diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index afa1226..58c245b 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -238,7 +238,10 @@ allow_unlabeled_packets = true
 # 
 samba_domain_controller = false
 
-# Allow samba to export user home directories.
+# Allow samba to execute unconfined scripts
 # 
 samba_run_unconfined = true
 
+# Allow samba to enable homedirs
+# 
+openvpn_enable_homedirs=true
diff --git a/policy-20070501.patch b/policy-20070501.patch
index 0990cc5..26cac49 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -3803,7 +3803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  fs_search_auto_mountpoints(hplip_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.6.4/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cvs.te	2007-06-19 09:01:50.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cvs.te	2007-07-01 21:58:27.000000000 -0400
 @@ -16,6 +16,7 @@
  type cvs_t;
  type cvs_exec_t;
@@ -3820,6 +3820,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
  
  corecmd_exec_bin(cvs_t)
  corecmd_exec_shell(cvs_t)
+@@ -80,6 +82,7 @@
+ libs_use_shared_libs(cvs_t)
+ 
+ logging_send_syslog_msg(cvs_t)
++logging_send_audit_msgs(cvs_t)
+ 
+ miscfiles_read_localization(cvs_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.6.4/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/cyrus.te	2007-06-18 10:18:55.000000000 -0400
@@ -5101,7 +5109,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  corenet_tcp_connect_all_ports(ypxfr_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.6.4/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nscd.te	2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nscd.te	2007-07-02 11:36:33.000000000 -0400
 @@ -28,14 +28,14 @@
  # Local policy
  #
@@ -5120,15 +5128,36 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  allow nscd_t self:tcp_socket create_socket_perms;
  allow nscd_t self:udp_socket create_socket_perms;
  
-@@ -93,6 +93,7 @@
+@@ -72,6 +72,7 @@
+ corenet_udp_sendrecv_all_nodes(nscd_t)
+ corenet_tcp_sendrecv_all_ports(nscd_t)
+ corenet_udp_sendrecv_all_ports(nscd_t)
++corenet_udp_bind_all_nodes(nscd_t)
+ corenet_tcp_connect_all_ports(nscd_t)
+ corenet_sendrecv_all_client_packets(nscd_t)
+ corenet_rw_tun_tap_dev(nscd_t)
+@@ -92,6 +93,7 @@
+ libs_use_ld_so(nscd_t)
  libs_use_shared_libs(nscd_t)
  
++logging_send_audit_msgs(nscd_t)
  logging_send_syslog_msg(nscd_t)
-+logging_send_audit_msg(nscd_t)
  
  miscfiles_read_localization(nscd_t)
+@@ -105,12 +107,6 @@
+ userdom_dontaudit_use_unpriv_user_fds(nscd_t)
+ userdom_dontaudit_search_sysadm_home_dirs(nscd_t)
  
-@@ -119,3 +120,11 @@
+-ifdef(`targeted_policy',`
+-	term_use_unallocated_ttys(nscd_t)
+-	term_use_generic_ptys(nscd_t)
+-	files_dontaudit_read_root_files(nscd_t)
+-')
+-
+ optional_policy(`
+ 	udev_read_db(nscd_t)
+ ')
+@@ -119,3 +115,13 @@
  	xen_dontaudit_rw_unix_stream_sockets(nscd_t)
  	xen_append_log(nscd_t)
  ')
@@ -5138,6 +5167,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +		samba_append_log(nscd_t)
 +		samba_dontaudit_use_fds(nscd_t)
 +	')
++	samba_read_config(nscd_t)
++	samba_read_var_files(nscd_t)
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.6.4/policy/modules/services/ntp.te
@@ -5387,8 +5418,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.6.4/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openvpn.te	2007-06-18 10:18:55.000000000 -0400
-@@ -42,8 +42,8 @@
++++ serefpolicy-2.6.4/policy/modules/services/openvpn.te	2007-07-02 12:46:22.000000000 -0400
+@@ -6,6 +6,13 @@
+ # Declarations
+ #
+ 
++## <desc>
++## <p>
++## Allow openvpn to read home directories
++## </p>
++## </desc>
++gen_tunable(openvpn_enable_homedirs,false)
++
+ # main openvpn domain
+ type openvpn_t;
+ type openvpn_exec_t;
+@@ -42,8 +49,8 @@
  allow openvpn_t openvpn_var_log_t:file manage_file_perms;
  logging_log_filetrans(openvpn_t,openvpn_var_log_t,file)
  
@@ -5399,7 +5444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  
  kernel_read_kernel_sysctls(openvpn_t)
  kernel_read_net_sysctls(openvpn_t)
-@@ -66,6 +66,7 @@
+@@ -66,6 +73,7 @@
  corenet_udp_bind_openvpn_port(openvpn_t)
  corenet_sendrecv_openvpn_server_packets(openvpn_t)
  corenet_rw_tun_tap_dev(openvpn_t)
@@ -5407,6 +5452,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  
  dev_search_sysfs(openvpn_t)
  dev_read_rand(openvpn_t)
+@@ -80,10 +88,15 @@
+ logging_send_syslog_msg(openvpn_t)
+ 
+ miscfiles_read_localization(openvpn_t)
++miscfiles_read_certs(openvpn_t)
+ 
+ sysnet_dns_name_resolve(openvpn_t)
+ sysnet_exec_ifconfig(openvpn_t)
+ 
++tunable_policy(`openvpn_enable_homedirs',`
++	userdom_read_unpriv_users_home_content_files(openvpn_t)
++')
++
+ ifdef(`targeted_policy',`
+ 	# Need to interact with terminals if config option "auth-user-pass" is used
+ 	term_use_generic_ptys(openvpn_t)
+@@ -92,3 +105,4 @@
+ optional_policy(`
+ 	daemontools_service_domain(openvpn_t,openvpn_exec_t)
+ ')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-2.6.4/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2007-05-07 14:50:57.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/pcscd.te	2007-06-18 10:18:55.000000000 -0400
@@ -8676,12 +8742,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  files_dontaudit_search_isid_type_dirs(syslogd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.6.4/policy/modules/system/lvm.fc
 --- nsaserefpolicy/policy/modules/system/lvm.fc	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/lvm.fc	2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/lvm.fc	2007-07-02 16:24:54.000000000 -0400
 @@ -15,6 +15,7 @@
  #
  /etc/lvm(/.*)?			gen_context(system_u:object_r:lvm_etc_t,s0)
  /etc/lvm/\.cache	--	gen_context(system_u:object_r:lvm_metadata_t,s0)
-+/etc/lvm/cache(./*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
++/etc/lvm/cache(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
  /etc/lvm/archive(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
  /etc/lvm/backup(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
  /etc/lvm/lock(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index beed650..15dfc7a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz