diff --git a/policy-F12.patch b/policy-F12.patch
index 4248d81..4e06a91 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -3539,16 +3539,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +miscfiles_read_localization(ptchown_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.28/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.28/policy/modules/apps/pulseaudio.te	2009-08-21 18:56:07.000000000 -0400
-@@ -22,6 +22,7 @@
++++ serefpolicy-3.6.28/policy/modules/apps/pulseaudio.te	2009-08-22 07:48:07.000000000 -0400
+@@ -22,6 +22,9 @@
  allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
  allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
  allow pulseaudio_t self:udp_socket create_socket_perms;
 +allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
++
++can_exec(pulseaudio_t, pulseaudio_exec_t)
  
  kernel_read_kernel_sysctls(pulseaudio_t)
  
-@@ -47,6 +48,7 @@
+@@ -47,6 +50,7 @@
  
  fs_rw_anon_inodefs_files(pulseaudio_t)
  fs_getattr_tmpfs(pulseaudio_t)
@@ -3556,15 +3558,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  term_use_all_user_ttys(pulseaudio_t)
  term_use_all_user_ptys(pulseaudio_t)
-@@ -81,12 +83,15 @@
- ')
- 
- optional_policy(`
-+	rpm_dbus_chat(pulseaudio_t)
+@@ -78,6 +82,15 @@
+ 	policykit_domtrans_auth(pulseaudio_t)
+ 	policykit_read_lib(pulseaudio_t)
+ 	policykit_read_reload(pulseaudio_t)
++	policykit_dbus_chat(pulseaudio_t)
 +')
 +
 +optional_policy(`
- 	udev_read_db(pulseaudio_t)
++	rtkit_daemon_system_domain(pulseaudio_t)
++')
++
++optional_policy(`
++	rpm_dbus_chat(pulseaudio_t)
+ ')
+ 
+ optional_policy(`
+@@ -85,8 +98,7 @@
  ')
  
  optional_policy(`
@@ -10536,7 +10546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.28/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.28/policy/modules/services/cron.te	2009-08-21 18:56:07.000000000 -0400
++++ serefpolicy-3.6.28/policy/modules/services/cron.te	2009-08-22 07:19:25.000000000 -0400
 @@ -38,6 +38,10 @@
  type cron_var_lib_t;
  files_type(cron_var_lib_t)
@@ -10811,7 +10821,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	# via redirection of standard out.
  	optional_policy(`
  		rpm_manage_log(system_cronjob_t)
-@@ -419,6 +490,10 @@
+@@ -419,6 +490,14 @@
  ')
  
  optional_policy(`
@@ -10819,10 +10829,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
++	exim_read_spool_files(system_cronjob_t)
++')
++
++optional_policy(`
  	ftp_read_log(system_cronjob_t)
  ')
  
-@@ -429,11 +504,20 @@
+@@ -429,11 +508,20 @@
  ')
  
  optional_policy(`
@@ -10843,7 +10857,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -445,9 +529,11 @@
+@@ -445,9 +533,11 @@
  ')	
  
  optional_policy(`
@@ -10857,7 +10871,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -461,8 +547,7 @@
+@@ -461,8 +551,7 @@
  ')
  
  optional_policy(`
@@ -10867,7 +10881,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -470,24 +555,17 @@
+@@ -470,24 +559,17 @@
  ')
  
  optional_policy(`
@@ -10895,7 +10909,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow cronjob_t self:process { signal_perms setsched };
  allow cronjob_t self:fifo_file rw_fifo_file_perms;
  allow cronjob_t self:unix_stream_socket create_stream_socket_perms;
-@@ -571,6 +649,9 @@
+@@ -571,6 +653,9 @@
  userdom_manage_user_home_content_sockets(cronjob_t)
  #userdom_user_home_dir_filetrans_user_home_content(cronjob_t, notdevfile_class_set)
  
@@ -10905,7 +10919,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`fcron_crond', `
  	allow crond_t user_cron_spool_t:file manage_file_perms;
  ')
-@@ -590,13 +671,5 @@
+@@ -590,13 +675,5 @@
  #
  
  optional_policy(`
@@ -15532,8 +15546,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/libexec/rtkit-daemon	--	gen_context(system_u:object_r:rtkit_daemon_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit_daemon.if serefpolicy-3.6.28/policy/modules/services/rtkit_daemon.if
 --- nsaserefpolicy/policy/modules/services/rtkit_daemon.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.28/policy/modules/services/rtkit_daemon.if	2009-08-21 18:56:07.000000000 -0400
-@@ -0,0 +1,64 @@
++++ serefpolicy-3.6.28/policy/modules/services/rtkit_daemon.if	2009-08-22 07:45:49.000000000 -0400
+@@ -0,0 +1,63 @@
 +
 +## <summary>policy for rtkit_daemon</summary>
 +
@@ -15580,8 +15594,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +########################################
 +## <summary>
-+##	Send and receive messages from
-+##	rtkit_daemon over dbus.
++##	Allow rtkit to control scheduling for your process
 +## </summary>
 +## <param name="domain">
 +##	<summary>
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8bd8787..4c872ce 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.28
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -475,6 +475,9 @@ exit 0
 %endif
 
 %changelog
+* Sat Aug 22 2009 Dan Walsh <dwalsh@redhat.com> 3.6.28-5
+- Allow cronjobs to read exim_spool_t
+
 * Fri Aug 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.28-4
 - Add ABRT policy