diff --git a/Changelog b/Changelog
index e0f065b..c87f076 100644
--- a/Changelog
+++ b/Changelog
@@ -95,6 +95,7 @@
 	games
 	gatekeeper
 	gift
+	gnome (James Carter)
 	imaze
 	ircd
 	jabber
diff --git a/policy/modules/apps/gnome.fc b/policy/modules/apps/gnome.fc
new file mode 100644
index 0000000..0146bd4
--- /dev/null
+++ b/policy/modules/apps/gnome.fc
@@ -0,0 +1,9 @@
+/etc/gconf(/.*)?		gen_context(system_u:object_r:gconf_etc_t,s0)
+
+/usr/libexec/gconfd-2 	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+ifdef(`strict_policy',`
+HOME_DIR/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:ROLE_gconf_home_t,s0)
+
+/tmp/gconfd-USER/.*	--	gen_context(system_u:object_r:ROLE_gconf_tmp_t,s0)
+')
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
new file mode 100644
index 0000000..46ee2da
--- /dev/null
+++ b/policy/modules/apps/gnome.if
@@ -0,0 +1,129 @@
+## <summary>GNU network object model environment (GNOME)</summary>
+
+########################################
+## <summary>
+##	The per role template for the gnome module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domain which is used
+##	for gconf sessions.
+##	</p>
+##	<p>
+##	This template is invoked automatically for each role, and
+##	generally does not need to be invoked directly
+##	by policy writers.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+#
+template(`gnome_per_role_template',`
+	gen_require(`
+		type gconfd_exec_t;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+	type $1_gconfd_t;
+	domain_type($1_gconfd_t)
+	domain_entry_file($1_gconfd_t, gconfd_exec_t)
+	role $3 types $1_gconfd_t;
+
+	type $1_gconf_home_t;
+	files_type($1_gconf_home_t)
+
+	type $1_gconf_tmp_t;
+	files_tmp_file($1_gconf_tmp_t)
+
+	##############################
+	#
+	# Local Policy
+	#
+
+	allow $1_gconfd_t self:process getsched;
+
+	allow $1_gconfd_t $1_gconf_home_t:dir manage_dir_perms;
+	allow $1_gconfd_t $1_gconf_home_t:file manage_file_perms;
+	userdom_user_home_dir_filetrans($1, $1_gconfd_t, $1_gconf_home_t, dir)
+
+	allow $1_gconfd_t $1_gconf_tmp_t:dir manage_dir_perms;
+	allow $1_gconfd_t $1_gconf_tmp_t:file manage_file_perms;
+	userdom_user_tmp_filetrans($1,$1_gconfd_t,$1_gconf_tmp_t,{ dir file })
+
+	domain_auto_trans($2, gconfd_exec_t, $1_gconfd_t)
+	allow $1_gconfd_t $2:fd use;
+	allow $1_gconfd_t $2:fifo_file write;
+	allow $1_gconfd_t $2:unix_stream_socket connectto;
+
+	allow $1_gconfd_t gconf_etc_t:dir list_dir_perms;
+	allow $1_gconfd_t gconf_etc_t:file read_file_perms;
+
+	dev_read_urand($1_gconfd_t)
+
+	files_read_etc_files($1_gconfd_t)
+
+	libs_use_ld_so($1_gconfd_t)
+	libs_use_shared_libs($1_gconfd_t)
+
+	miscfiles_read_localization($1_gconfd_t)
+
+	logging_send_syslog_msg($1_gconfd_t)
+
+	userdom_manage_user_tmp_sockets($1, $1_gconfd_t)
+	userdom_manage_user_tmp_dirs($1,$1_gconfd_t)
+	userdom_tmp_filetrans_user_tmp($1,$1_gconfd_t,dir)
+
+	gnome_stream_connect_gconf_template($1,$2)
+
+	optional_policy(`
+		nscd_dontaudit_search_pid($1_gconfd_t)
+	')
+
+	optional_policy(`
+		xserver_use_xdm_fds($1_gconfd_t)
+		xserver_rw_xdm_pipes($1_gconfd_t)
+	')
+')
+	
+########################################
+## <summary>
+##	gconf connection template.
+## </summary>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+template(`gnome_stream_connect_gconf_template',`
+	gen_require(`
+		type $1_gconfd_t;
+		type $1_gconf_tmp_t;
+	')
+
+	allow $2 $1_gconfd_t:unix_stream_socket connectto;
+	allow $2 $1_gconf_tmp_t:file r_file_perms;
+')
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
new file mode 100644
index 0000000..996809a
--- /dev/null
+++ b/policy/modules/apps/gnome.te
@@ -0,0 +1,13 @@
+
+policy_module(gnome,1.0.0)
+
+##############################
+#
+# Declarations
+#
+
+type gconf_etc_t;
+files_type(gconf_etc_t)
+
+type gconfd_exec_t;
+corecmd_executable_file(gconfd_exec_t)
diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
index 58d0e2d..177b096 100644
--- a/policy/modules/system/userdomain.fc
+++ b/policy/modules/system/userdomain.fc
@@ -1,9 +1,11 @@
+ifdef(`strict_policy',`
+HOME_DIR	-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-s15:c0.c255)
+HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
+
+/tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
+')
 
-# temporary hack till genhomedircon is fixed
 ifdef(`targeted_policy',`
-HOME_DIR		-d	gen_context(system_u:object_r:user_home_dir_t,s0)
+HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0)
 HOME_DIR/.+		gen_context(system_u:object_r:user_home_t,s0)
-',`
-HOME_DIR		-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-s15:c0.c255)
-HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
 ')
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index e98a911..713adba 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -2678,7 +2678,7 @@ template(`userdom_manage_user_tmp_dirs',`
 	')
 
 	files_search_tmp($2)
-	allow $2 $1_tmp_t:dir create_dir_perms;
+	allow $2 $1_tmp_t:dir manage_dir_perms;
 ')
 
 ########################################
@@ -2831,6 +2831,99 @@ template(`userdom_manage_user_tmp_sockets',`
 
 ########################################
 ## <summary>
+##	Create objects in a user temporary directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <desc>
+##	<p>
+##	Create objects in a user temporary directory
+##	with an automatic type transition to
+##	a specified private type.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.  If not
+##	specified, file is used.
+##	</summary>
+## </param>
+#
+template(`userdom_user_tmp_filetrans',`
+	gen_require(`
+		type $1_tmp_t;
+	')
+
+	allow $2 $1_tmp_t:dir rw_dir_perms;
+	type_transition $2 $1_tmp_t:$4 $3;
+	files_search_tmp($2)
+')
+
+########################################
+## <summary>
+##	Create objects in the temporary directory
+##	with an automatic type transition to
+##	the user temporary type.
+## </summary>
+## <desc>
+##	<p>
+##	Create objects in the temporary directory
+##	with an automatic type transition to
+##	the user temporary type.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.  If not
+##	specified, file is used.
+##	</summary>
+## </param>
+#
+template(`userdom_tmp_filetrans_user_tmp',`
+	gen_require(`
+		type $1_home_dir_t;
+	')
+
+	files_tmp_filetrans($2,$1_tmp_t,$3)
+')
+
+########################################
+## <summary>
 ##	Read user tmpfs files.
 ## </summary>
 ## <desc>
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 6f96406..b07abb6 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,1.3.35)
+policy_module(userdomain,1.3.36)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;