--- nsaserefpolicy/policy/modules/admin/usermanage.if	2007-01-02 12:57:51.000000000 -0500
+++ serefpolicy-2.5.8/policy/modules/admin/usermanage.if	2007-03-07 15:06:39.000000000 -0500
@@ -69,6 +69,7 @@
 	files_search_usr($1)
 	corecmd_search_sbin($1)
 	domtrans_pattern($1,groupadd_exec_t,groupadd_t)
+	nscd_run(groupadd_t, $2, $3);
 ')
 
 ########################################
@@ -206,6 +207,7 @@
 	usermanage_domtrans_admin_passwd($1)
 	role $2 types sysadm_passwd_t;
 	allow sysadm_passwd_t $3:chr_file rw_term_perms;
+	nscd_run(sysadm_passwd_t, $2, $3);
 ')
 
 ########################################
@@ -258,6 +260,7 @@
 	usermanage_domtrans_useradd($1)
 	role $2 types useradd_t;
 	allow useradd_t $3:chr_file rw_term_perms;
+	nscd_run(useradd_t, $2, $3);
 ')
 
 ########################################
--- nsaserefpolicy/policy/modules/services/nscd.if	2007-01-02 12:57:43.000000000 -0500
+++ serefpolicy-2.5.8/policy/modules/services/nscd.if	2007-03-06 14:13:31.000000000 -0500
@@ -173,3 +173,35 @@
 
 	allow $1 nscd_t:nscd *;
 ')
+
+########################################
+## <summary>
+##	Execute nscd in the nscd domain, and
+##	allow the specified role the nscd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the nscd domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the terminal allow the nscd domain to use.
+##	</summary>
+## </param>
+#
+interface(`nscd_run',`
+	gen_require(`
+		type nscd_t;
+	')
+
+	nscd_domtrans($1)
+	role $2 types nscd_t;
+	dontaudit nscd_t $3:chr_file rw_term_perms;
+')
+
--- nsaserefpolicy/policy/modules/admin/usermanage.te	2007-01-02 12:57:43.000000000 -0500
+++ serefpolicy-2.5.8/policy/modules/admin/usermanage.te	2007-03-06 14:13:31.000000000 -0500
@@ -257,10 +257,6 @@
 ')
 
 optional_policy(`
-	nscd_domtrans(groupadd_t)
-')
-
-optional_policy(`
 	rpm_use_fds(groupadd_t)
 	rpm_rw_pipes(groupadd_t)
 ')
@@ -444,7 +440,6 @@
 ')
 
 optional_policy(`
-	nscd_domtrans(sysadm_passwd_t)
 	nscd_socket_use(sysadm_passwd_t)
 ')
 
@@ -540,10 +535,6 @@
 ')
 
 optional_policy(`
-	nscd_domtrans(useradd_t)
-')
-
-optional_policy(`
 	rpm_use_fds(useradd_t)
 	rpm_rw_pipes(useradd_t)
 ')