diff --git a/.cvsignore b/.cvsignore
index a5684e7..f09593d 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -140,3 +140,4 @@ serefpolicy-3.2.8.tgz
serefpolicy-3.2.9.tgz
serefpolicy-3.3.0.tgz
serefpolicy-3.3.1.tgz
+serefpolicy-3.4.1.tgz
diff --git a/modules-mls.conf b/modules-mls.conf
index 625aee3..8741d52 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1060,20 +1060,6 @@ tzdata = base
#
amtu = module
-# Layer: users
-# Module: staff
-#
-# Fully Privledged user. with su/sudo/newrole
-#
-staff = base
-
-# Layer: users
-# Module: user
-#
-# Fully Privledged user. without su/sudo/newrole
-#
-user = base
-
# Layer: services
# Module: prelude
#
@@ -1081,16 +1067,52 @@ user = base
#
prelude = module
-# Layer: users
+# Layer: role
# Module: secadm
#
# Root role used to manage selinux
#
secadm = module
-# Layer: users
+# Layer: role
# Module: auditadm
#
# Root role used to manage audit system
#
auditadm = module
+
+# Layer:role
+# Module: staff
+#
+# admin account
+#
+staff = base
+
+# Layer:role
+# Module: sysadm
+#
+# System Administrator
+#
+sysadm = base
+
+# Layer: role
+# Module: unprivuser
+#
+# user account
+#
+unprivuser = base
+
+# Layer: role
+# Module: guest
+#
+# Minimally privs guest account on tty logins
+#
+guest = module
+
+# Layer: role
+# Module: xguest
+#
+# Minimally privs guest account on X Windows logins
+#
+xguest = module
+
diff --git a/modules-targeted.conf b/modules-targeted.conf
index cadf2fa..b4e76aa 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1548,28 +1548,14 @@ rpcbind = module
#
vmware = module
-# Layer: users
-# Module: guest
-#
-# Minimally privs guest account on tty logins
-#
-guest = module
-
-# Layer: users
-# Module: xguest
-#
-# Minimally privs guest account on X Windows logins
-#
-xguest = module
-
-# Layer: users
+# Layer: role
# Module: logadm
#
# Minimally prived root role for managing logging system
#
logadm = module
-# Layer: users
+# Layer: role
# Module: webadm
#
# Minimally prived root role for managing apache
@@ -1613,19 +1599,26 @@ bitlbee = module
#
soundserver = module
-# Layer: users
+# Layer:role
# Module: staff
#
-# Minimally privs guest account on tty logins
+# admin account
#
staff = base
-# Layer: users
-# Module: user
+# Layer:role
+# Module: sysadm
+#
+# System Administrator
+#
+sysadm = base
+
+# Layer: role
+# Module: unprivuser
#
# Minimally privs guest account on tty logins
#
-user = base
+unprivuser = base
# Layer: services
# Module: prelude
@@ -1655,3 +1648,17 @@ openoffice = base
#
podsleuth = module
+# Layer: role
+# Module: guest
+#
+# Minimally privs guest account on tty logins
+#
+guest = module
+
+# Layer: role
+# Module: xguest
+#
+# Minimally privs guest account on X Windows logins
+#
+xguest = module
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2c44272..26d6ff7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -16,12 +16,12 @@
%define CHECKPOLICYVER 2.0.3-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.3.1
-Release: 48%{?dist}
+Version: 3.4.1
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
-patch: policy-20071130.patch
+patch: policy-20080509.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@@ -171,7 +171,7 @@ fi;
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2624.
+Based off of reference policy: Checked out revision 2682.
%build
@@ -385,6 +385,9 @@ exit 0
%endif
%changelog
+* Fri May 9 2008 Dan Walsh <dwalsh@redhat.com> 3.4.1-1
+- Merge Upstream
+
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-48
- Allow amanada to create data files
diff --git a/sources b/sources
index e69de29..2f79c06 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+910f96dc0a866f959fa290115a52a7cc serefpolicy-3.4.1.tgz