diff --git a/policy-20070703.patch b/policy-20070703.patch
index 643a2b8..bbe689b 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -3987,7 +3987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.0.8/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/devices.if	2007-11-01 14:02:44.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.if	2007-11-12 16:36:39.000000000 -0500
 @@ -65,7 +65,7 @@
  
  	relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -3997,7 +3997,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  	relabelfrom_fifo_files_pattern($1,device_t,device_node)
  	relabelfrom_sock_files_pattern($1,device_t,device_node)
  	relabel_blk_files_pattern($1,device_t,{ device_t device_node })
-@@ -1306,6 +1306,44 @@
+@@ -185,6 +185,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Manage of directories in /dev.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed to relabel.
++##	</summary>
++## </param>
++#
++interface(`dev_manage_generic_dirs',`
++	gen_require(`
++		type device_t;
++	')
++
++	manage_dirs_pattern($1,device_t,device_t)
++')
++
++########################################
++## <summary>
+ ##	Allow full relabeling (to and from) of directories in /dev.
+ ## </summary>
+ ## <param name="domain">
+@@ -1306,6 +1324,44 @@
  
  ########################################
  ## <summary>
@@ -4042,7 +4067,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  ##	Read input event devices (/dev/input).
  ## </summary>
  ## <param name="domain">
-@@ -1623,6 +1661,78 @@
+@@ -1623,6 +1679,78 @@
  
  ########################################
  ## <summary>
@@ -4184,7 +4209,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.0.8/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/domain.te	2007-11-07 17:28:12.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/domain.te	2007-11-12 15:59:14.000000000 -0500
 @@ -6,6 +6,22 @@
  # Declarations
  #
@@ -4222,7 +4247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  
  # Use trusted objects in /dev
  dev_rw_null(domain)
-@@ -134,3 +154,28 @@
+@@ -134,3 +154,32 @@
  
  # act on all domains keys
  allow unconfined_domain_type domain:key *;
@@ -4251,6 +4276,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +optional_policy(`
 +	rpm_rw_pipes(domain)
 +')
++
++optional_policy(`
++	unconfined_dontaudit_rw_pipes(domain)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.0.8/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2007-10-22 13:21:41.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/kernel/files.fc	2007-10-29 23:59:29.000000000 -0400
@@ -5778,7 +5807,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.8/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.te	2007-11-12 10:03:38.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/apache.te	2007-11-12 15:10:54.000000000 -0500
 @@ -20,6 +20,9 @@
  # Declarations
  #
@@ -6146,15 +6175,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +')
 +
 +tunable_policy(`httpd_use_nfs', `
-+	fs_read_nfs_files(httpd_sys_script_t)
-+	fs_read_nfs_symlinks(httpd_sys_script_t)
-+')
-+
-+tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs', `
  	fs_read_nfs_files(httpd_sys_script_t)
  	fs_read_nfs_symlinks(httpd_sys_script_t)
  ')
  
++tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs', `
++	fs_read_nfs_files(httpd_sys_script_t)
++	fs_read_nfs_symlinks(httpd_sys_script_t)
++')
++
 +tunable_policy(`httpd_enable_cgi && httpd_can_network_connect_db',`
 +	allow httpd_sys_script_t self:tcp_socket create_stream_socket_perms;
 +	allow httpd_sys_script_t self:udp_socket create_socket_perms;
@@ -6206,19 +6235,45 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -728,3 +878,20 @@
+@@ -728,3 +878,48 @@
  logging_search_logs(httpd_rotatelogs_t)
  
  miscfiles_read_localization(httpd_rotatelogs_t)
 +
 +#============= bugzilla policy ==============
 +apache_content_template(bugzilla)
++
++type httpd_bugzilla_tmp_t;
++files_tmp_file(httpd_bugzilla_tmp_t)
++
 +allow httpd_bugzilla_script_t self:netlink_route_socket r_netlink_socket_perms;
++allow httpd_bugzilla_script_t self:tcp_socket create_stream_socket_perms;
++allow httpd_bugzilla_script_t self:udp_socket create_socket_perms;
++
++corenet_all_recvfrom_unlabeled(httpd_bugzilla_script_t)
++corenet_all_recvfrom_netlabel(httpd_bugzilla_script_t)
++corenet_tcp_sendrecv_all_if(httpd_bugzilla_script_t)
++corenet_udp_sendrecv_all_if(httpd_bugzilla_script_t)
++corenet_tcp_sendrecv_all_nodes(httpd_bugzilla_script_t)
++corenet_udp_sendrecv_all_nodes(httpd_bugzilla_script_t)
++corenet_tcp_sendrecv_all_ports(httpd_bugzilla_script_t)
++corenet_udp_sendrecv_all_ports(httpd_bugzilla_script_t)
++corenet_tcp_connect_postgresql_port(httpd_bugzilla_script_t)
++corenet_tcp_connect_mysqld_port(httpd_bugzilla_script_t)
++corenet_tcp_connect_http_port(httpd_bugzilla_script_t)
++corenet_sendrecv_postgresql_client_packets(httpd_bugzilla_script_t)
++corenet_sendrecv_mysqld_client_packets(httpd_bugzilla_script_t)
++
++manage_dirs_pattern(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,httpd_bugzilla_tmp_t)
++manage_files_pattern(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,httpd_bugzilla_tmp_t)
++files_tmp_filetrans(httpd_bugzilla_script_t,httpd_bugzilla_t,{ file dir })
 +
 +files_search_var_lib(httpd_bugzilla_script_t)
 +
 +mta_send_mail(httpd_bugzilla_script_t)
 +
++sysnet_read_config(httpd_bugzilla_script_t)
++
 +optional_policy(`
 +	mysql_search_db(httpd_bugzilla_script_t)
 +	mysql_stream_connect(httpd_bugzilla_script_t)
@@ -6227,6 +6282,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +optional_policy(`
 +	postgresql_stream_connect(httpd_bugzilla_script_t)
 +')
++
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.0.8/policy/modules/services/apcupsd.if
 --- nsaserefpolicy/policy/modules/services/apcupsd.if	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/apcupsd.if	2007-10-29 23:59:29.000000000 -0400
@@ -8845,8 +8902,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +/var/tmp/host_0			-- 	gen_context(system_u:object_r:krb5_host_rcache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if	2007-11-06 16:58:01.000000000 -0500
-@@ -42,6 +42,10 @@
++++ serefpolicy-3.0.8/policy/modules/services/kerberos.if	2007-11-12 16:50:00.000000000 -0500
+@@ -42,11 +42,17 @@
  	dontaudit $1 krb5_conf_t:file write;
  	dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
  	dontaudit $1 krb5kdc_conf_t:file rw_file_perms;
@@ -8857,7 +8914,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  
  	tunable_policy(`allow_kerberos',`
  		allow $1 self:tcp_socket create_socket_perms;
-@@ -61,9 +65,6 @@
+ 		allow $1 self:udp_socket create_socket_perms;
+ 
++		fs_rw_tmpfs_files($1)
++
+ 		corenet_all_recvfrom_unlabeled($1)
+ 		corenet_all_recvfrom_netlabel($1)
+ 		corenet_tcp_sendrecv_all_if($1)
+@@ -61,9 +67,6 @@
  		corenet_tcp_connect_ocsp_port($1)
  		corenet_sendrecv_kerberos_client_packets($1)
  		corenet_sendrecv_ocsp_client_packets($1)
@@ -8867,7 +8931,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  	')
  
  	optional_policy(`
-@@ -172,3 +173,51 @@
+@@ -172,3 +175,51 @@
  	allow $1 krb5kdc_conf_t:file read_file_perms;
  
  ')
@@ -13167,8 +13231,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.8/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.if	2007-11-12 11:59:59.000000000 -0500
-@@ -126,6 +126,8 @@
++++ serefpolicy-3.0.8/policy/modules/services/xserver.if	2007-11-12 16:36:52.000000000 -0500
+@@ -116,8 +116,7 @@
+ 	dev_rw_agp($1_xserver_t)
+ 	dev_rw_framebuffer($1_xserver_t)
+ 	dev_manage_dri_dev($1_xserver_t)
+-	dev_create_generic_dirs($1_xserver_t)
+-	dev_setattr_generic_dirs($1_xserver_t)
++	dev_manage_generic_dirs($1_xserver_t)
+ 	# raw memory access is needed if not using the frame buffer
+ 	dev_read_raw_memory($1_xserver_t)
+ 	dev_wx_raw_memory($1_xserver_t)
+@@ -126,6 +125,8 @@
  	# read events - the synaptics touchpad driver reads raw events
  	dev_rw_input_dev($1_xserver_t)
  	dev_rwx_zero($1_xserver_t)
@@ -13177,7 +13251,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	domain_mmap_low($1_xserver_t)
  
-@@ -141,10 +143,12 @@
+@@ -141,10 +142,12 @@
  	fs_getattr_xattr_fs($1_xserver_t)
  	fs_search_nfs($1_xserver_t)
  	fs_search_auto_mountpoints($1_xserver_t)
@@ -13191,7 +13265,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	term_setattr_unallocated_ttys($1_xserver_t)
  	term_use_unallocated_ttys($1_xserver_t)
  
-@@ -178,13 +182,7 @@
+@@ -178,13 +181,7 @@
  		auth_search_pam_console_data($1_xserver_t)
  	')
  
@@ -13206,7 +13280,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	optional_policy(`
  		rhgb_getpgid($1_xserver_t)
-@@ -251,7 +249,7 @@
+@@ -251,7 +248,7 @@
  	userdom_user_home_content($1,$1_fonts_cache_t)
  
  	type $1_fonts_config_t, fonts_config_type;
@@ -13215,7 +13289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	type $1_iceauth_t;
  	domain_type($1_iceauth_t)
-@@ -282,11 +280,15 @@
+@@ -282,11 +279,15 @@
  	domtrans_pattern($1_xserver_t, xauth_exec_t, $1_xauth_t)
  
  	allow $1_xserver_t $1_xauth_home_t:file { getattr read };
@@ -13231,7 +13305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	manage_dirs_pattern($2,$1_fonts_t,$1_fonts_t)
  	manage_files_pattern($2,$1_fonts_t,$1_fonts_t)
-@@ -316,6 +318,7 @@
+@@ -316,6 +317,7 @@
  	userdom_use_user_ttys($1,$1_xserver_t)
  	userdom_setattr_user_ttys($1,$1_xserver_t)
  	userdom_rw_user_tmpfs_files($1,$1_xserver_t)
@@ -13239,7 +13313,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	xserver_use_user_fonts($1,$1_xserver_t)
  	xserver_rw_xdm_tmp_files($1_xauth_t)
-@@ -324,13 +327,6 @@
+@@ -324,13 +326,6 @@
  		userhelper_search_config($1_xserver_t)
  	')
  
@@ -13253,7 +13327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	##############################
  	#
  	# $1_xauth_t Local policy
-@@ -353,12 +349,6 @@
+@@ -353,12 +348,6 @@
  	# allow ps to show xauth
  	ps_process_pattern($2,$1_xauth_t)
  
@@ -13266,7 +13340,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	domain_use_interactive_fds($1_xauth_t)
  
  	files_read_etc_files($1_xauth_t)
-@@ -387,6 +377,14 @@
+@@ -387,6 +376,14 @@
  	')
  
  	optional_policy(`
@@ -13281,7 +13355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  		nis_use_ypbind($1_xauth_t)
  	')
  
-@@ -536,17 +534,15 @@
+@@ -536,17 +533,15 @@
  template(`xserver_user_client_template',`
  
  	gen_require(`
@@ -13305,7 +13379,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	# for when /tmp/.X11-unix is created by the system
  	allow $2 xdm_t:fd use;
-@@ -555,25 +551,54 @@
+@@ -555,25 +550,54 @@
  	allow $2 xdm_tmp_t:sock_file { read write };
  	dontaudit $2 xdm_t:tcp_socket { read write };
  
@@ -13368,7 +13442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	')
  ')
  
-@@ -626,6 +651,24 @@
+@@ -626,6 +650,24 @@
  
  ########################################
  ## <summary>
@@ -13393,7 +13467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -659,6 +702,73 @@
+@@ -659,6 +701,73 @@
  
  ########################################
  ## <summary>
@@ -13467,7 +13541,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -927,6 +1037,7 @@
+@@ -927,6 +1036,7 @@
  	files_search_tmp($1)
  	allow $1 xdm_tmp_t:dir list_dir_perms;
  	create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
@@ -13475,7 +13549,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -987,6 +1098,37 @@
+@@ -987,6 +1097,37 @@
  
  ########################################
  ## <summary>
@@ -13513,7 +13587,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Make an X session script an entrypoint for the specified domain.
  ## </summary>
  ## <param name="domain">
-@@ -1136,7 +1278,7 @@
+@@ -1136,7 +1277,7 @@
  		type xdm_xserver_tmp_t;
  	')
  
@@ -13522,7 +13596,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -1325,3 +1467,82 @@
+@@ -1325,3 +1466,82 @@
  	files_search_tmp($1)
  	stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
  ')
@@ -16201,7 +16275,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.0.8/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/modutils.te	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/modutils.te	2007-11-12 15:58:45.000000000 -0500
 @@ -42,7 +42,7 @@
  # insmod local policy
  #
@@ -16211,7 +16285,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  allow insmod_t self:process { execmem sigchld sigkill sigstop signull signal };
  
  allow insmod_t self:udp_socket create_socket_perms; 
-@@ -63,6 +63,7 @@
+@@ -54,6 +54,7 @@
+ can_exec(insmod_t, insmod_exec_t)
+ 
+ kernel_load_module(insmod_t)
++kernel_search_network_state(insmod_t)
+ kernel_read_system_state(insmod_t)
+ kernel_write_proc_files(insmod_t)
+ kernel_mount_debugfs(insmod_t)
+@@ -63,6 +64,7 @@
  kernel_read_kernel_sysctls(insmod_t)
  kernel_rw_kernel_sysctl(insmod_t)
  kernel_read_hotplug_sysctls(insmod_t)
@@ -16219,7 +16301,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  
  files_read_kernel_modules(insmod_t)
  # for locking: (cjp: ????)
-@@ -76,9 +77,7 @@
+@@ -76,9 +78,7 @@
  dev_read_sound(insmod_t)
  dev_write_sound(insmod_t)
  dev_rw_apm_bios(insmod_t)
@@ -16230,7 +16312,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  
  fs_getattr_xattr_fs(insmod_t)
  
-@@ -101,6 +100,7 @@
+@@ -101,6 +101,7 @@
  init_use_fds(insmod_t)
  init_use_script_fds(insmod_t)
  init_use_script_ptys(insmod_t)
@@ -16238,7 +16320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  
  libs_use_ld_so(insmod_t)
  libs_use_shared_libs(insmod_t)
-@@ -112,11 +112,27 @@
+@@ -112,11 +113,27 @@
  
  seutil_read_file_contexts(insmod_t)
  
@@ -16266,7 +16348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  	hotplug_search_config(insmod_t)
  ')
  
-@@ -149,10 +165,12 @@
+@@ -149,10 +166,13 @@
  
  optional_policy(`
  	rpm_rw_pipes(insmod_t)
@@ -16276,10 +16358,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  optional_policy(`
  	unconfined_dontaudit_rw_pipes(insmod_t)
 +	unconfined_dontaudit_use_terminals(insmod_t)
++	unconfined_domain(insmod_t)
  ')
  
  optional_policy(`
-@@ -179,6 +197,7 @@
+@@ -179,6 +199,7 @@
  
  files_read_kernel_symbol_table(depmod_t)
  files_read_kernel_modules(depmod_t)
@@ -16287,7 +16370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  
  fs_getattr_xattr_fs(depmod_t)
  
-@@ -205,9 +224,12 @@
+@@ -205,9 +226,12 @@
  userdom_read_staff_home_content_files(depmod_t)
  userdom_read_sysadm_home_content_files(depmod_t)