Index: /selinux/build/zephyr.fc
===================================================================
--- /selinux/build/zephyr.fc	(revision 90)
+++ /selinux/build/zephyr.fc	(revision 91)
@@ -1,2 +1,6 @@
+# Joe Presbrey
+# presbrey@mit.edu
+# 2006/1/15
+
 /usr/sbin/zhm           --      gen_context(system_u:object_r:zephyr_exec_t,s0)
 /usr/bin/zaway          --      gen_context(system_u:object_r:zephyr_bin_t,s0)
Index: /selinux/build/zephyr.if
===================================================================
--- /selinux/build/zephyr.if	(revision 90)
+++ /selinux/build/zephyr.if	(revision 91)
@@ -1,2 +1,6 @@
+# Joe Presbrey
+# presbrey@mit.edu
+# 2006/1/15
+
 interface(`zephyr_domtrans',`
         gen_requires(`
@@ -14,10 +18,8 @@
 template(`zephyr_access',`
         require {
-#                type krb5_conf_t;
                 type zephyr_t, zephyr_bin_t;
         }
 
         allow $1 zephyr_t:udp_socket { read write };
-#        allow $1 krb5_conf_t:file read;
         can_exec($1, zephyr_t)
         can_exec($1, zephyr_bin_t)
Index: /selinux/build/zephyr.te
===================================================================
--- /selinux/build/zephyr.te	(revision 90)
+++ /selinux/build/zephyr.te	(revision 91)
@@ -1,2 +1,6 @@
+# Joe Presbrey
+# presbrey@mit.edu
+# 2006/1/15
+
 policy_module(zephyr,1.0.0)
 
@@ -10,9 +14,10 @@
 type zephyr_exec_t;
 domain_type(zephyr_t)
+corecmd_executable_file(zephyr_bin_t)
 init_daemon_domain(zephyr_t, zephyr_exec_t)
 
 ########################################
 #
-# AFS local policy
+# zephyr local policy
 
 files_read_etc_files(zephyr_t)
@@ -22,13 +27,10 @@
 miscfiles_read_localization(zephyr_t)
 
-# Init script handling
 init_use_fds(zephyr_t)
 init_use_script_ptys(zephyr_t)
 domain_use_interactive_fds(zephyr_t)
 term_use_console(zephyr_t)
-
-allow zephyr_t self:process setsched;
-allow zephyr_t self:capability { sys_admin sys_nice sys_tty_config};
-
+corenet_udp_bind_generic_port(zephyr_t)
+dev_read_urand(zephyr_t)
 sysnet_dns_name_resolve(zephyr_t)
 corenet_tcp_sendrecv_all_nodes(zephyr_t)
@@ -36,4 +38,6 @@
 corenet_tcp_sendrecv_all_ports(zephyr_t)
 corenet_udp_sendrecv_all_ports(zephyr_t)
+kerberos_use(zephyr_t)
 
-#allow zephyr_bin_t fs_t:filesystem associate;
+allow zephyr_t self:process setsched;
+allow zephyr_t self:capability { sys_admin sys_nice sys_tty_config };