diff --git a/policy-20070703.patch b/policy-20070703.patch
index f9cfd47..e87ef57 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -3944,7 +3944,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.8/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc	2007-10-31 09:43:13.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc	2007-11-10 07:47:13.000000000 -0500
 @@ -20,6 +20,7 @@
  /dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
  /dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
@@ -3961,7 +3961,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/logibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  /dev/mcelog		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
-@@ -98,6 +100,7 @@
+@@ -49,6 +51,7 @@
+ /dev/pmu		-c	gen_context(system_u:object_r:power_device_t,s0)
+ /dev/port		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+ /dev/(misc/)?psaux	-c	gen_context(system_u:object_r:mouse_device_t,s0)
++/dev/dmmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/rmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/radeon		-c	gen_context(system_u:object_r:dri_device_t,s0)
+ /dev/radio.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
+@@ -98,6 +101,7 @@
  /dev/input/event.*	-c	gen_context(system_u:object_r:event_device_t,s0)
  /dev/input/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/input/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
@@ -8615,7 +8623,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.0.8/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/hal.fc	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/hal.fc	2007-11-10 08:15:11.000000000 -0500
 @@ -8,14 +8,18 @@
  /usr/libexec/hal-hotplug-map 		--	gen_context(system_u:object_r:hald_exec_t,s0)
  /usr/libexec/hal-system-sonypic	 	--	gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
@@ -8634,7 +8642,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
 +/var/run/pm(/.*)?				gen_context(system_u:object_r:hald_var_run_t,s0)
  /var/run/haldaemon.pid	--	 		gen_context(system_u:object_r:hald_var_run_t,s0)
- /var/run/vbestate 	--			gen_context(system_u:object_r:hald_var_run_t,s0)
+-/var/run/vbestate 	--			gen_context(system_u:object_r:hald_var_run_t,s0)
++/var/run/vbe.*		--			gen_context(system_u:object_r:hald_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.0.8/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/hal.te	2007-10-30 19:54:25.000000000 -0400
@@ -9874,7 +9883,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  /usr/sbin/rpc\.ypxfrd	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.0.8/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/nis.if	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/nis.if	2007-11-10 07:53:02.000000000 -0500
 @@ -49,8 +49,8 @@
  	corenet_udp_bind_all_nodes($1)
  	corenet_tcp_bind_generic_port($1)
@@ -12068,7 +12077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +allow smbcontrol_t nmbd_var_run_t:file { read lock };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.0.8/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/sasl.te	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/sasl.te	2007-11-10 07:53:45.000000000 -0500
 @@ -64,6 +64,7 @@
  selinux_compute_access_vector(saslauthd_t)
  
@@ -12077,6 +12086,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
  auth_use_nsswitch(saslauthd_t)
  
  domain_use_interactive_fds(saslauthd_t)
+@@ -98,6 +99,10 @@
+ ')
+ 
+ optional_policy(`
++	nis_authenticate(saslauthd_t)
++')
++
++optional_policy(`
+ 	kerberos_read_keytab(saslauthd_t)
+ ')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.0.8/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/sendmail.if	2007-10-29 23:59:29.000000000 -0400
@@ -12168,7 +12188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.0.8/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/sendmail.te	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/sendmail.te	2007-11-10 07:37:22.000000000 -0500
 @@ -20,19 +20,22 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -12203,7 +12223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  corenet_all_recvfrom_unlabeled(sendmail_t)
  corenet_all_recvfrom_netlabel(sendmail_t)
  corenet_tcp_sendrecv_all_if(sendmail_t)
-@@ -94,30 +99,28 @@
+@@ -94,30 +99,32 @@
  miscfiles_read_certs(sendmail_t)
  miscfiles_read_localization(sendmail_t)
  
@@ -12222,15 +12242,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  mta_manage_queue(sendmail_t)
  mta_manage_spool(sendmail_t)
 +mta_sendmail_exec(sendmail_t)
++
++optional_policy(`
++	cron_read_pipes(sendmail_t)
++')
  
  optional_policy(`
--	clamav_search_lib(sendmail_t)
-+	cron_read_pipes(sendmail_t)
+ 	clamav_search_lib(sendmail_t)
  ')
  
  optional_policy(`
 -	nis_use_ypbind(sendmail_t)
-+	clamav_search_lib(sendmail_t)
++	cyrus_stream_connect(sendmail_t)
  ')
  
  optional_policy(`
@@ -12239,7 +12262,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  ')
  
  optional_policy(`
-@@ -131,6 +134,10 @@
+@@ -131,6 +138,10 @@
  ')
  
  optional_policy(`
@@ -12250,7 +12273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  	seutil_sigchld_newrole(sendmail_t)
  ')
  
-@@ -156,3 +163,15 @@
+@@ -156,3 +167,15 @@
  
  dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
  ') dnl end TODO
@@ -13783,7 +13806,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-11-09 14:35:36.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-11-10 07:11:24.000000000 -0500
 @@ -26,7 +26,8 @@
  	type $1_chkpwd_t, can_read_shadow_passwords;
  	application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -13847,7 +13870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	selinux_get_fs_mount($1)
  	selinux_validate_context($1)
  	selinux_compute_access_vector($1)
-@@ -196,22 +218,41 @@
+@@ -196,20 +218,41 @@
  	mls_fd_share_all_levels($1)
  
  	auth_domtrans_chk_passwd($1)
@@ -13877,20 +13900,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +	userdom_unlink_unpriv_users_tmp_files($1)
 +
 +	optional_policy(`
-+		nis_authenticate($1)
++		mount_domtrans($1)
 +	')
 +
 +	optional_policy(`
++		nis_authenticate($1)
++
++	optional_policy(`
 +		unconfined_set_rlimitnh($1)
 +	')
 +
  	tunable_policy(`allow_polyinstantiation',`
  		files_polyinstantiate_all($1)
-+		mount_domtrans($1)
  	')
- ')
- 
-@@ -309,9 +350,6 @@
+@@ -309,9 +352,6 @@
  		type system_chkpwd_t, chkpwd_exec_t, shadow_t;
  	')
  
@@ -13900,7 +13923,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	corecmd_search_bin($1)
  	domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
  
-@@ -329,6 +367,8 @@
+@@ -329,6 +369,8 @@
  
  	optional_policy(`
  		kerberos_use($1)
@@ -13909,7 +13932,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  
  	optional_policy(`
-@@ -347,6 +387,37 @@
+@@ -347,6 +389,37 @@
  
  ########################################
  ## <summary>
@@ -13947,7 +13970,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Get the attributes of the shadow passwords file.
  ## </summary>
  ## <param name="domain">
-@@ -695,6 +766,24 @@
+@@ -695,6 +768,24 @@
  
  ########################################
  ## <summary>
@@ -13972,7 +13995,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Execute pam programs in the PAM domain.
  ## </summary>
  ## <param name="domain">
-@@ -1318,16 +1407,14 @@
+@@ -1318,16 +1409,14 @@
  ## </param>
  #
  interface(`auth_use_nsswitch',`
@@ -13992,7 +14015,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	miscfiles_read_certs($1)
  
  	sysnet_dns_name_resolve($1)
-@@ -1347,6 +1434,8 @@
+@@ -1347,6 +1436,8 @@
  
  	optional_policy(`
  		samba_stream_connect_winbind($1)
@@ -14001,7 +14024,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  ')
  
-@@ -1381,3 +1470,181 @@
+@@ -1381,3 +1472,181 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -16380,7 +16403,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.0.8/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/selinuxutil.if	2007-11-07 11:59:45.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/selinuxutil.if	2007-11-10 07:25:22.000000000 -0500
 @@ -585,7 +585,7 @@
  		type selinux_config_t;
  	')
@@ -16512,7 +16535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
  ##	Full management of the semanage
  ##	module store.
  ## </summary>
-@@ -1058,3 +1134,138 @@
+@@ -1058,3 +1134,141 @@
  	files_search_etc($1)
  	rw_files_pattern($1,selinux_config_t,semanage_trans_lock_t)
  ')
@@ -16590,6 +16613,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +		type policy_config_t;
 +	')
 +	allow $1 self:capability { dac_override audit_write };
++	allow $1 self:process signal;
 +	allow $1 self:unix_stream_socket create_stream_socket_perms;
 +	allow $1 self:unix_dgram_socket create_socket_perms;
 +	logging_send_audit_msgs($1)
@@ -16646,6 +16670,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +	seutil_get_semanage_trans_lock($1)
 +	seutil_get_semanage_read_lock($1)
 +
++	userdom_dontaudit_write_unpriv_user_home_content_files($1)
++
 +	optional_policy(`
 +		rpm_dontaudit_rw_tmp_files($1)
 +		rpm_dontaudit_rw_pipes($1)
@@ -17759,7 +17785,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-11-09 14:38:42.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-11-10 07:24:23.000000000 -0500
 @@ -29,8 +29,9 @@
  	')