diff --git a/policy-20070703.patch b/policy-20070703.patch
index e01c71b..c77132c 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -1,3 +1,55 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.8/Rules.modular
+--- nsaserefpolicy/Rules.modular	2007-10-22 13:21:44.000000000 -0400
++++ serefpolicy-3.0.8/Rules.modular	2008-04-04 16:11:04.000000000 -0400
+@@ -96,6 +96,9 @@
+ 	@test -d $(builddir) || mkdir -p $(builddir)
+ 	$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
+ 
++ifneq "$(UNK_PERMS)" ""
++$(base_mod): CHECKMODULE += -U $(UNK_PERMS)
++endif
+ $(base_mod): $(base_conf)
+ 	@echo "Compiling $(NAME) base module"
+ 	$(verbose) $(CHECKMODULE) $^ -o $@
+@@ -144,6 +147,7 @@
+ 
+ $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
+ $(tmpdir)/rolemap.conf: $(rolemap)
++	$(verbose) echo "" > $@
+ 	$(call parse-rolemap,base,$@)
+ 
+ $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.0.8/Rules.monolithic
+--- nsaserefpolicy/Rules.monolithic	2007-10-22 13:21:43.000000000 -0400
++++ serefpolicy-3.0.8/Rules.monolithic	2008-04-04 16:11:04.000000000 -0400
+@@ -63,6 +63,9 @@
+ #
+ # Build a binary policy locally
+ #
++ifneq "$(UNK_PERMS)" ""
++$(polver): CHECKPOLICY += -U $(UNK_PERMS)
++endif
+ $(polver): $(policy_conf)
+ 	@echo "Compiling $(NAME) $(polver)"
+ ifneq ($(pv),$(kv))
+@@ -76,6 +79,9 @@
+ #
+ # Install a binary policy
+ #
++ifneq "$(UNK_PERMS)" ""
++$(loadpath): CHECKPOLICY += -U $(UNK_PERMS)
++endif
+ $(loadpath): $(policy_conf)
+ 	@mkdir -p $(policypath)
+ 	@echo "Compiling and installing $(NAME) $(loadpath)"
+@@ -127,6 +133,7 @@
+ 	@echo "divert" >> $@
+ 
+ $(tmpdir)/rolemap.conf: $(rolemap)
++	$(verbose) echo "" > $@
+ 	$(call parse-rolemap,base,$@)
+ 
+ $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.0.8/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2007-10-22 13:21:43.000000000 -0400
 +++ serefpolicy-3.0.8/config/appconfig-mcs/default_contexts	2008-04-04 16:11:03.000000000 -0400
@@ -92,12 +144,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u
 +staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
 +sysadm_r:sysadm_su_t:s0		sysadm_r:sysadm_t:s0 
 +sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context
---- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2007-10-22 13:21:43.000000000 -0400
-+++ serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context	2008-04-04 16:11:03.000000000 -0400
-@@ -1 +1 @@
--system_u:sysadm_r:sysadm_t:s0
-+system_u:system_r:unconfined_t:s0	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.0.8/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.0.8/config/appconfig-mcs/user_u_default_contexts	2008-04-04 16:11:03.000000000 -0400
@@ -109,6 +155,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_
 +system_r:xdm_t:s0		system_r:unconfined_t:s0 user_r:user_t:s0
 +user_r:user_su_t:s0		system_r:unconfined_t:s0 user_r:user_t:s0
 +user_r:user_sudo_t:s0		system_r:unconfined_t:s0 user_r:user_t:s0
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context
+--- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2007-10-22 13:21:43.000000000 -0400
++++ serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context	2008-04-04 16:11:03.000000000 -0400
+@@ -1 +1 @@
+-system_u:sysadm_r:sysadm_t:s0
++system_u:system_r:unconfined_t:s0	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.0.8/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.0.8/config/appconfig-mcs/xguest_u_default_contexts	2008-04-04 16:11:03.000000000 -0400
@@ -2203,80 +2255,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  
  userdom_use_all_users_fds(rpm_script_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.0.8/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/sudo.if	2008-04-04 16:11:03.000000000 -0400
-@@ -55,7 +55,7 @@
- 	#
- 
- 	# Use capabilities.
--	allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_resource };
-+	allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_nice sys_resource };
- 	allow $1_sudo_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
- 	allow $1_sudo_t self:process { setexec setrlimit };
- 	allow $1_sudo_t self:fd use;
-@@ -68,7 +68,6 @@
- 	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
- 	allow $1_sudo_t self:unix_dgram_socket sendto;
- 	allow $1_sudo_t self:unix_stream_socket connectto;
--	allow $1_sudo_t self:netlink_audit_socket { create bind write nlmsg_read read };
- 	allow $1_sudo_t self:netlink_route_socket r_netlink_socket_perms;
- 
- 	# Enter this derived domain from the user domain
-@@ -76,6 +75,7 @@
- 
- 	# By default, revert to the calling domain when a shell is executed.
- 	corecmd_shell_domtrans($1_sudo_t,$2)
-+	corecmd_bin_domtrans($1_sudo_t,$2)
- 	allow $2 $1_sudo_t:fd use;
- 	allow $2 $1_sudo_t:fifo_file rw_file_perms;
- 	allow $2 $1_sudo_t:process sigchld;
-@@ -89,9 +89,11 @@
- 	fs_search_auto_mountpoints($1_sudo_t)
- 	fs_getattr_xattr_fs($1_sudo_t)
- 
--	auth_domtrans_chk_passwd($1_sudo_t)
-+	auth_run_chk_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t })
-+	auth_run_upd_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t })
- 	# sudo stores a token in the pam_pid directory
- 	auth_manage_pam_pid($1_sudo_t)
-+	auth_search_key($1_sudo_t)
- 
- 	corecmd_read_bin_symlinks($1_sudo_t)
- 	corecmd_getattr_all_executables($1_sudo_t)
-@@ -106,18 +108,21 @@
- 	files_getattr_usr_files($1_sudo_t)
- 	# for some PAM modules and for cwd
- 	files_dontaudit_search_home($1_sudo_t)
-+	files_list_tmp($1_sudo_t)
- 
- 	init_rw_utmp($1_sudo_t)
- 
- 	libs_use_ld_so($1_sudo_t)
- 	libs_use_shared_libs($1_sudo_t)
- 
-+	logging_send_audit_msgs($1_sudo_t)
- 	logging_send_syslog_msg($1_sudo_t)
- 
- 	miscfiles_read_localization($1_sudo_t)
- 
- 	userdom_manage_user_home_content_files($1,$1_sudo_t)
- 	userdom_manage_user_home_content_symlinks($1,$1_sudo_t)
-+
- 	userdom_manage_user_tmp_files($1,$1_sudo_t)
- 	userdom_manage_user_tmp_symlinks($1,$1_sudo_t)
- 	userdom_use_user_terminals($1,$1_sudo_t)
-@@ -126,6 +131,10 @@
- 	userdom_dontaudit_search_all_users_home_content($1_sudo_t)
- 
- 	optional_policy(`
-+		locallogin_search_keys($1_sudo_t)
-+	')
-+
-+	optional_policy(`
- 		nis_use_ypbind($1_sudo_t)
- 	')
- 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.0.8/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2007-10-22 13:21:42.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/admin/su.if	2008-04-04 16:11:03.000000000 -0400
@@ -2375,6 +2353,80 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  	ifdef(`TODO',`
  	allow $1_su_t $1_home_t:file manage_file_perms;
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.0.8/policy/modules/admin/sudo.if
+--- nsaserefpolicy/policy/modules/admin/sudo.if	2007-10-22 13:21:42.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/sudo.if	2008-04-04 16:11:03.000000000 -0400
+@@ -55,7 +55,7 @@
+ 	#
+ 
+ 	# Use capabilities.
+-	allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_resource };
++	allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_nice sys_resource };
+ 	allow $1_sudo_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+ 	allow $1_sudo_t self:process { setexec setrlimit };
+ 	allow $1_sudo_t self:fd use;
+@@ -68,7 +68,6 @@
+ 	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
+ 	allow $1_sudo_t self:unix_dgram_socket sendto;
+ 	allow $1_sudo_t self:unix_stream_socket connectto;
+-	allow $1_sudo_t self:netlink_audit_socket { create bind write nlmsg_read read };
+ 	allow $1_sudo_t self:netlink_route_socket r_netlink_socket_perms;
+ 
+ 	# Enter this derived domain from the user domain
+@@ -76,6 +75,7 @@
+ 
+ 	# By default, revert to the calling domain when a shell is executed.
+ 	corecmd_shell_domtrans($1_sudo_t,$2)
++	corecmd_bin_domtrans($1_sudo_t,$2)
+ 	allow $2 $1_sudo_t:fd use;
+ 	allow $2 $1_sudo_t:fifo_file rw_file_perms;
+ 	allow $2 $1_sudo_t:process sigchld;
+@@ -89,9 +89,11 @@
+ 	fs_search_auto_mountpoints($1_sudo_t)
+ 	fs_getattr_xattr_fs($1_sudo_t)
+ 
+-	auth_domtrans_chk_passwd($1_sudo_t)
++	auth_run_chk_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t })
++	auth_run_upd_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t })
+ 	# sudo stores a token in the pam_pid directory
+ 	auth_manage_pam_pid($1_sudo_t)
++	auth_search_key($1_sudo_t)
+ 
+ 	corecmd_read_bin_symlinks($1_sudo_t)
+ 	corecmd_getattr_all_executables($1_sudo_t)
+@@ -106,18 +108,21 @@
+ 	files_getattr_usr_files($1_sudo_t)
+ 	# for some PAM modules and for cwd
+ 	files_dontaudit_search_home($1_sudo_t)
++	files_list_tmp($1_sudo_t)
+ 
+ 	init_rw_utmp($1_sudo_t)
+ 
+ 	libs_use_ld_so($1_sudo_t)
+ 	libs_use_shared_libs($1_sudo_t)
+ 
++	logging_send_audit_msgs($1_sudo_t)
+ 	logging_send_syslog_msg($1_sudo_t)
+ 
+ 	miscfiles_read_localization($1_sudo_t)
+ 
+ 	userdom_manage_user_home_content_files($1,$1_sudo_t)
+ 	userdom_manage_user_home_content_symlinks($1,$1_sudo_t)
++
+ 	userdom_manage_user_tmp_files($1,$1_sudo_t)
+ 	userdom_manage_user_tmp_symlinks($1,$1_sudo_t)
+ 	userdom_use_user_terminals($1,$1_sudo_t)
+@@ -126,6 +131,10 @@
+ 	userdom_dontaudit_search_all_users_home_content($1_sudo_t)
+ 
+ 	optional_policy(`
++		locallogin_search_keys($1_sudo_t)
++	')
++
++	optional_policy(`
+ 		nis_use_ypbind($1_sudo_t)
+ 	')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2007-10-22 13:21:42.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te	2008-04-04 16:11:03.000000000 -0400
@@ -6751,7 +6803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +/etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.0.8/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.if	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.if	2008-04-10 13:08:35.000000000 -0400
 @@ -18,10 +18,6 @@
  		attribute httpd_script_exec_type;
  		type httpd_t, httpd_suexec_t, httpd_log_t;
@@ -6799,7 +6851,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	# Allow the web server to run scripts and serve pages
  	tunable_policy(`httpd_builtin_scripting',`
  		manage_dirs_pattern(httpd_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
-@@ -177,48 +169,6 @@
+@@ -150,9 +142,11 @@
+ 
+ 		# privileged users run the script:
+ 		domtrans_pattern(httpd_exec_scripts, httpd_$1_script_exec_t, httpd_$1_script_t)
++		allow httpd_exec_scripts httpd_$1_script_exec_t:file read_file_perms;
+ 
+ 		# apache runs the script:
+ 		domtrans_pattern(httpd_t, httpd_$1_script_exec_t, httpd_$1_script_t)
++		allow httpd_t httpd_$1_script_exec_t:file read_file_perms;
+ 
+ 		allow httpd_t httpd_$1_script_t:process { signal sigkill sigstop };
+ 		allow httpd_t httpd_$1_script_exec_t:dir list_dir_perms;
+@@ -177,48 +171,6 @@
  		miscfiles_read_localization(httpd_$1_script_t)
  	')
  
@@ -6848,7 +6912,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	optional_policy(`
  		tunable_policy(`httpd_enable_cgi && allow_ypbind',`
  			nis_use_ypbind_uncond(httpd_$1_script_t)
-@@ -265,12 +215,19 @@
+@@ -265,12 +217,19 @@
  template(`apache_per_role_template', `
  	gen_require(`
  		attribute httpdcontent, httpd_script_domains;
@@ -6870,7 +6934,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	typeattribute httpd_$1_script_t httpd_script_domains;
  	userdom_user_home_content($1,httpd_$1_content_t)
  
-@@ -324,6 +281,7 @@
+@@ -324,6 +283,7 @@
  		userdom_search_user_home_dirs($1,httpd_t)
  		userdom_search_user_home_dirs($1,httpd_suexec_t)
  		userdom_search_user_home_dirs($1,httpd_$1_script_t)
@@ -6878,7 +6942,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	')
  ')
  
-@@ -345,12 +303,11 @@
+@@ -345,12 +305,11 @@
  #
  template(`apache_read_user_scripts',`
  	gen_require(`
@@ -6895,7 +6959,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -371,12 +328,12 @@
+@@ -371,12 +330,12 @@
  #
  template(`apache_read_user_content',`
  	gen_require(`
@@ -6912,7 +6976,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -754,6 +711,7 @@
+@@ -754,6 +713,7 @@
  	')
  
  	allow $1 httpd_modules_t:dir list_dir_perms;
@@ -6920,7 +6984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -838,6 +796,10 @@
+@@ -838,6 +798,10 @@
  		type httpd_sys_script_t;
  	')
  
@@ -6931,7 +6995,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	tunable_policy(`httpd_enable_cgi && httpd_unified',`
  		domtrans_pattern($1, httpdcontent, httpd_sys_script_t)
  	')
-@@ -925,7 +887,7 @@
+@@ -925,7 +889,7 @@
  		type httpd_squirrelmail_t;
  	')
  
@@ -6940,7 +7004,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
  
  ########################################
-@@ -1005,6 +967,31 @@
+@@ -1005,6 +969,31 @@
  
  ########################################
  ## <summary>
@@ -6972,7 +7036,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ##	Search system script state directory.
  ## </summary>
  ## <param name="domain">
-@@ -1056,3 +1043,138 @@
+@@ -1056,3 +1045,138 @@
  
  	allow httpd_t $1:process signal;
  ')
@@ -9750,7 +9814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.0.8/policy/modules/services/dhcp.te
 --- nsaserefpolicy/policy/modules/services/dhcp.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dhcp.te	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/dhcp.te	2008-04-10 11:28:45.000000000 -0400
 @@ -24,7 +24,7 @@
  # Local policy
  #
@@ -9760,6 +9824,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
  dontaudit dhcpd_t self:capability { net_admin sys_tty_config };
  allow dhcpd_t self:process signal_perms;
  allow dhcpd_t self:fifo_file { read write getattr };
+@@ -51,6 +51,7 @@
+ 
+ kernel_read_system_state(dhcpd_t)
+ kernel_read_kernel_sysctls(dhcpd_t)
++kernel_read_network_state(dhcpd_t)
+ 
+ corenet_all_recvfrom_unlabeled(dhcpd_t)
+ corenet_all_recvfrom_netlabel(dhcpd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.0.8/policy/modules/services/dictd.fc
 --- nsaserefpolicy/policy/modules/services/dictd.fc	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/dictd.fc	2008-04-04 16:11:03.000000000 -0400
@@ -11039,7 +11111,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +/var/tmp/host_0			-- 	gen_context(system_u:object_r:krb5_host_rcache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/kerberos.if	2008-04-07 20:47:25.000000000 -0400
 @@ -42,11 +42,17 @@
  	dontaudit $1 krb5_conf_t:file write;
  	dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
@@ -11068,10 +11140,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  	')
  
  	optional_policy(`
-@@ -172,3 +175,51 @@
- 	allow $1 krb5kdc_conf_t:file read_file_perms;
+@@ -169,6 +172,53 @@
+ 	')
  
- ')
+ 	files_search_etc($1)
+-	allow $1 krb5kdc_conf_t:file read_file_perms;
++	read_files_pattern($1, krb5kdc_conf_t,  krb5kdc_conf_t)
++')
 +
 +########################################
 +## <summary>
@@ -11099,7 +11174,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +	# creates files as system_u no matter what the selinux user
 +	domain_obj_id_change_exemption($1)
 +')
-+
+ 
 +########################################
 +## <summary>
 +##	Connect to krb524 service
@@ -11119,7 +11194,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +		corenet_udp_sendrecv_kerberos_master_port($1)
 +		corenet_udp_bind_all_nodes($1)
 +	')
-+')
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.0.8/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/kerberos.te	2008-04-04 16:11:03.000000000 -0400
@@ -13323,7 +13398,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.0.8/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/postfix.te	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/postfix.te	2008-04-14 14:31:24.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -13406,7 +13481,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ')
  
  ###########################################################
-@@ -263,6 +288,8 @@
+@@ -238,6 +263,10 @@
+ 
+ corecmd_exec_bin(postfix_cleanup_t)
+ 
++optional_policy(`
++	mailman_read_data_files(postfix_cleanup_t)
++')
++
+ ########################################
+ #
+ # Postfix local local policy
+@@ -263,6 +292,8 @@
  
  files_read_etc_files(postfix_local_t)
  
@@ -13415,7 +13501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  mta_read_aliases(postfix_local_t)
  mta_delete_spool(postfix_local_t)
  # For reading spamassasin
-@@ -270,11 +297,14 @@
+@@ -270,11 +301,14 @@
  
  optional_policy(`
  	clamav_search_lib(postfix_local_t)
@@ -13430,7 +13516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ')
  
  optional_policy(`
-@@ -327,6 +357,8 @@
+@@ -327,6 +361,8 @@
  files_read_etc_runtime_files(postfix_map_t)
  files_dontaudit_search_var(postfix_map_t)
  
@@ -13439,7 +13525,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  libs_use_ld_so(postfix_map_t)
  libs_use_shared_libs(postfix_map_t)
  
-@@ -334,10 +366,6 @@
+@@ -334,10 +370,6 @@
  
  miscfiles_read_localization(postfix_map_t)
  
@@ -13450,7 +13536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  tunable_policy(`read_default_t',`
  	files_list_default(postfix_map_t)
  	files_read_default_files(postfix_map_t)
-@@ -350,10 +378,6 @@
+@@ -350,10 +382,6 @@
  	locallogin_dontaudit_use_fds(postfix_map_t)
  ')
  
@@ -13461,7 +13547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix pickup local policy
-@@ -377,7 +401,7 @@
+@@ -377,7 +405,7 @@
  # Postfix pipe local policy
  #
  
@@ -13470,7 +13556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
  write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
  
-@@ -386,6 +410,10 @@
+@@ -386,6 +414,10 @@
  rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
  
  optional_policy(`
@@ -13481,7 +13567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	procmail_domtrans(postfix_pipe_t)
  ')
  
-@@ -394,6 +422,10 @@
+@@ -394,6 +426,10 @@
  ')
  
  optional_policy(`
@@ -13492,7 +13578,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	uucp_domtrans_uux(postfix_pipe_t)
  ')
  
-@@ -418,14 +450,17 @@
+@@ -418,14 +454,17 @@
  term_dontaudit_use_all_user_ptys(postfix_postdrop_t)
  term_dontaudit_use_all_user_ttys(postfix_postdrop_t)
  
@@ -13512,7 +13598,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  optional_policy(`
  	ppp_use_fds(postfix_postqueue_t)
  	ppp_sigchld(postfix_postqueue_t)
-@@ -454,8 +489,6 @@
+@@ -454,8 +493,6 @@
  init_sigchld_script(postfix_postqueue_t)
  init_use_script_fds(postfix_postqueue_t)
  
@@ -13521,7 +13607,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix qmgr local policy
-@@ -498,15 +531,11 @@
+@@ -498,15 +535,11 @@
  term_use_all_user_ptys(postfix_showq_t)
  term_use_all_user_ttys(postfix_showq_t)
  
@@ -13537,7 +13623,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # connect to master process
  stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
  
-@@ -514,6 +543,8 @@
+@@ -514,6 +547,8 @@
  
  allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
  
@@ -13546,7 +13632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  optional_policy(`
  	cyrus_stream_connect(postfix_smtp_t)
  ')
-@@ -538,9 +569,45 @@
+@@ -538,9 +573,45 @@
  mta_read_aliases(postfix_smtpd_t)
  
  optional_policy(`
@@ -13750,9 +13836,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /var/run/postgrey\.pid	--	gen_context(system_u:object_r:postgrey_var_run_t,s0)
 +
 +/var/spool/postfix/postgrey(/.*)?	gen_context(system_u:object_r:postgrey_spool_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.0.8/policy/modules/services/postgrey.if
+--- nsaserefpolicy/policy/modules/services/postgrey.if	2007-10-22 13:21:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/postgrey.if	2008-04-14 10:39:57.000000000 -0400
+@@ -12,10 +12,11 @@
+ #
+ interface(`postgrey_stream_connect',`
+         gen_require(`
+-                type postgrey_var_run_t, postgrey_t;
++                type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
+         ')
+ 
+ 	allow $1 postgrey_t:unix_stream_socket connectto;
+         allow $1 postgrey_var_run_t:sock_file write;
++        allow $1 postgrey_spool_t:sock_file write;
+ 	files_search_pids($1)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.0.8/policy/modules/services/postgrey.te
 --- nsaserefpolicy/policy/modules/services/postgrey.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/postgrey.te	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/postgrey.te	2008-04-14 10:40:08.000000000 -0400
 @@ -13,6 +13,9 @@
  type postgrey_etc_t;
  files_config_file(postgrey_etc_t)
@@ -13763,7 +13865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  type postgrey_var_lib_t;
  files_type(postgrey_var_lib_t)
  
-@@ -24,15 +27,20 @@
+@@ -24,15 +27,21 @@
  # Local policy
  #
  
@@ -13781,11 +13883,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +manage_dirs_pattern(postgrey_t,postgrey_spool_t,postgrey_spool_t)
 +manage_files_pattern(postgrey_t,postgrey_spool_t,postgrey_spool_t)
 +manage_fifo_files_pattern(postgrey_t,postgrey_spool_t,postgrey_spool_t)
++manage_sock_files_pattern(postgrey_t,postgrey_spool_t,postgrey_spool_t)
 +
  manage_files_pattern(postgrey_t,postgrey_var_lib_t,postgrey_var_lib_t)
  files_var_lib_filetrans(postgrey_t,postgrey_var_lib_t,file)
  
-@@ -68,6 +76,8 @@
+@@ -68,6 +77,8 @@
  fs_getattr_all_fs(postgrey_t)
  fs_search_auto_mountpoints(postgrey_t)
  
@@ -13794,7 +13897,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  libs_use_ld_so(postgrey_t)
  libs_use_shared_libs(postgrey_t)
  
-@@ -75,13 +85,12 @@
+@@ -75,13 +86,12 @@
  
  miscfiles_read_localization(postgrey_t)
  
@@ -14190,6 +14293,29 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +	')
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.0.8/policy/modules/services/privoxy.fc
+--- nsaserefpolicy/policy/modules/services/privoxy.fc	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/privoxy.fc	2008-04-08 08:26:27.000000000 -0400
+@@ -1,6 +1,8 @@
+ 
+ /etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
+ 
++/etc/privoxy/default\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
++
+ /usr/sbin/privoxy	--	gen_context(system_u:object_r:privoxy_exec_t,s0)
+ 
+ /var/log/privoxy(/.*)?		gen_context(system_u:object_r:privoxy_log_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.0.8/policy/modules/services/privoxy.te
+--- nsaserefpolicy/policy/modules/services/privoxy.te	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/privoxy.te	2008-04-09 08:36:50.000000000 -0400
+@@ -51,6 +51,7 @@
+ corenet_tcp_connect_http_cache_port(privoxy_t)
+ corenet_tcp_connect_ftp_port(privoxy_t)
+ corenet_tcp_connect_tor_port(privoxy_t)
++corenet_tcp_connect_pgpkeyserver_port(privoxy_t)
+ corenet_sendrecv_http_cache_client_packets(privoxy_t)
+ corenet_sendrecv_http_cache_server_packets(privoxy_t)
+ corenet_sendrecv_http_client_packets(privoxy_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.0.8/policy/modules/services/procmail.fc
 --- nsaserefpolicy/policy/modules/services/procmail.fc	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/procmail.fc	2008-04-04 16:11:03.000000000 -0400
@@ -14845,32 +14971,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
 -allow rlogind_t userpty_type:chr_file setattr;
 +	kerberos_manage_host_rcache(rlogind_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.0.8/policy/modules/services/rpcbind.te
---- nsaserefpolicy/policy/modules/services/rpcbind.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/rpcbind.te	2008-04-04 16:11:03.000000000 -0400
-@@ -21,11 +21,13 @@
- # rpcbind local policy
- #
- 
--allow rpcbind_t self:capability setuid;
-+allow rpcbind_t self:capability { dac_override setuid sys_tty_config };
- allow rpcbind_t self:fifo_file rw_file_perms;
- allow rpcbind_t self:unix_stream_socket create_stream_socket_perms;
- allow rpcbind_t self:netlink_route_socket r_netlink_socket_perms;
- allow rpcbind_t self:udp_socket create_socket_perms;
-+# BROKEN ...
-+dontaudit rpcbind_t self:udp_socket listen;
- allow rpcbind_t self:tcp_socket create_stream_socket_perms;
- 
- manage_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t)
-@@ -37,6 +39,7 @@
- manage_sock_files_pattern(rpcbind_t,rpcbind_var_lib_t,rpcbind_var_lib_t)
- files_var_lib_filetrans(rpcbind_t,rpcbind_var_lib_t, { file dir sock_file })
- 
-+kernel_read_system_state(rpcbind_t)
- kernel_read_network_state(rpcbind_t)
- 
- corenet_all_recvfrom_unlabeled(rpcbind_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.0.8/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/rpc.if	2008-04-04 16:11:03.000000000 -0400
@@ -14998,6 +15098,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  tunable_policy(`allow_gssd_read_tmp',`
  	userdom_list_unpriv_users_tmp(gssd_t) 
  	userdom_read_unpriv_users_tmp_files(gssd_t) 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.0.8/policy/modules/services/rpcbind.te
+--- nsaserefpolicy/policy/modules/services/rpcbind.te	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/rpcbind.te	2008-04-04 16:11:03.000000000 -0400
+@@ -21,11 +21,13 @@
+ # rpcbind local policy
+ #
+ 
+-allow rpcbind_t self:capability setuid;
++allow rpcbind_t self:capability { dac_override setuid sys_tty_config };
+ allow rpcbind_t self:fifo_file rw_file_perms;
+ allow rpcbind_t self:unix_stream_socket create_stream_socket_perms;
+ allow rpcbind_t self:netlink_route_socket r_netlink_socket_perms;
+ allow rpcbind_t self:udp_socket create_socket_perms;
++# BROKEN ...
++dontaudit rpcbind_t self:udp_socket listen;
+ allow rpcbind_t self:tcp_socket create_stream_socket_perms;
+ 
+ manage_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t)
+@@ -37,6 +39,7 @@
+ manage_sock_files_pattern(rpcbind_t,rpcbind_var_lib_t,rpcbind_var_lib_t)
+ files_var_lib_filetrans(rpcbind_t,rpcbind_var_lib_t, { file dir sock_file })
+ 
++kernel_read_system_state(rpcbind_t)
+ kernel_read_network_state(rpcbind_t)
+ 
+ corenet_all_recvfrom_unlabeled(rpcbind_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.0.8/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/rshd.te	2008-04-04 16:11:03.000000000 -0400
@@ -17872,7 +17998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2008-04-14 09:15:01.000000000 -0400
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -19993,7 +20119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +/var/cfengine/outputs(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.0.8/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/logging.if	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/logging.if	2008-04-10 10:49:01.000000000 -0400
 @@ -34,6 +34,51 @@
  #
  interface(`logging_send_audit_msgs',`
@@ -20137,7 +20263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ##	Write generic log files.
  ## </summary>
  ## <param name="domain">
-@@ -597,3 +677,272 @@
+@@ -597,3 +677,273 @@
  	files_search_var($1)
  	manage_files_pattern($1,var_log_t,var_log_t)
  ')
@@ -20388,6 +20514,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +	domtrans_pattern(audisp_t,$2,$1)
 +
 +	allow audisp_t $2:file getattr;
++	allow $1 audisp_t:unix_stream_socket rw_socket_perms;
 +')
 +
 +########################################
@@ -20675,7 +20802,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
 +/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.0.8/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/lvm.te	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/lvm.te	2008-04-08 14:25:54.000000000 -0400
 @@ -44,9 +44,9 @@
  # Cluster LVM daemon local policy
  #
@@ -20930,7 +21057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.0.8/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/modutils.te	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/modutils.te	2008-04-08 14:23:01.000000000 -0400
 @@ -42,7 +42,7 @@
  # insmod local policy
  #
@@ -25356,58 +25483,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.0
 -	gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 -')
 +gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.8/Rules.modular
---- nsaserefpolicy/Rules.modular	2007-10-22 13:21:44.000000000 -0400
-+++ serefpolicy-3.0.8/Rules.modular	2008-04-04 16:11:04.000000000 -0400
-@@ -96,6 +96,9 @@
- 	@test -d $(builddir) || mkdir -p $(builddir)
- 	$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
- 
-+ifneq "$(UNK_PERMS)" ""
-+$(base_mod): CHECKMODULE += -U $(UNK_PERMS)
-+endif
- $(base_mod): $(base_conf)
- 	@echo "Compiling $(NAME) base module"
- 	$(verbose) $(CHECKMODULE) $^ -o $@
-@@ -144,6 +147,7 @@
- 
- $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
- $(tmpdir)/rolemap.conf: $(rolemap)
-+	$(verbose) echo "" > $@
- 	$(call parse-rolemap,base,$@)
- 
- $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.0.8/Rules.monolithic
---- nsaserefpolicy/Rules.monolithic	2007-10-22 13:21:43.000000000 -0400
-+++ serefpolicy-3.0.8/Rules.monolithic	2008-04-04 16:11:04.000000000 -0400
-@@ -63,6 +63,9 @@
- #
- # Build a binary policy locally
- #
-+ifneq "$(UNK_PERMS)" ""
-+$(polver): CHECKPOLICY += -U $(UNK_PERMS)
-+endif
- $(polver): $(policy_conf)
- 	@echo "Compiling $(NAME) $(polver)"
- ifneq ($(pv),$(kv))
-@@ -76,6 +79,9 @@
- #
- # Install a binary policy
- #
-+ifneq "$(UNK_PERMS)" ""
-+$(loadpath): CHECKPOLICY += -U $(UNK_PERMS)
-+endif
- $(loadpath): $(policy_conf)
- 	@mkdir -p $(policypath)
- 	@echo "Compiling and installing $(NAME) $(loadpath)"
-@@ -127,6 +133,7 @@
- 	@echo "divert" >> $@
- 
- $(tmpdir)/rolemap.conf: $(rolemap)
-+	$(verbose) echo "" > $@
- 	$(call parse-rolemap,base,$@)
- 
- $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.0.8/support/Makefile.devel
 --- nsaserefpolicy/support/Makefile.devel	2007-10-22 13:21:44.000000000 -0400
 +++ serefpolicy-3.0.8/support/Makefile.devel	2008-04-04 16:11:04.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3aa6c4d..695835f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 98%{?dist}
+Release: 99%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Apr 8 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-99
+- Allow privoxy to write to /etc/privoxy/default\.action 
+
 * Fri Apr 4 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-98
 - dontaudit setfiles reading links
 - allow semanage sys_resource