diff --git a/policy-F12.patch b/policy-F12.patch
index 7c3ddfb..1a930b7 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -14803,7 +14803,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.32/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/dbus.if	2009-12-03 13:45:11.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/dbus.if	2009-12-03 14:49:31.000000000 -0500
 @@ -42,8 +42,10 @@
  	gen_require(`
  		class dbus { send_msg acquire_svc };
@@ -14837,7 +14837,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1_dbusd_t $3:process sigkill;
  	allow $3 $1_dbusd_t:fd use;
  	allow $3 $1_dbusd_t:fifo_file rw_fifo_file_perms;
-@@ -146,6 +148,9 @@
+@@ -127,6 +129,7 @@
+ 	fs_getattr_romfs($1_dbusd_t)
+ 	fs_getattr_xattr_fs($1_dbusd_t)
+ 	fs_list_inotifyfs($1_dbusd_t)
++	fs_dontaudit_list_nfs($1_dbusd_t)
+ 
+ 	selinux_get_fs_mount($1_dbusd_t)
+ 	selinux_validate_context($1_dbusd_t)
+@@ -146,6 +149,9 @@
  	seutil_read_config($1_dbusd_t)
  	seutil_read_default_contexts($1_dbusd_t)
  
@@ -14847,7 +14855,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	userdom_read_user_home_content_files($1_dbusd_t)
  
  	ifdef(`hide_broken_symptoms', `
-@@ -153,12 +158,15 @@
+@@ -153,12 +159,15 @@
  	')
  
  	optional_policy(`
@@ -14865,7 +14873,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -178,10 +186,12 @@
+@@ -178,10 +187,12 @@
  		type system_dbusd_t, system_dbusd_t;
  		type system_dbusd_var_run_t, system_dbusd_var_lib_t;
  		class dbus send_msg;
@@ -14878,7 +14886,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
  	files_search_var_lib($1)
-@@ -190,6 +200,10 @@
+@@ -190,6 +201,10 @@
  	files_search_pids($1)
  	stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
  	dbus_read_config($1)
@@ -14889,7 +14897,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  #######################################
-@@ -256,7 +270,7 @@
+@@ -256,7 +271,7 @@
  
  ########################################
  ## <summary>
@@ -14898,7 +14906,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	for service (acquire_svc).
  ## </summary>
  ## <param name="domain">
-@@ -364,6 +378,8 @@
+@@ -364,6 +379,8 @@
  	dbus_system_bus_client($1)
  	dbus_connect_system_bus($1)
  
@@ -14907,7 +14915,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	ifdef(`hide_broken_symptoms', `
  		dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
  	')
-@@ -405,3 +421,24 @@
+@@ -405,3 +422,24 @@
  
  	typeattribute $1 dbusd_unconfined;
  ')
@@ -14934,7 +14942,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.32/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/dbus.te	2009-12-03 13:45:11.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/dbus.te	2009-12-03 14:48:57.000000000 -0500
 @@ -86,6 +86,7 @@
  dev_read_sysfs(system_dbusd_t)
  
@@ -18187,7 +18195,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.6.32/policy/modules/services/nut.te
 --- nsaserefpolicy/policy/modules/services/nut.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/services/nut.te	2009-12-03 13:45:11.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/nut.te	2009-12-03 14:47:15.000000000 -0500
 @@ -0,0 +1,188 @@
 +
 +policy_module(nut, 1.0.0)
@@ -18229,7 +18237,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +# Local policy for upsd
 +#
 +
-+allow nut_upsd_t self:capability { setgid setuid };
++allow nut_upsd_t self:capability { setgid setuid dac_override };
 +
 +allow nut_upsd_t self:unix_dgram_socket { create_socket_perms sendto };
 +allow nut_upsd_t self:tcp_socket connected_stream_socket_perms;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index dba029e..82a004f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -451,6 +451,8 @@ exit 0
 %changelog
 * Thu Dec 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-55
 - Add fprintd_chat(unconfined_t) to fix su timeout problem
+- Make xguest follow allow_execstack boolean
+- Dontaudit dbus looking at nfs
 
 * Thu Dec 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-54
 - Require selinux-policy from selinux-policy-TYPE