--- nsaserefpolicy/policy/modules/services/sasl.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/sasl.fc	2008-08-14 13:53:54.000000000 -0400
@@ -8,3 +8,5 @@
 # /var
 #
 /var/run/saslauthd(/.*)?	gen_context(system_u:object_r:saslauthd_var_run_t,s0)
+
+/etc/rc.d/init.d/sasl	--	gen_context(system_u:object_r:sasl_script_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/sasl.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/sasl.if	2008-08-14 13:53:54.000000000 -0400
@@ -21,6 +21,25 @@
 
 ########################################
 ## <summary>
+##	Execute sasl server in the sasl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+#
+interface(`sasl_script_domtrans',`
+	gen_require(`
+		type saslauthd_script_exec_t;
+	')
+
+	init_script_domtrans_spec($1, saslauthd_script_exec_t)
+')
+
+########################################
+## <summary>
 ##	All of the rules required to administrate 
 ##	an sasl environment
 ## </summary>
@@ -34,14 +53,21 @@
 interface(`sasl_admin',`
 	gen_require(`
 		type saslauthd_t, saslauthd_tmp_t, saslauthd_var_run_t;
+		type saslauthd_script_exec_t;
 	')
 
 	allow $1 saslauthd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, saslauthd_t)
 	        
+	# Allow saslauthd_t to restart the apache service
+	saslauthd_script_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 saslauthd_script_exec_t system_r;
+	allow $2 system_r;
+
 	files_list_tmp($1)
-	manage_files_pattern($1, saslauthd_tmp_t, saslauthd_tmp_t)
+        admin_pattern($1, saslauthd_tmp_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t)
+        admin_pattern($1, saslauthd_var_run_t)
 ')
--- nsaserefpolicy/policy/modules/services/sasl.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/sasl.te	2008-08-14 13:53:54.000000000 -0400
@@ -23,6 +23,9 @@
 type saslauthd_var_run_t;
 files_pid_file(saslauthd_var_run_t)
 
+type sasl_script_exec_t;
+init_script_type(sasl_script_exec_t)
+
 ########################################
 #
 # Local policy
@@ -99,7 +102,7 @@
 ')
 
 optional_policy(`
-	kerberos_read_keytab(saslauthd_t)
+	kerberos_keytab_template(saslauthd, saslauthd_t)
 ')
 
 optional_policy(`
@@ -108,6 +111,10 @@
 ')
 
 optional_policy(`
+	nis_authenticate(saslauthd_t)
+')
+
+optional_policy(`
 	seutil_sigchld_newrole(saslauthd_t)
 ')