diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te
index c53035a..19295dd 100644
--- a/refpolicy/policy/modules/admin/consoletype.te
+++ b/refpolicy/policy/modules/admin/consoletype.te
@@ -26,6 +26,7 @@ allow consoletype_t self:capability sys_admin;
 allow consoletype_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
 allow consoletype_t self:fd use;
 allow consoletype_t self:fifo_file rw_file_perms;
+allow consoletype_t self:sock_file r_file_perms;
 allow consoletype_t self:unix_dgram_socket create_socket_perms;
 allow consoletype_t self:unix_stream_socket create_stream_socket_perms;
 allow consoletype_t self:unix_dgram_socket sendto;
@@ -88,6 +89,10 @@ optional_policy(`logrotate.te',`
 	logrotate_dontaudit_use_fd(consoletype_t)
 ')
 
+optional_policy(`lpd.te',`
+	lpd_read_config(consoletype_t)
+')
+
 optional_policy(`nis.te',`
 	nis_use_ypbind(consoletype_t)
 ')
diff --git a/refpolicy/policy/modules/admin/dmidecode.te b/refpolicy/policy/modules/admin/dmidecode.te
index 5f28f71..d0e23d2 100644
--- a/refpolicy/policy/modules/admin/dmidecode.te
+++ b/refpolicy/policy/modules/admin/dmidecode.te
@@ -29,3 +29,8 @@ files_list_usr(dmidecode_t)
 
 libs_use_ld_so(dmidecode_t)
 libs_use_shared_libs(dmidecode_t)
+
+ifdef(`targeted_policy',`
+	term_use_generic_pty(dmidecode_t)
+	term_use_unallocated_tty(dmidecode_t)
+')
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index 7534083..f0f5807 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -79,7 +79,7 @@ files_manage_var_dirs(firstboot_t)
 files_manage_var_files(firstboot_t)
 files_manage_var_symlinks(firstboot_t)
 
-init_read_script(firstboot_t)
+init_domtrans_script(firstboot_t)
 init_rw_script_pid(firstboot_t)
 
 libs_use_ld_so(firstboot_t)
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index c6f5225..aa11b47 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -2170,7 +2170,7 @@ interface(`dev_unconfined',`
 	')
 
 	allow $1 device_node:devfile_class_set *;
-	allow $1 mtrr_device_t:file *;
+	allow $1 mtrr_device_t:{ dir file } *;
 
 	allow $1 self:capability sys_rawio;
 	typeattribute $1 memory_raw_write, memory_raw_read;
diff --git a/refpolicy/policy/modules/kernel/terminal.te b/refpolicy/policy/modules/kernel/terminal.te
index 05c7d8d..699028d 100644
--- a/refpolicy/policy/modules/kernel/terminal.te
+++ b/refpolicy/policy/modules/kernel/terminal.te
@@ -27,6 +27,8 @@ dev_node(console_device_t)
 #
 type devpts_t;
 files_mountpoint(devpts_t)
+fs_associate_tmpfs(devpts_t)
+files_associate_tmp(devpts_t)
 fs_type(devpts_t)
 fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);
 
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 7601de6..af421ec 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -60,7 +60,7 @@ allow bluetooth_t bluetooth_conf_rw_t:file create_file_perms;
 allow bluetooth_t bluetooth_conf_rw_t:lnk_file create_lnk_perms;
 allow bluetooth_t bluetooth_conf_rw_t:sock_file create_file_perms;
 allow bluetooth_t bluetooth_conf_rw_t:fifo_file create_file_perms;
-type_transition bluetooth_t bluetooth_conf_t:{ file lnk_file sock_file fifo_file } bluetooth_conf_rw_t;
+type_transition bluetooth_t bluetooth_conf_t:{ dir file lnk_file sock_file fifo_file } bluetooth_conf_rw_t;
 
 domain_auto_trans(bluetooth_t, bluetooth_helper_exec_t, bluetooth_helper_t)
 allow bluetooth_t bluetooth_helper_t:fd use;
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 58e53b8..57eb700 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -29,12 +29,14 @@ allow comsat_t self:fifo_file rw_file_perms;
 allow comsat_t self:{ lnk_file file } { getattr read };
 allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
 allow comsat_t self:tcp_socket connected_stream_socket_perms;
+allow comsat_t self:udp_socket connected_socket_perms;
 
 allow comsat_t comsat_tmp_t:dir create_dir_perms;
 allow comsat_t comsat_tmp_t:file create_file_perms;
 files_create_tmp_files(comsat_t, comsat_tmp_t, { file dir })
 
 allow comsat_t comsat_var_run_t:file create_file_perms;
+allow comsat_t comsat_var_run_t:dir rw_dir_perms;
 files_create_pid(comsat_t,comsat_var_run_t)
 
 kernel_read_kernel_sysctl(comsat_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 4513ef3..9baa6dd 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -105,7 +105,8 @@ logging_create_log(cupsd_t,cupsd_log_t,{ file dir })
 
 allow cupsd_t cupsd_tmp_t:dir create_dir_perms;
 allow cupsd_t cupsd_tmp_t:file create_file_perms;
-files_create_tmp_files(cupsd_t, cupsd_tmp_t, { file dir })
+allow cupsd_t cupsd_tmp_t:fifo_file create_file_perms;
+files_create_tmp_files(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
 
 allow cupsd_t cupsd_var_run_t:file create_file_perms;
 allow cupsd_t cupsd_var_run_t:dir rw_dir_perms;
@@ -504,10 +505,12 @@ allow hplip_t devpts_t:chr_file { getattr ioctl };
 #
 
 allow cupsd_config_t self:capability { chown sys_tty_config };
+dontaudit cupsd_config_t self:capability sys_tty_config;
 allow cupsd_config_t self:process signal_perms;
 allow cupsd_config_t self:fifo_file rw_file_perms;
 allow cupsd_config_t self:unix_stream_socket create_socket_perms;
 allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
+allow cupsd_config_t self:tcp_socket create_socket_perms;
 
 allow cupsd_config_t cupsd_t:tcp_socket { connectto recvfrom };
 allow cupsd_t cupsd_config_t:tcp_socket { acceptfrom recvfrom };
@@ -569,6 +572,8 @@ corecmd_exec_shell(cupsd_config_t)
 domain_use_wide_inherit_fd(cupsd_config_t)
 
 files_read_usr_files(cupsd_config_t)
+files_read_etc_files(cupsd_config_t)
+files_read_etc_runtime_files(cupsd_config_t)
 
 init_use_fd(cupsd_config_t)
 init_use_script_pty(cupsd_config_t)
@@ -687,6 +692,7 @@ ifdef(`targeted_policy', `
 allow cupsd_lpd_t self:process signal_perms;
 allow cupsd_lpd_t self:fifo_file rw_file_perms;
 allow cupsd_lpd_t self:tcp_socket connected_stream_socket_perms;
+allow cupsd_lpd_t self:udp_socket create_socket_perms;
 
 # for identd
 # cjp: this should probably only be inetd_child rules?
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index 3143e28..d2338c1 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -41,6 +41,7 @@ allow cvs_t cvs_tmp_t:file create_file_perms;
 files_create_tmp_files(cvs_t, cvs_tmp_t, { file dir })
 
 allow cvs_t cvs_var_run_t:file create_file_perms;
+allow cvs_t cvs_var_run_t:dir rw_dir_perms;
 files_create_pid(cvs_t,cvs_var_run_t)
 
 kernel_read_kernel_sysctl(cvs_t)
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index 38aead8..14c0787 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -30,6 +30,7 @@ allow cyrus_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit ex
 allow cyrus_t self:process setrlimit;
 allow cyrus_t self:fd use;
 allow cyrus_t self:fifo_file rw_file_perms;
+allow cyrus_t self:sock_file r_file_perms;
 allow cyrus_t self:shm create_shm_perms;
 allow cyrus_t self:sem create_sem_perms;
 allow cyrus_t self:msgq create_msgq_perms;
@@ -90,6 +91,7 @@ files_read_etc_files(cyrus_t)
 files_read_etc_runtime_files(cyrus_t)
 
 init_use_fd(cyrus_t)
+init_use_script_pty(cyrus_t)
 
 libs_use_ld_so(cyrus_t)
 libs_use_shared_libs(cyrus_t)
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index 5c5403e..96c3388 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -25,6 +25,7 @@ files_pid_file(dbskkd_var_run_t)
 allow dbskkd_t self:process signal_perms;
 allow dbskkd_t self:fifo_file rw_file_perms;
 allow dbskkd_t self:tcp_socket connected_stream_socket_perms;
+allow dbskkd_t self:udp_socket create_socket_perms;
 
 # for identd
 # cjp: this should probably only be inetd_child rules?
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index 83ec8c5..af8f877 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -132,6 +132,10 @@ optional_policy(`nscd.te',`
 	nscd_use_socket(system_dbusd_t)
 ')
 
+optional_policy(`sysnetwork.te',`
+	sysnet_domtrans_dhcpc(system_dbusd_t)
+')
+
 optional_policy(`udev.te', `
 	udev_read_db(system_dbusd_t)
 ')
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index d738e10..8fab93b 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -48,6 +48,7 @@ allow dhcpd_t dhcpd_tmp_t:file create_file_perms;
 files_create_tmp_files(dhcpd_t, dhcpd_tmp_t, { file dir })
 
 allow dhcpd_t dhcpd_var_run_t:file create_file_perms;
+allow dhcpd_t dhcpd_var_run_t:dir rw_dir_perms;
 files_create_pid(dhcpd_t,dhcpd_var_run_t)
 
 kernel_read_system_state(dhcpd_t)
@@ -122,6 +123,10 @@ optional_policy(`mount.te',`
 	mount_send_nfs_client_request(dhcpd_t)
 ')
 
+optional_policy(`netutils.te',`
+	netutils_domtrans(dhcpd_t)
+')
+
 optional_policy(`nis.te',`
 	nis_use_ypbind(dhcpd_t)
 ')
diff --git a/refpolicy/policy/modules/services/dictd.te b/refpolicy/policy/modules/services/dictd.te
index ba4f132..4cb2e39 100644
--- a/refpolicy/policy/modules/services/dictd.te
+++ b/refpolicy/policy/modules/services/dictd.te
@@ -8,7 +8,7 @@ policy_module(dictd,1.0)
 
 type dictd_t;
 type dictd_exec_t;
-init_daemon_domain(dictd_t,dictd_exec_t)
+init_system_domain(dictd_t,dictd_exec_t)
 
 type dictd_etc_t;
 files_config_file(dictd_etc_t)
@@ -25,6 +25,8 @@ allow dictd_t self:capability { setuid setgid };
 dontaudit dictd_t self:capability sys_tty_config;
 allow dictd_t self:process { signal_perms setpgid };
 allow dictd_t self:unix_stream_socket create_stream_socket_perms;
+allow dictd_t self:tcp_socket create_stream_socket_perms;
+allow dictd_t self:udp_socket create_socket_perms;
 
 allow dictd_t dictd_etc_t:file r_file_perms;
 files_search_etc(dictd_t)
@@ -74,6 +76,8 @@ logging_send_syslog_msg(dictd_t)
 
 miscfiles_read_localization(dictd_t)
 
+sysnet_read_config(dictd_t)
+
 userdom_dontaudit_use_unpriv_user_fd(dictd_t)
 
 ifdef(`targeted_policy',`
@@ -86,6 +90,10 @@ optional_policy(`nis.te',`
 	nis_use_ypbind(dictd_t)
 ')
 
+optional_policy(`nscd.te',`
+	nscd_use_socket(dictd_t)
+')
+
 optional_policy(`selinuxutil.te',`
 	seutil_sigchld_newrole(dictd_t)
 ')
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 1bc3da6..b8d10eb 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -159,8 +159,9 @@ optional_policy(`rhgb.te',`
 # Use capabilities. Surplus capabilities may be allowed.
 allow krb5kdc_t self:capability { setuid setgid net_admin chown fowner dac_override sys_nice };
 dontaudit krb5kdc_t self:capability sys_tty_config;
-allow krb5kdc_t self:tcp_socket connected_stream_socket_perms;
 allow krb5kdc_t self:netlink_route_socket r_netlink_socket_perms;
+allow krb5kdc_t self:tcp_socket connected_stream_socket_perms;
+allow krb5kdc_t self:udp_socket create_socket_perms;
 
 allow krb5kdc_t krb5_conf_t:file r_file_perms;
 dontaudit krb5kdc_t krb5_conf_t:file write;
@@ -181,7 +182,8 @@ allow krb5kdc_t krb5kdc_tmp_t:dir create_dir_perms;
 allow krb5kdc_t krb5kdc_tmp_t:file create_file_perms;
 files_create_tmp_files(krb5kdc_t, krb5kdc_tmp_t, { file dir })
 
-allow krb5kdc_t krb5kdc_var_run_t:file { getattr create read write append setattr unlink };
+allow krb5kdc_t krb5kdc_var_run_t:file create_file_perms;
+allow krb5kdc_t krb5kdc_var_run_t:dir rw_dir_perms;
 files_create_pid(krb5kdc_t,krb5kdc_var_run_t)
 
 kernel_read_system_state(krb5kdc_t)
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index e9dbcb4..d9ff6ed 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -79,6 +79,7 @@ dev_append_printer(checkpc_t)
 # This is less desirable, but checkpc demands /bin/bash and /bin/chown:
 corecmd_exec_shell(checkpc_t)
 corecmd_exec_bin(checkpc_t)
+corecmd_search_sbin(checkpc_t)
 
 domain_use_wide_inherit_fd(checkpc_t)
 
@@ -94,6 +95,11 @@ libs_use_shared_libs(checkpc_t)
 
 sysnet_read_config(checkpc_t)
 
+ifdef(`targeted_policy',`
+	term_use_generic_pty(checkpc_t)
+	term_use_unallocated_tty(checkpc_t)
+')
+
 optional_policy(`cron.te',`
 	cron_system_entry(checkpc_t,checkpc_exec_t)
 ')
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index ee7cda2..7c2b7ea 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -38,10 +38,12 @@ files_pid_file(getty_var_run_t)
 
 # Use capabilities.
 allow getty_t self:capability { dac_override chown sys_resource sys_tty_config fowner fsetid };
+dontaudit getty_t self:capability sys_tty_config;
 allow getty_t self:process { getpgid getsession signal_perms };
 
 allow getty_t getty_etc_t:dir r_dir_perms;
 allow getty_t getty_etc_t:file r_file_perms;
+allow getty_t getty_etc_t:lnk_file { getattr read };
 files_create_etc_config(getty_t,getty_etc_t,{ file dir })
 
 allow getty_t getty_lock_t:file create_file_perms;
@@ -58,8 +60,12 @@ allow getty_t getty_var_run_t:file create_file_perms;
 allow getty_t getty_var_run_t:dir rw_dir_perms;
 files_create_pid(getty_t,getty_var_run_t)
 
+kernel_list_proc(getty_t)
+kernel_read_proc_symlinks(getty_t)
+
 dev_read_sysfs(getty_t)
 
+fs_search_auto_mountpoints(getty_t)
 # for error condition handling
 fs_getattr_xattr_fs(getty_t)
 
@@ -69,6 +75,7 @@ term_use_unallocated_tty(getty_t)
 term_setattr_all_user_ttys(getty_t)
 term_setattr_unallocated_ttys(getty_t)
 term_setattr_console(getty_t)
+term_dontaudit_use_console(getty_t)
 
 auth_rw_login_records(getty_t)
 
@@ -81,6 +88,7 @@ files_read_etc_files(getty_t)
 
 init_rw_script_pid(getty_t)
 init_use_script_pty(getty_t)
+init_dontaudit_use_script_pty(getty_t)
 
 libs_use_ld_so(getty_t)
 libs_use_shared_libs(getty_t)
@@ -91,6 +99,11 @@ logging_send_syslog_msg(getty_t)
 
 miscfiles_read_localization(getty_t)
 
+ifdef(`targeted_policy',`
+	term_dontaudit_use_unallocated_tty(getty_t)
+	term_dontaudit_use_generic_pty(getty_t)
+')
+
 optional_policy(`nscd.te',`
 	nscd_use_socket(getty_t)
 ')
@@ -98,3 +111,7 @@ optional_policy(`nscd.te',`
 optional_policy(`ppp.te',`
 	ppp_domtrans(getty_t)
 ')
+
+optional_policy(`udev.te',`
+	udev_read_db(system_dbusd_t)
+')
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index c57eb21..fa44e26 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -22,6 +22,27 @@ interface(`logging_log_file',`
 
 ########################################
 ## <summary>
+##	Execute auditctl in the auditctl domain.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`logging_domtrans_auditctl',`
+	gen_require(`
+		type auditctl_t, auditctl_exec_t;
+	')
+
+	domain_auto_trans($1,auditctl_exec_t,auditctl_t)
+
+	allow $1 auditctl_t:fd use;
+	allow auditctl_t $1:fd use;
+	allow auditctl_t $1:fifo_file rw_file_perms;
+	allow auditctl_t $1:process sigchld;
+')
+
+########################################
+## <summary>
 ##	Execute syslogd in the syslog domain.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index f02503e..cfa6a2f 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -80,6 +80,11 @@ locallogin_dontaudit_use_fd(auditctl_t)
 
 logging_send_syslog_msg(auditctl_t)
 
+ifdef(`targeted_policy',`
+	term_use_generic_pty(auditctl_t)
+	term_use_unallocated_tty(auditctl_t)
+')
+
 ifdef(`TODO',`
 role secadm_r types auditctl_t;
 role sysadm_r types auditctl_t;
@@ -156,6 +161,12 @@ userdom_dontaudit_search_sysadm_home_dir(auditd_t)
 # cjp: this is questionable
 userdom_use_sysadm_tty(auditd_t)
 
+ifdef(`targeted_policy',`
+	term_dontaudit_use_generic_pty(auditd_t)
+	term_dontaudit_use_unallocated_tty(auditd_t)
+	unconfined_dontaudit_read_pipe(auditd_t)
+')
+
 optional_policy(`selinuxutil.te',`
 	seutil_sigchld_newrole(auditd_t)
 ')
diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if
index bd6cfae..501189e 100644
--- a/refpolicy/policy/modules/system/miscfiles.if
+++ b/refpolicy/policy/modules/system/miscfiles.if
@@ -37,6 +37,7 @@ interface(`miscfiles_read_fonts',`
 	# cjp: fonts can be in either of the above dirs
 	allow $1 fonts_t:dir r_dir_perms;
 	allow $1 fonts_t:file r_file_perms;
+	allow $1 fonts_t:lnk_file { getattr read };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 8951f70..913c88a 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -42,6 +42,7 @@ dev_create_dev_node(cardmgr_t,cardmgr_lnk_t,lnk_file)
 
 # Create stab file
 allow cardmgr_t cardmgr_var_lib_t:file create_file_perms;
+allow cardmgr_t cardmgr_var_lib_t:dir rw_dir_perms;
 files_create_var_lib(cardmgr_t,cardmgr_var_lib_t)
 
 allow cardmgr_t cardmgr_var_run_t:file create_file_perms;
@@ -69,6 +70,7 @@ term_dontaudit_getattr_all_user_ptys(cardmgr_t)
 
 corecmd_exec_bin(cardmgr_t)
 corecmd_exec_sbin(cardmgr_t)
+corecmd_exec_ls(cardmgr_t)
 
 domain_use_wide_inherit_fd(cardmgr_t)
 domain_exec_all_entry_files(cardmgr_t)
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 33cf4ee..b9e0700 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -141,6 +141,11 @@ libs_use_shared_libs(checkpolicy_t)
 
 userdom_use_all_user_fd(checkpolicy_t)
 
+ifdef(`targeted_policy',`
+	term_use_generic_pty(checkpolicy_t)
+	term_use_unallocated_tty(checkpolicy_t)
+')
+
 ########################################
 #
 # Load_policy local policy
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 631a5fe..bce2061 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -63,6 +63,7 @@ type_transition dhcpc_t dhcp_state_t:file dhcpc_state_t;
 
 # create pid file
 allow dhcpc_t dhcpc_var_run_t:file create_file_perms;
+allow dhcpc_t dhcpc_var_run_t:dir rw_dir_perms;
 files_create_pid(dhcpc_t,dhcpc_var_run_t)
 
 # Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
@@ -196,6 +197,7 @@ optional_policy(`hotplug.te',`
 # for the dhcp client to run ping to check IP addresses
 optional_policy(`netutils.te',`
 	netutils_domtrans_ping(dhcpc_t)
+	netutils_domtrans(dhcpc_t)
 ',`
 	allow dhcpc_t self:capability setuid;
 	allow dhcpc_t self:rawip_socket create_socket_perms;
@@ -214,7 +216,7 @@ optional_policy(`nscd.te',`
 	nscd_read_pid(dhcpc_t)
 ')
 
-optional_policy(`ntpd.te',`
+optional_policy(`ntp.te',`
 	# dhclient sometimes starts ntpd
 	init_exec_script(dhcpc_t)
 	ntp_domtrans(dhcpc_t)
@@ -319,6 +321,8 @@ logging_send_syslog_msg(ifconfig_t)
 
 miscfiles_read_localization(ifconfig_t)
 
+modutils_domtrans_insmod(ifconfig_t)
+
 seutil_use_runinit_fd(ifconfig_t)
 
 userdom_use_all_user_fd(ifconfig_t)
@@ -333,6 +337,11 @@ ifdef(`hide_broken_symptoms',`
 	')
 ')
 
+ifdef(`targeted_policy',`
+	term_use_generic_pty(ifconfig_t)
+	term_use_unallocated_tty(ifconfig_t)
+')
+
 optional_policy(`ppp.te',`
 	ppp_use_fd(ifconfig_t)
 ')
diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if
index 82d9f6e..27fafeb 100644
--- a/refpolicy/policy/modules/system/unconfined.if
+++ b/refpolicy/policy/modules/system/unconfined.if
@@ -187,6 +187,22 @@ interface(`unconfined_sigchld',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to read unconfined domain unnamed pipes.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`unconfined_dontaudit_read_pipe',`
+	gen_require(`
+		type unconfined_t;
+	')
+
+	dontaudit $1 unconfined_t:fifo_file read;
+')
+
+########################################
+## <summary>
 ##	Read and write unconfined domain unnamed pipes.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index 667cd59..748bb7a 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -36,6 +36,14 @@ ifdef(`targeted_policy',`
 	userdom_unconfined(unconfined_t)
 	userdom_priveleged_home_dir_manager(unconfined_t)
 
+	optional_policy(`logging.te',`
+		logging_domtrans_auditctl(unconfined_t)
+	')
+
+	optional_policy(`lpd.te',`
+		lpd_domtrans_checkpc(unconfined_t)
+	')
+
 	optional_policy(`modutils.te',`
 		modutils_domtrans_depmod(unconfined_t)
 		modutils_domtrans_insmod(unconfined_t)