diff --git a/policy-F12.patch b/policy-F12.patch
index 0cefdd1..2419eea 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -1611,7 +1611,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.32/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/admin/tmpreaper.te	2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/admin/tmpreaper.te	2009-12-22 10:55:00.000000000 -0500
 @@ -42,6 +42,7 @@
  cron_system_entry(tmpreaper_t, tmpreaper_exec_t)
  
@@ -5418,7 +5418,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.32/policy/modules/apps/screen.if
 --- nsaserefpolicy/policy/modules/apps/screen.if	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/apps/screen.if	2009-12-21 14:51:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/apps/screen.if	2009-12-22 11:38:50.000000000 -0500
 @@ -45,6 +45,7 @@
  
  	allow $1_screen_t self:capability { setuid setgid fsetid };
@@ -5447,16 +5447,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	auth_use_nsswitch($1_screen_t)
  	auth_dontaudit_read_shadow($1_screen_t)
  	auth_dontaudit_exec_utempter($1_screen_t)
-@@ -134,6 +141,12 @@
+@@ -134,6 +141,7 @@
  	userdom_create_user_pty($1_screen_t)
  	userdom_user_home_domtrans($1_screen_t, $3)
  	userdom_setattr_user_ptys($1_screen_t)
 +	userdom_setattr_user_ttys($1_screen_t)
-+
-+	optional_policy(`
-+		dbus_system_bus_client($1_screen_t)
-+		fprintd_dbus_chat($1_screen_t)
-+	')
  
  	tunable_policy(`use_samba_home_dirs',`
  		fs_cifs_domtrans($1_screen_t, $3)
@@ -10906,7 +10901,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2009-12-17 17:01:23.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2009-12-22 08:42:28.000000000 -0500
 @@ -33,12 +33,24 @@
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
@@ -10954,7 +10949,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
  
  kernel_read_ring_buffer(abrt_t)
-@@ -75,18 +90,33 @@
+@@ -75,18 +90,34 @@
  
  corecmd_exec_bin(abrt_t)
  corecmd_exec_shell(abrt_t)
@@ -10973,6 +10968,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_getattr_all_files(abrt_t)
  files_read_etc_files(abrt_t)
++files_read_var_lib_files(abrt_t)
  files_read_usr_files(abrt_t)
 +files_read_generic_tmp_files(abrt_t)
 +files_read_kernel_modules(abrt_t)
@@ -10988,7 +10984,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  sysnet_read_config(abrt_t)
  
-@@ -96,22 +126,90 @@
+@@ -96,22 +127,90 @@
  miscfiles_read_certs(abrt_t)
  miscfiles_read_localization(abrt_t)
  
@@ -11500,7 +11496,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/www/svn/conf(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.32/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/apache.if	2009-12-18 15:32:53.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/apache.if	2009-12-22 10:55:42.000000000 -0500
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -13082,7 +13078,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.6.32/policy/modules/services/asterisk.te
 --- nsaserefpolicy/policy/modules/services/asterisk.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/asterisk.te	2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/asterisk.te	2009-12-22 08:26:17.000000000 -0500
 @@ -34,18 +34,21 @@
  type asterisk_var_run_t;
  files_pid_file(asterisk_var_run_t)
@@ -15174,7 +15170,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.32/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/cups.fc	2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/cups.fc	2009-12-22 09:33:17.000000000 -0500
 @@ -13,10 +13,14 @@
  /etc/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/rc\.d/init\.d/cups	--	gen_context(system_u:object_r:cupsd_initrc_exec_t,s0)
@@ -15198,7 +15194,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/libexec/hal_lpadmin --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
  
  /usr/sbin/hp-[^/]+	--	gen_context(system_u:object_r:hplip_exec_t,s0)
-@@ -52,6 +57,8 @@
+@@ -52,13 +57,22 @@
  /var/lib/cups/certs	-d	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /var/lib/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  
@@ -15207,7 +15203,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/log/cups(/.*)?		gen_context(system_u:object_r:cupsd_log_t,s0)
  /var/log/turboprint.*		gen_context(system_u:object_r:cupsd_log_t,s0)
  
-@@ -61,4 +68,10 @@
+ /var/ccpd(/.*)?			gen_context(system_u:object_r:cupsd_var_run_t,s0)
++/var/ekpd(/.*)?			gen_context(system_u:object_r:cupsd_var_run_t,s0)
+ /var/run/cups(/.*)?		gen_context(system_u:object_r:cupsd_var_run_t,s0)
+ /var/run/hp.*\.pid	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
  /var/run/hp.*\.port	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
  /var/run/ptal-printd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
  /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
@@ -20672,7 +20671,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.32/policy/modules/services/portreserve.te
 --- nsaserefpolicy/policy/modules/services/portreserve.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/portreserve.te	2009-12-17 11:20:45.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/portreserve.te	2009-12-22 08:23:31.000000000 -0500
 @@ -21,6 +21,7 @@
  # Portreserve local policy
  #
@@ -20681,6 +20680,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow portreserve_t self:fifo_file rw_fifo_file_perms;
  allow portreserve_t self:unix_stream_socket create_stream_socket_perms;
  allow portreserve_t self:unix_dgram_socket { create_socket_perms sendto };
+@@ -37,6 +38,8 @@
+ manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
+ files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
+ 
++corecmd_getattr_bin_files(portreserve_t)
++
+ corenet_all_recvfrom_unlabeled(portreserve_t)
+ corenet_all_recvfrom_netlabel(portreserve_t)
+ corenet_tcp_bind_generic_node(portreserve_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.32/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2009-09-16 10:01:19.000000000 -0400
 +++ serefpolicy-3.6.32/policy/modules/services/postfix.fc	2009-12-17 11:20:45.000000000 -0500
@@ -23260,7 +23268,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read NFS exported content.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.32/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/rpc.te	2009-12-21 17:41:53.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/rpc.te	2009-12-22 08:26:30.000000000 -0500
 @@ -37,8 +37,14 @@
  # rpc_exec_t is the type of rpc daemon programs.
  rpc_domain_template(rpcd)
@@ -23332,15 +23340,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  tunable_policy(`nfs_export_all_ro',`
  	dev_getattr_all_blk_files(nfsd_t)
-@@ -182,6 +199,7 @@
+@@ -181,7 +198,9 @@
+ kernel_read_system_state(gssd_t)
  kernel_read_network_state(gssd_t)
  kernel_read_network_state_symlinks(gssd_t)	
++kernel_request_load_module(gssd_t)	
  kernel_search_network_sysctl(gssd_t)	
 +kernel_signal(gssd_t)	
  
  corecmd_exec_bin(gssd_t)
  
-@@ -189,8 +207,10 @@
+@@ -189,8 +208,10 @@
  fs_rw_rpc_sockets(gssd_t) 
  fs_read_rpc_files(gssd_t) 
  
@@ -23351,7 +23361,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  auth_use_nsswitch(gssd_t)
  auth_manage_cache(gssd_t) 
-@@ -199,10 +219,14 @@
+@@ -199,10 +220,14 @@
  
  mount_signal(gssd_t)
  
@@ -27658,7 +27668,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/nxserver/home/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.32/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.if	2009-12-18 14:57:53.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/xserver.if	2009-12-22 09:47:51.000000000 -0500
 @@ -74,6 +74,13 @@
  
  	domtrans_pattern($2, iceauth_exec_t, iceauth_t)
@@ -28148,7 +28158,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	domtrans_pattern($1, xserver_exec_t, xserver_t)
  ')
  
-@@ -1248,6 +1409,288 @@
+@@ -1248,6 +1409,316 @@
  
  ########################################
  ## <summary>
@@ -28297,6 +28307,34 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +')
 +
++########################################
++## <summary>
++##	append to .xsession-errors file
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit
++##	</summary>
++## </param>
++#
++interface(`xserver_append_xdm_home_files',`
++	gen_require(`
++		type xdm_home_t;
++		type xserver_tmp_t;
++	')
++
++	allow $1 xdm_home_t:file append_file_perms;
++	allow $1 xserver_tmp_t:file append_file_perms;
++
++	tunable_policy(`use_nfs_home_dirs',`
++		fs_append_nfs_files($1)
++	')
++
++	tunable_policy(`use_samba_home_dirs',`
++		fs_append_cifs_files($1)
++	')
++')
++
 +
 +#######################################
 +## <summary>
@@ -28437,7 +28475,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Interface to provide X object permissions on a given X server to
  ##	an X client domain.  Gives the domain complete control over the
  ##	display.
-@@ -1261,7 +1704,103 @@
+@@ -1261,7 +1732,103 @@
  interface(`xserver_unconfined',`
  	gen_require(`
  		attribute xserver_unconfined_type;
@@ -31433,7 +31471,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +permissive kdump_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.32/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/libraries.fc	2009-12-21 13:42:25.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/system/libraries.fc	2009-12-22 08:51:17.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -31756,7 +31794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +/usr/lib(64)?/nmm/liba52\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
-+/usr/lib(64)?/chromium-browser/libsandbox\.so 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/chromium-browser/.*\.so 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.6.32/policy/modules/system/libraries.if
 --- nsaserefpolicy/policy/modules/system/libraries.if	2009-09-16 10:01:19.000000000 -0400
 +++ serefpolicy-3.6.32/policy/modules/system/libraries.if	2009-12-17 11:20:47.000000000 -0500
@@ -32684,11 +32722,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.32/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/mount.if	2009-12-17 11:20:47.000000000 -0500
-@@ -20,6 +20,60 @@
++++ serefpolicy-3.6.32/policy/modules/system/mount.if	2009-12-22 09:40:10.000000000 -0500
+@@ -16,6 +16,61 @@
+ 	')
  
- ########################################
- ## <summary>
+ 	domtrans_pattern($1, mount_exec_t, mount_t)
++	mount_domtrans_fusermount($1)
++')
++
++########################################
++## <summary>
 +##	Execute fusermount in the mount domain.
 +## </summary>
 +## <param name="domain">
@@ -32739,14 +32782,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +
 +	dontaudit $1 fusermount_exec_t:file exec_file_perms;
-+')
-+
-+########################################
-+## <summary>
- ##	Execute mount in the mount domain, and
- ##	allow the specified role the mount domain,
- ##	and use the caller's terminal.
-@@ -51,6 +105,32 @@
+ ')
+ 
+ ########################################
+@@ -51,6 +107,32 @@
  
  ########################################
  ## <summary>
@@ -32779,7 +32818,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Execute mount in the caller domain.
  ## </summary>
  ## <param name="domain">
-@@ -84,9 +164,11 @@
+@@ -84,9 +166,11 @@
  interface(`mount_signal',`
  	gen_require(`
  		type mount_t;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2237716..889d126 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.32
-Release: 61%{?dist}
+Release: 62%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -449,10 +449,15 @@ exit 0
 %endif
 
 %changelog
+* Tue Dec 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-62
+- Add label for /var/ekpd
+- Allow portreserve to look at bin files
+- Allow gssd to ask the kernel to load modules
+- If you can run mount you can run fusermount
+
 * Mon Dec 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-61
 - Fixes for sandbox_x_server
 - Fix ntop policy
-- Allow screen to use fprintd
 - Sandbox fixes
 
 * Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-60