diff --git a/default_trans.patch b/default_trans.patch
index 617a3016..231f3415 100644
--- a/default_trans.patch
+++ b/default_trans.patch
@@ -1,11 +1,45 @@
-diff --git a/policy/mcs b/policy/mcs
-index ed7a0c1..90d0b1e 100644
---- a/policy/mcs
-+++ b/policy/mcs
+diff -up serefpolicy-3.10.0/policy/mcs.trans serefpolicy-3.10.0/policy/mcs
+--- serefpolicy-3.10.0/policy/mcs.trans	2011-12-05 16:30:45.081703537 -0500
++++ serefpolicy-3.10.0/policy/mcs	2011-12-05 16:34:09.674001926 -0500
 @@ -1,4 +1,6 @@
  ifdef(`enable_mcs',`
-+default_trans level dir_file_class_set parent;
++default_range dir_file_class_set target low;
 +
  #
  # Define sensitivities 
  #
+diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
+index 26c13f2..2354089 100644
+--- a/policy/modules/kernel/devices.fc
++++ b/policy/modules/kernel/devices.fc
+@@ -205,6 +205,7 @@ ifdef(`distro_redhat',`
+ # /sys
+ #
+ /sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
++/sys/devices/system/cpu/online	gen_context(system_u:object_r:cpu_online_t,s0)
+ 
+ /usr/lib/udev/devices(/.*)?		gen_context(system_u:object_r:device_t,s0)
+ /usr/lib/udev/devices/lp.*	-c	gen_context(system_u:object_r:printer_device_t,s0)
+diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
+index 112bebb..8f727be 100644
+--- a/policy/modules/kernel/devices.te
++++ b/policy/modules/kernel/devices.te
+@@ -226,8 +226,8 @@ fs_type(sysfs_t)
+ genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
+ 
+ type cpu_online_t;
+-allow cpu_online_t sysfs_t:filesystem associate;
+-genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
++files_type(cpu_online_t)
++dev_associate_sysfs(cpu_online_t)
+ 
+ #
+ # Type for /dev/tpm
+diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
+index 7be4ddf..f7021a0 100644
+--- a/policy/modules/kernel/kernel.fc
++++ b/policy/modules/kernel/kernel.fc
+@@ -1 +1,2 @@
+-# This module currently does not have any file contexts.
++
++/sys/class/net/ib.* 		gen_context(system_u:object_r:sysctl_net_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 54e97bc8..3879f8eb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,13 +17,14 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 68%{?dist}
+Release: 68.1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
 patch: policy-F16.patch
 patch1: unconfined_permissive.patch
 patch2: thumb.patch
+patch3: default_trans.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel
@@ -238,7 +239,8 @@ Based off of reference policy: Checked out revision  2.20091117
 %setup -n serefpolicy-%{version} -q
 %patch -p1
 %patch1 -p1 -b .unconfined
-#%patch2 -p1 -b .thumb
+%patch2 -p1 -b .thumb
+#%patch3 -p1 -b .trans
 
 %install
 mkdir selinux_config
diff --git a/thumb.patch b/thumb.patch
index 97ff4097..c4f9967b 100644
--- a/thumb.patch
+++ b/thumb.patch
@@ -1,16 +1,50 @@
-diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
-index 1105ff5..620e17b 100644
---- a/policy/modules/roles/unconfineduser.te
-+++ b/policy/modules/roles/unconfineduser.te
-@@ -188,6 +188,11 @@ optional_policy(`
- 		rtkit_scheduled(unconfined_usertype)
+diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.thumb serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
+--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.thumb	2011-12-13 16:04:19.597732170 -0500
++++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te	2011-12-13 16:04:42.718741218 -0500
+@@ -160,6 +160,11 @@ optional_policy(`
+ 		rtkit_scheduled(unconfined_t)
  	')
  
 +	# Might remove later if this proves to be problematic, but would like to gather AVCs
 +	optional_policy(`
-+		thumb_role(unconfined_r, unconfined_usertype)
++		thumb_role(unconfined_r, unconfined_t)
 +	')
 +
  	optional_policy(`
- 		setroubleshoot_dbus_chat(unconfined_usertype)
+ 		setroubleshoot_dbus_chat(unconfined_t)
  		setroubleshoot_dbus_chat_fixit(unconfined_t)
+diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
+index 26c13f2..2354089 100644
+--- a/policy/modules/kernel/devices.fc
++++ b/policy/modules/kernel/devices.fc
+@@ -205,6 +205,7 @@ ifdef(`distro_redhat',`
+ # /sys
+ #
+ /sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
++/sys/devices/system/cpu/online	gen_context(system_u:object_r:cpu_online_t,s0)
+ 
+ /usr/lib/udev/devices(/.*)?		gen_context(system_u:object_r:device_t,s0)
+ /usr/lib/udev/devices/lp.*	-c	gen_context(system_u:object_r:printer_device_t,s0)
+diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
+index 112bebb..8f727be 100644
+--- a/policy/modules/kernel/devices.te
++++ b/policy/modules/kernel/devices.te
+@@ -226,8 +226,8 @@ fs_type(sysfs_t)
+ genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
+ 
+ type cpu_online_t;
+-allow cpu_online_t sysfs_t:filesystem associate;
+-genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
++files_type(cpu_online_t)
++dev_associate_sysfs(cpu_online_t)
+ 
+ #
+ # Type for /dev/tpm
+diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
+index 7be4ddf..f7021a0 100644
+--- a/policy/modules/kernel/kernel.fc
++++ b/policy/modules/kernel/kernel.fc
+@@ -1 +1,2 @@
+-# This module currently does not have any file contexts.
++
++/sys/class/net/ib.* 		gen_context(system_u:object_r:sysctl_net_t,s0)