diff --git a/policy-20071130.patch b/policy-20071130.patch
index 32d3023..b99f3c5 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -651875,7 +651875,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.3.1/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-03-05 13:36:02.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-05-15 11:13:06.000000000 +0200
 @@ -26,7 +26,7 @@
  ## <desc>
  ## <p>
@@ -651918,7 +651918,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ########################################
  #
  # ftpd local policy
-@@ -106,9 +116,10 @@
+@@ -89,6 +99,7 @@
+ allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
+ allow ftpd_t self:tcp_socket create_stream_socket_perms;
+ allow ftpd_t self:udp_socket create_socket_perms;
++allow ftpd_t self:key manage_key_perms;
+ 
+ allow ftpd_t ftpd_etc_t:file read_file_perms;
+ 
+@@ -106,9 +117,10 @@
  manage_sock_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
  fs_tmpfs_filetrans(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
  
@@ -651930,7 +651938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  # proftpd requires the client side to bind a socket so that
  # it can stat the socket to perform access control decisions,
-@@ -123,6 +134,7 @@
+@@ -123,6 +135,7 @@
  
  kernel_read_kernel_sysctls(ftpd_t)
  kernel_read_system_state(ftpd_t)
@@ -651938,7 +651946,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  dev_read_sysfs(ftpd_t)
  dev_read_urand(ftpd_t)
-@@ -169,7 +181,9 @@
+@@ -169,7 +182,9 @@
  libs_use_ld_so(ftpd_t)
  libs_use_shared_libs(ftpd_t)
  
@@ -651948,7 +651956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
  miscfiles_read_localization(ftpd_t)
  miscfiles_read_public_files(ftpd_t)
-@@ -209,6 +223,11 @@
+@@ -209,6 +224,11 @@
  	auth_manage_all_files_except_shadow(ftpd_t)
  ')
  
@@ -651960,7 +651968,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  tunable_policy(`ftp_home_dir',`
  	allow ftpd_t self:capability { dac_override dac_read_search };
  
-@@ -218,8 +237,16 @@
+@@ -218,8 +238,16 @@
  	userdom_manage_all_users_home_content_dirs(ftpd_t)
  	userdom_manage_all_users_home_content_files(ftpd_t)
  	userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -651977,7 +651985,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
  	fs_manage_nfs_files(ftpd_t)
  	fs_read_nfs_symlinks(ftpd_t)
-@@ -237,6 +264,18 @@
+@@ -237,6 +265,18 @@
  ')
  
  optional_policy(`
@@ -651996,7 +652004,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  	corecmd_exec_shell(ftpd_t)
  
  	files_read_usr_files(ftpd_t)
-@@ -253,7 +292,9 @@
+@@ -253,7 +293,9 @@
  ')
  
  optional_policy(`
@@ -652007,7 +652015,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  ')
  
  optional_policy(`
-@@ -265,6 +306,14 @@
+@@ -265,6 +307,14 @@
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3c75ec8..276aec4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 132%{?dist}
+Release: 133%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Fri May 15 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-133
+- Allow fptd_t to check its access to kernel key ring
+
 * Fri Apr 17 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-132
 - Fix postfix-master policy