--- nsaserefpolicy/policy/modules/admin/mrtg.te	2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/mrtg.te	2008-08-14 13:53:54.000000000 -0400
@@ -78,6 +78,7 @@
 dev_read_urand(mrtg_t)
 
 domain_use_interactive_fds(mrtg_t)
+domain_dontaudit_search_all_domains_state(mrtg_t)
 
 files_read_usr_files(mrtg_t)
 files_search_var(mrtg_t)
@@ -101,6 +102,8 @@
 init_read_utmp(mrtg_t)
 init_dontaudit_write_utmp(mrtg_t)
 
+auth_use_nsswitch(mrtg_t)
+
 libs_read_lib_files(mrtg_t)
 libs_use_ld_so(mrtg_t)
 libs_use_shared_libs(mrtg_t)
@@ -111,12 +114,10 @@
 
 selinux_dontaudit_getattr_dir(mrtg_t)
 
-# Use the network.
-sysnet_read_config(mrtg_t)
-
 userdom_dontaudit_use_unpriv_user_fds(mrtg_t)
 
 sysadm_use_terms(mrtg_t)
+sysadm_dontaudit_read_home_content_files(mrtg_t)
 
 ifdef(`enable_mls',`
 	corenet_udp_sendrecv_lo_if(mrtg_t)
@@ -140,14 +141,6 @@
 ')
 
 optional_policy(`
-	nis_use_ypbind(mrtg_t)
-')
-
-optional_policy(`
-	nscd_dontaudit_search_pid(mrtg_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(mrtg_t)
 ')
 
@@ -162,10 +155,3 @@
 optional_policy(`
 	udev_read_db(mrtg_t)
 ')
-
-ifdef(`TODO',`
-	# should not need this!
-	dontaudit mrtg_t { staff_home_dir_t sysadm_home_dir_t }:dir { search read getattr };
-	dontaudit mrtg_t { boot_t device_t file_t lost_found_t }:dir getattr;
-	dontaudit mrtg_t root_t:lnk_file getattr;
-')