diff --git a/policy-20071130.patch b/policy-20071130.patch
index 842f43c9..42622321 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -1,3 +1,13 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-3.2.8/Changelog
+--- nsaserefpolicy/Changelog	2008-02-19 17:24:26.000000000 -0500
++++ serefpolicy-3.2.8/Changelog	2008-02-18 14:31:09.000000000 -0500
+@@ -1,6 +1,3 @@
+-- Pam and samba updates from Stefan Schulze Frielinghaus.
+-- Backup update on Debian from Vaclav Ovsik.
+-- Cracklib update on Debian from Vaclav Ovsik.
+ - Label /proc/kallsyms with system_map_t.
+ - 64-bit capabilities from Stephen Smalley.
+ - Labeled networking peer object class updates.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.2.8/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2007-10-12 08:56:09.000000000 -0400
 +++ serefpolicy-3.2.8/config/appconfig-mcs/failsafe_context	2008-02-18 14:57:04.000000000 -0500
@@ -670,7 +680,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t
 -allow kudzu_t cupsd_rw_etc_t:dir list_dir_perms;
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.2.8/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te	2007-12-19 05:32:18.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/logrotate.te	2008-02-19 17:24:26.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/admin/logrotate.te	2008-02-18 14:57:04.000000000 -0500
 @@ -96,9 +96,11 @@
  files_read_etc_files(logrotate_t)
@@ -807,7 +817,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.2.8/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/admin/rpm.fc	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/admin/rpm.fc	2008-02-20 12:09:50.000000000 -0500
 @@ -11,6 +11,7 @@
  
  /usr/sbin/system-install-packages --	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -826,9 +836,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
  ')
  
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
+@@ -29,6 +33,7 @@
+ 
+ /var/log/rpmpkgs.*		--	gen_context(system_u:object_r:rpm_log_t,s0)
+ /var/log/yum\.log.*		--	gen_context(system_u:object_r:rpm_log_t,s0)
++/var/run/yum.*			--	gen_context(system_u:object_r:rpm_var_run_t,s0)
+ 
+ # SuSE
+ ifdef(`distro_suse', `
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.2.8/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2007-05-18 11:12:44.000000000 -0400
-+++ serefpolicy-3.2.8/policy/modules/admin/rpm.if	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/admin/rpm.if	2008-02-20 12:09:57.000000000 -0500
 @@ -152,6 +152,24 @@
  
  ########################################
@@ -937,7 +955,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
  ')
  
  ########################################
-@@ -289,3 +368,137 @@
+@@ -289,3 +368,157 @@
  	dontaudit $1 rpm_var_lib_t:file manage_file_perms;
  	dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
  ')
@@ -1075,10 +1093,50 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
 +
 +	role_transition $1 rpm_exec_t system_r;
 +')
++
++########################################
++## <summary>
++##	Do not audit attempts to write, and delete the 
++##	RPM var run files
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`rpm_dontaudit_write_pid_files',`
++	gen_require(`
++		type rpm_var_run_t;
++	')
++
++	dontaudit $1 rpm_var_run_t:file write_file_perms;
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.2.8/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2007-12-19 05:32:18.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/admin/rpm.te	2008-02-18 14:57:04.000000000 -0500
-@@ -179,7 +179,17 @@
++++ serefpolicy-3.2.8/policy/modules/admin/rpm.te	2008-02-20 12:10:32.000000000 -0500
+@@ -31,6 +31,9 @@
+ files_type(rpm_var_lib_t)
+ typealias rpm_var_lib_t alias var_lib_rpm_t;
+ 
++type rpm_var_run_t;
++files_pid_file(rpm_var_run_t)
++
+ type rpm_script_t;
+ type rpm_script_exec_t;
+ domain_obj_id_change_exemption(rpm_script_t)
+@@ -89,6 +92,9 @@
+ manage_files_pattern(rpm_t,rpm_var_lib_t,rpm_var_lib_t)
+ files_var_lib_filetrans(rpm_t,rpm_var_lib_t,dir)
+ 
++manage_files_pattern(rpm_t,rpm_var_run_t,rpm_var_run_t)
++files_pid_filetrans(rpm_t,rpm_var_run_t, file)
++
+ kernel_read_system_state(rpm_t)
+ kernel_read_kernel_sysctls(rpm_t)
+ 
+@@ -179,7 +185,17 @@
  ')
  
  optional_policy(`
@@ -1097,7 +1155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
  ')
  
  optional_policy(`
-@@ -190,6 +200,7 @@
+@@ -190,6 +206,7 @@
  	unconfined_domain(rpm_t)
  	# yum-updatesd requires this
  	unconfined_dbus_chat(rpm_t)
@@ -1105,7 +1163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
  ')
  
  ifdef(`TODO',`
-@@ -216,7 +227,7 @@
+@@ -216,7 +233,7 @@
  #
  
  allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
@@ -1114,7 +1172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
  allow rpm_script_t self:fd use;
  allow rpm_script_t self:fifo_file rw_fifo_file_perms;
  allow rpm_script_t self:unix_dgram_socket create_socket_perms;
-@@ -317,6 +328,7 @@
+@@ -317,6 +334,7 @@
  seutil_domtrans_loadpolicy(rpm_script_t)
  seutil_domtrans_setfiles(rpm_script_t)
  seutil_domtrans_semanage(rpm_script_t)
@@ -1122,7 +1180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
  
  userdom_use_all_users_fds(rpm_script_t)
  
-@@ -342,6 +354,7 @@
+@@ -342,6 +360,7 @@
  optional_policy(`
  	unconfined_domain(rpm_script_t)
  	unconfined_domtrans(rpm_script_t)
@@ -1384,7 +1442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
  ')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.2.8/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te	2007-12-19 05:32:18.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2008-02-19 17:24:26.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/admin/usermanage.te	2008-02-18 14:57:04.000000000 -0500
 @@ -97,6 +97,7 @@
  
@@ -1394,7 +1452,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  
  domain_use_interactive_fds(chfn_t)
  
-@@ -290,6 +291,7 @@
+@@ -297,6 +291,7 @@
  term_use_all_user_ttys(passwd_t)
  term_use_all_user_ptys(passwd_t)
  
@@ -1402,7 +1460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  auth_manage_shadow(passwd_t)
  auth_relabel_shadow(passwd_t)
  auth_etc_filetrans_shadow(passwd_t)
-@@ -309,6 +311,7 @@
+@@ -316,6 +311,7 @@
  # /usr/bin/passwd asks for w access to utmp, but it will operate
  # correctly without it.  Do not audit write denials to utmp.
  init_dontaudit_rw_utmp(passwd_t)
@@ -1410,7 +1468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  
  libs_use_ld_so(passwd_t)
  libs_use_shared_libs(passwd_t)
-@@ -518,6 +521,12 @@
+@@ -525,6 +521,12 @@
  ')
  
  optional_policy(`
@@ -4657,7 +4715,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-12-12 11:35:27.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc	2008-02-19 09:58:42.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc	2008-02-20 12:49:07.000000000 -0500
 @@ -7,11 +7,11 @@
  /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
  /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4714,7 +4772,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
-@@ -185,8 +192,12 @@
+@@ -178,6 +185,8 @@
+ /usr/lib(64)?/xen/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
++/usr/libsexec/sesh		--	gen_context(system_u:object_r:shell_exec_t,s0)
++
+ /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
+@@ -185,8 +194,12 @@
  /usr/local/Brother(/.*)?/lpd(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  /usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
  /usr/local/Printer/[^/]*/lpd(/.*)?     	gen_context(system_u:object_r:bin_t,s0)
@@ -4727,7 +4794,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +295,10 @@
+@@ -284,3 +297,10 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -4945,7 +5012,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.2.8/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.if	2008-02-19 10:51:36.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.if	2008-02-20 08:53:01.000000000 -0500
 @@ -65,7 +65,7 @@
  
  	relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -5194,7 +5261,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.2.8/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.te	2008-02-19 10:49:19.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.te	2008-02-20 08:52:43.000000000 -0500
 @@ -32,6 +32,12 @@
  type apm_bios_t;
  dev_node(apm_bios_t)
@@ -5236,7 +5303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  type lvm_control_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.2.8/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/domain.te	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/domain.te	2008-02-20 12:07:20.000000000 -0500
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -5268,7 +5335,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
  
  # act on all domains keys
-@@ -148,3 +156,26 @@
+@@ -148,3 +156,27 @@
  
  # receive from all domains over labeled networking
  domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -5285,6 +5352,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +optional_policy(`
 +	rpm_rw_pipes(domain)
 +	rpm_dontaudit_use_script_fds(domain)
++	rpm_dontaudit_write_pid_files(domain)
 +')
 +
 +optional_policy(`
@@ -7292,7 +7360,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.2.8/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/automount.te	2008-02-19 10:52:07.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/automount.te	2008-02-20 08:53:39.000000000 -0500
 @@ -20,6 +20,9 @@
  files_tmp_file(automount_tmp_t)
  files_mountpoint(automount_tmp_t)
@@ -7330,14 +7398,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  
  fs_mount_all_fs(automount_t)
  fs_unmount_all_fs(automount_t)
-@@ -101,6 +104,7 @@
+@@ -98,6 +101,7 @@
+ corenet_udp_bind_all_rpc_ports(automount_t)
+ 
+ dev_read_sysfs(automount_t)
++dev_rw_autofs(automount_t)
  # for SSP
  dev_read_rand(automount_t)
  dev_read_urand(automount_t)
-+dev_rw_autofs(automount_t)
- 
- domain_use_interactive_fds(automount_t)
- domain_dontaudit_read_all_domains_state(automount_t)
 @@ -126,8 +130,12 @@
  fs_mount_autofs(automount_t)
  fs_manage_autofs_symlinks(automount_t)
@@ -12800,6 +12868,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
  ')
  
  ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.2.8/policy/modules/services/mailman.fc
+--- nsaserefpolicy/policy/modules/services/mailman.fc	2006-11-16 17:15:20.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/mailman.fc	2008-02-20 08:16:48.000000000 -0500
+@@ -31,3 +31,4 @@
+ /var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
+ /var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
+ ')
++/usr/lib/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.2.8/policy/modules/services/mailman.if
 --- nsaserefpolicy/policy/modules/services/mailman.if	2007-12-04 11:02:50.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/services/mailman.if	2008-02-18 14:57:04.000000000 -0500
@@ -12839,7 +12915,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.2.8/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/mailman.te	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/mailman.te	2008-02-20 08:52:15.000000000 -0500
 @@ -53,10 +53,9 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -12853,7 +12929,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ')
  
  ########################################
-@@ -65,6 +64,11 @@
+@@ -65,8 +64,14 @@
  #
  
  allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
@@ -12864,7 +12940,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +files_search_spool(mailman_mail_t)
  
  mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)
++mta_dontaudit_rw_queue(mailman_mail_t)
  
+ ifdef(`TODO',`
+ optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.2.8/policy/modules/services/mailscanner.fc
 --- nsaserefpolicy/policy/modules/services/mailscanner.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/services/mailscanner.fc	2008-02-18 14:57:04.000000000 -0500
@@ -12945,7 +13024,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +files_type(mailscanner_spool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.2.8/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2007-12-06 13:12:03.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/mta.if	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/mta.if	2008-02-20 08:15:06.000000000 -0500
 @@ -133,6 +133,12 @@
  		sendmail_create_log($1_mail_t)
  	')
@@ -17802,41 +17881,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.2.8/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te	2007-12-19 05:32:17.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/samba.te	2008-02-19 17:24:26.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/services/samba.te	2008-02-18 14:57:04.000000000 -0500
-@@ -26,28 +26,28 @@
- 
- ## <desc>
- ## <p>
--## Allow samba to share users home directories.
-+## Allow Samba to share users home directories
- ## </p>
- ## </desc>
- gen_tunable(samba_enable_home_dirs,false)
- 
- ## <desc>
- ## <p>
--## Allow samba to share any file/directory read only.
-+## Allow Samba to share any file/directory read only
- ## </p>
- ## </desc>
- gen_tunable(samba_export_all_ro,false)
- 
- ## <desc>
- ## <p>
--## Allow samba to share any file/directory read/write.
-+## Allow Samba to share any file/directory read/write
- ## </p>
- ## </desc>
- gen_tunable(samba_export_all_rw,false)
- 
- ## <desc>
- ## <p>
--## Allow samba to run unconfined scripts
-+## Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory
- ## </p>
- ## </desc>
- gen_tunable(samba_run_unconfined,false)
 @@ -59,6 +59,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs,false)
@@ -17905,11 +17951,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow smbd_t samba_etc_t:file { rw_file_perms setattr };
  
 -create_dirs_pattern(smbd_t,samba_log_t,samba_log_t)
--create_files_pattern(smbd_t,samba_log_t,samba_log_t)
++manage_dirs_pattern(smbd_t,samba_log_t,samba_log_t)
+ manage_files_pattern(smbd_t,samba_log_t,samba_log_t)
 -allow smbd_t samba_log_t:dir setattr;
 -dontaudit smbd_t samba_log_t:dir remove_name;
-+manage_dirs_pattern(smbd_t,samba_log_t,samba_log_t)
-+manage_files_pattern(smbd_t,samba_log_t,samba_log_t)
  
  allow smbd_t samba_net_tmp_t:file getattr;
  
@@ -22073,15 +22118,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  #
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.2.8/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc	2007-12-12 11:35:28.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/authlogin.fc	2008-02-19 17:24:26.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/system/authlogin.fc	2008-02-18 14:57:04.000000000 -0500
-@@ -40,5 +40,10 @@
+@@ -40,6 +40,10 @@
  /var/log/wtmp.*		--	gen_context(system_u:object_r:wtmp_t,s0)
  
  /var/run/console(/.*)?	 	gen_context(system_u:object_r:pam_var_console_t,s0)
-+/var/run/pam_mount(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
+-
+ /var/run/pam_mount(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
 +/var/run/sepermit(/.*)?	 	gen_context(system_u:object_r:pam_var_run_t,s0)
- 
++
  /var/run/sudo(/.*)?		gen_context(system_u:object_r:pam_var_run_t,s0)
 +/var/run/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 +
@@ -22260,7 +22306,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.2.8/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te	2008-02-06 10:33:22.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/authlogin.te	2008-02-19 17:24:26.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/system/authlogin.te	2008-02-18 14:57:04.000000000 -0500
 @@ -59,6 +59,9 @@
  type utempter_exec_t;
@@ -22307,18 +22353,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  auth_manage_shadow(updpwd_t)
  auth_use_nsswitch(updpwd_t)
-@@ -359,11 +373,6 @@
- ')
- 
- optional_policy(`
--	# Allow utemper to write to /tmp/.xses-*
--	unconfined_write_tmp_files(utempter_t)
--')
--
--optional_policy(`
- 	xserver_use_xdm_fds(utempter_t)
- 	xserver_rw_xdm_pipes(utempter_t)
- ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.2.8/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2007-09-26 12:15:01.000000000 -0400
 +++ serefpolicy-3.2.8/policy/modules/system/fstools.fc	2008-02-18 14:57:04.000000000 -0500
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 446a3f26..87427856 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -16,8 +16,8 @@
 %define CHECKPOLICYVER 2.0.3-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.2.8
-Release: 2%{?dist}
+Version: 3.2.9
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,8 @@ exit 0
 %endif
 
 %changelog
+* Wed Feb 20 2008 Dan Walsh <dwalsh@redhat.com> 3.2.9-1
+
 * Tue Feb 19 2008 Dan Walsh <dwalsh@redhat.com> 3.2.8-2
 - Fix userdom_list_user_files