NetworkManager(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/NetworkManager(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
 /var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
 /var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
 /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/sasl.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/sasl.fc
@@ -10,6 +10,3 @@
 #
 /var/lib/sasl2(/.*)?		gen_context(system_u:object_r:saslauthd_var_run_t,s0)
 /var/run/saslauthd(/.*)?	gen_context(system_u:object_r:saslauthd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/saslauthd(/.*)?	gen_context(system_u:object_r:saslauthd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/smokeping.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/smokeping.fc
@@ -7,6 +7,3 @@
 /var/lib/smokeping(/.*)?		gen_context(system_u:object_r:smokeping_var_lib_t,s0)
 
 /var/run/smokeping(/.*)?		gen_context(system_u:object_r:smokeping_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/smokeping(/.*)?		gen_context(system_u:object_r:smokeping_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/radvd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/radvd.fc
@@ -4,10 +4,4 @@
 /usr/sbin/radvd		--	gen_context(system_u:object_r:radvd_exec_t,s0)
 
 /var/run/radvd\.pid	--	gen_context(system_u:object_r:radvd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radvd\.pid	--	gen_context(system_u:object_r:radvd_var_run_t,s0)
-')
 /var/run/radvd(/.*)?		gen_context(system_u:object_r:radvd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radvd(/.*)?		gen_context(system_u:object_r:radvd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/howl.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/howl.fc
@@ -3,6 +3,3 @@
 /usr/bin/nifd		--	gen_context(system_u:object_r:howl_exec_t,s0)
 
 /var/run/nifd\.pid	--	gen_context(system_u:object_r:howl_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nifd\.pid	--	gen_context(system_u:object_r:howl_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/dovecot.fc refpolicy-2.20110726/policy/modules/services/dovecot.fc
--- refpolicy-2.20110726/policy/modules/services/dovecot.fc
+++ refpolicy-2.20110726/policy/modules/services/dovecot.fc
@@ -25,7 +25,6 @@
 
 ifdef(`distro_debian', `
 /usr/lib/dovecot/dovecot-auth 	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
-/usr/lib/dovecot/.+             --      gen_context(system_u:object_r:bin_t,s0)
 ')
 
 ifdef(`distro_redhat', `
@@ -39,15 +38,9 @@
 # /var
 #
 /var/run/dovecot(-login)?(/.*)?		gen_context(system_u:object_r:dovecot_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dovecot(-login)?(/.*)?		gen_context(system_u:object_r:dovecot_var_run_t,s0)
-')
 ifdef(`distro_redhat', `
 # this is a hard link to /var/lib/dovecot/ssl-parameters.dat
 /var/run/dovecot/login/ssl-parameters.dat	gen_context(system_u:object_r:dovecot_var_lib_t,s0)
-ifdef(`distro_debian', `
-/run/dovecot/login/ssl-parameters.dat	gen_context(system_u:object_r:dovecot_var_lib_t,s0)
-')
 ')
 
 /var/lib/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_var_lib_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/amavis.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/amavis.fc
@@ -3,21 +3,16 @@
 /etc/amavisd(/.*)?			gen_context(system_u:object_r:amavis_etc_t,s0)
 /etc/rc\.d/init\.d/amavis	--	gen_context(system_u:object_r:amavis_initrc_exec_t,s0)
 
-ifdef(`strict_policy',`
 /usr/sbin/amavisd.*		--	gen_context(system_u:object_r:amavis_exec_t,s0)
 /usr/lib(64)?/AntiVir/antivir	--	gen_context(system_u:object_r:amavis_exec_t,s0)
-')
 
 ifdef(`distro_debian',`
+/usr/sbin/amavisd-new-cronjob	--	gen_context(system_u:object_r:amavis_exec_t,s0)
-/usr/sbin/amavisd-new-cronjob  --      gen_context(system_u:object_r:amavis_exec_t,s0)
 ')
 
 /var/amavis(/.*)?			gen_context(system_u:object_r:amavis_var_lib_t,s0)
 /var/lib/amavis(/.*)?			gen_context(system_u:object_r:amavis_var_lib_t,s0)
 /var/log/amavisd\.log		--	gen_context(system_u:object_r:amavis_var_log_t,s0)
 /var/run/amavis(d)?(/.*)?		gen_context(system_u:object_r:amavis_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/amavis(d)?(/.*)?		gen_context(system_u:object_r:amavis_var_run_t,s0)
-')
 /var/spool/amavisd(/.*)?		gen_context(system_u:object_r:amavis_spool_t,s0)
 /var/virusmails(/.*)?			gen_context(system_u:object_r:amavis_quarantine_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/cyphesis.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/cyphesis.fc
@@ -3,6 +3,3 @@
 /var/log/cyphesis(/.*)?		gen_context(system_u:object_r:cyphesis_log_t,s0)
 
 /var/run/cyphesis(/.*)?		gen_context(system_u:object_r:cyphesis_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cyphesis(/.*)?		gen_context(system_u:object_r:cyphesis_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/dictd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dictd.fc
@@ -7,6 +7,3 @@
 /var/lib/dictd(/.*)?		gen_context(system_u:object_r:dictd_var_lib_t,s0)
 
 /var/run/dictd\.pid	--	gen_context(system_u:object_r:dictd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dictd\.pid	--	gen_context(system_u:object_r:dictd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/gatekeeper.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/gatekeeper.fc
@@ -5,10 +5,4 @@
 
 /var/log/gnugk(/.*)?		gen_context(system_u:object_r:gatekeeper_log_t,s0)
 /var/run/gk\.pid	--	gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gk\.pid	--	gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-')
 /var/run/gnugk(/.*)?		gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gnugk(/.*)?		gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/nis.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nis.fc
@@ -16,18 +16,6 @@
 /var/yp(/.*)?			gen_context(system_u:object_r:var_yp_t,s0)
 
 /var/run/ypxfrd.*	--	gen_context(system_u:object_r:ypxfr_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ypxfrd.*	--	gen_context(system_u:object_r:ypxfr_var_run_t,s0)
-')
 /var/run/ypbind.*	--	gen_context(system_u:object_r:ypbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ypbind.*	--	gen_context(system_u:object_r:ypbind_var_run_t,s0)
-')
 /var/run/ypserv.*	--	gen_context(system_u:object_r:ypserv_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ypserv.*	--	gen_context(system_u:object_r:ypserv_var_run_t,s0)
-')
 /var/run/yppass.*	--	gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/yppass.*	--	gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/automount.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/automount.fc
@@ -14,6 +14,3 @@
 #
 
 /var/run/autofs.*		gen_context(system_u:object_r:automount_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/autofs.*		gen_context(system_u:object_r:automount_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/clamav.fc refpolicy-2.20110726/policy/modules/services/clamav.fc
--- refpolicy-2.20110726/policy/modules/services/clamav.fc
+++ refpolicy-2.20110726/policy/modules/services/clamav.fc
@@ -9,17 +9,8 @@
 /usr/sbin/clamav-milter		--	gen_context(system_u:object_r:clamd_exec_t,s0)
 
 /var/run/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
 /var/run/clamd\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clamd\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
 /var/run/clamav\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clamav\..*			gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
 /var/spool/postfix/clamav(/.*)?		gen_context(system_u:object_r:clamd_var_run_t,s0)
 
 /var/clamav(/.*)?			gen_context(system_u:object_r:clamd_var_lib_t,s0)
@@ -28,9 +19,6 @@
 /var/log/clamav/freshclam.*	--	gen_context(system_u:object_r:freshclam_var_log_t,s0)
 /var/log/clamd.*			gen_context(system_u:object_r:clamd_var_log_t,s0)
 /var/run/amavis(d)?/clamd\.pid	--	gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/amavis(d)?/clamd\.pid	--	gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
 /var/spool/amavisd/clamd\.sock	-s	gen_context(system_u:object_r:clamd_var_run_t,s0)
 
 /etc/amavis\.conf		--	gen_context(system_u:object_r:clamd_etc_t,s0)
@@ -46,9 +34,6 @@
 /var/lib/amavis(/.*)?			gen_context(system_u:object_r:clamd_var_lib_t,s0)
 /var/log/amavisd\.log		--	gen_context(system_u:object_r:clamd_var_lib_t,s0)
 /var/run/amavis(d)?(/.*)?		gen_context(system_u:object_r:clamd_var_lib_t,s0)
-ifdef(`distro_debian', `
-/run/amavis(d)?(/.*)?		gen_context(system_u:object_r:clamd_var_lib_t,s0)
-')
 /var/spool/amavisd(/.*)?		gen_context(system_u:object_r:clamd_spool_t,s0)
 /var/virusmails(/.*)?			gen_context(system_u:object_r:clamd_spool_t,s0)
 /var/spool/MailScanner(/.*)?		gen_context(system_u:object_r:clamd_var_run_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/inetd.te refpolicy-2.20110726/policy/modules/services/inetd.te
--- refpolicy-2.20110726/policy/modules/services/inetd.te
+++ refpolicy-2.20110726/policy/modules/services/inetd.te
@@ -40,7 +40,7 @@
 
 allow inetd_t self:capability { setuid setgid };
 dontaudit inetd_t self:capability sys_tty_config;
-allow inetd_t self:process { setsched setexec };
+allow inetd_t self:process { setrlimit setsched setexec };
 allow inetd_t self:fifo_file rw_fifo_file_perms;
 allow inetd_t self:tcp_socket create_stream_socket_perms;
 allow inetd_t self:udp_socket create_socket_perms;
reverted:
--- refpolicy-2.20110726/policy/modules/services/postgrey.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postgrey.fc
@@ -7,12 +7,6 @@
 /var/lib/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_var_lib_t,s0)
 
 /var/run/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_var_run_t,s0)
-')
 /var/run/postgrey\.pid	--	gen_context(system_u:object_r:postgrey_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postgrey\.pid	--	gen_context(system_u:object_r:postgrey_var_run_t,s0)
-')
 
 /var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/plymouthd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/plymouthd.fc
@@ -4,7 +4,4 @@
 
 /var/lib/plymouth(/.*)?			gen_context(system_u:object_r:plymouthd_var_lib_t,s0)
 /var/run/plymouth(/.*)?			gen_context(system_u:object_r:plymouthd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/plymouth(/.*)?			gen_context(system_u:object_r:plymouthd_var_run_t,s0)
-')
 /var/spool/plymouth(/.*)?		gen_context(system_u:object_r:plymouthd_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/nslcd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nslcd.fc
@@ -2,6 +2,3 @@
 /etc/rc\.d/init\.d/nslcd --	gen_context(system_u:object_r:nslcd_initrc_exec_t,s0)
 /usr/sbin/nslcd		--	gen_context(system_u:object_r:nslcd_exec_t,s0)
 /var/run/nslcd(/.*)?		gen_context(system_u:object_r:nslcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nslcd(/.*)?		gen_context(system_u:object_r:nslcd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/squid.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/squid.fc
@@ -10,8 +10,5 @@
 /var/log/squid(/.*)?		gen_context(system_u:object_r:squid_log_t,s0)
 /var/log/squidGuard(/.*)?	gen_context(system_u:object_r:squid_log_t,s0)
 /var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
-')
 /var/spool/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
 /var/squidGuard(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/portreserve.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/portreserve.fc
@@ -5,6 +5,3 @@
 /sbin/portreserve		--	gen_context(system_u:object_r:portreserve_exec_t,s0)
 
 /var/run/portreserve(/.*)? 		gen_context(system_u:object_r:portreserve_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/portreserve(/.*)? 		gen_context(system_u:object_r:portreserve_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/certmaster.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/certmaster.fc
@@ -6,6 +6,3 @@
 /var/lib/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_lib_t,s0)
 /var/log/certmaster(/.*)?		gen_context(system_u:object_r:certmaster_var_log_t,s0)
 /var/run/certmaster.*			gen_context(system_u:object_r:certmaster_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/certmaster.*			gen_context(system_u:object_r:certmaster_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/radius.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/radius.fc
@@ -20,10 +20,4 @@
 /var/log/radwtmp.*	--	gen_context(system_u:object_r:radiusd_log_t,s0)
 
 /var/run/radiusd(/.*)?		gen_context(system_u:object_r:radiusd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radiusd(/.*)?		gen_context(system_u:object_r:radiusd_var_run_t,s0)
-')
 /var/run/radiusd\.pid	--	gen_context(system_u:object_r:radiusd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radiusd\.pid	--	gen_context(system_u:object_r:radiusd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/consolekit.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/consolekit.fc
@@ -3,15 +3,5 @@
 /var/log/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_log_t,s0)
 
 /var/run/consolekit\.pid	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/consolekit\.pid	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
-')
 /var/run/console-kit-daemon\.pid --	gen_context(system_u:object_r:consolekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/console-kit-daemon\.pid --	gen_context(system_u:object_r:consolekit_var_run_t,s0)
-')
 /var/run/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ConsoleKit(/.*)?		gen_context(system_u:object_r:consolekit_var_run_t,s0)
-')
-/usr/lib/ConsoleKit(/.*)?		gen_context(system_u:object_r:bin_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/certmonger.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/certmonger.fc
@@ -4,6 +4,3 @@
 
 /var/lib/certmonger(/.*)?		gen_context(system_u:object_r:certmonger_var_lib_t,s0)
 /var/run/certmonger.pid		--	gen_context(system_u:object_r:certmonger_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/certmonger.pid		--	gen_context(system_u:object_r:certmonger_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/postgresql.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postgresql.fc
@@ -44,11 +44,5 @@
 ')
 
 /var/run/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_var_run_t,s0)
-')
 
 /var/run/postmaster.*			gen_context(system_u:object_r:postgresql_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postmaster.*			gen_context(system_u:object_r:postgresql_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/bind.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/bind.fc
@@ -14,21 +14,9 @@
 /var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
 
 /var/run/ndc		-s	gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ndc		-s	gen_context(system_u:object_r:named_var_run_t,s0)
-')
 /var/run/bind(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/bind(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-')
 /var/run/named(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/named(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-')
 /var/run/unbound(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/unbound(/.*)?		gen_context(system_u:object_r:named_var_run_t,s0)
-')
 
 ifdef(`distro_debian',`
 /etc/bind(/.*)?			gen_context(system_u:object_r:named_zone_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/inetd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/inetd.fc
@@ -10,6 +10,3 @@
 /var/log/(x)?inetd\.log	--	gen_context(system_u:object_r:inetd_log_t,s0)
 
 /var/run/(x)?inetd\.pid	--	gen_context(system_u:object_r:inetd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/(x)?inetd\.pid	--	gen_context(system_u:object_r:inetd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/sendmail.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/sendmail.fc
@@ -3,10 +3,4 @@
 /var/log/mail(/.*)?			gen_context(system_u:object_r:sendmail_log_t,s0)
 
 /var/run/sendmail\.pid		--	gen_context(system_u:object_r:sendmail_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sendmail\.pid		--	gen_context(system_u:object_r:sendmail_var_run_t,s0)
-')
 /var/run/sm-client\.pid		--	gen_context(system_u:object_r:sendmail_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sm-client\.pid		--	gen_context(system_u:object_r:sendmail_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/setroubleshoot.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/setroubleshoot.fc
@@ -3,9 +3,6 @@
 /usr/share/setroubleshoot/SetroubleshootFixit\.py* -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
 
 /var/run/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
-')
 
 /var/log/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
 
diff -u refpolicy-2.20110726/policy/modules/services/milter.fc refpolicy-2.20110726/policy/modules/services/milter.fc
--- refpolicy-2.20110726/policy/modules/services/milter.fc
+++ refpolicy-2.20110726/policy/modules/services/milter.fc
@@ -6,25 +6,10 @@
 /var/lib/spamass-milter(/.*)?		gen_context(system_u:object_r:spamass_milter_state_t,s0)
 
 /var/run/milter-greylist(/.*)?		gen_context(system_u:object_r:greylist_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/milter-greylist(/.*)?		gen_context(system_u:object_r:greylist_milter_data_t,s0)
-')
 /var/run/milter-greylist\.pid	--	gen_context(system_u:object_r:greylist_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/milter-greylist\.pid	--	gen_context(system_u:object_r:greylist_milter_data_t,s0)
-')
 /var/run/spamass-milter(/.*)?		gen_context(system_u:object_r:spamass_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/spamass-milter(/.*)?		gen_context(system_u:object_r:spamass_milter_data_t,s0)
-')
 /var/run/spamass(/.*)?			gen_context(system_u:object_r:spamass_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/spamass(/.*)?			gen_context(system_u:object_r:spamass_milter_data_t,s0)
-')
 /var/run/spamass-milter\.pid	--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/spamass-milter\.pid	--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
-')
 
 /var/spool/milter-regex(/.*)?		gen_context(system_u:object_r:regex_milter_data_t,s0)
 /var/spool/postfix/spamass(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/oddjob.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/oddjob.fc
@@ -3,6 +3,3 @@
 /usr/sbin/oddjobd		--	gen_context(system_u:object_r:oddjob_exec_t,s0)
 
 /var/run/oddjobd\.pid			gen_context(system_u:object_r:oddjob_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/oddjobd\.pid			gen_context(system_u:object_r:oddjob_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/bluetooth.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/bluetooth.fc
@@ -27,10 +27,4 @@
 /var/lib/bluetooth(/.*)?	gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
 
 /var/run/bluetoothd_address	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/bluetoothd_address	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-')
 /var/run/sdp		-s	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sdp		-s	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rpc.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rpc.fc
@@ -28,10 +28,4 @@
 /var/lib/nfs(/.*)?		gen_context(system_u:object_r:var_lib_nfs_t,s0)
 
 /var/run/rpc\.statd(/.*)?	gen_context(system_u:object_r:rpcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpc\.statd(/.*)?	gen_context(system_u:object_r:rpcd_var_run_t,s0)
-')
 /var/run/rpc\.statd\.pid --	gen_context(system_u:object_r:rpcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpc\.statd\.pid --	gen_context(system_u:object_r:rpcd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/likewise.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/likewise.fc
@@ -46,27 +46,9 @@
 /var/lib/likewise-open/run/rpcdep.dat	--	gen_context(system_u:object_r:dcerpcd_var_lib_t, s0)
 
 /var/run/eventlogd.pid			--	gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/eventlogd.pid			--	gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-')
 /var/run/lsassd.pid			--	gen_context(system_u:object_r:lsassd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lsassd.pid			--	gen_context(system_u:object_r:lsassd_var_run_t,s0)
-')
 /var/run/lwiod.pid			--	gen_context(system_u:object_r:lwiod_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lwiod.pid			--	gen_context(system_u:object_r:lwiod_var_run_t,s0)
-')
 /var/run/lwregd.pid			--	gen_context(system_u:object_r:lwregd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lwregd.pid			--	gen_context(system_u:object_r:lwregd_var_run_t,s0)
-')
 /var/run/netlogond.pid			--	gen_context(system_u:object_r:netlogond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/netlogond.pid			--	gen_context(system_u:object_r:netlogond_var_run_t,s0)
-')
 /var/run/srvsvcd.pid			--	gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/srvsvcd.pid			--	gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
-')
 
reverted:
--- refpolicy-2.20110726/policy/modules/services/cups.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/cups.fc
@@ -65,27 +65,9 @@
 /var/ccpd(/.*)?			gen_context(system_u:object_r:cupsd_var_run_t,s0)
 /var/ekpd(/.*)?			gen_context(system_u:object_r:cupsd_var_run_t,s0)
 /var/run/cups(/.*)?		gen_context(system_u:object_r:cupsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cups(/.*)?		gen_context(system_u:object_r:cupsd_var_run_t,s0)
-')
 /var/run/hp.*\.pid	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hp.*\.pid	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
-')
 /var/run/hp.*\.port	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hp.*\.port	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
-')
 /var/run/ptal-printd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ptal-printd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
-')
 /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
-')
 /var/run/udev-configure-printer(/.*)? 	gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/udev-configure-printer(/.*)? 	gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
-')
 /var/turboprint(/.*)?		gen_context(system_u:object_r:cupsd_var_run_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ksmtuned.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ksmtuned.fc
@@ -3,6 +3,3 @@
 /usr/sbin/ksmtuned		--	gen_context(system_u:object_r:ksmtuned_exec_t,s0)
 
 /var/run/ksmtune\.pid		--	gen_context(system_u:object_r:ksmtuned_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ksmtune\.pid		--	gen_context(system_u:object_r:ksmtuned_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rgmanager.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rgmanager.fc
@@ -3,11 +3,5 @@
 /var/log/cluster/rgmanager\.log		--	gen_context(system_u:object_r:rgmanager_var_log_t,s0)
 
 /var/run/cluster/rgmanager\.sk		-s	gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/rgmanager\.sk		-s	gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-')
 
 /var/run/rgmanager\.pid			--	gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rgmanager\.pid			--	gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/dnsmasq.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dnsmasq.fc
@@ -9,10 +9,4 @@
 /var/log/dnsmasq\.log			gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
 
 /var/run/dnsmasq\.pid		--	gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dnsmasq\.pid		--	gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-')
 /var/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/clamav.te refpolicy-2.20110726/policy/modules/services/clamav.te
--- refpolicy-2.20110726/policy/modules/services/clamav.te
+++ refpolicy-2.20110726/policy/modules/services/clamav.te
@@ -174,8 +174,10 @@
 
 tunable_policy(`clamd_use_jit',`
 	allow clamd_t self:process execmem;
+	allow freshclam_t self:process execmem;
 ', `
 	dontaudit clamd_t self:process execmem;
+	dontaudit freshclam_t self:process execmem;
 ')
 
 ########################################
reverted:
--- refpolicy-2.20110726/policy/modules/services/apcupsd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/apcupsd.fc
@@ -8,9 +8,6 @@
 /var/log/apcupsd\.status.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
 
 /var/run/apcupsd\.pid		--	gen_context(system_u:object_r:apcupsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/apcupsd\.pid		--	gen_context(system_u:object_r:apcupsd_var_run_t,s0)
-')
 
 /var/www/apcupsd/multimon\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
 /var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/resmgr.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/resmgr.fc
@@ -4,10 +4,4 @@
 /sbin/resmgrd		--	gen_context(system_u:object_r:resmgrd_exec_t,s0)
 
 /var/run/\.resmgr_socket -s	gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.resmgr_socket -s	gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-')
 /var/run/resmgr\.pid	--	gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/resmgr\.pid	--	gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/prelude.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/prelude.fc
@@ -13,12 +13,6 @@
 /var/lib/prelude-lml(/.*)?		gen_context(system_u:object_r:prelude_var_lib_t,s0)
 /var/log/prelude.*			gen_context(system_u:object_r:prelude_log_t,s0)
 /var/run/prelude-lml.pid	--	gen_context(system_u:object_r:prelude_lml_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/prelude-lml.pid	--	gen_context(system_u:object_r:prelude_lml_var_run_t,s0)
-')
 /var/run/prelude-manager(/.*)?		gen_context(system_u:object_r:prelude_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/prelude-manager(/.*)?		gen_context(system_u:object_r:prelude_var_run_t,s0)
-')
 /var/spool/prelude-manager(/.*)?	gen_context(system_u:object_r:prelude_spool_t,s0)
 /var/spool/prelude(/.*)?		gen_context(system_u:object_r:prelude_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/pcscd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pcscd.fc
@@ -1,18 +1,6 @@
 /var/run/pcscd\.comm	-s	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.comm	-s	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
 /var/run/pcscd\.pid	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.pid	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
 /var/run/pcscd\.pub	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.pub	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
 /var/run/pcscd\.events(/.*)?	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.events(/.*)?	gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
 
 /usr/sbin/pcscd		--	gen_context(system_u:object_r:pcscd_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/gpsd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/gpsd.fc
@@ -3,10 +3,4 @@
 /usr/sbin/gpsd		--	gen_context(system_u:object_r:gpsd_exec_t,s0)
 
 /var/run/gpsd\.pid	--	gen_context(system_u:object_r:gpsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gpsd\.pid	--	gen_context(system_u:object_r:gpsd_var_run_t,s0)
-')
 /var/run/gpsd\.sock	-s	gen_context(system_u:object_r:gpsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gpsd\.sock	-s	gen_context(system_u:object_r:gpsd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/virt.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/virt.fc
@@ -24,12 +24,6 @@
 
 /var/log/libvirt(/.*)?		gen_context(system_u:object_r:virt_log_t,s0)
 /var/run/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_run_t,s0)
-')
 /var/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:svirt_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/libvirt/qemu(/.*)? 	gen_context(system_u:object_r:svirt_var_run_t,s0)
-')
 
 /var/vdsm(/.*)?			gen_context(system_u:object_r:virt_var_run_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/chronyd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/chronyd.fc
@@ -7,6 +7,3 @@
 /var/lib/chrony(/.*)?			gen_context(system_u:object_r:chronyd_var_lib_t,s0)
 /var/log/chrony(/.*)?			gen_context(system_u:object_r:chronyd_var_log_t,s0)
 /var/run/chronyd\.pid		--	gen_context(system_u:object_r:chronyd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/chronyd\.pid		--	gen_context(system_u:object_r:chronyd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pegasus.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pegasus.fc
@@ -8,8 +8,5 @@
 /var/lib/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_data_t,s0)
 
 /var/run/tog-pegasus(/.*)?		gen_context(system_u:object_r:pegasus_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tog-pegasus(/.*)?		gen_context(system_u:object_r:pegasus_var_run_t,s0)
-')
 
 /usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
diff -u refpolicy-2.20110726/policy/modules/kernel/corecommands.fc refpolicy-2.20110726/policy/modules/kernel/corecommands.fc
--- refpolicy-2.20110726/policy/modules/kernel/corecommands.fc
+++ refpolicy-2.20110726/policy/modules/kernel/corecommands.fc
@@ -135,7 +135,6 @@
 /lib/udev/scsi_id		--	gen_context(system_u:object_r:bin_t,s0)
 /lib/upstart(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
-
 /lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
 /lib64/udev/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
 
@@ -185,9 +184,9 @@
 /usr/(.*/)?Bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/bin/git-shell		--	gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/bin/tcsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/bin/fish			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/bin/scponly		--	gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/tcsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
 /usr/lib(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
@@ -202,9 +201,6 @@
 /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/ConsoleKit/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-ifdef(`distro_debian', `
-/usr/lib(64)?/ConsoleKit/.*	--	gen_context(system_u:object_r:bin_t,s0)
-')
 /usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/cups(/.*)? 		gen_context(system_u:object_r:bin_t,s0)
@@ -300,6 +296,13 @@
 
 /usr/X11R6/lib(64)?/X11/xkb/xkbcomp --	gen_context(system_u:object_r:bin_t,s0)
 
+ifdef(`distro_debian',`
+/usr/lib(64)?/ConsoleKit/.*	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-vfs-2.0/gnome-vfs-daemon -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/udisks/.*		--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/dovecot/.+             --      gen_context(system_u:object_r:bin_t,s0)
+')
+
 ifdef(`distro_gentoo', `
 /usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/.*-.*-linux-gnu/binutils-bin(/.*)?	gen_context(system_u:object_r:bin_t,s0)
diff -u refpolicy-2.20110726/policy/modules/kernel/files.fc refpolicy-2.20110726/policy/modules/kernel/files.fc
--- refpolicy-2.20110726/policy/modules/kernel/files.fc
+++ refpolicy-2.20110726/policy/modules/kernel/files.fc
@@ -62,6 +62,8 @@
 
 /etc/ipsec\.d/examples(/.*)?	gen_context(system_u:object_r:etc_t,s0)
 
+/etc/network/run/ifstate --	gen_context(system_u:object_r:etc_runtime_t,s0)
+
 /etc/ptal/ptal-printd-like -- 	gen_context(system_u:object_r:etc_runtime_t,s0)
 
 /etc/sysconfig/hwconf	--	gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -105,6 +107,12 @@
 /lib/modules(/.*)?		gen_context(system_u:object_r:modules_object_t,s0)
 /lib64/modules(/.*)?		gen_context(system_u:object_r:modules_object_t,s0)
 
+ifdef(`distro_debian',`
+# on Debian /lib/init/rw is a tmpfs used like /var/run but
+# before /var is mounted
+/lib/init/rw(/.*)?		gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
+')
+
 #
 # /lost+found
 #
@@ -256,8 +264,2 @@
 /var/run/motd		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/motd		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-# on Debian /lib/init/rw is a tmpfs used like /var/run but
-# before /var is mounted
-/lib/init/rw(/.*)?		gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
 ')
reverted:
--- refpolicy-2.20110726/policy/modules/kernel/filesystem.fc
+++ refpolicy-2.20110726.orig/policy/modules/kernel/filesystem.fc
@@ -1,8 +1,4 @@
 /cgroup			-d	gen_context(system_u:object_r:cgroup_t,s0)
-ifdef(`distro_debian', `
-/run/shm	-d	gen_context(system_u:object_r:tmpfs_t,s0)
-/var/run/shm	-d	gen_context(system_u:object_r:tmpfs_t,s0)
-')
 /cgroup/.*			<<none>>
 
 /dev/hugepages		-d	gen_context(system_u:object_r:hugetlbfs_t,s0)
diff -u refpolicy-2.20110726/policy/modules/roles/unprivuser.te refpolicy-2.20110726/policy/modules/roles/unprivuser.te
--- refpolicy-2.20110726/policy/modules/roles/unprivuser.te
+++ refpolicy-2.20110726/policy/modules/roles/unprivuser.te
@@ -70,6 +70,7 @@
 
 	optional_policy(`
 		gpg_role(user_r, user_t)
+		gpg_agent_domtrans_user(user_t, user_home_t)
 	')
 
 	optional_policy(`
diff -u refpolicy-2.20110726/debian/changelog refpolicy-2.20110726/debian/changelog
--- refpolicy-2.20110726/debian/changelog
+++ refpolicy-2.20110726/debian/changelog
@@ -1,9 +1,24 @@
-refpolicy (2:2.20110726-1ubuntu1) precise; urgency=low
+refpolicy (2:2.20110726-3) unstable; urgency=low
 
-  * Merge from Debian testing.  Remaining changes:
-    - debian/control: drop "selinux" conflict (Closes: #576598)
+  * Label /run/mdadm/map .
+    Closes: #643490
+  * Stop conflicting with ancient "selinux" package.
+    Closes: #576598
+
+ -- Russell Coker <russell@coker.com.au>  Wed, 25 Jan 2012 23:52:15 +1100
+
+refpolicy (2:2.20110726-2) unstable; urgency=low
+
+  * Merged all the patches from 2:0.2.20100524-13.
+  * Allow mozilla_t to search user_home_t for ~/.config/chromium
+  * Allow mozilla_t to create sym links in /tmp
+  * Use a separate default setrans.conf for mls
+  * Allow inetd_t setrlimit access
+  * Allow mozilla_t to create socket files in /tmp, for chromium
+  * Remove the hack for /run etc that was introduced in 2:0.2.20100524-10
+  * Correctly label nrpe.cfg as nrpe_etc_t
 
- -- Angel Abad <angelabad@gmail.com>  Sat, 03 Dec 2011 15:16:52 +0100
+ -- Russell Coker <russell@coker.com.au>  Wed, 02 Nov 2011 12:57:17 +1100
 
 refpolicy (2:2.20110726-1) unstable; urgency=low
 
@@ -25,13 +40,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Thu, 15 Sep 2011 11:53:02 +1000
 
-refpolicy (2:0.2.20100524-12ubuntu1) precise; urgency=low
-
-  * Merge from debian testing.  Remaining changes:
-    - debian/control: drop "selinux" conflict (Closes: #576598)
-
- -- Angel Abad <angelabad@ubuntu.com>  Sun, 16 Oct 2011 16:06:08 +0200
-
 refpolicy (2:0.2.20100524-12) unstable; urgency=low
 
   * Allow perdition to bind to sieve port, read /dev/urandom, and capabilities
@@ -63,13 +71,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Fri, 19 Aug 2011 16:36:17 +1000
 
-refpolicy (2:0.2.20100524-10ubuntu1) oneiric; urgency=low
-
-  * Merge from debian unstable.  Remaining changes:
-    - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad <angelabad@ubuntu.com>  Tue, 26 Jul 2011 00:31:22 +0200
-
 refpolicy (2:0.2.20100524-10) unstable; urgency=low
 
   * Label gpgsm as gpg_exec_t
@@ -79,13 +80,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Sun, 24 Jul 2011 15:50:23 +1000
 
-refpolicy (2:0.2.20100524-9ubuntu1) oneiric; urgency=low
-
-  * Merge from debian unstable.  Remaining changes:
-    - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad <angelabad@ubuntu.com>  Tue, 17 May 2011 14:44:24 +0200
-
 refpolicy (2:0.2.20100524-9) unstable; urgency=low
 
   * Make gnome.pp not be autoloaded and revert some of the gnome stuff from the
@@ -116,13 +110,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Wed, 11 May 2011 11:58:46 +1000
 
-refpolicy (2:0.2.20100524-8ubuntu1) oneiric; urgency=low
-
-  * Merge from debian unstable. Remaining change:
-    - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Bhavani Shankar <bhavi@ubuntu.com>  Sun, 01 May 2011 15:52:51 +0530
-
 refpolicy (2:0.2.20100524-8) unstable; urgency=low
 
   * Add tunable user_manage_dos_files which defaults to true
@@ -142,13 +129,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Fri, 11 Mar 2011 14:28:58 +1100
 
-refpolicy (2:0.2.20100524-7ubuntu1) natty; urgency=low
-
-  * Merge from debian unstable. Remaining changes:
-    - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad <angelabad@ubuntu.com>  Thu, 13 Jan 2011 22:04:50 +0100
-
 refpolicy (2:0.2.20100524-7) unstable; urgency=low
 
   * Allow crontab_t to create a directory of type crontab_tmp_t, necessary to
@@ -156,13 +136,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Thu, 13 Jan 2011 21:32:24 +1100
 
-refpolicy (2:0.2.20100524-6ubuntu1) natty; urgency=low
-
-  * Merge from debian unstable.  Remaining changes:
-    - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad <angelabad@ubuntu.com>  Thu, 13 Jan 2011 13:40:14 +0100
-
 refpolicy (2:0.2.20100524-6) unstable; urgency=low
 
   * Allow mysqld_safe_t to send messages to syslogd
@@ -178,13 +151,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Thu, 13 Jan 2011 12:41:00 +1100
 
-refpolicy (2:0.2.20100524-5ubuntu1) natty; urgency=low
-
-  * Merge from debian unstable. Remaining change:
-    - ebian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Bhavani Shankar <bhavi@ubuntu.com>  Sun, 09 Jan 2011 19:02:47 +0530
-
 refpolicy (2:0.2.20100524-5) unstable; urgency=low
 
   * Label /usr/bin/tcsh as shell_exec_t
@@ -226,13 +192,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Sat, 08 Jan 2011 14:13:43 +1100
 
-refpolicy (2:0.2.20100524-4ubuntu1) natty; urgency=low
-
-  * Merge from debian unstable. Remaining changes:
-    - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Bhavani Shankar <bhavi@ubuntu.com>  Sun, 17 Oct 2010 19:29:51 +0530
-
 refpolicy (2:0.2.20100524-4) unstable; urgency=low
 
   * Label /dev/vd* as fixed_disk_device_t, closes: #589997
@@ -265,13 +224,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Sat, 25 Jul 2010 09:39:00 +1000
 
-refpolicy (2:0.2.20100524-2ubuntu1) maverick; urgency=low
-
-  * Merge from debian unstable (LP: #607149). Remaining changes:
-    - debian/control: drop "selinux" conflict (Debian bug 576598).
-
- -- Angel Abad <angelabad@gmail.com>  Fri, 09 Jul 2010 06:30:26 +0100
-
 refpolicy (2:0.2.20100524-2) unstable; urgency=low
 
   * Include tmpreaper in base policy as mountnfs-bootclean.sh and
@@ -294,13 +246,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Fri,  9 Jul 2010 09:47:00 +1000
 
-refpolicy (2:0.2.20100524-1ubuntu1) maverick; urgency=low
-
-  * Merge from debian unstable.  Remaining changes: LP: #602199
-    - debian/control: drop "selinux" conflict (Debian bug 576598).
-
- -- Bhavani Shankar <bhavi@ubuntu.com>  Tue, 06 Jul 2010 14:26:53 +0530
-
 refpolicy (2:0.2.20100524-1) unstable; urgency=low
 
   * New Upstream release.  This version has had a good deal of testing for
@@ -335,13 +280,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Tue, 18 May 2010 19:06:24 +1000
 
-refpolicy (2:0.2.20091117-2ubuntu1) maverick; urgency=low
-
-  * Merge from debian unstable.  Remaining changes:
-    - debian/control: drop "selinux" conflict (Debian bug 576598).
-
- -- Kees Cook <kees@ubuntu.com>  Thu, 24 Jun 2010 14:26:07 -0700
-
 refpolicy (2:0.2.20091117-2) unstable; urgency=low
 
   * Label /etc/gdm/Xsession, /etc/gdm/PostSession/* and /etc/gdm/PreSession/*
@@ -366,13 +304,6 @@
 
  -- Russell Coker <russell@coker.com.au>  Mon, 22 Feb 2010 07:58:07 +1100
 
-refpolicy (2:0.2.20091117-1ubuntu1) lucid; urgency=low
-
-  * debian/control: drop "selinux" conflict for sane installation
-    in Ubuntu (Debian bug 576598).
-
- -- Kees Cook <kees@ubuntu.com>  Mon, 05 Apr 2010 13:03:23 -0700
-
 refpolicy (2:0.2.20091117-1) unstable; urgency=low
 
   * New upstream release.
diff -u refpolicy-2.20110726/debian/local.mk refpolicy-2.20110726/debian/local.mk
--- refpolicy-2.20110726/debian/local.mk
+++ refpolicy-2.20110726/debian/local.mk
@@ -212,7 +212,7 @@
            test ! -f $(TMPTOP)/usr/share/selinux/mls/$$module.pp || \
               rm -f $(TMPTOP)/usr/share/selinux/mls/$$module.pp;    \
         done
-	$(install_file)      debian/setrans.conf  $(TMPTOP)/etc/selinux/mls/
+	$(install_file)      debian/setrans.conf.mls  $(TMPTOP)/etc/selinux/mls/setrans.conf
 	$(install_file)      debian/file_contexts.subs_dist  $(TMPTOP)/etc/selinux/mls/contexts/files/
 	$(install_file)      VERSION               $(DOCDIR)/
 	$(install_file)      README                $(DOCDIR)/
@@ -249,7 +249,7 @@
            test ! -f $(TMPTOP)/usr/share/selinux/default/$$module.pp || \
              rm -f $(TMPTOP)/usr/share/selinux/default/$$module.pp;     \
         done
-	$(install_file)      debian/setrans.conf  $(TMPTOP)/etc/selinux/default/
+	$(install_file)      debian/setrans.conf.default  $(TMPTOP)/etc/selinux/default/setrans.conf
 	$(install_file)      debian/file_contexts.subs_dist  $(TMPTOP)/etc/selinux/default/contexts/files/
 	$(install_file)      VERSION              $(DOCDIR)/
 	$(install_file)      README               $(DOCDIR)/
diff -u refpolicy-2.20110726/debian/control refpolicy-2.20110726/debian/control
--- refpolicy-2.20110726/debian/control
+++ refpolicy-2.20110726/debian/control
@@ -4,8 +4,7 @@
 Priority: optional
 Section: admin
 Homepage: http://oss.tresys.com/projects/refpolicy/wiki/DownloadRelease
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-XSBC-Original-Maintainer: Russell Coker <russell@coker.com.au>
+Maintainer: Russell Coker <russell@coker.com.au>
 Uploaders: Erich Schubert <erich@debian.org>, Manoj Srivastava <srivasta@debian.org>
 Standards-Version: 3.8.3.0
 Build-Depends-Indep: policycoreutils (>= 2.1.0), checkpolicy (>= 2.1.0),
diff -u refpolicy-2.20110726/debian/file_contexts.subs_dist refpolicy-2.20110726/debian/file_contexts.subs_dist
--- refpolicy-2.20110726/debian/file_contexts.subs_dist
+++ refpolicy-2.20110726/debian/file_contexts.subs_dist
@@ -5,0 +6 @@
+/lib64		/lib
reverted:
--- refpolicy-2.20110726/debian/setrans.conf
+++ refpolicy-2.20110726.orig/debian/setrans.conf
@@ -1,19 +0,0 @@
-#
-# Multi-Category Security translation table for SELinux
-# 
-# Uncomment the following to disable translation libary
-# disable=1
-#
-# Objects can be categorized with 0-1023 categories defined by the admin.
-# Objects can be in more than one category at a time.
-# Categories are stored in the system as c0-c1023.  Users can use this
-# table to translate the categories into a more meaningful output.
-# Examples:
-# s0:c0=CompanyConfidential
-# s0:c1=PatientRecord
-# s0:c2=Unclassified
-# s0:c3=TopSecret
-# s0:c1,c3=CompanyConfidentialRedHat
-s0=SystemLow
-s0-s0:c0.c1023=SystemLow-SystemHigh
-s0:c0.c1023=SystemHigh
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/debian/setrans.conf.mls
+++ refpolicy-2.20110726/debian/setrans.conf.mls
@@ -0,0 +1,52 @@
+#
+# Multi-Level Security translation table for SELinux
+# 
+# Uncomment the following to disable translation libary
+# disable=1
+#
+# Objects can be labeled with one of 16 levels and be categorized with 0-1023 
+# categories defined by the admin.
+# Objects can be in more than one category at a time.
+# Users can modify this table to translate the MLS labels for different purpose.
+#
+# Assumptions: using below MLS labels.
+#  SystemLow
+#  SystemHigh
+#  Unclassified 
+#  Secret with compartments A and B.
+# 
+# SystemLow and SystemHigh
+s0=SystemLow
+s15:c0.c1023=SystemHigh
+s0-s15:c0.c1023=SystemLow-SystemHigh
+
+# Unclassified level
+s1=Unclassified
+
+# Secret level with compartments
+s2=Secret
+s2:c0=A
+s2:c1=B
+
+# ranges for Unclassified
+s0-s1=SystemLow-Unclassified
+s1-s2=Unclassified-Secret
+s1-s15:c0.c1023=Unclassified-SystemHigh
+
+# ranges for Secret with compartments
+s0-s2=SystemLow-Secret
+s0-s2:c0=SystemLow-Secret:A
+s0-s2:c1=SystemLow-Secret:B
+s0-s2:c0,c1=SystemLow-Secret:AB
+s1-s2:c0=Unclassified-Secret:A
+s1-s2:c1=Unclassified-Secret:B
+s1-s2:c0,c1=Unclassified-Secret:AB
+s2-s2:c0=Secret-Secret:A
+s2-s2:c1=Secret-Secret:B
+s2-s2:c0,c1=Secret-Secret:AB
+s2-s15:c0.c1023=Secret-SystemHigh
+s2:c0-s2:c0,c1=Secret:A-Secret:AB
+s2:c0-s15:c0.c1023=Secret:A-SystemHigh
+s2:c1-s2:c0,c1=Secret:B-Secret:AB
+s2:c1-s15:c0.c1023=Secret:B-SystemHigh
+s2:c0,c1-s15:c0.c1023=Secret:AB-SystemHigh
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/debian/setrans.conf.default
+++ refpolicy-2.20110726/debian/setrans.conf.default
@@ -0,0 +1,19 @@
+#
+# Multi-Category Security translation table for SELinux
+# 
+# Uncomment the following to disable translation libary
+# disable=1
+#
+# Objects can be categorized with 0-1023 categories defined by the admin.
+# Objects can be in more than one category at a time.
+# Categories are stored in the system as c0-c1023.  Users can use this
+# table to translate the categories into a more meaningful output.
+# Examples:
+# s0:c0=CompanyConfidential
+# s0:c1=PatientRecord
+# s0:c2=Unclassified
+# s0:c3=TopSecret
+# s0:c1,c3=CompanyConfidentialRedHat
+s0=SystemLow
+s0-s0:c0.c1023=SystemLow-SystemHigh
+s0:c0.c1023=SystemHigh
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/policy/modules/admin/apt.te
+++ refpolicy-2.20110726/policy/modules/admin/apt.te
@@ -142,6 +142,10 @@
 #')
 
 optional_policy(`
+	pythonsupport_domtrans(apt_t)
+')
+
+optional_policy(`
 	# dpkg interaction
 	dpkg_read_db(apt_t)
 	dpkg_domtrans(apt_t)
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/policy/modules/system/userdomain.fc
+++ refpolicy-2.20110726/policy/modules/system/userdomain.fc
@@ -1,4 +1,5 @@
 HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
 HOME_DIR/.+		gen_context(system_u:object_r:user_home_t,s0)
+HOME_DIR/\.gnupg/gpg.conf -- gen_context(system_u:object_r:user_home_t,s0)
 
 /tmp/gconfd-USER -d	gen_context(system_u:object_r:user_tmp_t,s0)
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/policy/modules/system/hostname.te
+++ refpolicy-2.20110726/policy/modules/system/hostname.te
@@ -25,6 +25,8 @@
 kernel_read_proc_symlinks(hostname_t)
 
 dev_read_sysfs(hostname_t)
+dev_read_urand(hostname_t)
+
 # Early devtmpfs, before udev relabel
 dev_dontaudit_rw_generic_chr_files(hostname_t)