diff --git a/modules-targeted.conf b/modules-targeted.conf
index 15fe413..73bf665 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -271,6 +271,13 @@ cups = base
 cvs = base
 
 # Layer: services
+# Module: cyphesis
+#
+# cyphesis game server
+# 
+cyphesis
+
+# Layer: services
 # Module: cyrus
 #
 # Cyrus is an IMAP service intended to be run on sealed servers
diff --git a/policy-20071130.patch b/policy-20071130.patch
index c5925e2..8328b45 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -3878,7 +3878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
 +/usr/bin/octave-[^/]*  	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2007-10-12 08:56:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/java.if	2008-02-26 16:14:55.000000000 -0500
 @@ -32,7 +32,7 @@
  ##	</summary>
  ## </param>
@@ -3903,8 +3903,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
 +	allow $1_javaplugin_t $1_t:unix_stream_socket connectto;
 +	allow $1_t $1_javaplugin_t:unix_stream_socket connectto;
  	allow $1_javaplugin_t $2:unix_stream_socket connectto;
- 	allow $1_javaplugin_t $2:unix_stream_socket { read write };
+-	allow $1_javaplugin_t $2:unix_stream_socket { read write };
 -	userdom_write_user_tmp_sockets($1,$1_javaplugin_t)
++	allow $1_javaplugin_t $2:tcp_socket { read write };
  
  	manage_dirs_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
  	manage_files_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
@@ -3972,7 +3973,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
  	userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
  	userdom_manage_user_home_content_files($1,$1_javaplugin_t)
  	userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
-@@ -156,15 +162,66 @@
+@@ -156,15 +162,67 @@
  	')
  
  	optional_policy(`
@@ -4028,6 +4029,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
 +	allow $1_java_t self:process { getsched sigkill execheap execmem execstack };
 +
 +	allow $2 $1_java_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh };
++	allow $1_javaplugin_t $2:tcp_socket { read write };
 +
 +	domtrans_pattern($2, java_exec_t, $1_java_t)
 +
@@ -4043,7 +4045,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
  	')
  ')
  
-@@ -219,3 +276,67 @@
+@@ -219,3 +277,67 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, java_exec_t, java_t)
  ')
@@ -4920,7 +4922,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +HOME_DIR/\.macromedia(/.*)?			gen_context(system_u:object_r:user_nsplugin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2008-02-26 16:13:57.000000000 -0500
 @@ -0,0 +1,339 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -6776,7 +6778,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2008-02-26 16:54:46.000000000 -0500
 @@ -1266,6 +1266,24 @@
  
  ########################################
@@ -6904,7 +6906,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  # etc_runtime_t is the type of various
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2007-10-24 15:00:24.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2008-02-26 16:54:33.000000000 -0500
 @@ -310,6 +310,25 @@
  
  ########################################
@@ -6992,7 +6994,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  ##	Relabel block nodes on tmpfs filesystems.
  ## </summary>
  ## <param name="domain">
-@@ -3551,3 +3608,103 @@
+@@ -3224,6 +3281,7 @@
+ 	')
+ 
+ 	allow $1 filesystem_type:filesystem getattr;
++	files_getattr_all_file_type_fs($1)
+ ')
+ 
+ ########################################
+@@ -3551,3 +3609,103 @@
  	relabelfrom_blk_files_pattern($1,noxattrfs,noxattrfs)
  	relabelfrom_chr_files_pattern($1,noxattrfs,noxattrfs)
  ')
@@ -7543,7 +7553,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
  # amavis local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2008-02-26 16:33:46.000000000 -0500
 @@ -16,7 +16,6 @@
  
  /usr/lib/apache-ssl/.+		--	gen_context(system_u:object_r:httpd_exec_t,s0)
@@ -7552,7 +7562,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  /usr/lib(64)?/apache(/.*)?		gen_context(system_u:object_r:httpd_modules_t,s0)
  /usr/lib(64)?/apache2/modules(/.*)?	gen_context(system_u:object_r:httpd_modules_t,s0)
  /usr/lib(64)?/apache(2)?/suexec(2)? --	gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
-@@ -71,5 +70,16 @@
+@@ -33,6 +32,7 @@
+ /usr/sbin/httpd2-.*		--	gen_context(system_u:object_r:httpd_exec_t,s0)
+ ')
+ 
++/usr/share/drupal(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /usr/share/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /usr/share/openca/htdocs(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+@@ -48,9 +48,11 @@
+ 
+ /var/lib/cacti/rra(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /var/lib/dav(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
++/var/lib/drupal(/.*)?			gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
+ /var/lib/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /var/lib/httpd(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
+ /var/lib/php/session(/.*)?		gen_context(system_u:object_r:httpd_var_run_t,s0)
++
+ /var/lib/squirrelmail/prefs(/.*)?	gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
+ 
+ /var/log/apache(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
+@@ -71,5 +73,16 @@
  
  /var/www(/.*)?				gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /var/www/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@ -9278,7 +9308,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
 --- nsaserefpolicy/policy/modules/services/bitlbee.te	2007-09-17 15:56:47.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2008-02-26 16:46:31.000000000 -0500
 @@ -17,6 +17,9 @@
  type bitlbee_var_t;
  files_type(bitlbee_var_t)
@@ -9289,10 +9319,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
  ########################################
  #
  # Local policy
-@@ -54,6 +57,9 @@
+@@ -54,6 +57,12 @@
  corenet_tcp_connect_msnp_port(bitlbee_t)
  corenet_tcp_sendrecv_msnp_port(bitlbee_t)
  
++corenet_tcp_connect_http_port(bitlbee_t)
++corenet_tcp_sendrecv_http_port(bitlbee_t)
++
 +dev_read_rand(bitlbee_t)
 +dev_read_urand(bitlbee_t)
 +
@@ -11113,7 +11146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.3.1/policy/modules/services/cyphesis.te
 --- nsaserefpolicy/policy/modules/services/cyphesis.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te	2008-02-26 16:19:56.000000000 -0500
 @@ -0,0 +1,92 @@
 +policy_module(cyphesis,1.0.0)
 +
@@ -19249,8 +19282,73 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +/etc/rc.d/init.d/smb		--	gen_context(system_u:object_r:samba_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/samba.if	2008-02-26 08:29:22.000000000 -0500
-@@ -331,6 +331,25 @@
++++ serefpolicy-3.3.1/policy/modules/services/samba.if	2008-02-26 17:31:18.000000000 -0500
+@@ -63,6 +63,25 @@
+ 
+ ########################################
+ ## <summary>
++##	Execute samba net in the samba_unconfined_net domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`samba_domtrans_unconfined_net',`
++	gen_require(`
++		type samba_unconfined_net_t, samba_net_exec_t;
++	')
++
++	corecmd_search_bin($1)
++	domtrans_pattern($1,samba_net_exec_t,samba_unconfined_net_t)
++')
++
++########################################
++## <summary>
+ ##	Execute samba net in the samba_net domain, and
+ ##	allow the specified role the samba_net domain.
+ ## </summary>
+@@ -95,6 +114,38 @@
+ 
+ ########################################
+ ## <summary>
++##	Execute samba net in the samba_unconfined_net domain, and
++##	allow the specified role the samba_unconfined_net domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++## <param name="role">
++##	<summary>
++##	The role to be allowed the samba_unconfined_net domain.
++##	</summary>
++## </param>
++## <param name="terminal">
++##	<summary>
++##	The type of the terminal allow the samba_unconfined_net domain to use.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`samba_run_net',`
++	gen_require(`
++		type samba_unconfined_net_t;
++	')
++
++	samba_domtrans_unconfined_net($1)
++	role $2 types samba_unconfined_net_t;
++	allow samba_unconfined_net_t $3:chr_file rw_term_perms;
++')
++
++########################################
++## <summary>
+ ##	Execute smbmount in the smbmount domain.
+ ## </summary>
+ ## <param name="domain">
+@@ -331,6 +382,25 @@
  
  ########################################
  ## <summary>
@@ -19276,7 +19374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ##	Allow the specified domain to
  ##	read and write samba /var files.
  ## </summary>
-@@ -348,6 +367,7 @@
+@@ -348,6 +418,7 @@
  	files_search_var($1)
  	files_search_var_lib($1)
  	manage_files_pattern($1,samba_var_t,samba_var_t)
@@ -19284,7 +19382,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -492,3 +512,221 @@
+@@ -492,3 +563,221 @@
  	allow $1 samba_var_t:dir search_dir_perms;
  	stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t)
  ')
@@ -19508,7 +19606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2008-02-19 17:24:26.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/samba.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/samba.te	2008-02-26 17:23:36.000000000 -0500
 @@ -59,6 +59,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs,false)
@@ -19776,7 +19874,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -790,3 +852,37 @@
+@@ -774,6 +836,12 @@
+ #
+ 
+ optional_policy(`
++	type samba_unconfined_net_t;
++	domain_type(samba_unconfined_net_t)
++	unconfined_domain(samba_unconfined_net_t)
++	manage_files_pattern(samba_unconfined_net_t,samba_etc_t,samba_secrets_t)
++	filetrans_pattern(samba_unconfined_net_t,samba_etc_t,samba_secrets_t,file)
++
+ 	type samba_unconfined_script_t;
+ 	type samba_unconfined_script_exec_t;
+ 	domain_type(samba_unconfined_script_t)
+@@ -790,3 +858,37 @@
  		domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
  	')
  ')
@@ -27865,7 +27976,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-02-13 16:26:06.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2008-02-26 17:21:16.000000000 -0500
 @@ -6,35 +6,67 @@
  # Declarations
  #
@@ -28082,7 +28193,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  
  optional_policy(`
  	samba_per_role_template(unconfined)
- 	samba_run_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
+-	samba_run_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
++	samba_run_unconfined_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  	samba_run_winbind_helper(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
 +	samba_run_smbcontrol(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 798850f..28d5c2a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -388,7 +388,9 @@ exit 0
 %endif
 
 %changelog
-* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-3
+* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-4
+- Add cyphesis policy
+
 
 * Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-2
 - Fix Makefile.devel to build mls modules