diff -ru policy/domains/program/unused/rpcd.te ./domains/program/unused/rpcd.te
--- policy/domains/program/unused/rpcd.te	2004-06-17 15:10:40.000000000 +1000
+++ ./domains/program/unused/rpcd.te	2004-07-08 13:15:55.000000000 +1000
@@ -51,6 +51,8 @@
 
 ifdef(`rpm.te', `
 allow rpcd_t self:capability { chown dac_override setgid setuid };
+# for /etc/rc.d/init.d/nfs to create /etc/exports
+allow initrc_t etc_t:file rw_file_perms;
 ')
 
 allow rpcd_t self:file { getattr read };
diff -ru policy/domains/program/unused/rpm.te ./domains/program/unused/rpm.te
--- policy/domains/program/unused/rpm.te	2004-07-08 13:09:34.000000000 +1000
+++ ./domains/program/unused/rpm.te	2004-07-08 13:11:32.000000000 +1000
@@ -69,6 +69,9 @@
 # for a bug in rm
 dontaudit initrc_t pidfile:file write;
 
+# bash tries to access a block device in the initrd
+dontaudit initrc_t unlabeled_t:blk_file getattr;
+
 # bash tries ioctl for some reason
 dontaudit initrc_t pidfile:file ioctl;
 
@@ -93,7 +96,9 @@
 allow rpm_t sysfs_t:filesystem getattr;
 allow rpm_t tmpfs_t:filesystem getattr;
 dontaudit rpm_t domain:{ socket unix_dgram_socket udp_socket unix_stream_socket tcp_socket fifo_file rawip_socket packet_socket } getattr;
-allow rpm_t fs_type:dir getattr;
+# needs rw permission to the directory for an rpm package that includes a mount
+# point
+allow rpm_t fs_type:dir { setattr rw_dir_perms };
 allow rpm_t fs_type:filesystem getattr;
 
 # allow compiling and loading new policy