diff --git a/policy-20070703.patch b/policy-20070703.patch
index 11a5f5f..0132110 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -7279,7 +7279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te	2007-08-03 14:06:26.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te	2007-08-03 16:01:19.000000000 -0400
 @@ -33,7 +33,6 @@
  allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
  allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -7297,7 +7297,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
  kernel_read_kernel_sysctls(setroubleshootd_t)
  kernel_read_system_state(setroubleshootd_t)
  kernel_read_network_state(setroubleshootd_t)
-@@ -76,6 +77,9 @@
+@@ -68,6 +69,7 @@
+ corenet_sendrecv_smtp_client_packets(setroubleshootd_t)
+ 
+ dev_read_urand(setroubleshootd_t)
++dev_read_sysfs(setroubleshootd_t)
+ 
+ domain_dontaudit_search_all_domains_state(setroubleshootd_t)
+ 
+@@ -76,6 +78,9 @@
  files_getattr_all_dirs(setroubleshootd_t)
  files_getattr_all_files(setroubleshootd_t)
  
@@ -7307,7 +7315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
  selinux_get_enforce_mode(setroubleshootd_t)
  selinux_validate_context(setroubleshootd_t)
  
-@@ -108,6 +112,3 @@
+@@ -108,6 +113,3 @@
          rpm_use_script_fds(setroubleshootd_t)
  ')
  
@@ -10782,7 +10790,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.5/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/system/unconfined.te	2007-08-03 14:06:26.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/system/unconfined.te	2007-08-03 16:28:55.000000000 -0400
 @@ -5,28 +5,36 @@
  #
  # Declarations
@@ -10835,7 +10843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  
  libs_run_ldconfig(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  
-@@ -42,23 +51,22 @@
+@@ -42,37 +51,30 @@
  logging_run_auditctl(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  
  mount_run_unconfined(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -10853,35 +10861,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  
  optional_policy(`
 -	ada_domtrans(unconfined_t)
-+	ada_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
- ')
- 
- optional_policy(`
- 	apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
+-')
+-
+-optional_policy(`
+-	apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
 -	apache_per_role_template(unconfined,unconfined_t,unconfined_r)
 -	# this is disallowed usage:
 -	unconfined_domain(httpd_unconfined_script_t)
++	ada_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  ')
  
  optional_policy(`
-@@ -66,16 +74,6 @@
+-	bind_run_ndc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
++	bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  ')
  
  optional_policy(`
 -	bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
--')
--
--optional_policy(`
++	apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
+ ')
+ 
+ optional_policy(`
 -	cron_per_role_template(unconfined,unconfined_t,unconfined_r)
 -	# this is disallowed usage:
 -	unconfined_domain(unconfined_crond_t)
--')
--
--optional_policy(`
- 	init_dbus_chat_script(unconfined_t)
++	bind_run_ndc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
+ ')
  
- 	dbus_stub(unconfined_t)
-@@ -118,11 +116,7 @@
+ optional_policy(`
+@@ -118,11 +120,7 @@
  ')
  
  optional_policy(`
@@ -10894,7 +10902,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -134,11 +128,7 @@
+@@ -134,11 +132,7 @@
  ')
  
  optional_policy(`
@@ -10907,7 +10915,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -155,22 +145,12 @@
+@@ -155,22 +149,12 @@
  
  optional_policy(`
  	postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -10932,7 +10940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  optional_policy(`
-@@ -180,10 +160,6 @@
+@@ -180,10 +164,6 @@
  ')
  
  optional_policy(`
@@ -10943,7 +10951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  	sysnet_run_dhcpc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  	sysnet_dbus_chat_dhcpc(unconfined_t)
  ')
-@@ -205,11 +181,12 @@
+@@ -205,11 +185,12 @@
  ')
  
  optional_policy(`
@@ -10957,7 +10965,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  ########################################
-@@ -227,6 +204,17 @@
+@@ -227,6 +208,17 @@
  	unconfined_dbus_chat(unconfined_execmem_t)
  
  	optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 690e99d..5fdafb7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -143,7 +143,7 @@ install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf %{buildroot}%{_sysconfdir}/seli
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u 
+%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
 
 %define saveFileContext() \
 if [ -s /etc/selinux/config ]; then \
@@ -303,8 +303,8 @@ semanage user -a -P xguest -R xguest_r xguest_u
 exit 0
 
 %files targeted
+%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/xguest_u
 %fileList targeted
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u
 %endif
 
 %if %{BUILD_OLPC}