diff --git a/policy-20070501.patch b/policy-20070501.patch
index a908086..9508709 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -1970,7 +1970,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  /usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.if	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.if	2007-08-14 08:16:29.000000000 -0400
 @@ -343,8 +343,7 @@
  
  ########################################
@@ -2021,7 +2021,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -992,7 +1008,7 @@
+@@ -890,6 +906,8 @@
+ 		attribute file_type;
+ 	')
+ 
++	# Have to be able to read badly labeled files like file_context and ld.so.cache
++	files_read_all_files($1)
+ 	allow $1 { file_type $2 }:dir list_dir_perms;
+ 	relabel_dirs_pattern($1,{ file_type $2 },{ file_type $2 })
+ 	relabel_files_pattern($1,{ file_type $2 },{ file_type $2 })
+@@ -992,7 +1010,7 @@
  		attribute file_type;
  	')
  
@@ -2030,7 +2039,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -1320,7 +1336,7 @@
+@@ -1111,6 +1129,24 @@
+ 
+ ########################################
+ ## <summary>
++##	search all mount points.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`files_search_all_mountpoints',`
++	gen_require(`
++		attribute mountpoint;
++	')
++
++	allow $1 mountpoint:dir search_dir_perms;
++')
++
++########################################
++## <summary>
+ ##	List the contents of the root directory.
+ ## </summary>
+ ## <param name="domain">
+@@ -1320,7 +1356,7 @@
  		type boot_t;
  	')
  
@@ -2039,7 +2073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -3310,6 +3326,24 @@
+@@ -3310,6 +3346,24 @@
  
  ########################################
  ## <summary>
@@ -2064,7 +2098,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Get the attributes of files in /usr.
  ## </summary>
  ## <param name="domain">
-@@ -3386,6 +3420,24 @@
+@@ -3386,6 +3440,24 @@
  
  ########################################
  ## <summary>
@@ -2089,7 +2123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Read symbolic links in /usr.
  ## </summary>
  ## <param name="domain">
-@@ -3432,6 +3484,24 @@
+@@ -3432,6 +3504,24 @@
  
  ########################################
  ## <summary>
@@ -2114,7 +2148,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Do not audit attempts to search /usr/src.
  ## </summary>
  ## <param name="domain">
-@@ -3637,7 +3707,7 @@
+@@ -3637,7 +3727,7 @@
  		type var_t;
  	')
  
@@ -2123,7 +2157,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -3993,7 +4063,7 @@
+@@ -3993,7 +4083,7 @@
  		type var_lock_t;
  	')
  
@@ -2132,7 +2166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -4012,7 +4082,7 @@
+@@ -4012,7 +4102,7 @@
  		type var_t, var_lock_t;
  	')
  
@@ -2141,7 +2175,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -4181,7 +4251,7 @@
+@@ -4181,7 +4271,7 @@
  		type var_run_t;
  	')
  
@@ -2150,7 +2184,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -4529,6 +4599,8 @@
+@@ -4529,6 +4619,8 @@
  	# Need to give access to /selinux/member
  	selinux_compute_member($1)
  
@@ -2159,7 +2193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  	# Need sys_admin capability for mounting
  	allow $1 self:capability { chown fsetid sys_admin };
  
-@@ -4551,6 +4623,8 @@
+@@ -4551,6 +4643,8 @@
  	# Default type for mountpoints
  	allow $1 poly_t:dir { create mounton };
  	fs_unmount_xattr_fs($1)
@@ -2168,7 +2202,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ')
  
  ########################################
-@@ -4588,3 +4662,28 @@
+@@ -4588,3 +4682,28 @@
  
  	allow $1 { file_type -security_file_type }:dir manage_dir_perms;
  ')
@@ -3046,7 +3080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.6.4/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apache.te	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apache.te	2007-08-14 06:47:44.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(apache,1.6.0)
@@ -3243,7 +3277,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	daemontools_service_domain(httpd_t, httpd_exec_t)
  ')
  
-@@ -606,6 +673,8 @@
+@@ -486,7 +553,6 @@
+ 
+ optional_policy(`
+ 	nagios_read_config(httpd_t)
+-	nagios_domtrans_cgi(httpd_t)
+ ')
+ 
+ optional_policy(`
+@@ -606,6 +672,8 @@
  manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -3252,7 +3294,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  kernel_read_kernel_sysctls(httpd_suexec_t)
  kernel_list_proc(httpd_suexec_t)
  kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -668,6 +737,12 @@
+@@ -668,6 +736,12 @@
  	fs_exec_nfs_files(httpd_suexec_t)
  ')
  
@@ -3265,21 +3307,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_suexec_t)
  	fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -689,13 +764,6 @@
- 	nagios_domtrans_cgi(httpd_suexec_t)
+@@ -685,18 +759,6 @@
+ 	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
 -optional_policy(`
+-	nagios_domtrans_cgi(httpd_suexec_t)
+-')
+-
+-optional_policy(`
 -	nis_use_ypbind(httpd_suexec_t)
 -')
 -
 -optional_policy(`
 -	nscd_socket_use(httpd_suexec_t)
 -')
- 
+-
  ########################################
  #
-@@ -706,7 +774,8 @@
+ # Apache system script local policy
+@@ -706,7 +768,8 @@
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
  
@@ -3289,7 +3336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
  allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
  read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -720,21 +789,64 @@
+@@ -720,21 +783,64 @@
  # Should we add a boolean?
  apache_domtrans_rotatelogs(httpd_sys_script_t)
  
@@ -3309,15 +3356,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  
 -tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 +tunable_policy(`httpd_use_nfs', `
- 	fs_read_nfs_files(httpd_sys_script_t)
- 	fs_read_nfs_symlinks(httpd_sys_script_t)
- ')
- 
-+tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs', `
 +	fs_read_nfs_files(httpd_sys_script_t)
 +	fs_read_nfs_symlinks(httpd_sys_script_t)
 +')
 +
++tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs', `
+ 	fs_read_nfs_files(httpd_sys_script_t)
+ 	fs_read_nfs_symlinks(httpd_sys_script_t)
+ ')
+ 
 +tunable_policy(`httpd_enable_cgi && httpd_can_network_connect_db',`
 +	allow httpd_sys_script_t self:tcp_socket create_stream_socket_perms;
 +	allow httpd_sys_script_t self:udp_socket create_socket_perms;
@@ -3359,23 +3406,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -754,14 +866,8 @@
+@@ -754,14 +860,8 @@
  # Apache unconfined script local policy
  #
  
 -unconfined_domain(httpd_unconfined_script_t)
 -
- optional_policy(`
+-optional_policy(`
 -	cron_system_entry(httpd_t, httpd_exec_t)
 -')
 -
--optional_policy(`
+ optional_policy(`
 -	nscd_socket_use(httpd_unconfined_script_t)
 +	unconfined_domain(httpd_unconfined_script_t)
  ')
  
  ########################################
-@@ -784,7 +890,26 @@
+@@ -784,7 +884,26 @@
  
  miscfiles_read_localization(httpd_rotatelogs_t)
  
@@ -4632,7 +4679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.6.4/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dovecot.te	2007-08-13 07:17:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dovecot.te	2007-08-14 08:16:15.000000000 -0400
 @@ -15,6 +15,12 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -4664,6 +4711,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  kernel_read_kernel_sysctls(dovecot_t)
  kernel_read_system_state(dovecot_t)
  
+@@ -98,7 +104,7 @@
+ files_dontaudit_list_default(dovecot_t)
+ # Dovecot now has quota support and it uses getmntent() to find the mountpoints.
+ files_read_etc_runtime_files(dovecot_t)
+-files_getattr_all_mountpoints(dovecot_t)
++files_search_all_mountpoints(dovecot_t)
+ 
+ init_getattr_utmp(dovecot_t)
+ 
 @@ -110,9 +116,6 @@
  miscfiles_read_certs(dovecot_t)
  miscfiles_read_localization(dovecot_t)
@@ -5336,7 +5392,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-2.6.4/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mailman.te	2007-08-13 19:33:45.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mailman.te	2007-08-13 19:39:50.000000000 -0400
 @@ -55,6 +55,7 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0ee47d1..7c2b53f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 37%{?dist}
+Release: 38%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Tue Aug 13 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-38
+- Fix nagios_cgi problems
+
 * Mon Aug 13 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-37
 - Allow clamd to read kernel system state