diff --git a/policy-20071130.patch b/policy-20071130.patch
index e1434d5..b3ff457 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -2057,7 +2057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
  files_search_var(mrtg_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.3.1/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.te	2008-06-02 13:05:27.551865000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.te	2008-06-02 14:14:11.007492000 -0400
 @@ -50,6 +50,7 @@
  files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
  
@@ -2129,7 +2129,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  ifdef(`hide_broken_symptoms',`
  	init_dontaudit_use_fds(ping_t)
  ')
-@@ -143,14 +149,6 @@
+@@ -143,11 +149,7 @@
  ')
  
  optional_policy(`
@@ -2138,13 +2138,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
 -
 -optional_policy(`
 -	nscd_socket_use(ping_t)
--')
--
--optional_policy(`
- 	pcmcia_use_cardmgr_fds(ping_t)
++	munin_append_log(ping_t)
  ')
  
-@@ -166,7 +164,6 @@
+ optional_policy(`
+@@ -166,7 +168,6 @@
  allow traceroute_t self:capability { net_admin net_raw setuid setgid };
  allow traceroute_t self:rawip_socket create_socket_perms;
  allow traceroute_t self:packet_socket create_socket_perms;
@@ -2152,7 +2150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  allow traceroute_t self:udp_socket create_socket_perms;
  
  kernel_read_system_state(traceroute_t)
-@@ -200,6 +197,8 @@
+@@ -200,6 +201,8 @@
  
  init_use_fds(traceroute_t)
  
@@ -2161,7 +2159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  libs_use_ld_so(traceroute_t)
  libs_use_shared_libs(traceroute_t)
  
-@@ -212,17 +211,7 @@
+@@ -212,17 +215,7 @@
  dev_read_urand(traceroute_t)
  files_read_usr_files(traceroute_t)
  
@@ -7879,7 +7877,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  ##	all protocols (TCP, UDP, etc)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2008-06-02 13:05:27.897681000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2008-06-02 13:39:41.079500000 -0400
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -7911,7 +7909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
  
  # act on all domains keys
-@@ -148,3 +156,31 @@
+@@ -148,3 +156,32 @@
  
  # receive from all domains over labeled networking
  domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -7943,6 +7941,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +
 +# broken kernel
 +dontaudit can_change_object_identity can_change_object_identity:key link;
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.3.1/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2008-02-26 08:23:11.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/kernel/files.fc	2008-06-02 13:05:27.900679000 -0400
@@ -9261,7 +9260,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +/etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if	2008-06-02 13:05:27.997581000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.if	2008-06-02 13:42:13.578110000 -0400
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -12080,7 +12079,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
 --- nsaserefpolicy/policy/modules/services/courier.fc	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.fc	2008-06-02 13:18:42.071469000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc	2008-06-02 13:48:21.471420000 -0400
 @@ -19,3 +19,5 @@
  /var/lib/courier(/.*)?			--	gen_context(system_u:object_r:courier_var_lib_t,s0)
  
@@ -12089,8 +12088,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +/var/spool/courier(/.*)?		gen_context(system_u:object_r:courier_spool_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
 --- nsaserefpolicy/policy/modules/services/courier.if	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.if	2008-06-02 13:23:16.805431000 -0400
-@@ -123,3 +123,95 @@
++++ serefpolicy-3.3.1/policy/modules/services/courier.if	2008-06-02 13:47:01.693545000 -0400
+@@ -123,3 +123,77 @@
  
  	domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
  ')
@@ -12151,24 +12150,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +
 +########################################
 +## <summary>
-+##	Allow domain to manage courier spool files
-+## </summary>
-+## <param name="prefix">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`courier_manage_spool_files',`
-+	gen_require(`
-+		type courier_spool_t;
-+	')
-+
-+	manage_files_pattern($1, courier_spool_t, courier_spool_t)
-+')
-+
-+########################################
-+## <summary>
 +##	Allow attempts to read and write to
 +##	courier unnamed pipes.
 +## </summary>
@@ -12188,13 +12169,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.te	2008-06-02 13:05:28.159420000 -0400
-@@ -9,7 +9,7 @@
++++ serefpolicy-3.3.1/policy/modules/services/courier.te	2008-06-02 14:16:40.361713000 -0400
+@@ -9,7 +9,10 @@
  courier_domain_template(authdaemon)
  
  type courier_etc_t;
 -files_type(courier_etc_t)
 +files_config_file(courier_etc_t)
++
++type courier_spool_t;
++files_type(courier_spool_t)
  
  courier_domain_template(pcp)
  
@@ -17788,8 +17772,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +/etc/rc.d/init.d/munin-node	--	gen_context(system_u:object_r:munin_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.3.1/policy/modules/services/munin.if
 --- nsaserefpolicy/policy/modules/services/munin.if	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/munin.if	2008-06-02 13:05:28.607972000 -0400
-@@ -80,3 +80,85 @@
++++ serefpolicy-3.3.1/policy/modules/services/munin.if	2008-06-02 14:10:59.161966000 -0400
+@@ -80,3 +80,104 @@
  
  	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
  ')
@@ -17874,7 +17858,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +	manage_all_pattern($1, httpd_munin_content_t)
 +')
 +
++########################################
++## <summary>
++##	Allow the specified domain to append
++##	to munin log files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`munin_append_log',`
++	gen_require(`
++		type munin_log_t;
++	')
 +
++	logging_search_logs($1)
++	allow $1 munin_log_t:dir list_dir_perms;
++	append_files_pattern($1,munin_log_t,munin_log_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.3.1/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2008-02-26 08:23:10.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/munin.te	2008-06-02 13:05:28.611965000 -0400
@@ -29985,7 +29988,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +/var/cfengine/outputs(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if	2008-06-02 13:05:29.438301000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.if	2008-06-02 13:38:43.771704000 -0400
 @@ -213,12 +213,7 @@
  ## </param>
  #