diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index 45b6fc4..f40a659 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -50,10 +50,6 @@ allow_saslauthd_read_shadow = false
 # 
 allow_smbd_anon_write = false
 
-# Allow sysadm to ptrace all processes
-# 
-allow_ptrace = false
-
 # Allow system to run with NIS
 # 
 allow_ypbind = false
@@ -142,10 +138,6 @@ samba_enable_home_dirs = false
 # 
 squid_connect_any = false
 
-# Allow ssh logins as sysadm_r:sysadm_t
-# 
-ssh_sysadm_login = false
-
 # Configure stunnel to be a standalone daemon orinetd service.
 # 
 stunnel_is_daemon = false
@@ -186,10 +178,6 @@ read_untrusted_content = false
 # 
 spamd_enable_home_dirs = true
 
-# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
-# 
-staff_read_sysadm_file = false
-
 # Allow regular users direct mouse access
 # 
 user_direct_mouse = false
diff --git a/modules-strict.conf b/modules-strict.conf
index d3945ae..28bdd4c 100644
--- a/modules-strict.conf
+++ b/modules-strict.conf
@@ -198,7 +198,7 @@ su = module
 #
 # APT advanced package toll.
 # 
-apt = module
+apt = off
 
 # Layer: admin
 # Module: dmesg
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e4cea55..2cd8a20 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -16,7 +16,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.3.3
-Release: 3
+Release: 4
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -341,6 +341,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Tue Jul 18 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-4
+- setroubleshootd fixes
+
 * Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-3
 - Allow prelink to read bin_t symlink
 - allow xfs to read random devices