diff --git a/policy-20071130.patch b/policy-20071130.patch
index 4e90112..f7a5cad 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -7829,7 +7829,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
type power_device_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.3.1/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.if 2008-05-28 09:06:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.if 2008-05-29 15:38:40.259396000 -0400
@@ -525,7 +525,7 @@
')
@@ -19557,7 +19557,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if 2008-05-28 09:06:14.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if 2008-05-29 15:40:58.041343000 -0400
@@ -0,0 +1,208 @@
+
+## policy for polkit_auth
@@ -19769,8 +19769,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2008-05-29 09:55:32.281989000 -0400
-@@ -0,0 +1,206 @@
++++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2008-05-29 15:41:37.897816000 -0400
+@@ -0,0 +1,213 @@
+policy_module(polkit_auth,1.0.0)
+
+########################################
@@ -19946,16 +19946,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+# polkit_resolve local policy
+#
+
-+allow polkit_resolve_t self:capability { setuid sys_ptrace };
++allow polkit_resolve_t self:capability { setuid sys_nice sys_ptrace };
+allow polkit_resolve_t self:process getattr;
+
+allow polkit_resolve_t self:unix_dgram_socket create_socket_perms;
+allow polkit_resolve_t self:fifo_file rw_file_perms;
+allow polkit_resolve_t self:unix_stream_socket create_stream_socket_perms;
+
++read_files_pattern(polkit_resolve_t, polkit_var_lib_t, polkit_var_lib_t)
++
+can_exec(polkit_resolve_t, polkit_resolve_exec_t)
+corecmd_search_bin(polkit_resolve_t)
+
++polkit_domtrans_auth(polkit_resolve_t)
++
+files_read_etc_files(polkit_resolve_t)
+files_read_usr_files(polkit_resolve_t)
+
@@ -19970,6 +19974,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+
+optional_policy(`
+ dbus_system_bus_client_template(polkit_resolve, polkit_resolve_t)
++ optional_policy(`
++ consolekit_dbus_chat(polkit_resolve_t)
++ ')
+')
+
+optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a7601c5..1f69d8e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 59%{?dist}
+Release: 60%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,10 @@ exit 0
%endif
%changelog
+* Thu May 29 2008 Dan Walsh 3.3.1-60
+- Allow policykit_resolve to read polkit_var_lib
+- Other policykit fixes
+
* Thu May 29 2008 Dan Walsh 3.3.1-59
- Allow oddjob to change roles