--- nsaserefpolicy/policy/modules/services/smartmon.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/smartmon.fc	2008-08-14 13:53:54.000000000 -0400
@@ -8,3 +8,4 @@
 #
 /var/run/smartd\.pid	--	gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
 
+/etc/rc.d/init.d/smartd	--	gen_context(system_u:object_r:fsdaemon_script_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/smartmon.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/smartmon.if	2008-08-14 13:53:54.000000000 -0400
@@ -20,6 +20,25 @@
 
 ########################################
 ## <summary>
+##	Execute smartmon server in the smartmon domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+#
+interface(`smartmon_script_domtrans',`
+	gen_require(`
+		type fsdaemon_script_exec_t;
+	')
+
+	init_script_domtrans_spec($1, fsdaemon_script_exec_t)
+')
+
+########################################
+## <summary>
 ##	All of the rules required to administrate 
 ##	an smartmon environment
 ## </summary>
@@ -33,14 +52,21 @@
 interface(`smartmon_admin',`
 	gen_require(`
 		type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
+		type fsdaemon_script_exec_t;
 	')
 
 	allow $1 fsdaemon_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, fsdaemon_t)
 	        
+	# Allow fsdaemon_t to restart the apache service
+	fsdaemon_script_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 fsdaemon_script_exec_t system_r;
+	allow $2 system_r;
+
 	files_list_tmp($1)
-	manage_files_pattern($1, fsdaemon_tmp_t, fsdaemon_tmp_t)
+        admin_pattern($1, fsdaemon_tmp_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, fsdaemon_var_run_t, fsdaemon_var_run_t)
+        admin_pattern($1, fsdaemon_var_run_t)
 ')
--- nsaserefpolicy/policy/modules/services/smartmon.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/smartmon.te	2008-08-14 13:53:54.000000000 -0400
@@ -16,6 +16,10 @@
 type fsdaemon_tmp_t;
 files_tmp_file(fsdaemon_tmp_t)
 
+type fsdaemon_script_exec_t;
+init_script_type(fsdaemon_script_exec_t)
+typealias fsdaemon_script_exec_t alias smartmon_script_exec_t;
+
 ########################################
 #
 # Local policy
@@ -28,6 +32,7 @@
 allow fsdaemon_t self:unix_dgram_socket create_socket_perms;
 allow fsdaemon_t self:unix_stream_socket create_stream_socket_perms;
 allow fsdaemon_t self:udp_socket create_socket_perms;
+allow fsdaemon_t self:netlink_route_socket r_netlink_socket_perms;
 
 manage_dirs_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
 manage_files_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
@@ -62,6 +67,7 @@
 fs_search_auto_mountpoints(fsdaemon_t)
 
 mls_file_read_all_levels(fsdaemon_t)
+mls_file_write_all_levels(fsdaemon_t)
 
 storage_raw_read_fixed_disk(fsdaemon_t)
 storage_raw_write_fixed_disk(fsdaemon_t)
@@ -78,10 +84,9 @@
 
 miscfiles_read_localization(fsdaemon_t)
 
-sysnet_read_config(fsdaemon_t)
+sysnet_dns_name_resolve(fsdaemon_t)
 
 userdom_dontaudit_use_unpriv_user_fds(fsdaemon_t)
-
 sysadm_dontaudit_search_home_dirs(fsdaemon_t)
 
 optional_policy(`