diff --git a/policy-20071130.patch b/policy-20071130.patch
index e1434d5..b3ff457 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -2057,7 +2057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
files_search_var(mrtg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.3.1/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.te 2008-06-02 13:05:27.551865000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.te 2008-06-02 14:14:11.007492000 -0400
@@ -50,6 +50,7 @@
files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
@@ -2129,7 +2129,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
ifdef(`hide_broken_symptoms',`
init_dontaudit_use_fds(ping_t)
')
-@@ -143,14 +149,6 @@
+@@ -143,11 +149,7 @@
')
optional_policy(`
@@ -2138,13 +2138,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
-
-optional_policy(`
- nscd_socket_use(ping_t)
--')
--
--optional_policy(`
- pcmcia_use_cardmgr_fds(ping_t)
++ munin_append_log(ping_t)
')
-@@ -166,7 +164,6 @@
+ optional_policy(`
+@@ -166,7 +168,6 @@
allow traceroute_t self:capability { net_admin net_raw setuid setgid };
allow traceroute_t self:rawip_socket create_socket_perms;
allow traceroute_t self:packet_socket create_socket_perms;
@@ -2152,7 +2150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
allow traceroute_t self:udp_socket create_socket_perms;
kernel_read_system_state(traceroute_t)
-@@ -200,6 +197,8 @@
+@@ -200,6 +201,8 @@
init_use_fds(traceroute_t)
@@ -2161,7 +2159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
libs_use_ld_so(traceroute_t)
libs_use_shared_libs(traceroute_t)
-@@ -212,17 +211,7 @@
+@@ -212,17 +215,7 @@
dev_read_urand(traceroute_t)
files_read_usr_files(traceroute_t)
@@ -7879,7 +7877,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
## all protocols (TCP, UDP, etc)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2008-06-02 13:05:27.897681000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2008-06-02 13:39:41.079500000 -0400
@@ -5,6 +5,13 @@
#
# Declarations
@@ -7911,7 +7909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
# act on all domains keys
-@@ -148,3 +156,31 @@
+@@ -148,3 +156,32 @@
# receive from all domains over labeled networking
domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -7943,6 +7941,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+
+# broken kernel
+dontaudit can_change_object_identity can_change_object_identity:key link;
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.3.1/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2008-02-26 08:23:11.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/kernel/files.fc 2008-06-02 13:05:27.900679000 -0400
@@ -9261,7 +9260,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if 2008-06-02 13:05:27.997581000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.if 2008-06-02 13:42:13.578110000 -0400
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -12080,7 +12079,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
--- nsaserefpolicy/policy/modules/services/courier.fc 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.fc 2008-06-02 13:18:42.071469000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc 2008-06-02 13:48:21.471420000 -0400
@@ -19,3 +19,5 @@
/var/lib/courier(/.*)? -- gen_context(system_u:object_r:courier_var_lib_t,s0)
@@ -12089,8 +12088,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
+/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
--- nsaserefpolicy/policy/modules/services/courier.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.if 2008-06-02 13:23:16.805431000 -0400
-@@ -123,3 +123,95 @@
++++ serefpolicy-3.3.1/policy/modules/services/courier.if 2008-06-02 13:47:01.693545000 -0400
+@@ -123,3 +123,77 @@
domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
')
@@ -12151,24 +12150,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
+
+########################################
+##
-+## Allow domain to manage courier spool files
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`courier_manage_spool_files',`
-+ gen_require(`
-+ type courier_spool_t;
-+ ')
-+
-+ manage_files_pattern($1, courier_spool_t, courier_spool_t)
-+')
-+
-+########################################
-+##
+## Allow attempts to read and write to
+## courier unnamed pipes.
+##
@@ -12188,13 +12169,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.te 2008-06-02 13:05:28.159420000 -0400
-@@ -9,7 +9,7 @@
++++ serefpolicy-3.3.1/policy/modules/services/courier.te 2008-06-02 14:16:40.361713000 -0400
+@@ -9,7 +9,10 @@
courier_domain_template(authdaemon)
type courier_etc_t;
-files_type(courier_etc_t)
+files_config_file(courier_etc_t)
++
++type courier_spool_t;
++files_type(courier_spool_t)
courier_domain_template(pcp)
@@ -17788,8 +17772,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+/etc/rc.d/init.d/munin-node -- gen_context(system_u:object_r:munin_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.3.1/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/munin.if 2008-06-02 13:05:28.607972000 -0400
-@@ -80,3 +80,85 @@
++++ serefpolicy-3.3.1/policy/modules/services/munin.if 2008-06-02 14:10:59.161966000 -0400
+@@ -80,3 +80,104 @@
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
')
@@ -17874,7 +17858,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+ manage_all_pattern($1, httpd_munin_content_t)
+')
+
++########################################
++##
++## Allow the specified domain to append
++## to munin log files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`munin_append_log',`
++ gen_require(`
++ type munin_log_t;
++ ')
+
++ logging_search_logs($1)
++ allow $1 munin_log_t:dir list_dir_perms;
++ append_files_pattern($1,munin_log_t,munin_log_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.3.1/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2008-02-26 08:23:10.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/munin.te 2008-06-02 13:05:28.611965000 -0400
@@ -29985,7 +29988,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-06-02 13:05:29.438301000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-06-02 13:38:43.771704000 -0400
@@ -213,12 +213,7 @@
##
#