diff --git a/policy-20071130.patch b/policy-20071130.patch
index 0f1eef9..07ed8c9 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -18582,7 +18582,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-06-16 07:11:37.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2008-06-22 08:58:56.000000000 -0400
 @@ -13,6 +13,13 @@
  type NetworkManager_var_run_t;
  files_pid_file(NetworkManager_var_run_t)
@@ -18605,7 +18605,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
  dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
 -allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms };
-+allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched signal_perms };
++allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
  allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
  allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
  allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
@@ -18636,12 +18636,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  mls_file_read_all_levels(NetworkManager_t)
  
-@@ -83,9 +96,14 @@
+@@ -82,10 +95,16 @@
+ files_read_etc_files(NetworkManager_t)
  files_read_etc_runtime_files(NetworkManager_t)
  files_read_usr_files(NetworkManager_t)
- 
-+storage_getattr_fixed_disk_dev(NetworkManager_t)
++files_list_tmp(NetworkManager_t)
 +
++storage_getattr_fixed_disk_dev(NetworkManager_t)
+ 
  init_read_utmp(NetworkManager_t)
 +init_dontaudit_write_utmp(NetworkManager_t)
  init_domtrans_script(NetworkManager_t)
@@ -18651,7 +18653,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  libs_use_ld_so(NetworkManager_t)
  libs_use_shared_libs(NetworkManager_t)
  
-@@ -113,6 +131,9 @@
+@@ -113,6 +132,9 @@
  userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
  # Read gnome-keyring
  userdom_read_unpriv_users_home_content_files(NetworkManager_t)
@@ -18661,7 +18663,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  optional_policy(`
  	bind_domtrans(NetworkManager_t)
-@@ -129,21 +150,21 @@
+@@ -129,21 +151,21 @@
  ')
  
  optional_policy(`
@@ -18688,7 +18690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -155,19 +176,20 @@
+@@ -155,19 +177,20 @@
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b064423..bd53eb4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 67%{?dist}
+Release: 68%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,10 @@ exit 0
 %endif
 
 %changelog
+* Sun Jun 22 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-68
+- Allow virt to getsched and setsched on qemu 
+- Allow networkmanager to getattr on fixed disk
+
 * Wed Jun 4 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-66
 - Add slattach policy for eparis testing