--- nsaserefpolicy/policy/modules/services/nis.te	2007-02-19 11:32:53.000000000 -0500
+++ serefpolicy-2.5.4/policy/modules/services/nis.te	2007-02-20 12:12:48.000000000 -0500
@@ -323,17 +323,18 @@
 #
 # ypxfr local policy
 #
-
+allow ypxfr_t self:unix_dgram_socket create_stream_socket_perms;
 allow ypxfr_t self:unix_stream_socket create_stream_socket_perms;
-allow ypxfr_t self:tcp_socket connected_socket_perms;
+allow ypxfr_t self:tcp_socket create_stream_socket_perms;
 allow ypxfr_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(ypxfr_t, var_yp_t, var_yp_t)
+allow ypxfr_t self:netlink_route_socket r_netlink_socket_perms;
 
 allow ypxfr_t ypserv_t:tcp_socket { read write };
 allow ypxfr_t ypserv_t:udp_socket { read write };
 
-read_files_pattern(ypxfr_t,var_yp_t,var_yp_t)
+allow ypxfr_t ypserv_conf_t:file { getattr read };
+
+manage_files_pattern(ypxfr_t, var_yp_t, var_yp_t)
 
 corenet_non_ipsec_sendrecv(ypxfr_t)
 corenet_tcp_sendrecv_all_if(ypxfr_t)
@@ -355,7 +356,18 @@
 files_read_etc_files(ypxfr_t)
 files_search_usr(ypxfr_t)
 
+init_use_fds(ypxfr_t)
+
 libs_use_shared_libs(ypxfr_t)
 libs_use_ld_so(ypxfr_t)
 
+logging_send_syslog_msg(ypxfr_t)
+
+miscfiles_read_localization(ypxfr_t)
+
 sysnet_read_config(ypxfr_t)
+
+ifdef(`targeted_policy', `
+	term_dontaudit_use_unallocated_ttys(ypxfr_t)
+	term_dontaudit_use_generic_ptys(ypxfr_t)
+')