diff --git a/policy-20080710.patch b/policy-20080710.patch
index d237cab..4d14cbc 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -1178,7 +1178,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.5.8/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/admin/rpm.te	2008-09-16 09:14:33.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/admin/rpm.te	2008-09-16 13:35:13.000000000 -0400
 @@ -31,6 +31,9 @@
  files_type(rpm_var_lib_t)
  typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -1276,7 +1276,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
  
  manage_dirs_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
-@@ -298,6 +321,7 @@
+@@ -285,6 +308,7 @@
+ auth_use_nsswitch(rpm_script_t)
+ # ideally we would not need this
+ auth_manage_all_files_except_shadow(rpm_script_t)
++auth_relabel_shadow(rpm_script_t)
+ 
+ corecmd_exec_all_executables(rpm_script_t)
+ 
+@@ -298,6 +322,7 @@
  files_exec_etc_files(rpm_script_t)
  files_read_etc_runtime_files(rpm_script_t)
  files_exec_usr_files(rpm_script_t)
@@ -1284,7 +1292,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  init_domtrans_script(rpm_script_t)
  
-@@ -317,6 +341,7 @@
+@@ -317,6 +342,7 @@
  seutil_domtrans_loadpolicy(rpm_script_t)
  seutil_domtrans_setfiles(rpm_script_t)
  seutil_domtrans_semanage(rpm_script_t)
@@ -1292,7 +1300,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  userdom_use_all_users_fds(rpm_script_t)
  
-@@ -335,6 +360,10 @@
+@@ -335,6 +361,10 @@
  ')
  
  optional_policy(`
@@ -1303,7 +1311,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	tzdata_domtrans(rpm_t)
  	tzdata_domtrans(rpm_script_t)
  ')
-@@ -342,6 +371,7 @@
+@@ -342,6 +372,7 @@
  optional_policy(`
  	unconfined_domain(rpm_script_t)
  	unconfined_domtrans(rpm_script_t)
@@ -1311,7 +1319,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	optional_policy(`
  		java_domtrans(rpm_script_t)
-@@ -352,6 +382,11 @@
+@@ -352,6 +383,11 @@
  	')
  ')