diff --git a/policy-F12.patch b/policy-F12.patch
index ec1474d..3e74fc4 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -2087,7 +2087,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.6.32/policy/modules/apps/chrome.te
 --- nsaserefpolicy/policy/modules/apps/chrome.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/chrome.te	2009-11-23 09:56:16.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/apps/chrome.te	2009-11-23 17:51:04.000000000 -0500
 @@ -0,0 +1,78 @@
 +policy_module(chrome,1.0.0)
 +
@@ -6604,7 +6604,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.32/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/domain.if	2009-11-18 09:37:10.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/kernel/domain.if	2009-11-23 17:51:00.000000000 -0500
 @@ -44,34 +44,6 @@
  interface(`domain_type',`
  	# start with basic domain
@@ -10329,7 +10329,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2009-11-23 13:56:57.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2009-11-23 16:38:25.000000000 -0500
 @@ -33,12 +33,23 @@
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
@@ -23624,7 +23624,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.32/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/sssd.te	2009-10-21 10:05:38.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/sssd.te	2009-11-23 17:38:36.000000000 -0500
 @@ -16,6 +16,9 @@
  type sssd_var_lib_t;
  files_type(sssd_var_lib_t)
@@ -23644,7 +23644,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow sssd_t self:process { setsched signal getsched };
  allow sssd_t self:fifo_file rw_file_perms;
  allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-@@ -33,10 +36,15 @@
+@@ -33,16 +36,23 @@
  manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
  files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir } )
  
@@ -23660,7 +23660,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  kernel_read_system_state(sssd_t)
  
  corecmd_exec_bin(sssd_t)
-@@ -58,6 +66,8 @@
+ 
+ dev_read_urand(sssd_t)
+ 
++domain_read_all_domains_state(sssd_t)
++
+ files_list_tmp(sssd_t)
+ files_read_etc_files(sssd_t)
+ files_read_usr_files(sssd_t)
+@@ -58,6 +68,8 @@
  
  miscfiles_read_localization(sssd_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3cf08fb..02c2cb9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.32
-Release: 48%{?dist}
+Release: 49%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -445,9 +445,32 @@ exit 0
 %endif
 
 %changelog
-* Fri Nov 20 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-48
-- Abrt connect to any port
+* Mon Nov 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-49
+- Allow sssd to read all processes domain
 
+* Mon Nov 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-48
+- Abrt connect to any port
+- Dontaudit chrome-sandbox trying to getattr on all processes
+- Allow passwd to execute gnome-keyring
+- Allow chrome_sandbox_t to read home content inherited from the parent
+- Fix eclipse labeling
+- Allow mozilla to connect to flash port
+- Allow pulseaudio to connect to unix_streams
+- Allow sambagui to read secrets file
+- Allow mount to mount unlabeled files
+- ALlow abrt to use ypbind, send kill signals
+- Allow arpwatch to create socket class
+- Allow asterisk to read urand
+- Allow corosync to communicate with user tmpfs
+- Allow devicedisk to read virt images block devices
+- Allow gpsd to sys_tty_config
+- Fix nagios interfaces
+- Policy for nagios plugins
+- Fixes for nx 
+- Allow rtkit_daemon to read locale file
+- Allow snort to create socket 
+- Additional perms for xauth
+- lots of textrel_lib_t file context
 
 * Tue Nov 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-47
 - Make mozilla call in execmem.if optional to fix build of minimum install