diff --git a/modules-targeted.conf b/modules-targeted.conf
index 16ec8ba..729db8c 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1514,3 +1514,11 @@ webadm = module
 # 
 exim = module
 
+
+# Layer: admin
+# Module: kismet
+#
+# Wireless sniffing and monitoring
+# 
+kismet = module
+
diff --git a/policy-20070703.patch b/policy-20070703.patch
index f094ffa..7fbeae6 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -1128,8 +1128,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +/var/log/kismet(/.*)?			gen_context(system_u:object_r:kismet_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.0.8/policy/modules/admin/kismet.if
 --- nsaserefpolicy/policy/modules/admin/kismet.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/admin/kismet.if	2007-10-18 16:33:14.000000000 -0400
-@@ -0,0 +1,328 @@
++++ serefpolicy-3.0.8/policy/modules/admin/kismet.if	2007-10-18 17:32:20.000000000 -0400
+@@ -0,0 +1,277 @@
 +
 +## <summary>policy for kismet</summary>
 +
@@ -1297,26 +1297,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +
 +########################################
 +## <summary>
-+##	Allow the specified domain to manage
-+##	kismet log files.
-+## </summary>
-+## <param name="domain">
-+## 	<summary>
-+##	Domain allowed to transition.
-+## 	</summary>
-+## </param>
-+#
-+interface(`kismet_manage_log',`
-+	gen_require(`
-+		type var_log_t, kismet_log_t;
-+	')
-+
-+	logging_search_logs($1)
-+	manage_files_pattern($1, kismet_log_t, kismet_log_t)
-+')
-+
-+########################################
-+## <summary>
 +##	Allow the specified domain to append
 +##	kismet log files.
 +## </summary>
@@ -1427,37 +1407,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +
 +')
 +
-+########################################
-+## <summary>
-+##	Execute kismet programs in the kismet domain.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	The type of the process performing this action.
-+##	</summary>
-+## </param>
-+## <param name="role">
-+##	<summary>
-+##	The role to allow the kismet domain.
-+##	</summary>
-+## </param>
-+## <param name="terminal">
-+##	<summary>
-+##	The type of the terminal allow the kismet domain to use.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`kismet_run',`
-+	gen_require(`
-+		type kismet_t;
-+	')
-+
-+	kismet_domtrans($1)
-+	role $2 types kismet_t;
-+	allow kismet_t $3:chr_file rw_term_perms;
-+')
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.0.8/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.0.8/policy/modules/admin/kismet.te	2007-10-18 16:30:41.000000000 -0400
@@ -3414,7 +3363,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-08-22 07:14:06.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc	2007-10-03 11:10:24.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc	2007-10-18 17:16:04.000000000 -0400
 @@ -36,6 +36,11 @@
  /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -3448,7 +3397,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  
  /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
  
-@@ -259,3 +265,9 @@
+@@ -259,3 +265,18 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -3458,6 +3407,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 +/etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
 +/lib/dbus-1/dbus-daemon-launch-helper --    gen_context(system_u:object_r:bin_t,s0)
 +/lib64/dbus-1/dbus-daemon-launch-helper --    gen_context(system_u:object_r:bin_t,s0)
++
++/etc/apcupsd/apccontrol  --    gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/changeme  --    gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/commfailure  --    gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/commok  --    gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/masterconnect  --    gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/mastertimeout  --    gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/offbattery  --    gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/onbattery  --    gen_context(system_u:object_r:bin_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.if.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2007-07-03 07:05:38.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.if.in	2007-10-17 16:11:40.000000000 -0400
@@ -15366,7 +15324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.0.8/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2007-09-12 10:34:51.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/udev.te	2007-10-15 13:54:06.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/udev.te	2007-10-18 17:22:34.000000000 -0400
 @@ -132,6 +132,7 @@
  
  init_read_utmp(udev_t)
@@ -15388,6 +15346,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  	brctl_domtrans(udev_t)
  ')
  
+@@ -220,6 +227,10 @@
+ ')
+ 
+ optional_policy(`
++	raid_domtrans_mdadm(udev_t)
++')
++
++optional_policy(`
+ 	kernel_write_xen_state(udev_t)
+ 	kernel_read_xen_state(udev_t)
+ 	xen_manage_log(udev_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.0.8/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2007-05-29 14:10:58.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/system/unconfined.fc	2007-10-03 11:10:25.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8910030..cb62fd4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 24%{?dist}
+Release: 25%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -373,6 +373,11 @@ exit 0
 %endif
 
 %changelog
+* Thu Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-25
+- Fix vpn to bind to port 4500
+- Allow ssh to create shm
+- Allow rshd to bind to ports > 1023
+
 * Tue Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-24
 - Allow rpm to chat with networkmanager