diff --git a/policy-20070703.patch b/policy-20070703.patch
index 8e6c152..b92dca4 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -5184,7 +5184,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-09-20 12:01:41.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-09-20 15:31:09.000000000 -0400
 @@ -50,6 +50,12 @@
  ## </param>
  #
@@ -5206,6 +5206,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  	allow $1_dbusd_t self:file { getattr read write };
  	allow $1_dbusd_t self:fifo_file rw_fifo_file_perms;
  	allow $1_dbusd_t self:dbus { send_msg acquire_svc };
+@@ -86,7 +93,7 @@
+ 	# SE-DBus specific permissions
+ 	allow $1_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
+ 	allow $2 $1_dbusd_t:dbus { send_msg acquire_svc };
+-	allow $1_t system_dbusd_t:dbus { send_msg acquire_svc };
++	allow $2 system_dbusd_t:dbus { send_msg acquire_svc };
+ 
+ 	allow $1_dbusd_t dbusd_etc_t:dir list_dir_perms;
+ 	read_files_pattern($1_dbusd_t,dbusd_etc_t,dbusd_etc_t)
 @@ -135,7 +142,21 @@
  	selinux_compute_relabel_context($1_dbusd_t)
  	selinux_compute_user_contexts($1_dbusd_t)
@@ -5213,12 +5222,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +	corecmd_bin_domtrans($1_dbusd_t, $1_t)
 +	allow $1_dbusd_t $1_t:process sigkill;
 +
-+	allow $1_t $1_dbusd_t:fd use;
-+	allow $1_t $1_dbusd_t:fifo_file rw_fifo_file_perms;
-+	allow $1_t $1_dbusd_t:process sigchld;
++	allow $2 $1_dbusd_t:fd use;
++	allow $2 $1_dbusd_t:fifo_file rw_fifo_file_perms;
++	allow $2 $1_dbusd_t:process sigchld;
 +	
 +	ifdef(`hide_broken_symptoms', `
-+		dontaudit $1_t $1_dbusd_t:netlink_selinux_socket { read write };
++		dontaudit $2 $1_dbusd_t:netlink_selinux_socket { read write };
 +	');
 +
 +	userdom_read_user_home_content_files($1, $1_dbusd_t)
@@ -9530,7 +9539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.8/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.if	2007-09-20 12:07:15.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.if	2007-09-20 15:27:25.000000000 -0400
 @@ -126,6 +126,8 @@
  	# read events - the synaptics touchpad driver reads raw events
  	dev_rw_input_dev($1_xserver_t)
@@ -9611,7 +9620,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	# for when /tmp/.X11-unix is created by the system
  	allow $2 xdm_t:fd use;
-@@ -555,25 +559,52 @@
+@@ -555,25 +559,53 @@
  	allow $2 xdm_tmp_t:sock_file { read write };
  	dontaudit $2 xdm_t:tcp_socket { read write };
  
@@ -9649,6 +9658,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	optional_policy(`
 +		userdom_read_all_users_home_content_files(xdm_t)
 +		userdom_read_all_users_home_content_files(xdm_xserver_t)
++		userdom_rw_user_tmpfs_files($1, xdm_xserver_t)
 +#Compiler is broken so these wont work
 +		gnome_read_user_gnome_config($1, xdm_t)
 +		gnome_read_user_gnome_config($1, xdm_xserver_t)
@@ -9672,7 +9682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	')
  ')
  
-@@ -626,6 +657,24 @@
+@@ -626,6 +658,24 @@
  
  ########################################
  ## <summary>
@@ -9697,7 +9707,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -659,6 +708,73 @@
+@@ -659,6 +709,73 @@
  
  ########################################
  ## <summary>
@@ -9771,7 +9781,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -927,6 +1043,7 @@
+@@ -927,6 +1044,7 @@
  	files_search_tmp($1)
  	allow $1 xdm_tmp_t:dir list_dir_perms;
  	create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
@@ -9779,7 +9789,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -987,6 +1104,37 @@
+@@ -987,6 +1105,37 @@
  
  ########################################
  ## <summary>
@@ -9817,7 +9827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ##	Make an X session script an entrypoint for the specified domain.
  ## </summary>
  ## <param name="domain">
-@@ -1136,7 +1284,7 @@
+@@ -1136,7 +1285,7 @@
  		type xdm_xserver_tmp_t;
  	')
  
@@ -9826,7 +9836,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -1325,3 +1473,62 @@
+@@ -1325,3 +1474,62 @@
  	files_search_tmp($1)
  	stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
  ')
@@ -9891,7 +9901,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-09-20 10:44:00.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-09-20 15:44:32.000000000 -0400
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -9951,7 +9961,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  miscfiles_read_localization(xdm_t)
  miscfiles_read_fonts(xdm_t)
-@@ -271,6 +285,10 @@
+@@ -268,9 +282,14 @@
+ userdom_create_all_users_keys(xdm_t)
+ # for .dmrc
+ userdom_read_unpriv_users_home_content_files(xdm_t)
++
  # Search /proc for any user domain processes.
  userdom_read_all_users_state(xdm_t)
  userdom_signal_all_users(xdm_t)
@@ -9962,7 +9976,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
  
-@@ -306,6 +324,11 @@
+@@ -306,6 +325,11 @@
  
  optional_policy(`
  	consolekit_dbus_chat(xdm_t)
@@ -9974,7 +9988,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  optional_policy(`
-@@ -348,12 +371,8 @@
+@@ -348,12 +372,8 @@
  ')
  
  optional_policy(`
@@ -9988,7 +10002,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	ifdef(`distro_rhel4',`
  		allow xdm_t self:process { execheap execmem };
-@@ -385,7 +404,7 @@
+@@ -385,7 +405,7 @@
  allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
  
@@ -9997,7 +10011,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -425,6 +444,10 @@
+@@ -425,6 +445,10 @@
  ')
  
  optional_policy(`
@@ -10008,7 +10022,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	resmgr_stream_connect(xdm_t)
  ')
  
-@@ -434,47 +457,19 @@
+@@ -434,47 +458,19 @@
  ')
  
  optional_policy(`
@@ -10109,7 +10123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-08-22 07:14:13.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-09-20 11:14:45.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-09-20 16:27:52.000000000 -0400
 @@ -26,7 +26,8 @@
  	type $1_chkpwd_t, can_read_shadow_passwords;
  	application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -10140,7 +10154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  	domain_type($1)
  	domain_subj_id_change_exemption($1)
-@@ -176,11 +177,24 @@
+@@ -176,11 +177,23 @@
  	domain_obj_id_change_exemption($1)
  	role system_r types $1;
  
@@ -10150,7 +10164,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +
 +	auth_keyring_domain($1)
 +	allow $1 keyring_type:key { search link };
-+	auth_domtrans_chk_passwd($1)
 +
 +	files_list_var_lib($1)
 +	manage_files_pattern($1, var_auth_t, var_auth_t)
@@ -10165,7 +10178,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	selinux_get_fs_mount($1)
  	selinux_validate_context($1)
  	selinux_compute_access_vector($1)
-@@ -196,22 +210,33 @@
+@@ -196,22 +209,33 @@
  	mls_fd_share_all_levels($1)
  
  	auth_domtrans_chk_passwd($1)
@@ -10200,7 +10213,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  ')
  
-@@ -309,9 +334,6 @@
+@@ -309,9 +333,6 @@
  		type system_chkpwd_t, chkpwd_exec_t, shadow_t;
  	')
  
@@ -10210,7 +10223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	corecmd_search_bin($1)
  	domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
  
-@@ -329,6 +351,7 @@
+@@ -329,6 +350,7 @@
  
  	optional_policy(`
  		kerberos_use($1)
@@ -10218,7 +10231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  
  	optional_policy(`
-@@ -347,6 +370,37 @@
+@@ -347,6 +369,37 @@
  
  ########################################
  ## <summary>
@@ -10256,7 +10269,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Get the attributes of the shadow passwords file.
  ## </summary>
  ## <param name="domain">
-@@ -695,6 +749,24 @@
+@@ -695,6 +748,24 @@
  
  ########################################
  ## <summary>
@@ -10281,7 +10294,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Execute pam programs in the PAM domain.
  ## </summary>
  ## <param name="domain">
-@@ -1318,14 +1390,9 @@
+@@ -1318,14 +1389,9 @@
  ## </param>
  #
  interface(`auth_use_nsswitch',`
@@ -10296,7 +10309,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	files_list_var_lib($1)
  
  	miscfiles_read_certs($1)
-@@ -1381,3 +1448,163 @@
+@@ -1381,3 +1447,163 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -11327,8 +11340,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +/etc/rc\.d/init\.d/auditd	--	gen_context(system_u:object_r:auditd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.0.8/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2007-09-12 10:34:51.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/logging.if	2007-09-17 16:20:18.000000000 -0400
-@@ -33,8 +33,13 @@
++++ serefpolicy-3.0.8/policy/modules/system/logging.if	2007-09-20 15:21:10.000000000 -0400
+@@ -33,8 +33,27 @@
  ## </param>
  #
  interface(`logging_send_audit_msgs',`
@@ -11340,10 +11353,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  	allow $1 self:capability audit_write;
 -	allow $1 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
 +	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
++')
++
++#######################################
++## <summary>
++##	dontaudit attempts to send audit messages.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`logging_dontaudit_send_audit_msgs',`
++	dontaudit $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
  ')
  
  ########################################
-@@ -238,6 +243,63 @@
+@@ -238,6 +257,63 @@
  
  ########################################
  ## <summary>
@@ -11407,7 +11434,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ##	Create an object in the log directory, with a private
  ##	type using a type transition.
  ## </summary>
-@@ -470,7 +532,7 @@
+@@ -470,7 +546,7 @@
  
  	files_search_var($1)
  	allow $1 var_log_t:dir list_dir_perms;
@@ -11416,7 +11443,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -514,6 +576,8 @@
+@@ -514,6 +590,8 @@
  	files_search_var($1)
  	manage_files_pattern($1,logfile,logfile)
  	read_lnk_files_pattern($1,logfile,logfile)
@@ -11425,7 +11452,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -597,3 +661,258 @@
+@@ -597,3 +675,258 @@
  	files_search_var($1)
  	manage_files_pattern($1,var_log_t,var_log_t)
  ')
@@ -13219,16 +13246,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +corecmd_exec_all_executables(unconfined_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.0.8/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2007-05-29 14:10:58.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.fc	2007-09-17 16:20:18.000000000 -0400
-@@ -1,4 +1,5 @@
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.fc	2007-09-20 15:47:36.000000000 -0400
+@@ -1,4 +1,4 @@
  HOME_DIR	-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
 +HOME_DIR	-l	gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
  HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
- 
+-
  /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-08-27 09:18:17.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-09-20 12:06:52.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-09-20 15:46:46.000000000 -0400
 @@ -29,8 +29,9 @@
  	')
  
@@ -14121,7 +14148,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
-@@ -1894,10 +1979,46 @@
+@@ -1642,9 +1727,11 @@
+ template(`userdom_user_home_content',`
+ 	gen_require(`
+ 		attribute $1_file_type;
++		attribute user_home_type;
+ 	')
+ 
+ 	typeattribute $2 $1_file_type;
++	typeattribute $2 user_home_type;
+ 	files_type($2)
+ ')
+ 
+@@ -1894,10 +1981,46 @@
  template(`userdom_manage_user_home_content_dirs',`
  	gen_require(`
  		type $1_home_dir_t, $1_home_t;
@@ -14169,7 +14208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -3078,7 +3199,7 @@
+@@ -3078,7 +3201,7 @@
  #
  template(`userdom_tmp_filetrans_user_tmp',`
  	gen_require(`
@@ -14178,7 +14217,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4615,6 +4736,24 @@
+@@ -4615,6 +4738,24 @@
  	files_list_home($1)
  	allow $1 home_dir_type:dir search_dir_perms;
  ')
@@ -14203,7 +14242,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  ########################################
  ## <summary>
-@@ -4633,6 +4772,14 @@
+@@ -4633,6 +4774,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -14218,7 +14257,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -5323,7 +5470,7 @@
+@@ -5323,7 +5472,7 @@
  		attribute user_tmpfile;
  	')
  
@@ -14227,7 +14266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -5559,3 +5706,375 @@
+@@ -5559,3 +5708,376 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -14417,13 +14456,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +# Should be optional but policy will not build because of compiler problems
 +# Must be before xwindows calls
 +#optional_policy(`
-+	gnome_per_role_template($1, $1_t, $1_r)
-+	gnome_exec_gconf($1_t)
++	gnome_per_role_template($1, $1_usertype, $1_r)
++	gnome_exec_gconf($1_usertype)
 +#')
 +
 +userdom_xwindows_client_template($1)
 +
 +logging_send_syslog_msg($1_usertype)
++logging_dontaudit_send_audit_msgs($1_usertype)
 +
 +optional_policy(`
 +	alsa_read_rw_config($1_usertype)
@@ -14448,7 +14488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +')
 +
 +optional_policy(`
-+	consolekit_dontaudit_dbus_chat($1_usertype)
++	consolekit_dbus_chat($1_usertype)
 +')
 +
 +optional_policy(`