--- nsaserefpolicy/policy/modules/admin/prelink.te	2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/prelink.te	2008-08-14 13:53:54.000000000 -0400
@@ -26,7 +26,7 @@
 # Local policy
 #
 
-allow prelink_t self:capability { chown dac_override fowner fsetid };
+allow prelink_t self:capability { chown dac_override fowner fsetid sys_resource };
 allow prelink_t self:process { execheap execmem execstack signal };
 allow prelink_t self:fifo_file rw_fifo_file_perms;
 
@@ -40,7 +40,7 @@
 read_lnk_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
 logging_log_filetrans(prelink_t, prelink_log_t, file)
 
-allow prelink_t prelink_tmp_t:file { manage_file_perms execute relabelfrom };
+allow prelink_t prelink_tmp_t:file { manage_file_perms execute relabelfrom execmod };
 files_tmp_filetrans(prelink_t, prelink_tmp_t, file)
 fs_tmpfs_filetrans(prelink_t, prelink_tmp_t, file)
 
@@ -49,8 +49,7 @@
 allow prelink_t prelink_object:file { manage_file_perms execute relabelto relabelfrom };
 
 kernel_read_system_state(prelink_t)
-kernel_dontaudit_search_kernel_sysctl(prelink_t)
-kernel_dontaudit_search_sysctl(prelink_t)
+kernel_read_kernel_sysctls(prelink_t)
 
 corecmd_manage_all_executables(prelink_t)
 corecmd_relabel_all_executables(prelink_t)
@@ -65,6 +64,8 @@
 files_read_etc_files(prelink_t)
 files_read_etc_runtime_files(prelink_t)
 files_dontaudit_read_all_symlinks(prelink_t)
+files_manage_usr_files(prelink_t)
+files_relabelfrom_usr_files(prelink_t)
 
 fs_getattr_xattr_fs(prelink_t)
 
@@ -81,6 +82,11 @@
 
 miscfiles_read_localization(prelink_t)
 
+# prelink executables in the user homedir
+unprivuser_manage_home_content_files(prelink_t)
+unprivuser_mmap_home_content_files(prelink_t)
+unprivuser_dontaudit_home_content_files(prelink_t)
+
 optional_policy(`
 	amanda_manage_lib(prelink_t)
 ')
@@ -88,3 +94,7 @@
 optional_policy(`
 	cron_system_entry(prelink_t, prelink_exec_t)
 ')
+
+optional_policy(`
+	unconfined_domain(prelink_t)
+')