diff --git a/modules-targeted.conf b/modules-targeted.conf
index 12f1400..c576ffd 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1681,4 +1681,4 @@ livecd = module
 #
 # Snort network intrusion detection system
 # 
-snort = base
+snort = module
diff --git a/policy-20080710.patch b/policy-20080710.patch
index cac8643..07c9e40 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -358,18 +358,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  init_use_fds(consoletype_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te	2008-08-25 10:50:15.000000000 -0400
-@@ -118,6 +118,10 @@
++++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te	2008-08-29 15:12:36.000000000 -0400
+@@ -118,15 +118,7 @@
  	usermanage_domtrans_admin_passwd(firstboot_t)
  ')
  
+-ifdef(`TODO',`
+-allow firstboot_t proc_t:file write;
+-
+-ifdef(`printconf.te', `
+-	can_exec(firstboot_t, printconf_t)
+-')
+-
+-ifdef(`userhelper.te', `
+-	role system_r types sysadm_userhelper_t;
+-	domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t)
 +optional_policy(`
 +	xserver_xdm_rw_shm(firstboot_t)
-+')
-+
- ifdef(`TODO',`
- allow firstboot_t proc_t:file write;
- 
++	xserver_unconfined(firstboot_t)
+ ')
+-') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2008-08-14 13:08:27.000000000 -0400
 +++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te	2008-08-25 10:50:15.000000000 -0400
@@ -13492,7 +13500,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/cups.te	2008-08-29 12:52:54.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/cups.te	2008-08-29 15:23:04.000000000 -0400
 @@ -48,6 +48,9 @@
  type hplip_t;
  type hplip_exec_t;
@@ -13705,7 +13713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  #
  
 -allow cupsd_config_t self:capability { chown sys_tty_config };
-+allow cupsd_config_t self:capability { chown dav_override sys_tty_config };
++allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
  dontaudit cupsd_config_t self:capability sys_tty_config;
  allow cupsd_config_t self:process signal_perms;
  allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
@@ -24745,7 +24753,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/snort.te	2008-08-25 10:50:15.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/snort.te	2008-08-29 15:22:50.000000000 -0400
 @@ -10,8 +10,11 @@
  type snort_exec_t;
  init_daemon_domain(snort_t, snort_exec_t)
@@ -24784,7 +24792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  sysadm_dontaudit_search_home_dirs(snort_t)
  
  optional_policy(`
-+	prelude_rw_spool(snort_t)
++	prelude_manage_spool(snort_t)
 +')
 +
 +optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 64c382f..58c87d9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -380,6 +380,10 @@ exit 0
 %endif
 
 %changelog
+* Tue Aug 26 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-2
+- Update to upstream
+- Fix crontab use by unconfined user
+
 * Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2
 - Allow ifconfig_t to read dhcpc_state_t