diff --git a/policy-20071130.patch b/policy-20071130.patch
index 18203fd..90b880e 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -17138,8 +17138,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.3.1/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2008-07-02 08:47:10.000000000 -0400
-@@ -54,6 +54,12 @@
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2008-07-03 14:50:17.000000000 -0400
+@@ -16,6 +16,7 @@
+ type kadmind_t;
+ type kadmind_exec_t;
+ init_daemon_domain(kadmind_t,kadmind_exec_t)
++domain_obj_id_change_exemption(kadmind_t)
+ 
+ type kadmind_log_t;
+ logging_log_file(kadmind_log_t)
+@@ -44,6 +45,7 @@
+ type krb5kdc_t;
+ type krb5kdc_exec_t;
+ init_daemon_domain(krb5kdc_t,krb5kdc_exec_t)
++domain_obj_id_change_exemption(krb5kdc_t)
+ 
+ type krb5kdc_log_t;
+ logging_log_file(krb5kdc_log_t)
+@@ -54,6 +56,12 @@
  type krb5kdc_var_run_t;
  files_pid_file(krb5kdc_var_run_t)
  
@@ -17152,7 +17168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  ########################################
  #
  # kadmind local policy
-@@ -62,7 +68,7 @@
+@@ -62,7 +70,7 @@
  # Use capabilities. Surplus capabilities may be allowed.
  allow kadmind_t self:capability { setuid setgid chown fowner dac_override sys_nice };
  dontaudit kadmind_t self:capability sys_tty_config;
@@ -17161,7 +17177,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  allow kadmind_t self:netlink_route_socket r_netlink_socket_perms;
  allow kadmind_t self:unix_dgram_socket { connect create write };
  allow kadmind_t self:tcp_socket connected_stream_socket_perms;
-@@ -91,6 +97,7 @@
+@@ -91,6 +99,7 @@
  kernel_read_kernel_sysctls(kadmind_t)
  kernel_list_proc(kadmind_t)
  kernel_read_proc_symlinks(kadmind_t)
@@ -17169,7 +17185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  
  corenet_all_recvfrom_unlabeled(kadmind_t)
  corenet_all_recvfrom_netlabel(kadmind_t)
-@@ -118,6 +125,12 @@
+@@ -118,6 +127,12 @@
  domain_use_interactive_fds(kadmind_t)
  
  files_read_etc_files(kadmind_t)
@@ -17182,7 +17198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  
  libs_use_ld_so(kadmind_t)
  libs_use_shared_libs(kadmind_t)
-@@ -127,6 +140,7 @@
+@@ -127,6 +142,7 @@
  miscfiles_read_localization(kadmind_t)
  
  sysnet_read_config(kadmind_t)
@@ -17190,7 +17206,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  
  userdom_dontaudit_use_unpriv_user_fds(kadmind_t)
  userdom_dontaudit_search_sysadm_home_dirs(kadmind_t)
-@@ -137,6 +151,7 @@
+@@ -137,6 +153,7 @@
  
  optional_policy(`
  	seutil_sigchld_newrole(kadmind_t)
@@ -17198,7 +17214,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  ')
  
  optional_policy(`
-@@ -151,7 +166,7 @@
+@@ -151,7 +168,7 @@
  # Use capabilities. Surplus capabilities may be allowed.
  allow krb5kdc_t self:capability { setuid setgid net_admin chown fowner dac_override sys_nice };
  dontaudit krb5kdc_t self:capability sys_tty_config;
@@ -17207,7 +17223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  allow krb5kdc_t self:netlink_route_socket r_netlink_socket_perms;
  allow krb5kdc_t self:tcp_socket create_stream_socket_perms;
  allow krb5kdc_t self:udp_socket create_socket_perms;
-@@ -215,6 +230,9 @@
+@@ -215,6 +232,9 @@
  files_read_usr_symlinks(krb5kdc_t)
  files_read_var_files(krb5kdc_t)
  
@@ -17217,7 +17233,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  libs_use_ld_so(krb5kdc_t)
  libs_use_shared_libs(krb5kdc_t)
  
-@@ -223,6 +241,7 @@
+@@ -223,6 +243,7 @@
  miscfiles_read_localization(krb5kdc_t)
  
  sysnet_read_config(krb5kdc_t)
@@ -17225,7 +17241,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  
  userdom_dontaudit_use_unpriv_user_fds(krb5kdc_t)
  userdom_dontaudit_search_sysadm_home_dirs(krb5kdc_t)
-@@ -233,8 +252,10 @@
+@@ -233,8 +254,10 @@
  
  optional_policy(`
  	seutil_sigchld_newrole(krb5kdc_t)
@@ -17925,7 +17941,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-07-02 09:53:40.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-07-03 14:44:32.000000000 -0400
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -18026,7 +18042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  	logrotate_read_tmp_files(system_mail_t)
  ')
  
-@@ -136,11 +175,38 @@
+@@ -136,11 +175,40 @@
  ')
  
  optional_policy(`
@@ -18047,6 +18063,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ')
  
 -# should break this up among sections:
++read_files_pattern(mailserver_delivery, system_mail_tmp_t, , system_mail_tmp_t)
+ 
 +init_stream_connect_script(mailserver_delivery)
 +init_rw_script_stream_sockets(mailserver_delivery)
 +
@@ -18055,7 +18073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
 +	fs_manage_cifs_files(mailserver_delivery)
 +	fs_manage_cifs_symlinks(mailserver_delivery)
 +')
- 
++
 +tunable_policy(`use_nfs_home_dirs',`
 +	fs_manage_nfs_dirs(mailserver_delivery)
 +	fs_manage_nfs_files(mailserver_delivery)
@@ -18066,7 +18084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  optional_policy(`
  	# why is mail delivered to a directory of type arpwatch_data_t?
  	arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +220,4 @@
+@@ -154,3 +222,4 @@
  		cron_read_system_job_tmp_files(mta_user_agent)
  	')
  ')
@@ -18907,7 +18925,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +/etc/rc.d/init.d/ypxfrd	--	gen_context(system_u:object_r:nis_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.3.1/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/nis.if	2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/nis.if	2008-07-03 12:18:46.000000000 -0400
+@@ -28,7 +28,7 @@
+ 		type var_yp_t;
+ 	')
+ 
+-	dontaudit $1 self:capability net_bind_service;
++	allow $1 self:capability net_bind_service;
+ 
+ 	allow $1 self:tcp_socket create_stream_socket_perms;
+ 	allow $1 self:udp_socket create_socket_perms;
 @@ -49,8 +49,8 @@
  	corenet_udp_bind_all_nodes($1)
  	corenet_tcp_bind_generic_port($1)
@@ -23066,12 +23093,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.fc serefpolicy-3.3.1/policy/modules/services/rsync.fc
 --- nsaserefpolicy/policy/modules/services/rsync.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.fc	2008-07-02 08:47:10.000000000 -0400
-@@ -1,2 +1,4 @@
++++ serefpolicy-3.3.1/policy/modules/services/rsync.fc	2008-07-03 14:07:54.000000000 -0400
+@@ -1,2 +1,6 @@
  
  /usr/bin/rsync		--	gen_context(system_u:object_r:rsync_exec_t,s0)
 +
-+/var/log/rsync.log      --	gen_context(system_u:object_r:rsync_log_t,s0)
++/var/log/rsync\.log      --	gen_context(system_u:object_r:rsync_log_t,s0)
++
++/var/run/rsyncd\.lock      --	gen_context(system_u:object_r:rsync_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.3.1/policy/modules/services/rsync.if
 --- nsaserefpolicy/policy/modules/services/rsync.if	2008-06-12 23:38:02.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/services/rsync.if	2008-07-02 08:47:10.000000000 -0400
@@ -31787,7 +31816,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  		samba_run_smbmount($1, $2, $3)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.3.1/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/mount.te	2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/mount.te	2008-07-03 15:35:42.000000000 -0400
 @@ -18,17 +18,18 @@
  init_system_domain(mount_t,mount_exec_t)
  role system_r types mount_t;
@@ -31840,26 +31869,29 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  dev_rw_lvm_control(mount_t)
  dev_dontaudit_getattr_all_chr_files(mount_t)
  dev_dontaudit_getattr_memory_dev(mount_t)
-@@ -62,6 +66,7 @@
+@@ -62,16 +66,19 @@
  storage_raw_write_fixed_disk(mount_t)
  storage_raw_read_removable_device(mount_t)
  storage_raw_write_removable_device(mount_t)
 +storage_rw_fuse(mount_t)
  
- fs_getattr_xattr_fs(mount_t)
- fs_getattr_cifs(mount_t)
-@@ -71,7 +76,10 @@
+-fs_getattr_xattr_fs(mount_t)
+-fs_getattr_cifs(mount_t)
++fs_list_all(mount_t)
++fs_getattr_all_fs(mount_t)
+ fs_mount_all_fs(mount_t)
+ fs_unmount_all_fs(mount_t)
+ fs_remount_all_fs(mount_t)
  fs_relabelfrom_all_fs(mount_t)
  fs_list_auto_mountpoints(mount_t)
  fs_rw_tmpfs_chr_files(mount_t)
 +fs_manage_tmpfs_dirs(mount_t)
  fs_read_tmpfs_symlinks(mount_t)
-+fs_search_fusefs_dirs(mount_t)
 +fs_manage_nfs_dirs(mount_t)
  
  term_use_all_terms(mount_t)
  
-@@ -100,6 +108,8 @@
+@@ -100,6 +107,8 @@
  init_use_fds(mount_t)
  init_use_script_ptys(mount_t)
  init_dontaudit_getattr_initctl(mount_t)
@@ -31868,7 +31900,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  auth_use_nsswitch(mount_t)
  
-@@ -119,6 +129,8 @@
+@@ -119,6 +128,8 @@
  seutil_read_config(mount_t)
  
  userdom_use_all_users_fds(mount_t)
@@ -31877,7 +31909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  ifdef(`distro_redhat',`
  	optional_policy(`
-@@ -167,6 +179,8 @@
+@@ -167,6 +178,8 @@
  	fs_search_rpc(mount_t)
  
  	rpc_stub(mount_t)
@@ -31886,7 +31918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  ')
  
  optional_policy(`
-@@ -181,6 +195,11 @@
+@@ -181,6 +194,11 @@
  	')
  ')
  
@@ -31898,7 +31930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  # for kernel package installation
  optional_policy(`
  	rpm_rw_pipes(mount_t)
-@@ -188,6 +207,7 @@
+@@ -188,6 +206,7 @@
  
  optional_policy(`
  	samba_domtrans_smbmount(mount_t)
@@ -31906,7 +31938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  ')
  
  ########################################
-@@ -198,4 +218,26 @@
+@@ -198,4 +217,26 @@
  optional_policy(`
  	files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
  	unconfined_domain(unconfined_mount_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3b973f2..4f6304b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 75%{?dist}
+Release: 76%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,12 +385,14 @@ exit 0
 %endif
 
 %changelog
+* Thu Jul 3 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-76
+- Allow ypbind apps to net_bind_service
+
 * Tue Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-75
 - Fix transition from unconfined_t to dhcpc_t
 - Allow all system domains and application domains to append to any log file
 - allow sendmail to use courier_spool fifo files
 
-
 * Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-74
 - Make virtd an unconfined domain