diff --git a/policy-20070703.patch b/policy-20070703.patch
index da2cccd..21eccd1 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -15226,74 +15226,54 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.fc serefpolicy-3.0.8/policy/modules/services/pki.fc
 --- nsaserefpolicy/policy/modules/services/pki.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/services/pki.fc	2008-11-13 14:23:53.000000000 -0500
-@@ -0,0 +1,66 @@
++++ serefpolicy-3.0.8/policy/modules/services/pki.fc	2008-11-13 18:20:37.000000000 -0500
+@@ -0,0 +1,46 @@
 +
-+/usr/bin/dtomcat5-pki-ca	--	gen_context(system_u:object_r:pki_ca_exec_t,s0)
-+
-+/etc/init.d/pki-ca		--	gen_context(system_u:object_r:pki_ca_script_exec_t,s0)
++/etc/rc\.d/init\.d/pki-ca	--	gen_context(system_u:object_r:pki_ca_script_exec_t,s0)
++/etc/rc\.d/init\.d/pki-kra	--	gen_context(system_u:object_r:pki_kra_script_exec_t,s0)
++/etc/rc\.d/init\.d/pki-ocsp	--	gen_context(system_u:object_r:pki_ocsp_script_exec_t,s0)
++/etc/rc\.d/init\.d/pki-ra      	--      gen_context(system_u:object_r:pki_ra_script_exec_t,s0)
++/etc/rc\.d/init\.d/pki-tks	--	gen_context(system_u:object_r:pki_tks_script_exec_t,s0)
++/etc/rc\.d/init\.d/pki-tps     	--      gen_context(system_u:object_r:pki_tps_script_exec_t,s0)
 +
 +/etc/pki-ca(/.*)?			gen_context(system_u:object_r:pki_ca_etc_rw_t,s0)
-+/etc/pki-ca/tomcat5.conf  	--      gen_context(system_u:object_r:pki_ca_tomcat_exec_t,s0)
-+
-+/var/lib/pki-ca(/.*)?		        gen_context(system_u:object_r:pki_ca_var_lib_t,s0)
-+
-+/var/run/pki-ca.pid			gen_context(system_u:object_r:pki_ca_var_run_t,s0)
-+
-+/var/log/pki-ca(/.*)?			gen_context(system_u:object_r:pki_ca_log_t,s0)
-+
-+/usr/bin/dtomcat5-pki-kra	--	gen_context(system_u:object_r:pki_kra_exec_t,s0)
-+
-+/etc/init.d/pki-kra		--	gen_context(system_u:object_r:pki_kra_script_exec_t,s0)
-+
++/etc/pki-ca/tomcat5\.conf  	--      gen_context(system_u:object_r:pki_ca_tomcat_exec_t,s0)
 +/etc/pki-kra(/.*)?			gen_context(system_u:object_r:pki_kra_etc_rw_t,s0)
-+/etc/pki-kra/tomcat5.conf  	--      gen_context(system_u:object_r:pki_kra_tomcat_exec_t,s0)
-+
-+/var/lib/pki-kra(/.*)?		        gen_context(system_u:object_r:pki_kra_var_lib_t,s0)
-+
-+/var/run/pki-kra.pid			gen_context(system_u:object_r:pki_kra_var_run_t,s0)
-+
-+/var/log/pki-kra(/.*)?			gen_context(system_u:object_r:pki_kra_log_t,s0)
++/etc/pki-kra/tomcat5\.conf  	--      gen_context(system_u:object_r:pki_kra_tomcat_exec_t,s0)
++/etc/pki-ocsp(/.*)?			gen_context(system_u:object_r:pki_ocsp_etc_rw_t,s0)
++/etc/pki-ocsp/tomcat5\.conf  	--      gen_context(system_u:object_r:pki_ocsp_tomcat_exec_t,s0)
++/etc/pki-ra(/.*)?               	gen_context(system_u:object_r:pki_ra_etc_rw_t,s0)
++/etc/pki-tks(/.*)?			gen_context(system_u:object_r:pki_tks_etc_rw_t,s0)
++/etc/pki-tks/tomcat5\.conf  	--      gen_context(system_u:object_r:pki_tks_tomcat_exec_t,s0)
++/etc/pki-tps(/.*)?              	gen_context(system_u:object_r:pki_tps_etc_rw_t,s0)
 +
++/usr/bin/dtomcat5-pki-ca	--	gen_context(system_u:object_r:pki_ca_exec_t,s0)
++/usr/bin/dtomcat5-pki-kra	--	gen_context(system_u:object_r:pki_kra_exec_t,s0)
 +/usr/bin/dtomcat5-pki-ocsp	--	gen_context(system_u:object_r:pki_ocsp_exec_t,s0)
++/usr/bin/dtomcat5-pki-tks	--	gen_context(system_u:object_r:pki_tks_exec_t,s0)
 +
-+/etc/init.d/pki-ocsp		--	gen_context(system_u:object_r:pki_ocsp_script_exec_t,s0)
-+
-+/etc/pki-ocsp(/.*)?			gen_context(system_u:object_r:pki_ocsp_etc_rw_t,s0)
-+/etc/pki-ocsp/tomcat5.conf  	--      gen_context(system_u:object_r:pki_ocsp_tomcat_exec_t,s0)
++/usr/sbin/httpd.worker  	--     	gen_context(system_u:object_r:pki_ra_exec_t,s0)
 +
++/var/lib/pki-ca(/.*)?		        gen_context(system_u:object_r:pki_ca_var_lib_t,s0)
++/var/lib/pki-kra(/.*)?		        gen_context(system_u:object_r:pki_kra_var_lib_t,s0)
 +/var/lib/pki-ocsp(/.*)?		        gen_context(system_u:object_r:pki_ocsp_var_lib_t,s0)
++/var/lib/pki-ra(/.*)?           	gen_context(system_u:object_r:pki_ra_var_lib_t,s0)
++/var/lib/pki-tks(/.*)?			gen_context(system_u:object_r:pki_tks_var_lib_t,s0)
++/var/lib/pki-tps(/.*)?          	gen_context(system_u:object_r:pki_tps_var_lib_t,s0)
 +
-+/var/run/pki-ocsp.pid			gen_context(system_u:object_r:pki_ocsp_var_run_t,s0)
-+
++/var/log/pki-ca(/.*)?			gen_context(system_u:object_r:pki_ca_log_t,s0)
++/var/log/pki-kra(/.*)?			gen_context(system_u:object_r:pki_kra_log_t,s0)
 +/var/log/pki-ocsp(/.*)?			gen_context(system_u:object_r:pki_ocsp_log_t,s0)
-+
-+/usr/sbin/httpd.worker  --      gen_context(system_u:object_r:pki_ra_exec_t,s0)
-+/etc/init.d/pki-ra      --      gen_context(system_u:object_r:pki_ra_script_exec_t,s0)
-+/etc/pki-ra(/.*)?               gen_context(system_u:object_r:pki_ra_etc_rw_t,s0)
-+/var/lib/pki-ra(/.*)?           gen_context(system_u:object_r:pki_ra_var_lib_t,s0)
-+/var/log/pki-ra(/.*)?           gen_context(system_u:object_r:pki_ra_log_t,s0)
-+
-+
-+/usr/bin/dtomcat5-pki-tks	--	gen_context(system_u:object_r:pki_tks_exec_t,s0)
-+
-+/etc/init.d/pki-tks		--	gen_context(system_u:object_r:pki_tks_script_exec_t,s0)
-+
-+/etc/pki-tks(/.*)?			gen_context(system_u:object_r:pki_tks_etc_rw_t,s0)
-+/etc/pki-tks/tomcat5.conf  	--      gen_context(system_u:object_r:pki_tks_tomcat_exec_t,s0)
-+
-+/var/lib/pki-tks(/.*)?		gen_context(system_u:object_r:pki_tks_var_lib_t,s0)
-+
-+/var/run/pki-tks.pid			gen_context(system_u:object_r:pki_tks_var_run_t,s0)
-+
++/var/log/pki-ra(/.*)?           	gen_context(system_u:object_r:pki_ra_log_t,s0)
 +/var/log/pki-tks(/.*)?			gen_context(system_u:object_r:pki_tks_log_t,s0)
-+
-+/usr/sbin/httpd.worker  --      gen_context(system_u:object_r:pki_ra_exec_t,s0)
-+/etc/init.d/pki-tps     --      gen_context(system_u:object_r:pki_tps_script_exec_t,s0)
-+/etc/pki-tps(/.*)?              gen_context(system_u:object_r:pki_tps_etc_rw_t,s0)
-+/var/lib/pki-tps(/.*)?          gen_context(system_u:object_r:pki_tps_var_lib_t,s0)
-+/var/log/pki-tps(/.*)?          gen_context(system_u:object_r:pki_tps_log_t,s0)
-+
++/var/log/pki-tps(/.*)?          	gen_context(system_u:object_r:pki_tps_log_t,s0)
++
++/var/run/pki-ca\.pid		--	gen_context(system_u:object_r:pki_ca_var_run_t,s0)
++/var/run/pki-kra\.pid		--	gen_context(system_u:object_r:pki_kra_var_run_t,s0)
++/var/run/pki-ocsp\.pid		--	gen_context(system_u:object_r:pki_ocsp_var_run_t,s0)
++/var/run/pki-ra\.pid		--	gen_context(system_u:object_r:pki_ocsp_var_run_t,s0)
++/var/run/pki-tks\.pid		--	gen_context(system_u:object_r:pki_tks_var_run_t,s0)
++/var/run/pki-tps\.pid		--	gen_context(system_u:object_r:pki_tks_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.if serefpolicy-3.0.8/policy/modules/services/pki.if
 --- nsaserefpolicy/policy/modules/services/pki.if	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.0.8/policy/modules/services/pki.if	2008-11-13 14:23:53.000000000 -0500
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3e7f09b..01a20f9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 126%{?dist}
+Release: 127%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -382,7 +382,7 @@ exit 0
 %endif
 
 %changelog
-* Thu Nov 13 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-126
+* Thu Nov 13 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-127
 - Add pki policy
 
 * Thu Nov 13 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-124