--- nsaserefpolicy/policy/modules/services/sasl.te	2007-03-20 23:38:13.000000000 -0400
+++ serefpolicy-2.5.10/policy/modules/services/sasl.te	2007-03-22 15:06:59.000000000 -0400
@@ -10,6 +10,9 @@
 type saslauthd_exec_t;
 init_daemon_domain(saslauthd_t,saslauthd_exec_t)
 
+type saslauthd_tmp_t;
+files_tmp_file(saslauthd_tmp_t)
+
 type saslauthd_var_run_t;
 files_pid_file(saslauthd_var_run_t)
 
@@ -26,6 +29,10 @@
 allow saslauthd_t self:unix_stream_socket create_stream_socket_perms;
 allow saslauthd_t self:tcp_socket create_socket_perms;
 
+manage_files_pattern(saslauthd_t,saslauthd_tmp_t,saslauthd_tmp_t)
+allow saslauthd_t saslauthd_tmp_t:dir setattr;
+files_tmp_filetrans(saslauthd_t,saslauthd_tmp_t,file)
+
 manage_files_pattern(saslauthd_t,saslauthd_var_run_t,saslauthd_var_run_t)
 manage_sock_files_pattern(saslauthd_t,saslauthd_var_run_t,saslauthd_var_run_t)
 files_pid_filetrans(saslauthd_t,saslauthd_var_run_t,file)
@@ -89,6 +96,10 @@
 ')
 
 optional_policy(`
+	kerberos_read_keytab(saslauthd_t)
+')
+
+optional_policy(`
 	mysql_search_db(saslauthd_t)
 	mysql_stream_connect(saslauthd_t)
 ')