diff --git a/policy-20080710.patch b/policy-20080710.patch
index af3ef1f..80f7a4f 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -4496,7 +4496,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-12-05 08:34:30.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-12-10 08:53:06.000000000 -0500
@@ -0,0 +1,279 @@
+
+policy_module(nsplugin, 1.0.0)
@@ -4964,7 +4964,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.13/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/podsleuth.te 2008-12-09 14:43:48.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/podsleuth.te 2008-12-10 08:55:56.000000000 -0500
@@ -11,24 +11,61 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -5004,9 +5004,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+fs_read_dos_files(podsleuth_t)
+fs_search_dos(podsleuth_t)
+
-+fs_mount_nfs_fs(podsleuth_t)
-+fs_unmount_nfs_fs(podsleuth_t)
-+fs_getattr_nfs_fs(podsleuth_t)
++fs_mount_nfs(podsleuth_t)
++fs_unmount_nfs(podsleuth_t)
++fs_getattr_nfs(podsleuth_t)
+fs_read_nfs_files(podsleuth_t)
+fs_search_nfs(podsleuth_t)
+
@@ -7962,7 +7962,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.5.13/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.if 2008-12-08 16:43:51.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.if 2008-12-10 09:05:13.000000000 -0500
@@ -535,6 +535,24 @@
########################################
@@ -8735,7 +8735,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+# file contexts handled by userdomain and genhomedircon
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.5.13/policy/modules/roles/guest.if
--- nsaserefpolicy/policy/modules/roles/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/roles/guest.if 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/roles/guest.if 2008-12-10 08:30:33.000000000 -0500
@@ -0,0 +1,161 @@
+## Least privledge terminal user role
+
@@ -8747,7 +8747,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+##
+## The prefix of the user role (e.g., user
+## is the prefix for user_r).
-+##
++##
+##
+##
+#
@@ -9017,8 +9017,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-11-24 10:50:07.000000000 -0500
-@@ -4,27 +4,68 @@
++++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-12-10 08:25:28.000000000 -0500
+@@ -4,27 +4,79 @@
########################################
#
# Declarations
@@ -9089,6 +9089,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ cron_admin_template(sysadm)
+')
+
++optional_policy(`
++ xguest_role_change_template(staff)
++')
++
++optional_policy(`
++ guest_role_change_template(staff)
++')
++
++optional_policy(`
++ unprivuser_role_change_template(staff)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-10-17 08:49:14.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if 2008-11-24 10:49:49.000000000 -0500
@@ -16612,7 +16623,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/hal.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/hal.te 2008-12-10 09:04:13.000000000 -0500
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -16684,7 +16695,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Local hald mac policy
#
-+allow hald_mac_t self:capability { setgid setuid };
++allow hald_mac_t self:capability { setgid setuid sys_admin };
+
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
@@ -33113,7 +33124,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-12-04 16:32:18.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-12-10 09:16:20.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')