diff --git a/.cvsignore b/.cvsignore
index 06084cd..ebd9d0e 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -132,3 +132,4 @@ serefpolicy-3.1.2.tgz
serefpolicy-3.2.1.tgz
serefpolicy-3.2.2.tgz
serefpolicy-3.2.3.tgz
+serefpolicy-3.2.4.tgz
diff --git a/policy-20071130.patch b/policy-20071130.patch
index 938366b..e6ca8ed 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -5055,7 +5055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.2.4/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/services/cron.if 2007-12-13 13:34:36.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/cron.if 2007-12-13 14:22:04.000000000 -0500
@@ -35,38 +35,23 @@
#
template(`cron_per_role_template',`
@@ -5923,9 +5923,37 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+
+')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.2.4/policy/modules/services/dcc.if
+--- nsaserefpolicy/policy/modules/services/dcc.if 2007-03-26 10:39:05.000000000 -0400
++++ serefpolicy-3.2.4/policy/modules/services/dcc.if 2007-12-13 15:58:07.000000000 -0500
+@@ -72,6 +72,24 @@
+
+ ########################################
+ ##
++## Send a signal to the dcc_client.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dcc_signal_client',`
++ gen_require(`
++ type dcc_client_t;
++ ')
++
++ allow $1 dcc_client_t:process signal;
++')
++
++########################################
++##
+ ## Execute dcc_client in the dcc_client domain, and
+ ## allow the specified role the dcc_client domain.
+ ##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.2.4/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/services/dcc.te 2007-12-13 13:34:36.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/dcc.te 2007-12-13 15:52:57.000000000 -0500
@@ -124,7 +124,7 @@
# dcc procmail interface local policy
#
@@ -5935,6 +5963,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
allow dcc_client_t self:unix_dgram_socket create_socket_perms;
allow dcc_client_t self:udp_socket create_socket_perms;
+@@ -148,6 +148,8 @@
+ files_read_etc_files(dcc_client_t)
+ files_read_etc_runtime_files(dcc_client_t)
+
++kernel_read_system_state(dcc_client_t)
++
+ libs_use_ld_so(dcc_client_t)
+ libs_use_shared_libs(dcc_client_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.2.4/policy/modules/services/dictd.fc
--- nsaserefpolicy/policy/modules/services/dictd.fc 2006-11-16 17:15:20.000000000 -0500
+++ serefpolicy-3.2.4/policy/modules/services/dictd.fc 2007-12-13 13:34:36.000000000 -0500
@@ -6054,7 +6091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.2.4/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/services/dovecot.te 2007-12-13 13:34:36.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/dovecot.te 2007-12-13 15:31:36.000000000 -0500
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -9815,7 +9852,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.2.4/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/services/spamassassin.te 2007-12-13 13:34:37.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/spamassassin.te 2007-12-13 15:58:16.000000000 -0500
@@ -44,6 +44,15 @@
type spamassassin_exec_t;
application_executable_file(spamassassin_exec_t)
@@ -9858,6 +9895,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
fs_manage_cifs_files(spamd_t)
')
+@@ -171,6 +183,7 @@
+
+ optional_policy(`
+ dcc_domtrans_client(spamd_t)
++ dcc_signal_client(spamd_t)
+ dcc_stream_connect_dccifd(spamd_t)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.2.4/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2006-11-16 17:15:21.000000000 -0500
+++ serefpolicy-3.2.4/policy/modules/services/squid.fc 2007-12-13 13:34:37.000000000 -0500
@@ -11789,7 +11834,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.2.4/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/system/init.te 2007-12-13 13:34:37.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/system/init.te 2007-12-13 14:23:31.000000000 -0500
@@ -10,6 +10,20 @@
# Declarations
#
@@ -11943,7 +11988,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
')
optional_policy(`
-@@ -743,6 +779,10 @@
+@@ -729,6 +765,11 @@
+ uml_setattr_util_sockets(initrc_t)
+ ')
+
++# Cron jobs used to start and stop services
++optional_policy(`
++ cron_read_pipes(daemon)
++')
++
+ optional_policy(`
+ unconfined_domain(initrc_t)
+
+@@ -743,6 +784,10 @@
')
optional_policy(`
diff --git a/sources b/sources
index f3c183f..db8a81e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-37b636c3ce51c9c50ebe45aa01b6bb9b serefpolicy-3.2.3.tgz
+cef1db667a75f7bcc53d3541c01a4a2d serefpolicy-3.2.4.tgz