diff --git a/policy-20071130.patch b/policy-20071130.patch
index 19050f7..4f0119e 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -12078,6 +12078,114 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+ fs_dontaudit_rw_cifs_files(consolekit_t)
+')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
+--- nsaserefpolicy/policy/modules/services/courier.fc 2008-02-26 08:23:10.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc 2008-06-02 13:18:42.071469000 -0400
+@@ -19,3 +19,5 @@
+ /var/lib/courier(/.*)? -- gen_context(system_u:object_r:courier_var_lib_t,s0)
+
+ /var/run/courier(/.*)? -- gen_context(system_u:object_r:courier_var_run_t,s0)
++
++/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
+--- nsaserefpolicy/policy/modules/services/courier.if 2008-02-26 08:23:10.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/courier.if 2008-06-02 13:23:16.805431000 -0400
+@@ -123,3 +123,95 @@
+
+ domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
+ ')
++
++########################################
++##
++## Allow domain to read courier config files
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`courier_read_config',`
++ gen_require(`
++ type courier_etc_t;
++ ')
++
++ read_files_pattern($1, courier_etc_t, courier_etc_t)
++')
++
++########################################
++##
++## Allow domain to manage courier spool directories
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`courier_manage_spool_dirs',`
++ gen_require(`
++ type courier_spool_t;
++ ')
++
++ manage_dirs_pattern($1, courier_spool_t, courier_spool_t)
++')
++
++########################################
++##
++## Allow domain to manage courier spool files
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`courier_manage_spool_files',`
++ gen_require(`
++ type courier_spool_t;
++ ')
++
++ manage_files_pattern($1, courier_spool_t, courier_spool_t)
++')
++
++########################################
++##
++## Allow domain to manage courier spool files
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`courier_manage_spool_files',`
++ gen_require(`
++ type courier_spool_t;
++ ')
++
++ manage_files_pattern($1, courier_spool_t, courier_spool_t)
++')
++
++########################################
++##
++## Allow attempts to read and write to
++## courier unnamed pipes.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`courier_rw_pipes',`
++ gen_require(`
++ type courier_t;
++ ')
++
++ allow $1 courier_t:fifo_file rw_fifo_file_perms;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2008-02-26 08:23:10.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/courier.te 2008-06-02 13:05:28.159420000 -0400
@@ -17324,7 +17432,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
+files_type(mailscanner_spool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.3.1/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/mta.fc 2008-06-02 13:05:28.581996000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.fc 2008-06-02 13:18:22.386930000 -0400
@@ -9,8 +9,10 @@
')
@@ -17340,7 +17448,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
#ifdef(`postfix.te', `', `
#/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
#')
-+/var/spool/courier(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.3.1/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2008-02-26 08:23:10.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/mta.if 2008-06-02 13:05:28.585994000 -0400
@@ -17518,7 +17626,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te 2008-06-02 13:05:28.589988000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.te 2008-06-02 13:23:53.867355000 -0400
@@ -6,6 +6,8 @@
# Declarations
#
@@ -17587,7 +17695,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
optional_policy(`
-@@ -73,7 +95,10 @@
+@@ -73,7 +95,18 @@
optional_policy(`
cron_read_system_job_tmp_files(system_mail_t)
@@ -17595,10 +17703,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
cron_dontaudit_write_pipes(system_mail_t)
+ cron_dontaudit_write_system_job_tmp_files(system_mail_t)
+ cron_rw_system_stream_sockets(system_mail_t)
++')
++
++optional_policy(`
++ courier_read_config(system_mail_t)
++ courier_manage_spool_dirs(system_mail_t)
++ courier_manage_spool_files(system_mail_t)
++ courier_rw_pipes(system_mail_t)
++
')
optional_policy(`
-@@ -81,6 +106,11 @@
+@@ -81,6 +114,11 @@
')
optional_policy(`
@@ -17610,7 +17726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
logrotate_read_tmp_files(system_mail_t)
')
-@@ -136,11 +166,38 @@
+@@ -136,11 +174,38 @@
')
optional_policy(`
@@ -17633,13 +17749,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
-# should break this up among sections:
+init_stream_connect_script(mailserver_delivery)
+init_rw_script_stream_sockets(mailserver_delivery)
-
++
+tunable_policy(`use_samba_home_dirs',`
+ fs_manage_cifs_dirs(mailserver_delivery)
+ fs_manage_cifs_files(mailserver_delivery)
+ fs_manage_cifs_symlinks(mailserver_delivery)
+')
-+
+
+tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs(mailserver_delivery)
+ fs_manage_nfs_files(mailserver_delivery)
@@ -17650,7 +17766,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
optional_policy(`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +211,4 @@
+@@ -154,3 +219,4 @@
cron_read_system_job_tmp_files(mta_user_agent)
')
')
@@ -23428,7 +23544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.3.1/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.if 2008-06-02 13:05:29.128613000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.if 2008-06-02 13:23:21.780257000 -0400
@@ -149,3 +149,104 @@
logging_log_filetrans($1,sendmail_log_t,file)