diff --git a/booleans-mls.conf b/booleans-mls.conf
index fbc359f..9f3d7ba 100644
--- a/booleans-mls.conf
+++ b/booleans-mls.conf
@@ -1,4 +1,4 @@
-# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
+d# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
 # 
 allow_execmem = false
 
diff --git a/modules-targeted.conf b/modules-targeted.conf
index bec5ec0..0b6299d 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -816,6 +816,14 @@ nscd = base
 ntp = base
 
 # Layer: services
+# Module: nx
+#
+# NX Remote Desktop
+# 
+nx = module
+
+
+# Layer: services
 # Module: oddjob
 #
 # policy for oddjob
diff --git a/policy-20071023.patch b/policy-20071023.patch
index 8282aab..089cedf 100644
--- a/policy-20071023.patch
+++ b/policy-20071023.patch
@@ -532,6 +532,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.i
 +
 +	allow $1 brctl_exec_t:file getattr;
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.1.0/policy/modules/admin/brctl.te
+--- nsaserefpolicy/policy/modules/admin/brctl.te	2007-10-23 07:37:52.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/admin/brctl.te	2007-11-12 18:12:28.000000000 -0500
+@@ -40,4 +40,5 @@
+ 
+ optional_policy(`
+ 	xen_append_log(brctl_t)
++	xen_dontaudit_rw_unix_stream_sockets(brctl_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.1.0/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2007-10-12 08:56:09.000000000 -0400
 +++ serefpolicy-3.1.0/policy/modules/admin/consoletype.te	2007-11-06 09:28:35.000000000 -0500
@@ -3163,7 +3172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.1.0/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.1.0/policy/modules/kernel/files.if	2007-11-09 14:39:44.000000000 -0500
++++ serefpolicy-3.1.0/policy/modules/kernel/files.if	2007-11-12 18:07:03.000000000 -0500
 @@ -3054,6 +3054,24 @@
  
  ########################################
@@ -3189,7 +3198,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  ##	Search the tmp directory (/tmp).
  ## </summary>
  ## <param name="domain">
-@@ -4756,3 +4774,54 @@
+@@ -4717,7 +4735,6 @@
+ 		files_search_home($1)
+ 		corecmd_exec_bin($1)
+ 		seutil_domtrans_setfiles($1)
+-		mount_domtrans($1)
+ 	')
+ ')
+ 
+@@ -4756,3 +4773,54 @@
  
  	allow $1 { file_type -security_file_type }:dir manage_dir_perms;
  ')
@@ -10565,7 +10582,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.1.0/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-10-15 16:11:05.000000000 -0400
-+++ serefpolicy-3.1.0/policy/modules/services/xserver.te	2007-11-12 11:58:29.000000000 -0500
++++ serefpolicy-3.1.0/policy/modules/services/xserver.te	2007-11-12 18:26:06.000000000 -0500
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -10584,12 +10601,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  type xdm_var_run_t;
  files_pid_file(xdm_var_run_t)
  
++type xserver_var_lib_t;
++files_type(xserver_var_lib_t)
++
 +type xserver_var_run_t;
 +files_pid_file(xserver_var_run_t)
 +
-+type xdm_var_run_t;
-+files_pid_file(xdm_var_run_t)
-+
  type xdm_tmp_t;
  files_tmp_file(xdm_tmp_t)
  typealias xdm_tmp_t alias ice_tmp_t;
@@ -10753,11 +10770,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +	# xserver signals unconfined user on startx
 +	unconfined_signal(xdm_xserver_t)
 +	unconfined_getpgid(xdm_xserver_t)
-+')
-+
-+
-+tunable_policy(`allow_xserver_execmem', `
-+	allow xdm_xserver_t self:process { execheap execmem execstack };
  ')
  
 -ifdef(`TODO',`
@@ -10781,6 +10793,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 -allow xdm_t polymember:lnk_file { create unlink };
 -# xdm needs access for copying .Xauthority into new home
 -allow xdm_t polymember:file { create getattr write };
++
++tunable_policy(`allow_xserver_execmem', `
++	allow xdm_xserver_t self:process { execheap execmem execstack };
++')
++
 +ifndef(`distro_redhat',`
 +	allow xdm_xserver_t self:process { execheap execmem };
 +')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b6ab7fd..2f667c5 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -16,12 +16,12 @@
 %define CHECKPOLICYVER 2.0.3-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.1.1
+Version: 3.1.2
 Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
-patch: policy-20071023.patch
+patch: policy-20071114.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel