diff -rNU3 policy-1.23.17/domains/program/unused/apache.te policy-1.23.17.kg/domains/program/unused/apache.te
--- policy-1.23.17/domains/program/unused/apache.te	2005-05-25 11:28:28.000000000 -0400
+++ policy-1.23.17.kg/domains/program/unused/apache.te	2005-06-14 09:41:49.000000000 -0400
@@ -219,6 +219,11 @@
 # Creation of lock files for apache2
 lock_domain(httpd)
 
+# connect to PostgreSQL
+postgresql_connectable_domain(httpd_t)
+postgresql_connectable_domain(httpd_php_t)
+postgresql_connectable_domain(httpd_sys_script_t)
+
 # connect to mysql
 ifdef(`mysqld.te', `
 can_unix_connect(httpd_php_t, mysqld_t)
diff -rNU3 policy-1.23.17/domains/program/unused/postgresql.te policy-1.23.17.kg/domains/program/unused/postgresql.te
--- policy-1.23.17/domains/program/unused/postgresql.te	2005-05-25 11:28:28.000000000 -0400
+++ policy-1.23.17.kg/domains/program/unused/postgresql.te	2005-06-14 09:41:36.000000000 -0400
@@ -113,13 +113,6 @@
 allow postgresql_t mail_spool_t:dir { search };
 lock_domain(postgresql)
 can_exec(postgresql_t, { shell_exec_t bin_t postgresql_exec_t ls_exec_t } )
-ifdef(`apache.te', `
-# 
-# Allow httpd to work with postgresql
-#
-allow httpd_t postgresql_tmp_t:sock_file rw_file_perms;
-can_unix_connect(httpd_t, postgresql_t)
-')
 
 ifdef(`distro_gentoo', `
 # "su - postgres ..." is called from initrc_t
diff -rNU3 policy-1.23.17/macros/program/postgresql_macros.te policy-1.23.17.kg/macros/program/postgresql_macros.te
--- policy-1.23.17/macros/program/postgresql_macros.te	1969-12-31 19:00:00.000000000 -0500
+++ policy-1.23.17.kg/macros/program/postgresql_macros.te	2005-06-14 09:41:08.000000000 -0400
@@ -0,0 +1,16 @@
+# Macros for PostgreSQL
+
+#-----------------------------------------------------
+# An Interface for a domain can connect to PostgreSQL
+#                             (via UNIX domain socket)
+# usage: postgresql_connectable_domain(DOMAIN)
+
+define(`postgresql_connectable_domain',`
+ifdef(`postgresql.te',`
+allow $1 tmp_t:dir {search getattr};
+allow $1 postgresql_tmp_t:sock_file rw_file_perms;
+can_unix_connect($1, postgresql_t)
+
+',`') dnl The End Of postgresql.te
+') dnl The End Of postgresql_connectable_domain
+