--- nsaserefpolicy/policy/modules/system/modutils.te	2007-04-11 15:52:54.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/system/modutils.te	2007-04-17 15:50:53.000000000 -0400
@@ -58,6 +58,7 @@
 kernel_read_system_state(insmod_t)
 kernel_write_proc_files(insmod_t)
 kernel_mount_debugfs(insmod_t)
+kernel_mount_kvmfs(insmod_t)
 kernel_read_debugfs(insmod_t)
 # Rules for /proc/sys/kernel/tainted
 kernel_read_kernel_sysctls(insmod_t)
@@ -101,6 +102,7 @@
 init_use_fds(insmod_t)
 init_use_script_fds(insmod_t)
 init_use_script_ptys(insmod_t)
+init_spec_domtrans_script(insmod_t)
 
 libs_use_ld_so(insmod_t)
 libs_use_shared_libs(insmod_t)
@@ -163,6 +165,10 @@
 	xserver_getattr_log(insmod_t)
 ')
 
+optional_policy(`
+	unconfined_dontaudit_rw_pipes(insmod_t)
+')
+
 ########################################
 #
 # depmod local policy
--- nsaserefpolicy/policy/modules/kernel/kernel.if	2007-02-19 11:32:51.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/kernel/kernel.if	2007-04-17 15:50:55.000000000 -0400
@@ -2408,3 +2425,22 @@
 
 	typeattribute $1 kern_unconfined;
 ')
+
+########################################
+## <summary>
+##	Mount a kernel vm filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the domain mounting the filesystem.
+##	</summary>
+## </param>
+#
+interface(`kernel_mount_kvmfs',`
+	gen_require(`
+		type kvmfs_t;
+	')
+
+	allow $1 kvmfs_t:filesystem mount;
+')
+