diff --git a/policy-20071130.patch b/policy-20071130.patch
index ede73b2..eb4c469 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -12532,7 +12532,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.3.1/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/automount.te	2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/automount.te	2008-11-20 11:07:33.000000000 -0500
 @@ -20,6 +20,9 @@
  files_tmp_file(automount_tmp_t)
  files_mountpoint(automount_tmp_t)
@@ -12562,7 +12562,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  
  kernel_read_kernel_sysctls(automount_t)
  kernel_read_irq_sysctls(automount_t)
-@@ -69,6 +71,7 @@
+@@ -69,9 +71,18 @@
  files_mounton_all_mountpoints(automount_t)
  files_mount_all_file_type_fs(automount_t)
  files_unmount_all_file_type_fs(automount_t)
@@ -12570,7 +12570,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  
  fs_mount_all_fs(automount_t)
  fs_unmount_all_fs(automount_t)
-@@ -98,6 +101,7 @@
++fs_getattr_all_fs(automount_t)
++fs_getattr_all_dirs(automount_t)
++fs_search_auto_mountpoints(automount_t)
++fs_manage_auto_mountpoints(automount_t)
++fs_unmount_autofs(automount_t)
++fs_mount_autofs(automount_t)
++fs_manage_autofs_symlinks(automount_t)
++fs_read_nfs_files(automount_t)
+ 
+ corecmd_exec_bin(automount_t)
+ corecmd_exec_shell(automount_t)
+@@ -98,6 +109,7 @@
  corenet_udp_bind_all_rpc_ports(automount_t)
  
  dev_read_sysfs(automount_t)
@@ -12578,7 +12589,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  # for SSP
  dev_read_rand(automount_t)
  dev_read_urand(automount_t)
-@@ -126,8 +130,12 @@
+@@ -126,8 +138,12 @@
  fs_mount_autofs(automount_t)
  fs_manage_autofs_symlinks(automount_t)
  
@@ -12591,7 +12602,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  libs_use_ld_so(automount_t)
  libs_use_shared_libs(automount_t)
  
-@@ -140,10 +148,6 @@
+@@ -140,10 +156,6 @@
  # Run mount in the mount_t domain.
  mount_domtrans(automount_t)
  
@@ -12602,7 +12613,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  userdom_dontaudit_use_unpriv_user_fds(automount_t)
  userdom_dontaudit_search_sysadm_home_dirs(automount_t)
  
-@@ -156,17 +160,18 @@
+@@ -156,17 +168,18 @@
  ')
  
  optional_policy(`
@@ -20889,7 +20900,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-11-17 15:45:13.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-11-20 17:43:52.000000000 -0500
 @@ -1,5 +1,5 @@
  
 -policy_module(networkmanager,1.9.0)
@@ -20966,11 +20977,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  corenet_all_recvfrom_unlabeled(NetworkManager_t)
  corenet_all_recvfrom_netlabel(NetworkManager_t)
-@@ -64,9 +87,11 @@
+@@ -64,9 +87,12 @@
  dev_read_sysfs(NetworkManager_t)
  dev_read_rand(NetworkManager_t)
  dev_read_urand(NetworkManager_t)
 +dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
++dev_getattr_all_chr_files(NetworkManager_t)
  
  fs_getattr_all_fs(NetworkManager_t)
  fs_search_auto_mountpoints(NetworkManager_t)
@@ -20978,7 +20990,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  mls_file_read_all_levels(NetworkManager_t)
  
-@@ -83,9 +108,14 @@
+@@ -83,9 +109,14 @@
  files_read_etc_runtime_files(NetworkManager_t)
  files_read_usr_files(NetworkManager_t)
  
@@ -20993,26 +21005,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  libs_use_ld_so(NetworkManager_t)
  libs_use_shared_libs(NetworkManager_t)
  
-@@ -98,26 +128,41 @@
+@@ -98,26 +129,41 @@
  
  seutil_read_config(NetworkManager_t)
  
 -sysnet_domtrans_ifconfig(NetworkManager_t)
-+sysnet_etc_filetrans_config(NetworkManager_t)
-+sysnet_delete_dhcpc_pid(NetworkManager_t)
- sysnet_domtrans_dhcpc(NetworkManager_t)
+-sysnet_domtrans_dhcpc(NetworkManager_t)
 -sysnet_signal_dhcpc(NetworkManager_t)
+-sysnet_read_dhcpc_pid(NetworkManager_t)
++sysnet_etc_filetrans_config(NetworkManager_t)
+ sysnet_delete_dhcpc_pid(NetworkManager_t)
+-sysnet_search_dhcp_state(NetworkManager_t)
+-# in /etc created by NetworkManager will be labelled net_conf_t.
++sysnet_domtrans_dhcpc(NetworkManager_t)
 +sysnet_domtrans_ifconfig(NetworkManager_t)
 +sysnet_kill_dhcpc(NetworkManager_t)
-+sysnet_manage_config(NetworkManager_t)
+ sysnet_manage_config(NetworkManager_t)
+-sysnet_etc_filetrans_config(NetworkManager_t)
 +sysnet_read_dhcp_config(NetworkManager_t)
- sysnet_read_dhcpc_pid(NetworkManager_t)
--sysnet_delete_dhcpc_pid(NetworkManager_t)
++sysnet_read_dhcpc_pid(NetworkManager_t)
 +sysnet_delete_dhcpc_state(NetworkManager_t)
- sysnet_search_dhcp_state(NetworkManager_t)
--# in /etc created by NetworkManager will be labelled net_conf_t.
--sysnet_manage_config(NetworkManager_t)
--sysnet_etc_filetrans_config(NetworkManager_t)
++sysnet_read_dhcp_state(NetworkManager_t)
 +sysnet_signal_dhcpc(NetworkManager_t)
  
  userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
@@ -21042,7 +21055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -129,8 +174,23 @@
+@@ -129,8 +175,23 @@
  ')
  
  optional_policy(`
@@ -21068,7 +21081,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -138,39 +198,86 @@
+@@ -138,39 +199,86 @@
  ')
  
  optional_policy(`
@@ -35209,8 +35222,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2008-11-03 16:14:39.000000000 -0500
-@@ -48,6 +48,7 @@
++++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2008-11-21 16:14:31.000000000 -0500
+@@ -48,10 +48,12 @@
  
  fs_getattr_xattr_fs(iptables_t)
  fs_search_auto_mountpoints(iptables_t)
@@ -35218,7 +35231,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  mls_file_read_all_levels(iptables_t)
  
-@@ -70,8 +71,6 @@
+ term_dontaudit_use_console(iptables_t)
++term_use_generic_ptys(iptables_t)
+ 
+ domain_use_interactive_fds(iptables_t)
+ 
+@@ -70,8 +72,6 @@
  libs_use_shared_libs(iptables_t)
  
  logging_send_syslog_msg(iptables_t)
@@ -35227,7 +35245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  
  miscfiles_read_localization(iptables_t)
  
-@@ -113,3 +112,7 @@
+@@ -113,3 +113,7 @@
  optional_policy(`
  	udev_read_db(iptables_t)
  ')
@@ -35279,7 +35297,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2008-11-13 18:43:05.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2008-11-24 09:03:21.000000000 -0500
 @@ -69,8 +69,10 @@
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
@@ -35372,7 +35390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
  
-@@ -304,3 +318,17 @@
+@@ -304,3 +318,18 @@
  /var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)
@@ -35389,7 +35407,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +
 +/usr/lib(64)?/libav.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/lib/sse2/libav.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib(64)?/sse2/libpostproc\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/sse2/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.3.1/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/system/libraries.te	2008-11-03 16:14:39.000000000 -0500