diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
index 7f1492568..8e06a316d 100644
--- a/man/man8/httpd_selinux.8
+++ b/man/man8/httpd_selinux.8
@@ -92,6 +92,11 @@ httpd can be configured to not differentiate file controls based on context, i.e
 setsebool -P httpd_unified 0
 .EE
 
+.PP
+httpd can be configured to turn on sending email. By default http is not allowed to send mail.  This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack.  I certain situations, you may want http modules to send mail.  You can turn on the httpd_send_mail boolean.
+
+.EX
+setsebool -P httpd_can_sendmail 1
 .PP
 httpd can be configured to turn off internal scripting (PHP).  PHP and other
 loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
diff --git a/policy/modules/services/aide.if b/policy/modules/services/aide.if
index 7f602c520..9cf2c59cf 100644
--- a/policy/modules/services/aide.if
+++ b/policy/modules/services/aide.if
@@ -49,3 +49,40 @@ interface(`aide_run',`
 	role $2 types aide_t;
 	allow aide_t $3:chr_file rw_chr_file_perms;
 ')
+
+########################################
+## <summary>
+##	All of the rules required to administrate 
+##	an aide environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the aide domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the user terminal.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`aide_admin',`
+	gen_require(`
+		type aide_t, aide_db_t, aide_log_t;
+	')
+
+	allow $1 aide_t:process { ptrace signal_perms };
+	ps_process_pattern($1, aide_t)
+
+	files_list_etc($1)
+	manage_files_pattern($1, aide_db_t, aide_db_t)
+
+	logging_list_logs($1)
+	manage_all_pattern($1, aide_log_t, aide_log_t)
+')
diff --git a/policy/modules/services/aide.te b/policy/modules/services/aide.te
index 8f572f9e5..408961bc4 100644
--- a/policy/modules/services/aide.te
+++ b/policy/modules/services/aide.te
@@ -1,5 +1,5 @@
 
-policy_module(aide,1.3.0)
+policy_module(aide,1.3.1)
 
 ########################################
 #
diff --git a/policy/modules/services/amavis.if b/policy/modules/services/amavis.if
index 19a63eff3..83667972c 100644
--- a/policy/modules/services/amavis.if
+++ b/policy/modules/services/amavis.if
@@ -186,3 +186,56 @@ interface(`amavis_create_pid_files',`
 	allow $1 amavis_var_run_t:file create_file_perms;
 	files_search_pids($1)
 ')
+
+########################################
+## <summary>
+##	All of the rules required to administrate 
+##	an amavis environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the amavis domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the user terminal.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`amavis_admin',`
+	gen_require(`
+		type amavis_t, amavis_tmp_t, amavis_log_t;
+		type amavis_spool_t, amavis_var_lib_t, amavis_var_run_t;
+		type amavis_etc_t, amavis_quarantine_t;
+	')
+
+	allow $1 amavis_t:process { ptrace signal_perms };
+	ps_process_pattern($1, amavis_t)
+        
+	files_list_tmp($1)
+	manage_files_pattern($1, amavis_tmp_t, amavis_tmp_t)
+
+	manage_files_pattern($1, amavis_quarantine_t, amavis_quarantine_t)
+
+	files_list_etc($1)
+	manage_files_pattern($1, amavis_etc_t, amavis_etc_t)
+
+	logging_list_logs($1)
+	manage_files_pattern($1, amavis_log_t, amavis_log_t)
+
+	files_list_spool($1)
+	manage_files_pattern($1, amavis_spool_t, amavis_spool_t)
+
+	files_list_var_lib($1)
+	manage_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
+
+	files_list_pids($1)
+	manage_files_pattern($1, amavis_var_run_t, amavis_var_run_t)
+')
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index 6473e5bb7..bbc190d81 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -1,5 +1,5 @@
 
-policy_module(amavis,1.5.0)
+policy_module(amavis,1.5.1)
 
 ########################################
 #
@@ -65,6 +65,7 @@ manage_sock_files_pattern(amavis_t,amavis_quarantine_t,amavis_quarantine_t)
 # Spool Files
 manage_dirs_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
 manage_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+manage_lnk_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
 manage_sock_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
 filetrans_pattern(amavis_t,amavis_spool_t,amavis_var_run_t,sock_file)
 files_search_spool(amavis_t)
@@ -116,6 +117,7 @@ corenet_tcp_connect_amavisd_send_port(amavis_t)
 # bind to incoming port
 corenet_tcp_bind_amavisd_recv_port(amavis_t)
 corenet_udp_bind_generic_port(amavis_t)
+corenet_dontaudit_udp_bind_all_ports(amavis_t)
 corenet_tcp_connect_razor_port(amavis_t)
 
 dev_read_rand(amavis_t)
diff --git a/policy/modules/system/fstools.if b/policy/modules/system/fstools.if
index 640ce6128..a5c3d6928 100644
--- a/policy/modules/system/fstools.if
+++ b/policy/modules/system/fstools.if
@@ -81,10 +81,10 @@ interface(`fstools_exec',`
 #
 interface(`fstools_read_pipes',`
 	gen_require(`
-		type fsdaemon_t;
+		type fsadm_t;
 	')
 
-	allow $1 fsdaemon_t:fifo_file read_fifo_file_perms;
+	allow $1 fsadm_t:fifo_file read_fifo_file_perms;
 ')
 
 ########################################
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 34a1ca22e..aa5d26534 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -1,5 +1,5 @@
 
-policy_module(fstools,1.9.0)
+policy_module(fstools,1.9.1)
 
 ########################################
 #
@@ -109,8 +109,7 @@ storage_swapon_fixed_disk(fsadm_t)
 
 term_use_console(fsadm_t)
 
-corecmd_list_bin(fsadm_t)
-corecmd_read_bin_symlinks(fsadm_t)
+corecmd_exec_bin(fsadm_t)
 #RedHat bug #201164
 corecmd_exec_shell(fsadm_t)
 
@@ -132,6 +131,8 @@ files_etc_filetrans_etc_runtime(fsadm_t,file)
 # Access to /initrd devices
 files_rw_isid_type_dirs(fsadm_t)
 files_rw_isid_type_blk_files(fsadm_t)
+files_read_isid_type_files(fsadm_t)
+
 # Recreate /mnt/cdrom.
 files_manage_mnt_dirs(fsadm_t)
 # for tune2fs
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
index ae1720e02..395d0d6c6 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -1,5 +1,5 @@
 
-policy_module(getty,1.5.0)
+policy_module(getty,1.5.1)
 
 ########################################
 #
@@ -114,6 +114,11 @@ ifdef(`distro_gentoo',`
 	sysnet_dontaudit_read_config(getty_t)
 ')
 
+ifdef(`distro_redhat',`
+	# getty requires sys_admin #209426
+	allow getty_t self:capability sys_admin;
+')
+
 ifdef(`distro_ubuntu',`
 	optional_policy(`
 		unconfined_domain(getty_t)
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index 9961b9b0f..3b1200355 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -1,5 +1,5 @@
 
-policy_module(hostname,1.4.0)
+policy_module(hostname,1.4.1)
 
 ########################################
 #
@@ -60,3 +60,11 @@ optional_policy(`
 	xen_append_log(hostname_t)
 	xen_dontaudit_use_fds(hostname_t)
 ')
+
+optional_policy(`
+	xen_append_log(hostname_t)
+')
+
+optional_policy(`
+	unconfined_dontaudit_rw_pipes(hostname_t)
+')
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index aecb1b46e..7e3ffa5c5 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -1,5 +1,5 @@
 
-policy_module(ipsec,1.5.0)
+policy_module(ipsec,1.5.1)
 
 ########################################
 #
@@ -297,11 +297,14 @@ allow racoon_t ipsec_key_file_t:dir list_dir_perms;
 read_files_pattern(racoon_t,ipsec_key_file_t,ipsec_key_file_t)
 read_lnk_files_pattern(racoon_t,ipsec_key_file_t,ipsec_key_file_t)
 
+kernel_read_system_state(racoon_t)
 kernel_read_network_state(racoon_t)
 
 corenet_all_recvfrom_unlabeled(racoon_t)
 corenet_tcp_bind_all_nodes(racoon_t)
+corenet_udp_bind_all_nodes(racoon_t)
 corenet_udp_bind_isakmp_port(racoon_t)
+corenet_udp_bind_ipsecnat_port(racoon_t)
 
 dev_read_urand(racoon_t)
 
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
index 0c7fffc7e..37a6be8ae 100644
--- a/policy/modules/system/iscsi.te
+++ b/policy/modules/system/iscsi.te
@@ -1,5 +1,5 @@
 
-policy_module(iscsid,1.3.0)
+policy_module(iscsid,1.3.1)
 
 ########################################
 #
@@ -29,7 +29,7 @@ files_pid_file(iscsi_var_run_t)
 #
 
 allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
-allow iscsid_t self:process setsched;
+allow iscsid_t self:process { setrlimit setsched };
 allow iscsid_t self:fifo_file { read write };
 allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow iscsid_t self:unix_dgram_socket create_socket_perms;