diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index 5e97722..b7fd8de 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -206,18 +206,25 @@ template(`su_per_userdomain_template',`
 	userdom_use_user_terminals($1,$1_su_t)
 	userdom_search_user_home($1,$1_su_t)
 
-	if(secure_mode) {
-		# Only allow transitions to unprivileged user domains.
-		userdom_spec_domtrans_unpriv_users($1_su_t)
-	} else {
-		# Allow transitions to all user domains
-		userdom_spec_domtrans_all_users($1_su_t)
-	}
-
 	ifdef(`targeted_policy',`
 		corecmd_exec_bin($1_su_t)
 		userdom_manage_all_user_files($1_su_t)
 		userdom_manage_all_user_symlinks($1_su_t)
+
+		# newrole does not make any sense in
+		# the targeted policy.  This is to
+		# make sediff easier.
+		if(!secure_mode) {
+			unconfined_domtrans($1_su_t)
+		}
+	',`
+		if(secure_mode) {
+			# Only allow transitions to unprivileged user domains.
+			userdom_spec_domtrans_unpriv_users($1_su_t)
+		} else {
+			# Allow transitions to all user domains
+			userdom_spec_domtrans_all_users($1_su_t)
+		}
 	')
 
 	tunable_policy(`use_nfs_home_dirs',`
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index d537e40..69a8354 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -660,7 +660,7 @@ interface(`fs_execute_cifs_files',`
 ##	The type of the domain to not audit.
 ## </param>
 #
-interface(`fs_read_cifs_files',`
+interface(`fs_dontaudit_read_cifs_files',`
 	gen_require(`
 		type cifs_t;
 		class file { read write };
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index 315343c..9577069 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -184,6 +184,8 @@ optional_policy(`inetd.te',`
 	#	inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
 	#')
 
+	inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
+
 	optional_policy(`tcpd.te',`
 		tunable_policy(`! ftpd_is_daemon',`
 			tcpd_domtrans(tcpd_t)
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index bce4e26..982dded 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -263,13 +263,22 @@ userdom_use_unpriv_users_fd(newrole_t)
 # for some PAM modules and for cwd
 userdom_dontaudit_search_all_users_home(newrole_t)
 
-# if secure mode is enabled, then newrole
-# can only transition to unprivileged users
-if(secure_mode) {
-	userdom_spec_domtrans_unpriv_users(newrole_t)
-} else {
-	userdom_spec_domtrans_all_users(newrole_t)
-}
+ifdef(`targeted_policy',`
+	# newrole does not make any sense in
+	# the targeted policy.  This is to
+	# make sediff easier.
+	if(!secure_mode) {
+		unconfined_domtrans(newrole_t)
+	}
+',`
+	# if secure mode is enabled, then newrole
+	# can only transition to unprivileged users
+	if(secure_mode) {
+		userdom_spec_domtrans_unpriv_users(newrole_t)
+	} else {
+		userdom_spec_domtrans_all_users(newrole_t)
+	}
+')
 
 optional_policy(`nis.te',`
 	nis_use_ypbind(newrole_t)