diff -ru /usr/src/se/policy/domains/program/unused/ntpd.te ./domains/program/unused/ntpd.te
--- /usr/src/se/policy/domains/program/unused/ntpd.te	2004-08-19 17:10:36.000000000 +1000
+++ ./domains/program/unused/ntpd.te	2004-08-05 13:40:26.000000000 +1000
@@ -66,5 +66,3 @@
 can_udp_send(ntpd_t, sysadm_t)
 can_udp_send(sysadm_t, ntpd_t)
 can_udp_send(ntpd_t, ntpd_t)
-
-dontaudit ntpd_t devpts_t:chr_file { read write };
diff -ru /usr/src/se/policy/domains/program/unused/portmap.te ./domains/program/unused/portmap.te
--- /usr/src/se/policy/domains/program/unused/portmap.te	2004-08-06 19:08:12.000000000 +1000
+++ ./domains/program/unused/portmap.te	2004-02-18 05:36:51.000000000 +1100
@@ -52,5 +52,3 @@
 
 # do not log when it tries to bind to a port belonging to another domain
 #dontaudit portmap_t port_type:{ tcp_socket udp_socket } name_bind;
-dontaudit portmap_t devpts_t:chr_file { read write };
-
diff -ru /usr/src/se/policy/domains/program/unused/prelink.te ./domains/program/unused/prelink.te
--- /usr/src/se/policy/domains/program/unused/prelink.te	2004-07-08 13:09:34.000000000 +1000
+++ ./domains/program/unused/prelink.te	2004-06-17 03:07:47.000000000 +1000
@@ -30,8 +30,6 @@
 allow prelink_t file_type:lnk_file r_file_perms;
 allow prelink_t file_type:file getattr;
 allow prelink_t { ifdef(`amanda.te', `amanda_usr_lib_t') admin_passwd_exec_t ifdef(`apache.te', `httpd_modules_t') ifdef(`xserver.te', `var_lib_xkb_t') ld_so_t su_exec_t shlib_t sbin_t bin_t lib_t exec_type }:file { create_file_perms execute relabelto relabelfrom };
-allow prelink_t { bin_t lib_t }:lnk_file { unlink };
-
 allow prelink_t ld_so_t:file execute_no_trans;
 
 allow prelink_t self:capability { chown dac_override fowner fsetid };
diff -ru /usr/src/se/policy/domains/program/unused/procmail.te ./domains/program/unused/procmail.te
--- /usr/src/se/policy/domains/program/unused/procmail.te	2004-07-08 13:09:34.000000000 +1000
+++ ./domains/program/unused/procmail.te	2004-05-05 05:07:47.000000000 +1000
@@ -71,4 +71,3 @@
 ifdef(`sendmail.te', `
 r_dir_file(procmail_t, etc_mail_t)
 ')
-allow procmail_t mqueue_spool_t:file { getattr read };
diff -ru /usr/src/se/policy/domains/program/unused/rpcd.te ./domains/program/unused/rpcd.te
--- /usr/src/se/policy/domains/program/unused/rpcd.te	2004-08-21 13:19:07.000000000 +1000
+++ ./domains/program/unused/rpcd.te	2004-08-21 13:22:58.000000000 +1000
@@ -24,6 +24,7 @@
 ')
 
 type exports_t, file_type, sysadmfile;
+dontaudit userdomain exports_t:file getattr;
 
 # rpcd_t is the domain of rpc daemons.
 # rpcd_exec_t is the type of rpc daemon programs.
diff -ru /usr/src/se/policy/domains/program/unused/rpm.te ./domains/program/unused/rpm.te
--- /usr/src/se/policy/domains/program/unused/rpm.te	2004-08-19 17:10:36.000000000 +1000
+++ ./domains/program/unused/rpm.te	2004-08-23 17:32:01.000000000 +1000
@@ -145,7 +144,7 @@
 can_exec_any(rpm_script_t)
 
 # Capabilties needed by rpm scripts utils
-allow rpm_script_t self:capability { chown dac_override fowner fsetid setgid setuid ipc_lock sys_chroot mknod };
+allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot mknod };
 
 # ideally we would not need this
 allow rpm_script_t { file_type - shadow_t }:dir create_dir_perms;
diff -ru /usr/src/se/policy/domains/program/unused/xdm.te ./domains/program/unused/xdm.te
--- /usr/src/se/policy/domains/program/unused/xdm.te	2004-08-19 17:10:37.000000000 +1000
+++ ./domains/program/unused/xdm.te	2004-07-08 16:05:36.000000000 +1000
@@ -106,7 +104,15 @@
 allow xdm_xserver_t xdm_tmp_t:sock_file create_file_perms;
 
 # Run helper programs.
-can_exec_any(xdm_t)
+allow xdm_t etc_t:file { getattr read };
+allow xdm_t bin_t:dir { getattr search };
+# lib_t is for running cpp
+can_exec(xdm_t, { shell_exec_t etc_t bin_t sbin_t lib_t })
+allow xdm_t { bin_t sbin_t }:lnk_file read;
+ifdef(`hostname.te', `can_exec(xdm_t, hostname_exec_t)')
+ifdef(`loadkeys.te', `can_exec(xdm_t, loadkeys_exec_t)')
+allow xdm_t xdm_xserver_t:process sigkill;
+allow xdm_t xdm_xserver_tmp_t:file unlink;
 
 # Access devices.
 allow xdm_t device_t:dir { read search };
diff -ru /usr/src/se/policy/domains/program/unused/xprint.te ./domains/program/unused/xprint.te
--- /usr/src/se/policy/domains/program/unused/xprint.te	2004-06-17 15:10:41.000000000 +1000
+++ ./domains/program/unused/xprint.te	2004-08-18 22:38:19.000000000 +1000
@@ -15,6 +15,7 @@
 allow initrc_t readable_t:dir r_dir_perms;
 allow initrc_t fonts_t:dir r_dir_perms;
 
+allow xprint_t var_lib_t:dir search;
 allow xprint_t fonts_t:dir r_dir_perms;
 allow xprint_t fonts_t:file { getattr read };
 
@@ -22,7 +23,7 @@
 can_exec(xprint_t, { bin_t sbin_t ls_exec_t shell_exec_t })
 allow xprint_t bin_t:lnk_file { getattr read };
 
-allow xprint_t tmp_t:dir search;
+allow xprint_t tmp_t:dir { getattr search };
 ifdef(`xdm.te', `
 allow xprint_t xdm_xserver_tmp_t:dir rw_dir_perms;
 allow xprint_t xdm_xserver_tmp_t:sock_file create_file_perms;
diff -ru /usr/src/se/policy/file_contexts/program/fsadm.fc ./file_contexts/program/fsadm.fc
--- /usr/src/se/policy/file_contexts/program/fsadm.fc	2004-03-27 00:46:44.000000000 +1100
+++ ./file_contexts/program/fsadm.fc	2004-08-18 15:36:04.000000000 +1000
@@ -26,6 +26,7 @@
 /sbin/blockdev		--	system_u:object_r:fsadm_exec_t
 /sbin/losetup.*		--	system_u:object_r:fsadm_exec_t
 /sbin/jfs_.*		--	system_u:object_r:fsadm_exec_t
+/sbin/lsraid		--	system_u:object_r:fsadm_exec_t
 /usr/sbin/smartctl	--	system_u:object_r:fsadm_exec_t
 /sbin/install-mbr	--	system_u:object_r:fsadm_exec_t
 /usr/bin/scsi_unique_id	--	system_u:object_r:fsadm_exec_t
diff -ru /usr/src/se/policy/file_contexts/program/initrc.fc ./file_contexts/program/initrc.fc
--- /usr/src/se/policy/file_contexts/program/initrc.fc	2004-07-15 10:22:53.000000000 +1000
+++ ./file_contexts/program/initrc.fc	2004-07-08 21:22:51.000000000 +1000
@@ -16,5 +16,3 @@
 /usr/sbin/open_init_pty	--	system_u:object_r:initrc_exec_t
 /etc/nologin.*		--	system_u:object_r:etc_runtime_t
 /etc/nohotplug		--	system_u:object_r:etc_runtime_t
-/halt                  --      system_u:object_r:etc_runtime_t
-/\.autofsck            --      system_u:object_r:etc_runtime_t
diff -ru /usr/src/se/policy/file_contexts/program/mailman.fc ./file_contexts/program/mailman.fc
--- /usr/src/se/policy/file_contexts/program/mailman.fc	2004-08-24 16:01:27.000000000 +1000
+++ ./file_contexts/program/mailman.fc	2004-08-21 13:22:58.000000000 +1000
@@ -4,6 +4,7 @@
 /usr/lib/cgi-bin/mailman/.* -- system_u:object_r:mailman_cgi_exec_t
 /usr/lib/mailman/cron/.*	-- system_u:object_r:mailman_queue_exec_t
 /usr/lib/mailman/mail/wrapper -- system_u:object_r:mailman_mail_exec_t
+/usr/lib/mailman/bin/mailmanctl -- system_u:object_r:mailman_mail_exec_t
 /usr/mailman/mail/wrapper 	-- system_u:object_r:mailman_mail_exec_t
 /var/lib/mailman(/.*)?	   system_u:object_r:mailman_data_t
 /var/lib/mailman/archives(/.*)?	system_u:object_r:mailman_archive_t
@@ -13,6 +14,8 @@
 ifdef(`distro_redhat', `
 /var/mailman/cgi-bin/.*		-- system_u:object_r:mailman_cgi_exec_t
 /var/mailman/data(/.*)?		   system_u:object_r:mailman_data_t
+/var/mailman/pythonlib(/.*)?	   system_u:object_r:mailman_data_t
+/var/mailman/Mailman(/.*)?	   system_u:object_r:mailman_data_t
 /var/mailman/locks(/.*)?	   system_u:object_r:mailman_lock_t
 /var/mailman/cron		-d system_u:object_r:bin_t
 /var/mailman/cron/.+		-- system_u:object_r:mailman_queue_exec_t
diff -ru /usr/src/se/policy/file_contexts/program/udev.fc ./file_contexts/program/udev.fc
--- /usr/src/se/policy/file_contexts/program/udev.fc	2004-08-19 17:10:44.000000000 +1000
+++ ./file_contexts/program/udev.fc	2004-08-17 13:24:19.000000000 +1000
@@ -5,5 +5,5 @@
 /usr/bin/udevinfo --	system_u:object_r:udev_exec_t
-/etc/dev.d(/.*)? 	system_u:object_r:udev_helper_exec_t
+/etc/dev\.d(/.*)? 	system_u:object_r:udev_helper_exec_t
 /etc/hotplug.d/default/udev.* system_u:object_r:udev_helper_exec_t
 /dev/udev\.tbl	--	system_u:object_r:udev_tbl_t
 /dev/\.udev\.tdb --	system_u:object_r:udev_tbl_t
diff -ru /usr/src/se/policy/file_contexts/types.fc ./file_contexts/types.fc
--- /usr/src/se/policy/file_contexts/types.fc	2004-08-24 16:01:25.000000000 +1000
+++ ./file_contexts/types.fc	2004-08-10 17:40:15.000000000 +1000
@@ -150,7 +150,6 @@
 /u?dev/ida/[^/]*	-b	system_u:object_r:fixed_disk_device_t
 /u?dev/dasd[^/]*	-b	system_u:object_r:fixed_disk_device_t
 /u?dev/flash[^/]*	-b	system_u:object_r:fixed_disk_device_t
-/u?dev/mdsp.*		-c	system_u:object_r:fixed_disk_device_t
 /u?dev/nb[^/]+		-b	system_u:object_r:fixed_disk_device_t
 /u?dev/ataraid/.*	-b	system_u:object_r:fixed_disk_device_t
 /u?dev/loop.*		-b	system_u:object_r:fixed_disk_device_t
diff -ru /usr/src/se/policy/genfs_contexts ./genfs_contexts
--- /usr/src/se/policy/genfs_contexts	2004-07-08 13:09:32.000000000 +1000
+++ ./genfs_contexts	2004-07-06 22:52:53.000000000 +1000
@@ -81,8 +82,8 @@
 genfscon ntfs /				system_u:object_r:dosfs_t
 
 # samba
-genfscon cifs /				system_u:object_r:sambafs_t
-genfscon smbfs /			system_u:object_r:sambafs_t
+genfscon cifs /				system_u:object_r:cifs_t
+genfscon smbfs /			system_u:object_r:cifs_t
 
 # nfs
 genfscon nfs /				system_u:object_r:nfs_t
diff -ru /usr/src/se/policy/macros/base_user_macros.te ./macros/base_user_macros.te
--- /usr/src/se/policy/macros/base_user_macros.te	2004-08-15 15:45:18.000000000 +1000
+++ ./macros/base_user_macros.te	2004-08-20 15:04:59.000000000 +1000
@@ -190,14 +192,9 @@
 
 # Gnome pannel binds to the following
 ifdef(`cups.te', `
-allow $1_t ipp_port_t:tcp_socket { name_bind };
 allow $1_t { cupsd_etc_t cupsd_rw_etc_t }:file { read getattr };
 ')
 
-ifdef(`use_pop', `
-allow $1_t pop_port_t:tcp_socket { name_bind };
-')
-
 # for perl
 dontaudit $1_t net_conf_t:file ioctl;