diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 7e934e3..6bb8ea8 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -2,10 +2,13 @@
 	* Add missing parts of unix stream socket connect interface
 	  of ipsec.
 	* Rename inetd connect interface for consistency.
+	* Rename interface for purging contents of tmp, for clarity,
+	  since it allows deletion of classes other than file.
 	* Misc. cleanups.
 	* Added policies:
 		acct
 		mysql
+		tmpreaper
 
 20050802 (2 Aug 2005)
 	* Fix comparison bug in fc_sort.
diff --git a/refpolicy/policy/modules/admin/tmpreaper.fc b/refpolicy/policy/modules/admin/tmpreaper.fc
new file mode 100644
index 0000000..f0947c0
--- /dev/null
+++ b/refpolicy/policy/modules/admin/tmpreaper.fc
@@ -0,0 +1,2 @@
+/usr/sbin/tmpreaper		--	context_template(system_u:object_r:tmpreaper_exec_t,s0)
+/usr/sbin/tmpwatch		--	context_template(system_u:object_r:tmpreaper_exec_t,s0)
diff --git a/refpolicy/policy/modules/admin/tmpreaper.if b/refpolicy/policy/modules/admin/tmpreaper.if
new file mode 100644
index 0000000..5dfa8a8
--- /dev/null
+++ b/refpolicy/policy/modules/admin/tmpreaper.if
@@ -0,0 +1,19 @@
+## <summary>Manage temporary directory sizes and file ages</summary>
+
+########################################
+## <summary>
+##	Execute tmpreaper in the caller domain.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`tmpreaper_exec',`
+	gen_require(`
+		type tmpreaper_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_sbin($1)
+	can_exec($1,tmpreaper_exec_t)
+')
diff --git a/refpolicy/policy/modules/admin/tmpreaper.te b/refpolicy/policy/modules/admin/tmpreaper.te
new file mode 100644
index 0000000..a2afcf3
--- /dev/null
+++ b/refpolicy/policy/modules/admin/tmpreaper.te
@@ -0,0 +1,45 @@
+
+policy_module(tmpreaper,1.0)
+
+########################################
+#
+# Declarations
+#
+
+type tmpreaper_t;
+role system_r types tmpreaper_t;
+domain_type(tmpreaper_t)
+
+type tmpreaper_exec_t;
+domain_entry_file(tmpreaper_t,tmpreaper_exec_t)
+
+########################################
+#
+# Local Policy
+#
+
+allow tmpreaper_t self:process { fork sigchld };
+allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
+
+dev_read_urand(tmpreaper_t)
+
+fs_getattr_xattr_fs(tmpreaper_t)
+
+files_read_etc_files(tmpreaper_t)
+files_read_var_lib_files(tmpreaper_t)
+files_purge_tmp(tmpreaper_t)
+# why does it need setattr?
+files_setattr_all_tmp_dirs(tmpreaper_t)
+
+libs_use_ld_so(tmpreaper_t)
+libs_use_shared_libs(tmpreaper_t)
+
+logging_send_syslog_msg(tmpreaper_t)
+
+miscfiles_read_localization(tmpreaper_t)
+
+cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
+
+ifdef(`TODO',`
+allow tmpreaper_t { home_type file_t }:notdevfile_class_set { getattr unlink };
+')
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 6f930ea..bbf0384 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1329,7 +1329,7 @@ interface(`files_read_world_readable_sockets',`
 
 ########################################
 ## <summary>
-##	Search the tmp directory (/tmp)
+##	Search the tmp directory (/tmp).
 ## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
@@ -1345,6 +1345,23 @@ interface(`files_search_tmp',`
 ')
 
 ########################################
+## <summary>
+##	Set the attributes of all tmp directories.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`files_setattr_all_tmp_dirs',`
+	gen_require(`
+		attribute tmpfile;
+		class dir { search setattr };
+	')
+
+	allow $1 tmpfile:dir { search getattr };
+')
+
+########################################
 #
 # files_create_tmp_files(domain,private_type,[object class(es)])
 #
@@ -1365,23 +1382,17 @@ interface(`files_create_tmp_files',`
 
 ########################################
 #
-# files_delete_all_tmp_files(domain)
+# files_purge_tmp(domain)
 #
-interface(`files_delete_all_tmp_files',`
+interface(`files_purge_tmp',`
 	gen_require(`
 		attribute tmpfile;
-		class dir { getattr search read write add_name remove_name rmdir };
-		class file { getattr unlink };
-		class lnk_file { getattr unlink };
-		class fifo_file { getattr unlink };
-		class sock_file { getattr unlink };
+		class dir { rw_dir_perms rmdir };
+		gen_require_set({ getattr unlink },notdevfile_class_set)
 	')
 
-	allow $1 tmpfile:dir { getattr search read write add_name remove_name rmdir };
-	allow $1 tmpfile:file { getattr unlink };
-	allow $1 tmpfile:lnk_file { getattr unlink };
-	allow $1 tmpfile:fifo_file { getattr unlink };
-	allow $1 tmpfile:sock_file { getattr unlink };
+	allow $1 tmpfile:dir { rw_dir_perms rmdir };
+	allow $1 tmpfile:notdevfile_class_set { getattr unlink };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index f9cb5a4..41e33ca 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -269,7 +269,7 @@ files_getattr_all_files(initrc_t)
 files_getattr_all_symlinks(initrc_t)
 files_getattr_all_pipes(initrc_t)
 files_getattr_all_sockets(initrc_t)
-files_delete_all_tmp_files(initrc_t)
+files_purge_tmp(initrc_t)
 files_delete_all_locks(initrc_t)
 files_read_all_pids(initrc_t)
 files_delete_all_pids(initrc_t)