diff --git a/policy-F13.patch b/policy-F13.patch
index 5efc171..bb69297 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -16384,7 +16384,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.7.19/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2010-04-13 18:44:37.000000000 +0000
-+++ serefpolicy-3.7.19/policy/modules/services/amavis.te	2011-02-17 10:03:19.814796001 +0000
++++ serefpolicy-3.7.19/policy/modules/services/amavis.te	2011-02-24 09:46:59.377936639 +0000
+@@ -48,7 +48,7 @@
+ 
+ allow amavis_t self:capability { kill chown dac_override setgid setuid };
+ dontaudit amavis_t self:capability sys_tty_config;
+-allow amavis_t self:process { signal sigchld signull };
++allow amavis_t self:process { signal sigchld sigkill signull };
+ allow amavis_t self:fifo_file rw_fifo_file_perms;
+ allow amavis_t self:unix_stream_socket create_stream_socket_perms;
+ allow amavis_t self:unix_dgram_socket create_socket_perms;
 @@ -170,6 +170,10 @@
  ')
  
@@ -20659,7 +20668,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.19/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2010-04-13 18:44:37.000000000 +0000
-+++ serefpolicy-3.7.19/policy/modules/services/consolekit.te	2010-06-15 16:01:58.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/consolekit.te	2011-02-24 09:39:35.158871491 +0000
 @@ -16,12 +16,15 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -20677,7 +20686,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  allow consolekit_t self:process { getsched signal };
  allow consolekit_t self:fifo_file rw_fifo_file_perms;
  allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
-@@ -59,6 +62,8 @@
+@@ -35,6 +38,7 @@
+ files_pid_filetrans(consolekit_t, consolekit_var_run_t, { file dir })
+ 
+ kernel_read_system_state(consolekit_t)
++kernel_dontaudit_request_load_module(consolekit_t)
+ 
+ corecmd_exec_bin(consolekit_t)
+ corecmd_exec_shell(consolekit_t)
+@@ -59,6 +63,8 @@
  term_use_all_terms(consolekit_t)
  
  auth_use_nsswitch(consolekit_t)
@@ -20686,7 +20703,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  
  init_telinit(consolekit_t)
  init_rw_utmp(consolekit_t)
-@@ -68,19 +73,24 @@
+@@ -68,19 +74,24 @@
  
  miscfiles_read_localization(consolekit_t)
  
@@ -20715,7 +20732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  ')
  
  optional_policy(`
-@@ -91,6 +101,10 @@
+@@ -91,6 +102,10 @@
  	')
  
  	optional_policy(`
@@ -20726,7 +20743,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  		rpm_dbus_chat(consolekit_t)
  	')
  
-@@ -100,19 +114,37 @@
+@@ -100,19 +115,37 @@
  ')
  
  optional_policy(`
@@ -33600,7 +33617,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/puppet.te serefpolicy-3.7.19/policy/modules/services/puppet.te
 --- nsaserefpolicy/policy/modules/services/puppet.te	2010-04-13 18:44:36.000000000 +0000
-+++ serefpolicy-3.7.19/policy/modules/services/puppet.te	2011-01-17 09:29:24.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/puppet.te	2011-02-23 12:36:31.000366945 +0000
 @@ -14,6 +14,13 @@
  ## </desc>
  gen_tunable(puppet_manage_all_files, false)
@@ -33630,7 +33647,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp
  kernel_read_system_state(puppetmaster_t)
  kernel_read_crypto_sysctls(puppetmaster_t)
  
-@@ -218,10 +232,25 @@
+@@ -213,15 +227,31 @@
+ domain_read_all_domains_state(puppetmaster_t)
+ 
+ files_read_etc_files(puppetmaster_t)
++files_read_usr_files(puppetmaster_t)
+ files_search_var_lib(puppetmaster_t)
+ 
  logging_send_syslog_msg(puppetmaster_t)
  
  miscfiles_read_localization(puppetmaster_t)
@@ -33656,7 +33679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp
  optional_policy(`
  	hostname_exec(puppetmaster_t)
  ')
-@@ -232,3 +261,8 @@
+@@ -232,3 +262,8 @@
  	rpm_exec(puppetmaster_t)
  	rpm_read_db(puppetmaster_t)
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 963672b..7e10342 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 94%{?dist}
+Release: 95%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -190,7 +190,7 @@ FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
 selinuxenabled; \
 if [ $? = 0  -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
      fixfiles -C ${FILE_CONTEXT}.pre restore; \
-     restorecon -R /root /var/log /var/run /var/lib 2> /dev/null; \
+     restorecon -R /root /var/log /var/run 2> /dev/null; \
      rm -f ${FILE_CONTEXT}.pre; \
 fi; 
 
@@ -331,7 +331,7 @@ SELinux Reference policy targeted base module.
 packages=`cat /usr/share/selinux/targeted/modules.lst`
 if [ $1 -eq 1 ]; then
    %loadpolicy targeted $packages
-   restorecon -R /root /var/log /var/run /var/lib 2> /dev/null
+   restorecon -R /root /var/log /var/run 2> /dev/null
 else
    semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid -r polkit_auth -r polkit -r rtkit_daemon -r ModemManager -r telepathysofiasip 2>/dev/null
    %loadpolicy targeted $packages
@@ -388,7 +388,7 @@ semanage -S minimum -i - << __eof
 login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
 login -m  -s unconfined_u -r s0-s0:c0.c1023 root
 __eof
-restorecon -R /root /var/log /var/run /var/lib 2> /dev/null
+restorecon -R /root /var/log /var/run 2> /dev/null
 else
 %relabel minimum
 fi
@@ -457,7 +457,7 @@ packages=`cat /usr/share/selinux/mls/modules.lst`
 %loadpolicy mls $packages
 
 if [ $1 -eq 1 ]; then
-   restorecon -R /root /var/log /var/run /var/lib 2> /dev/null
+   restorecon -R /root /var/log /var/run 2> /dev/null
 else
 %relabel mls
 fi
@@ -471,6 +471,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 24 2011 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-95
+- Fix spec file to not restore context on /var/lib
+- Fix for policykit
+
 * Tue Feb 22 2011 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-94
 - Fix for cmirrord
 - Add mcsnetwrite attribute