diff --git a/policy-20071130.patch b/policy-20071130.patch
index 4de83ea..255f748 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -7424,8 +7424,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te	2008-02-26 08:29:22.000000000 -0500
-@@ -259,6 +259,8 @@
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te	2008-03-06 15:50:41.000000000 -0500
+@@ -231,6 +231,8 @@
+ # Mount root file system.  Used when loading a policy
+ # from initrd, then mounting the root filesystem
+ fs_mount_all_fs(kernel_t)
++fs_unmount_all_fs(kernel_t)
++
+ 
+ selinux_load_policy(kernel_t)
+ 
+@@ -253,12 +255,16 @@
+ 
+ mls_process_read_up(kernel_t)
+ mls_process_write_down(kernel_t)
++mls_file_write_all_levels(kernel_t)
++mls_file_read_all_levels(kernel_t) 
+ 
+ ifdef(`distro_redhat',`
+ 	# Bugzilla 222337
  	fs_rw_tmpfs_chr_files(kernel_t)
  ')
  
@@ -7434,7 +7451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  tunable_policy(`read_default_t',`
  	files_list_default(kernel_t)
  	files_read_default_files(kernel_t)
-@@ -363,7 +365,7 @@
+@@ -363,7 +369,7 @@
  
  allow kern_unconfined proc_type:{ dir file lnk_file } *;
  
@@ -7443,7 +7460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  
  allow kern_unconfined kernel_t:system *;
  
-@@ -374,3 +376,4 @@
+@@ -374,3 +380,4 @@
  allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
  
  kernel_rw_all_sysctls(kern_unconfined)
@@ -13651,7 +13668,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2008-03-06 13:11:59.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2008-03-06 16:54:16.000000000 -0500
 @@ -18,6 +18,9 @@
  type fail2ban_var_run_t;
  files_pid_file(fail2ban_var_run_t)
@@ -13683,7 +13700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +fs_list_inotifyfs(fail2ban_t)
 +
 +auth_use_nsswitch(fail2ban_t)
-+corenet_tcp_connect_dns_port(fail2ban_t)
++corenet_tcp_connect_whois_port(fail2ban_t)
  
  libs_use_ld_so(fail2ban_t)
  libs_use_shared_libs(fail2ban_t)