diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index 0943a49..c752f32 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -292,7 +292,7 @@ index 92a9be7..ccbe56f 100644
  int define_compute_type(int which);
  int define_conditional(cond_expr_t *expr, avrule_t *t_list, avrule_t *f_list );
 diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
-index d808111..3b7357f 100644
+index d808111..d92cc32 100644
 --- a/checkpolicy/policy_parse.y
 +++ b/checkpolicy/policy_parse.y
 @@ -143,6 +143,8 @@ typedef int (* require_func_t)();
@@ -309,14 +309,17 @@ index d808111..3b7357f 100644
                            { if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; }
                              else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }}
 -			  opt_mls te_rbac users opt_constraints 
-+			  default_rules opt_mls te_rbac users opt_constraints 
++			  opt_default_rules opt_mls te_rbac users opt_constraints 
                           { if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;}
  			   else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}}
  			  initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts
-@@ -195,6 +197,36 @@ av_perms_def		: CLASS identifier '{' identifier_list '}'
+@@ -195,6 +197,39 @@ av_perms_def		: CLASS identifier '{' identifier_list '}'
                          | CLASS identifier INHERITS identifier '{' identifier_list '}'
  			{if (define_av_perms(TRUE)) return -1;}
  			;
++opt_default_rules	: default_rules
++			|
++			;
 +default_rules		: default_user_def
 +			| default_role_def
 +			| default_range_def
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 5850ce3..72460e4 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -3,7 +3,7 @@
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.1.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 Group: Development/System
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -56,6 +56,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
+* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
+- default_rules should be optional
+
 * Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
 - Rebuild with latest libsepol