diff --git a/policy-20070501.patch b/policy-20070501.patch
index 4d450f2..abcbe71 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -4721,7 +4721,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-2.6.4/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/consolekit.te	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/consolekit.te	2007-11-26 22:41:43.000000000 -0500
 @@ -10,7 +10,6 @@
  type consolekit_exec_t;
  init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -5154,7 +5154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.6.4/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.fc	2007-11-14 10:50:09.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/cups.fc	2007-11-28 08:28:47.000000000 -0500
 @@ -8,6 +8,7 @@
  /etc/cups/ppd/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -5163,16 +5163,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  /etc/cups/certs		-d	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  
-@@ -17,7 +18,7 @@
+@@ -16,8 +17,9 @@
+ /etc/printcap.* 	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  
  /usr/bin/cups-config-daemon --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
++/usr/bin/hpijs		--	gen_context(system_u:object_r:hplip_exec_t,s0)
  
 -/usr/lib(64)?/cups/backend/.* -- gen_context(system_u:object_r:cupsd_exec_t,s0)
 +/usr/lib(64)?/cups/daemon -d gen_context(system_u:object_r:cupsd_exec_t,s0)
  /usr/lib(64)?/cups/daemon/.*	-- gen_context(system_u:object_r:cupsd_exec_t,s0)
  /usr/lib(64)?/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
  
-@@ -52,3 +53,5 @@
+@@ -52,3 +54,5 @@
  /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
  
  /var/spool/cups(/.*)?		gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
@@ -5180,8 +5182,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/local/Printer/[^/]*/inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.6.4/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.te	2007-10-05 08:56:23.000000000 -0400
-@@ -93,8 +93,6 @@
++++ serefpolicy-2.6.4/policy/modules/services/cups.te	2007-11-26 13:00:58.000000000 -0500
+@@ -87,14 +87,13 @@
+ allow cupsd_t self:unix_dgram_socket create_socket_perms;
+ allow cupsd_t self:netlink_selinux_socket create_socket_perms;
+ allow cupsd_t self:netlink_route_socket r_netlink_socket_perms;
++allow cupsd_t self:shm create_shm_perms;
+ allow cupsd_t self:tcp_socket create_stream_socket_perms;
+ allow cupsd_t self:udp_socket create_socket_perms;
+ allow cupsd_t self:appletalk_socket create_socket_perms;
  # generic socket here until appletalk socket is available in kernels
  allow cupsd_t self:socket create_socket_perms;
  
@@ -5190,7 +5199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  allow cupsd_t cupsd_etc_t:{ dir file } setattr;
  read_files_pattern(cupsd_t,cupsd_etc_t,cupsd_etc_t)
  read_lnk_files_pattern(cupsd_t,cupsd_etc_t,cupsd_etc_t)
-@@ -107,7 +105,7 @@
+@@ -107,7 +106,7 @@
  
  # allow cups to execute its backend scripts
  can_exec(cupsd_t, cupsd_exec_t)
@@ -5199,7 +5208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  allow cupsd_t cupsd_exec_t:lnk_file read;
  
  manage_files_pattern(cupsd_t,cupsd_log_t,cupsd_log_t)
-@@ -151,20 +149,23 @@
+@@ -151,20 +150,23 @@
  corenet_tcp_bind_reserved_port(cupsd_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
  corenet_tcp_connect_all_ports(cupsd_t)
@@ -5224,7 +5233,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  mls_fd_use_all_levels(cupsd_t)
  mls_file_downgrade(cupsd_t)
-@@ -177,6 +178,7 @@
+@@ -177,6 +179,7 @@
  term_search_ptys(cupsd_t)
  
  auth_domtrans_chk_passwd(cupsd_t)
@@ -5232,7 +5241,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  auth_dontaudit_read_pam_pid(cupsd_t)
  
  # Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
-@@ -199,14 +201,17 @@
+@@ -199,14 +202,17 @@
  files_read_var_symlinks(cupsd_t)
  # for /etc/printcap
  files_dontaudit_write_etc_files(cupsd_t)
@@ -5254,7 +5263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  libs_use_ld_so(cupsd_t)
  libs_use_shared_libs(cupsd_t)
-@@ -214,6 +219,7 @@
+@@ -214,6 +220,7 @@
  libs_read_lib_files(cupsd_t)
  
  logging_send_syslog_msg(cupsd_t)
@@ -5262,7 +5271,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  miscfiles_read_localization(cupsd_t)
  # invoking ghostscript needs to read fonts
-@@ -223,6 +229,7 @@
+@@ -223,6 +230,7 @@
  
  sysnet_read_config(cupsd_t)
  
@@ -5270,7 +5279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  userdom_dontaudit_use_unpriv_user_fds(cupsd_t)
  userdom_dontaudit_search_all_users_home_content(cupsd_t)
  
-@@ -233,6 +240,10 @@
+@@ -233,6 +241,10 @@
  	lpd_relabel_spool(cupsd_t)
  ')
  
@@ -5281,7 +5290,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  ifdef(`targeted_policy',`
  	files_dontaudit_read_root_files(cupsd_t)
  
-@@ -284,6 +295,10 @@
+@@ -284,6 +296,10 @@
  ')
  
  optional_policy(`
@@ -5292,7 +5301,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	nscd_socket_use(cupsd_t)
  ')
  
-@@ -294,6 +309,10 @@
+@@ -294,6 +310,10 @@
  ')
  
  optional_policy(`
@@ -5303,7 +5312,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	seutil_sigchld_newrole(cupsd_t)
  ')
  
-@@ -587,7 +606,7 @@
+@@ -587,7 +607,7 @@
  dev_read_urand(hplip_t)
  dev_read_rand(hplip_t)
  dev_rw_generic_usb_dev(hplip_t)
@@ -5829,7 +5838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.fc	2007-10-05 09:28:27.000000000 -0400
 @@ -0,0 +1,16 @@
-+# $Id: policy-20070501.patch,v 1.78 2007/11/26 16:04:14 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.79 2007/12/03 02:58:08 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -6010,7 +6019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.te	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.te	2007-10-30 16:46:45.000000000 -0400
 @@ -0,0 +1,231 @@
-+# $Id: policy-20070501.patch,v 1.78 2007/11/26 16:04:14 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.79 2007/12/03 02:58:08 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -6966,7 +6975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.6.4/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.if	2007-11-06 10:44:21.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/mta.if	2007-12-02 21:56:29.000000000 -0500
 @@ -87,6 +87,8 @@
  	# It wants to check for nscd
  	files_dontaudit_search_pids($1_mail_t)
@@ -7061,7 +7070,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  	create_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
  	read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
  
-@@ -449,11 +486,12 @@
+@@ -449,11 +486,13 @@
  interface(`mta_send_mail',`
  	gen_require(`
  		attribute mta_user_agent;
@@ -7074,10 +7083,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
 -	domain_auto_trans($1, sendmail_exec_t, system_mail_t)
 +	allow $1 mailclient_exec_type:lnk_file read_lnk_file_perms;
 +	domain_auto_trans($1, mailclient_exec_type, system_mail_t)
++	allow system_mail_t mailclient_exec_type:file entrypoint;
  
  	allow $1 system_mail_t:fd use;
  	allow system_mail_t $1:fd use;
-@@ -847,6 +885,25 @@
+@@ -847,6 +886,25 @@
  	manage_files_pattern($1,mqueue_spool_t,mqueue_spool_t)
  ')
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3e3d716..320be14 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 59%{?dist}
+Release: 60%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -363,6 +363,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Sun Dec 2 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-60
+- Allow exim to be an entrypoint for system_mail_t
+
 * Mon Nov 26 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-59
 - Allow udev to relabel lnk_files on /dev