diff --git a/policy-20070703.patch b/policy-20070703.patch
index 7078d77..4c7c7d6 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -2658,11 +2658,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.0.8/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2007-09-12 10:34:49.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/files.fc	2007-09-18 20:56:27.000000000 -0400
-@@ -210,6 +210,7 @@
++++ serefpolicy-3.0.8/policy/modules/kernel/files.fc	2007-09-25 09:00:58.000000000 -0400
+@@ -209,7 +209,8 @@
+ /usr/lost\+found		-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
  /usr/lost\+found/.*		<<none>>
  
- /usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
+-/usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
++#/usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
 +/usr/share/doc(/.*)?/README.*	gen_context(system_u:object_r:usr_t,s0)
  
  /usr/src(/.*)?			gen_context(system_u:object_r:src_t,s0)
@@ -8514,8 +8516,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  /var/run/samba/brlock\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.0.8/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2007-06-19 16:23:35.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/samba.if	2007-09-17 16:20:18.000000000 -0400
-@@ -349,6 +349,7 @@
++++ serefpolicy-3.0.8/policy/modules/services/samba.if	2007-09-24 17:17:53.000000000 -0400
+@@ -332,6 +332,25 @@
+ 
+ ########################################
+ ## <summary>
++##	dontaudit the specified domain to
++##	write samba /var files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`samba_dontaudit_write_var_files',`
++	gen_require(`
++		type samba_var_t;
++	')
++
++	dontaudit $1 samba_var_t:file write;
++')
++
++########################################
++## <summary>
+ ##	Allow the specified domain to
+ ##	read and write samba /var files.
+ ## </summary>
+@@ -349,6 +368,7 @@
  	files_search_var($1)
  	files_search_var_lib($1)
  	manage_files_pattern($1,samba_var_t,samba_var_t)
@@ -8523,7 +8551,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -493,3 +494,102 @@
+@@ -493,3 +513,102 @@
  	allow $1 samba_var_t:dir search_dir_perms;
  	stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t)
  ')
@@ -10428,7 +10456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-08-22 07:14:13.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-09-24 10:44:04.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-09-24 17:17:30.000000000 -0400
 @@ -26,7 +26,8 @@
  	type $1_chkpwd_t, can_read_shadow_passwords;
  	application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -10620,7 +10648,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	files_list_var_lib($1)
  
  	miscfiles_read_certs($1)
-@@ -1381,3 +1453,163 @@
+@@ -1347,6 +1419,8 @@
+ 
+ 	optional_policy(`
+ 		samba_stream_connect_winbind($1)
++		samba_read_var_files($1)
++		samba_dontaudit_write_var_files($1)
+ 	')
+ ')
+ 
+@@ -1381,3 +1455,163 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -13644,8 +13681,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.8/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/unconfined.te	2007-09-21 06:44:58.000000000 -0400
-@@ -5,28 +5,36 @@
++++ serefpolicy-3.0.8/policy/modules/system/unconfined.te	2007-09-24 17:02:03.000000000 -0400
+@@ -5,28 +5,38 @@
  #
  # Declarations
  #
@@ -13683,13 +13720,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  # Local policy
  #
  
++dontaudit unconfined_t self:dir write;
++
 +allow unconfined_t self:system syslog_read;
 +dontaudit unconfined_t self:capability sys_module;
 +
  domtrans_pattern(unconfined_t,unconfined_execmem_exec_t,unconfined_execmem_t)
  
  files_create_boot_flag(unconfined_t)
-@@ -35,6 +43,7 @@
+@@ -35,6 +45,7 @@
  mcs_ptrace_all(unconfined_t)
  
  init_run_daemon(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -13697,7 +13736,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  
  libs_run_ldconfig(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  
-@@ -42,37 +51,30 @@
+@@ -42,37 +53,30 @@
  logging_run_auditctl(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  
  mount_run_unconfined(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -13715,17 +13754,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  
  optional_policy(`
 -	ada_domtrans(unconfined_t)
--')
--
--optional_policy(`
--	apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
--	apache_per_role_template(unconfined,unconfined_t,unconfined_r)
--	# this is disallowed usage:
--	unconfined_domain(httpd_unconfined_script_t)
 +	ada_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  ')
  
  optional_policy(`
+-	apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
+-	apache_per_role_template(unconfined,unconfined_t,unconfined_r)
+-	# this is disallowed usage:
+-	unconfined_domain(httpd_unconfined_script_t)
+-')
+-
+-optional_policy(`
 -	bind_run_ndc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
 +	bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  ')
@@ -13743,7 +13782,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -118,11 +120,11 @@
+@@ -118,11 +122,11 @@
  ')
  
  optional_policy(`
@@ -13757,7 +13796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -134,11 +136,7 @@
+@@ -134,11 +138,7 @@
  ')
  
  optional_policy(`
@@ -13770,7 +13809,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -155,32 +153,23 @@
+@@ -155,32 +155,23 @@
  
  optional_policy(`
  	postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -13807,7 +13846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -205,11 +194,18 @@
+@@ -205,11 +196,18 @@
  ')
  
  optional_policy(`
@@ -13828,7 +13867,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  ########################################
-@@ -225,8 +221,20 @@
+@@ -225,8 +223,20 @@
  
  	init_dbus_chat_script(unconfined_execmem_t)
  	unconfined_dbus_chat(unconfined_execmem_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4e27975..08c16b7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -272,6 +272,7 @@ exit 0
 %if %{BUILD_TARGETED}
 %package targeted
 Summary: SELinux targeted base policy
+Provides: selinux-policy-base
 Group: System Environment/Base
 Obsoletes: selinux-policy-targeted-sources < 2
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@@ -315,6 +316,7 @@ exit 0
 %package olpc 
 Summary: SELinux olpc base policy
 Group: System Environment/Base
+Provides: selinux-policy-base
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
 Requires(pre): coreutils
 Requires(pre): selinux-policy = %{version}-%{release}
@@ -339,6 +341,7 @@ exit 0
 %package mls 
 Summary: SELinux mls base policy
 Group: System Environment/Base
+Provides: selinux-policy-base
 Obsoletes: selinux-policy-mls-sources < 2
 Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@@ -362,6 +365,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-12
+- Allow nsswitch apps to read samba_var_t
+
 * Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-11
 - Fix maxima