diff --git a/policy-20070703.patch b/policy-20070703.patch
index bf6f1ed..961698f 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -2388,6 +2388,53 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.0.5/policy/modules/kernel/corenetwork.if.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-07-03 07:05:38.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/kernel/corenetwork.if.in 2007-08-20 18:15:26.000000000 -0400
+@@ -1449,6 +1449,43 @@
+
+ ########################################
+ ##
++## Connect TCP sockets to rpc ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ allow $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++##
++## Do not audit attempts to connect TCP sockets
++## all rpc ports.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ dontaudit $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++##
+ ## Read and write the TUN/TAP virtual network device.
+ ##
+ ##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.0.5/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-07-03 07:05:38.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/kernel/corenetwork.te.in 2007-08-07 09:39:49.000000000 -0400
@@ -5249,7 +5296,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.0.5/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/dovecot.te 2007-08-14 08:15:55.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/dovecot.te 2007-08-20 17:56:52.000000000 -0400
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -5311,7 +5358,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
seutil_sigchld_newrole(dovecot_t)
')
-@@ -145,33 +144,39 @@
+@@ -145,33 +144,40 @@
# dovecot auth local policy
#
@@ -5333,6 +5380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+files_read_var_symlinks(dovecot_t)
allow dovecot_auth_t dovecot_var_run_t:dir r_dir_perms;
++dovecot_auth_stream_connect(dovecot_auth_t)
kernel_read_all_sysctls(dovecot_auth_t)
kernel_read_system_state(dovecot_auth_t)
@@ -5353,7 +5401,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -185,12 +190,46 @@
+@@ -185,12 +191,46 @@
seutil_dontaudit_search_config(dovecot_auth_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2ece3f0..add8ff4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.5
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -360,6 +360,9 @@ exit 0
%endif
%changelog
+* Sat Aug 18 2007 Dan Walsh 3.0.5-9
+- Allow sshd to write to proc_t for afs login
+
* Sat Aug 18 2007 Dan Walsh 3.0.5-8
- Allow xserver access to urand