diff --git a/policy-20070703.patch b/policy-20070703.patch
index 0eb8f2a..ee238c6 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -3250,7 +3250,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.0.8/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if	2007-12-13 08:25:49.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if	2007-12-21 16:45:12.000000000 -0500
 @@ -36,6 +36,8 @@
  	gen_require(`
  		type mozilla_conf_t, mozilla_exec_t;
@@ -3295,7 +3295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	# X access, Home files
  	manage_dirs_pattern($1_mozilla_t,$1_mozilla_home_t,$1_mozilla_home_t)
  	manage_files_pattern($1_mozilla_t,$1_mozilla_home_t,$1_mozilla_home_t)
-@@ -96,15 +111,37 @@
+@@ -96,15 +111,39 @@
  	relabel_files_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
  	relabel_lnk_files_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
  
@@ -3333,15 +3333,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +		userdom_manage_user_home_content_dirs($1,$1_mozilla_t)
 +		userdom_manage_user_home_content_files($1,$1_mozilla_t)
 +		userdom_read_user_home_content_symlinks($1,$1_mozilla_t)
++		userdom_user_home_dir_filetrans_user_home_content($1,$1_mozilla_t, { file dir })
 +		', `
 +		# helper apps will try to create .files
 +		userdom_dontaudit_create_user_home_content_files($1,$1_mozilla_t)
++		userdom_user_home_dir_filetrans($1,$1_mozilla_t, $1_mozilla_home_t,dir)
 +	')
  	# Unrestricted inheritance from the caller.
  	allow $2 $1_mozilla_t:process { noatsecure siginh rlimitinh };
  
-@@ -115,8 +152,9 @@
+@@ -113,10 +152,12 @@
+ 	allow $2 $1_mozilla_t:process signal_perms;
+ 	
  	kernel_read_kernel_sysctls($1_mozilla_t)
++	kernel_read_fs_sysctls($1_mozilla_t)
  	kernel_read_network_state($1_mozilla_t)
  	# Access /proc, sysctl
 -	kernel_read_system_state($1_mozilla_t)
@@ -3352,7 +3357,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	# Look for plugins 
  	corecmd_list_bin($1_mozilla_t)
-@@ -165,11 +203,23 @@
+@@ -165,10 +206,23 @@
  	files_read_var_files($1_mozilla_t)
  	files_read_var_symlinks($1_mozilla_t)
   	files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -3370,13 +3375,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +	fs_manage_dos_dirs($1_mozilla_t)
 +	fs_manage_dos_files($1_mozilla_t)
  	fs_rw_tmpfs_files($1_mozilla_t)
- 
-+	selinux_dontaudit_getattr_fs($1_mozilla_t)
++	fs_read_noxattr_fs_files($1_mozilla_t)
 +
++	selinux_dontaudit_getattr_fs($1_mozilla_t)
+ 
  	term_dontaudit_getattr_pty_dirs($1_mozilla_t)
  	
- 	libs_use_ld_so($1_mozilla_t)
-@@ -184,16 +234,14 @@
+@@ -184,16 +238,13 @@
  	sysnet_dns_name_resolve($1_mozilla_t)
  	sysnet_read_config($1_mozilla_t)
  	
@@ -3388,7 +3393,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 -	userdom_manage_user_tmp_sockets($1,$1_mozilla_t)
 +	userdom_dontaudit_read_user_tmp_files($1,$1_mozilla_t)
 +	userdom_dontaudit_use_user_terminals($1,$1_mozilla_t)
-+	userdom_user_home_dir_filetrans($1,$1_mozilla_t, $1_mozilla_home_t,dir)
  	
  	xserver_user_client_template($1,$1_mozilla_t,$1_mozilla_tmpfs_t)
  	xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
@@ -3397,7 +3401,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  
  	tunable_policy(`allow_execmem',`
  		allow $1_mozilla_t self:process { execmem execstack };
-@@ -211,131 +259,8 @@
+@@ -211,131 +262,8 @@
  		fs_manage_cifs_symlinks($1_mozilla_t)
  	')
  
@@ -3531,7 +3535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
-@@ -350,21 +275,26 @@
+@@ -350,21 +278,27 @@
  	optional_policy(`
  		cups_read_rw_config($1_mozilla_t)
  		cups_dbus_chat($1_mozilla_t)
@@ -3543,7 +3547,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 -		dbus_send_system_bus($1_mozilla_t)
 -		dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
 -		dbus_send_user_bus($1,$1_mozilla_t)
-+#		dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
++#	dbus_send_user_bus(xguest,xguest_mozilla_t)
++#	dbus_connectto_user_bus(xguest,xguest_mozilla_t)
  	')
  
  	optional_policy(`
@@ -3562,7 +3567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	')
  
  	optional_policy(`
-@@ -384,25 +314,6 @@
+@@ -384,25 +318,6 @@
  		thunderbird_domtrans_user_thunderbird($1, $1_mozilla_t)
  	')
  
@@ -3588,7 +3593,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ')
  
  ########################################
-@@ -575,3 +486,27 @@
+@@ -575,3 +490,27 @@
  
  	allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
  ')
@@ -3894,7 +3899,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc	2007-12-18 11:39:11.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc	2007-12-21 13:30:42.000000000 -0500
 @@ -36,6 +36,11 @@
  /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -3951,7 +3956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  ifdef(`distro_gentoo', `
  /usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)?	gen_context(system_u:object_r:bin_t,s0)
-@@ -259,3 +269,18 @@
+@@ -259,3 +269,23 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -3970,6 +3975,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +/etc/apcupsd/mastertimeout  --    gen_context(system_u:object_r:bin_t,s0)
 +/etc/apcupsd/offbattery  --    gen_context(system_u:object_r:bin_t,s0)
 +/etc/apcupsd/onbattery  --    gen_context(system_u:object_r:bin_t,s0)
++
++/usr/lib/nspluginwrapper/npviewer.bin  --    gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/nspluginwrapper/npviewer  --    gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/nspluginwrapper/plugin-config  --    gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/nspluginwrapper/npconfig  --    gen_context(system_u:object_r:bin_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.if.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2007-10-22 13:21:42.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.if.in	2007-12-02 21:15:34.000000000 -0500
@@ -5013,7 +5023,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.0.8/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.if	2007-12-07 15:03:55.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.if	2007-12-21 13:39:28.000000000 -0500
 @@ -271,45 +271,6 @@
  
  ########################################
@@ -5481,8 +5491,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
  neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.0.8/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/storage.fc	2007-12-02 21:15:34.000000000 -0500
-@@ -6,6 +6,7 @@
++++ serefpolicy-3.0.8/policy/modules/kernel/storage.fc	2007-12-21 10:02:37.000000000 -0500
+@@ -6,18 +6,22 @@
  /dev/n?pt[0-9]+		-c	gen_context(system_u:object_r:tape_device_t,s0)
  /dev/n?tpqic[12].*	-c	gen_context(system_u:object_r:tape_device_t,s0)
  /dev/[shmx]d[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -5490,7 +5500,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  /dev/aztcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/bpcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/cdu.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
-@@ -18,6 +19,8 @@
+ /dev/cm20.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
+ /dev/dasd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ /dev/dm-[0-9]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
++/dev/drbd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ /dev/fd[^/]+		-b	gen_context(system_u:object_r:removable_device_t,s0)
+ /dev/flash[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ /dev/gscd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/hitcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/ht[0-1]		-b	gen_context(system_u:object_r:tape_device_t,s0)
  /dev/initrd		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -5499,7 +5515,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  /dev/jsfd		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/jsflash		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/loop.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-@@ -31,6 +34,7 @@
+@@ -31,6 +35,7 @@
  /dev/pcd[0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/pd[a-d][^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/pg[0-3]		-c	gen_context(system_u:object_r:removable_device_t,s0)
@@ -5507,7 +5523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  /dev/ram.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/rawctl		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/rd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-@@ -39,6 +43,7 @@
+@@ -39,6 +44,7 @@
  ')
  /dev/s(cd|r)[^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/sbpcd.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
@@ -5515,7 +5531,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  /dev/sg[0-9]+		-c	gen_context(system_u:object_r:scsi_generic_device_t,s0)
  /dev/sjcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/sonycd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-@@ -52,7 +57,7 @@
+@@ -52,7 +58,7 @@
  
  /dev/cciss/[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  
@@ -8075,7 +8091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-12-07 15:45:18.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-12-21 16:31:32.000000000 -0500
 @@ -50,6 +50,12 @@
  ## </param>
  #
@@ -8165,7 +8181,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  
  	# For connecting to the bus
  	allow $3 $1_dbusd_t:unix_stream_socket connectto;
-@@ -271,6 +297,32 @@
+@@ -271,6 +297,60 @@
  	allow $2 $1_dbusd_t:dbus send_msg;
  ')
  
@@ -8194,11 +8210,39 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +	allow $2 $1_dbusd_t:unix_stream_socket connectto;
 +')
 +
++########################################
++## <summary>
++##	Chat on user/application specific DBUS.
++## </summary>
++## <param name="domain_prefix">
++##	<summary>
++##	The prefix of the domain (e.g., user
++##	is the prefix for user_t).
++##	</summary>
++## </param>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++template(`dbus_chat_user_bus',`
++	gen_require(`
++		type $1_dbusd_t;
++		type $1_t;
++		class dbus send_msg;
++	')
++
++	allow $2 $1_dbusd_t:dbus send_msg;
++	allow $1_dbusd_t $2:dbus send_msg;
++	allow $2 $1_t:dbus send_msg;
++	allow $1_t $2:dbus send_msg;
++')
 +
  ########################################
  ## <summary>
  ##	Read dbus configuration.
-@@ -286,6 +338,7 @@
+@@ -286,6 +366,7 @@
  		type dbusd_etc_t;
  	')
  
@@ -8206,7 +8250,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  	allow $1 dbusd_etc_t:file read_file_perms;
  ')
  
-@@ -346,3 +399,55 @@
+@@ -346,3 +427,55 @@
  
  	allow $1 system_dbusd_t:dbus *;
  ')
@@ -21087,11 +21131,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.i
 +## <summary>Policy for guest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.0.8/policy/modules/users/guest.te
 --- nsaserefpolicy/policy/modules/users/guest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/guest.te	2007-12-04 14:31:41.000000000 -0500
-@@ -0,0 +1,3 @@
++++ serefpolicy-3.0.8/policy/modules/users/guest.te	2007-12-21 16:23:42.000000000 -0500
+@@ -0,0 +1,12 @@
 +policy_module(guest,1.0.1)
 +userdom_restricted_user_template(guest)
 +userdom_restricted_user_template(gadmin)
++
++optional_policy(`
++	gen_require(`
++		type xguest_mozilla_t;
++	')
++
++	dbus_chat_user_bus(xguest,xguest_mozilla_t)
++	dbus_connectto_user_bus(xguest,xguest_mozilla_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.0.8/policy/modules/users/logadm.fc
 --- nsaserefpolicy/policy/modules/users/logadm.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.0.8/policy/modules/users/logadm.fc	2007-12-02 21:15:34.000000000 -0500
@@ -21190,8 +21243,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
 +## <summary>Policy for xguest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.0.8/policy/modules/users/xguest.te
 --- nsaserefpolicy/policy/modules/users/xguest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/xguest.te	2007-12-07 15:55:04.000000000 -0500
-@@ -0,0 +1,60 @@
++++ serefpolicy-3.0.8/policy/modules/users/xguest.te	2007-12-21 14:05:50.000000000 -0500
+@@ -0,0 +1,55 @@
 +policy_module(xguest,1.0.1)
 +
 +## <desc>
@@ -21247,11 +21300,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
 +	')
 +')
 +
-+# The following lines are broken and had to be added by hand
-+#allow xguest_mozilla_t { xguest_dbusd_t self }:dbus send_msg;
-+#allow xguest_mozilla_t xguest_dbusd_t:dbus connectto;
-+#allow xguest_dbusd_t xguest_mozilla_t:dbus send_msg;
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.0.8/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2007-10-22 13:21:43.000000000 -0400
 +++ serefpolicy-3.0.8/policy/support/obj_perm_sets.spt	2007-12-02 21:15:34.000000000 -0500
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 47cfcd7..3bd5df7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 70%{?dist}
+Release: 71%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -382,6 +382,13 @@ exit 0
 %endif
 
 %changelog
+* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-71
+- add file context for nspluginwrapper
+
+* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-70
+- Allow mount.crypto to work
+- Allow fsck to read file_t
+
 * Wed Dec 12 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-69
 - Allow ssh to read sym links in homedirs