diff --git a/policy-20071130.patch b/policy-20071130.patch
index ffe6259..f69ba27 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -7695,7 +7695,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2008-11-13 14:23:30.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2008-11-13 17:48:50.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(corenetwork,1.2.15)
@@ -7720,17 +7720,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(cvs, tcp,2401,s0, udp,2401,s0)
network_port(dcc, udp,6276,s0, udp,6277,s0)
network_port(dbskkd, tcp,1178,s0)
-@@ -90,7 +93,9 @@
- network_port(dict, tcp,2628,s0)
+@@ -91,6 +94,7 @@
network_port(distccd, tcp,3632,s0)
network_port(dns, udp,53,s0, tcp,53,s0)
-+network_port(dogtag, tcp,9443,s0)
network_port(fingerd, tcp,79,s0)
+network_port(flash, tcp,1935,s0, udp,1935,s0)
network_port(ftp_data, tcp,20,s0)
network_port(ftp, tcp,21,s0)
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -109,11 +114,14 @@
+@@ -109,11 +113,14 @@
network_port(ircd, tcp,6667,s0)
network_port(isakmp, udp,500,s0)
network_port(iscsi, tcp,3260,s0)
@@ -7745,7 +7743,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(ktalkd, udp,517,s0, udp,518,s0)
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-@@ -122,6 +130,8 @@
+@@ -122,6 +129,8 @@
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
network_port(monopd, tcp,1234,s0)
network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -7754,7 +7752,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
network_port(nessus, tcp,1241,s0)
-@@ -132,11 +142,20 @@
+@@ -132,11 +141,20 @@
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
@@ -7775,7 +7773,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pxe, udp,4011,s0)
-@@ -148,11 +167,11 @@
+@@ -148,11 +166,11 @@
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
network_port(rlogind, tcp,513,s0)
network_port(rndc, tcp,953,s0)
@@ -7789,7 +7787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
network_port(spamd, tcp,783,s0)
-@@ -165,12 +184,18 @@
+@@ -165,12 +183,18 @@
network_port(syslogd, udp,514,s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
@@ -11392,7 +11390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te 2008-11-13 14:29:46.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/apache.te 2008-11-13 14:41:53.000000000 -0500
@@ -20,6 +20,8 @@
# Declarations
#
@@ -11909,7 +11907,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+')
+
+tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs', `
-+ fs_read_nfs_dirs(httpd_sys_script_t)
++ fs_list_nfs(httpd_sys_script_t)
fs_read_nfs_files(httpd_sys_script_t)
fs_read_nfs_symlinks(httpd_sys_script_t)
')
@@ -38145,7 +38143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2008-11-03 16:14:39.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2008-11-13 17:42:19.000000000 -0500
@@ -145,6 +145,25 @@
########################################
@@ -38180,7 +38178,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
allow $1 self:tcp_socket create_socket_perms;
allow $1 self:udp_socket create_socket_perms;
-@@ -493,6 +513,10 @@
+@@ -493,6 +513,14 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
@@ -38188,10 +38186,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+ optional_policy(`
+ avahi_stream_connect($1)
+ ')
++
++ optional_policy(`
++ nscd_socket_use($1)
++ ')
')
########################################
-@@ -522,6 +546,8 @@
+@@ -522,6 +550,8 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
@@ -38200,7 +38202,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
')
########################################
-@@ -556,3 +582,49 @@
+@@ -556,3 +586,49 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
')
@@ -38252,7 +38254,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2008-11-03 16:14:39.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2008-11-13 17:42:43.000000000 -0500
@@ -20,6 +20,10 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -38414,8 +38416,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
domain_use_interactive_fds(ifconfig_t)
-@@ -303,12 +335,16 @@
+@@ -301,14 +333,20 @@
+ seutil_use_runinit_fds(ifconfig_t)
+
++sysnet_dns_name_resolve(ifconfig_t)
++
userdom_use_all_users_fds(ifconfig_t)
+optional_policy(`
@@ -38432,7 +38438,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
ifdef(`hide_broken_symptoms',`
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -332,6 +368,14 @@
+@@ -332,6 +370,14 @@
')
optional_policy(`
@@ -42774,8 +42780,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.f
+/etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.3.1/policy/modules/system/virt.if
--- nsaserefpolicy/policy/modules/system/virt.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/virt.if 2008-11-03 16:14:39.000000000 -0500
-@@ -0,0 +1,324 @@
++++ serefpolicy-3.3.1/policy/modules/system/virt.if 2008-11-13 14:47:53.000000000 -0500
+@@ -0,0 +1,343 @@
+
+## policy for virt
+
@@ -43099,6 +43105,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.i
+ ')
+')
+
++#######################################
++##
++## Connect to virt over an unix domain stream socket.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`virt_stream_connect',`
++ gen_require(`
++ type virt_t, virt_var_run_t;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1,virt_var_run_t,virt_var_run_t,virt_t)
++')
++
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
--- nsaserefpolicy/policy/modules/system/virt.te 1969-12-31 19:00:00.000000000 -0500