diff --git a/policy-20070703.patch b/policy-20070703.patch
index e7840e7..4be5371 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -15580,7 +15580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2008-01-13 08:42:50.000000000 -0500
 @@ -26,7 +26,8 @@
  	type $1_chkpwd_t, can_read_shadow_passwords;
  	application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -15591,7 +15591,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	allow $1_chkpwd_t self:process getattr;
  
  	files_list_etc($1_chkpwd_t)
-@@ -106,9 +107,6 @@
+@@ -99,6 +100,7 @@
+ 
+ 	gen_require(`
+ 		type system_chkpwd_t, shadow_t;
++		type pam_t;
+ 	')
+ 
+ 	authlogin_common_auth_domain_template($1)
+@@ -106,9 +108,6 @@
  	role $3 types $1_chkpwd_t;
  	role $3 types system_chkpwd_t;
  
@@ -15601,7 +15609,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	dontaudit $2 shadow_t:file { getattr read };
  
  	# Transition from the user domain to this domain.
-@@ -169,6 +167,10 @@
+@@ -120,6 +119,8 @@
+ 
+ 	# Write to the user domain tty.
+ 	userdom_use_user_terminals($1,$1_chkpwd_t)
++	userdom_dontaudit_write_user_home_content_files($1, pam_t)
++
+ ')
+ 
+ ########################################
+@@ -169,6 +170,10 @@
  ## </param>
  #
  interface(`auth_login_pgm_domain',`
@@ -15612,7 +15629,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  	domain_type($1)
  	domain_subj_id_change_exemption($1)
-@@ -176,11 +178,34 @@
+@@ -176,11 +181,34 @@
  	domain_obj_id_change_exemption($1)
  	role system_r types $1;
  
@@ -15647,7 +15664,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	selinux_get_fs_mount($1)
  	selinux_validate_context($1)
  	selinux_compute_access_vector($1)
-@@ -196,20 +221,48 @@
+@@ -196,20 +224,48 @@
  	mls_fd_share_all_levels($1)
  
  	auth_domtrans_chk_passwd($1)
@@ -15697,7 +15714,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	tunable_policy(`allow_polyinstantiation',`
  		files_polyinstantiate_all($1)
  	')
-@@ -309,9 +362,6 @@
+@@ -309,9 +365,6 @@
  		type system_chkpwd_t, chkpwd_exec_t, shadow_t;
  	')
  
@@ -15707,7 +15724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	corecmd_search_bin($1)
  	domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
  
-@@ -329,6 +379,8 @@
+@@ -329,6 +382,8 @@
  
  	optional_policy(`
  		kerberos_use($1)
@@ -15716,7 +15733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  
  	optional_policy(`
-@@ -347,6 +399,37 @@
+@@ -347,6 +402,37 @@
  
  ########################################
  ## <summary>
@@ -15754,7 +15771,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Get the attributes of the shadow passwords file.
  ## </summary>
  ## <param name="domain">
-@@ -695,6 +778,24 @@
+@@ -695,6 +781,24 @@
  
  ########################################
  ## <summary>
@@ -15779,7 +15796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Execute pam programs in the PAM domain.
  ## </summary>
  ## <param name="domain">
-@@ -1318,16 +1419,14 @@
+@@ -1318,16 +1422,14 @@
  ## </param>
  #
  interface(`auth_use_nsswitch',`
@@ -15799,7 +15816,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	miscfiles_read_certs($1)
  
  	sysnet_dns_name_resolve($1)
-@@ -1347,6 +1446,8 @@
+@@ -1347,6 +1449,8 @@
  
  	optional_policy(`
  		samba_stream_connect_winbind($1)
@@ -15808,7 +15825,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  ')
  
-@@ -1381,3 +1482,181 @@
+@@ -1381,3 +1485,181 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -15992,7 +16009,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-01-08 15:36:56.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-01-13 08:42:16.000000000 -0500
 @@ -9,6 +9,13 @@
  attribute can_read_shadow_passwords;
  attribute can_write_shadow_passwords;
@@ -16043,13 +16060,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  term_use_all_user_ttys(pam_t)
  term_use_all_user_ptys(pam_t)
  
-@@ -111,19 +129,15 @@
+@@ -111,19 +129,14 @@
  logging_send_syslog_msg(pam_t)
  
  userdom_use_unpriv_users_fds(pam_t)
 +userdom_write_unpriv_users_tmp_files(pam_t)
 +userdom_dontaudit_read_unpriv_users_home_content_files(pam_t)
-+userdom_dontaudit_write_user_home_content_files(pam_t)
 +userdom_unlink_unpriv_users_tmp_files(pam_t)
  
  optional_policy(`
@@ -16067,7 +16083,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ########################################
  #
  # PAM console local policy
-@@ -149,6 +163,8 @@
+@@ -149,6 +162,8 @@
  dev_setattr_apm_bios_dev(pam_console_t)
  dev_getattr_dri_dev(pam_console_t)
  dev_setattr_dri_dev(pam_console_t)
@@ -16076,7 +16092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  dev_getattr_framebuffer_dev(pam_console_t)
  dev_setattr_framebuffer_dev(pam_console_t)
  dev_getattr_generic_usb_dev(pam_console_t)
-@@ -159,6 +175,8 @@
+@@ -159,6 +174,8 @@
  dev_setattr_mouse_dev(pam_console_t)
  dev_getattr_power_mgmt_dev(pam_console_t)
  dev_setattr_power_mgmt_dev(pam_console_t)
@@ -16085,7 +16101,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  dev_getattr_scanner_dev(pam_console_t)
  dev_setattr_scanner_dev(pam_console_t)
  dev_getattr_sound_dev(pam_console_t)
-@@ -200,6 +218,7 @@
+@@ -200,6 +217,7 @@
  
  fs_list_auto_mountpoints(pam_console_t)
  fs_list_noxattr_fs(pam_console_t)
@@ -16093,7 +16109,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  init_use_fds(pam_console_t)
  init_use_script_ptys(pam_console_t)
-@@ -236,7 +255,7 @@
+@@ -236,7 +254,7 @@
  
  optional_policy(`
  	xserver_read_xdm_pid(pam_console_t)
@@ -16102,7 +16118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
  
  ########################################
-@@ -256,6 +275,7 @@
+@@ -256,6 +274,7 @@
  userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t)
  userdom_dontaudit_use_unpriv_users_ptys(system_chkpwd_t)
  userdom_dontaudit_use_sysadm_terms(system_chkpwd_t)
@@ -16110,7 +16126,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  ########################################
  #
-@@ -302,3 +322,28 @@
+@@ -302,3 +321,28 @@
  	xserver_use_xdm_fds(utempter_t)
  	xserver_rw_xdm_pipes(utempter_t)
  ')
@@ -22154,8 +22170,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
 +## <summary>Policy for xguest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.0.8/policy/modules/users/xguest.te
 --- nsaserefpolicy/policy/modules/users/xguest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/xguest.te	2008-01-13 08:07:37.000000000 -0500
-@@ -0,0 +1,62 @@
++++ serefpolicy-3.0.8/policy/modules/users/xguest.te	2008-01-13 08:40:30.000000000 -0500
+@@ -0,0 +1,57 @@
 +policy_module(xguest,1.0.1)
 +
 +## <desc>
@@ -22182,12 +22198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
 +userdom_restricted_xwindows_user_template(xguest)
 +
 +optional_policy(`
-+	gen_require(`
-+		type xguest_mozilla_t;
-+	')
 +	mozilla_per_role_template(xguest, xguest_t, xguest_r)
-+	dbus_user_bus_client_template(xguest,xguest_mozilla,xguest_mozilla_t)
-+	dbus_connectto_user_bus(xguest,xguest_mozilla_t)
 +')
 +
 +# Allow mounting of file systems
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 98ef223..06ca623 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 74%{?dist}
+Release: 75%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-75
+- Alow postgrey to read postfix_etc_t
+- Lots of fixes to get javaplugin to run under xguest
+
 * Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-74
 - Allow updatedb to getatt on fifo_files