diff --git a/policy-20071130.patch b/policy-20071130.patch
index 1afdae3..cb0958b 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -5332,7 +5332,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.3.1/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2008-09-17 07:36:20.000000000 -0400
 @@ -35,7 +35,10 @@
  template(`mozilla_per_role_template',`
  	gen_require(`
@@ -5344,7 +5344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	########################################
  	#
-@@ -45,20 +48,26 @@
+@@ -45,36 +48,46 @@
  	application_domain($1_mozilla_t,mozilla_exec_t)
  	role $3 types $1_mozilla_t;
  
@@ -5372,15 +5372,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	allow $1_mozilla_t self:capability { sys_nice setgid setuid };
 -	allow $1_mozilla_t self:process { sigkill signal setsched getsched setrlimit };
-+	allow $1_mozilla_t self:process { ptrace sigkill signal setsched getsched setrlimit };
++	allow $1_mozilla_t self:process { ptrace sigkill signal signull setsched getsched setrlimit };
  	allow $1_mozilla_t self:fifo_file rw_fifo_file_perms;
  	allow $1_mozilla_t self:shm { unix_read unix_write read write destroy create };
  	allow $1_mozilla_t self:sem create_sem_perms;
-@@ -66,15 +75,19 @@
+ 	allow $1_mozilla_t self:socket create_socket_perms;
  	allow $1_mozilla_t self:unix_stream_socket { listen accept };
  	# Browse the web, connect to printer
- 	allow $1_mozilla_t self:tcp_socket create_socket_perms;
+-	allow $1_mozilla_t self:tcp_socket create_socket_perms;
 -	allow $1_mozilla_t self:netlink_route_socket r_netlink_socket_perms;
++	allow $1_mozilla_t self:tcp_socket create_stream_socket_perms;
  
  	# for bash - old mozilla binary
  	can_exec($1_mozilla_t, mozilla_exec_t)
@@ -5485,15 +5486,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	# Browse the web, connect to printer
  	corenet_all_recvfrom_unlabeled($1_mozilla_t)
-@@ -139,7 +181,6 @@
+@@ -139,7 +181,7 @@
  	corenet_tcp_connect_http_cache_port($1_mozilla_t)
  	corenet_tcp_connect_ftp_port($1_mozilla_t)
  	corenet_tcp_connect_ipp_port($1_mozilla_t)
 -	corenet_tcp_connect_generic_port($1_mozilla_t)
++	corenet_tcp_connect_flash_port($1_mozilla_t)
  	corenet_sendrecv_http_client_packets($1_mozilla_t)
  	corenet_sendrecv_http_cache_client_packets($1_mozilla_t)
  	corenet_sendrecv_ftp_client_packets($1_mozilla_t)
-@@ -151,6 +192,7 @@
+@@ -151,6 +193,7 @@
  
  	dev_read_urand($1_mozilla_t)
  	dev_read_rand($1_mozilla_t)
@@ -5501,7 +5503,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	dev_write_sound($1_mozilla_t)
  	dev_read_sound($1_mozilla_t)
  	dev_dontaudit_rw_dri($1_mozilla_t)
-@@ -165,13 +207,28 @@
+@@ -165,13 +208,28 @@
  	files_read_var_files($1_mozilla_t)
  	files_read_var_symlinks($1_mozilla_t)
   	files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -5530,7 +5532,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	libs_use_ld_so($1_mozilla_t)
  	libs_use_shared_libs($1_mozilla_t)
  
-@@ -180,18 +237,10 @@
+@@ -180,18 +238,11 @@
  	miscfiles_read_fonts($1_mozilla_t)
  	miscfiles_read_localization($1_mozilla_t)
  
@@ -5548,11 +5550,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +	userdom_dontaudit_use_user_terminals($1,$1_mozilla_t)
  	
 -	xserver_user_client_template($1,$1_mozilla_t,$1_mozilla_tmpfs_t)
++	xserver_read_xdm_pid($1_mozilla_t)
 +	xserver_user_x_domain_template($1,$1_mozilla,$1_mozilla_t,$1_mozilla_tmpfs_t)
  	xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
  	xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t)
  
-@@ -211,131 +260,8 @@
+@@ -211,131 +262,8 @@
  		fs_manage_cifs_symlinks($1_mozilla_t)
  	')
  
@@ -5686,7 +5689,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
-@@ -350,57 +276,58 @@
+@@ -350,57 +278,58 @@
  	optional_policy(`
  		cups_read_rw_config($1_mozilla_t)
  		cups_dbus_chat($1_mozilla_t)
@@ -5769,7 +5772,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -430,11 +357,11 @@
+@@ -430,11 +359,11 @@
  #
  template(`mozilla_read_user_home_files',`
  	gen_require(`
@@ -5784,7 +5787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -464,11 +391,10 @@
+@@ -464,11 +393,10 @@
  #
  template(`mozilla_write_user_home_files',`
  	gen_require(`
@@ -5798,7 +5801,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -573,3 +499,27 @@
+@@ -573,3 +501,27 @@
  
  	allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
  ')
@@ -5858,8 +5861,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.3.1/policy/modules/apps/mplayer.fc
 --- nsaserefpolicy/policy/modules/apps/mplayer.fc	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc	2008-09-08 11:45:12.000000000 -0400
-@@ -10,4 +10,4 @@
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc	2008-09-17 07:30:29.000000000 -0400
+@@ -1,13 +1,8 @@
+ #
+-# /etc
+-#
+-/etc/mplayer(/.*)?		gen_context(system_u:object_r:mplayer_etc_t,s0)
+-
+-#
+ # /usr
+ #
+ /usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
  /usr/bin/mencoder	--	gen_context(system_u:object_r:mencoder_exec_t,s0)
  /usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
  
@@ -6644,8 +6656,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.3.1/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if	2008-09-08 11:45:12.000000000 -0400
-@@ -0,0 +1,97 @@
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if	2008-09-17 07:25:54.000000000 -0400
+@@ -0,0 +1,98 @@
 +## <summary>Openoffice</summary>
 +
 +#######################################
@@ -6687,6 +6699,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +	')
 +
 +	domtrans_pattern($2, openoffice_exec_t, $1_openoffice_t)
++	allow $2  $1_openoffice_t:process { signal sigkill };
 +')
 +
 +#######################################
@@ -10427,7 +10440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
  read_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2008-09-16 15:29:46.000000000 -0400
 @@ -1,10 +1,9 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
 -
@@ -10480,9 +10493,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  /var/log/apache(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
  /var/log/apache-ssl(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
  /var/log/cacti(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
-@@ -66,10 +69,21 @@
+@@ -65,11 +68,23 @@
+ /var/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
++/var/run/wsgi.*		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
  
 -/var/spool/gosa(/.*)?			gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
 +/var/spool/gosa(/.*)?			gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
@@ -11148,7 +11163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-09-19 09:53:01.000000000 -0400
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -11310,7 +11325,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  corenet_all_recvfrom_unlabeled(httpd_t)
  corenet_all_recvfrom_netlabel(httpd_t)
-@@ -315,9 +364,7 @@
+@@ -299,6 +348,7 @@
+ corenet_tcp_sendrecv_all_ports(httpd_t)
+ corenet_udp_sendrecv_all_ports(httpd_t)
+ corenet_tcp_bind_all_nodes(httpd_t)
++corenet_udp_bind_all_nodes(httpd_t)
+ corenet_tcp_bind_http_port(httpd_t)
+ corenet_tcp_bind_http_cache_port(httpd_t)
+ corenet_sendrecv_http_server_packets(httpd_t)
+@@ -315,9 +365,7 @@
  
  auth_use_nsswitch(httpd_t)
  
@@ -11321,7 +11344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  domain_use_interactive_fds(httpd_t)
  
-@@ -335,6 +382,10 @@
+@@ -335,6 +383,10 @@
  files_read_var_lib_symlinks(httpd_t)
  
  fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -11332,7 +11355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  libs_use_ld_so(httpd_t)
  libs_use_shared_libs(httpd_t)
-@@ -351,25 +402,50 @@
+@@ -351,25 +403,50 @@
  
  userdom_use_unpriv_users_fds(httpd_t)
  
@@ -11387,7 +11410,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_can_network_relay',`
  	# allow httpd to work as a relay
  	corenet_tcp_connect_gopher_port(httpd_t)
-@@ -382,12 +458,26 @@
+@@ -382,12 +459,26 @@
  	corenet_sendrecv_http_cache_client_packets(httpd_t)
  ')
  
@@ -11419,7 +11442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  tunable_policy(`httpd_enable_ftp_server',`
-@@ -399,11 +489,21 @@
+@@ -399,11 +490,21 @@
  	fs_read_nfs_symlinks(httpd_t)
  ')
  
@@ -11441,7 +11464,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_ssi_exec',`
  	corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
  	allow httpd_sys_script_t httpd_t:fd use;
-@@ -437,8 +537,13 @@
+@@ -437,8 +538,13 @@
  ')
  
  optional_policy(`
@@ -11457,7 +11480,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -450,19 +555,13 @@
+@@ -450,19 +556,13 @@
  ')
  
  optional_policy(`
@@ -11478,7 +11501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -472,13 +571,22 @@
+@@ -472,13 +572,22 @@
  	openca_kill(httpd_t)
  ')
  
@@ -11505,7 +11528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  optional_policy(`
-@@ -486,6 +594,7 @@
+@@ -486,6 +595,7 @@
  ')
  
  optional_policy(`
@@ -11513,7 +11536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -521,6 +630,22 @@
+@@ -521,6 +631,22 @@
  	userdom_use_sysadm_terms(httpd_helper_t)
  ')
  
@@ -11536,7 +11559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ########################################
  #
  # Apache PHP script local policy
-@@ -550,18 +675,26 @@
+@@ -550,18 +676,26 @@
  
  fs_search_auto_mountpoints(httpd_php_t)
  
@@ -11566,7 +11589,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -585,6 +718,8 @@
+@@ -585,6 +719,8 @@
  manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -11575,7 +11598,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  kernel_read_kernel_sysctls(httpd_suexec_t)
  kernel_list_proc(httpd_suexec_t)
  kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -593,9 +728,7 @@
+@@ -593,9 +729,7 @@
  
  fs_search_auto_mountpoints(httpd_suexec_t)
  
@@ -11586,15 +11609,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -628,6 +761,7 @@
+@@ -626,8 +760,10 @@
+ 	corenet_udp_sendrecv_all_ports(httpd_suexec_t)
+ 	corenet_tcp_connect_all_ports(httpd_suexec_t)
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
++	sysnet_dns_name_resolve(httpd_suexec_t)
  ')
  
 +domain_entry_file(httpd_sys_script_t,httpd_sys_content_t)
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
  ')
-@@ -638,6 +772,12 @@
+@@ -638,6 +774,12 @@
  	fs_exec_nfs_files(httpd_suexec_t)
  ')
  
@@ -11607,7 +11633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_suexec_t)
  	fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -655,10 +795,6 @@
+@@ -655,10 +797,6 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -11618,7 +11644,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ########################################
  #
  # Apache system script local policy
-@@ -668,7 +804,8 @@
+@@ -668,7 +806,8 @@
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
  
@@ -11628,7 +11654,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
  read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -682,15 +819,44 @@
+@@ -682,15 +821,45 @@
  # Should we add a boolean?
  apache_domtrans_rotatelogs(httpd_sys_script_t)
  
@@ -11663,6 +11689,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
 +	corenet_tcp_connect_all_ports(httpd_sys_script_t)
 +	corenet_sendrecv_all_client_packets(httpd_sys_script_t)
++	sysnet_dns_name_resolve(httpd_sys_script_t)
 +')
 +
 +
@@ -11674,7 +11701,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -703,6 +869,10 @@
+@@ -703,6 +872,10 @@
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -11685,7 +11712,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -724,3 +894,71 @@
+@@ -724,3 +897,71 @@
  logging_search_logs(httpd_rotatelogs_t)
  
  miscfiles_read_localization(httpd_rotatelogs_t)
@@ -13614,7 +13641,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.3.1/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/cron.if	2008-09-12 13:45:31.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cron.if	2008-09-16 14:09:57.000000000 -0400
 @@ -35,38 +35,24 @@
  #
  template(`cron_per_role_template',`
@@ -13905,7 +13932,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  ')
  
  ########################################
-@@ -583,3 +502,62 @@
+@@ -583,3 +502,61 @@
  
  	dontaudit $1 system_crond_tmp_t:file append;
  ')
@@ -13924,8 +13951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +#
 +interface(`cron_dontaudit_write_system_job_tmp_files',`
 +	gen_require(`
-+		type system_crond_tmp_t;
-+		type system_crond_var_run_t;
++		type system_crond_tmp_t, cron_var_run_t;
 +	')
 +
 +	dontaudit $1 system_crond_tmp_t:file write_file_perms;
@@ -14318,7 +14344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.3.1/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/cups.if	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cups.if	2008-09-17 07:27:09.000000000 -0400
 @@ -20,6 +20,30 @@
  
  ########################################
@@ -21605,8 +21631,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2008-09-08 11:45:12.000000000 -0400
-@@ -0,0 +1,212 @@
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2008-09-16 15:04:48.000000000 -0400
+@@ -0,0 +1,213 @@
 +
 +## <summary>policy for polkit_auth</summary>
 +
@@ -21710,6 +21736,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +	allow polkit_resolve_t $1:dir list_dir_perms;
 +	read_files_pattern(polkit_resolve_t, $1, $1)
 +	read_lnk_files_pattern(polkit_resolve_t, $1, $1)
++	allow polkit_resolve_t $1:process getattr;
 +')
 +
 +########################################
@@ -23737,8 +23764,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.3.1/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2008-09-08 11:45:12.000000000 -0400
-@@ -0,0 +1,257 @@
++++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2008-09-19 09:41:26.000000000 -0400
+@@ -0,0 +1,260 @@
 +
 +policy_module(prelude, 1.0.0)
 +
@@ -23905,6 +23932,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +# prelude_lml local declarations
 +#
 +
++allow prelude_lml_t self:capability dac_override;
++
 +# Init script handling
 +# Test me
 +domain_use_interactive_fds(prelude_lml_t)
@@ -23969,6 +23998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +')
 +
 +optional_policy(`
++	apache_search_sys_content(httpd_lml_t)
 +	apache_read_log(prelude_lml_t)
 +')
 +
@@ -25080,7 +25110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.3.1/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2008-09-08 11:45:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2008-09-18 16:54:48.000000000 -0400
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write,false)
  
@@ -25175,9 +25205,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 +
  miscfiles_read_certs(gssd_t)
  
-+userdom_dontaudit_search_users_home_dirs(rpcd_t)
-+userdom_dontaudit_search_sysadm_home_dirs(rpcd_t)
-+userdom_dontaudit_write_user_tmp_files(user, rpcd_t)
++userdom_dontaudit_search_users_home_dirs(gssd_t)
++userdom_dontaudit_search_sysadm_home_dirs(gssd_t)
++userdom_dontaudit_manage_user_tmp_files(user, gssd_t)
 +
  tunable_policy(`allow_gssd_read_tmp',`
  	userdom_list_unpriv_users_tmp(gssd_t) 
@@ -41493,8 +41523,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.i
 +## <summary>Policy for guest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.3.1/policy/modules/users/guest.te
 --- nsaserefpolicy/policy/modules/users/guest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/users/guest.te	2008-09-08 11:45:13.000000000 -0400
-@@ -0,0 +1,31 @@
++++ serefpolicy-3.3.1/policy/modules/users/guest.te	2008-09-17 09:08:26.000000000 -0400
+@@ -0,0 +1,33 @@
 +policy_module(guest,1.0.1)
 +userdom_restricted_user_template(guest)
 +
@@ -41525,6 +41555,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.t
 +	')
 +	
 +	domtrans_pattern(xguest_mozilla_t, openoffice_exec_t, xguest_openoffice_t)
++	allow xguest_mozilla_t xguest_openoffice_t:process { signal sigkill };
++	allow xguest_openoffice_t xguest_mozilla_t:unix_stream_socket connectto;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.3.1/policy/modules/users/logadm.fc
 --- nsaserefpolicy/policy/modules/users/logadm.fc	1969-12-31 19:00:00.000000000 -0500