diff --git a/strict/domains/program/NetworkManager.te b/strict/domains/program/NetworkManager.te
index 1ef8916..e4efdd6 100644
--- a/strict/domains/program/NetworkManager.te
+++ b/strict/domains/program/NetworkManager.te
@@ -11,16 +11,16 @@
 # NetworkManager_t is the domain for the NetworkManager daemon. 
 # NetworkManager_exec_t is the type of the NetworkManager executable.
 #
-daemon_domain(NetworkManager, `, nscd_client_domain, privsysmod' )
+daemon_domain(NetworkManager, `, nscd_client_domain, privsysmod, mlsfileread' )
 
 can_network(NetworkManager_t)
 allow NetworkManager_t port_type:tcp_socket name_connect;
-allow NetworkManager_t dhcpc_port_t:udp_socket name_bind;
+allow NetworkManager_t { isakmp_port_t dhcpc_port_t }:udp_socket name_bind;
 allow NetworkManager_t dhcpc_t:process signal;
 
 can_ypbind(NetworkManager_t)
 uses_shlib(NetworkManager_t)
-allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service sys_module};
+allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service sys_module ipc_lock};
 
 allow NetworkManager_t { random_device_t urandom_device_t }:chr_file { getattr read };
 
@@ -93,6 +93,9 @@ allow NetworkManager_t initrc_var_run_t:file { getattr read };
 
 domain_auto_trans(NetworkManager_t, insmod_exec_t, insmod_t)
 allow NetworkManager_t self:netlink_route_socket r_netlink_socket_perms;
+# allow vpnc connections
+allow NetworkManager_t self:rawip_socket create_socket_perms;
+allow NetworkManager_t tun_tap_device_t:chr_file rw_file_perms;
 
 domain_auto_trans(NetworkManager_t, initrc_exec_t, initrc_t)
 domain_auto_trans(NetworkManager_t, dhcpc_exec_t, dhcpc_t)
@@ -106,3 +109,4 @@ allow NetworkManager_t dhcpc_var_run_t:file { getattr read unlink };
 ')
 allow NetworkManager_t var_lib_t:dir search;
 dontaudit NetworkManager_t user_tty_type:chr_file { read write };
+dontaudit NetworkManager_t security_t:dir search;
diff --git a/strict/domains/program/alsa.te b/strict/domains/program/alsa.te
index 5717244..ab80475 100644
--- a/strict/domains/program/alsa.te
+++ b/strict/domains/program/alsa.te
@@ -6,12 +6,19 @@
 type alsa_t, domain, privlog, daemon;
 type alsa_exec_t, file_type, sysadmfile, exec_type;
 uses_shlib(alsa_t)
-allow alsa_t self:sem  create_sem_perms;
-allow alsa_t self:shm  create_shm_perms;
+allow alsa_t { unpriv_userdomain self }:sem  create_sem_perms;
+allow alsa_t { unpriv_userdomain self }:shm  create_shm_perms;
 allow alsa_t self:unix_stream_socket create_stream_socket_perms;
+allow alsa_t self:unix_dgram_socket create_socket_perms;
+allow unpriv_userdomain alsa_t:sem { unix_read unix_write associate read write };
+allow unpriv_userdomain alsa_t:shm { unix_read unix_write create_shm_perms };
+
 type alsa_etc_rw_t, file_type, sysadmfile, usercanread;
 rw_dir_create_file(alsa_t,alsa_etc_rw_t)
 allow alsa_t self:capability { setgid setuid ipc_owner };
+dontaudit alsa_t self:capability sys_admin;
 allow alsa_t devpts_t:chr_file { read write };
 allow alsa_t etc_t:file { getattr read };
 domain_auto_trans(pam_console_t, alsa_exec_t, alsa_t)
+role system_r types alsa_t;
+read_locale(alsa_t) 
diff --git a/strict/domains/program/amanda.te b/strict/domains/program/amanda.te
index 2785acf..4b63f5f 100644
--- a/strict/domains/program/amanda.te
+++ b/strict/domains/program/amanda.te
@@ -84,7 +84,6 @@ domain_auto_trans(inetd_t, amanda_inetd_exec_t, amanda_t)
 
 # configuration files -> read only
 allow amanda_t amanda_config_t:file { getattr read };
-allow amanda_t amanda_config_t:dir search;
 
 # access to amanda_amandates_t
 allow amanda_t amanda_amandates_t:file { getattr lock read write };
@@ -97,43 +96,18 @@ allow amanda_t amanda_data_t:dir { read search write };
 allow amanda_t amanda_data_t:file { read write };
 
 # access to proc_t
-allow amanda_t proc_t:dir { getattr search };
 allow amanda_t proc_t:file { getattr read };
 
 # access to etc_t and similar
-allow amanda_t etc_t:dir { getattr search };
 allow amanda_t etc_t:file { getattr read };
 allow amanda_t etc_runtime_t:file { getattr read };
 
-# access to var_t and similar
-allow amanda_t var_t:dir search;
-allow amanda_t var_lib_t:dir search;
-allow amanda_t amanda_var_lib_t:dir search;
-
 # access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
-allow amanda_t amanda_gnutarlists_t:dir { add_name read remove_name search write };
-allow amanda_t amanda_gnutarlists_t:file { create getattr read rename setattr unlink write };
-
-# access to var_run_t
-allow amanda_t var_run_t:dir search;
-
-# access to var_log_t
-allow amanda_t var_log_t:dir getattr;
-
-# access to var_spool_t
-allow amanda_t var_spool_t:dir getattr;
-
-# access to amanda_usr_lib_t
-allow amanda_t amanda_usr_lib_t:dir search;
+rw_dir_create_file(amanda_t, amanda_gnutarlists_t)
 
 # access to device_t and similar
-allow amanda_t device_t:dir search;
-allow amanda_t devpts_t:dir getattr;
 allow amanda_t devtty_t:chr_file { read write };
 
-# access to boot_t
-allow amanda_t boot_t:dir getattr;
-
 # access to fs_t
 allow amanda_t fs_t:filesystem getattr;
 
@@ -158,7 +132,8 @@ allow amanda_t bin_t:file { execute execute_no_trans };
 
 allow amanda_t self:capability { chown dac_override setuid };
 allow amanda_t self:process { fork sigchld setpgid signal };
-allow amanda_t self:unix_dgram_socket create;
+allow amanda_t self:dir search;
+allow amanda_t self:file { getattr read };
 
 
 ###################################
@@ -170,7 +145,8 @@ can_ypbind(amanda_t);
 can_exec(amanda_t, sbin_t);
 	
 allow amanda_t self:fifo_file { getattr read write ioctl lock };
-allow amanda_t self:unix_stream_socket { connect create read write };
+allow amanda_t self:unix_stream_socket create_stream_socket_perms;
+allow amanda_t self:unix_dgram_socket create_socket_perms;
 
 
 ##########################
@@ -192,18 +168,8 @@ allow inetd_t amanda_usr_lib_t:dir search;
 ########################
 
 # access to user_home_t
-allow amanda_t { user_home_dir_type user_home_type }:dir { search getattr read };
 allow amanda_t user_home_type:file { getattr read };
 
-# access to file_t ( /floppy, /cdrom )
-allow amanda_t mnt_t:dir getattr;
-
-###########
-# Dontaudit
-###########
-dontaudit amanda_t lost_found_t:dir { getattr read };
-	
-	
 ##############################################################################
 # AMANDA RECOVER DECLARATIONS
 ##############################################################################
@@ -214,7 +180,8 @@ dontaudit amanda_t lost_found_t:dir { getattr read };
 
 # type for amrecover
 type amanda_recover_t, domain;
-role sysadm_r types { amanda_recover_t amanda_recover_dir_t };
+role sysadm_r types amanda_recover_t;
+role system_r types amanda_recover_t;
 
 # exec types for amrecover 
 type amanda_recover_exec_t, file_type, sysadmfile, exec_type;
@@ -236,22 +203,22 @@ file_type_auto_trans(amanda_recover_t, tmp_t, amanda_tmp_t)
 uses_shlib(amanda_recover_t)
 allow amanda_recover_t self:process { fork sigkill sigstop sigchld signal };
 allow amanda_recover_t self:capability { fowner fsetid kill setgid setuid chown dac_override net_bind_service };
-allow amanda_recover_t shell_exec_t:file { execute execute_no_trans getattr read };
+can_exec(amanda_recover_t, shell_exec_t)
 allow amanda_recover_t privfd:fd use;
 
 
 # amrecover network and process communication
 #############################################
 
-can_network_server(amanda_recover_t);
+can_network(amanda_recover_t);
+allow amanda_recover_t amanda_port_t:tcp_socket name_connect;
 can_ypbind(amanda_recover_t);
+read_locale(amanda_recover_t);
 
 allow amanda_recover_t self:fifo_file { getattr ioctl read write };
 allow amanda_recover_t self:unix_stream_socket { connect create read write };
-
-allow amanda_t self:dir search;
-allow amanda_t self:file { getattr read };
-
+allow amanda_recover_t var_log_t:dir search;
+rw_dir_create_file(amanda_recover_t, amanda_log_t)
 
 # amrecover file permissions
 ############################
@@ -301,22 +268,17 @@ allow amanda_recover_t tmp_t:dir search;
 #
 allow inetd_t amanda_port_t:{ tcp_socket udp_socket } name_bind;
 
-allow amanda_t file_type:dir {getattr read search };
+#amanda needs to look at fs_type directories to decide whether it should backup
+allow amanda_t { fs_type file_type }:dir {getattr read search };
 allow amanda_t file_type:{ lnk_file file chr_file blk_file } {getattr read };
 allow amanda_t device_type:{ blk_file chr_file } getattr;
 allow amanda_t fixed_disk_device_t:blk_file read;
 domain_auto_trans(amanda_t, fsadm_exec_t, fsadm_t)
 
-dontaudit amanda_t file_type:sock_file getattr;
+allow amanda_t file_type:sock_file getattr;
 logdir_domain(amanda)
 
-dontaudit amanda_t autofs_t:dir { getattr read search };
-dontaudit amanda_t binfmt_misc_fs_t:dir getattr;
-dontaudit amanda_t nfs_t:dir { getattr read };
-dontaudit amanda_t proc_t:dir read;
 dontaudit amanda_t proc_t:lnk_file read;
-dontaudit amanda_t rpc_pipefs_t:dir { getattr read };
-dontaudit amanda_t security_t:dir { getattr read };
-dontaudit amanda_t sysfs_t:dir { getattr read };
 dontaudit amanda_t unlabeled_t:file getattr;
-dontaudit amanda_t usbfs_t:dir getattr;
+#amanda wants to check attributes on fifo_files
+allow amanda_t file_type:fifo_file getattr;
diff --git a/strict/domains/program/bonobo.te b/strict/domains/program/bonobo.te
new file mode 100644
index 0000000..c23f1d2
--- /dev/null
+++ b/strict/domains/program/bonobo.te
@@ -0,0 +1,9 @@
+# DESC - Bonobo Activation Server 
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Type for executable
+type bonobo_exec_t, file_type, exec_type, sysadmfile;
+
+# Everything else is in macros/bonobo_macros.te
diff --git a/strict/domains/program/cvs.te b/strict/domains/program/cvs.te
new file mode 100644
index 0000000..324ddd3
--- /dev/null
+++ b/strict/domains/program/cvs.te
@@ -0,0 +1,28 @@
+#DESC cvs - Concurrent Versions System
+#
+# Author:  Dan Walsh <dwalsh@redhat.com>
+#
+# Depends: inetd.te
+
+#################################
+#
+# Rules for the cvs_t domain.
+#
+# cvs_exec_t is the type of the cvs executable.
+#
+
+inetd_child_domain(cvs, tcp)
+typeattribute cvs_t privmail;
+typeattribute cvs_t auth_chkpwd;
+
+type cvs_data_t, file_type, sysadmfile, customizable;
+create_dir_file(cvs_t, cvs_data_t)
+can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
+allow cvs_t bin_t:dir search;
+allow cvs_t { bin_t sbin_t }:lnk_file read;
+allow cvs_t etc_runtime_t:file { getattr read };
+allow system_mail_t cvs_data_t:file { getattr read };
+dontaudit cvs_t devtty_t:chr_file { read write };
+# Allow kerberos to work
+allow cvs_t { krb5_keytab_t krb5_conf_t }:file r_file_perms;
+dontaudit cvs_t krb5_conf_t:file write;
diff --git a/strict/domains/program/ddcprobe.te b/strict/domains/program/ddcprobe.te
new file mode 100644
index 0000000..4087126
--- /dev/null
+++ b/strict/domains/program/ddcprobe.te
@@ -0,0 +1,42 @@
+#DESC ddcprobe - output ddcprobe results from kudzu
+#
+# Author: dan walsh <dwalsh@redhat.com>
+#
+
+type ddcprobe_t, domain, privmem;
+type ddcprobe_exec_t, file_type, exec_type, sysadmfile;
+
+# Allow execution by the sysadm
+role sysadm_r types ddcprobe_t;
+role system_r types ddcprobe_t;
+domain_auto_trans(sysadm_t, ddcprobe_exec_t, ddcprobe_t)
+
+uses_shlib(ddcprobe_t)
+
+# Allow terminal access
+access_terminal(ddcprobe_t, sysadm)
+
+# Allow ddcprobe to read /dev/mem
+allow ddcprobe_t memory_device_t:chr_file read;
+allow ddcprobe_t memory_device_t:chr_file { execute write };
+allow ddcprobe_t self:process execmem;
+allow ddcprobe_t zero_device_t:chr_file { execute read };
+
+allow ddcprobe_t proc_t:dir search;
+allow ddcprobe_t proc_t:file { getattr read };
+can_exec(ddcprobe_t, sbin_t)
+allow ddcprobe_t user_tty_type:chr_file rw_file_perms;
+allow ddcprobe_t userdomain:fd use;
+read_sysctl(ddcprobe_t)
+allow ddcprobe_t urandom_device_t:chr_file { getattr read };
+allow ddcprobe_t { bin_t sbin_t }:dir r_dir_perms;
+allow ddcprobe_t self:capability { sys_rawio sys_admin };
+
+allow ddcprobe_t { etc_t etc_runtime_t }:file { getattr read };
+allow ddcprobe_t kudzu_exec_t:file getattr;
+allow ddcprobe_t lib_t:file { getattr read };
+read_locale(ddcprobe_t)
+allow ddcprobe_t modules_object_t:dir search;
+allow ddcprobe_t modules_dep_t:file { getattr read };
+allow ddcprobe_t usr_t:file { getattr read };
+allow ddcprobe_t kernel_t:system syslog_console;
diff --git a/strict/domains/program/ethereal.te b/strict/domains/program/ethereal.te
new file mode 100644
index 0000000..a56d321
--- /dev/null
+++ b/strict/domains/program/ethereal.te
@@ -0,0 +1,48 @@
+# DESC - Ethereal  
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Type for executables
+type tethereal_exec_t, file_type, exec_type, sysadmfile;
+type ethereal_exec_t, file_type, exec_type, sysadmfile;
+
+########################################################
+# Tethereal 
+#
+
+# Type for program
+type tethereal_t, domain, nscd_client_domain;
+
+# Transition from sysadm type
+domain_auto_trans(sysadm_t, tethereal_exec_t, tethereal_t)
+role sysadm_r types tethereal_t;
+
+uses_shlib(tethereal_t)
+read_locale(tethereal_t)
+
+# Terminal output
+access_terminal(tethereal_t, sysadm)
+
+# /proc
+read_sysctl(tethereal_t)
+allow tethereal_t { self proc_t }:dir { read search getattr };
+allow tethereal_t { self proc_t }:{ file lnk_file } { read getattr };
+
+# Access root
+allow tethereal_t root_t:dir search;
+
+# Read ethereal files in /usr
+allow tethereal_t usr_t:file { read getattr };
+
+# /etc/nsswitch.conf
+allow tethereal_t etc_t:file { read getattr };
+
+# Ethereal sysadm rules
+ethereal_networking(tethereal)
+
+# FIXME: policy is incomplete
+
+#####################################
+# Ethereal (GNOME) policy can be found
+# in ethereal_macros.te 
diff --git a/strict/domains/program/evolution.te b/strict/domains/program/evolution.te
new file mode 100644
index 0000000..c8a045e
--- /dev/null
+++ b/strict/domains/program/evolution.te
@@ -0,0 +1,14 @@
+# DESC - Evolution  
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Type for executables
+type evolution_exec_t, file_type, exec_type, sysadmfile;
+type evolution_server_exec_t, file_type, exec_type, sysadmfile;
+type evolution_webcal_exec_t, file_type, exec_type, sysadmfile;
+type evolution_alarm_exec_t, file_type, exec_type, sysadmfile;
+type evolution_exchange_exec_t, file_type, exec_type, sysadmfile;
+
+# Everything else is in macros/evolution_macros.te
+bool disable_evolution_trans false;
diff --git a/strict/domains/program/fontconfig.te b/strict/domains/program/fontconfig.te
new file mode 100644
index 0000000..836470a
--- /dev/null
+++ b/strict/domains/program/fontconfig.te
@@ -0,0 +1,7 @@
+#
+# Fontconfig related types 
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Look in fontconfig_macros.te
diff --git a/strict/domains/program/gconf.te b/strict/domains/program/gconf.te
new file mode 100644
index 0000000..e4dfa4b
--- /dev/null
+++ b/strict/domains/program/gconf.te
@@ -0,0 +1,12 @@
+# DESC - GConf preference daemon
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Type for executable
+type gconfd_exec_t, file_type, exec_type, sysadmfile;
+
+# Type for /etc files
+type gconf_etc_t, file_type, sysadmfile;
+
+# Everything else is in macros/gconfd_macros.te
diff --git a/strict/domains/program/gnome.te b/strict/domains/program/gnome.te
new file mode 100644
index 0000000..b45ea8e
--- /dev/null
+++ b/strict/domains/program/gnome.te
@@ -0,0 +1,7 @@
+#
+# GNOME related types 
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Look in gnome_macros.te
diff --git a/strict/domains/program/gnome_vfs.te b/strict/domains/program/gnome_vfs.te
new file mode 100644
index 0000000..d4cabb6
--- /dev/null
+++ b/strict/domains/program/gnome_vfs.te
@@ -0,0 +1,9 @@
+# DESC - GNOME VFS Daemon
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Type for executable
+type gnome_vfs_exec_t, file_type, exec_type, sysadmfile;
+
+# Everything else is in macros/gnome_vfs_macros.te
diff --git a/strict/domains/program/iceauth.te b/strict/domains/program/iceauth.te
new file mode 100644
index 0000000..f41ad9e
--- /dev/null
+++ b/strict/domains/program/iceauth.te
@@ -0,0 +1,12 @@
+#DESC ICEauth - ICE authority file utility
+#
+# Domains for the iceauth program.
+#
+# Author: Ivan Gyurdiev <gyurdiev@redhat.com>
+#
+# iceauth_exec_t is the type of the xauth executable.
+#
+type iceauth_exec_t, file_type, exec_type, sysadmfile;
+
+# Everything else is in the iceauth_domain macro in
+# macros/program/iceauth_macros.te.
diff --git a/strict/domains/program/openct.te b/strict/domains/program/openct.te
new file mode 100644
index 0000000..244fc2f
--- /dev/null
+++ b/strict/domains/program/openct.te
@@ -0,0 +1,16 @@
+#DESC openct - read files in page cache 
+#
+# Author: Dan Walsh (dwalsh@redhat.com)
+#
+
+#################################
+#
+# Declarations for openct
+#
+
+daemon_domain(openct)
+#
+# openct asks for these
+#
+rw_dir_file(openct_t, usbfs_t)
+allow openct_t etc_t:file r_file_perms;
diff --git a/strict/domains/program/orbit.te b/strict/domains/program/orbit.te
new file mode 100644
index 0000000..dad353b
--- /dev/null
+++ b/strict/domains/program/orbit.te
@@ -0,0 +1,7 @@
+#
+# ORBit related types 
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Look in orbit_macros.te
diff --git a/strict/domains/program/thunderbird.te b/strict/domains/program/thunderbird.te
new file mode 100644
index 0000000..c640f87
--- /dev/null
+++ b/strict/domains/program/thunderbird.te
@@ -0,0 +1,10 @@
+# DESC - Thunderbird  
+#
+# Author: Ivan Gyurdiev <ivg2@cornell.edu>
+#
+
+# Type for executables
+type thunderbird_exec_t, file_type, exec_type, sysadmfile;
+
+# Everything else is in macros/thunderbird_macros.te
+bool disable_thunderbird_trans false;
diff --git a/strict/domains/program/unused/backup.te b/strict/domains/program/unused/backup.te
index 89c5171..628527d 100644
--- a/strict/domains/program/unused/backup.te
+++ b/strict/domains/program/unused/backup.te
@@ -16,7 +16,9 @@ type backup_store_t, file_type, sysadmfile;
 role system_r types backup_t;
 role sysadm_r types backup_t;
 
+ifdef(`targeted_policy', `', `
 domain_auto_trans(sysadm_t, backup_exec_t, backup_t)
+')
 allow backup_t privfd:fd use;
 ifdef(`crond.te', `
 system_crond_entry(backup_exec_t, backup_t)
diff --git a/strict/domains/program/unused/bonobo.te b/strict/domains/program/unused/bonobo.te
deleted file mode 100644
index c23f1d2..0000000
--- a/strict/domains/program/unused/bonobo.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# DESC - Bonobo Activation Server 
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Type for executable
-type bonobo_exec_t, file_type, exec_type, sysadmfile;
-
-# Everything else is in macros/bonobo_macros.te
diff --git a/strict/domains/program/unused/cvs.te b/strict/domains/program/unused/cvs.te
deleted file mode 100644
index 324ddd3..0000000
--- a/strict/domains/program/unused/cvs.te
+++ /dev/null
@@ -1,28 +0,0 @@
-#DESC cvs - Concurrent Versions System
-#
-# Author:  Dan Walsh <dwalsh@redhat.com>
-#
-# Depends: inetd.te
-
-#################################
-#
-# Rules for the cvs_t domain.
-#
-# cvs_exec_t is the type of the cvs executable.
-#
-
-inetd_child_domain(cvs, tcp)
-typeattribute cvs_t privmail;
-typeattribute cvs_t auth_chkpwd;
-
-type cvs_data_t, file_type, sysadmfile, customizable;
-create_dir_file(cvs_t, cvs_data_t)
-can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
-allow cvs_t bin_t:dir search;
-allow cvs_t { bin_t sbin_t }:lnk_file read;
-allow cvs_t etc_runtime_t:file { getattr read };
-allow system_mail_t cvs_data_t:file { getattr read };
-dontaudit cvs_t devtty_t:chr_file { read write };
-# Allow kerberos to work
-allow cvs_t { krb5_keytab_t krb5_conf_t }:file r_file_perms;
-dontaudit cvs_t krb5_conf_t:file write;
diff --git a/strict/domains/program/unused/ddcprobe.te b/strict/domains/program/unused/ddcprobe.te
deleted file mode 100644
index 4087126..0000000
--- a/strict/domains/program/unused/ddcprobe.te
+++ /dev/null
@@ -1,42 +0,0 @@
-#DESC ddcprobe - output ddcprobe results from kudzu
-#
-# Author: dan walsh <dwalsh@redhat.com>
-#
-
-type ddcprobe_t, domain, privmem;
-type ddcprobe_exec_t, file_type, exec_type, sysadmfile;
-
-# Allow execution by the sysadm
-role sysadm_r types ddcprobe_t;
-role system_r types ddcprobe_t;
-domain_auto_trans(sysadm_t, ddcprobe_exec_t, ddcprobe_t)
-
-uses_shlib(ddcprobe_t)
-
-# Allow terminal access
-access_terminal(ddcprobe_t, sysadm)
-
-# Allow ddcprobe to read /dev/mem
-allow ddcprobe_t memory_device_t:chr_file read;
-allow ddcprobe_t memory_device_t:chr_file { execute write };
-allow ddcprobe_t self:process execmem;
-allow ddcprobe_t zero_device_t:chr_file { execute read };
-
-allow ddcprobe_t proc_t:dir search;
-allow ddcprobe_t proc_t:file { getattr read };
-can_exec(ddcprobe_t, sbin_t)
-allow ddcprobe_t user_tty_type:chr_file rw_file_perms;
-allow ddcprobe_t userdomain:fd use;
-read_sysctl(ddcprobe_t)
-allow ddcprobe_t urandom_device_t:chr_file { getattr read };
-allow ddcprobe_t { bin_t sbin_t }:dir r_dir_perms;
-allow ddcprobe_t self:capability { sys_rawio sys_admin };
-
-allow ddcprobe_t { etc_t etc_runtime_t }:file { getattr read };
-allow ddcprobe_t kudzu_exec_t:file getattr;
-allow ddcprobe_t lib_t:file { getattr read };
-read_locale(ddcprobe_t)
-allow ddcprobe_t modules_object_t:dir search;
-allow ddcprobe_t modules_dep_t:file { getattr read };
-allow ddcprobe_t usr_t:file { getattr read };
-allow ddcprobe_t kernel_t:system syslog_console;
diff --git a/strict/domains/program/unused/ethereal.te b/strict/domains/program/unused/ethereal.te
deleted file mode 100644
index a56d321..0000000
--- a/strict/domains/program/unused/ethereal.te
+++ /dev/null
@@ -1,48 +0,0 @@
-# DESC - Ethereal  
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Type for executables
-type tethereal_exec_t, file_type, exec_type, sysadmfile;
-type ethereal_exec_t, file_type, exec_type, sysadmfile;
-
-########################################################
-# Tethereal 
-#
-
-# Type for program
-type tethereal_t, domain, nscd_client_domain;
-
-# Transition from sysadm type
-domain_auto_trans(sysadm_t, tethereal_exec_t, tethereal_t)
-role sysadm_r types tethereal_t;
-
-uses_shlib(tethereal_t)
-read_locale(tethereal_t)
-
-# Terminal output
-access_terminal(tethereal_t, sysadm)
-
-# /proc
-read_sysctl(tethereal_t)
-allow tethereal_t { self proc_t }:dir { read search getattr };
-allow tethereal_t { self proc_t }:{ file lnk_file } { read getattr };
-
-# Access root
-allow tethereal_t root_t:dir search;
-
-# Read ethereal files in /usr
-allow tethereal_t usr_t:file { read getattr };
-
-# /etc/nsswitch.conf
-allow tethereal_t etc_t:file { read getattr };
-
-# Ethereal sysadm rules
-ethereal_networking(tethereal)
-
-# FIXME: policy is incomplete
-
-#####################################
-# Ethereal (GNOME) policy can be found
-# in ethereal_macros.te 
diff --git a/strict/domains/program/unused/evolution.te b/strict/domains/program/unused/evolution.te
deleted file mode 100644
index c8a045e..0000000
--- a/strict/domains/program/unused/evolution.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# DESC - Evolution  
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Type for executables
-type evolution_exec_t, file_type, exec_type, sysadmfile;
-type evolution_server_exec_t, file_type, exec_type, sysadmfile;
-type evolution_webcal_exec_t, file_type, exec_type, sysadmfile;
-type evolution_alarm_exec_t, file_type, exec_type, sysadmfile;
-type evolution_exchange_exec_t, file_type, exec_type, sysadmfile;
-
-# Everything else is in macros/evolution_macros.te
-bool disable_evolution_trans false;
diff --git a/strict/domains/program/unused/fontconfig.te b/strict/domains/program/unused/fontconfig.te
deleted file mode 100644
index 836470a..0000000
--- a/strict/domains/program/unused/fontconfig.te
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# Fontconfig related types 
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Look in fontconfig_macros.te
diff --git a/strict/domains/program/unused/gconf.te b/strict/domains/program/unused/gconf.te
deleted file mode 100644
index e4dfa4b..0000000
--- a/strict/domains/program/unused/gconf.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# DESC - GConf preference daemon
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Type for executable
-type gconfd_exec_t, file_type, exec_type, sysadmfile;
-
-# Type for /etc files
-type gconf_etc_t, file_type, sysadmfile;
-
-# Everything else is in macros/gconfd_macros.te
diff --git a/strict/domains/program/unused/gnome.te b/strict/domains/program/unused/gnome.te
deleted file mode 100644
index b45ea8e..0000000
--- a/strict/domains/program/unused/gnome.te
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# GNOME related types 
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Look in gnome_macros.te
diff --git a/strict/domains/program/unused/gnome_vfs.te b/strict/domains/program/unused/gnome_vfs.te
deleted file mode 100644
index d4cabb6..0000000
--- a/strict/domains/program/unused/gnome_vfs.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# DESC - GNOME VFS Daemon
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Type for executable
-type gnome_vfs_exec_t, file_type, exec_type, sysadmfile;
-
-# Everything else is in macros/gnome_vfs_macros.te
diff --git a/strict/domains/program/unused/iceauth.te b/strict/domains/program/unused/iceauth.te
deleted file mode 100644
index f41ad9e..0000000
--- a/strict/domains/program/unused/iceauth.te
+++ /dev/null
@@ -1,12 +0,0 @@
-#DESC ICEauth - ICE authority file utility
-#
-# Domains for the iceauth program.
-#
-# Author: Ivan Gyurdiev <gyurdiev@redhat.com>
-#
-# iceauth_exec_t is the type of the xauth executable.
-#
-type iceauth_exec_t, file_type, exec_type, sysadmfile;
-
-# Everything else is in the iceauth_domain macro in
-# macros/program/iceauth_macros.te.
diff --git a/strict/domains/program/unused/orbit.te b/strict/domains/program/unused/orbit.te
deleted file mode 100644
index dad353b..0000000
--- a/strict/domains/program/unused/orbit.te
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# ORBit related types 
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Look in orbit_macros.te
diff --git a/strict/domains/program/unused/thunderbird.te b/strict/domains/program/unused/thunderbird.te
deleted file mode 100644
index c640f87..0000000
--- a/strict/domains/program/unused/thunderbird.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# DESC - Thunderbird  
-#
-# Author: Ivan Gyurdiev <ivg2@cornell.edu>
-#
-
-# Type for executables
-type thunderbird_exec_t, file_type, exec_type, sysadmfile;
-
-# Everything else is in macros/thunderbird_macros.te
-bool disable_thunderbird_trans false;
diff --git a/strict/file_contexts/program/openct.fc b/strict/file_contexts/program/openct.fc
new file mode 100644
index 0000000..43d656e
--- /dev/null
+++ b/strict/file_contexts/program/openct.fc
@@ -0,0 +1,2 @@
+/usr/sbin/openct-control	-- 	system_u:object_r:openct_exec_t
+/var/run/openct(/.*)?			system_u:object_r:openct_var_run_t
diff --git a/strict/file_contexts/program/pegasus.fc b/strict/file_contexts/program/pegasus.fc
new file mode 100644
index 0000000..d81b968
--- /dev/null
+++ b/strict/file_contexts/program/pegasus.fc
@@ -0,0 +1,11 @@
+# File Contexts for The Open Group Pegasus (tog-pegasus) cimserver
+/usr/sbin/cimserver		--	system_u:object_r:pegasus_exec_t
+/usr/sbin/cimconfig		-- 	system_u:object_r:pegasus_conf_exec_t
+/usr/sbin/cimuser		-- 	system_u:object_r:pegasus_conf_exec_t
+/usr/sbin/cimauth		-- 	system_u:object_r:pegasus_conf_exec_t
+/usr/sbin/init_repository	-- 	system_u:object_r:pegasus_exec_t
+/usr/lib(64)?/Pegasus/providers/.*\.so.*	system_u:object_r:shlib_t
+/etc/Pegasus(/.*)?			system_u:object_r:pegasus_conf_t
+/var/lib/Pegasus(/.*)?	                system_u:object_r:pegasus_data_t
+/var/run/tog-pegasus(/.*)?              system_u:object_r:pegasus_var_run_t
+/usr/share/Pegasus/mof(/.*)?/.*\.mof    system_u:object_r:pegasus_mof_t
diff --git a/strict/file_contexts/program/readahead.fc b/strict/file_contexts/program/readahead.fc
new file mode 100644
index 0000000..0755fef
--- /dev/null
+++ b/strict/file_contexts/program/readahead.fc
@@ -0,0 +1 @@
+/usr/sbin/readahead -- system_u:object_r:readahead_exec_t
diff --git a/strict/file_contexts/program/roundup.fc b/strict/file_contexts/program/roundup.fc
new file mode 100644
index 0000000..99b2700
--- /dev/null
+++ b/strict/file_contexts/program/roundup.fc
@@ -0,0 +1,2 @@
+/usr/bin/roundup-server         --      system_u:object_r:roundup_exec_t
+/var/lib/roundup(/.*)?          --      system_u:object_r:roundup_var_lib_t
diff --git a/strict/file_contexts/program/yppasswdd.fc b/strict/file_contexts/program/yppasswdd.fc
new file mode 100644
index 0000000..e390bd8
--- /dev/null
+++ b/strict/file_contexts/program/yppasswdd.fc
@@ -0,0 +1,2 @@
+# yppasswd
+/usr/sbin/rpc.yppasswdd		--	system_u:object_r:yppasswdd_exec_t