diff --git a/policy-20070703.patch b/policy-20070703.patch
index f9cfd47..e87ef57 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -3944,7 +3944,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.8/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc 2007-10-31 09:43:13.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc 2007-11-10 07:47:13.000000000 -0500
@@ -20,6 +20,7 @@
/dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
@@ -3961,7 +3961,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
/dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
/dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
-@@ -98,6 +100,7 @@
+@@ -49,6 +51,7 @@
+ /dev/pmu -c gen_context(system_u:object_r:power_device_t,s0)
+ /dev/port -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+ /dev/(misc/)?psaux -c gen_context(system_u:object_r:mouse_device_t,s0)
++/dev/dmmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/rmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/radeon -c gen_context(system_u:object_r:dri_device_t,s0)
+ /dev/radio.* -c gen_context(system_u:object_r:v4l_device_t,s0)
+@@ -98,6 +101,7 @@
/dev/input/event.* -c gen_context(system_u:object_r:event_device_t,s0)
/dev/input/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/input/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
@@ -8615,7 +8623,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.0.8/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/hal.fc 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/hal.fc 2007-11-10 08:15:11.000000000 -0500
@@ -8,14 +8,18 @@
/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0)
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
@@ -8634,7 +8642,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+/var/run/pm(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
/var/run/haldaemon.pid -- gen_context(system_u:object_r:hald_var_run_t,s0)
- /var/run/vbestate -- gen_context(system_u:object_r:hald_var_run_t,s0)
+-/var/run/vbestate -- gen_context(system_u:object_r:hald_var_run_t,s0)
++/var/run/vbe.* -- gen_context(system_u:object_r:hald_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.0.8/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/hal.te 2007-10-30 19:54:25.000000000 -0400
@@ -9874,7 +9883,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.0.8/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/nis.if 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/nis.if 2007-11-10 07:53:02.000000000 -0500
@@ -49,8 +49,8 @@
corenet_udp_bind_all_nodes($1)
corenet_tcp_bind_generic_port($1)
@@ -12068,7 +12077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.0.8/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/sasl.te 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/sasl.te 2007-11-10 07:53:45.000000000 -0500
@@ -64,6 +64,7 @@
selinux_compute_access_vector(saslauthd_t)
@@ -12077,6 +12086,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
auth_use_nsswitch(saslauthd_t)
domain_use_interactive_fds(saslauthd_t)
+@@ -98,6 +99,10 @@
+ ')
+
+ optional_policy(`
++ nis_authenticate(saslauthd_t)
++')
++
++optional_policy(`
+ kerberos_read_keytab(saslauthd_t)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.0.8/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/sendmail.if 2007-10-29 23:59:29.000000000 -0400
@@ -12168,7 +12188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.0.8/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/sendmail.te 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/sendmail.te 2007-11-10 07:37:22.000000000 -0500
@@ -20,19 +20,22 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -12203,7 +12223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
corenet_all_recvfrom_unlabeled(sendmail_t)
corenet_all_recvfrom_netlabel(sendmail_t)
corenet_tcp_sendrecv_all_if(sendmail_t)
-@@ -94,30 +99,28 @@
+@@ -94,30 +99,32 @@
miscfiles_read_certs(sendmail_t)
miscfiles_read_localization(sendmail_t)
@@ -12222,15 +12242,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
mta_manage_queue(sendmail_t)
mta_manage_spool(sendmail_t)
+mta_sendmail_exec(sendmail_t)
++
++optional_policy(`
++ cron_read_pipes(sendmail_t)
++')
optional_policy(`
-- clamav_search_lib(sendmail_t)
-+ cron_read_pipes(sendmail_t)
+ clamav_search_lib(sendmail_t)
')
optional_policy(`
- nis_use_ypbind(sendmail_t)
-+ clamav_search_lib(sendmail_t)
++ cyrus_stream_connect(sendmail_t)
')
optional_policy(`
@@ -12239,7 +12262,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
')
optional_policy(`
-@@ -131,6 +134,10 @@
+@@ -131,6 +138,10 @@
')
optional_policy(`
@@ -12250,7 +12273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
seutil_sigchld_newrole(sendmail_t)
')
-@@ -156,3 +163,15 @@
+@@ -156,3 +167,15 @@
dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
') dnl end TODO
@@ -13783,7 +13806,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-11-09 14:35:36.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-11-10 07:11:24.000000000 -0500
@@ -26,7 +26,8 @@
type $1_chkpwd_t, can_read_shadow_passwords;
application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -13847,7 +13870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
selinux_get_fs_mount($1)
selinux_validate_context($1)
selinux_compute_access_vector($1)
-@@ -196,22 +218,41 @@
+@@ -196,20 +218,41 @@
mls_fd_share_all_levels($1)
auth_domtrans_chk_passwd($1)
@@ -13877,20 +13900,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+ userdom_unlink_unpriv_users_tmp_files($1)
+
+ optional_policy(`
-+ nis_authenticate($1)
++ mount_domtrans($1)
+ ')
+
+ optional_policy(`
++ nis_authenticate($1)
++
++ optional_policy(`
+ unconfined_set_rlimitnh($1)
+ ')
+
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
-+ mount_domtrans($1)
')
- ')
-
-@@ -309,9 +350,6 @@
+@@ -309,9 +352,6 @@
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
')
@@ -13900,7 +13923,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
corecmd_search_bin($1)
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
-@@ -329,6 +367,8 @@
+@@ -329,6 +369,8 @@
optional_policy(`
kerberos_use($1)
@@ -13909,7 +13932,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
optional_policy(`
-@@ -347,6 +387,37 @@
+@@ -347,6 +389,37 @@
########################################
##
@@ -13947,7 +13970,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
## Get the attributes of the shadow passwords file.
##
##
-@@ -695,6 +766,24 @@
+@@ -695,6 +768,24 @@
########################################
##
@@ -13972,7 +13995,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
## Execute pam programs in the PAM domain.
##
##
-@@ -1318,16 +1407,14 @@
+@@ -1318,16 +1409,14 @@
##
#
interface(`auth_use_nsswitch',`
@@ -13992,7 +14015,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
miscfiles_read_certs($1)
sysnet_dns_name_resolve($1)
-@@ -1347,6 +1434,8 @@
+@@ -1347,6 +1436,8 @@
optional_policy(`
samba_stream_connect_winbind($1)
@@ -14001,7 +14024,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
')
-@@ -1381,3 +1470,181 @@
+@@ -1381,3 +1472,181 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -16380,7 +16403,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.0.8/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/selinuxutil.if 2007-11-07 11:59:45.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/selinuxutil.if 2007-11-10 07:25:22.000000000 -0500
@@ -585,7 +585,7 @@
type selinux_config_t;
')
@@ -16512,7 +16535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
## Full management of the semanage
## module store.
##
-@@ -1058,3 +1134,138 @@
+@@ -1058,3 +1134,141 @@
files_search_etc($1)
rw_files_pattern($1,selinux_config_t,semanage_trans_lock_t)
')
@@ -16590,6 +16613,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+ type policy_config_t;
+ ')
+ allow $1 self:capability { dac_override audit_write };
++ allow $1 self:process signal;
+ allow $1 self:unix_stream_socket create_stream_socket_perms;
+ allow $1 self:unix_dgram_socket create_socket_perms;
+ logging_send_audit_msgs($1)
@@ -16646,6 +16670,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+ seutil_get_semanage_trans_lock($1)
+ seutil_get_semanage_read_lock($1)
+
++ userdom_dontaudit_write_unpriv_user_home_content_files($1)
++
+ optional_policy(`
+ rpm_dontaudit_rw_tmp_files($1)
+ rpm_dontaudit_rw_pipes($1)
@@ -17759,7 +17785,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-09 14:38:42.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-10 07:24:23.000000000 -0500
@@ -29,8 +29,9 @@
')