diff --git a/policy-20071130.patch b/policy-20071130.patch
index c73adea..4ed78c1 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -23824,7 +23824,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2008-11-25 08:33:26.000000000 -0500
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -24056,7 +24056,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix qmgr local policy
-@@ -532,9 +597,6 @@
+@@ -519,6 +584,13 @@
+ 
+ files_dontaudit_getattr_home_dir(postfix_smtp_t)
+ 
++# postfix checks the size of all mounted file systems
++fs_getattr_all_dirs(postfix_smtpd_t)
++fs_getattr_all_fs(postfix_smtpd_t)
++
++
++mta_read_aliases(postfix_smtpd_t)
++
+ optional_policy(`
+ 	cyrus_stream_connect(postfix_smtp_t)
+ ')
+@@ -532,9 +604,6 @@
  # connect to master process
  stream_connect_pattern(postfix_smtpd_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
  
@@ -24066,7 +24080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # for prng_exch
  allow postfix_smtpd_t postfix_spool_t:file rw_file_perms;
  allow postfix_smtpd_t postfix_prng_t:file rw_file_perms;
-@@ -557,6 +619,10 @@
+@@ -557,6 +626,10 @@
  	sasl_connect(postfix_smtpd_t)
  ')
  
@@ -24077,7 +24091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix virtual local policy
-@@ -572,7 +638,7 @@
+@@ -572,7 +645,7 @@
  files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
  
  # connect to master process
@@ -28505,7 +28519,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2008-11-25 10:40:56.000000000 -0500
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -28594,18 +28608,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  optional_policy(`
  	clamav_search_lib(sendmail_t)
 +	clamav_stream_connect(sendmail_t)
- ')
- 
- optional_policy(`
--	postfix_exec_master(sendmail_t)
-+	cyrus_stream_connect(sendmail_t)
 +')
 +
 +optional_policy(`
-+	munin_dontaudit_search_lib(sendmail_t)
++	cyrus_stream_connect(sendmail_t)
 +')
 +
 +optional_policy(`
++	munin_dontaudit_search_lib(sendmail_t)
+ ')
+ 
+ optional_policy(`
+-	postfix_exec_master(sendmail_t)
 +	postfix_domtrans_postdrop(sendmail_t)
 +	postfix_domtrans_master(sendmail_t)
  	postfix_read_config(sendmail_t)
@@ -28618,7 +28632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  ')
  
  optional_policy(`
-@@ -125,24 +153,25 @@
+@@ -125,24 +153,29 @@
  ')
  
  optional_policy(`
@@ -28645,6 +28659,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 -# When sendmail runs as user_mail_domain, it needs some extra permissions
 -# to update /etc/mail/statistics.
 -allow user_mail_domain etc_mail_t:file rw_file_perms;
++optional_policy(`
++	uucp_domtrans_uux(sendmail_t)
++')
++
 +########################################
 +#
 +# Unconfined sendmail local policy 
@@ -33907,7 +33925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.3.1/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.if	2008-11-13 18:32:07.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.if	2008-11-24 16:05:51.000000000 -0500
 @@ -56,10 +56,6 @@
  	miscfiles_read_localization($1_chkpwd_t)
  
@@ -34120,7 +34138,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  ')
  
-@@ -1491,3 +1561,78 @@
+@@ -1491,3 +1561,80 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -34197,7 +34215,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +		type auth_cache_t;
 +	')
 +
-+	files_var_filetrans($1,auth_cache_t,file)
++	manage_files_pattern($1, auth_cache_t,  auth_cache_t)
++	manage_dirs_pattern($1, auth_cache_t,  auth_cache_t)
++	files_var_filetrans($1,auth_cache_t,{ file dir } )
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.3.1/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2008-06-12 23:38:01.000000000 -0400
@@ -35157,8 +35177,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.3.1/policy/modules/system/ipsec.fc
 --- nsaserefpolicy/policy/modules/system/ipsec.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc	2008-11-05 10:39:34.000000000 -0500
-@@ -26,6 +26,7 @@
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc	2008-11-25 09:56:41.000000000 -0500
+@@ -16,6 +16,8 @@
+ /usr/lib(64)?/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/lib(64)?/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
+ 
++/usr/libexec/ipsec/_plutoload	-- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
++/usr/libexec/ipsec/_plutorun	--	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
+ /usr/libexec/ipsec/eroute	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/libexec/ipsec/klipsdebug	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/libexec/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
+@@ -26,6 +28,7 @@
  /usr/local/lib(64)?/ipsec/pluto --	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/local/lib(64)?/ipsec/spi	--	gen_context(system_u:object_r:ipsec_exec_t,s0)