diff --git a/policy-20070703.patch b/policy-20070703.patch
index 2b76051..d41f30c 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -1801,7 +1801,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.0.8/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/prelink.te 2007-11-12 10:26:38.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/admin/prelink.te 2007-11-21 18:08:32.000000000 -0500
@@ -26,7 +26,7 @@
# Local policy
#
@@ -1830,16 +1830,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
corecmd_manage_all_executables(prelink_t)
corecmd_relabel_all_executables(prelink_t)
-@@ -65,6 +64,8 @@
+@@ -65,6 +64,10 @@
files_read_etc_files(prelink_t)
files_read_etc_runtime_files(prelink_t)
files_dontaudit_read_all_symlinks(prelink_t)
+files_manage_usr_files(prelink_t)
+files_relabelfrom_usr_files(prelink_t)
++files_manage_kernel_modules(prelink_t)
++files_relabel_kernel_modules(prelink_t)
fs_getattr_xattr_fs(prelink_t)
-@@ -81,6 +82,11 @@
+@@ -81,6 +84,11 @@
miscfiles_read_localization(prelink_t)
@@ -1851,7 +1853,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
optional_policy(`
amanda_manage_lib(prelink_t)
')
-@@ -88,3 +94,7 @@
+@@ -88,3 +96,7 @@
optional_policy(`
cron_system_entry(prelink_t, prelink_exec_t)
')
@@ -20498,8 +20500,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
+## Policy for xguest user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.0.8/policy/modules/users/xguest.te
--- nsaserefpolicy/policy/modules/users/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/xguest.te 2007-11-16 17:11:08.000000000 -0500
-@@ -0,0 +1,45 @@
++++ serefpolicy-3.0.8/policy/modules/users/xguest.te 2007-11-21 18:31:35.000000000 -0500
+@@ -0,0 +1,54 @@
+policy_module(xguest,1.0.1)
+
+##
@@ -20531,9 +20533,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
+optional_policy(`
+ tunable_policy(`xguest_mount_media',`
+ hal_dbus_chat(xguest_t)
++ init_read_utmp(xguest_t)
++ auth_list_pam_console_data(xguest_t)
++ kernel_read_fs_sysctls(xguest_t)
++ files_dontaudit_getattr_boot_dirs(xguest_t)
++ files_search_mnt(xguest_t)
++ fs_manage_noxattr_fs_files(xguest_t)
++ fs_manage_noxattr_fs_dirs(xguest_t)
++ fs_manage_noxattr_fs_dirs(xguest_t)
++ fs_getattr_noxattr_fs(xguest_t)
++ fs_read_noxattr_fs_symlinks(xguest_t)
+ ')
+')
-+
+optional_policy(`
+ tunable_policy(`xguest_connect_network',`
+ networkmanager_dbus_chat(xguest_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d1d2f70..9221254 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 60%{?dist}
+Release: 61%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -380,13 +380,15 @@ exit 0
%endif
%changelog
-* Wed Nov 20 2007 Dan Walsh 3.0.8-60
-- Allow cupsd to sigkill hplip_t
-- Allow automount to create fifo files
+* Wed Nov 20 2007 Dan Walsh 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes. Allows kiosk users to
- copy to usb media
+* Wed Nov 20 2007 Dan Walsh 3.0.8-60
+- Allow cupsd to sigkill hplip_t
+- Allow automount to create fifo files
+
* Tue Nov 20 2007 Dan Walsh 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl