diff --git a/policy-20071130.patch b/policy-20071130.patch
index 3e044fc..150e48e 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -3316,7 +3316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.3.1/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2007-07-23 10:20:12.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.if 2008-02-29 17:00:38.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.if 2008-03-12 08:31:43.000000000 -0400
@@ -38,6 +38,10 @@
gen_require(`
type gpg_exec_t, gpg_helper_exec_t;
@@ -3328,7 +3328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
')
########################################
-@@ -45,275 +49,59 @@
+@@ -45,275 +49,61 @@
# Declarations
#
@@ -3519,6 +3519,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
+ dontaudit gpg_t $2:udp_socket rw_socket_perms;
+ dontaudit gpg_helper_t $2:tcp_socket rw_socket_perms;
+ dontaudit gpg_helper_t $2:udp_socket rw_socket_perms;
++ #Leaked File Descriptors
++ dontaudit gpg_helper_t $2:unix_stream_socket rw_socket_perms;
- # allow gpg to connect to the gpg agent
- stream_connect_pattern($1_gpg_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t,$1_gpg_agent_t)
@@ -5076,8 +5078,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-03-10 14:36:14.000000000 -0400
-@@ -0,0 +1,344 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-03-12 08:30:42.000000000 -0400
+@@ -0,0 +1,347 @@
+
+## policy for nsplugin
+
@@ -5239,10 +5241,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+ read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
+ can_exec($2, nsplugin_rw_t)
+
-+ allow nsplugin_t $2:udp_socket { read write };
-+ allow nsplugin_t $2:tcp_socket { read write };
++ #Leaked File Descriptors
++ dontaudit nsplugin_t $2:tcp_socket rw_socket_perms;
++ dontaudit nsplugin_t $2:udp_socket rw_socket_perms;
++ dontaudit nsplugin_t $2:unix_stream_socket rw_socket_perms;
+ allow nsplugin_t $2:unix_stream_socket connectto;
+ dontaudit nsplugin_t $2:process ptrace;
++
+ allow nsplugin_t $1_tmpfs_t:file { read getattr };
+
+ allow $2 nsplugin_t:process { getattr ptrace signal_perms };
@@ -26321,7 +26326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-02-26 08:17:43.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-03-11 18:57:27.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-03-12 08:33:31.000000000 -0400
@@ -10,6 +10,20 @@
# Declarations
#
@@ -26414,7 +26419,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
ifdef(`distro_gentoo',`
allow init_t self:process { getcap setcap };
')
-@@ -163,22 +194,25 @@
+@@ -163,14 +194,16 @@
fs_tmpfs_filetrans(init_t,initctl_t,fifo_file)
')
@@ -26436,18 +26441,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
- nscd_socket_use(init_t)
+@@ -181,13 +214,18 @@
+ unconfined_domain(init_t)
')
--optional_policy(`
-- unconfined_domain(init_t)
+ifndef(`distro_ubuntu',`
+ corecmd_shell_domtrans(init_t,initrc_t)
+ corecmd_shell_entry_type(initrc_t)
- ')
-
++')
++
########################################
-@@ -187,7 +221,7 @@
+ #
+ # Init script local policy
#
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -26456,7 +26461,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok;
-@@ -201,10 +235,9 @@
+@@ -201,10 +239,9 @@
allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
term_create_pty(initrc_t,initrc_devpts_t)
@@ -26469,7 +26474,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
manage_dirs_pattern(initrc_t,initrc_state_t,initrc_state_t)
manage_files_pattern(initrc_t,initrc_state_t,initrc_state_t)
-@@ -257,7 +290,7 @@
+@@ -257,7 +294,7 @@
dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t)
dev_setattr_all_chr_files(initrc_t)
@@ -26478,7 +26483,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t)
-@@ -283,7 +316,6 @@
+@@ -283,7 +320,6 @@
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
@@ -26486,7 +26491,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
selinux_get_enforce_mode(initrc_t)
-@@ -496,6 +528,31 @@
+@@ -496,6 +532,31 @@
')
')
@@ -26518,7 +26523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -559,14 +616,6 @@
+@@ -559,14 +620,6 @@
')
optional_policy(`
@@ -26533,7 +26538,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
ftp_read_config(initrc_t)
')
-@@ -639,12 +688,6 @@
+@@ -639,12 +692,6 @@
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
')
@@ -26546,7 +26551,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
ifdef(`distro_redhat',`
-@@ -705,6 +748,9 @@
+@@ -705,6 +752,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -26556,7 +26561,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -717,9 +763,11 @@
+@@ -717,9 +767,11 @@
squid_manage_logs(initrc_t)
')
@@ -26571,7 +26576,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -738,6 +786,11 @@
+@@ -738,6 +790,11 @@
uml_setattr_util_sockets(initrc_t)
')
@@ -26583,7 +26588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
unconfined_domain(initrc_t)
-@@ -752,6 +805,10 @@
+@@ -752,6 +809,10 @@
')
optional_policy(`
@@ -26594,7 +26599,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
vmware_read_system_config(initrc_t)
vmware_append_system_config(initrc_t)
')
-@@ -774,3 +831,4 @@
+@@ -774,3 +835,4 @@
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -27160,7 +27165,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.3.1/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.fc 2008-03-11 18:59:24.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/lvm.fc 2008-03-12 07:01:13.000000000 -0400
@@ -55,6 +55,7 @@
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -27169,6 +27174,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
/sbin/pvchange -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/pvcreate -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/pvdata -- gen_context(system_u:object_r:lvm_exec_t,s0)
+@@ -97,3 +98,4 @@
+ /var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
+ /var/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
+ /var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
++/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.3.1/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-12-19 05:32:17.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/system/lvm.te 2008-03-11 19:04:42.000000000 -0400
@@ -29611,7 +29621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-09 08:38:37.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-12 08:26:37.000000000 -0400
@@ -29,9 +29,14 @@
')
@@ -31962,7 +31972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Send a dbus message to all user domains.
##
##
-@@ -5704,3 +6074,368 @@
+@@ -5704,3 +6074,370 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -32331,6 +32341,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
+ ')
+')
++
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.3.1/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-12-19 05:32:17.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/system/userdomain.te 2008-02-26 08:29:22.000000000 -0500