diff --git a/policy-20070703.patch b/policy-20070703.patch
index 1a2ca52..5b9a1dc 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -3708,8 +3708,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.0.8/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/domain.if 2007-10-30 16:06:28.000000000 -0400
-@@ -33,6 +33,33 @@
++++ serefpolicy-3.0.8/policy/modules/kernel/domain.if 2007-10-30 19:46:37.000000000 -0400
+@@ -33,6 +33,36 @@
########################################
##
@@ -3734,8 +3734,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ attribute tcbdomain;
+ ')
+
-+ typeattribute $1 tcbdomain;
+ domain_type($1)
++
++ optional_policy(`
++ unconfined_domain($1)
++ ')
+')
+
+########################################
@@ -3743,7 +3746,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
## Make the specified type usable as a domain.
##
##
-@@ -45,6 +72,11 @@
+@@ -45,6 +75,11 @@
# start with basic domain
domain_base_type($1)
@@ -3755,7 +3758,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
# send init a sigchld and signull
optional_policy(`
init_sigchld($1)
-@@ -59,6 +91,7 @@
+@@ -59,6 +94,7 @@
')
optional_policy(`
@@ -3763,7 +3766,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
selinux_dontaudit_read_fs($1)
')
-@@ -1271,3 +1304,20 @@
+@@ -1271,3 +1307,20 @@
typeattribute $1 mmap_low_domain_type;
')