diff --git a/policy-20080710.patch b/policy-20080710.patch
index 6340878..4e8a4be 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -4268,8 +4268,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +HOME_DIR/\.gstreamer-.*			gen_context(system_u:object_r:nsplugin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.8/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.if	2008-09-17 19:08:43.000000000 -0400
-@@ -0,0 +1,495 @@
++++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.if	2008-09-21 07:27:44.000000000 -0400
+@@ -0,0 +1,493 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@@ -4348,8 +4348,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +template(`nsplugin_per_role_template_notrans',`
 +	gen_require(`
 +		type nsplugin_rw_t;
-+		type nsplugin_t;
-+		type nsplugin_config_t;
 +		type nsplugin_home_t;
 +		type nsplugin_exec_t;
 +		type nsplugin_config_exec_t;
@@ -4419,80 +4417,80 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow $1_nsplugin_config_t self:process { execstack execmem };
 +')
 +	
-+manage_dirs_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+exec_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+manage_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+manage_lnk_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+userdom_user_home_dir_filetrans(user, nsplugin_t, nsplugin_home_t, {file dir})
-+unprivuser_dontaudit_write_home_content_files(nsplugin_t)
-+
-+corecmd_exec_bin(nsplugin_t)
-+corecmd_exec_shell(nsplugin_t)
-+
-+corenet_all_recvfrom_unlabeled(nsplugin_t)
-+corenet_all_recvfrom_netlabel(nsplugin_t)
-+corenet_tcp_connect_flash_port(nsplugin_t)
-+corenet_tcp_connect_pulseaudio_port(nsplugin_t)
-+corenet_tcp_connect_http_port(nsplugin_t)
-+corenet_tcp_sendrecv_generic_if(nsplugin_t)
-+corenet_tcp_sendrecv_all_nodes(nsplugin_t)
-+
-+domain_dontaudit_read_all_domains_state(nsplugin_t)
-+
-+dev_read_rand(nsplugin_t)
-+dev_read_sound(nsplugin_t)
-+dev_write_sound(nsplugin_t)
-+dev_read_video_dev(nsplugin_t)
-+dev_write_video_dev(nsplugin_t)
-+dev_getattr_dri_dev(nsplugin_t)
-+dev_rwx_zero(nsplugin_t)
-+
-+kernel_read_kernel_sysctls(nsplugin_t)
-+kernel_read_system_state(nsplugin_t)
-+
-+files_read_usr_files(nsplugin_t)
-+files_read_etc_files(nsplugin_t)
-+files_read_config_files(nsplugin_t)
-+
-+fs_list_inotifyfs(nsplugin_t)
-+fs_manage_tmpfs_files(nsplugin_t)
-+fs_getattr_tmpfs(nsplugin_t)
-+fs_getattr_xattr_fs(nsplugin_t)
-+
-+term_dontaudit_getattr_all_user_ptys(nsplugin_t)
-+term_dontaudit_getattr_all_user_ttys(nsplugin_t)
-+
-+auth_use_nsswitch(nsplugin_t)
-+
-+libs_use_ld_so(nsplugin_t)
-+libs_use_shared_libs(nsplugin_t)
-+libs_exec_ld_so(nsplugin_t)
-+
-+miscfiles_read_localization(nsplugin_t)
-+miscfiles_read_fonts(nsplugin_t)
-+
-+unprivuser_manage_tmp_dirs(nsplugin_t)
-+unprivuser_manage_tmp_files(nsplugin_t)
-+unprivuser_manage_tmp_sockets(nsplugin_t)
++manage_dirs_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++exec_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++manage_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++manage_lnk_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++userdom_user_home_dir_filetrans(user, $1_nsplugin_t, nsplugin_home_t, {file dir})
++unprivuser_dontaudit_write_home_content_files($1_nsplugin_t)
++
++corecmd_exec_bin($1_nsplugin_t)
++corecmd_exec_shell($1_nsplugin_t)
++
++corenet_all_recvfrom_unlabeled($1_nsplugin_t)
++corenet_all_recvfrom_netlabel($1_nsplugin_t)
++corenet_tcp_connect_flash_port($1_nsplugin_t)
++corenet_tcp_connect_pulseaudio_port($1_nsplugin_t)
++corenet_tcp_connect_http_port($1_nsplugin_t)
++corenet_tcp_sendrecv_generic_if($1_nsplugin_t)
++corenet_tcp_sendrecv_all_nodes($1_nsplugin_t)
++
++domain_dontaudit_read_all_domains_state($1_nsplugin_t)
++
++dev_read_rand($1_nsplugin_t)
++dev_read_sound($1_nsplugin_t)
++dev_write_sound($1_nsplugin_t)
++dev_read_video_dev($1_nsplugin_t)
++dev_write_video_dev($1_nsplugin_t)
++dev_getattr_dri_dev($1_nsplugin_t)
++dev_rwx_zero($1_nsplugin_t)
++
++kernel_read_kernel_sysctls($1_nsplugin_t)
++kernel_read_system_state($1_nsplugin_t)
++
++files_read_usr_files($1_nsplugin_t)
++files_read_etc_files($1_nsplugin_t)
++files_read_config_files($1_nsplugin_t)
++
++fs_list_inotifyfs($1_nsplugin_t)
++fs_manage_tmpfs_files($1_nsplugin_t)
++fs_getattr_tmpfs($1_nsplugin_t)
++fs_getattr_xattr_fs($1_nsplugin_t)
++
++term_dontaudit_getattr_all_user_ptys($1_nsplugin_t)
++term_dontaudit_getattr_all_user_ttys($1_nsplugin_t)
++
++auth_use_nsswitch($1_nsplugin_t)
++
++libs_use_ld_so($1_nsplugin_t)
++libs_use_shared_libs($1_nsplugin_t)
++libs_exec_ld_so($1_nsplugin_t)
++
++miscfiles_read_localization($1_nsplugin_t)
++miscfiles_read_fonts($1_nsplugin_t)
++
++unprivuser_manage_tmp_dirs($1_nsplugin_t)
++unprivuser_manage_tmp_files($1_nsplugin_t)
++unprivuser_manage_tmp_sockets($1_nsplugin_t)
 +userdom_tmp_filetrans_user_tmp(user, $1_nsplugin_t, { file dir sock_file })
-+unprivuser_read_tmpfs_files(nsplugin_t)
-+unprivuser_rw_semaphores(nsplugin_t)
-+unprivuser_delete_tmpfs_files(nsplugin_t)
++unprivuser_read_tmpfs_files($1_nsplugin_t)
++unprivuser_rw_semaphores($1_nsplugin_t)
++unprivuser_delete_tmpfs_files($1_nsplugin_t)
 +
-+unprivuser_read_home_content_symlinks(nsplugin_t)
-+unprivuser_read_home_content_files(nsplugin_t)
-+unprivuser_read_tmp_files(nsplugin_t)
++unprivuser_read_home_content_symlinks($1_nsplugin_t)
++unprivuser_read_home_content_files($1_nsplugin_t)
++unprivuser_read_tmp_files($1_nsplugin_t)
 +userdom_write_user_tmp_sockets(user, $1_nsplugin_t)
-+unprivuser_dontaudit_append_home_content_files(nsplugin_t)
-+userdom_dontaudit_unlink_unpriv_home_content_files(nsplugin_t)
++unprivuser_dontaudit_append_home_content_files($1_nsplugin_t)
++userdom_dontaudit_unlink_unpriv_home_content_files($1_nsplugin_t)
 +userdom_dontaudit_manage_user_tmp_files(user, $1_nsplugin_t)
 +
 +optional_policy(`
-+	alsa_read_rw_config(nsplugin_t)
++	alsa_read_rw_config($1_nsplugin_t)
 +')
 +
 +optional_policy(`
-+	gnome_exec_gconf(nsplugin_t)
++	gnome_exec_gconf($1_nsplugin_t)
 +	gnome_manage_user_gnome_config(user, $1_nsplugin_t)
 +	allow $1_nsplugin_t gnome_home_t:sock_file write;
 +')
@@ -4503,25 +4501,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
-+	mplayer_exec(nsplugin_t)
++	mplayer_exec($1_nsplugin_t)
 +	mplayer_read_user_home_files(user, $1_nsplugin_t)
 +')
 +
 +optional_policy(`
-+	unconfined_execmem_signull(nsplugin_t)
-+	unconfined_delete_tmpfs_files(nsplugin_t)
++	unconfined_execmem_signull($1_nsplugin_t)
++	unconfined_delete_tmpfs_files($1_nsplugin_t)
 +')
 +
 +optional_policy(`
-+	xserver_stream_connect_xdm_xserver(nsplugin_t)
-+	xserver_xdm_rw_shm(nsplugin_t)
-+	xserver_read_xdm_tmp_files(nsplugin_t)
-+	xserver_read_xdm_pid(nsplugin_t)
++	xserver_stream_connect_xdm_xserver($1_nsplugin_t)
++	xserver_xdm_rw_shm($1_nsplugin_t)
++	xserver_read_xdm_tmp_files($1_nsplugin_t)
++	xserver_read_xdm_pid($1_nsplugin_t)
 +	xserver_read_user_xauth(user, $1_nsplugin_t)
 +	xserver_read_user_iceauth(user, $1_nsplugin_t)
 +	xserver_use_user_fonts(user, $1_nsplugin_t)
-+	xserver_manage_home_fonts(nsplugin_t)
-+	xserver_dontaudit_rw_xdm_home_files(nsplugin_t)
++	xserver_manage_home_fonts($1_nsplugin_t)
++	xserver_dontaudit_rw_xdm_home_files($1_nsplugin_t)
 +')
 +
 +########################################
@@ -4537,55 +4535,55 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow $1_nsplugin_config_t self:fifo_file rw_file_perms;
 +allow $1_nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
 +
-+fs_list_inotifyfs(nsplugin_config_t)
++fs_list_inotifyfs($1_nsplugin_config_t)
 +
-+can_exec(nsplugin_config_t, nsplugin_rw_t)
-+manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_lnk_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++can_exec($1_nsplugin_config_t, nsplugin_rw_t)
++manage_dirs_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_files_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_lnk_files_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
 +
-+manage_dirs_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-+manage_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-+manage_lnk_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++manage_dirs_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++manage_files_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++manage_lnk_files_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
 +
-+corecmd_exec_bin(nsplugin_config_t)
-+corecmd_exec_shell(nsplugin_config_t)
++corecmd_exec_bin($1_nsplugin_config_t)
++corecmd_exec_shell($1_nsplugin_config_t)
 +
-+kernel_read_system_state(nsplugin_config_t)
++kernel_read_system_state($1_nsplugin_config_t)
 +
-+files_read_etc_files(nsplugin_config_t)
-+files_read_usr_files(nsplugin_config_t)
-+files_dontaudit_search_home(nsplugin_config_t)
-+files_list_tmp(nsplugin_config_t)
++files_read_etc_files($1_nsplugin_config_t)
++files_read_usr_files($1_nsplugin_config_t)
++files_dontaudit_search_home($1_nsplugin_config_t)
++files_list_tmp($1_nsplugin_config_t)
 +
-+auth_use_nsswitch(nsplugin_config_t)
++auth_use_nsswitch($1_nsplugin_config_t)
 +
-+libs_use_ld_so(nsplugin_config_t)
-+libs_use_shared_libs(nsplugin_config_t)
++libs_use_ld_so($1_nsplugin_config_t)
++libs_use_shared_libs($1_nsplugin_config_t)
 +
-+miscfiles_read_localization(nsplugin_config_t)
-+miscfiles_read_fonts(nsplugin_config_t)
++miscfiles_read_localization($1_nsplugin_config_t)
++miscfiles_read_fonts($1_nsplugin_config_t)
 +
-+userdom_search_all_users_home_content(nsplugin_config_t)
++userdom_search_all_users_home_content($1_nsplugin_config_t)
 +
 +tunable_policy(`use_nfs_home_dirs',`
-+	fs_manage_nfs_dirs(nsplugin_t)
-+	fs_manage_nfs_files(nsplugin_t)
-+	fs_manage_nfs_dirs(nsplugin_config_t)
-+	fs_manage_nfs_files(nsplugin_config_t)
++	fs_manage_nfs_dirs($1_nsplugin_t)
++	fs_manage_nfs_files($1_nsplugin_t)
++	fs_manage_nfs_dirs($1_nsplugin_config_t)
++	fs_manage_nfs_files($1_nsplugin_config_t)
 +')
 +
 +tunable_policy(`use_samba_home_dirs',`
-+	fs_manage_cifs_dirs(nsplugin_t)
-+	fs_manage_cifs_files(nsplugin_t)
-+	fs_manage_cifs_dirs(nsplugin_config_t)
-+	fs_manage_cifs_files(nsplugin_config_t)
++	fs_manage_cifs_dirs($1_nsplugin_t)
++	fs_manage_cifs_files($1_nsplugin_t)
++	fs_manage_cifs_dirs($1_nsplugin_config_t)
++	fs_manage_cifs_files($1_nsplugin_config_t)
 +')
 +
-+domtrans_pattern(nsplugin_config_t, nsplugin_exec_t, $1_nsplugin_t)
++domtrans_pattern($1_nsplugin_config_t, nsplugin_exec_t, $1_nsplugin_t)
 +
 +optional_policy(`
-+	xserver_read_home_fonts(nsplugin_config_t)
++	xserver_read_home_fonts($1_nsplugin_config_t)
 +')
 +
 +optional_policy(`
@@ -10745,7 +10743,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.8/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/apache.te	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/apache.te	2008-09-19 10:06:15.000000000 -0400
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -10896,7 +10894,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(httpd_t)
  corenet_all_recvfrom_netlabel(httpd_t)
-@@ -312,12 +361,11 @@
+@@ -299,6 +348,7 @@
+ corenet_tcp_sendrecv_all_ports(httpd_t)
+ corenet_udp_sendrecv_all_ports(httpd_t)
+ corenet_tcp_bind_all_nodes(httpd_t)
++corenet_udp_bind_all_nodes(httpd_t)
+ corenet_tcp_bind_http_port(httpd_t)
+ corenet_tcp_bind_http_cache_port(httpd_t)
+ corenet_sendrecv_http_server_packets(httpd_t)
+@@ -312,12 +362,11 @@
  
  fs_getattr_all_fs(httpd_t)
  fs_search_auto_mountpoints(httpd_t)
@@ -10911,7 +10917,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domain_use_interactive_fds(httpd_t)
  
-@@ -335,6 +383,10 @@
+@@ -335,6 +384,10 @@
  files_read_var_lib_symlinks(httpd_t)
  
  fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -10922,7 +10928,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  libs_use_ld_so(httpd_t)
  libs_use_shared_libs(httpd_t)
-@@ -351,18 +403,33 @@
+@@ -351,18 +404,33 @@
  
  userdom_use_unpriv_users_fds(httpd_t)
  
@@ -10960,7 +10966,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  ')
  
-@@ -370,20 +437,45 @@
+@@ -370,20 +438,45 @@
  	corenet_tcp_connect_all_ports(httpd_t)
  ')
  
@@ -11007,7 +11013,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
  	manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
-@@ -394,11 +486,12 @@
+@@ -394,11 +487,12 @@
  	corenet_tcp_bind_ftp_port(httpd_t)
  ')
  
@@ -11023,7 +11029,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	fs_read_nfs_files(httpd_t)
  	fs_read_nfs_symlinks(httpd_t)
  ')
-@@ -408,6 +501,11 @@
+@@ -408,6 +502,11 @@
  	fs_read_cifs_symlinks(httpd_t)
  ')
  
@@ -11035,7 +11041,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`httpd_ssi_exec',`
  	corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
  	allow httpd_sys_script_t httpd_t:fd use;
-@@ -441,8 +539,13 @@
+@@ -441,8 +540,13 @@
  ')
  
  optional_policy(`
@@ -11051,7 +11057,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -454,18 +557,13 @@
+@@ -454,18 +558,13 @@
  ')
  
  optional_policy(`
@@ -11071,7 +11077,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -475,6 +573,12 @@
+@@ -475,6 +574,12 @@
  	openca_kill(httpd_t)
  ')
  
@@ -11084,7 +11090,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	# Allow httpd to work with postgresql
  	postgresql_stream_connect(httpd_t)
-@@ -482,6 +586,7 @@
+@@ -482,6 +587,7 @@
  
  	tunable_policy(`httpd_can_network_connect_db',`
  		postgresql_tcp_connect(httpd_t)
@@ -11092,7 +11098,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -490,6 +595,7 @@
+@@ -490,6 +596,7 @@
  ')
  
  optional_policy(`
@@ -11100,7 +11106,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -519,9 +625,28 @@
+@@ -519,9 +626,28 @@
  logging_send_syslog_msg(httpd_helper_t)
  
  tunable_policy(`httpd_tty_comm',`
@@ -11129,7 +11135,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # Apache PHP script local policy
-@@ -551,22 +676,27 @@
+@@ -551,22 +677,27 @@
  
  fs_search_auto_mountpoints(httpd_php_t)
  
@@ -11163,7 +11169,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -590,6 +720,8 @@
+@@ -590,6 +721,8 @@
  manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -11172,7 +11178,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_kernel_sysctls(httpd_suexec_t)
  kernel_list_proc(httpd_suexec_t)
  kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -598,9 +730,7 @@
+@@ -598,9 +731,7 @@
  
  fs_search_auto_mountpoints(httpd_suexec_t)
  
@@ -11183,7 +11189,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -633,12 +763,25 @@
+@@ -633,12 +764,25 @@
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
  ')
  
@@ -11212,7 +11218,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -647,6 +790,12 @@
+@@ -647,6 +791,12 @@
  	fs_exec_nfs_files(httpd_suexec_t)
  ')
  
@@ -11225,7 +11231,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_suexec_t)
  	fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -664,10 +813,6 @@
+@@ -664,10 +814,6 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -11236,7 +11242,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # Apache system script local policy
-@@ -677,7 +822,8 @@
+@@ -677,7 +823,8 @@
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
  
@@ -11246,7 +11252,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
  read_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
-@@ -691,12 +837,15 @@
+@@ -691,12 +838,15 @@
  # Should we add a boolean?
  apache_domtrans_rotatelogs(httpd_sys_script_t)
  
@@ -11264,7 +11270,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -704,6 +853,28 @@
+@@ -704,6 +854,30 @@
  	fs_read_nfs_symlinks(httpd_sys_script_t)
  ')
  
@@ -11272,6 +11278,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow httpd_sys_script_t self:tcp_socket create_stream_socket_perms;
 +	allow httpd_sys_script_t self:udp_socket create_socket_perms;
 +
++	corenet_tcp_bind_all_nodes(httpd_sys_script_t)
++	corenet_udp_bind_all_nodes(httpd_sys_script_t)
 +	corenet_all_recvfrom_unlabeled(httpd_sys_script_t)
 +	corenet_all_recvfrom_netlabel(httpd_sys_script_t)
 +	corenet_tcp_sendrecv_all_if(httpd_sys_script_t)
@@ -11293,7 +11301,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -716,10 +887,10 @@
+@@ -716,10 +890,10 @@
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -11308,7 +11316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -727,6 +898,8 @@
+@@ -727,6 +901,8 @@
  # httpd_rotatelogs local policy
  #
  
@@ -11317,7 +11325,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
  
  kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-@@ -741,3 +914,56 @@
+@@ -741,3 +917,56 @@
  logging_search_logs(httpd_rotatelogs_t)
  
  miscfiles_read_localization(httpd_rotatelogs_t)
@@ -16314,6 +16322,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	spamassassin_exec(exim_t)
 +	spamassassin_exec_client(exim_t)
  ')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-3.5.8/policy/modules/services/fail2ban.fc
+--- nsaserefpolicy/policy/modules/services/fail2ban.fc	2008-09-08 10:18:37.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/fail2ban.fc	2008-09-19 11:19:25.000000000 -0400
+@@ -3,5 +3,5 @@
+ /usr/bin/fail2ban	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
+ /usr/bin/fail2ban-server --	gen_context(system_u:object_r:fail2ban_exec_t,s0)
+ /var/log/fail2ban\.log	--	gen_context(system_u:object_r:fail2ban_log_t,s0)
+-/var/run/fail2ban\.pid	--	gen_context(system_u:object_r:fail2ban_var_run_t,s0)
+-/var/run/fail2ban\.sock	-s	gen_context(system_u:object_r:fail2ban_var_run_t,s0)
++
++/var/run/fail2ban.*		gen_context(system_u:object_r:fail2ban_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.5.8/policy/modules/services/fail2ban.if
 --- nsaserefpolicy/policy/modules/services/fail2ban.if	2008-08-07 11:15:11.000000000 -0400
 +++ serefpolicy-3.5.8/policy/modules/services/fail2ban.if	2008-09-17 08:49:08.000000000 -0400
@@ -16385,6 +16404,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_list_pids($1)
 +        admin_pattern($1, fail2ban_var_run_t)
 +')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.5.8/policy/modules/services/fail2ban.te
+--- nsaserefpolicy/policy/modules/services/fail2ban.te	2008-09-05 10:28:20.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/fail2ban.te	2008-09-19 11:19:16.000000000 -0400
+@@ -37,9 +37,10 @@
+ logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)
+ 
+ # pid file
++manage_dirs_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+ manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+ manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+-files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, { file sock_file })
++files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, { dir file sock_file })
+ 
+ kernel_read_system_state(fail2ban_t)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.5.8/policy/modules/services/fetchmail.if
 --- nsaserefpolicy/policy/modules/services/fetchmail.if	2008-08-07 11:15:11.000000000 -0400
 +++ serefpolicy-3.5.8/policy/modules/services/fetchmail.if	2008-09-17 08:49:08.000000000 -0400
@@ -18031,8 +18065,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.5.8/policy/modules/services/mailman.if
 --- nsaserefpolicy/policy/modules/services/mailman.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/mailman.if	2008-09-17 08:49:08.000000000 -0400
-@@ -211,6 +211,7 @@
++++ serefpolicy-3.5.8/policy/modules/services/mailman.if	2008-09-19 10:41:48.000000000 -0400
+@@ -31,6 +31,12 @@
+ 	allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
+ 	allow mailman_$1_t self:udp_socket create_socket_perms;
+ 
++	files_search_spool(mailman_$1_t)
++
++	manage_dirs_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
++	manage_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
++	manage_lnk_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
++
+ 	manage_dirs_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
+ 	manage_files_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
+ 	manage_lnk_files_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
+@@ -211,6 +217,7 @@
  		type mailman_data_t;
  	')
  
@@ -18040,7 +18087,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	manage_files_pattern($1, mailman_data_t, mailman_data_t)
  ')
  
-@@ -252,6 +253,25 @@
+@@ -252,6 +259,25 @@
  
  #######################################
  ## <summary>
@@ -18068,7 +18115,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.5.8/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/mailman.te	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/mailman.te	2008-09-19 10:39:55.000000000 -0400
 @@ -53,10 +53,9 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -18110,11 +18157,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  ########################################
  #
-@@ -104,6 +106,7 @@
+@@ -104,6 +106,11 @@
  # some of the following could probably be changed to dontaudit, someone who
  # knows mailman well should test this out and send the changes
  sysadm_search_home_dirs(mailman_queue_t)
 +sysadm_getattr_home_dirs(mailman_queue_t)
++
++optional_policy(`
++	apache_read_config(mailman_queue_t)
++')
  
  optional_policy(`
  	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
@@ -21509,7 +21560,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/spool/postfix/postgrey(/.*)?	gen_context(system_u:object_r:postgrey_spool_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.5.8/policy/modules/services/postgrey.if
 --- nsaserefpolicy/policy/modules/services/postgrey.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/postgrey.if	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/postgrey.if	2008-09-19 10:23:31.000000000 -0400
 @@ -12,10 +12,80 @@
  #
  interface(`postgrey_stream_connect',`
@@ -21519,8 +21570,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
          ')
  
  	allow $1 postgrey_t:unix_stream_socket connectto;
-         allow $1 postgrey_var_run_t:sock_file write;
-+        allow $1 postgrey_spool_t:sock_file write;
+-        allow $1 postgrey_var_run_t:sock_file write;
++	write_sock_files_pattern($1, postgrey_var_run_t,  postgrey_var_run_t)
++	write_sock_files_pattern($1, postgrey_spool_t,  postgrey_spool_t)
  	files_search_pids($1)
  ')
 +
@@ -21954,7 +22006,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.8/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/prelude.te	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/prelude.te	2008-09-19 10:06:36.000000000 -0400
 @@ -13,18 +13,56 @@
  type prelude_spool_t;
  files_type(prelude_spool_t)
@@ -22052,7 +22104,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  dev_read_rand(prelude_audisp_t)
  dev_read_urand(prelude_audisp_t)
-@@ -123,9 +173,119 @@
+@@ -123,9 +173,122 @@
  libs_use_shared_libs(prelude_audisp_t)
  
  logging_send_syslog_msg(prelude_audisp_t)
@@ -22104,6 +22156,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +# prelude_lml local declarations
 +#
 +
++allow prelude_lml_t self:capability dac_override;
++
 +# Init script handling
 +domain_use_interactive_fds(prelude_lml_t)
 +
@@ -22166,13 +22220,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +sysnet_dns_name_resolve(prelude_lml_t)
 +
 +optional_policy(`
++	apache_search_sys_content(prelude_lml_t)
 +	apache_read_log(prelude_lml_t)
 +')
 +
  ########################################
  #
  # prewikka_cgi Declarations
-@@ -133,8 +293,19 @@
+@@ -133,8 +296,19 @@
  
  optional_policy(`
  	apache_content_template(prewikka)
@@ -30386,8 +30441,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.8/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-08-13 15:24:56.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/system/libraries.fc	2008-09-17 08:49:09.000000000 -0400
-@@ -66,6 +66,8 @@
++++ serefpolicy-3.5.8/policy/modules/system/libraries.fc	2008-09-21 08:23:42.000000000 -0400
+@@ -60,12 +60,15 @@
+ #
+ # /opt
+ #
++/opt/.*\.so					gen_context(system_u:object_r:lib_t,s0)
+ /opt/(.*/)?lib(/.*)?				gen_context(system_u:object_r:lib_t,s0)
+ /opt/(.*/)?lib64(/.*)?				gen_context(system_u:object_r:lib_t,s0)
+ /opt/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
  /opt/(.*/)?jre.*/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/(.*/)?jre/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
  
@@ -30396,7 +30458,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
  /opt/Acrobat[5-9]/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:lib_t,s0)
-@@ -84,7 +86,8 @@
+@@ -84,7 +87,8 @@
  
  ifdef(`distro_redhat',`
  /opt/Adobe(/.*?)/nppdf\.so 		-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30406,7 +30468,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /opt/cisco-vpnclient/lib/libvpnapi\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/cxoffice/lib/wine/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -133,6 +136,7 @@
+@@ -133,6 +137,7 @@
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30414,7 +30476,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xulrunner-[^/]*/libxul\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
-@@ -168,7 +172,8 @@
+@@ -168,7 +173,8 @@
  # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
  # 	HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
  /usr/lib(64)?/gstreamer-.*/[^/]*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30424,7 +30486,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/lib/firefox-[^/]*/plugins/nppdf.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/libFLAC\.so.*			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -187,6 +192,7 @@
+@@ -187,6 +193,7 @@
  /usr/lib(64)?/libdv\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/plugins/[^/]*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/codecs/[^/]*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30432,7 +30494,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -246,7 +252,7 @@
+@@ -246,7 +253,7 @@
  
  # Flash plugin, Macromedia
  HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30441,7 +30503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/.*/libflashplayer\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?libflashplayer\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  HOME_DIR/.*/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -267,6 +273,8 @@
+@@ -267,6 +274,8 @@
  /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -30450,7 +30512,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # Java, Sun Microsystems (JPackage SRPM)
  /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -291,6 +299,8 @@
+@@ -291,6 +300,8 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30459,7 +30521,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ') dnl end distro_redhat
  
  #
-@@ -310,3 +320,13 @@
+@@ -310,3 +321,13 @@
  /var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)
@@ -33302,7 +33364,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/system/userdomain.if	2008-09-17 09:11:15.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/system/userdomain.if	2008-09-21 07:04:00.000000000 -0400
 @@ -28,10 +28,14 @@
  		class context contains;
  	')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d85b2bd..40e06fb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
 %endif
 
 %changelog
+* Sun Sep 21 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-4
+- Fix transition to nsplugin
+'
 * Thu Sep 18 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-3
 - Fix labeling on new pm*log
 - Allow ssh to bind to all nodes