diff --git a/policy-20070703.patch b/policy-20070703.patch
index cb78277..670e3cd 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -594,7 +594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.0.5/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2007-07-25 10:37:43.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/admin/logwatch.te	2007-08-07 10:18:57.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/admin/logwatch.te	2007-08-10 11:56:22.000000000 -0400
 @@ -29,7 +29,6 @@
  allow logwatch_t self:process signal;
  allow logwatch_t self:fifo_file rw_file_perms;
@@ -608,7 +608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
  
  dev_read_urand(logwatch_t)
 -dev_search_sysfs(logwatch_t)
-+dev_list_sysfs(logwatch_t)
++dev_read_sysfs(logwatch_t)
  
  # Read /proc/PID directories for all domains.
  domain_read_all_domains_state(logwatch_t)
@@ -4119,17 +4119,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  corenet_sendrecv_rndc_client_packets(ndc_t)
  
  fs_getattr_xattr_fs(ndc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.0.5/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te	2007-08-02 08:17:27.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/bluetooth.te	2007-08-07 09:39:49.000000000 -0400
-@@ -128,6 +128,7 @@
- 	dbus_system_bus_client_template(bluetooth,bluetooth_t)
- 	dbus_connect_system_bus(bluetooth_t)
- 	dbus_send_system_bus(bluetooth_t)
-+	userdom_dbus_chat_all_users(bluetooth_t)
- ')
- 
- optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.0.5/policy/modules/services/clamav.fc
 --- nsaserefpolicy/policy/modules/services/clamav.fc	2007-05-29 14:10:57.000000000 -0400
 +++ serefpolicy-3.0.5/policy/modules/services/clamav.fc	2007-08-07 09:39:49.000000000 -0400
@@ -4192,7 +4181,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.0.5/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/consolekit.te	2007-08-07 09:39:49.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/consolekit.te	2007-08-10 11:40:51.000000000 -0400
 @@ -10,7 +10,6 @@
  type consolekit_exec_t;
  init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -4233,12 +4222,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  optional_policy(`
  	dbus_system_bus_client_template(consolekit, consolekit_t)
  	dbus_send_system_bus(consolekit_t)
-@@ -62,9 +68,17 @@
+@@ -62,9 +68,16 @@
  	optional_policy(`
  		unconfined_dbus_chat(consolekit_t)
  	')
 +
-+	userdom_dbus_chat_all_users(consolekit_t)
  ')
  
  optional_policy(`
@@ -4671,7 +4659,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/local/Brother/inf(/.*)?	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.5/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/cups.te	2007-08-07 09:39:49.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/cups.te	2007-08-10 11:32:15.000000000 -0400
 @@ -81,12 +81,11 @@
  # /usr/lib/cups/backend/serial needs sys_admin(?!)
  allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config };
@@ -4784,18 +4772,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	cron_system_entry(cupsd_t, cupsd_exec_t)
  ')
  
-@@ -250,6 +278,10 @@
- 	optional_policy(`
- 		hal_dbus_chat(cupsd_t)
- 	')
-+
-+	optional_policy(`
-+		userdom_dbus_chat_all_users(cupsd_t)
-+	')
- ')
- 
- optional_policy(`
-@@ -265,16 +297,16 @@
+@@ -265,16 +293,16 @@
  ')
  
  optional_policy(`
@@ -4816,7 +4793,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	seutil_sigchld_newrole(cupsd_t)
  ')
  
-@@ -379,6 +411,14 @@
+@@ -379,6 +407,14 @@
  ')
  
  optional_policy(`
@@ -4831,7 +4808,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
  ')
  
-@@ -562,7 +602,7 @@
+@@ -562,7 +598,7 @@
  dev_read_urand(hplip_t)
  dev_read_rand(hplip_t)
  dev_rw_generic_usb_dev(hplip_t)
@@ -4840,7 +4817,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  fs_getattr_all_fs(hplip_t)
  fs_search_auto_mountpoints(hplip_t)
-@@ -589,8 +629,6 @@
+@@ -589,8 +625,6 @@
  userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
  userdom_dontaudit_search_all_users_home_content(hplip_t)
  
@@ -5431,7 +5408,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.0.5/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/hal.te	2007-08-09 14:46:39.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/hal.te	2007-08-10 11:34:53.000000000 -0400
 @@ -22,6 +22,12 @@
  type hald_log_t;
  files_type(hald_log_t)
@@ -5495,18 +5472,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	alsa_read_rw_config(hald_t)
  ')
  
-@@ -228,6 +242,10 @@
+@@ -228,6 +242,7 @@
  	optional_policy(`
  		networkmanager_dbus_chat(hald_t)
  	')
 +
-+	optional_policy(`
-+		userdom_dbus_chat_all_users(hald_t)
-+	')
  ')
  
  optional_policy(`
-@@ -283,6 +301,7 @@
+@@ -283,6 +298,7 @@
  #
  
  allow hald_acl_t self:capability { dac_override fowner };
@@ -5514,7 +5488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  allow hald_acl_t self:fifo_file read_fifo_file_perms;
  
  domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
-@@ -296,7 +315,10 @@
+@@ -296,7 +312,10 @@
  corecmd_exec_bin(hald_acl_t)
  
  dev_getattr_all_chr_files(hald_acl_t)
@@ -5525,7 +5499,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  dev_setattr_sound_dev(hald_acl_t)
  dev_setattr_generic_usb_dev(hald_acl_t)
  dev_setattr_usbfs_files(hald_acl_t)
-@@ -358,3 +380,25 @@
+@@ -358,3 +377,25 @@
  libs_use_shared_libs(hald_sonypic_t)
  
  miscfiles_read_localization(hald_sonypic_t)
@@ -5987,7 +5961,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  /var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.5/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/networkmanager.te	2007-08-07 09:39:49.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/networkmanager.te	2007-08-10 11:35:13.000000000 -0400
 @@ -41,6 +41,8 @@
  kernel_read_kernel_sysctls(NetworkManager_t)
  kernel_load_module(NetworkManager_t)
@@ -5997,15 +5971,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  corenet_all_recvfrom_unlabeled(NetworkManager_t)
  corenet_all_recvfrom_netlabel(NetworkManager_t)
  corenet_tcp_sendrecv_all_if(NetworkManager_t)
-@@ -136,6 +138,7 @@
- 	dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
- 	dbus_connect_system_bus(NetworkManager_t)
- 	dbus_send_system_bus(NetworkManager_t)
-+	userdom_dbus_chat_all_users(NetworkManager_t)
- ')
- 
- optional_policy(`
-@@ -152,6 +155,11 @@
+@@ -152,6 +154,11 @@
  ')
  
  optional_policy(`
@@ -6017,7 +5983,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
-@@ -166,6 +174,7 @@
+@@ -166,6 +173,7 @@
  ')
  
  optional_policy(`
@@ -11153,7 +11119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +corecmd_exec_all_executables(unconfined_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.5/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/system/userdomain.if	2007-08-07 10:28:24.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/system/userdomain.if	2007-08-10 11:57:57.000000000 -0400
 @@ -62,6 +62,10 @@
  
  	allow $1_t $1_tty_device_t:chr_file { setattr rw_chr_file_perms };
@@ -11451,7 +11417,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	optional_policy(`
  		alsa_read_rw_config($1_t)
  	')
-@@ -829,34 +777,14 @@
+@@ -829,11 +777,6 @@
  	')
  
  	optional_policy(`
@@ -11463,56 +11429,59 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  		allow $1_t self:dbus send_msg;
  		dbus_system_bus_client_template($1,$1_t)
  
+@@ -842,21 +785,18 @@
+ 		')
+ 
  		optional_policy(`
--			bluetooth_dbus_chat($1_t)
--		')
--
--		optional_policy(`
- 			evolution_dbus_chat($1,$1_t)
- 			evolution_alarm_dbus_chat($1,$1_t)
+-			evolution_dbus_chat($1,$1_t)
+-			evolution_alarm_dbus_chat($1,$1_t)
++			consolekit_dbus_chat($1_t)
  		')
  
--		optional_policy(`
+ 		optional_policy(`
 -			cups_dbus_chat_config($1_t)
--		')
--
--		optional_policy(`
++			networkmanager_dbus_chat($1_t)
+ 		')
+ 
+ 		optional_policy(`
 -			hal_dbus_chat($1_t)
--		')
--
++			evolution_dbus_chat($1,$1_t)
++			evolution_alarm_dbus_chat($1,$1_t)
+ 		')
+ 
 -		optional_policy(`
 -			networkmanager_dbus_chat($1_t)
 -		')
  	')
  
  	optional_policy(`
-@@ -884,17 +812,19 @@
+@@ -884,17 +824,17 @@
  	')
  
  	optional_policy(`
 -		nis_use_ypbind($1_t)
--	')
--
--	optional_policy(`
- 		tunable_policy(`allow_user_mysql_connect',`
- 			mysql_stream_connect($1_t)
- 		')
++		alsa_read_rw_config($1_t)
  	')
  
 -	optional_policy(`
--		nscd_socket_use($1_t)
+-		tunable_policy(`allow_user_mysql_connect',`
+-			mysql_stream_connect($1_t)
+-		')
+-	')
 +	 optional_policy(`
 +	          tunable_policy(`allow_user_postgresql_connect',`
 +			postgresql_stream_connect($1_t)
 +		  ')
 +        ')
-+
+ 
+-	optional_policy(`
+-		nscd_socket_use($1_t)
 +	tunable_policy(`user_ttyfile_stat',`
 +		term_getattr_all_user_ttys($1_t)
  	')
  
  	optional_policy(`
-@@ -908,16 +838,6 @@
+@@ -908,16 +848,6 @@
  	')
  
  	optional_policy(`
@@ -11529,7 +11498,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  		resmgr_stream_connect($1_t)
  	')
  
-@@ -927,11 +847,6 @@
+@@ -927,11 +857,6 @@
  	')
  
  	optional_policy(`
@@ -11541,7 +11510,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  		samba_stream_connect_winbind($1_t)
  	')
  
-@@ -962,21 +877,162 @@
+@@ -962,21 +887,162 @@
  ##	</summary>
  ## </param>
  #
@@ -11710,7 +11679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	domain_interactive_fd($1_t)
  
  	typeattribute $1_devpts_t user_ptynode;
-@@ -985,15 +1041,53 @@
+@@ -985,15 +1051,53 @@
  	typeattribute $1_tmp_t user_tmpfile;
  	typeattribute $1_tty_device_t user_ttynode;
  
@@ -11768,10 +11737,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	# port access is audited even if dac would not have allowed it, so dontaudit it here
  	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
-@@ -1029,15 +1123,7 @@
- 	# and may change other protocols
- 	tunable_policy(`user_tcp_server',`
- 		corenet_tcp_bind_all_nodes($1_t)
+@@ -1024,20 +1128,12 @@
+ 		kernel_dontaudit_read_ring_buffer($1_t)
+ 	')
+ 
+-	# Allow users to run TCP servers (bind to ports and accept connection from
+-	# the same domain and outside users)  disabling this forces FTP passive mode
+-	# and may change other protocols
+-	tunable_policy(`user_tcp_server',`
+-		corenet_tcp_bind_all_nodes($1_t)
 -		corenet_tcp_bind_generic_port($1_t)
 -	')
 -
@@ -11781,11 +11755,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 -
 -	optional_policy(`
 -		loadkeys_run($1_t,$1_r,$1_tty_device_t)
++	# Allow users to run TCP servers (bind to ports and accept connection from
++	# the same domain and outside users)  disabling this forces FTP passive mode
++	# and may change other protocols
++	tunable_policy(`user_tcp_server',`
++		corenet_tcp_bind_all_nodes($1_t)
 +		corenet_tcp_bind_all_unreserved_ports($1_t)
  	')
  
  	optional_policy(`
-@@ -1054,17 +1140,6 @@
+@@ -1054,17 +1150,6 @@
  		setroubleshoot_stream_connect($1_t)
  	')
  
@@ -11803,7 +11782,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  #######################################
-@@ -1102,6 +1177,8 @@
+@@ -1102,6 +1187,8 @@
  		class passwd { passwd chfn chsh rootok crontab };
  	')
  
@@ -11812,7 +11791,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	##############################
  	#
  	# Declarations
-@@ -1127,7 +1204,7 @@
+@@ -1127,7 +1214,7 @@
  	# $1_t local policy
  	#
  
@@ -11821,7 +11800,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow $1_t self:process { setexec setfscreate };
  
  	# Set password information for other users.
-@@ -1139,7 +1216,11 @@
+@@ -1139,7 +1226,11 @@
  	# Manipulate other users crontab.
  	allow $1_t self:passwd crontab;
  
@@ -11834,7 +11813,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
-@@ -1902,6 +1983,41 @@
+@@ -1902,6 +1993,41 @@
  
  ########################################
  ## <summary>
@@ -11876,7 +11855,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Do not audit attempts to set the
  ##	attributes of user home files.
  ## </summary>
-@@ -3078,7 +3194,7 @@
+@@ -3078,7 +3204,7 @@
  #
  template(`userdom_tmp_filetrans_user_tmp',`
  	gen_require(`
@@ -11885,7 +11864,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -5323,7 +5439,7 @@
+@@ -5323,7 +5449,7 @@
  		attribute user_tmpfile;
  	')
  
@@ -11894,34 +11873,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -5548,6 +5664,26 @@
- 
- ########################################
- ## <summary>
-+##	Send a dbus message to all user domains.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`userdom_dbus_chat_all_users',`
-+	gen_require(`
-+		attribute userdomain;
-+		class dbus send_msg;
-+	')
-+
-+	allow $1 userdomain:dbus send_msg;
-+	allow userdomain $1:dbus send_msg;
-+')
-+
-+########################################
-+## <summary>
- ##	Unconfined access to user domains.  (Deprecated)
- ## </summary>
- ## <param name="domain">
-@@ -5559,3 +5695,275 @@
+@@ -5559,3 +5685,280 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -12113,6 +12065,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +	dbus_per_role_template($1, $1_t, $1_r)
 +	dbus_system_bus_client_template($1, $1_t)
 +	allow $1_t self:dbus send_msg;
++
++	optional_policy(`
++		cups_dbus_chat($1_t)
++	')
++
 +')
 +
 +optional_policy(`
@@ -12396,13 +12353,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.i
 +## <summary>Policy for guest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.0.5/policy/modules/users/guest.te
 --- nsaserefpolicy/policy/modules/users/guest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.5/policy/modules/users/guest.te	2007-08-07 09:39:49.000000000 -0400
-@@ -0,0 +1,5 @@
++++ serefpolicy-3.0.5/policy/modules/users/guest.te	2007-08-10 11:34:33.000000000 -0400
+@@ -0,0 +1,9 @@
 +policy_module(guest,1.0.0)
 +userdom_unpriv_login_user(guest)
 +userdom_unpriv_login_user(gadmin)
 +userdom_unpriv_xwindows_login_user(xguest)
 +mozilla_per_role_template(xguest, xguest_t, xguest_r)
++# Allow mounting of file systems
++optional_policy(`
++	hal_dbus_chat(xguest_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.0.5/policy/modules/users/logadm.fc
 --- nsaserefpolicy/policy/modules/users/logadm.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.0.5/policy/modules/users/logadm.fc	2007-08-07 09:39:49.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4e525d5..3641446 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -360,6 +360,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-4
+- Fix dbus chat to not happen for xguest and guest users
+
 * Mon Aug 6 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-3
 - Fix nagios cgi
 - allow squid to communicate with winbind