diff --git a/Changelog b/Changelog
index 6ab7f07..c4d42c8 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Fixes for RHEL4 from the CLIP project.
 - Replace the old lrrd fc entries with munin ones.
 - Move program admin template usage out of userdom_admin_user_template() to
   sysadm policy in userdomain.te to fix usage of the template for third
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 4b05a15..86f393b 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -380,11 +380,12 @@ template(`ssh_per_role_template',`
 		nis_use_ypbind($1_ssh_agent_t)
 	')
 
-	ifdef(`TODO',`
-	ifdef(`xdm.te',`
-	can_pipe_xdm($1_ssh_agent_t)
+	optional_policy(`
+		xserver_use_xdm_fds($1_ssh_agent_t)
+		xserver_rw_xdm_pipes($1_ssh_agent_t)
 	')
 
+	ifdef(`TODO',`
 	dontaudit $1_ssh_agent_t proc_t:{ lnk_file file } { getattr read };
 	') dnl endif TODO
 
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index dfd94db..5fff856 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
 
-policy_module(ssh,1.6.0)
+policy_module(ssh,1.6.1)
 
 ########################################
 #
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index be0217a..3a26997 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(authlogin,1.6.0)
+policy_module(authlogin,1.6.1)
 
 ########################################
 #
@@ -244,6 +244,7 @@ optional_policy(`
 
 optional_policy(`
 	xserver_read_xdm_pid(pam_console_t)
+	xserver_use_xdm_fds(pam_t)
 ')
 
 ########################################
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
index 40535ed..9ab1d39 100644
--- a/policy/modules/system/hotplug.te
+++ b/policy/modules/system/hotplug.te
@@ -1,5 +1,5 @@
 
-policy_module(hotplug,1.5.0)
+policy_module(hotplug,1.5.1)
 
 ########################################
 #
@@ -127,10 +127,10 @@ ifdef(`distro_redhat', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_ttys(hotplug_t)
 	term_dontaudit_use_generic_ptys(hotplug_t)
+')
 
-	optional_policy(`
-		consoletype_exec(hotplug_t)
-	')
+optional_policy(`
+	consoletype_exec(hotplug_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index af854cb..333cf8f 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1088,7 +1088,7 @@ interface(`init_rw_script_tmp_files',`
 	')
 
 	files_search_tmp($1)
-	allow $1 initrc_tmp_t:file rw_file_perms;
+	rw_files_pattern($1,initrc_tmp_t,initrc_tmp_t)
 ')
 
 ########################################
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 2ac1eb3..c0c0b99 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init,1.6.0)
+policy_module(init,1.6.1)
 
 gen_require(`
 	class passwd rootok;