--- nsaserefpolicy/policy/modules/services/avahi.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/avahi.fc	2008-08-14 13:53:54.000000000 -0400
@@ -3,3 +3,7 @@
 /usr/sbin/avahi-dnsconfd 	--	gen_context(system_u:object_r:avahi_exec_t,s0)
 
 /var/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
+
+
+/etc/rc.d/init.d/avahi	--	gen_context(system_u:object_r:avahi_script_exec_t,s0)
+
--- nsaserefpolicy/policy/modules/services/avahi.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/avahi.if	2008-08-14 13:53:54.000000000 -0400
@@ -57,3 +57,64 @@
 
 	dontaudit $1 avahi_var_run_t:dir search_dir_perms;
 ')
+
+########################################
+## <summary>
+##	Execute avahi server in the avahi domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+#
+interface(`avahi_script_domtrans',`
+	gen_require(`
+		type avahi_script_exec_t;
+	')
+
+	init_script_domtrans_spec($1, avahi_script_exec_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate 
+##	an avahi environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the avahi domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the user terminal.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`avahi_admin',`
+	gen_require(`
+		type avahi_t;
+		type avahi_script_exec_t;
+		type avahi_var_run_t;
+	')
+
+	allow $1 avahi_t:process { ptrace signal_perms getattr };
+	read_files_pattern($1, avahi_t, avahi_t)
+	        
+	# Allow avahi_t to restart the apache service
+	avahi_script_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 avahi_script_exec_t system_r;
+	allow $2 system_r;
+
+	files_list_pids($1)
+        admin_pattern($1, avahi_var_run_t)
+')
--- nsaserefpolicy/policy/modules/services/avahi.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/avahi.te	2008-08-14 13:53:54.000000000 -0400
@@ -13,6 +13,9 @@
 type avahi_var_run_t;
 files_pid_file(avahi_var_run_t)
 
+type avahi_script_exec_t;
+init_script_type(avahi_script_exec_t)
+
 ########################################
 #
 # Local policy
@@ -20,7 +23,7 @@
 
 allow avahi_t self:capability { dac_override setgid chown fowner kill setuid sys_chroot };
 dontaudit avahi_t self:capability sys_tty_config;
-allow avahi_t self:process { setrlimit signal_perms setcap };
+allow avahi_t self:process { setrlimit signal_perms getcap setcap };
 allow avahi_t self:fifo_file { read write };
 allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
 allow avahi_t self:unix_dgram_socket create_socket_perms;
@@ -86,6 +89,7 @@
 	dbus_connect_system_bus(avahi_t)
 
 	init_dbus_chat_script(avahi_t)
+	dbus_system_domain(avahi_t, avahi_exec_t)
 ')
 
 optional_policy(`