--- nsaserefpolicy/policy/modules/admin/netutils.if	2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/netutils.if	2008-08-14 13:53:54.000000000 -0400
@@ -70,7 +70,7 @@
 
 ########################################
 ## <summary>
-##	Send generic signals to network utilities.
+##	Execute ping in the ping domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -78,17 +78,17 @@
 ##	</summary>
 ## </param>
 #
-interface(`netutils_signal',`
+interface(`netutils_domtrans_ping',`
 	gen_require(`
-		type netutils_t;
+		type ping_t, ping_exec_t;
 	')
 
-	allow $1 netutils_t:process signal;
+	domtrans_pattern($1, ping_exec_t, ping_t)
 ')
 
 ########################################
 ## <summary>
-##	Execute ping in the ping domain.
+##	Send a kill (SIGKILL) signal to ping.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -96,17 +96,17 @@
 ##	</summary>
 ## </param>
 #
-interface(`netutils_domtrans_ping',`
+interface(`netutils_kill_ping',`
 	gen_require(`
-		type ping_t, ping_exec_t;
+		type ping_t;
 	')
 
-	domtrans_pattern($1, ping_exec_t, ping_t)
+	allow $1 ping_t:process sigkill;
 ')
 
 ########################################
 ## <summary>
-##	Send a kill (SIGKILL) signal to ping.
+##	Send generic signals to ping.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -114,17 +114,17 @@
 ##	</summary>
 ## </param>
 #
-interface(`netutils_kill_ping',`
+interface(`netutils_signal_ping',`
 	gen_require(`
 		type ping_t;
 	')
 
-	allow $1 ping_t:process sigkill;
+	allow $1 ping_t:process signal;
 ')
 
 ########################################
 ## <summary>
-##	Send generic signals to ping.
+##	Send generic signals to netutils.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -132,12 +132,12 @@
 ##	</summary>
 ## </param>
 #
-interface(`netutils_signal_ping',`
+interface(`netutils_signal',`
 	gen_require(`
-		type ping_t;
+		type netutils_t;
 	')
 
-	allow $1 ping_t:process signal;
+	allow $1 netutils_t:process signal;
 ')
 
 ########################################
--- nsaserefpolicy/policy/modules/admin/netutils.te	2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/netutils.te	2008-08-14 13:53:54.000000000 -0400
@@ -50,6 +50,7 @@
 files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
 
 kernel_search_proc(netutils_t)
+kernel_read_sysctl(netutils_t)
 
 corenet_all_recvfrom_unlabeled(netutils_t)
 corenet_all_recvfrom_netlabel(netutils_t)
@@ -78,6 +79,8 @@
 init_use_fds(netutils_t)
 init_use_script_ptys(netutils_t)
 
+auth_use_nsswitch(netutils_t)
+
 libs_use_ld_so(netutils_t)
 libs_use_shared_libs(netutils_t)
 
@@ -85,8 +88,6 @@
 
 miscfiles_read_localization(netutils_t)
 
-sysnet_read_config(netutils_t)
-
 userdom_use_all_users_fds(netutils_t)
 
 optional_policy(`
@@ -94,6 +95,10 @@
 ')
 
 optional_policy(`
+	vmware_append_log(netutils_t)
+')
+
+optional_policy(`
 	xen_append_log(netutils_t)
 ')
 
@@ -107,12 +112,14 @@
 allow ping_t self:tcp_socket create_socket_perms;
 allow ping_t self:rawip_socket { create ioctl read write bind getopt setopt };
 allow ping_t self:packet_socket { create ioctl read write bind getopt setopt };
+allow ping_t self:netlink_route_socket create_netlink_socket_perms;
 
 corenet_all_recvfrom_unlabeled(ping_t)
 corenet_all_recvfrom_netlabel(ping_t)
 corenet_tcp_sendrecv_all_if(ping_t)
 corenet_raw_sendrecv_all_if(ping_t)
 corenet_raw_sendrecv_all_nodes(ping_t)
+corenet_raw_bind_all_nodes(ping_t)
 corenet_tcp_sendrecv_all_nodes(ping_t)
 corenet_tcp_sendrecv_all_ports(ping_t)
 
@@ -123,6 +130,8 @@
 files_read_etc_files(ping_t)
 files_dontaudit_search_var(ping_t)
 
+auth_use_nsswitch(ping_t)
+
 libs_use_ld_so(ping_t)
 libs_use_shared_libs(ping_t)
 
@@ -130,9 +139,6 @@
 
 miscfiles_read_localization(ping_t)
 
-sysnet_read_config(ping_t)
-sysnet_dns_name_resolve(ping_t)
-
 ifdef(`hide_broken_symptoms',`
 	init_dontaudit_use_fds(ping_t)
 ')
@@ -143,11 +149,7 @@
 ')
 
 optional_policy(`
-	nis_use_ypbind(ping_t)
-')
-
-optional_policy(`
-	nscd_socket_use(ping_t)
+	munin_append_log(ping_t)
 ')
 
 optional_policy(`
@@ -166,7 +168,6 @@
 allow traceroute_t self:capability { net_admin net_raw setuid setgid };
 allow traceroute_t self:rawip_socket create_socket_perms;
 allow traceroute_t self:packet_socket create_socket_perms;
-allow traceroute_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
 allow traceroute_t self:udp_socket create_socket_perms;
 
 kernel_read_system_state(traceroute_t)
@@ -200,6 +201,8 @@
 
 init_use_fds(traceroute_t)
 
+auth_use_nsswitch(traceroute_t)
+
 libs_use_ld_so(traceroute_t)
 libs_use_shared_libs(traceroute_t)
 
@@ -212,17 +215,7 @@
 dev_read_urand(traceroute_t)
 files_read_usr_files(traceroute_t)
 
-sysnet_read_config(traceroute_t)
-
 tunable_policy(`user_ping',`
 	term_use_all_user_ttys(traceroute_t)
 	term_use_all_user_ptys(traceroute_t)
 ')
-
-optional_policy(`
-	nis_use_ypbind(traceroute_t)
-')
-
-optional_policy(`
-	nscd_socket_use(traceroute_t)
-')