diff --git a/policy-20090105.patch b/policy-20090105.patch
index 0a76544..5a10e59 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -4522,6 +4522,33 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # network_node examples:
  #network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255)
  #network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.10/policy/modules/kernel/devices.fc
+--- nsaserefpolicy/policy/modules/kernel/devices.fc	2009-03-05 14:09:51.000000000 -0500
++++ serefpolicy-3.6.10/policy/modules/kernel/devices.fc	2009-03-24 15:09:41.000000000 -0400
+@@ -91,6 +91,7 @@
+ /dev/sndstat		-c	gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/sonypi		-c	gen_context(system_u:object_r:v4l_device_t,s0)
+ /dev/tlk[0-3]		-c	gen_context(system_u:object_r:v4l_device_t,s0)
++/dev/tpm[0-9]*		-c	gen_context(system_u:object_r:tpm_device_t,s0)
+ /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
+ /dev/ub[a-c]		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/usb.+		-c	gen_context(system_u:object_r:usb_device_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.10/policy/modules/kernel/devices.te
+--- nsaserefpolicy/policy/modules/kernel/devices.te	2009-03-05 12:28:57.000000000 -0500
++++ serefpolicy-3.6.10/policy/modules/kernel/devices.te	2009-03-24 15:08:54.000000000 -0400
+@@ -188,6 +188,12 @@
+ genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
+ 
+ #
++# Type for /dev/tpm
++#
++type tpm_device_t;
++dev_node(tpm_device_t)
++
++#
+ # urandom_device_t is the type of /dev/urandom
+ #
+ type urandom_device_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.10/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-01-05 15:39:38.000000000 -0500
 +++ serefpolicy-3.6.10/policy/modules/kernel/domain.if	2009-03-24 09:03:48.000000000 -0400
@@ -12100,7 +12127,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.10/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/hal.te	2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/hal.te	2009-03-24 10:36:54.000000000 -0400
 @@ -49,6 +49,15 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -12142,10 +12169,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  userdom_dontaudit_use_unpriv_user_fds(hald_t)
  userdom_dontaudit_search_user_home_dirs(hald_t)
-@@ -277,6 +292,13 @@
+@@ -277,6 +292,17 @@
  ')
  
  optional_policy(`
++	ppp_read_rw_config(hald_t)
++')
++
++optional_policy(`
 +	polkit_domtrans_auth(hald_t)
 +	polkit_domtrans_resolve(hald_t)
 +	polkit_read_lib(hald_t)
@@ -12156,7 +12187,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rpc_search_nfs_state_data(hald_t)
  ')
  
-@@ -301,12 +323,16 @@
+@@ -301,12 +327,16 @@
  	virt_manage_images(hald_t)
  ')
  
@@ -12174,7 +12205,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow hald_acl_t self:process { getattr signal };
  allow hald_acl_t self:fifo_file rw_fifo_file_perms;
  
-@@ -321,6 +347,7 @@
+@@ -321,6 +351,7 @@
  manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -12182,7 +12213,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corecmd_exec_bin(hald_acl_t)
  
-@@ -339,6 +366,8 @@
+@@ -339,6 +370,8 @@
  
  storage_getattr_removable_dev(hald_acl_t)
  storage_setattr_removable_dev(hald_acl_t)
@@ -12191,7 +12222,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  auth_use_nsswitch(hald_acl_t)
  
-@@ -346,12 +375,18 @@
+@@ -346,12 +379,18 @@
  
  miscfiles_read_localization(hald_acl_t)
  
@@ -12211,7 +12242,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
  allow hald_t hald_mac_t:process signal;
-@@ -374,6 +409,8 @@
+@@ -374,6 +413,8 @@
  
  auth_use_nsswitch(hald_mac_t)
  
@@ -12220,7 +12251,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(hald_mac_t)
  
  ########################################
-@@ -418,3 +455,49 @@
+@@ -418,3 +459,49 @@
  files_read_usr_files(hald_keymap_t)
  
  miscfiles_read_localization(hald_keymap_t)
@@ -16693,7 +16724,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /sbin
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.10/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/ppp.if	2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/ppp.if	2009-03-24 10:36:17.000000000 -0400
 @@ -58,6 +58,25 @@
  
  ########################################
@@ -21101,8 +21132,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.10/policy/modules/services/virt.fc
 --- nsaserefpolicy/policy/modules/services/virt.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/virt.fc	2009-03-24 09:03:48.000000000 -0400
-@@ -8,5 +8,14 @@
++++ serefpolicy-3.6.10/policy/modules/services/virt.fc	2009-03-24 15:39:18.000000000 -0400
+@@ -8,5 +8,15 @@
  
  /var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
  /var/lib/libvirt/images(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
@@ -21113,6 +21144,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +HOME_DIR/VirtualMachines(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
 +HOME_DIR/VirtualMachines/isos(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
++HOME_DIR/.virtinst(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
 +
 +/var/cache/libvirt(/.*)?	gen_context(system_u:object_r:svirt_cache_t,s0)
 +
@@ -21267,7 +21299,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.10/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/virt.te	2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/virt.te	2009-03-24 15:41:15.000000000 -0400
 @@ -8,20 +8,18 @@
  
  ## <desc>
@@ -21450,8 +21482,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	kerberos_keytab_template(virtd, virtd_t)
 +')
-+
-+optional_policy(`
+ 
+ optional_policy(`
+-	qemu_domtrans(virtd_t)
 +	lvm_domtrans(virtd_t)
 +')
 +
@@ -21460,9 +21493,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	polkit_domtrans_resolve(virtd_t)
 +	polkit_read_lib(virtd_t)
 +')
- 
- optional_policy(`
--	qemu_domtrans(virtd_t)
++
++optional_policy(`
 +	qemu_spec_domtrans(virtd_t, svirt_t)
  	qemu_read_state(virtd_t)
  	qemu_signal(virtd_t)
@@ -21471,7 +21503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -198,5 +262,73 @@
+@@ -198,5 +262,76 @@
  ')
  
  optional_policy(`
@@ -21508,6 +21540,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +manage_dirs_pattern(svirt_t, svirt_image_t, svirt_image_t)
 +manage_files_pattern(svirt_t, svirt_image_t, svirt_image_t)
 +
++list_dirs_pattern(svirt_t, virt_content_t, virt_content_t)
++read_files_pattern(svirt_t, virt_content_t, virt_content_t)
++
 +storage_raw_write_removable_device(svirt_t)
 +storage_raw_read_removable_device(svirt_t)
 +
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5856290..61bca9b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Mar 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.10-2
+- Fixes to allow svirt read iso files in homedir
+
 * Thu Mar 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.10-1
 - Add xenner and wine fixes from mgrepl
 
diff --git a/sources b/sources
index f282b47..9e77069 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-318ceaa56514c9435de330293523369f  serefpolicy-3.6.10.tgz
+38720499e445f99f9e2d4df792f2b6f5  serefpolicy-3.6.10.tgz