diff --git a/policy/modules/services/dovecot.fc b/policy/modules/services/dovecot.fc
index 70189107..b6de818a 100644
--- a/policy/modules/services/dovecot.fc
+++ b/policy/modules/services/dovecot.fc
@@ -6,6 +6,7 @@
 /etc/dovecot\.passwd.*			gen_context(system_u:object_r:dovecot_passwd_t,s0)
 
 /etc/pki/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_cert_t,s0)
+/etc/rc\.d/init\.d/dovecot	--	gen_context(system_u:object_r:dovecot_initrc_exec_t,s0)
 
 #
 # /usr
@@ -16,20 +17,23 @@
 /usr/share/ssl/private/dovecot\.pem --	gen_context(system_u:object_r:dovecot_cert_t,s0)
 
 ifdef(`distro_debian', `
-/usr/lib/dovecot/dovecot-auth 	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+/usr/lib/dovecot/dovecot-auth	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+/usr/lib/dovecot/deliver	--	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
 ')
 
 ifdef(`distro_redhat', `
 /usr/libexec/dovecot/dovecot-auth --	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+/usr/libexec/dovecot/deliver --	gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
 ')
 
 #
 # /var
 #
 /var/run/dovecot(-login)?(/.*)?		gen_context(system_u:object_r:dovecot_var_run_t,s0)
-# this is a hard link to /var/lib/dovecot/ssl-parameters.dat
-/var/run/dovecot/login/ssl-parameters.dat	gen_context(system_u:object_r:dovecot_var_lib_t,s0)
+/var/run/dovecot/login/ssl-parameters.dat -- gen_context(system_u:object_r:dovecot_var_lib_t,s0)
 
 /var/lib/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_var_lib_t,s0)
 
+/var/log/dovecot\.log.*			gen_context(system_u:object_r:dovecot_var_log_t,s0)
+
 /var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
diff --git a/policy/modules/services/dovecot.if b/policy/modules/services/dovecot.if
index 7771a8f2..93eeef5a 100644
--- a/policy/modules/services/dovecot.if
+++ b/policy/modules/services/dovecot.if
@@ -1,5 +1,42 @@
 ## <summary>Dovecot POP and IMAP mail server</summary>
 
+########################################
+## <summary>
+##	Connect to dovecot auth unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`dovecot_stream_connect_auth',`
+	gen_require(`
+		type dovecot_auth_t, dovecot_var_run_t;
+	')
+
+	stream_connect_pattern($1, dovecot_var_run_t, dovecot_var_run_t, dovecot_auth_t)
+')
+
+########################################
+## <summary>
+##	Execute dovecot_deliver in the dovecot_deliver domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dovecot_domtrans_deliver',`
+	gen_require(`
+		type dovecot_deliver_t, dovecot_deliver_exec_t;
+	')
+
+	domtrans_pattern($1, dovecot_deliver_exec_t, dovecot_deliver_t)
+')
+
 ########################################
 ## <summary>
 ##	Create, read, write, and delete the dovecot spool files.
@@ -36,3 +73,58 @@ interface(`dovecot_dontaudit_unlink_lib_files',`
 
 	dontaudit $1 dovecot_var_lib_t:file unlink;
 ')
+
+########################################
+## <summary>
+##	All of the rules required to administrate 
+##	an dovecot environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the dovecot domain.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`dovecot_admin',`
+	gen_require(`
+		type dovecot_t, dovecot_etc_t, dovecot_log_t;
+		type dovecot_spool_t, dovecot_var_lib_t;
+		type dovecot_var_run_t;
+
+		type dovecot_cert_t, dovecot_passwd_t;
+		type dovecot_initrc_exec_t;
+	')
+
+	allow $1 dovecot_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dovecot_t)
+
+	init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 dovecot_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	files_list_etc($1)
+	admin_pattern($1, dovecot_etc_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, dovecot_log_t)
+
+	files_list_spool($1)
+	admin_pattern($1, dovecot_spool_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, dovecot_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, dovecot_var_run_t)
+
+	admin_pattern($1, dovecot_cert_t)
+
+	admin_pattern($1, dovecot_passwd_t)
+')
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
index fd1eaef7..ccb421d7 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -1,5 +1,5 @@
 
-policy_module(dovecot, 1.10.2)
+policy_module(dovecot, 1.10.3)
 
 ########################################
 #
@@ -15,12 +15,24 @@ domain_type(dovecot_auth_t)
 domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
 role system_r types dovecot_auth_t;
 
+type dovecot_auth_tmp_t;
+files_tmp_file(dovecot_auth_tmp_t)
+
 type dovecot_cert_t;
 files_type(dovecot_cert_t)
 
+type dovecot_deliver_t;
+type dovecot_deliver_exec_t;
+domain_type(dovecot_deliver_t)
+domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t)
+role system_r types dovecot_deliver_t;
+
 type dovecot_etc_t;
 files_config_file(dovecot_etc_t)
 
+type dovecot_initrc_exec_t;
+init_script_file(dovecot_initrc_exec_t)
+
 type dovecot_passwd_t;
 files_type(dovecot_passwd_t)
 
@@ -31,6 +43,9 @@ files_type(dovecot_spool_t)
 type dovecot_var_lib_t;
 files_type(dovecot_var_lib_t) 
 
+type dovecot_var_log_t;
+logging_log_file(dovecot_var_log_t)
+
 type dovecot_var_run_t;
 files_pid_file(dovecot_var_run_t)
 
@@ -58,6 +73,9 @@ files_search_etc(dovecot_t)
 
 can_exec(dovecot_t, dovecot_exec_t)
 
+manage_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
+logging_log_filetrans(dovecot_t, dovecot_var_log_t, file)
+
 manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
 manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
 manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
@@ -98,7 +116,7 @@ files_search_tmp(dovecot_t)
 files_dontaudit_list_default(dovecot_t)
 # Dovecot now has quota support and it uses getmntent() to find the mountpoints.
 files_read_etc_runtime_files(dovecot_t)
-files_getattr_all_mountpoints(dovecot_t)
+files_search_all_mountpoints(dovecot_t)
 
 init_getattr_utmp(dovecot_t)
 
@@ -120,7 +138,7 @@ userdom_user_home_dir_filetrans_user_home_content(dovecot_t, { dir file lnk_file
 mta_manage_spool(dovecot_t)
 
 optional_policy(`
-	kerberos_use(dovecot_t)
+	kerberos_keytab_template(dovecot, dovecot_t)
 ')
 
 optional_policy(`
@@ -140,25 +158,35 @@ optional_policy(`
 # dovecot auth local policy
 #
 
-allow dovecot_auth_t self:capability { setgid setuid };
+allow dovecot_auth_t self:capability { chown dac_override setgid setuid };
 allow dovecot_auth_t self:process signal_perms;
 allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
 allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
 allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
 
-allow dovecot_auth_t dovecot_t:unix_stream_socket { getattr accept read write ioctl };
+allow dovecot_auth_t dovecot_t:unix_stream_socket { connectto rw_stream_socket_perms };
 
-allow dovecot_auth_t dovecot_passwd_t:file read_file_perms;
+read_files_pattern(dovecot_auth_t, dovecot_passwd_t, dovecot_passwd_t)
+
+manage_dirs_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
+manage_files_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
+files_tmp_filetrans(dovecot_auth_t, dovecot_auth_tmp_t, { file dir })
 
 # Allow dovecot to create and read SSL parameters file
 manage_files_pattern(dovecot_t, dovecot_var_lib_t, dovecot_var_lib_t)
 files_search_var_lib(dovecot_t)
+files_read_var_symlinks(dovecot_t)
 
 allow dovecot_auth_t dovecot_var_run_t:dir list_dir_perms;
+manage_sock_files_pattern(dovecot_auth_t, dovecot_var_run_t, dovecot_var_run_t)
+dovecot_stream_connect_auth(dovecot_auth_t)
 
 kernel_read_all_sysctls(dovecot_auth_t)
 kernel_read_system_state(dovecot_auth_t)
 
+logging_send_audit_msgs(dovecot_auth_t)
+logging_send_syslog_msg(dovecot_auth_t)
+
 dev_read_urand(dovecot_auth_t)
 
 auth_domtrans_chk_passwd(dovecot_auth_t)
@@ -167,6 +195,7 @@ auth_use_nsswitch(dovecot_auth_t)
 files_read_etc_files(dovecot_auth_t)
 files_read_etc_runtime_files(dovecot_auth_t)
 files_search_pids(dovecot_auth_t)
+files_read_usr_files(dovecot_auth_t)
 files_read_usr_symlinks(dovecot_auth_t)
 files_search_tmp(dovecot_auth_t)
 files_read_var_lib_files(dovecot_t)
@@ -182,5 +211,52 @@ optional_policy(`
 ')
 
 optional_policy(`
-	logging_send_syslog_msg(dovecot_auth_t)
+	mysql_search_db(dovecot_auth_t)
+	mysql_stream_connect(dovecot_auth_t)
+')
+
+optional_policy(`
+	nis_authenticate(dovecot_auth_t)
+')
+
+optional_policy(`
+	postfix_search_spool(dovecot_auth_t)
+')
+
+########################################
+#
+# dovecot deliver local policy
+#
+allow dovecot_deliver_t self:unix_dgram_socket create_socket_perms;
+
+allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
+allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
+
+kernel_read_all_sysctls(dovecot_deliver_t)
+kernel_read_system_state(dovecot_deliver_t)
+
+files_read_etc_files(dovecot_deliver_t)
+files_read_etc_runtime_files(dovecot_deliver_t)
+
+auth_use_nsswitch(dovecot_deliver_t)
+
+logging_send_syslog_msg(dovecot_deliver_t)
+
+miscfiles_read_localization(dovecot_deliver_t)
+
+dovecot_stream_connect_auth(dovecot_deliver_t)
+
+files_search_tmp(dovecot_deliver_t)
+
+fs_getattr_all_fs(dovecot_deliver_t)
+
+userdom_manage_user_home_content_dirs(dovecot_deliver_t)
+userdom_manage_user_home_content_files(dovecot_deliver_t)
+userdom_manage_user_home_content_symlinks(dovecot_deliver_t)
+userdom_manage_user_home_content_pipes(dovecot_deliver_t)
+userdom_manage_user_home_content_sockets(dovecot_deliver_t)
+userdom_user_home_dir_filetrans_user_home_content(dovecot_deliver_t, { dir file lnk_file fifo_file sock_file })
+
+optional_policy(`
+	mta_manage_spool(dovecot_deliver_t)
 ')
diff --git a/policy/modules/services/kerneloops.if b/policy/modules/services/kerneloops.if
index e46f7812..29f8c163 100644
--- a/policy/modules/services/kerneloops.if
+++ b/policy/modules/services/kerneloops.if
@@ -61,6 +61,25 @@ interface(`kerneloops_dontaudit_dbus_chat',`
 	dontaudit kerneloops_t $1:dbus send_msg;
 ')
 
+########################################
+## <summary>
+##	Allow domain to manage kerneloops tmp files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`kerneloops_manage_tmp_files',`
+	gen_require(`
+		type kerneloops_tmp_t;
+	')
+
+	manage_files_pattern($1, kerneloops_tmp_t, kerneloops_tmp_t)
+	files_search_tmp($1)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to administrate 
@@ -81,6 +100,7 @@ interface(`kerneloops_dontaudit_dbus_chat',`
 interface(`kerneloops_admin',`
 	gen_require(`
 		type kerneloops_t, kerneloops_initrc_exec_t;
+		type kerneloops_tmp_t;
 	')
 
 	allow $1 kerneloops_t:process { ptrace signal_perms };
@@ -90,4 +110,6 @@ interface(`kerneloops_admin',`
 	domain_system_change_exemption($1)
 	role_transition $2 kerneloops_initrc_exec_t system_r;
 	allow $2 system_r;
+
+	admin_pattern($1, kerneloops_tmp_t)
 ')
diff --git a/policy/modules/services/kerneloops.te b/policy/modules/services/kerneloops.te
index 22edce7c..36633ea2 100644
--- a/policy/modules/services/kerneloops.te
+++ b/policy/modules/services/kerneloops.te
@@ -1,5 +1,5 @@
 
-policy_module(kerneloops, 1.2.2)
+policy_module(kerneloops, 1.2.3)
 
 ########################################
 #
@@ -13,6 +13,9 @@ init_daemon_domain(kerneloops_t, kerneloops_exec_t)
 type kerneloops_initrc_exec_t;
 init_script_file(kerneloops_initrc_exec_t)
 
+type kerneloops_tmp_t;
+files_tmp_file(kerneloops_tmp_t)
+
 ########################################
 #
 # kerneloops local policy
@@ -21,7 +24,9 @@ init_script_file(kerneloops_initrc_exec_t)
 allow kerneloops_t self:capability sys_nice;
 allow kerneloops_t self:process { setsched getsched signal };
 allow kerneloops_t self:fifo_file rw_file_perms;
-allow kerneloops_t self:netlink_route_socket r_netlink_socket_perms;
+
+manage_files_pattern(kerneloops_t, kerneloops_tmp_t, kerneloops_tmp_t)
+files_tmp_filetrans(kerneloops_t, kerneloops_tmp_t, file)
 
 kernel_read_ring_buffer(kerneloops_t)
 
@@ -38,13 +43,13 @@ corenet_tcp_connect_http_port(kerneloops_t)
 
 files_read_etc_files(kerneloops_t)
 
+auth_use_nsswitch(kerneloops_t)
+
 logging_send_syslog_msg(kerneloops_t)
 logging_read_generic_logs(kerneloops_t)
 
 miscfiles_read_localization(kerneloops_t)
 
-sysnet_dns_name_resolve(kerneloops_t)
-
 optional_policy(`
 	dbus_system_bus_client(kerneloops_t)
 	dbus_connect_system_bus(kerneloops_t)
diff --git a/policy/modules/services/nscd.fc b/policy/modules/services/nscd.fc
index 1f8489b2..bc6e39cf 100644
--- a/policy/modules/services/nscd.fc
+++ b/policy/modules/services/nscd.fc
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
 
 /usr/sbin/nscd		--	gen_context(system_u:object_r:nscd_exec_t,s0)
 
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
index 5cef4f75..3b5d2a18 100644
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@@ -18,6 +18,42 @@ interface(`nscd_signal',`
 	allow $1 nscd_t:process signal;
 ')
 
+########################################
+## <summary>
+##	Send NSCD the kill signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`nscd_kill',`
+	gen_require(`
+		type nscd_t;
+	')
+
+	allow $1 nscd_t:process sigkill;
+')
+
+########################################
+## <summary>
+##	Send signulls to NSCD.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`nscd_signull',`
+	gen_require(`
+		type nscd_t;
+	')
+
+	allow $1 nscd_t:process signull;
+')
+
 ########################################
 ## <summary>
 ##	Execute NSCD in the nscd domain.
@@ -70,15 +106,14 @@ interface(`nscd_exec',`
 interface(`nscd_socket_use',`
 	gen_require(`
 		type nscd_t, nscd_var_run_t;
-		class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
+		class nscd { getserv getpwd getgrp gethost shmempwd shmemgrp shmemhost shmemserv };
 	')
 
 	allow $1 self:unix_stream_socket create_socket_perms;
 
 	allow $1 nscd_t:nscd { getpwd getgrp gethost };
 	dontaudit $1 nscd_t:fd use;
-	dontaudit $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
-
+	dontaudit $1 nscd_t:nscd { getserv shmempwd shmemgrp shmemhost shmemserv };
 	files_search_pids($1)
 	stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
 	dontaudit $1 nscd_var_run_t:file { getattr read };
@@ -198,3 +233,41 @@ interface(`nscd_run',`
 	nscd_domtrans($1)
 	role $2 types nscd_t;
 ')
+
+########################################
+## <summary>
+##	All of the rules required to administrate 
+##	an nscd environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the nscd domain.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`nscd_admin',`
+	gen_require(`
+		type nscd_t, nscd_log_t, nscd_var_run_t;
+		type nscd_initrc_exec_t;
+	')
+
+	allow $1 nscd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, nscd_t)
+
+	init_labeled_script_domtrans($1, nscd_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 nscd_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	logging_list_logs($1)
+	admin_pattern($1, nscd_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, nscd_var_run_t)
+')
diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te
index b5351afa..090a2e6d 100644
--- a/policy/modules/services/nscd.te
+++ b/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
 
-policy_module(nscd, 1.8.2)
+policy_module(nscd, 1.8.3)
 
 gen_require(`
 	class nscd all_nscd_perms;
@@ -20,6 +20,9 @@ type nscd_t;
 type nscd_exec_t;
 init_daemon_domain(nscd_t, nscd_exec_t)
 
+type nscd_initrc_exec_t;
+init_script_file(nscd_initrc_exec_t)
+
 type nscd_log_t;
 logging_log_file(nscd_log_t)
 
@@ -28,14 +31,13 @@ logging_log_file(nscd_log_t)
 # Local policy
 #
 
-allow nscd_t self:capability { kill setgid setuid audit_write };
+allow nscd_t self:capability { kill setgid setuid };
 dontaudit nscd_t self:capability sys_tty_config;
-allow nscd_t self:process { getattr setsched signal_perms };
+allow nscd_t self:process { getattr getcap setcap setsched signal_perms };
 allow nscd_t self:fifo_file read_fifo_file_perms;
 allow nscd_t self:unix_stream_socket create_stream_socket_perms;
 allow nscd_t self:unix_dgram_socket create_socket_perms;
 allow nscd_t self:netlink_selinux_socket create_socket_perms;
-allow nscd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
 allow nscd_t self:tcp_socket create_socket_perms;
 allow nscd_t self:udp_socket create_socket_perms;
 
@@ -50,6 +52,9 @@ manage_files_pattern(nscd_t, nscd_var_run_t, nscd_var_run_t)
 manage_sock_files_pattern(nscd_t, nscd_var_run_t, nscd_var_run_t)
 files_pid_filetrans(nscd_t, nscd_var_run_t, { file sock_file })
 
+corecmd_search_bin(nscd_t)
+can_exec(nscd_t, nscd_exec_t)
+
 kernel_read_kernel_sysctls(nscd_t)
 kernel_list_proc(nscd_t)
 kernel_read_proc_symlinks(nscd_t)
@@ -73,6 +78,7 @@ corenet_tcp_sendrecv_generic_node(nscd_t)
 corenet_udp_sendrecv_generic_node(nscd_t)
 corenet_tcp_sendrecv_all_ports(nscd_t)
 corenet_udp_sendrecv_all_ports(nscd_t)
+corenet_udp_bind_generic_node(nscd_t)
 corenet_tcp_connect_all_ports(nscd_t)
 corenet_sendrecv_all_client_packets(nscd_t)
 corenet_rw_tun_tap_dev(nscd_t)
@@ -90,6 +96,7 @@ files_read_generic_tmp_symlinks(nscd_t)
 # Needed to read files created by firstboot "/etc/hesiod.conf"
 files_read_etc_runtime_files(nscd_t)
 
+logging_send_audit_msgs(nscd_t)
 logging_send_syslog_msg(nscd_t)
 
 miscfiles_read_localization(nscd_t)
@@ -104,6 +111,14 @@ userdom_dontaudit_use_user_terminals(nscd_t)
 userdom_dontaudit_use_unpriv_user_fds(nscd_t)
 userdom_dontaudit_search_user_home_dirs(nscd_t)
 
+optional_policy(`
+	cron_read_system_job_tmp_files(nscd_t)
+')
+
+optional_policy(`
+	kerberos_use(nscd_t)
+')
+
 optional_policy(`
 	udev_read_db(nscd_t)
 ')