diff --git a/policy-20070501.patch b/policy-20070501.patch
index 1092017..2c255d7 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -12,7 +12,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere
  .TP
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.6.4/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/flask/access_vectors	2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/flask/access_vectors	2007-07-12 10:27:08.000000000 -0400
 @@ -598,6 +598,8 @@
  	shmempwd
  	shmemgrp
@@ -5528,8 +5528,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.6.4/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openvpn.te	2007-07-06 10:36:14.000000000 -0400
-@@ -6,6 +6,13 @@
++++ serefpolicy-2.6.4/policy/modules/services/openvpn.te	2007-07-13 11:31:03.000000000 -0400
+@@ -1,11 +1,18 @@
+ 
+-policy_module(openvpn,1.2.0)
++policy_module(openvpn,1.2.2)
+ 
+ ########################################
+ #
  # Declarations
  #
  
@@ -5543,7 +5549,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  # main openvpn domain
  type openvpn_t;
  type openvpn_exec_t;
-@@ -42,8 +49,8 @@
+@@ -28,7 +35,9 @@
+ # openvpn local policy
+ #
+ 
+-allow openvpn_t self:capability { net_bind_service net_admin setgid setuid sys_tty_config };
++allow openvpn_t self:capability { dac_read_search dac_override net_bind_service net_admin setgid setuid sys_tty_config };
++allow openvpn_t self:process { signal getsched };
++
+ allow openvpn_t self:unix_dgram_socket { create_socket_perms sendto };
+ allow openvpn_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow openvpn_t self:udp_socket create_socket_perms;
+@@ -42,8 +51,8 @@
  allow openvpn_t openvpn_var_log_t:file manage_file_perms;
  logging_log_filetrans(openvpn_t,openvpn_var_log_t,file)
  
@@ -5554,7 +5571,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  
  kernel_read_kernel_sysctls(openvpn_t)
  kernel_read_net_sysctls(openvpn_t)
-@@ -66,6 +73,7 @@
+@@ -53,7 +62,8 @@
+ corecmd_exec_bin(openvpn_t)
+ corecmd_exec_shell(openvpn_t)
+ 
+-corenet_non_ipsec_sendrecv(openvpn_t)
++corenet_all_recvfrom_unlabeled(openvpn_t)
++corenet_all_recvfrom_netlabel(openvpn_t)
+ corenet_tcp_sendrecv_all_if(openvpn_t)
+ corenet_udp_sendrecv_all_if(openvpn_t)
+ corenet_tcp_sendrecv_generic_node(openvpn_t)
+@@ -66,6 +76,7 @@
  corenet_udp_bind_openvpn_port(openvpn_t)
  corenet_sendrecv_openvpn_server_packets(openvpn_t)
  corenet_rw_tun_tap_dev(openvpn_t)
@@ -5562,7 +5589,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  
  dev_search_sysfs(openvpn_t)
  dev_read_rand(openvpn_t)
-@@ -80,10 +88,15 @@
+@@ -80,15 +91,31 @@
  logging_send_syslog_msg(openvpn_t)
  
  miscfiles_read_localization(openvpn_t)
@@ -5571,18 +5598,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  sysnet_dns_name_resolve(openvpn_t)
  sysnet_exec_ifconfig(openvpn_t)
  
+-ifdef(`targeted_policy',`
+-	# Need to interact with terminals if config option "auth-user-pass" is used
+-	term_use_generic_ptys(openvpn_t)
 +tunable_policy(`openvpn_enable_homedirs',`
 +	userdom_read_unpriv_users_home_content_files(openvpn_t)
-+')
-+
- ifdef(`targeted_policy',`
- 	# Need to interact with terminals if config option "auth-user-pass" is used
- 	term_use_generic_ptys(openvpn_t)
-@@ -92,3 +105,4 @@
+ ')
+ 
  optional_policy(`
  	daemontools_service_domain(openvpn_t,openvpn_exec_t)
  ')
 +
++optional_policy(`
++	dbus_system_bus_client_template(openvpn,openvpn_t)
++	dbus_connect_system_bus(openvpn_t)
++	dbus_send_system_bus(openvpn_t)
++	networkmanager_dbus_chat(openvpn_t)
++')
++
++
++# Need to interact with terminals if config option "auth-user-pass" is used
++userdom_use_sysadm_terms(openvpn_t)
++
++optional_policy(`
++	unconfined_use_terminals(openvpn_t)
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-2.6.4/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2007-05-07 14:50:57.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/pcscd.te	2007-07-06 10:36:14.000000000 -0400
@@ -8046,8 +8087,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.te serefpolicy-2.6.4/policy/modules/system/brctl.te
 --- nsaserefpolicy/policy/modules/system/brctl.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/brctl.te	2007-07-10 12:53:45.000000000 -0400
-@@ -0,0 +1,42 @@
++++ serefpolicy-2.6.4/policy/modules/system/brctl.te	2007-07-12 15:50:34.000000000 -0400
+@@ -0,0 +1,41 @@
 +policy_module(brctl,1.0.0)
 +
 +########################################
@@ -8089,7 +8130,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
 +	term_dontaudit_use_unallocated_ttys(brctl_t)
 +	term_dontaudit_use_generic_ptys(brctl_t)
 +')
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.6.4/policy/modules/system/clock.te
 --- nsaserefpolicy/policy/modules/system/clock.te	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/clock.te	2007-07-06 10:36:14.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index fc734b8..e24b309 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 27%{?dist}
+Release: 28%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -360,6 +360,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Fri Jul 13 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-28
+- Additional rules for openvpn reading homedirs
+
 * Fri Jul 7 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-27
 - Add support for megadev