diff --git a/policy-20070703.patch b/policy-20070703.patch
index 53fea18..c8239bf 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -16314,7 +16314,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +/opt/Adobe/Reader8/Reader/intellinux/plug_ins/.*\.api	 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.0.8/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/libraries.te	2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/libraries.te	2007-12-10 16:27:26.000000000 -0500
 @@ -23,6 +23,9 @@
  init_system_domain(ldconfig_t,ldconfig_exec_t)
  role system_r types ldconfig_t;
@@ -16359,7 +16359,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  
  ifdef(`hide_broken_symptoms',`
  	optional_policy(`
-@@ -96,4 +105,11 @@
+@@ -96,4 +105,12 @@
  	# and executes ldconfig on it.  If you dont allow this kernel installs 
  	# blow up.
  	rpm_manage_script_tmp_files(ldconfig_t)
@@ -16370,6 +16370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +optional_policy(`
 +	# run mkinitrd as unconfined user
 +	unconfined_manage_tmp_files(ldconfig_t)
++	unconfined_domain(ldconfig_t) 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.0.8/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2007-10-22 13:21:40.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ae1cb5e..8a74487 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 67%{?dist}
+Release: 68%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-68
+- Allow ldconfig to manage files in the homedir
+
 * Thu Dec 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-67
 - Allow kdm to transition to bootloader_t through grub