diff --git a/policy-20071130.patch b/policy-20071130.patch
index ee29efd..842f43c 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -1423,6 +1423,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  	rpm_use_fds(useradd_t)
  	rpm_rw_pipes(useradd_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.2.8/policy/modules/admin/vpn.te
+--- nsaserefpolicy/policy/modules/admin/vpn.te	2008-02-18 14:30:19.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/admin/vpn.te	2008-02-19 10:59:29.000000000 -0500
+@@ -24,7 +24,8 @@
+ 
+ allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
+ allow vpnc_t self:process getsched;
+-allow vpnc_t self:fifo_file { getattr ioctl read write };
++allow vpnc_t self:fifo_file rw_fifo_file_perms;
++allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
+ allow vpnc_t self:tcp_socket create_stream_socket_perms;
+ allow vpnc_t self:udp_socket create_socket_perms;
+ allow vpnc_t self:rawip_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.2.8/policy/modules/apps/ethereal.fc
 --- nsaserefpolicy/policy/modules/apps/ethereal.fc	2007-10-12 08:56:02.000000000 -0400
 +++ serefpolicy-3.2.8/policy/modules/apps/ethereal.fc	2008-02-18 14:57:04.000000000 -0500
@@ -2546,7 +2559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
 +	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.2.8/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2007-03-01 10:01:48.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/apps/java.fc	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/apps/java.fc	2008-02-19 10:48:39.000000000 -0500
 @@ -11,6 +11,7 @@
  #
  /usr/(.*/)?bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
@@ -2555,7 +2568,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
  /usr/bin/frysk		--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/gappletviewer  --	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/gcj-dbtool	--	gen_context(system_u:object_r:java_exec_t,s0)
-@@ -20,5 +21,13 @@
+@@ -20,5 +21,14 @@
  /usr/bin/grmic  	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/grmiregistry  	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/jv-convert  	--	gen_context(system_u:object_r:java_exec_t,s0)
@@ -2566,6 +2579,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
 +/usr/matlab(/.*)?/bin/(.*/)?MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
 +/opt/matlab(/.*)?/bin(/.*)?/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
 +/usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
++/usr/lib64/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
 +
 +/usr/lib/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
 +/usr/lib64/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -4643,7 +4657,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-12-12 11:35:27.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc	2008-02-19 09:58:42.000000000 -0500
 @@ -7,11 +7,11 @@
  /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
  /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4700,9 +4714,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
-@@ -186,7 +193,10 @@
+@@ -185,8 +192,12 @@
+ /usr/local/Brother(/.*)?/lpd(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  /usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
  /usr/local/Printer/[^/]*/lpd(/.*)?     	gen_context(system_u:object_r:bin_t,s0)
++/usr/local/linuxprinter/filters(/.*)?   gen_context(system_u:object_r:bin_t,s0)
  
 +/usr/bin/scponly		--	gen_context(system_u:object_r:shell_exec_t,s0)
 +/usr/sbin/scponlyc		--	gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4711,7 +4727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +294,9 @@
+@@ -284,3 +295,10 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -4721,6 +4737,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +/usr/lib(64)?/ConsoleKit/scripts(/.*)?  gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib(64)?/ConsoleKit/run-session.d(/.*)?  gen_context(system_u:object_r:bin_t,s0)
 +/etc/ConsoleKit/run-session.d(/.*)?  gen_context(system_u:object_r:bin_t,s0)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.2.8/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2007-11-14 08:17:58.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.if	2008-02-18 14:57:04.000000000 -0500
@@ -4826,7 +4843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(xen, tcp,8002,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.2.8/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2007-12-12 11:35:27.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.fc	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.fc	2008-02-19 10:48:15.000000000 -0500
 @@ -1,7 +1,7 @@
  
  /dev			-d	gen_context(system_u:object_r:device_t,s0)
@@ -4836,7 +4853,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/.*mouse.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/admmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/adsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-@@ -16,28 +16,40 @@
+@@ -12,32 +12,45 @@
+ /dev/apm_bios		-c	gen_context(system_u:object_r:apm_bios_t,s0)
+ /dev/atibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/audio.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
++/dev/autofs.*		-c	gen_context(system_u:object_r:autofs_device_t,s0)
+ /dev/beep		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/dmfm		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/dmmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/dsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
@@ -4877,7 +4899,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/microcode		-c	gen_context(system_u:object_r:cpu_device_t,s0)
  /dev/midi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-@@ -48,6 +60,7 @@
+@@ -48,6 +61,7 @@
  /dev/nvidia.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
  /dev/nvram		-c	gen_context(system_u:object_r:nvram_device_t,mls_systemhigh)
  /dev/oldmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
@@ -4885,7 +4907,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/par.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  /dev/patmgr[01]		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/pmu		-c	gen_context(system_u:object_r:power_device_t,s0)
-@@ -69,9 +82,8 @@
+@@ -69,9 +83,8 @@
  /dev/sonypi		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/tlk[0-3]		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
@@ -4897,7 +4919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/usblp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  ifdef(`distro_suse', `
  /dev/usbscanner		-c	gen_context(system_u:object_r:scanner_device_t,s0)
-@@ -98,13 +110,23 @@
+@@ -98,13 +111,23 @@
  
  /dev/dvb/.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  
@@ -4923,7 +4945,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.2.8/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.if	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.if	2008-02-19 10:51:36.000000000 -0500
 @@ -65,7 +65,7 @@
  
  	relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -5073,10 +5095,120 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  ##	Mount a usbfs filesystem.
  ## </summary>
  ## <param name="domain">
+@@ -3322,3 +3434,96 @@
+ 
+ 	typeattribute $1 devices_unconfined_type;
+ ')
++
++########################################
++## <summary>
++##	Get the attributes of the autofs device node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dev_getattr_autofs_dev',`
++	gen_require(`
++		type device_t, autofs_device_t;
++	')
++
++	getattr_chr_files_pattern($1,device_t,autofs_device_t)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to get the attributes of
++##	the autofs device node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`dev_dontaudit_getattr_autofs_dev',`
++	gen_require(`
++		type autofs_device_t;
++	')
++
++	dontaudit $1 autofs_device_t:chr_file getattr;
++')
++
++########################################
++## <summary>
++##	Set the attributes of the autofs device node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dev_setattr_autofs_dev',`
++	gen_require(`
++		type device_t, autofs_device_t;
++	')
++
++	setattr_chr_files_pattern($1,device_t,autofs_device_t)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to set the attributes of
++##	the autofs device node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`dev_dontaudit_setattr_autofs_dev',`
++	gen_require(`
++		type autofs_device_t;
++	')
++
++	dontaudit $1 autofs_device_t:chr_file setattr;
++')
++
++########################################
++## <summary>
++##	Read and write the autofs device.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dev_rw_autofs',`
++	gen_require(`
++		type device_t, autofs_device_t;
++	')
++
++	rw_chr_files_pattern($1,device_t,autofs_device_t)
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.2.8/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.te	2008-02-18 14:57:04.000000000 -0500
-@@ -66,12 +66,25 @@
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.te	2008-02-19 10:49:19.000000000 -0500
+@@ -32,6 +32,12 @@
+ type apm_bios_t;
+ dev_node(apm_bios_t)
+ 
++#
++# Type for /dev/autofs
++#
++type autofs_device_t;
++dev_node(autofs_device_t)
++
+ type cardmgr_dev_t;
+ dev_node(cardmgr_dev_t)
+ files_tmp_file(cardmgr_dev_t)
+@@ -66,12 +72,25 @@
  dev_node(framebuf_device_t)
  
  #
@@ -7160,7 +7292,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.2.8/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/automount.te	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/automount.te	2008-02-19 10:52:07.000000000 -0500
 @@ -20,6 +20,9 @@
  files_tmp_file(automount_tmp_t)
  files_mountpoint(automount_tmp_t)
@@ -7198,7 +7330,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  
  fs_mount_all_fs(automount_t)
  fs_unmount_all_fs(automount_t)
-@@ -126,8 +129,12 @@
+@@ -101,6 +104,7 @@
+ # for SSP
+ dev_read_rand(automount_t)
+ dev_read_urand(automount_t)
++dev_rw_autofs(automount_t)
+ 
+ domain_use_interactive_fds(automount_t)
+ domain_dontaudit_read_all_domains_state(automount_t)
+@@ -126,8 +130,12 @@
  fs_mount_autofs(automount_t)
  fs_manage_autofs_symlinks(automount_t)
  
@@ -7211,7 +7351,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  libs_use_ld_so(automount_t)
  libs_use_shared_libs(automount_t)
  
-@@ -140,10 +147,6 @@
+@@ -140,10 +148,6 @@
  # Run mount in the mount_t domain.
  mount_domtrans(automount_t)
  
@@ -7222,7 +7362,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  userdom_dontaudit_use_unpriv_user_fds(automount_t)
  userdom_dontaudit_search_sysadm_home_dirs(automount_t)
  
-@@ -162,11 +165,12 @@
+@@ -162,11 +166,12 @@
  ')
  
  optional_policy(`
@@ -8773,7 +8913,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 -') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.2.8/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2007-11-16 15:30:49.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/cups.fc	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/cups.fc	2008-02-19 10:03:13.000000000 -0500
 @@ -8,24 +8,28 @@
  /etc/cups/ppd/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -8817,7 +8957,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  /var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /var/cache/foomatic(/.*)? 	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -50,3 +54,9 @@
+@@ -50,3 +54,10 @@
  /var/run/hp.*\.port	--	gen_context(system_u:object_r:hplip_var_run_t,s0)
  /var/run/ptal-printd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
  /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
@@ -8827,6 +8967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 +/etc/rc.d/init.d/cups	--	gen_context(system_u:object_r:cups_script_exec_t,s0)
 +
++/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.2.8/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2007-01-02 12:57:43.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/services/cups.if	2008-02-18 14:57:04.000000000 -0500
@@ -9375,7 +9516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.2.8/policy/modules/services/cyphesis.te
 --- nsaserefpolicy/policy/modules/services/cyphesis.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/cyphesis.te	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/cyphesis.te	2008-02-19 17:06:51.000000000 -0500
 @@ -0,0 +1,92 @@
 +policy_module(cyphesis,1.0.0)
 +
@@ -9442,7 +9583,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +corenet_tcp_sendrecv_all_nodes(cyphesis_t)
 +corenet_all_recvfrom_unlabeled(cyphesis_t)
 +corenet_tcp_bind_all_nodes(cyphesis_t)
-+corenet_tcp_cyphesis_bind(cyphesis_t)
++corenet_tcp_bind_cyphesis_port(cyphesis_t)
 +corenet_tcp_sendrecv_all_ports(cyphesis_t)
 +
 +# Init script handling
@@ -9571,7 +9712,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.2.8/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/dbus.if	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/dbus.if	2008-02-19 15:48:52.000000000 -0500
 @@ -53,6 +53,7 @@
  	gen_require(`
  		type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -12627,6 +12768,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  ########################################
  #
  # Local policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.2.8/policy/modules/services/lpd.fc
+--- nsaserefpolicy/policy/modules/services/lpd.fc	2007-11-16 13:45:14.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/lpd.fc	2008-02-19 10:01:14.000000000 -0500
+@@ -22,6 +22,8 @@
+ /usr/sbin/lpinfo	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/sbin/lpmove	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ 
++/usr/local/linuxprinter/bin/l?lpr -- gen_context(system_u:object_r:lpr_exec_t,s0)
++
+ /usr/share/printconf/.* --	gen_context(system_u:object_r:printconf_t,s0)
+ 
+ #
+@@ -30,3 +32,4 @@
+ /var/spool/cups(/.*)?		gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
+ /var/spool/lpd(/.*)?		gen_context(system_u:object_r:print_spool_t,s0)
+ /var/run/lprng(/.*)?		gen_context(system_u:object_r:lpd_var_run_t,s0)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.2.8/policy/modules/services/lpd.if
 --- nsaserefpolicy/policy/modules/services/lpd.if	2007-11-16 13:45:14.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/services/lpd.if	2008-02-18 14:57:04.000000000 -0500
@@ -13426,7 +13584,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.2.8/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/nagios.fc	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/nagios.fc	2008-02-19 15:22:13.000000000 -0500
 @@ -4,13 +4,19 @@
  /usr/bin/nagios			--	gen_context(system_u:object_r:nagios_exec_t,s0)
  /usr/bin/nrpe			--	gen_context(system_u:object_r:nrpe_exec_t,s0)
@@ -13434,7 +13592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 -/usr/lib(64)?/cgi-bin/netsaint/.+ --	gen_context(system_u:object_r:nagios_cgi_exec_t,s0)
 -/usr/lib(64)?/nagios/cgi/.+	--	gen_context(system_u:object_r:nagios_cgi_exec_t,s0)
 +/usr/lib(64)?/cgi-bin/netsaint(/.*)?	gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-+/usr/lib(64)?/nagios/cgi(/.*)?		gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
++/usr/lib(64)?/nagios/cgi-bin(/.*)?		gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
  
  /var/log/nagios(/.*)?			gen_context(system_u:object_r:nagios_log_t,s0)
  /var/log/netsaint(/.*)?			gen_context(system_u:object_r:nagios_log_t,s0)
@@ -22757,7 +22915,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.2.8/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/system/libraries.fc	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/system/libraries.fc	2008-02-19 10:39:35.000000000 -0500
 @@ -133,6 +133,7 @@
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22800,13 +22958,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
  
-@@ -304,3 +309,6 @@
+@@ -304,3 +309,9 @@
  /var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)
 +
 +/usr/lib(64)?/libavdevice\.so.*	 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/lib(64)?/libmythavcodec-[^/]+\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/usr/lib/jvm/java(.*/)bin(/.*)?/.*\.so 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib64/jvm/java(.*/)bin(/.*)?/.*\.so 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.2.8/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2008-02-06 10:33:22.000000000 -0500
 +++ serefpolicy-3.2.8/policy/modules/system/libraries.te	2008-02-18 14:57:04.000000000 -0500
@@ -25608,7 +25769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-15 09:52:56.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/system/userdomain.if	2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/system/userdomain.if	2008-02-19 10:26:53.000000000 -0500
 @@ -29,9 +29,14 @@
  	')
  
@@ -27962,11 +28123,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +#
 +interface(`userdom_list_user_files',`
 +	gen_require(`
-+		attribute $1_file_type;
++		attribute $1_home_type;
 +	')
 +
-+	allow $2 $1_file_type:dir search_dir_perms;
-+	allow $2 $1_file_type:file getattr;
++	allow $2 $1_home_type:dir search_dir_perms;
++	allow $2 $1_home_type:file getattr;
 +')
 +
 +########################################
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2be3aa6..446a3f2 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.2.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,10 @@ exit 0
 %endif
 
 %changelog
+* Tue Feb 19 2008 Dan Walsh <dwalsh@redhat.com> 3.2.8-2
+- Fix userdom_list_user_files
+
+
 * Fri Feb 15 2008 Dan Walsh <dwalsh@redhat.com> 3.2.8-1
 - Merge with upstream