diff --git a/policy-20070703.patch b/policy-20070703.patch
index ed36058..223995c 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -4586,7 +4586,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  type lvm_control_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.0.8/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/domain.if	2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/domain.if	2008-01-31 15:48:18.000000000 -0500
 @@ -45,6 +45,11 @@
  	# start with basic domain
  	domain_base_type($1)
@@ -7775,7 +7775,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.0.8/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cron.te	2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/cron.te	2008-01-31 15:35:05.000000000 -0500
 @@ -50,6 +50,7 @@
  
  type crond_tmp_t;
@@ -11671,6 +11671,111 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
  	logrotate_exec(ntpd_t)
  ')
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.0.8/policy/modules/services/oddjob.fc
+--- nsaserefpolicy/policy/modules/services/oddjob.fc	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/oddjob.fc	2008-01-31 15:24:30.000000000 -0500
+@@ -1,5 +1,5 @@
+-/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
++/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+ 
+ /usr/sbin/oddjobd		--	gen_context(system_u:object_r:oddjob_exec_t,s0)
+ 
+-/var/run/oddjobd.pid			gen_context(system_u:object_r:oddjob_var_run_t,s0)
++/var/run/oddjobd\.pid			gen_context(system_u:object_r:oddjob_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.0.8/policy/modules/services/oddjob.if
+--- nsaserefpolicy/policy/modules/services/oddjob.if	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/oddjob.if	2008-01-31 15:50:05.000000000 -0500
+@@ -44,6 +44,7 @@
+ 	')
+ 
+ 	domtrans_pattern(oddjob_t, $2, $1)
++	domain_user_exemption_target($1)
+ ')
+ 
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.0.8/policy/modules/services/oddjob.te
+--- nsaserefpolicy/policy/modules/services/oddjob.te	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/oddjob.te	2008-01-31 15:59:20.000000000 -0500
+@@ -1,5 +1,5 @@
+ 
+-policy_module(oddjob,1.3.0)
++policy_module(oddjob,1.4.0)
+ 
+ ########################################
+ #
+@@ -10,14 +10,20 @@
+ type oddjob_exec_t;
+ domain_type(oddjob_t)
+ init_daemon_domain(oddjob_t, oddjob_exec_t)
++domain_obj_id_change_exemption(oddjob_t)
+ domain_subj_id_change_exemption(oddjob_t)
+ 
+ type oddjob_mkhomedir_t;
+ type oddjob_mkhomedir_exec_t;
+ domain_type(oddjob_mkhomedir_t)
+-init_daemon_domain(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
++domain_obj_id_change_exemption(oddjob_mkhomedir_t)
++init_system_domain(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
+ oddjob_system_entry(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
+ 
++ifdef(`enable_mcs',`
++	init_ranged_daemon_domain(oddjob_t,oddjob_exec_t,s0 - mcs_systemhigh)
++')
++
+ # pid files
+ type oddjob_var_run_t;
+ files_pid_file(oddjob_var_run_t)
+@@ -56,7 +62,6 @@
+ 
+ optional_policy(`
+ 	dbus_system_bus_client_template(oddjob,oddjob_t)
+-	dbus_send_system_bus(oddjob_t)
+ 	dbus_connect_system_bus(oddjob_t)
+ ')
+ 
+@@ -69,20 +74,38 @@
+ # oddjob_mkhomedir local policy
+ #
+ 
++allow oddjob_mkhomedir_t self:capability { chown fowner fsetid dac_override };
++allow oddjob_mkhomedir_t self:process setfscreate;
+ allow oddjob_mkhomedir_t self:fifo_file { read write };
+ allow oddjob_mkhomedir_t self:unix_stream_socket create_stream_socket_perms;
+ 
+ files_read_etc_files(oddjob_mkhomedir_t)
+ 
++kernel_read_system_state(oddjob_mkhomedir_t)
++
++auth_use_nsswitch(oddjob_mkhomedir_t)
++
+ libs_use_ld_so(oddjob_mkhomedir_t)
+ libs_use_shared_libs(oddjob_mkhomedir_t)
+ 
++logging_send_syslog_msg(oddjob_mkhomedir_t)
++
+ miscfiles_read_localization(oddjob_mkhomedir_t)
+ 
++selinux_get_fs_mount(oddjob_mkhomedir_t)
++selinux_validate_context(oddjob_mkhomedir_t)
++selinux_compute_access_vector(oddjob_mkhomedir_t)
++selinux_compute_create_context(oddjob_mkhomedir_t)
++selinux_compute_relabel_context(oddjob_mkhomedir_t)
++selinux_compute_user_contexts(oddjob_mkhomedir_t)
++
++seutil_read_config(oddjob_mkhomedir_t)
++seutil_read_file_contexts(oddjob_mkhomedir_t)
++seutil_read_default_contexts(oddjob_mkhomedir_t)
++
+ # Add/remove user home directories
++userdom_manage_unpriv_users_home_content_dirs(oddjob_mkhomedir_t)
+ userdom_home_filetrans_generic_user_home_dir(oddjob_mkhomedir_t)
+-userdom_manage_generic_user_home_content_dirs(oddjob_mkhomedir_t)
+-userdom_manage_generic_user_home_content_files(oddjob_mkhomedir_t)
+-userdom_manage_generic_user_home_dirs(oddjob_mkhomedir_t)
+-userdom_manage_staff_home_dirs(oddjob_mkhomedir_t)
++userdom_manage_all_users_home_content_dirs(oddjob_mkhomedir_t)
++userdom_manage_all_users_home_content_files(oddjob_mkhomedir_t)
+ userdom_generic_user_home_dir_filetrans_generic_user_home_content(oddjob_mkhomedir_t,notdevfile_class_set)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.te serefpolicy-3.0.8/policy/modules/services/openct.te
 --- nsaserefpolicy/policy/modules/services/openct.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/openct.te	2008-01-17 09:03:07.000000000 -0500
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e0f59a2..95f93d0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 82%{?dist}
+Release: 83%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-83
+- Make oddjob_mkhomedir work with confined login domains
+
 * Thu Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-82
 - Allow xdm to sys_ptrace