Right now if you update your kernel and add new classes/permissions but don't update policy to add allow rules for those new classes/permissions all operations will be denied. We need to add an option (specified by policy) to allow these unknowns rather than deny them. try number 1: http://marc.info/?t=116499017900004&r=1&w=2 try number 2: http://marc.info/?t=117130977100002&r=1&w=2
should be going into 2.6.24