--- services/xserver.te	2010-12-13 15:11:02.000000000 +0100
+++ ../../../refpolicy/policy/modules/services/xserver.te	2011-01-02 18:21:17.682000037 +0100
@@ -279,6 +279,7 @@
 
 userdom_use_user_terminals(xauth_t)
 userdom_read_user_tmp_files(xauth_t)
+userdom_read_user_tmp_files(xserver_t)
 
 xserver_rw_xdm_tmp_files(xauth_t)
 
@@ -588,6 +589,9 @@
 allow xserver_t { root_xdrawable_t x_domain }:x_drawable send;
 allow xserver_t input_xevent_t:x_event send;
 
+# Allow X to process keyboard events
+udev_read_db(xserver_t)
+
 # setuid/setgid for the wrapper program to change UID
 # sys_rawio is for iopl access - should not be needed for frame-buffer
 # sys_admin, locking shared mem?  chowning IPC message queues or semaphores?
@@ -610,6 +614,7 @@
 allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow xserver_t self:tcp_socket create_stream_socket_perms;
 allow xserver_t self:udp_socket create_socket_perms;
+allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
 
 manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
 manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
--- services/xserver.fc	2010-08-03 15:11:09.000000000 +0200
+++ ../../../refpolicy/policy/modules/services/xserver.fc	2011-01-03 23:07:16.852000013 +0100
@@ -5,6 +5,7 @@
 HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
 HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
 HOME_DIR/\.fonts\.cache-.* --	gen_context(system_u:object_r:user_fonts_cache_t,s0)
+HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
 HOME_DIR/\.ICEauthority.* --	gen_context(system_u:object_r:iceauth_home_t,s0)
 HOME_DIR/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)