diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
index 41487e7..7c09093 100644
--- a/policy/modules/apps/slocate.te
+++ b/policy/modules/apps/slocate.te
@@ -39,11 +39,13 @@ dev_getattr_all_chr_files(locate_t)
 
 files_list_all(locate_t)
 files_getattr_all_files(locate_t)
+files_getattr_all_sockets(locate_t)
 files_read_etc_runtime_files(locate_t)
 files_read_etc_files(locate_t)
 
 fs_getattr_all_fs(locate_t)
-fs_getattr_all_dirs(locate_t)
+fs_getattr_all_files(locate_t)
+fs_list_all(locate_t)
 
 libs_use_shared_libs(locate_t)
 libs_use_ld_so(locate_t)
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index fde29f6..4406a42 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -278,6 +278,25 @@ interface(`term_setattr_console',`
 
 ########################################
 ## <summary>
+##	Relabel from and to the console type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_relabel_console',`
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 console_device_t:chr_file { relabelfrom relabelto };
+')
+
+########################################
+## <summary>
 ##	Create the console device (/dev/console).
 ## </summary>
 ## <param name="domain">
@@ -1052,7 +1071,7 @@ interface(`term_write_all_user_ttys',`
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file { getattr write };
+	allow $1 ttynode:chr_file { getattr write append };
 ')
 
 ########################################
diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te
index 34bc07e..4612cf0 100644
--- a/policy/modules/services/arpwatch.te
+++ b/policy/modules/services/arpwatch.te
@@ -28,7 +28,6 @@ dontaudit arpwatch_t self:capability sys_tty_config;
 allow arpwatch_t self:process signal_perms;
 allow arpwatch_t self:unix_dgram_socket create_socket_perms;
 allow arpwatch_t self:unix_stream_socket create_stream_socket_perms;
-allow arpwatch_t self:netlink_route_socket r_netlink_socket_perms;
 allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
 allow arpwatch_t self:udp_socket create_socket_perms;
 allow arpwatch_t self:packet_socket create_socket_perms;
@@ -71,6 +70,8 @@ files_read_etc_files(arpwatch_t)
 files_read_usr_files(arpwatch_t)
 files_search_var_lib(arpwatch_t)
 
+auth_use_nsswitch(arpwatch_t)
+
 libs_use_ld_so(arpwatch_t)
 libs_use_shared_libs(arpwatch_t)
 
@@ -78,8 +79,6 @@ logging_send_syslog_msg(arpwatch_t)
 
 miscfiles_read_localization(arpwatch_t)
 
-sysnet_read_config(arpwatch_t)
-
 userdom_dontaudit_use_unpriv_user_fds(arpwatch_t)
 userdom_dontaudit_search_sysadm_home_dirs(arpwatch_t)
 
@@ -92,14 +91,6 @@ ifdef(`targeted_policy',`
 ')
 
 optional_policy(`
-	nis_use_ypbind(arpwatch_t)
-')
-
-optional_policy(`
-	corecmd_search_bin(arpwatch_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(arpwatch_t)
 ')
 
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index 27d6129..6cf2f98 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -18,7 +18,7 @@ files_pid_file(avahi_var_run_t)
 # Local policy
 #
 
-allow avahi_t self:capability { dac_override setgid chown kill setuid sys_chroot };
+allow avahi_t self:capability { dac_override setgid chown fowner kill setuid sys_chroot };
 dontaudit avahi_t self:capability sys_tty_config;
 allow avahi_t self:process { setrlimit signal_perms setcap };
 allow avahi_t self:fifo_file { read write };
@@ -75,8 +75,6 @@ logging_send_syslog_msg(avahi_t)
 
 miscfiles_read_localization(avahi_t)
 
-sysnet_read_config(avahi_t)
-
 userdom_dontaudit_use_unpriv_user_fds(avahi_t)
 userdom_dontaudit_search_sysadm_home_dirs(avahi_t)
 
diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te
index df62800..95936e5 100644
--- a/policy/modules/services/cyrus.te
+++ b/policy/modules/services/cyrus.te
@@ -145,6 +145,7 @@ optional_policy(`
 
 optional_policy(`
 	snmp_read_snmp_var_lib_files(cyrus_t)
+	snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if
index e7344da..eb26d54 100644
--- a/policy/modules/services/mailman.if
+++ b/policy/modules/services/mailman.if
@@ -255,6 +255,24 @@ interface(`mailman_read_data_symlinks',`
 
 #######################################
 ## <summary>
+##	Append to mailman logs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`mailman_append_log',`
+	gen_require(`
+		type mailman_log_t;
+	')
+
+	append_files_pattern($1,mailman_log_t,mailman_log_t)
+')
+
+#######################################
+## <summary>
 ##	Create, read, write, and delete
 ##	mailman logs.
 ## </summary>
diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if
index 5aa9107..dfb48ea 100644
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@@ -60,6 +60,25 @@ interface(`networkmanager_rw_routing_sockets',`
 
 ########################################
 ## <summary>
+##	Execute NetworkManager with a domain transition. 
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`networkmanager_domtrans',`
+	gen_require(`
+		type NetworkManager_t, NetworkManager_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1,NetworkManager_exec_t,NetworkManager_t)
+')
+
+########################################
+## <summary>
 ##	Send and receive messages from
 ##	NetworkManager over dbus.
 ## </summary>