--- nsaserefpolicy/policy/modules/services/zabbix.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/zabbix.fc	2008-08-14 13:53:54.000000000 -0400
@@ -3,3 +3,5 @@
 /var/log/zabbix(/.*)?		gen_context(system_u:object_r:zabbix_log_t,s0)
 
 /var/run/zabbix(/.*)?		gen_context(system_u:object_r:zabbix_var_run_t,s0)
+
+/etc/rc\.d/init\.d/zabbix	--	gen_context(system_u:object_r:zabbix_script_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/zabbix.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/zabbix.if	2008-08-14 13:53:54.000000000 -0400
@@ -79,6 +79,25 @@
 
 ########################################
 ## <summary>
+##	Execute zabbix server in the zabbix domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+#
+interface(`zabbix_script_domtrans',`
+	gen_require(`
+		type zabbix_script_exec_t;
+	')
+
+	init_script_domtrans_spec($1, zabbix_script_exec_t)
+')
+
+########################################
+## <summary>
 ##	All of the rules required to administrate 
 ##	an zabbix environment
 ## </summary>
@@ -92,14 +111,21 @@
 interface(`zabbix_admin',`
 	gen_require(`
 		type zabbix_t, zabbix_log_t, zabbix_var_run_t;
+		type zabbix_script_exec_t;
 	')
 
-	allow $1 zabbix_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, zabbix_t, zabbix_t)
+	allow $1 zabbix_t:process { ptrace signal_perms };
+	ps_process_pattern($2, zabbix_t)
+	        
+	# Allow zabbix_t to restart the apache service
+	zabbix_script_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 zabbix_script_exec_t system_r;
+	allow $2 system_r;
 	        
 	logging_list_logs($1)
-	manage_files_pattern($1, zabbix_log_t, zabbix_log_t)
+        admin_pattern($1, zabbix_log_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, zabbix_var_run_t, zabbix_var_run_t)
+        admin_pattern($1, zabbix_var_run_t)
 ')
--- nsaserefpolicy/policy/modules/services/zabbix.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/zabbix.te	2008-08-14 13:53:54.000000000 -0400
@@ -18,6 +18,9 @@
 type zabbix_var_run_t;
 files_pid_file(zabbix_var_run_t)
 
+type zabbix_script_exec_t;
+init_script_type(zabbix_script_exec_t)
+
 ########################################
 #
 # zabbix local policy