diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index e423c2a..be7ea90 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -262,3 +262,7 @@ allow_postfix_local_write_mail_spool=true
 # Allow common users to read/write noexattrfile systems
 # 
 user_rw_noexattrfile=true
+
+# Allow qemu to connect fully to the network
+# 
+allow_qemu_full_network=true
diff --git a/policy-20071130.patch b/policy-20071130.patch
index 0053c5b..714ddba 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -1976,7 +1976,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
 +/usr/lib(64)?/gnupg/gpgkeys.* --	gen_context(system_u:object_r:gpg_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.2.9/policy/modules/apps/gpg.if
 --- nsaserefpolicy/policy/modules/apps/gpg.if	2007-07-23 10:20:12.000000000 -0400
-+++ serefpolicy-3.2.9/policy/modules/apps/gpg.if	2008-02-20 14:28:23.000000000 -0500
++++ serefpolicy-3.2.9/policy/modules/apps/gpg.if	2008-02-20 17:37:31.000000000 -0500
 @@ -38,6 +38,10 @@
  	gen_require(`
  		type gpg_exec_t, gpg_helper_exec_t;
@@ -1988,7 +1988,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
  	')
  
  	########################################
-@@ -45,275 +49,53 @@
+@@ -45,275 +49,56 @@
  	# Declarations
  	#
  
@@ -2174,6 +2174,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
 -	manage_files_pattern($1_gpg_agent_t,$1_gpg_secret_t,$1_gpg_secret_t)
 -	manage_lnk_files_pattern($1_gpg_agent_t,$1_gpg_secret_t,$1_gpg_secret_t)
 +	allow $2 gpg_t:process signal_perms;
++	# Thunderbird leaks descriptors
++	dontaudit gpg_t $2:tcp_socket rw_socket_perms;
++	dontaudit gpg_t $2:udp_socket rw_socket_perms;
  
 -	# allow gpg to connect to the gpg agent
 -	stream_connect_pattern($1_gpg_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t,$1_gpg_agent_t)
@@ -2294,8 +2297,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.2.9/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2007-12-19 05:32:09.000000000 -0500
-+++ serefpolicy-3.2.9/policy/modules/apps/gpg.te	2008-02-20 14:28:23.000000000 -0500
-@@ -7,15 +7,232 @@
++++ serefpolicy-3.2.9/policy/modules/apps/gpg.te	2008-02-20 17:36:41.000000000 -0500
+@@ -7,15 +7,228 @@
  #
  
  # Type for gpg or pgp executables.
@@ -2373,6 +2376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
 +files_read_usr_files(gpg_t)
 +files_dontaudit_search_var(gpg_t)
 +
++auth_use_nsswitch(gpg_t)
++
 +libs_use_shared_libs(gpg_t)
 +libs_use_ld_so(gpg_t)
 +
@@ -2380,12 +2385,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
 +
 +logging_send_syslog_msg(gpg_t)
 +
-+sysnet_read_config(gpg_t)
-+
-+optional_policy(`
-+	nis_use_ypbind(gpg_t)
-+')
-+
 +########################################
 +#
 +# GPG helper local policy
@@ -4848,7 +4847,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.2.9/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-02-01 09:12:53.000000000 -0500
-+++ serefpolicy-3.2.9/policy/modules/kernel/corenetwork.te.in	2008-02-20 14:28:23.000000000 -0500
++++ serefpolicy-3.2.9/policy/modules/kernel/corenetwork.te.in	2008-02-20 17:15:58.000000000 -0500
 @@ -82,6 +82,7 @@
  network_port(clockspeed, udp,4041,s0)
  network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0)
@@ -4865,7 +4864,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(ftp_data, tcp,20,s0)
  network_port(ftp, tcp,21,s0)
  network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -122,6 +124,8 @@
+@@ -109,6 +111,7 @@
+ network_port(ircd, tcp,6667,s0)
+ network_port(isakmp, udp,500,s0)
+ network_port(iscsi, tcp,3260,s0)
++network_port(isns, tcp,3205,s0, udp,3205,s0)
+ network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
+ network_port(jabber_interserver, tcp,5269,s0)
+ network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
+@@ -122,6 +125,8 @@
  network_port(mmcc, tcp,5050,s0, udp,5050,s0)
  network_port(monopd, tcp,1234,s0)
  network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -4874,7 +4881,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
  portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
  network_port(nessus, tcp,1241,s0)
-@@ -133,10 +137,12 @@
+@@ -133,10 +138,12 @@
  network_port(pegasus_http, tcp,5988,s0)
  network_port(pegasus_https, tcp,5989,s0)
  network_port(postfix_policyd, tcp,10031,s0)
@@ -4887,7 +4894,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pxe, udp,4011,s0)
-@@ -148,7 +154,7 @@
+@@ -148,7 +155,7 @@
  network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
  network_port(rlogind, tcp,513,s0)
  network_port(rndc, tcp,953,s0)
@@ -4896,7 +4903,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(rsh, tcp,514,s0)
  network_port(rsync, tcp,873,s0, udp,873,s0)
  network_port(rwho, udp,513,s0)
-@@ -170,7 +176,11 @@
+@@ -170,7 +177,11 @@
  network_port(transproxy, tcp,8081,s0)
  type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
  network_port(uucpd, tcp,540,s0)
@@ -20054,7 +20061,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.2.9/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.9/policy/modules/services/squid.te	2008-02-20 16:57:35.000000000 -0500
++++ serefpolicy-3.2.9/policy/modules/services/squid.te	2008-02-20 17:25:10.000000000 -0500
 @@ -31,12 +31,15 @@
  type squid_var_run_t;
  files_pid_file(squid_var_run_t)
@@ -22960,6 +22967,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	vmware_read_system_config(initrc_t)
  	vmware_append_system_config(initrc_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.2.9/policy/modules/system/iscsi.te
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2008-02-18 14:30:18.000000000 -0500
++++ serefpolicy-3.2.9/policy/modules/system/iscsi.te	2008-02-20 17:17:56.000000000 -0500
+@@ -63,6 +63,7 @@
+ corenet_tcp_sendrecv_all_ports(iscsid_t)
+ corenet_tcp_connect_http_port(iscsid_t)
+ corenet_tcp_connect_iscsi_port(iscsid_t)
++corenet_tcp_connect_isns_port(iscsid_t)
+ 
+ dev_rw_sysfs(iscsid_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.2.9/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-12-12 11:35:28.000000000 -0500
 +++ serefpolicy-3.2.9/policy/modules/system/libraries.fc	2008-02-20 14:28:23.000000000 -0500
@@ -24318,10 +24336,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.9/policy/modules/system/qemu.te
 --- nsaserefpolicy/policy/modules/system/qemu.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.9/policy/modules/system/qemu.te	2008-02-20 17:01:56.000000000 -0500
-@@ -0,0 +1,40 @@
++++ serefpolicy-3.2.9/policy/modules/system/qemu.te	2008-02-20 17:27:29.000000000 -0500
+@@ -0,0 +1,47 @@
 +policy_module(qemu,1.0.0)
 +
++## <desc>
++## <p>
++## Allow qemu to connect fully to the network
++## </p>
++## </desc>
++gen_tunable(allow_qemu_full_network,false)
++
 +########################################
 +#
 +# Declarations
@@ -24340,7 +24365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
 +# qemu local policy
 +#
 +
-+tunable_policy(`qemu_full_network',`
++tunable_policy(`allow_qemu_full_network',`
 +	allow qemu_t self:udp_socket create_socket_perms;
 +	corenet_udp_sendrecv_all_if(qemu_t)
 +	corenet_udp_sendrecv_all_nodes(qemu_t)