diff --git a/policy-20070703.patch b/policy-20070703.patch
index c4bfc39..b0c2759 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -3237,7 +3237,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.0.8/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if	2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if	2007-12-07 13:35:56.000000000 -0500
 @@ -36,6 +36,8 @@
  	gen_require(`
  		type mozilla_conf_t, mozilla_exec_t;
@@ -3327,7 +3327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	# Look for plugins 
  	corecmd_list_bin($1_mozilla_t)
-@@ -165,11 +198,21 @@
+@@ -165,11 +198,23 @@
  	files_read_var_files($1_mozilla_t)
  	files_read_var_symlinks($1_mozilla_t)
   	files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -3342,6 +3342,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	fs_search_auto_mountpoints($1_mozilla_t)
  	fs_list_inotifyfs($1_mozilla_t)
++	fs_manage_dos_dirs($1_mozilla_t)
++	fs_manage_dos_files($1_mozilla_t)
  	fs_rw_tmpfs_files($1_mozilla_t)
  
 +	selinux_dontaudit_getattr_fs($1_mozilla_t)
@@ -3349,7 +3351,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	term_dontaudit_getattr_pty_dirs($1_mozilla_t)
  	
  	libs_use_ld_so($1_mozilla_t)
-@@ -184,16 +227,14 @@
+@@ -184,16 +229,14 @@
  	sysnet_dns_name_resolve($1_mozilla_t)
  	sysnet_read_config($1_mozilla_t)
  	
@@ -3370,7 +3372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	tunable_policy(`allow_execmem',`
  		allow $1_mozilla_t self:process { execmem execstack };
-@@ -211,131 +252,8 @@
+@@ -211,131 +254,8 @@
  		fs_manage_cifs_symlinks($1_mozilla_t)
  	')
  
@@ -3504,7 +3506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
-@@ -350,21 +268,28 @@
+@@ -350,6 +270,7 @@
  	optional_policy(`
  		cups_read_rw_config($1_mozilla_t)
  		cups_dbus_chat($1_mozilla_t)
@@ -3512,20 +3514,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
- 		dbus_system_bus_client_template($1_mozilla,$1_mozilla_t)
- 		dbus_send_system_bus($1_mozilla_t)
--		dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
--		dbus_send_user_bus($1,$1_mozilla_t)
-+#		dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
-+#		dbus_send_user_bus($1,$1_mozilla_t)
-+	')
-+
-+	optional_policy(`
-+		gnome_exec_gconf($1_mozilla_t)
-+		gnome_manage_user_gnome_config($1,$1_mozilla_t)
+@@ -360,11 +281,17 @@
  	')
  
  	optional_policy(`
++		gnome_exec_gconf($1_mozilla_t)
++		gnome_manage_user_gnome_config($1,$1_mozilla_t)
++	')
++
++	optional_policy(`
 +		gnome_domtrans_user_gconf($1,$1_mozilla_t)
  		gnome_stream_connect_gconf_template($1,$1_mozilla_t)
  	')
@@ -3536,7 +3533,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
-@@ -384,25 +309,6 @@
+@@ -384,25 +311,6 @@
  		thunderbird_domtrans_user_thunderbird($1, $1_mozilla_t)
  	')
  
@@ -3562,7 +3559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -575,3 +481,27 @@
+@@ -575,3 +483,27 @@
  
  	allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
  ')
@@ -7970,7 +7967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-12-07 13:31:07.000000000 -0500
 @@ -50,6 +50,12 @@
  ## </param>
  #
@@ -8044,7 +8041,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ')
  
  #######################################
-@@ -271,6 +296,32 @@
+@@ -236,11 +261,12 @@
+ 		class dbus send_msg;
+ 	')
+ 
+-	type $2_dbusd_$1_t;
+-	type_change $3 $1_dbusd_t:dbus $2_dbusd_$1_t;
++#	type $2_dbusd_$1_t;
++#	type_change $3 $1_dbusd_t:dbus $2_dbusd_$1_t;
+ 
+ 	# SE-DBus specific permissions
+-	allow $2_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
++#	allow $2_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
++	allow $3 { $1_dbusd_t self }:dbus send_msg;
+ 
+ 	# For connecting to the bus
+ 	allow $3 $1_dbusd_t:unix_stream_socket connectto;
+@@ -271,6 +297,32 @@
  	allow $2 $1_dbusd_t:dbus send_msg;
  ')
  
@@ -8077,7 +8090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ########################################
  ## <summary>
  ##	Read dbus configuration.
-@@ -286,6 +337,7 @@
+@@ -286,6 +338,7 @@
  		type dbusd_etc_t;
  	')
  
@@ -8085,7 +8098,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  	allow $1 dbusd_etc_t:file read_file_perms;
  ')
  
-@@ -346,3 +398,55 @@
+@@ -346,3 +399,55 @@
  
  	allow $1 system_dbusd_t:dbus *;
  ')
@@ -8301,7 +8314,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.0.8/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dovecot.te	2007-12-06 11:00:50.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dovecot.te	2007-12-06 20:33:21.000000000 -0500
 @@ -15,6 +15,12 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -8427,7 +8440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  files_read_usr_symlinks(dovecot_auth_t)
  files_search_tmp(dovecot_auth_t)
  files_read_var_lib_files(dovecot_t)
-@@ -185,12 +198,50 @@
+@@ -185,12 +198,54 @@
  
  seutil_dontaudit_search_config(dovecot_auth_t)
  
@@ -8445,12 +8458,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 +optional_policy(`
 +	nis_authenticate(dovecot_auth_t)
- ')
++')
 +
 +optional_policy(`
 +	postfix_manage_pivate_sockets(dovecot_auth_t)
 +	postfix_search_spool(dovecot_auth_t)
-+')
+ ')
 +
 +# for gssapi (kerberos)
 +userdom_list_unpriv_users_tmp(dovecot_auth_t) 
@@ -8461,6 +8474,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +#
 +# dovecot deliver local policy
 +#
++allow dovecot_deliver_t self:unix_dgram_socket create_socket_perms;
++
 +allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
 +allow dovecot_deliver_t dovecot_var_run_t:dir r_dir_perms;
 +
@@ -8475,6 +8490,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +libs_use_ld_so(dovecot_deliver_t)
 +libs_use_shared_libs(dovecot_deliver_t)
 +
++logging_send_syslog_msg(dovecot_deliver_t)
++
 +miscfiles_read_localization(dovecot_deliver_t)
 +
 +optional_policy(`
@@ -9624,7 +9641,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +files_type(mailscanner_spool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.0.8/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mta.if	2007-12-06 11:03:00.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/mta.if	2007-12-06 16:44:16.000000000 -0500
 @@ -87,6 +87,8 @@
  	# It wants to check for nscd
  	files_dontaudit_search_pids($1_mail_t)
@@ -14443,7 +14460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-12-02 22:01:51.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-12-06 20:54:55.000000000 -0500
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -14577,9 +14594,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
  
-@@ -306,6 +336,11 @@
+@@ -305,7 +335,16 @@
+ ')
  
  optional_policy(`
++	bootloader_domtrans(xdm_t)
++')
++
++optional_policy(`
  	consolekit_dbus_chat(xdm_t)
 +	dbus_system_bus_client_template(xdm, xdm_t)
 +	dbus_send_system_bus(xdm_t)
@@ -14589,7 +14611,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  optional_policy(`
-@@ -313,6 +348,10 @@
+@@ -313,6 +352,10 @@
  ')
  
  optional_policy(`
@@ -14600,11 +14622,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	# Talk to the console mouse server.
  	gpm_stream_connect(xdm_t)
  	gpm_setattr_gpmctl(xdm_t)
-@@ -348,12 +387,8 @@
- ')
- 
+@@ -350,10 +393,7 @@
  optional_policy(`
--	unconfined_domain(xdm_t)
+ 	unconfined_domain(xdm_t)
  	unconfined_domtrans(xdm_t)
 -
 -	ifndef(`distro_redhat',`
@@ -14614,7 +14634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	ifdef(`distro_rhel4',`
  		allow xdm_t self:process { execheap execmem };
-@@ -385,7 +420,7 @@
+@@ -385,7 +425,7 @@
  allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
  
@@ -14623,7 +14643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -397,6 +432,15 @@
+@@ -397,6 +437,15 @@
  can_exec(xdm_xserver_t, xkb_var_lib_t)
  files_search_var_lib(xdm_xserver_t)
  
@@ -14639,7 +14659,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  # VNC v4 module in X server
  corenet_tcp_bind_vnc_port(xdm_xserver_t)
  
-@@ -425,6 +469,14 @@
+@@ -425,6 +474,14 @@
  ')
  
  optional_policy(`
@@ -14654,7 +14674,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	resmgr_stream_connect(xdm_t)
  ')
  
-@@ -434,47 +486,26 @@
+@@ -434,47 +491,26 @@
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index edb9354..c8017d5 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 66%{?dist}
+Release: 67%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Dec 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-67
+- Allow kdm to transition to bootloader_t through grub
+
 * Thu Dec 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-66
 - Allow depmod to read tmp files from rpm
 - Dontaudit pam_timestamp_check access to ~.xsessions