diff --git a/refpolicy/policy/modules/system/hostname.if b/refpolicy/policy/modules/system/hostname.if
new file mode 100644
index 0000000..97cdf4e
--- /dev/null
+++ b/refpolicy/policy/modules/system/hostname.if
@@ -0,0 +1,33 @@
+# Copyright (C) 2005 Tresys Technology, LLC
+
+#######################################
+#
+# hostname_transition(domain)
+#
+define(`hostname_transition',`
+requires_block_template(`$0'_depend)
+allow $1 hostname_exec_t:file { getattr read execute };
+allow $1 hostname_t:process transition;
+type_transition $1 hostname_exec_t:file hostname_t;
+dontaudit $1 hostname_t:process { noatsecure siginh rlimitinh };
+')
+
+define(`hostname_transition_depend',`
+type hostname_t, hostname_exec_t;
+class file { getattr read execute };
+class process { transition noatsecure siginh rlimitinh };
+')
+
+#######################################
+#
+# hostname_execute(domain)
+#
+define(`hostname_execute',`
+requires_block_template(`$0'_depend)
+allow $1 hostname_exec_t:file { getattr read execute execute_no_trans };
+')
+
+define(`hostname_execute_depend',`
+type hostname_exec_t;
+class file { getattr read execute execute_no_trans };
+')
diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te
new file mode 100644
index 0000000..a529979
--- /dev/null
+++ b/refpolicy/policy/modules/system/hostname.te
@@ -0,0 +1,103 @@
+# Copyright (C) 2005 Tresys Technology, LLC
+
+policy_module(hostname,1.0)
+
+########################################
+#
+# Declarations
+#
+
+type hostname_t;
+type hostname_exec_t;
+domain_make_system_domain(hostname_t,hostname_exec_t)
+role system_r types hostname_t;
+
+
+########################################
+#
+# Local policy
+#
+
+# for setting the hostname
+allow hostname_t self:process { sigchld sigkill sigstop signull signal };
+
+allow hostname_t self:capability sys_admin;
+dontaudit hostname_t self:capability sys_tty_config;
+
+sysnetwork_read_network_config(hostname_t)
+
+kernel_read_kernel_sysctl(hostname_t)
+kernel_read_hardware_state(hostname_t)
+kernel_ignore_use_file_descriptors(hostname_t)
+
+devices_discard_data_stream(hostname_t)
+
+files_read_general_system_config(hostname_t)
+files_ignore_search_system_state_data_directory(hostname_t)
+filesystem_get_persistent_filesystem_attributes(hostname_t)
+
+terminal_ignore_use_console(hostname_t)
+terminal_use_all_users_physical_terminals(hostname_t)
+
+init_use_file_descriptors(hostname_t)
+init_script_use_pseudoterminal(hostname_t)
+
+domain_use_widely_inheritable_file_descriptors(hostname_t)
+
+libraries_use_dynamic_loader(hostname_t)
+libraries_read_shared_libraries(hostname_t)
+
+logging_send_system_log_message(hostname_t)
+
+miscfiles_read_localization(hostname_t)
+
+tunable_policy(`targeted_policy', `
+terminal_ignore_use_general_physical_terminal(hostname_t)
+terminal_ignore_use_general_pseudoterminal(hostname_t)
+files_ignore_read_rootfs_file(hostname_t)
+')dnl end targeted_policy tunable
+
+optional_policy(`udev.te', `
+udev_read_database(hostname_t)
+')
+
+optional_policy(`selinux.te',`
+selinux_newrole_sigchld(hostname_t)
+')
+
+
+ifdef(`TODO',`
+
+##daemon_base_domain(hostname, , nosysadm)
+##must remembe to go back and take care of the nosysadm part
+allow hostname_t proc_t:dir { read getattr lock search ioctl };
+allow hostname_t proc_t:lnk_file read;
+
+optional_policy(`rhgb.te', `
+allow hostname_t rhgb_t:process sigchld;
+allow hostname_t rhgb_t:fd use;
+allow hostname_t rhgb_t:fifo_file { read write };
+')
+
+allow hostname_t null_device_t:chr_file { read getattr lock ioctl };
+dontaudit hostname_t unpriv_userdomain:fd use;
+allow hostname_t autofs_t:dir { search getattr };
+##end daemon_base_domain
+
+##can_resolve(hostname_t)
+ifdef(`use_dns',`
+base_can_network(hostname_t, udp, `dns_port_t')
+allow hostname_t self:udp_socket { connect };
+')
+##end can_resolve
+
+allow hostname_t userdomain:fd use;
+
+# for when /usr is not mounted
+dontaudit hostname_t file_t:dir search;
+
+tunable_policy(`distro_redhat', `
+allow hostname_t tmpfs_t:chr_file { ioctl read getattr lock write append };
+')
+
+') dnl end TODO