--- nsaserefpolicy/policy/modules/services/dcc.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/dcc.if	2008-08-14 13:53:54.000000000 -0400
@@ -72,6 +72,24 @@
 
 ########################################
 ## <summary>
+##	Send a signal to the dcc_client.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dcc_signal_client',`
+	gen_require(`
+		type dcc_client_t;
+	')
+
+	allow $1 dcc_client_t:process signal;
+')
+
+########################################
+## <summary>
 ##	Execute dcc_client in the dcc_client domain, and
 ##	allow the specified role the dcc_client domain.
 ## </summary>
--- nsaserefpolicy/policy/modules/services/dcc.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/dcc.te	2008-08-14 13:53:54.000000000 -0400
@@ -105,6 +105,8 @@
 files_read_etc_files(cdcc_t)
 files_read_etc_runtime_files(cdcc_t)
 
+auth_use_nsswitch(cdcc_t)
+
 libs_use_ld_so(cdcc_t)
 libs_use_shared_libs(cdcc_t)
 
@@ -112,19 +114,12 @@
 
 miscfiles_read_localization(cdcc_t)
 
-sysnet_read_config(cdcc_t)
-sysnet_dns_name_resolve(cdcc_t)
-
-optional_policy(`
-	nscd_socket_use(cdcc_t)
-')
-
 ########################################
 #
 # dcc procmail interface local policy
 #
 
-allow dcc_client_t self:capability setuid;
+allow dcc_client_t self:capability { setgid setuid };
 allow dcc_client_t self:unix_dgram_socket create_socket_perms;
 allow dcc_client_t self:udp_socket create_socket_perms;
 
@@ -141,6 +136,7 @@
 
 corenet_all_recvfrom_unlabeled(dcc_client_t)
 corenet_all_recvfrom_netlabel(dcc_client_t)
+corenet_udp_bind_all_nodes(dcc_client_t)
 corenet_udp_sendrecv_generic_if(dcc_client_t)
 corenet_udp_sendrecv_all_nodes(dcc_client_t)
 corenet_udp_sendrecv_all_ports(dcc_client_t)
@@ -148,6 +144,10 @@
 files_read_etc_files(dcc_client_t)
 files_read_etc_runtime_files(dcc_client_t)
 
+kernel_read_system_state(dcc_client_t)
+
+auth_use_nsswitch(dcc_client_t)
+
 libs_use_ld_so(dcc_client_t)
 libs_use_shared_libs(dcc_client_t)
 
@@ -155,11 +155,8 @@
 
 miscfiles_read_localization(dcc_client_t)
 
-sysnet_read_config(dcc_client_t)
-sysnet_dns_name_resolve(dcc_client_t)
-
 optional_policy(`
-	nscd_socket_use(dcc_client_t)
+	spamassassin_read_spamd_tmp_files(dcc_client_t)
 ')
 
 ########################################
@@ -191,6 +188,8 @@
 files_read_etc_files(dcc_dbclean_t)
 files_read_etc_runtime_files(dcc_dbclean_t)
 
+auth_use_nsswitch(dcc_dbclean_t)
+
 libs_use_ld_so(dcc_dbclean_t)
 libs_use_shared_libs(dcc_dbclean_t)
 
@@ -198,13 +197,6 @@
 
 miscfiles_read_localization(dcc_dbclean_t)
 
-sysnet_read_config(dcc_dbclean_t)
-sysnet_dns_name_resolve(dcc_dbclean_t)
-
-optional_policy(`
-	nscd_socket_use(dcc_dbclean_t)
-')
-
 ########################################
 #
 # Server daemon local policy
@@ -262,6 +254,8 @@
 fs_getattr_all_fs(dccd_t)
 fs_search_auto_mountpoints(dccd_t)
 
+auth_use_nsswitch(dccd_t)
+
 libs_use_ld_so(dccd_t)
 libs_use_shared_libs(dccd_t)
 
@@ -277,10 +271,6 @@
 sysadm_dontaudit_search_home_dirs(dccd_t)
 
 optional_policy(`
-	nscd_socket_use(dccd_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(dccd_t)
 ')
 
@@ -336,6 +326,8 @@
 fs_getattr_all_fs(dccifd_t)
 fs_search_auto_mountpoints(dccifd_t)
 
+auth_use_nsswitch(dccifd_t)
+
 libs_use_ld_so(dccifd_t)
 libs_use_shared_libs(dccifd_t)
 
@@ -343,11 +335,7 @@
 
 miscfiles_read_localization(dccifd_t)
 
-sysnet_read_config(dccifd_t)
-sysnet_dns_name_resolve(dccifd_t)
-
 userdom_dontaudit_use_unpriv_user_fds(dccifd_t)
-
 sysadm_dontaudit_search_home_dirs(dccifd_t)
 
 optional_policy(`
@@ -351,10 +339,6 @@
 sysadm_dontaudit_search_home_dirs(dccifd_t)
 
 optional_policy(`
-	nscd_socket_use(dccifd_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(dccifd_t)
 ')
 
@@ -409,6 +393,8 @@
 fs_getattr_all_fs(dccm_t)
 fs_search_auto_mountpoints(dccm_t)
 
+auth_use_nsswitch(dccm_t)
+
 libs_use_ld_so(dccm_t)
 libs_use_shared_libs(dccm_t)
 
@@ -416,11 +402,7 @@
 
 miscfiles_read_localization(dccm_t)
 
-sysnet_read_config(dccm_t)
-sysnet_dns_name_resolve(dccm_t)
-
 userdom_dontaudit_use_unpriv_user_fds(dccm_t)
-
 sysadm_dontaudit_search_home_dirs(dccm_t)
 
 optional_policy(`
@@ -424,10 +406,6 @@
 sysadm_dontaudit_search_home_dirs(dccm_t)
 
 optional_policy(`
-	nscd_socket_use(dccm_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(dccm_t)
 ')