diff --git a/policy/modules/admin/amanda.if b/policy/modules/admin/amanda.if
index aa9d193..649099f 100644
--- a/policy/modules/admin/amanda.if
+++ b/policy/modules/admin/amanda.if
@@ -141,3 +141,23 @@ interface(`amanda_append_log_files',`
allow $1 amanda_log_t:file { read_file_perms append_file_perms };
')
+
+#######################################
+##
+## Search amanda var library directories.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+#
+interface(`amanda_search_var_lib',`
+ gen_require(`
+ type amanda_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ allow $1 amanda_var_lib_t:dir search_dir_perms;
+
+')
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index 38eda34..9c9a23f 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -1,5 +1,5 @@
-policy_module(amanda,1.7.0)
+policy_module(amanda,1.7.1)
#######################################
#
@@ -74,7 +74,6 @@ allow amanda_t self:unix_stream_socket create_stream_socket_perms;
allow amanda_t self:unix_dgram_socket create_socket_perms;
allow amanda_t self:tcp_socket create_stream_socket_perms;
allow amanda_t self:udp_socket create_socket_perms;
-allow amanda_t self:netlink_route_socket r_netlink_socket_perms;
# access to amanda_amandates_t
allow amanda_t amanda_amandates_t:file { getattr lock read write };
@@ -151,27 +150,17 @@ files_getattr_all_sockets(amanda_t)
corecmd_exec_shell(amanda_t)
corecmd_exec_bin(amanda_t)
+auth_use_nsswitch(amanda_t)
+auth_read_shadow(amanda_t)
+
libs_use_ld_so(amanda_t)
libs_use_shared_libs(amanda_t)
-sysnet_read_config(amanda_t)
-
-optional_policy(`
- auth_read_shadow(amanda_t)
-')
optional_policy(`
logging_send_syslog_msg(amanda_t)
')
-optional_policy(`
- nis_use_ypbind(amanda_t)
-')
-
-optional_policy(`
- nscd_socket_use(amanda_t)
-')
-
########################################
#
# Amanda recover local policy
@@ -228,6 +217,8 @@ files_read_etc_runtime_files(amanda_recover_t)
files_search_tmp(amanda_recover_t)
files_search_pids(amanda_recover_t)
+auth_use_nsswitch(amanda_recover_t)
+
fstools_domtrans(amanda_t)
libs_use_ld_so(amanda_recover_t)
@@ -237,14 +228,4 @@ logging_search_logs(amanda_recover_t)
miscfiles_read_localization(amanda_recover_t)
-sysnet_read_config(amanda_recover_t)
-
userdom_search_sysadm_home_content_dirs(amanda_recover_t)
-
-optional_policy(`
- nis_use_ypbind(amanda_recover_t)
-')
-
-optional_policy(`
- nscd_socket_use(amanda_recover_t)
-')
diff --git a/policy/modules/services/bind.fc b/policy/modules/services/bind.fc
index 510b2f8..a585a8a 100644
--- a/policy/modules/services/bind.fc
+++ b/policy/modules/services/bind.fc
@@ -44,5 +44,8 @@ ifdef(`distro_redhat',`
/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
/var/named/chroot/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
/var/named/chroot/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
+/var/named/chroot/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
/var/named/chroot/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0)
+/var/named/chroot/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0)
+/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
')
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index d0626fa..21636a7 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
-policy_module(bind,1.5.1)
+policy_module(bind,1.5.2)
########################################
#
@@ -66,7 +66,6 @@ allow named_t self:unix_stream_socket create_stream_socket_perms;
allow named_t self:unix_dgram_socket create_socket_perms;
allow named_t self:tcp_socket create_stream_socket_perms;
allow named_t self:udp_socket create_socket_perms;
-allow named_t self:netlink_route_socket r_netlink_socket_perms;
allow named_t dnssec_t:file { getattr read };
@@ -119,6 +118,7 @@ corenet_sendrecv_dns_server_packets(named_t)
corenet_sendrecv_dns_client_packets(named_t)
corenet_sendrecv_rndc_server_packets(named_t)
corenet_sendrecv_rndc_client_packets(named_t)
+corenet_udp_bind_all_unreserved_ports(named_t)
dev_read_sysfs(named_t)
dev_read_rand(named_t)
@@ -135,6 +135,8 @@ domain_use_interactive_fds(named_t)
files_read_etc_files(named_t)
files_read_etc_runtime_files(named_t)
+auth_use_nsswitch(named_t)
+
libs_use_ld_so(named_t)
libs_use_shared_libs(named_t)
@@ -175,6 +177,10 @@ optional_policy(`
')
optional_policy(`
+ kerberos_use(named_t)
+')
+
+optional_policy(`
# this seems like fds that arent being
# closed. these should probably be
# dontaudits instead.
@@ -184,14 +190,6 @@ optional_policy(`
')
optional_policy(`
- nis_use_ypbind(named_t)
-')
-
-optional_policy(`
- nscd_socket_use(named_t)
-')
-
-optional_policy(`
seutil_sigchld_newrole(named_t)
')