diff --git a/policy-20070703.patch b/policy-20070703.patch
index 9e4930c..35be2e3 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -2233,7 +2233,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.0.4/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-07-03 07:05:38.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/kernel/corecommands.fc	2007-07-25 13:27:51.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/kernel/corecommands.fc	2007-07-31 13:41:19.000000000 -0400
 @@ -36,6 +36,11 @@
  /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -2246,7 +2246,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  /etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
-@@ -217,6 +222,7 @@
+@@ -127,7 +132,10 @@
+ /usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/cups/cgi-bin/.*	--	gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/filter/.*	--	gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups/filter(/.*)?		gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups/backend(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups/daemon(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
++
+ /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
+@@ -160,6 +168,7 @@
+ /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
++/usr/local/Brother/lpd(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ 
+@@ -217,6 +226,7 @@
  /usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
@@ -2317,8 +2337,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.4/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2007-06-15 14:54:30.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/kernel/devices.fc	2007-07-25 13:27:51.000000000 -0400
-@@ -53,7 +53,7 @@
++++ serefpolicy-3.0.4/policy/modules/kernel/devices.fc	2007-07-31 13:38:24.000000000 -0400
+@@ -19,6 +19,7 @@
+ /dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
+ /dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
+ /dev/full		-c	gen_context(system_u:object_r:null_device_t,s0)
++/dev/[0-9].*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/fw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/hiddev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/hpet		-c	gen_context(system_u:object_r:clock_device_t,s0)
+@@ -53,7 +54,7 @@
  /dev/radio.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/random		-c	gen_context(system_u:object_r:random_device_t,s0)
  /dev/raw1394.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
@@ -2327,7 +2355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/sequencer		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/sequencer2		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/smpte.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-@@ -65,6 +65,7 @@
+@@ -65,6 +66,7 @@
  /dev/tlk[0-3]		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
  /dev/usbdev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
@@ -2335,7 +2363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  /dev/usblp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  ifdef(`distro_suse', `
  /dev/usbscanner		-c	gen_context(system_u:object_r:scanner_device_t,s0)
-@@ -127,3 +128,7 @@
+@@ -127,3 +129,7 @@
  /var/named/chroot/dev/random -c	gen_context(system_u:object_r:random_device_t,s0)
  /var/named/chroot/dev/zero -c	gen_context(system_u:object_r:zero_device_t,s0)
  ')
@@ -2656,6 +2684,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
 +	allow $1 root_t:dir rw_dir_perms;
 +	allow $1 root_t:file { create getattr write };
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.0.4/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te	2007-07-25 10:37:36.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/kernel/files.te	2007-07-31 13:52:33.000000000 -0400
+@@ -55,6 +55,7 @@
+ # compatibility aliases for removed types:
+ typealias etc_t alias automount_etc_t;
+ typealias etc_t alias snmpd_etc_t;
++typealias etc_t alias gconf_etc_t;
+ 
+ #
+ # etc_runtime_t is the type of various
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.0.4/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2007-07-03 07:05:38.000000000 -0400
 +++ serefpolicy-3.0.4/policy/modules/kernel/filesystem.if	2007-07-30 10:20:15.000000000 -0400
@@ -3708,8 +3747,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.0.4/policy/modules/services/apcupsd.fc
 --- nsaserefpolicy/policy/modules/services/apcupsd.fc	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/services/apcupsd.fc	2007-07-25 13:27:51.000000000 -0400
-@@ -1,9 +1,10 @@
++++ serefpolicy-3.0.4/policy/modules/services/apcupsd.fc	2007-07-30 11:44:31.000000000 -0400
+@@ -1,9 +1,11 @@
 -ifdef(`distro_debian',`
 -/sbin/apcupsd			--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
 -')
@@ -3717,6 +3756,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
  /usr/sbin/apcupsd		--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
  
  /var/log/apcupsd\.events.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
++/var/log/apcupsd\.status.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
  
  /var/run/apcupsd\.pid		--	gen_context(system_u:object_r:apcupsd_var_run_t,s0)
 +
@@ -3755,7 +3795,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.0.4/policy/modules/services/apcupsd.te
 --- nsaserefpolicy/policy/modules/services/apcupsd.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/services/apcupsd.te	2007-07-25 13:27:51.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/services/apcupsd.te	2007-07-30 11:42:36.000000000 -0400
 @@ -16,6 +16,9 @@
  type apcupsd_log_t;
  logging_log_file(apcupsd_log_t)
@@ -3798,19 +3838,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
  
  dev_rw_generic_usb_dev(apcupsd_t)
  
-@@ -56,9 +67,53 @@
+@@ -55,6 +66,15 @@
+ 
  files_read_etc_files(apcupsd_t)
  files_search_locks(apcupsd_t)
- 
++# Creates /etc/nologin
++files_manage_etc_runtime_files(apcupsd_t)
++files_etc_filetrans_etc_runtime(apcuspd_t,file)
++
 +#apcupsd runs shutdown, probably need a shutdown domain
 +init_rw_utmp(apcupsd_t)
 +init_telinit(apcupsd_t)
 +
 +kernel_read_system_state(apcupsd_t)
-+
+ 
  libs_use_ld_so(apcupsd_t)
  libs_use_shared_libs(apcupsd_t)
- 
+@@ -62,3 +82,41 @@
  logging_send_syslog_msg(apcupsd_t)
  
  miscfiles_read_localization(apcupsd_t)
@@ -4503,7 +4547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
  ifdef(`TODO',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.0.4/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/services/cups.fc	2007-07-25 13:27:51.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/services/cups.fc	2007-07-31 13:36:05.000000000 -0400
 @@ -8,6 +8,7 @@
  /etc/cups/ppd/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -4512,14 +4556,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  /etc/cups/certs		-d	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  
-@@ -52,3 +53,4 @@
+@@ -17,8 +18,6 @@
+ 
+ /usr/bin/cups-config-daemon --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+ 
+-/usr/lib(64)?/cups/backend/.* -- gen_context(system_u:object_r:cupsd_exec_t,s0)
+-/usr/lib(64)?/cups/daemon/.*	-- gen_context(system_u:object_r:cupsd_exec_t,s0)
+ /usr/lib(64)?/cups/daemon/cups-lpd -- gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
+ 
+ /usr/libexec/hal_lpadmin --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+@@ -52,3 +51,4 @@
  /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
  
  /var/spool/cups(/.*)?		gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
-+/usr/local/Brother/inf(/.*)?	gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
++/usr/local/Brother/inf(/.*)?	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.4/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/services/cups.te	2007-07-25 14:08:39.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/services/cups.te	2007-07-31 12:58:26.000000000 -0400
 @@ -81,12 +81,11 @@
  # /usr/lib/cups/backend/serial needs sys_admin(?!)
  allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config };
@@ -4534,6 +4587,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  allow cupsd_t self:tcp_socket create_stream_socket_perms;
  allow cupsd_t self:udp_socket create_socket_perms;
  allow cupsd_t self:appletalk_socket create_socket_perms;
+@@ -105,7 +104,7 @@
+ 
+ # allow cups to execute its backend scripts
+ can_exec(cupsd_t, cupsd_exec_t)
+-allow cupsd_t cupsd_exec_t:dir search;
++allow cupsd_t cupsd_exec_t:dir search_dir_perms;
+ allow cupsd_t cupsd_exec_t:lnk_file read;
+ 
+ manage_files_pattern(cupsd_t,cupsd_log_t,cupsd_log_t)
 @@ -150,14 +149,17 @@
  corenet_tcp_bind_reserved_port(cupsd_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
@@ -7605,7 +7667,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.4/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/services/xserver.te	2007-07-25 13:27:51.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/services/xserver.te	2007-07-31 10:08:15.000000000 -0400
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -7702,16 +7764,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	resmgr_stream_connect(xdm_t)
  ')
  
-@@ -434,47 +453,15 @@
+@@ -434,47 +453,19 @@
  ')
  
  optional_policy(`
 -	unconfined_domain_noaudit(xdm_xserver_t)
 -	unconfined_domtrans(xdm_xserver_t)
--
++	rpm_dontaudit_rw_shm(xdm_xserver_t)
++')
+ 
 -	ifndef(`distro_redhat',`
 -		allow xdm_xserver_t self:process { execheap execmem };
 -	')
++optional_policy(`
 +	unconfined_rw_shm(xdm_xserver_t)
 +	unconfined_execmem_rw_shm(xdm_xserver_t)
 +')
@@ -8238,7 +8303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.te serefpolicy-3.0.4/policy/modules/system/brctl.te
 --- nsaserefpolicy/policy/modules/system/brctl.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.4/policy/modules/system/brctl.te	2007-07-27 13:35:00.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/system/brctl.te	2007-07-30 11:23:32.000000000 -0400
 @@ -0,0 +1,50 @@
 +policy_module(brctl,1.0.0)
 +
@@ -8262,7 +8327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
 +allow brctl_t self:tcp_socket create_socket_perms;
 +allow brctl_t self:unix_dgram_socket create_socket_perms;
 +
-+dev_read_sysfs(brctl_t)
++dev_rw_sysfs(brctl_t)
 +
 +# Init script handling
 +domain_use_interactive_fds(brctl_t)
@@ -9438,13 +9503,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.0.4/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2007-05-29 14:10:58.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/system/mount.fc	2007-07-25 13:27:51.000000000 -0400
-@@ -1,4 +1,3 @@
++++ serefpolicy-3.0.4/policy/modules/system/mount.fc	2007-07-30 11:34:24.000000000 -0400
+@@ -1,4 +1,2 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 -
 -/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
-+/sbin/mount.ntfs-3g		--	gen_context(system_u:object_r:mount_ntfs_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.0.4/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2007-06-11 16:05:30.000000000 -0400
 +++ serefpolicy-3.0.4/policy/modules/system/mount.if	2007-07-25 13:27:51.000000000 -0400
@@ -9491,7 +9555,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.4/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/system/mount.te	2007-07-26 13:15:01.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/system/mount.te	2007-07-30 11:32:20.000000000 -0400
 @@ -8,6 +8,13 @@
  
  ## <desc>
@@ -9506,16 +9570,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  ## Allow mount to mount any file
  ## </p>
  ## </desc>
-@@ -16,19 +23,22 @@
+@@ -16,19 +23,21 @@
  type mount_t;
  type mount_exec_t;
  init_system_domain(mount_t,mount_exec_t)
 +application_executable_file(mount_exec_t)
  role system_r types mount_t;
  
-+type mount_ntfs_t;
-+type mount_ntfs_exec_t;
-+init_system_domain(mount_ntfs_t, mount_ntfs_exec_t)
++typealias mount_t alias mount_ntfs_t;
++typealias mount_exec_t alias mount_ntfs_exec_t;
 +
  type mount_loopback_t; # customizable
  files_type(mount_loopback_t)
@@ -9532,7 +9595,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  ########################################
  #
-@@ -36,7 +46,7 @@
+@@ -36,7 +45,7 @@
  #
  
  # setuid/setgid needed to mount cifs 
@@ -9541,7 +9604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  allow mount_t mount_loopback_t:file read_file_perms;
  allow mount_t self:netlink_route_socket r_netlink_socket_perms;
-@@ -51,6 +61,7 @@
+@@ -51,6 +60,7 @@
  kernel_read_system_state(mount_t)
  kernel_read_kernel_sysctls(mount_t)
  kernel_dontaudit_getattr_core_if(mount_t)
@@ -9549,7 +9612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  dev_getattr_all_blk_files(mount_t)
  dev_list_all_dev_nodes(mount_t)
-@@ -101,6 +112,8 @@
+@@ -101,6 +111,8 @@
  init_use_fds(mount_t)
  init_use_script_ptys(mount_t)
  init_dontaudit_getattr_initctl(mount_t)
@@ -9558,7 +9621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  
  libs_use_ld_so(mount_t)
  libs_use_shared_libs(mount_t)
-@@ -127,10 +140,15 @@
+@@ -127,10 +139,15 @@
  	')
  ')
  
@@ -9575,7 +9638,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  ')
  
  optional_policy(`
-@@ -201,4 +219,54 @@
+@@ -201,4 +218,29 @@
  optional_policy(`
  	files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
  	unconfined_domain(unconfined_mount_t)
@@ -9586,48 +9649,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +
 +########################################
 +#
-+# mount_ntfs local policy
++# ntfs local policy
 +#
-+allow mount_ntfs_t self:capability { setuid sys_admin };
-+allow mount_ntfs_t self:fifo_file { read write };
-+allow mount_ntfs_t self:unix_stream_socket create_stream_socket_perms;
-+allow mount_ntfs_t self:unix_dgram_socket { connect create };
-+
-+corecmd_read_bin_symlinks(mount_ntfs_t)
-+corecmd_exec_shell(mount_ntfs_t)
-+
-+files_read_etc_files(mount_ntfs_t)
-+files_search_all(mount_ntfs_t)
-+
-+libs_use_ld_so(mount_ntfs_t)
-+libs_use_shared_libs(mount_ntfs_t)
-+
-+fusermount_domtrans(mount_ntfs_t)
-+fusermount_use_fds(mount_ntfs_t)
-+
-+init_dontaudit_use_fds(mount_ntfs_t)
-+
-+kernel_read_system_state(mount_ntfs_t)
++allow mount_t self:fifo_file { read write };
++allow mount_t self:unix_stream_socket create_stream_socket_perms;
++allow mount_t self:unix_dgram_socket { connect create };
 +
-+logging_send_syslog_msg(mount_ntfs_t)
++corecmd_exec_shell(mount_t)
 +
-+miscfiles_read_localization(mount_ntfs_t)
++fusermount_domtrans(mount_t)
++fusermount_use_fds(mount_t)
 +
-+modutils_domtrans_insmod(mount_ntfs_t)
-+
-+mount_ntfs_domtrans(mount_t)
-+
-+storage_raw_read_fixed_disk(mount_ntfs_t)
-+storage_raw_write_fixed_disk(mount_ntfs_t)
-+
-+optional_policy(`
-+	nscd_socket_use(mount_ntfs_t)
-+')
++# modutils_domtrans_insmod(mount_t)
 +
 +optional_policy(`
-+	hal_write_log(mount_ntfs_t)
-+	hal_use_fds(mount_ntfs_t)
-+	hal_rw_pipes(mount_ntfs_t)
++	hal_write_log(mount_t)
++	hal_use_fds(mount_t)
++	hal_rw_pipes(mount_t)
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-3.0.4/policy/modules/system/netlabel.te
@@ -9644,7 +9682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlab
  libs_use_ld_so(netlabel_mgmt_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.0.4/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/system/raid.te	2007-07-25 13:27:51.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/system/raid.te	2007-07-31 09:56:48.000000000 -0400
 @@ -19,7 +19,7 @@
  # Local policy
  #
@@ -9654,6 +9692,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
  dontaudit mdadm_t self:capability sys_tty_config;
  allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
  allow mdadm_t self:fifo_file rw_fifo_file_perms;
+@@ -70,6 +70,7 @@
+ 
+ userdom_dontaudit_use_unpriv_user_fds(mdadm_t)
+ userdom_dontaudit_use_sysadm_ttys(mdadm_t)
++userdom_dontaudit_search_all_users_home_content(mdadm_t)
+ 
+ mta_send_mail(mdadm_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.0.4/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2007-05-30 11:47:29.000000000 -0400
 +++ serefpolicy-3.0.4/policy/modules/system/selinuxutil.fc	2007-07-25 13:27:51.000000000 -0400
@@ -10591,7 +10637,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +corecmd_exec_all_executables(unconfined_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.4/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/system/userdomain.if	2007-07-28 11:09:17.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/system/userdomain.if	2007-07-31 09:56:28.000000000 -0400
 @@ -62,6 +62,10 @@
  
  	allow $1_t $1_tty_device_t:chr_file { setattr rw_chr_file_perms };
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4164f69..235858a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -359,6 +359,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Jul 30 2007 Dan Walsh <dwalsh@redhat.com> 3.0.4-4
+- Eliminate mount_ntfs_t policy, merge into mount_t
+
 * Mon Jul 30 2007 Dan Walsh <dwalsh@redhat.com> 3.0.4-3
 - Allow xserver to write to ramfs mounted by rhgb