diff --git a/Changelog b/Changelog
index b9f3917..4fea4ca 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Patch for handling restart of nscd when ran from useradd, groupadd, and
+ admin passwd, from Dan Walsh.
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
- Patch for setroubleshoot for validating file contexts from Dan Walsh.
- Patch for gssd fixes from Dan Walsh.
diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if
index f71a57f..7d0a394 100644
--- a/policy/modules/admin/usermanage.if
+++ b/policy/modules/admin/usermanage.if
@@ -101,6 +101,7 @@ interface(`usermanage_run_groupadd',`
usermanage_domtrans_groupadd($1)
role $2 types groupadd_t;
allow groupadd_t $3:chr_file rw_term_perms;
+ nscd_run(groupadd_t, $2, $3)
')
########################################
@@ -206,6 +207,7 @@ interface(`usermanage_run_admin_passwd',`
usermanage_domtrans_admin_passwd($1)
role $2 types sysadm_passwd_t;
allow sysadm_passwd_t $3:chr_file rw_term_perms;
+ nscd_run(sysadm_passwd_t, $2, $3)
')
########################################
@@ -258,6 +260,7 @@ interface(`usermanage_run_useradd',`
usermanage_domtrans_useradd($1)
role $2 types useradd_t;
allow useradd_t $3:chr_file rw_term_perms;
+ nscd_run(useradd_t, $2, $3)
')
########################################
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 56705bc..9e37d63 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -1,5 +1,5 @@
-policy_module(usermanage,1.5.1)
+policy_module(usermanage,1.5.2)
########################################
#
@@ -257,10 +257,6 @@ optional_policy(`
')
optional_policy(`
- nscd_domtrans(groupadd_t)
-')
-
-optional_policy(`
rpm_use_fds(groupadd_t)
rpm_rw_pipes(groupadd_t)
')
@@ -444,7 +440,6 @@ optional_policy(`
')
optional_policy(`
- nscd_domtrans(sysadm_passwd_t)
nscd_socket_use(sysadm_passwd_t)
')
@@ -540,10 +535,6 @@ optional_policy(`
')
optional_policy(`
- nscd_domtrans(useradd_t)
-')
-
-optional_policy(`
rpm_use_fds(useradd_t)
rpm_rw_pipes(useradd_t)
')
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
index edeb217..80d8f6d 100644
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@@ -173,3 +173,34 @@ interface(`nscd_unconfined',`
allow $1 nscd_t:nscd *;
')
+
+########################################
+##
+## Execute nscd in the nscd domain, and
+## allow the specified role the nscd domain.
+##
+##
+##
+## Domain allowed access
+##
+##
+##
+##
+## The role to be allowed the nscd domain.
+##
+##
+##
+##
+## The type of the role's terminal.
+##
+##
+#
+interface(`nscd_run',`
+ gen_require(`
+ type nscd_t;
+ ')
+
+ nscd_domtrans($1)
+ role $2 types nscd_t;
+ dontaudit nscd_t $3:chr_file rw_term_perms;
+')
diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te
index fe31de3..50652cc 100644
--- a/policy/modules/services/nscd.te
+++ b/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
-policy_module(nscd,1.3.1)
+policy_module(nscd,1.3.2)
gen_require(`
class nscd all_nscd_perms;