diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index c229d0ce..1e97afa2 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Fix errors uncovered by sediff.
+
 * Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
 - Make logrotate, sendmail, sshd, and rpm policies
   unconfined in the targeted policy so no special
diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te
index 016682cb..209d29ce 100644
--- a/refpolicy/policy/modules/admin/consoletype.te
+++ b/refpolicy/policy/modules/admin/consoletype.te
@@ -49,6 +49,7 @@ init_use_script_fd(consoletype_t)
 domain_use_wide_inherit_fd(consoletype_t)
 
 files_dontaudit_read_root_file(consoletype_t)
+files_list_usr(consoletype_t)
 
 libs_use_ld_so(consoletype_t)
 libs_use_shared_libs(consoletype_t)
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index 472a313d..8b2a7c6e 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -295,6 +295,22 @@ interface(`bootloader_create_runtime_file',`
 	type_transition $1 boot_t:file boot_runtime_t;
 ')
 
+########################################
+## <summary>
+##	Search the contents of the kernel module directories.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`bootloader_search_kernel_modules',`
+	gen_require(`
+		type modules_object_t;
+	')
+
+	allow $1 modules_object_t:dir search;
+')
+
 ########################################
 ## <summary>
 ##	List the contents of the kernel module directories.
@@ -306,7 +322,6 @@ interface(`bootloader_create_runtime_file',`
 interface(`bootloader_list_kernel_modules',`
 	gen_require(`
 		type modules_object_t;
-		class dir r_dir_perms;
 	')
 
 	allow $1 modules_object_t:dir r_dir_perms;
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index dfc6cdef..5914abe7 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -120,6 +120,7 @@ domain_exec_all_entry_files(bootloader_t)
 domain_use_wide_inherit_fd(bootloader_t)
 
 files_read_etc_files(bootloader_t)
+files_exec_etc_files(bootloader_t)
 files_read_etc_runtime_files(bootloader_t)
 files_read_usr_src_files(bootloader_t)
 files_read_usr_files(bootloader_t)
@@ -135,6 +136,7 @@ init_rw_script_pipe(bootloader_t)
 libs_use_ld_so(bootloader_t)
 libs_use_shared_libs(bootloader_t)
 libs_read_lib(bootloader_t)
+libs_exec_lib_files(bootloader_t)
 
 logging_send_syslog_msg(bootloader_t)
 logging_rw_generic_logs(bootloader_t)
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 3d5f28ef..cfdc3534 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -28,7 +28,7 @@ allow comsat_t self:dir search;
 allow comsat_t self:fifo_file rw_file_perms;
 allow comsat_t self:{ lnk_file file } { getattr read };
 allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow comsat_t self:tcp_socket create_stream_socket_perms;
+allow comsat_t self:tcp_socket connected_stream_socket_perms;
 
 allow comsat_t comsat_tmp_t:dir create_dir_perms;
 allow comsat_t comsat_tmp_t:file create_file_perms;
@@ -41,18 +41,21 @@ kernel_read_kernel_sysctl(comsat_t)
 kernel_read_network_state(comsat_t)
 kernel_read_system_state(comsat_t)
 
-corenet_raw_sendrecv_all_if(comsat_t)
 corenet_tcp_sendrecv_all_if(comsat_t)
-corenet_raw_sendrecv_all_nodes(comsat_t)
+corenet_udp_sendrecv_all_if(comsat_t)
+corenet_raw_sendrecv_all_if(comsat_t)
 corenet_tcp_sendrecv_all_nodes(comsat_t)
-corenet_tcp_bind_all_nodes(comsat_t)
+corenet_udp_sendrecv_all_nodes(comsat_t)
+corenet_raw_sendrecv_all_nodes(comsat_t)
 corenet_tcp_sendrecv_all_ports(comsat_t)
+corenet_tcp_bind_all_nodes(comsat_t)
 
 dev_read_urand(comsat_t)
 
 fs_getattr_xattr_fs(comsat_t)
 
 files_read_etc_files(comsat_t)
+files_list_usr(comsat_t)
 files_search_spool(comsat_t)
 files_search_home(comsat_t)
 
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index 6689e658..7c6c2b10 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -182,7 +182,7 @@ template(`cron_per_userdomain_template',`
 	allow $2 $1_crontab_t:process signal;
 
 	# Allow crond to read those crontabs in cron spool.
-	allow crond_t $1_cron_spool_t:file r_file_perms;
+	allow crond_t $1_cron_spool_t:file create_file_perms;
 
 	# dac_override is to create the file in the directory under /tmp
 	allow $1_crontab_t self:capability { setuid setgid chown dac_override };
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index dc4f7baf..da383692 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -51,10 +51,10 @@ files_tmp_file(system_crond_tmp_t)
 # Cron Local policy
 #
 
-allow crond_t self:capability { dac_override setgid setuid net_bind_service sys_nice };
+allow crond_t self:capability { dac_override setgid setuid sys_nice dac_read_search };
 dontaudit crond_t self:capability { sys_resource sys_tty_config };
 allow crond_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow crond_t self:process setexec;
+allow crond_t self:process { setexec setfscreate };
 allow crond_t self:fd use;
 allow crond_t self:fifo_file rw_file_perms;
 allow crond_t self:unix_dgram_socket create_socket_perms;
@@ -73,7 +73,7 @@ allow crond_t crond_tmp_t:dir create_dir_perms;
 allow crond_t crond_tmp_t:file create_file_perms;
 files_create_tmp_files(crond_t, crond_tmp_t, { file dir })
 
-allow crond_t cron_spool_t:dir r_dir_perms;
+allow crond_t cron_spool_t:dir rw_dir_perms;
 allow crond_t cron_spool_t:file r_file_perms;
 allow crond_t system_cron_spool_t:dir r_dir_perms;
 allow crond_t system_cron_spool_t:file r_file_perms;
@@ -104,6 +104,7 @@ domain_use_wide_inherit_fd(crond_t)
 
 files_read_etc_files(crond_t)
 files_read_generic_spools(crond_t)
+files_list_usr(crond_t)
 # Read from /var/spool/cron.
 files_search_var_lib(crond_t)
 files_search_default(crond_t)
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index 0c483ca0..62a990f8 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -25,6 +25,7 @@ files_pid_file(dhcpd_var_run_t)
 #
 
 dontaudit dhcpd_t self:capability { net_admin sys_tty_config };
+allow dhcpd_t self:process signal_perms;
 allow dhcpd_t self:fifo_file { read write getattr };
 allow dhcpd_t self:unix_dgram_socket create_socket_perms;
 allow dhcpd_t self:unix_stream_socket create_socket_perms;
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 2b34fa7c..8e443cff 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -42,6 +42,7 @@ files_tmp_file(lvm_tmp_t)
 #
 
 dontaudit clvmd_t self:capability sys_tty_config;
+allow clvmd_t self:process signal_perms;
 allow clvmd_t self:socket create_socket_perms;
 allow clvmd_t self:fifo_file { read write };
 allow clvmd_t self:unix_stream_socket { connectto create_stream_socket_perms };
@@ -78,6 +79,8 @@ term_dontaudit_use_console(clvmd_t)
 
 domain_use_wide_inherit_fd(clvmd_t)
 
+files_list_usr(clvmd_t)
+
 init_use_fd(clvmd_t)
 init_use_script_pty(clvmd_t)
 
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index cdf9e8b0..9d40ca42 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -171,6 +171,7 @@ init_use_script_pty(depmod_t)
 files_read_etc_runtime_files(depmod_t)
 files_read_etc_files(depmod_t)
 files_read_usr_src_files(depmod_t)
+files_list_usr(depmod_t)
 
 libs_use_ld_so(depmod_t)
 libs_use_shared_libs(depmod_t)
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 96f4d051..25aef616 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -52,6 +52,8 @@ kernel_list_proc(cardmgr_t)
 kernel_read_proc_symlinks(cardmgr_t)
 kernel_dontaudit_getattr_message_if(cardmgr_t)
 
+bootloader_search_kernel_modules(cardmgr_t)
+
 dev_read_sysfs(cardmgr_t)
 dev_getattr_all_chr_files(cardmgr_t)
 dev_getattr_all_blk_files(cardmgr_t)
@@ -79,6 +81,7 @@ domain_dontaudit_ptrace_confined_domains(cardmgr_t)
 domain_dontaudit_getattr_all_unnamed_pipes(cardmgr_t)
 domain_dontaudit_getattr_all_sockets(cardmgr_t)
 
+files_list_usr(cardmgr_t)
 files_search_home(cardmgr_t)
 files_read_etc_runtime_files(cardmgr_t)
 files_exec_etc_files(cardmgr_t)
@@ -104,6 +107,8 @@ logging_send_syslog_msg(cardmgr_t)
 
 miscfiles_read_localization(cardmgr_t)
 
+modutils_domtrans_insmod(cardmgr_t)
+
 sysnet_domtrans_ifconfig(cardmgr_t)
 # for /etc/resolv.conf
 sysnet_create_config(cardmgr_t)
@@ -126,6 +131,7 @@ optional_policy(`sysnetwork.te',`
 	sysnet_domtrans_dhcpc(cardmgr_t)
 
 	sysnet_read_dhcpc_pid(cardmgr_t)
+	sysnet_delete_dhcpc_pid(cardmgr_t)
 	sysnet_kill_dhcpc(cardmgr_t)
 	sysnet_sigchld_dhcpc(cardmgr_t)
 	sysnet_signal_dhcpc(cardmgr_t)
@@ -138,12 +144,6 @@ optional_policy(`udev.te', `
 ')
 
 ifdef(`TODO',`
-allow cardmgr_t modules_object_t:dir search;
-
-ifdef(`dhcpc.te',`
-allow cardmgr_t dhcpc_var_run_t:file unlink;
-')
-
 # Create device files in /tmp.
 # cjp: why is this created all over the place?
 file_type_auto_trans(cardmgr_t, { var_run_t cardmgr_var_run_t device_t tmp_t }, cardmgr_dev_t, { blk_file chr_file })
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index ea798ea5..2ef6a3c2 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -125,6 +125,7 @@ term_use_console(checkpolicy_t)
 
 domain_use_wide_inherit_fd(checkpolicy_t)
 
+files_list_usr(checkpolicy_t)
 # directory search permissions for path to source and binary policy files
 files_search_etc(checkpolicy_t)
 
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 47293bb2..5e3a4c87 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -11,9 +11,6 @@
 interface(`sysnet_domtrans_dhcpc',`
 	gen_require(`
 		type dhcpc_t, dhcpc_exec_t;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
 	')
 
 	corecmd_search_sbin($1)
@@ -61,7 +58,6 @@ interface(`sysnet_run_dhcpc',`
 interface(`sysnet_sigchld_dhcpc',`
 	gen_require(`
 		type dhcpc_t;
-		class process sigchld;
 	')
 
 	allow $1 dhcpc_t:process sigchld;
@@ -78,7 +74,6 @@ interface(`sysnet_sigchld_dhcpc',`
 interface(`sysnet_kill_dhcpc',`
 	gen_require(`
 		type dhcpc_t;
-		class process sigkill;
 	')
 
 	allow $1 dhcpc_t:process sigkill;
@@ -95,7 +90,6 @@ interface(`sysnet_kill_dhcpc',`
 interface(`sysnet_sigstop_dhcpc',`
 	gen_require(`
 		type dhcpc_t;
-		class process sigstop;
 	')
 
 	allow $1 dhcpc_t:process sigstop;
@@ -112,7 +106,6 @@ interface(`sysnet_sigstop_dhcpc',`
 interface(`sysnet_signull_dhcpc',`
 	gen_require(`
 		type dhcpc_t;
-		class process signull;
 	')
 
 	allow $1 dhcpc_t:process signull;
@@ -129,7 +122,6 @@ interface(`sysnet_signull_dhcpc',`
 interface(`sysnet_signal_dhcpc',`
 	gen_require(`
 		type dhcpc_t;
-		class process signal;
 	')
 
 	allow $1 dhcpc_t:process signal;
@@ -146,7 +138,6 @@ interface(`sysnet_signal_dhcpc',`
 interface(`sysnet_rw_dhcp_config',`
 	gen_require(`
 		type dhcp_etc_t;
-		class file { getattr read };
 	')
 
 	files_search_etc($1)
@@ -164,7 +155,6 @@ interface(`sysnet_rw_dhcp_config',`
 interface(`sysnet_read_dhcpc_state',`
 	gen_require(`
 		type dhcpc_state_t;
-		class file { getattr read };
 	')
 
 	allow $1 dhcpc_state_t:file { getattr read };
@@ -181,7 +171,6 @@ interface(`sysnet_read_dhcpc_state',`
 interface(`sysnet_read_config',`
 	gen_require(`
 		type net_conf_t;
-		class file r_file_perms;
 	')
 
 	files_search_etc($1)
@@ -200,7 +189,6 @@ interface(`sysnet_read_config',`
 interface(`sysnet_create_config',`
 	gen_require(`
 		type net_conf_t;
-		class file create_file_perms;
 	')
 
 	files_create_etc_config($1,net_conf_t,file)
@@ -217,7 +205,6 @@ interface(`sysnet_create_config',`
 interface(`sysnet_manage_config',`
 	gen_require(`
 		type net_conf_t;
-		class file create_file_perms;
 	')
 
 	allow $1 net_conf_t:file create_file_perms;
@@ -234,13 +221,28 @@ interface(`sysnet_manage_config',`
 interface(`sysnet_read_dhcpc_pid',`
 	gen_require(`
 		type dhcpc_var_run_t;
-		class file { getattr read };
 	')
 
 	files_list_pids($1)
 	allow $1 dhcpc_var_run_t:file { getattr read };
 ')
 
+#######################################
+## <summary>
+##	Delete the dhcp client pid file.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`sysnet_delete_dhcpc_pid',`
+	gen_require(`
+		type dhcpc_var_run_t;
+	')
+
+	allow $1 dhcpc_var_run_t:file unlink;
+')
+
 #######################################
 ## <summary>
 ##	Execute ifconfig in the ifconfig domain.
@@ -336,7 +338,6 @@ interface(`sysnet_read_dhcp_config',`
 interface(`sysnet_search_dhcp_state',`
 	gen_require(`
 		type dhcp_state_t;
-		class dir search;
 	')
 
 	files_search_var_lib($1)
@@ -370,7 +371,6 @@ interface(`sysnet_search_dhcp_state',`
 interface(`sysnet_create_dhcp_state',`
 	gen_require(`
 		type dhcp_state_t;
-		class dir rw_dir_perms;
 	')
 
 	files_search_var_lib($1)
@@ -393,7 +393,6 @@ interface(`sysnet_create_dhcp_state',`
 interface(`sysnet_dns_name_resolve',`
 	gen_require(`
 		type net_conf_t;
-		class udp_socket create_socket_perms;
 	')
 
 	allow $1 self:udp_socket create_socket_perms;
@@ -419,7 +418,6 @@ interface(`sysnet_dns_name_resolve',`
 interface(`sysnet_use_ldap',`
 	gen_require(`
 		type net_conf_t;
-		class tcp_socket create_socket_perms;
 	')		
 
 	allow $1 self:tcp_socket create_socket_perms;
@@ -447,8 +445,6 @@ interface(`sysnet_use_ldap',`
 interface(`sysnet_use_portmap',`
 	gen_require(`
 		type net_conf_t;
-		class tcp_socket create_socket_perms;
-		class udp_socket create_socket_perms;
 	')		
 
 	allow $1 self:tcp_socket create_socket_perms;
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 47904423..75715b6f 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -45,12 +45,12 @@ allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_s
 dontaudit dhcpc_t self:capability sys_tty_config;
 # for access("/etc/bashrc", X_OK) on Red Hat
 dontaudit dhcpc_t self:capability { dac_read_search sys_module };
-
-allow dhcpc_t self:tcp_socket create_socket_perms;
+allow dhcpc_t self:process signal_perms;
+allow dhcpc_t self:fifo_file rw_file_perms;
+allow dhcpc_t self:tcp_socket create_stream_socket_perms;
 allow dhcpc_t self:udp_socket create_socket_perms;
 allow dhcpc_t self:packet_socket create_socket_perms;
 allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
-allow dhcpc_t self:fifo_file rw_file_perms;
 
 allow dhcpc_t dhcp_etc_t:dir r_dir_perms;
 allow dhcpc_t dhcp_etc_t:lnk_file r_file_perms;