diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te
index 62b7b38..5421065 100644
--- a/policy/modules/admin/dmesg.te
+++ b/policy/modules/admin/dmesg.te
@@ -50,7 +50,7 @@ userdom_dontaudit_use_unpriv_user_fds(dmesg_t)
 userdom_use_user_terminals(dmesg_t)
 
 optional_policy(`
-	abrt_append_cache_files(dmesg_t)
+	abrt_cache_append(dmesg_t)
 	abrt_rw_fifo_file(dmesg_t)
 	abrt_manage_pid_files(dmesg_t)
 ')
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index f7d7c05..23ef05f 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -139,7 +139,7 @@ ifdef(`distro_debian', `
 ')
 
 optional_policy(`
-	abrt_manage_cache_files(logrotate_t)
+	abrt_cache_manage(logrotate_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/apps/kdumpgui.if b/policy/modules/apps/kdumpgui.if
index 2b56a87..d6af9b0 100644
--- a/policy/modules/apps/kdumpgui.if
+++ b/policy/modules/apps/kdumpgui.if
@@ -1,2 +1,2 @@
-
 ## <summary>system-config-kdump GUI</summary>
+
diff --git a/policy/modules/apps/livecd.te b/policy/modules/apps/livecd.te
index 87b571b..47a193c 100644
--- a/policy/modules/apps/livecd.te
+++ b/policy/modules/apps/livecd.te
@@ -20,7 +20,6 @@ files_tmp_file(livecd_tmp_t)
 
 dontaudit livecd_t self:capability2 mac_admin;
 
-unconfined_domain_noaudit(livecd_t)
 domain_ptrace_all_domains(livecd_t)
 
 manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
@@ -28,6 +27,9 @@ manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
 files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file })
 
 optional_policy(`
-	hal_dbus_chat(livecd_t)
+	unconfined_domain_noaudit(livecd_t)
 ')
 
+optional_policy(`
+	hal_dbus_chat(livecd_t)
+')
diff --git a/policy/modules/apps/mono.if b/policy/modules/apps/mono.if
index e82faff..9c9e6c1 100644
--- a/policy/modules/apps/mono.if
+++ b/policy/modules/apps/mono.if
@@ -43,13 +43,14 @@ template(`mono_role_template',`
 	allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack };
 	allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
 
-	userdom_unpriv_usertype($1, $1_mono_t)
-	userdom_manage_tmpfs_role($2, $1_mono_t)
-
 	domtrans_pattern($3, mono_exec_t, $1_mono_t)
 
 	fs_dontaudit_rw_tmpfs_files($1_mono_t)
 	corecmd_bin_domtrans($1_mono_t, $1_t)
+
+	userdom_unpriv_usertype($1, $1_mono_t)
+	userdom_manage_tmpfs_role($2, $1_mono_t)
+
 	ifdef(`hide_broken_symptoms', `
 		dontaudit $1_t $1_mono_t:socket_class_set { read write };
 	')
diff --git a/policy/modules/apps/sambagui.if b/policy/modules/apps/sambagui.if
index 6b8383d..b31ed10 100644
--- a/policy/modules/apps/sambagui.if
+++ b/policy/modules/apps/sambagui.if
@@ -1,3 +1,2 @@
 ## <summary>system-config-samba dbus service policy</summary>
 
-
diff --git a/policy/modules/apps/sambagui.te b/policy/modules/apps/sambagui.te
index e667c4d..26bb71c 100644
--- a/policy/modules/apps/sambagui.te
+++ b/policy/modules/apps/sambagui.te
@@ -1,4 +1,4 @@
-policy_module(sambagui,1.0.0)
+policy_module(sambagui, 1.0.0)
 
 ########################################
 #
@@ -14,29 +14,22 @@ dbus_system_domain(sambagui_t, sambagui_exec_t)
 # system-config-samba local policy
 #
 
-allow sambagui_t self:capability dac_override;  
+allow sambagui_t self:capability dac_override;
 allow sambagui_t self:fifo_file rw_fifo_file_perms;
 allow sambagui_t self:unix_dgram_socket create_socket_perms;
 
-# handling with samba conf files
-samba_append_log(sambagui_t)
-samba_manage_config(sambagui_t)
-samba_manage_var_files(sambagui_t)
-samba_read_secrets(sambagui_t)
-samba_initrc_domtrans(sambagui_t)
-samba_domtrans_smbd(sambagui_t)
-samba_domtrans_nmbd(sambagui_t)
+# read meminfo
+kernel_read_system_state(sambagui_t)
 
 # execut apps of system-config-samba
 corecmd_exec_shell(sambagui_t)
 corecmd_exec_bin(sambagui_t)
 
+dev_dontaudit_read_urand(sambagui_t)
+
 files_read_etc_files(sambagui_t)
-files_read_usr_files(sambagui_t)
 files_search_var_lib(sambagui_t)
-
-# reading shadow by pdbedit
-#auth_read_shadow(sambagui_t)
+files_read_usr_files(sambagui_t)
 
 auth_use_nsswitch(sambagui_t)
 
@@ -44,14 +37,18 @@ logging_send_syslog_msg(sambagui_t)
 
 miscfiles_read_localization(sambagui_t)
 
-# read meminfo
-kernel_read_system_state(sambagui_t)
-
-dev_dontaudit_read_urand(sambagui_t)
 nscd_dontaudit_search_pid(sambagui_t)
 
 userdom_dontaudit_search_admin_dir(sambagui_t)
 
+# handling with samba conf files
+samba_append_log(sambagui_t)
+samba_manage_config(sambagui_t)
+samba_manage_var_files(sambagui_t)
+samba_read_secrets(sambagui_t)
+samba_initrc_domtrans(sambagui_t)
+samba_domtrans_smbd(sambagui_t)
+samba_domtrans_nmbd(sambagui_t)
 
 optional_policy(`
 	consoletype_exec(sambagui_t)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ef14126..8779f43 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -5310,6 +5310,25 @@ interface(`files_getattr_generic_locks',`
 
 ########################################
 ## <summary>
+##	Delete generic lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_delete_generic_locks',`
+       gen_require(`
+               type var_t, var_lock_t;
+       ')
+
+       allow $1 var_t:dir search_dir_perms;
+       delete_files_pattern($1, var_lock_t, var_lock_t)
+')
+
+########################################
+## <summary>
 ##	Create, read, write, and delete generic
 ##	lock files.
 ## </summary>
diff --git a/policy/modules/roles/dbadm.te b/policy/modules/roles/dbadm.te
index 2ddeb70..a3ddd43 100644
--- a/policy/modules/roles/dbadm.te
+++ b/policy/modules/roles/dbadm.te
@@ -5,6 +5,20 @@ policy_module(dbadm, 1.0.0)
 # Declarations
 #
 
+## <desc>
+## <p>
+## Allow dbadm to manage files in users home directories
+## </p>
+## </desc>
+gen_tunable(dbadm_manage_user_files, false)
+
+## <desc>
+## <p>
+## Allow dbadm to read files in users home directories
+## </p>
+## </desc>
+gen_tunable(dbadm_read_user_files, false)
+
 role dbadm_r;
 
 userdom_unpriv_user_template(dbadm)
@@ -14,17 +28,35 @@ userdom_unpriv_user_template(dbadm)
 # database admin local policy
 #
 
-optional_policy(`
-	mysql_admin(dbadm_t, dbadm_r)
+allow dbadm_t self:capability { dac_override dac_read_search sys_ptrace };
+
+files_dontaudit_search_all_dirs(dbadm_t)
+files_delete_generic_locks(dbadm_t)
+files_list_var(dbadm_t)
+
+selinux_get_enforce_mode(dbadm_t)
+
+logging_send_syslog_msg(dbadm_t)
+
+userdom_dontaudit_search_user_home_dirs(dbadm_t)
+
+tunable_policy(`dbadm_manage_user_files',`
+	userdom_manage_user_home_content_files(dbadm_t)
+	userdom_read_user_tmp_files(dbadm_t)
+	userdom_write_user_tmp_files(dbadm_t)
+')
+
+tunable_policy(`dbadm_read_user_files',`
+	userdom_read_user_home_content_files(dbadm_t)
+	userdom_read_user_tmp_files(dbadm_t)
 ')
 
 optional_policy(`
-	postgresql_admin(dbadm_t, dbadm_r)
+	mysql_admin(dbadm_t, dbadm_r)
 ')
 
-# For starting up daemon processes
 optional_policy(`
-	su_role_template(dbadm, dbadm_r, dbadm_t)
+	postgresql_admin(dbadm_t, dbadm_r)
 ')
 
 optional_policy(`
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 303d72a..fabc1a0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -22,14 +22,29 @@ kernel_read_ring_buffer(staff_usertype)
 kernel_getattr_core_if(staff_usertype)
 kernel_getattr_message_if(staff_usertype)
 kernel_read_software_raid_state(staff_usertype)
+kernel_read_fs_sysctls(staff_usertype)
+
+domain_read_all_domains_state(staff_usertype)
+domain_getattr_all_domains(staff_usertype)
+domain_obj_id_change_exemption(staff_t)
+
+files_read_kernel_modules(staff_usertype)
+
+seutil_read_module_store(staff_t)
+seutil_run_newrole(staff_t, staff_r)
+
+term_use_unallocated_ttys(staff_usertype)
 
 auth_domtrans_pam_console(staff_t)
 
 init_dbus_chat(staff_t)
 init_dbus_chat_script(staff_t)
 
-seutil_read_module_store(staff_t)
-seutil_run_newrole(staff_t, staff_r)
+miscfiles_read_hwdata(staff_usertype)
+
+modutils_read_module_config(staff_usertype)
+modutils_read_module_deps(staff_usertype)
+
 netutils_run_ping(staff_t, staff_r)
 netutils_signal_ping(staff_t)
 
@@ -41,208 +56,184 @@ optional_policy(`
 	mozilla_run_plugin(staff_t, staff_r)
 ')
 
-ifndef(`distro_redhat',`
-
-optional_policy(`
-	auth_role(staff_r, staff_t)
-')
-')
-
 optional_policy(`
 	auditadm_role_change(staff_r)
 ')
 
 optional_policy(`
-	kerneloops_manage_tmp_files(staff_t)
+	dbadm_role_change(staff_r)
 ')
 
 optional_policy(`
 	logadm_role_change(staff_r)
 ')
 
-ifndef(`distro_redhat',`
 optional_policy(`
-	bluetooth_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	cdrecord_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	cron_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	dbus_role_template(staff, staff_r, staff_t)
-')
-
-optional_policy(`
-	evolution_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	games_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	gift_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	gnome_role(staff_r, staff_t)
+	webadm_role_change(staff_r)
 ')
 
 optional_policy(`
-	gpg_role(staff_r, staff_t)
+	kerneloops_manage_tmp_files(staff_t)
 ')
 
 optional_policy(`
-	irc_role(staff_r, staff_t)
+	postgresql_role(staff_r, staff_t)
 ')
 
 optional_policy(`
-	java_role(staff_r, staff_t)
+	secadm_role_change(staff_r)
 ')
 
 optional_policy(`
-	lockdev_role(staff_r, staff_t)
+	unconfined_role_change(staff_r)
 ')
 
 optional_policy(`
-	lpd_role(staff_r, staff_t)
+	rtkit_scheduled(staff_t)
 ')
 
 optional_policy(`
-	mozilla_role(staff_r, staff_t)
+	screen_role_template(staff, staff_r, staff_t)
 ')
 
 optional_policy(`
-	mplayer_role(staff_r, staff_t)
+	ssh_role_template(staff, staff_r, staff_t)
 ')
 
 optional_policy(`
-	mta_role(staff_r, staff_t)
+	sudo_role_template(staff, staff_r, staff_t)
 ')
 
 optional_policy(`
-	oident_manage_user_content(staff_t)
-	oident_relabel_user_content(staff_t)
-')
+	sysadm_role_change(staff_r)
+	userdom_dontaudit_use_user_terminals(staff_t)
 ')
 
 optional_policy(`
-	postgresql_role(staff_r, staff_t)
+	telepathy_dbus_session_role(staff_r, staff_t)
 ')
 
 optional_policy(`
-	rtkit_scheduled(staff_t)
+	xserver_role(staff_r, staff_t)
 ')
 
 ifndef(`distro_redhat',`
-optional_policy(`
-	pyzor_role(staff_r, staff_t)
-')
-
-optional_policy(`
-	razor_role(staff_r, staff_t)
-')
+	optional_policy(`
+		auth_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
+		bluetooth_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
+		cdrecord_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
+		cron_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
+		dbus_role_template(staff, staff_r, staff_t)
+	')
 
-optional_policy(`
-	rssh_role(staff_r, staff_t)
-')
+	optional_policy(`
+		evolution_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	screen_role_template(staff, staff_r, staff_t)
-')
-')
+	optional_policy(`
+		games_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	secadm_role_change(staff_r)
-')
+	optional_policy(`
+		gift_role(staff_r, staff_t)
+	')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	spamassassin_role(staff_r, staff_t)
-')
-')
+	optional_policy(`
+		gnome_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	ssh_role_template(staff, staff_r, staff_t)
-')
+	optional_policy(`
+		gpg_role(staff_r, staff_t)
+	')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	su_role_template(staff, staff_r, staff_t)
-')
-')
+	optional_policy(`
+		irc_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	sudo_role_template(staff, staff_r, staff_t)
-')
+	optional_policy(`
+		java_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	sysadm_role_change(staff_r)
-	userdom_dontaudit_use_user_terminals(staff_t)
-')
+	optional_policy(`
+		lockdev_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	telepathy_dbus_session_role(staff_r, staff_t)
-')
+	optional_policy(`
+		lpd_role(staff_r, staff_t)
+	')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	thunderbird_role(staff_r, staff_t)
-')
+	optional_policy(`
+		mozilla_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	tvtime_role(staff_r, staff_t)
-')
+	optional_policy(`
+		mplayer_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	uml_role(staff_r, staff_t)
-')
+	optional_policy(`
+		mta_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	userhelper_role_template(staff, staff_r, staff_t)
-')
+	optional_policy(`
+		oident_manage_user_content(staff_t)
+		oident_relabel_user_content(staff_t)
+	')
+	optional_policy(`
+		pyzor_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	vmware_role(staff_r, staff_t)
-')
+	optional_policy(`
+		razor_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	wireshark_role(staff_r, staff_t)
-')
+	optional_policy(`
+		rssh_role(staff_r, staff_t)
+	')
 
-')
-
-optional_policy(`
-	unconfined_role_change(staff_r)
-')
-
-optional_policy(`
-	webadm_role_change(staff_r)
-')
+	optional_policy(`
+		spamassassin_role(staff_r, staff_t)
+	')
 
-optional_policy(`
-	xserver_role(staff_r, staff_t)
-')
+	optional_policy(`
+		su_role_template(staff, staff_r, staff_t)
+	')
 
-domain_read_all_domains_state(staff_usertype)
-domain_getattr_all_domains(staff_usertype)
-domain_obj_id_change_exemption(staff_t)
+	optional_policy(`
+		thunderbird_role(staff_r, staff_t)
+	')
 
-files_read_kernel_modules(staff_usertype)
+	optional_policy(`
+		tvtime_role(staff_r, staff_t)
+	')
 
-kernel_read_fs_sysctls(staff_usertype)
+	optional_policy(`
+		uml_role(staff_r, staff_t)
+	')
 
-modutils_read_module_config(staff_usertype)
-modutils_read_module_deps(staff_usertype)
+	optional_policy(`
+		userhelper_role_template(staff, staff_r, staff_t)
+	')
 
-miscfiles_read_hwdata(staff_usertype)
+	optional_policy(`
+		vmware_role(staff_r, staff_t)
+	')
 
-term_use_unallocated_ttys(staff_usertype)
+	optional_policy(`
+		wireshark_role(staff_r, staff_t)
+	')
+')
 
 optional_policy(`
 	accountsd_dbus_chat(staff_t)
@@ -274,10 +265,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	screen_role_template(staff, staff_r, staff_t)
-')
-
-optional_policy(`
 	setroubleshoot_stream_connect(staff_t)
 	setroubleshoot_dbus_chat(staff_t)
 	setroubleshoot_dbus_chat_fixit(staff_t)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index cf17ed1..1a95085 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -24,11 +24,14 @@ ifndef(`enable_mls',`
 #
 # Local policy
 #
+kernel_read_fs_sysctls(sysadm_t)
 
 corecmd_exec_shell(sysadm_t)
 
 domain_dontaudit_read_all_domains_state(sysadm_t)
 
+files_read_kernel_modules(sysadm_t)
+
 mls_process_read_up(sysadm_t)
 mls_file_read_to_clearance(sysadm_t)
 mls_process_write_to_clearance(sysadm_t)
@@ -42,6 +45,11 @@ application_exec(sysadm_t)
 init_exec(sysadm_t)
 init_exec_script_files(sysadm_t)
 init_dbus_chat(sysadm_t)
+init_script_role_transition(sysadm_r)
+
+modutils_read_module_deps(sysadm_t)
+
+miscfiles_read_hwdata(sysadm_t)
 
 # Add/remove user home directories
 userdom_manage_user_home_dirs(sysadm_t)
@@ -83,9 +91,6 @@ optional_policy(`
 	apache_run_helper(sysadm_t, sysadm_r)
 	#apache_run_all_scripts(sysadm_t, sysadm_r)
 	#apache_domtrans_sys_script(sysadm_t)
-	ifndef(`distro_redhat',`
-		apache_role(sysadm_r, sysadm_t)
-	')
 ')
 
 optional_policy(`
@@ -101,12 +106,6 @@ optional_policy(`
 	auditadm_role_change(sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	auth_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	backup_run(sysadm_t, sysadm_r)
 ')
@@ -115,22 +114,10 @@ optional_policy(`
 	bind_run_ndc(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	bluetooth_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	bootloader_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	cdrecord_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	certmonger_dbus_chat(sysadm_t)
 ')
@@ -151,16 +138,6 @@ optional_policy(`
 	consoletype_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	cron_admin_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	dbus_role_template(sysadm, sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
     daemonstools_run_start(sysadm_t, sysadm_r)
 ')
@@ -187,12 +164,6 @@ optional_policy(`
 	dpkg_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	evolution_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	firstboot_run(sysadm_t, sysadm_r)
 ')
@@ -201,24 +172,6 @@ optional_policy(`
 	fstools_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	games_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	gift_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	gnome_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	gpg_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	hostname_run(sysadm_t, sysadm_r)
 ')
@@ -248,16 +201,6 @@ optional_policy(`
 	kerberos_exec_kadmind(sysadm_t)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	irc_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	java_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	kudzu_run(sysadm_t, sysadm_r)
 ')
@@ -266,12 +209,6 @@ optional_policy(`
 	libs_run_ldconfig(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	lockdev_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	logrotate_run(sysadm_t, sysadm_r)
 ')
@@ -296,16 +233,6 @@ optional_policy(`
 	mount_run_showmount(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	mozilla_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	mplayer_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	mta_role(sysadm_r, sysadm_t)
 ')
@@ -359,12 +286,6 @@ optional_policy(`
 	prelink_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	pyzor_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	quota_run(sysadm_t, sysadm_r)
 ')
@@ -373,12 +294,6 @@ optional_policy(`
 	raid_domtrans_mdadm(sysadm_t)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	razor_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	rpc_domtrans_nfsd(sysadm_t)
 ')
@@ -387,11 +302,6 @@ optional_policy(`
 	rpm_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	rssh_role(sysadm_r, sysadm_t)
-')
-')
 
 optional_policy(`
 	rsync_exec(sysadm_t)
@@ -419,11 +329,6 @@ optional_policy(`
 	shutdown_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	spamassassin_role(sysadm_r, sysadm_t)
-')
-')
 
 optional_policy(`
 	ssh_role_template(sysadm, sysadm_r, sysadm_t)
@@ -446,12 +351,6 @@ optional_policy(`
 	sysnet_run_dhcpc(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	thunderbird_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	tripwire_run_siggen(sysadm_t, sysadm_r)
 	tripwire_run_tripwire(sysadm_t, sysadm_r)
@@ -459,22 +358,10 @@ optional_policy(`
 	tripwire_run_twprint(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	tvtime_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	tzdata_domtrans(sysadm_t)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	uml_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	unconfined_domtrans(sysadm_t)
 ')
@@ -487,23 +374,12 @@ optional_policy(`
 	usbmodules_run(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	userhelper_role_template(sysadm, sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
 	usermanage_run_groupadd(sysadm_t, sysadm_r)
 	usermanage_run_useradd(sysadm_t, sysadm_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	vmware_role(sysadm_r, sysadm_t)
-')
-')
 
 optional_policy(`
 	vpn_run(sysadm_t, sysadm_r)
@@ -521,16 +397,6 @@ optional_policy(`
 	virt_stream_connect(sysadm_t)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	wireshark_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	xserver_role(sysadm_r, sysadm_t)
-')
-')
-
 optional_policy(`
 	yam_run(sysadm_t, sysadm_r)
 ')
@@ -539,9 +405,111 @@ optional_policy(`
 	zebra_stream_connect(sysadm_t)
 ')
 
-init_script_role_transition(sysadm_r)
+ifndef(`distro_redhat',`
+	optional_policy(`
+		apache_role(sysadm_r, sysadm_t)
+	')
+	optional_policy(`
+		auth_role(sysadm_r, sysadm_t)
+	')
 
-files_read_kernel_modules(sysadm_t)
-kernel_read_fs_sysctls(sysadm_t)
-modutils_read_module_deps(sysadm_t)
-miscfiles_read_hwdata(sysadm_t)
+	optional_policy(`
+		bluetooth_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		cdrecord_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		cron_admin_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		dbus_role_template(sysadm, sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		evolution_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		games_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		gift_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		gnome_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		gpg_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		irc_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		java_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		lockdev_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		mozilla_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		mplayer_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		pyzor_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		razor_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		rssh_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		spamassassin_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		thunderbird_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		tvtime_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		uml_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		userhelper_role_template(sysadm, sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		vmware_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		wireshark_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		xserver_role(sysadm_r, sysadm_t)
+	')
+')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 579825e..aac3fe1 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -22,97 +22,6 @@ optional_policy(`
 	mozilla_run_plugin(user_t, user_r)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	auth_role(user_r, user_t)
-')
-
-optional_policy(`
-	bluetooth_role(user_r, user_t)
-')
-
-optional_policy(`
-	cdrecord_role(user_r, user_t)
-')
-
-optional_policy(`
-	cron_role(user_r, user_t)
-')
-
-optional_policy(`
-	dbus_role_template(user, user_r, user_t)
-')
-
-optional_policy(`
-	evolution_role(user_r, user_t)
-')
-
-optional_policy(`
-	games_role(user_r, user_t)
-')
-
-optional_policy(`
-	gift_role(user_r, user_t)
-')
-
-optional_policy(`
-	gnome_role(user_r, user_t)
-')
-
-optional_policy(`
-	gpg_role(user_r, user_t)
-')
-
-optional_policy(`
-	irc_role(user_r, user_t)
-')
-
-optional_policy(`
-	java_role(user_r, user_t)
-')
-
-optional_policy(`
-	lockdev_role(user_r, user_t)
-')
-
-optional_policy(`
-	lpd_role(user_r, user_t)
-')
-
-optional_policy(`
-	mozilla_role(user_r, user_t)
-')
-
-optional_policy(`
-	mplayer_role(user_r, user_t)
-')
-
-optional_policy(`
-	mta_role(user_r, user_t)
-')
-
-optional_policy(`
-	oident_manage_user_content(user_t)
-	oident_relabel_user_content(user_t)
-')
-
-optional_policy(`
-	postgresql_role(user_r, user_t)
-')
-
-optional_policy(`
-	pyzor_role(user_r, user_t)
-')
-
-optional_policy(`
-	razor_role(user_r, user_t)
-')
-
-optional_policy(`
-	rssh_role(user_r, user_t)
-')
-')
-
 optional_policy(`
 	rpm_dontaudit_dbus_chat(user_t)
 ')
@@ -133,49 +42,6 @@ optional_policy(`
 	telepathy_dbus_session_role(user_r, user_t)
 ')
 
-ifndef(`distro_redhat',`
-optional_policy(`
-	spamassassin_role(user_r, user_t)
-')
-
-optional_policy(`
-	ssh_role_template(user, user_r, user_t)
-')
-
-optional_policy(`
-	su_role_template(user, user_r, user_t)
-')
-
-optional_policy(`
-	sudo_role_template(user, user_r, user_t)
-')
-
-optional_policy(`
-	thunderbird_role(user_r, user_t)
-')
-
-optional_policy(`
-	tvtime_role(user_r, user_t)
-')
-
-optional_policy(`
-	uml_role(user_r, user_t)
-')
-
-optional_policy(`
-	userhelper_role_template(user, user_r, user_t)
-')
-
-optional_policy(`
-	vmware_role(user_r, user_t)
-')
-
-optional_policy(`
-	wireshark_role(user_r, user_t)
-')
-
-')
-
 optional_policy(`
 	setroubleshoot_dontaudit_stream_connect(user_t)
 ')
@@ -183,3 +49,134 @@ optional_policy(`
 optional_policy(`
 	xserver_role(user_r, user_t)
 ')
+
+ifndef(`distro_redhat',`
+	optional_policy(`
+		auth_role(user_r, user_t)
+	')		
+
+	optional_policy(`
+		bluetooth_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		cdrecord_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		cron_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		dbus_role_template(user, user_r, user_t)
+	')
+		
+	optional_policy(`
+		evolution_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		games_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		gift_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		gnome_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		gpg_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		irc_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		java_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		lockdev_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		lpd_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		mozilla_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		mplayer_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		mta_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		oident_manage_user_content(user_t)
+		oident_relabel_user_content(user_t)
+	')
+	
+	optional_policy(`
+		postgresql_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		pyzor_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		razor_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		rssh_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		spamassassin_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		ssh_role_template(user, user_r, user_t)
+	')
+
+	optional_policy(`
+		su_role_template(user, user_r, user_t)
+	')
+
+	optional_policy(`
+		sudo_role_template(user, user_r, user_t)
+	')
+
+	optional_policy(`
+		thunderbird_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		tvtime_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		uml_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		userhelper_role_template(user, user_r, user_t)
+	')
+
+	optional_policy(`
+		vmware_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		wireshark_role(user_r, user_t)
+	')
+')
diff --git a/policy/modules/services/abrt.if b/policy/modules/services/abrt.if
index 8f99d78..8a5d6a4 100644
--- a/policy/modules/services/abrt.if
+++ b/policy/modules/services/abrt.if
@@ -131,9 +131,9 @@ interface(`abrt_domtrans_helper',`
 
 	domtrans_pattern($1, abrt_helper_exec_t, abrt_helper_t)
 
-ifdef(`hide_broken_symptoms', `
-	dontaudit abrt_helper_t $1:socket_class_set { read write };
-')
+	ifdef(`hide_broken_symptoms', `
+		dontaudit abrt_helper_t $1:socket_class_set { read write };
+	')
 ')
 
 ########################################
@@ -172,7 +172,7 @@ interface(`abrt_run_helper',`
 ##	</summary>
 ## </param>
 #
-interface(`abrt_append_cache_files',`
+interface(`abrt_cache_append',`
 	gen_require(`
 		type abrt_var_cache_t;
 	')
@@ -190,7 +190,7 @@ interface(`abrt_append_cache_files',`
 ##	</summary>
 ## </param>
 #
-interface(`abrt_manage_cache_files',`
+interface(`abrt_cache_manage',`
 	gen_require(`
 		type abrt_var_cache_t;
 	')
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 61d50b8..08ec94f 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -638,7 +638,7 @@ optional_policy(`
 optional_policy(`
 	cobbler_list_config(httpd_t)
 	cobbler_read_config(httpd_t)
-	cobbler_read_content(httpd_t)
+	cobbler_read_lib_files(httpd_t)
 
 	tunable_policy(`httpd_can_network_connect_cobbler',`
 		corenet_tcp_connect_cobbler_port(httpd_t)
diff --git a/policy/modules/services/cobbler.fc b/policy/modules/services/cobbler.fc
index 2419401..5f40c92 100644
--- a/policy/modules/services/cobbler.fc
+++ b/policy/modules/services/cobbler.fc
@@ -5,28 +5,28 @@
 
 /usr/bin/cobblerd				--      gen_context(system_u:object_r:cobblerd_exec_t,s0)
 
-/var/lib/cobbler(/.*)?					gen_context(system_u:object_r:cobbler_content_t,s0)
-
-/var/lib/tftpboot/etc(/.*)?				gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/images(/.*)?                        	gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/memdisk			--      gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/menu\.c32			--      gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/ppc(/.*)?				gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/pxelinux\.0			--	gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/pxelinux\.cfg(/.*)?			gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/s390x(/.*)?				gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/lib/tftpboot/yaboot			--      gen_context(system_u:object_r:cobbler_content_t,s0)
+/var/lib/cobbler(/.*)?					gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+
+/var/lib/tftpboot/etc(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/images(/.*)?                        	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/memdisk			--      gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/menu\.c32			--      gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/ppc(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/pxelinux\.0			--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/pxelinux\.cfg(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/s390x(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/yaboot			--      gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 
 /var/log/cobbler(/.*)?					gen_context(system_u:object_r:cobbler_var_log_t,s0)
 
 # This should removable when cobbler package installs /var/www/cobbler/rendered
-/var/www/cobbler(/.*)?					gen_context(system_u:object_r:httpd_cobbler_content_t,s0)
-
-/var/www/cobbler/images(/.*)?				gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/www/cobbler/ks_mirror(/.*)?			gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/www/cobbler/links(/.*)?				gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/www/cobbler/localmirror(/.*)?			gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/www/cobbler/pub(/.*)?				gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/www/cobbler/rendered(/.*)?				gen_context(system_u:object_r:cobbler_content_t,s0)
-/var/www/cobbler/repo_mirror(/.*)?			gen_context(system_u:object_r:cobbler_content_t,s0)
+/var/www/cobbler(/.*)?					gen_context(system_u:object_r:httpd_cobbler_var_lib_t,s0)
+
+/var/www/cobbler/images(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/www/cobbler/ks_mirror(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/www/cobbler/links(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/www/cobbler/localmirror(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/www/cobbler/pub(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/www/cobbler/rendered(/.*)?				gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/www/cobbler/repo_mirror(/.*)?			gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
index 823021a..cde1fc2 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -1,4 +1,14 @@
 ## <summary>Cobbler installation server.</summary>
+## <desc>
+##	<p>
+##		Cobbler is a Linux installation server that allows for
+##		rapid setup of network installation environments. It
+##		glues together and automates many associated Linux
+##		tasks so you do not have to hop between lots of various
+##		commands and applications when rolling out new systems,
+##		and, in some cases, changing existing ones.
+##	</p>
+## </desc>
 
 ########################################
 ## <summary>
@@ -52,7 +62,7 @@ interface(`cobbler_list_config',`
 		type cobbler_etc_t;
 	')
 
-	list_dirs_pattern($1, cobbler_content_t, cobbler_content_t)
+	list_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
 	files_search_etc($1)
 ')
 
@@ -77,7 +87,7 @@ interface(`cobbler_read_config',`
 
 ########################################
 ## <summary>
-##	Manage cobbler content.
+##	Search cobbler dirs in /var/lib
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -85,20 +95,19 @@ interface(`cobbler_read_config',`
 ##	</summary>
 ## </param>
 #
-interface(`cobbler_manage_content',`
+interface(`cobbler_search_lib',`
 	gen_require(`
-		type cobbler_content_t;
+		type cobbler_var_lib_t;
 	')
 
-	manage_dirs_pattern($1, cobbler_content_t, cobbler_content_t)
-	manage_files_pattern($1, cobbler_content_t, cobbler_content_t)
-	manage_lnk_files_pattern($1, cobbler_content_t, cobbler_content_t)
+	search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+	read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
 	files_search_var_lib($1)
 ')
 
 ########################################
 ## <summary>
-##	Read cobbler content.
+##	Read cobbler files in /var/lib
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -106,19 +115,19 @@ interface(`cobbler_manage_content',`
 ##	</summary>
 ## </param>
 #
-interface(`cobbler_read_content',`
+interface(`cobbler_read_lib_files',`
 	gen_require(`
-		type cobbler_content_t;
+		type cobbler_var_lib_t;
 	')
 
-	read_files_pattern($1, cobbler_content_t, cobbler_content_t)
-	read_lnk_files_pattern($1, cobbler_content_t, cobbler_content_t)
+	read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+	read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
 	files_search_var_lib($1)
 ')
 
 ########################################
 ## <summary>
-##	Search cobbler content.
+##	Manage cobbler files in /var/lib
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -126,13 +135,14 @@ interface(`cobbler_read_content',`
 ##	</summary>
 ## </param>
 #
-interface(`cobbler_search_content',`
+interface(`cobbler_manage_lib_files',`
 	gen_require(`
-		type cobbler_content_t;
+		type cobbler_var_lib_t;
 	')
 
-	search_dirs_pattern($1, cobbler_content_t, cobbler_content_t)
-	read_lnk_files_pattern($1, cobbler_content_t, cobbler_content_t)
+	manage_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+	manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+	manage_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
 	files_search_var_lib($1)
 ')
 
@@ -193,44 +203,37 @@ interface(`cobbler_dontaudit_rw_log',`
 #
 interface(`cobblerd_admin',`
 	gen_require(`
-		type cobblerd_t, cobbler_var_log_t;
-		type cobbler_etc_t, cobblerd_initrc_exec_t, cobbler_content_t;
+		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
+		type cobbler_etc_t, cobblerd_initrc_exec_t;
+		type httpd_cobbler_content_t;
+		type httpd_cobbler_content_ra_t;
+		type httpd_cobbler_content_rw_t;
 	')
 
 	allow $1 cobblerd_t:process { ptrace signal_perms getattr };
 	read_files_pattern($1, cobblerd_t, cobblerd_t)
 
-	cobblerd_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 cobblerd_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	admin_pattern($1, cobbler_etc_t)
 	files_search_etc($1)
+	admin_pattern($1, cobbler_etc_t)
 
-	admin_pattern($1, cobbler_content_t)
 	files_list_var_lib($1)
+	admin_pattern($1, cobbler_var_lib_t)
 
-	admin_pattern($1, cobbler_var_log_t)
 	logging_search_logs($1)
+	admin_pattern($1, cobbler_var_log_t)
 
-	# below may want to be removed.
-	tunable_policy(`cobbler_anon_write',`
-		miscfiles_manage_public_files($1)
-	')
-
-	optional_policy(`
-		gen_require(`
-			type httpd_cobbler_content_t;
-		')
+	apache_search_sys_content($1)
+	admin_pattern($1, httpd_cobbler_content_t)
+	admin_pattern($1, httpd_cobbler_content_ra_t)
+	admin_pattern($1, httpd_cobbler_content_rw_t)
 
-		# manage /var/www/cobbler
-		admin_pattern($1, httpd_cobbler_content_t)
-		apache_search_sys_content($1)
-	')
+	cobblerd_initrc_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 cobblerd_initrc_exec_t system_r;
+	allow $2 system_r;
 
 	optional_policy(`
-		# traverse /var/lib/tftpdir to get to cobbler_content_t there.
+		# traverse /var/lib/tftpdir to get to cobbler_var_lib_t there.
 		tftp_search_rw_content($1)
 	')
 ')
diff --git a/policy/modules/services/cobbler.te b/policy/modules/services/cobbler.te
index 76bde9b..6a6d7d7 100644
--- a/policy/modules/services/cobbler.te
+++ b/policy/modules/services/cobbler.te
@@ -1,4 +1,3 @@
-
 policy_module(cobbler, 1.1.0)
 
 ########################################
@@ -8,8 +7,8 @@ policy_module(cobbler, 1.1.0)
 
 ## <desc>
 ## <p>
-##     Allow Cobbler to modify public files
-##     used for public file transfer services.
+## Allow Cobbler to modify public files
+## used for public file transfer services.
 ## </p>
 ## </desc>
 gen_tunable(cobbler_anon_write, false)
@@ -46,21 +45,18 @@ init_script_file(cobblerd_initrc_exec_t)
 type cobbler_etc_t;
 files_config_file(cobbler_etc_t)
 
-type cobbler_content_t;
-typealias cobbler_content_t alias cobbler_var_lib_t;
-files_type(cobbler_content_t)
-
 type cobbler_var_log_t;
 logging_log_file(cobbler_var_log_t)
 
+type cobbler_var_lib_t alias cobbler_content_t;
+files_type(cobbler_var_lib_t)
+
 type cobbler_tmp_t;
 files_tmp_file(cobbler_tmp_t)
 
-# Cobbler check is not supported and is silently ignored.
-
 ########################################
 #
-# Cobbler local policy.
+# Cobbler personal policy.
 #
 
 allow cobblerd_t self:capability { chown dac_override fowner fsetid sys_nice };
@@ -76,13 +72,13 @@ allow cobblerd_t self:unix_dgram_socket create_socket_perms;
 list_dirs_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)
 read_files_pattern(cobblerd_t, cobbler_etc_t, cobbler_etc_t)
 
-# Something that runs in the cobberd_t domain tries to relabelfrom cobbler_content_t dir to httpd_sys_content_t.
-dontaudit cobblerd_t cobbler_content_t:dir relabel_dir_perms;
+# Something that runs in the cobberd_t domain tries to relabelfrom cobbler_var_lib_t dir to httpd_sys_content_t.
+dontaudit cobblerd_t cobbler_var_lib_t:dir relabel_dir_perms;
 
-manage_dirs_pattern(cobblerd_t, cobbler_content_t, cobbler_content_t)
-manage_files_pattern(cobblerd_t, cobbler_content_t, cobbler_content_t)
-manage_lnk_files_pattern(cobblerd_t, cobbler_content_t, cobbler_content_t)
-files_var_lib_filetrans(cobblerd_t, cobbler_content_t, { dir file lnk_file })
+manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+manage_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+manage_lnk_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+files_var_lib_filetrans(cobblerd_t, cobbler_var_lib_t, { dir file lnk_file })
 
 # Something really needs to write to cobbler.log. Ideally this should not be happening.
 allow cobblerd_t cobbler_var_log_t:file write;
@@ -105,13 +101,13 @@ corecmd_exec_shell(cobblerd_t)
 
 corenet_all_recvfrom_netlabel(cobblerd_t)
 corenet_all_recvfrom_unlabeled(cobblerd_t)
+corenet_sendrecv_cobbler_server_packets(cobblerd_t)
+corenet_tcp_bind_cobbler_port(cobblerd_t)
 corenet_tcp_bind_generic_node(cobblerd_t)
 corenet_tcp_sendrecv_generic_if(cobblerd_t)
 corenet_tcp_sendrecv_generic_node(cobblerd_t)
 corenet_tcp_sendrecv_generic_port(cobblerd_t)
-corenet_tcp_bind_cobbler_port(cobblerd_t)
 corenet_tcp_sendrecv_cobbler_port(cobblerd_t)
-corenet_sendrecv_cobbler_server_packets(cobblerd_t)
 # sync and rsync to ftp and http are permitted by default, for any other media use cobbler_can_network_connect.
 corenet_tcp_connect_ftp_port(cobblerd_t)
 corenet_tcp_sendrecv_ftp_port(cobblerd_t)
@@ -226,7 +222,7 @@ optional_policy(`
 	# 2. no FILES in /var/lib/TFTPDIR are hard linked.
 	# Cobbler also creates other directories in /var/lib/tftpdir (etc, s390x, ppc, pxelinux.cfg)
 	# are any of those hard linked?
-	tftp_filetrans_tftpdir(cobblerd_t, cobbler_content_t, { dir file })
+	tftp_filetrans_tftpdir(cobblerd_t, cobbler_var_lib_t, { dir file })
 ')
 
 ########################################
@@ -234,18 +230,6 @@ optional_policy(`
 # Cobbler web local policy.
 #
 
-# This should be removable when cobbler package installs /var/www/cobbler/rendered.
-optional_policy(`
-	gen_require(`
-		attribute httpdcontent;
-	')
-
-	apache_content_template(cobbler)
-	# To filetrans the /var/www/cobbler/rendered directory to cobbler_content_t.
-	# I added "file" to it for now because fenris02 reported that cobbler buildiso tried to create a file with type
-	# httpd_cobbler_content_t and i do not know where exaclty. Google reports it should be /var/www/cobbler/pub but
-	# that directory should have been labeled cobbler_content_t. 
-	filetrans_pattern(cobblerd_t, httpd_cobbler_content_t, cobbler_content_t, { dir file })
-	# Something that runs in the cobberd_t domain tries to relabelfrom cobbler_content_t dir to httpd_sys_content_t.
-	dontaudit cobblerd_t httpdcontent:dir relabel_dir_perms;
-')
+apache_content_template(cobbler)
+manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
+manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
index df4c740..a50a8a7 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -92,7 +92,7 @@ userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
 userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
 
 optional_policy(`
-	cobbler_read_content(dnsmasq_t)
+	cobbler_read_lib_files(dnsmasq_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/mojomojo.te b/policy/modules/services/mojomojo.te
index 2a26a33..ed69996 100644
--- a/policy/modules/services/mojomojo.te
+++ b/policy/modules/services/mojomojo.te
@@ -1,4 +1,4 @@
-policy_module(mojomojo, 1.0)
+policy_module(mojomojo, 1.0.0)
 
 ########################################
 #
@@ -22,20 +22,18 @@ manage_files_pattern(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, httpd_mojomo
 files_tmp_filetrans(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, { file dir })
 
 corenet_tcp_connect_postgresql_port(httpd_mojomojo_script_t)
-corenet_sendrecv_postgresql_client_packets(httpd_mojomojo_script_t)
-
 corenet_tcp_connect_mysqld_port(httpd_mojomojo_script_t)
-corenet_sendrecv_mysqld_client_packets(httpd_mojomojo_script_t)
-
 corenet_tcp_connect_smtp_port(httpd_mojomojo_script_t)
+corenet_sendrecv_postgresql_client_packets(httpd_mojomojo_script_t)
+corenet_sendrecv_mysqld_client_packets(httpd_mojomojo_script_t)
 corenet_sendrecv_smtp_client_packets(httpd_mojomojo_script_t)
 
 files_search_var_lib(httpd_mojomojo_script_t)
 
-mta_send_mail(httpd_mojomojo_script_t)
-
 sysnet_dns_name_resolve(httpd_mojomojo_script_t)
 
+mta_send_mail(httpd_mojomojo_script_t)
+
 optional_policy(`
 	mysql_stream_connect(httpd_mojomojo_script_t)
 ')
diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
index 4337b7a..66bfd1c 100644
--- a/policy/modules/services/tftp.te
+++ b/policy/modules/services/tftp.te
@@ -94,7 +94,7 @@ tunable_policy(`tftp_anon_write',`
 ')
 
 optional_policy(`
-	cobbler_read_content(tftpd_t)
+	cobbler_read_lib_files(tftpd_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index ee34938..e9bd52a 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -26,7 +26,7 @@ files_pid_file(iptables_var_run_t)
 
 allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
 dontaudit iptables_t self:capability sys_tty_config;
-allow iptables_t self:fifo_file rw_file_perms;
+allow iptables_t self:fifo_file rw_fifo_file_perms;
 allow iptables_t self:process { sigchld sigkill sigstop signull signal };
 # needed by ipvsadm
 allow iptables_t self:netlink_socket create_socket_perms;
diff --git a/support/Makefile.devel b/support/Makefile.devel
index 87be614..c5e3ef3 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -68,8 +68,8 @@ endif
 
 # default MLS/MCS sensitivity and category settings.
 MLS_SENS ?= 16
-MLS_CATS ?= 256
-MCS_CATS ?= 256
+MLS_CATS ?= 1024
+MCS_CATS ?= 1024
 
 ifeq ($(QUIET),y)
 	verbose := @