diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 456d58ff..207c23f1 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Add unlabeled IPSEC association to domains with
+  networking permsiisions.
 - Merge systemuser back in to users, as these files
   do not need to be split.
 - Add check for duplicate interface/template definitions.
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index 5aacf1ba..496f2144 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -1,5 +1,5 @@
 
-policy_module(amanda,1.0)
+policy_module(amanda,1.0.1)
 
 #######################################
 #
@@ -132,10 +132,11 @@ corenet_raw_sendrecv_all_if(amanda_t)
 corenet_tcp_sendrecv_all_nodes(amanda_t)
 corenet_udp_sendrecv_all_nodes(amanda_t)
 corenet_raw_sendrecv_all_nodes(amanda_t)
-corenet_tcp_bind_all_nodes(amanda_t)
-corenet_udp_bind_all_nodes(amanda_t)
 corenet_tcp_sendrecv_all_ports(amanda_t)
 corenet_udp_sendrecv_all_ports(amanda_t)
+corenet_non_ipsec_sendrecv(amanda_t)
+corenet_tcp_bind_all_nodes(amanda_t)
+corenet_udp_bind_all_nodes(amanda_t)
 
 dev_getattr_all_blk_files(amanda_t)
 dev_getattr_all_chr_files(amanda_t)
@@ -221,6 +222,7 @@ corenet_udp_sendrecv_all_nodes(amanda_recover_t)
 corenet_raw_sendrecv_all_nodes(amanda_recover_t)
 corenet_tcp_sendrecv_all_ports(amanda_recover_t)
 corenet_udp_sendrecv_all_ports(amanda_recover_t)
+corenet_non_ipsec_sendrecv(amanda_recover_t)
 corenet_tcp_bind_all_nodes(amanda_recover_t)
 corenet_udp_bind_all_nodes(amanda_recover_t)
 corenet_tcp_connect_amanda_port(amanda_recover_t)
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index cd171a64..c5297110 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -1,5 +1,5 @@
 
-policy_module(firstboot,1.0)
+policy_module(firstboot,1.0.1)
 
 gen_require(`
 	class passwd rootok;
@@ -53,6 +53,7 @@ corenet_raw_sendrecv_all_if(firstboot_t)
 corenet_tcp_sendrecv_all_nodes(firstboot_t)
 corenet_raw_sendrecv_all_nodes(firstboot_t)
 corenet_tcp_sendrecv_all_ports(firstboot_t)
+corenet_non_ipsec_sendrecv(firstboot_t)
 corenet_tcp_bind_all_nodes(firstboot_t)
 
 dev_read_urand(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 3842a468..036be3b5 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -1,5 +1,5 @@
 
-policy_module(netutils,1.0)
+policy_module(netutils,1.0.1)
 
 ########################################
 #
@@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(netutils_t)
 corenet_udp_sendrecv_all_nodes(netutils_t)
 corenet_tcp_sendrecv_all_ports(netutils_t)
 corenet_udp_sendrecv_all_ports(netutils_t)
+corenet_non_ipsec_sendrecv(netutils_t)
 corenet_tcp_bind_all_nodes(netutils_t)
 corenet_udp_bind_all_nodes(netutils_t)
 corenet_tcp_connect_all_ports(netutils_t)
@@ -110,6 +111,7 @@ corenet_tcp_sendrecv_all_nodes(ping_t)
 corenet_udp_sendrecv_all_nodes(ping_t)
 corenet_tcp_sendrecv_all_ports(ping_t)
 corenet_udp_sendrecv_all_ports(ping_t)
+corenet_non_ipsec_sendrecv(ping_t)
 corenet_udp_bind_all_nodes(ping_t)
 corenet_tcp_bind_all_nodes(ping_t)
 
@@ -188,6 +190,7 @@ corenet_tcp_sendrecv_all_nodes(traceroute_t)
 corenet_udp_sendrecv_all_nodes(traceroute_t)
 corenet_tcp_sendrecv_all_ports(traceroute_t)
 corenet_udp_sendrecv_all_ports(traceroute_t)
+corenet_non_ipsec_sendrecv(traceroute_t)
 corenet_udp_bind_all_nodes(traceroute_t)
 corenet_tcp_bind_all_nodes(traceroute_t)
 # traceroute needs this but not tracepath
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 246c73f2..0a797441 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
 
-policy_module(rpm,1.0.2)
+policy_module(rpm,1.0.3)
 
 ########################################
 #
@@ -104,6 +104,7 @@ corenet_raw_sendrecv_all_nodes(rpm_t)
 corenet_udp_sendrecv_all_nodes(rpm_t)
 corenet_tcp_sendrecv_all_ports(rpm_t)
 corenet_udp_sendrecv_all_ports(rpm_t)
+corenet_non_ipsec_sendrecv(rpm_t)
 corenet_tcp_bind_all_nodes(rpm_t)
 corenet_udp_bind_all_nodes(rpm_t)
 corenet_tcp_connect_all_ports(rpm_t)
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index 832d64d9..0dc9382b 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(vpnc_t)
 corenet_raw_sendrecv_all_nodes(vpnc_t)
 corenet_tcp_sendrecv_all_ports(vpnc_t)
 corenet_udp_sendrecv_all_ports(vpnc_t)
+corenet_non_ipsec_sendrecv(vpnc_t)
 corenet_tcp_bind_all_nodes(vpnc_t)
 corenet_udp_bind_all_nodes(vpnc_t)
 corenet_udp_bind_generic_port(vpnc_t)
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 50e1b427..3495ef02 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -99,6 +99,7 @@ template(`gpg_per_userdomain_template',`
 	corenet_udp_sendrecv_all_nodes($1_gpg_t)
 	corenet_tcp_sendrecv_all_ports($1_gpg_t)
 	corenet_udp_sendrecv_all_ports($1_gpg_t)
+	corenet_non_ipsec_sendrecv($1_gpg_t)
 	corenet_tcp_bind_all_nodes($1_gpg_t)
 	corenet_udp_bind_all_nodes($1_gpg_t)
 	corenet_tcp_connect_all_ports($1_gpg_t)
@@ -179,6 +180,7 @@ template(`gpg_per_userdomain_template',`
 	corenet_raw_sendrecv_all_nodes($1_gpg_helper_t)
 	corenet_tcp_sendrecv_all_ports($1_gpg_helper_t)
 	corenet_udp_sendrecv_all_ports($1_gpg_helper_t)
+	corenet_non_ipsec_sendrecv($1_gpg_helper_t)
 	corenet_tcp_bind_all_nodes($1_gpg_helper_t)
 	corenet_udp_bind_all_nodes($1_gpg_helper_t)
 	corenet_tcp_connect_all_ports($1_gpg_helper_t)
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index 80dcd430..7180ce74 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -1,5 +1,5 @@
 
-policy_module(webalizer,1.0.1)
+policy_module(webalizer,1.0.2)
 
 ########################################
 #
@@ -67,6 +67,7 @@ corenet_tcp_sendrecv_all_nodes(webalizer_t)
 corenet_raw_sendrecv_all_nodes(webalizer_t)
 corenet_tcp_sendrecv_all_ports(webalizer_t)
 corenet_udp_sendrecv_all_ports(webalizer_t)
+corenet_non_ipsec_sendrecv(webalizer_t)
 corenet_tcp_bind_all_nodes(webalizer_t)
 corenet_udp_bind_all_nodes(webalizer_t)
 
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index bd845e44..680714a9 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1039,6 +1039,20 @@ interface(`corenet_use_ppp_device',`
 	allow $1 ppp_device_t:chr_file rw_file_perms;
 ')
 
+########################################
+## <summary>
+##	Send and receive messages on a
+##	non-encrypted (no IPSEC) network
+##	session.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`corenet_non_ipsec_sendrecv',`
+	kernel_sendrecv_unlabeled_association($1)
+')
+
 ########################################
 ## <summary>
 ##	Unconfined access to network objects.
@@ -1061,4 +1075,6 @@ interface(`corenet_unconfined',`
 	# cjp: rawip_socket doesnt make any sense
 	allow $1 port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
 	allow $1 node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
+
+	corenet_non_ipsec_sendrecv($1)
 ')
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 9f254441..4b053025 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -1683,6 +1683,37 @@ interface(`kernel_relabel_unlabeled',`
 	allow $1 unlabeled_t:dir_file_class_set { getattr relabelfrom };
 ')
 
+########################################
+## <summary>
+##	Send and receive messages from an
+##	unlabeled IPSEC association.
+## </summary>
+## <desc>
+##	<p>
+##	Send and receive messages from an
+##	unlabeled IPSEC association.  Network
+##	connections that are not protected
+##	by IPSEC have use an unlabeled
+##	assocation.
+##	</p>
+##	<p>
+##	The corenetwork interface
+##	corenet_sendrecv_no_ipsec() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`kernel_sendrecv_unlabeled_association',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:association { sendto recvfrom };
+')
+
 ########################################
 ## <summary>
 ##	Unconfined access to the kernel.
@@ -1709,6 +1740,7 @@ interface(`kernel_unconfined',`
 
 	allow $1 unlabeled_t:dir_file_class_set *;
 	allow $1 unlabeled_t:filesystem *;
+	allow $1 unlabeled_t:association *;
 
 	typeattribute $1 can_load_kernmodule, can_receive_kernel_messages;
 	typeattribute $1 kern_unconfined;
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 9d670f4f..71ba5e8e 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
 
-policy_module(kernel,1.0)
+policy_module(kernel,1.0.1)
 
 ########################################
 #
@@ -193,6 +193,7 @@ allow kernel_t sysctl_kernel_t:file r_file_perms;
 # cjp: this seems questionable
 allow kernel_t unlabeled_t:fifo_file rw_file_perms;
 
+corenet_non_ipsec_sendrecv(kernel_t)
 # Kernel-generated traffic e.g., ICMP replies:
 corenet_raw_sendrecv_all_if(kernel_t)
 corenet_raw_sendrecv_all_nodes(kernel_t)
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index ea81708e..6748e10a 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -191,6 +191,7 @@ template(`apache_content_template',`
 	tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
 		allow httpd_$1_script_t self:tcp_socket create_stream_socket_perms;
 		allow httpd_$1_script_t self:udp_socket create_socket_perms;
+
 		corenet_tcp_sendrecv_all_if(httpd_$1_script_t)
 		corenet_udp_sendrecv_all_if(httpd_$1_script_t)
 		corenet_raw_sendrecv_all_if(httpd_$1_script_t)
@@ -199,6 +200,7 @@ template(`apache_content_template',`
 		corenet_raw_sendrecv_all_nodes(httpd_$1_script_t)
 		corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
 		corenet_udp_sendrecv_all_ports(httpd_$1_script_t)
+		corenet_non_ipsec_sendrecv(httpd_$1_script_t)
 		corenet_tcp_bind_all_nodes(httpd_$1_script_t)
 		corenet_udp_bind_all_nodes(httpd_$1_script_t)
 		corenet_tcp_connect_all_ports(httpd_$1_script_t)
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index d5584967..793754f0 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
 
-policy_module(apache,1.0.1)
+policy_module(apache,1.0.2)
 
 #
 # NOTES: 
@@ -221,6 +221,7 @@ corenet_udp_sendrecv_all_nodes(httpd_t)
 corenet_raw_sendrecv_all_nodes(httpd_t)
 corenet_tcp_sendrecv_all_ports(httpd_t)
 corenet_udp_sendrecv_all_ports(httpd_t)
+corenet_non_ipsec_sendrecv(httpd_t)
 corenet_tcp_bind_all_nodes(httpd_t)
 corenet_udp_bind_all_nodes(httpd_t)
 corenet_tcp_bind_http_port(httpd_t)
@@ -315,6 +316,7 @@ tunable_policy(`httpd_can_network_connect',`
 	corenet_raw_sendrecv_all_nodes(httpd_t)
 	corenet_tcp_sendrecv_all_ports(httpd_t)
 	corenet_udp_sendrecv_all_ports(httpd_t)
+	corenet_non_ipsec_sendrecv(httpd_t)
 	corenet_tcp_bind_all_nodes(httpd_t)
 	corenet_udp_bind_all_nodes(httpd_t)
 	corenet_tcp_connect_all_ports(httpd_t)
@@ -568,6 +570,7 @@ tunable_policy(`httpd_can_network_connect',`
 	corenet_raw_sendrecv_all_nodes(httpd_suexec_t)
 	corenet_tcp_sendrecv_all_ports(httpd_suexec_t)
 	corenet_udp_sendrecv_all_ports(httpd_suexec_t)
+	corenet_non_ipsec_sendrecv(httpd_suexec_t)
 	corenet_tcp_bind_all_nodes(httpd_suexec_t)
 	corenet_udp_bind_all_nodes(httpd_suexec_t)
 	corenet_tcp_connect_all_ports(httpd_suexec_t)
diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te
index 74e4d5c7..03b23864 100644
--- a/refpolicy/policy/modules/services/arpwatch.te
+++ b/refpolicy/policy/modules/services/arpwatch.te
@@ -1,5 +1,5 @@
 
-policy_module(arpwatch,1.0)
+policy_module(arpwatch,1.0.1)
 
 ########################################
 #
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(arpwatch_t)
 corenet_raw_sendrecv_all_nodes(arpwatch_t)
 corenet_tcp_sendrecv_all_ports(arpwatch_t)
 corenet_udp_sendrecv_all_ports(arpwatch_t)
+corenet_non_ipsec_sendrecv(arpwatch_t)
 corenet_tcp_bind_all_nodes(arpwatch_t)
 corenet_udp_bind_all_nodes(arpwatch_t)
 
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index fe04bba3..148e959a 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
 
-policy_module(avahi,1.0.2)
+policy_module(avahi,1.0.3)
 
 ########################################
 #
@@ -46,6 +46,7 @@ corenet_raw_sendrecv_all_nodes(avahi_t)
 corenet_udp_sendrecv_all_nodes(avahi_t)
 corenet_tcp_sendrecv_all_ports(avahi_t)
 corenet_udp_sendrecv_all_ports(avahi_t)
+corenet_non_ipsec_sendrecv(avahi_t)
 corenet_tcp_bind_all_nodes(avahi_t)
 corenet_udp_bind_all_nodes(avahi_t)
 corenet_tcp_bind_howl_port(avahi_t)
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 659b761f..6c24b210 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
 
-policy_module(bind,1.0.1)
+policy_module(bind,1.0.2)
 
 ########################################
 #
@@ -107,6 +107,7 @@ corenet_udp_sendrecv_all_nodes(named_t)
 corenet_raw_sendrecv_all_nodes(named_t)
 corenet_tcp_sendrecv_all_ports(named_t)
 corenet_udp_sendrecv_all_ports(named_t)
+corenet_non_ipsec_sendrecv(named_t)
 corenet_tcp_bind_all_nodes(named_t)
 corenet_udp_bind_all_nodes(named_t)
 corenet_tcp_bind_dns_port(named_t)
@@ -243,6 +244,7 @@ corenet_raw_sendrecv_all_if(ndc_t)
 corenet_tcp_sendrecv_all_nodes(ndc_t)
 corenet_raw_sendrecv_all_nodes(ndc_t)
 corenet_tcp_sendrecv_all_ports(ndc_t)
+corenet_non_ipsec_sendrecv(ndc_t)
 corenet_tcp_bind_all_nodes(ndc_t)
 corenet_tcp_connect_rndc_port(ndc_t)
 
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 8b35c1d2..03e5a294 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -1,5 +1,5 @@
 
-policy_module(bluetooth,1.0.1)
+policy_module(bluetooth,1.0.2)
 
 ########################################
 #
@@ -93,10 +93,11 @@ corenet_raw_sendrecv_all_if(bluetooth_t)
 corenet_tcp_sendrecv_all_nodes(bluetooth_t)
 corenet_udp_sendrecv_all_nodes(bluetooth_t)
 corenet_raw_sendrecv_all_nodes(bluetooth_t)
-corenet_tcp_bind_all_nodes(bluetooth_t)
-corenet_udp_bind_all_nodes(bluetooth_t)
 corenet_tcp_sendrecv_all_ports(bluetooth_t)
 corenet_udp_sendrecv_all_ports(bluetooth_t)
+corenet_non_ipsec_sendrecv(bluetooth_t)
+corenet_tcp_bind_all_nodes(bluetooth_t)
+corenet_udp_bind_all_nodes(bluetooth_t)
 
 dev_read_sysfs(bluetooth_t)
 dev_rw_usbfs(bluetooth_t)
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index f0004d82..b119afea 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -54,6 +54,7 @@ corenet_raw_sendrecv_all_if(canna_t)
 corenet_tcp_sendrecv_all_nodes(canna_t)
 corenet_raw_sendrecv_all_nodes(canna_t)
 corenet_tcp_sendrecv_all_ports(canna_t)
+corenet_non_ipsec_sendrecv(canna_t)
 corenet_tcp_bind_all_nodes(canna_t)
 corenet_tcp_connect_all_ports(canna_t)
 
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index dc2cfb57..7ee2abd7 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -1,5 +1,5 @@
 
-policy_module(comsat,1.0)
+policy_module(comsat,1.0.1)
 
 ########################################
 #
@@ -51,6 +51,7 @@ corenet_udp_sendrecv_all_nodes(comsat_t)
 corenet_raw_sendrecv_all_nodes(comsat_t)
 corenet_tcp_sendrecv_all_ports(comsat_t)
 corenet_udp_sendrecv_all_ports(comsat_t)
+corenet_non_ipsec_sendrecv(comsat_t)
 corenet_tcp_bind_all_nodes(comsat_t)
 corenet_udp_bind_all_nodes(comsat_t)
 
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index ad04e4de..72f4d108 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -93,6 +93,7 @@ template(`cron_per_userdomain_template',`
 	corenet_udp_sendrecv_all_nodes($1_crond_t)
 	corenet_tcp_sendrecv_all_ports($1_crond_t)
 	corenet_udp_sendrecv_all_ports($1_crond_t)
+	corenet_non_ipsec_sendrecv($1_crond_t)
 	corenet_tcp_bind_all_nodes($1_crond_t)
 	corenet_udp_bind_all_nodes($1_crond_t)
 	corenet_tcp_connect_all_ports($1_crond_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index c59ade91..e5792d2d 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -1,5 +1,5 @@
 
-policy_module(cron, 1.0.2)
+policy_module(cron, 1.0.3)
 
 gen_require(`
 	class passwd rootok;
@@ -285,6 +285,7 @@ ifdef(`targeted_policy',`
 	corenet_udp_sendrecv_all_nodes(system_crond_t)
 	corenet_tcp_sendrecv_all_ports(system_crond_t)
 	corenet_udp_sendrecv_all_ports(system_crond_t)
+	corenet_non_ipsec_sendrecv(system_crond_t)
 	corenet_tcp_bind_all_nodes(system_crond_t)
 	corenet_udp_bind_all_nodes(system_crond_t)
 
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 34be1885..1ff7d200 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -1,5 +1,5 @@
 
-policy_module(cups,1.0.2)
+policy_module(cups,1.0.3)
 
 ########################################
 #
@@ -130,6 +130,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_t)
 corenet_raw_sendrecv_all_nodes(cupsd_t)
 corenet_tcp_sendrecv_all_ports(cupsd_t)
 corenet_udp_sendrecv_all_ports(cupsd_t)
+corenet_non_ipsec_sendrecv(cupsd_t)
 corenet_tcp_bind_all_nodes(cupsd_t)
 corenet_udp_bind_all_nodes(cupsd_t)
 corenet_tcp_bind_ipp_port(cupsd_t)
@@ -312,8 +313,9 @@ corenet_tcp_sendrecv_all_if(ptal_t)
 corenet_raw_sendrecv_all_if(ptal_t)
 corenet_tcp_sendrecv_all_nodes(ptal_t)
 corenet_raw_sendrecv_all_nodes(ptal_t)
-corenet_tcp_bind_all_nodes(ptal_t)
 corenet_tcp_sendrecv_all_ports(ptal_t)
+corenet_non_ipsec_sendrecv(ptal_t)
+corenet_tcp_bind_all_nodes(ptal_t)
 corenet_tcp_bind_ptal_port(ptal_t)
 
 dev_read_sysfs(ptal_t)
@@ -400,6 +402,7 @@ corenet_udp_sendrecv_all_nodes(hplip_t)
 corenet_raw_sendrecv_all_nodes(hplip_t)
 corenet_tcp_sendrecv_all_ports(hplip_t)
 corenet_udp_sendrecv_all_ports(hplip_t)
+corenet_non_ipsec_sendrecv(hplip_t)
 corenet_tcp_bind_all_nodes(hplip_t)
 corenet_udp_bind_all_nodes(hplip_t)
 corenet_tcp_bind_hplip_port(hplip_t)
@@ -518,6 +521,7 @@ corenet_raw_sendrecv_all_if(cupsd_config_t)
 corenet_tcp_sendrecv_all_nodes(cupsd_config_t)
 corenet_raw_sendrecv_all_nodes(cupsd_config_t)
 corenet_tcp_sendrecv_all_ports(cupsd_config_t)
+corenet_non_ipsec_sendrecv(cupsd_config_t)
 corenet_tcp_bind_all_nodes(cupsd_config_t)
 corenet_tcp_connect_all_ports(cupsd_config_t)
 
@@ -694,6 +698,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_lpd_t)
 corenet_raw_sendrecv_all_nodes(cupsd_lpd_t)
 corenet_tcp_sendrecv_all_ports(cupsd_lpd_t)
 corenet_udp_sendrecv_all_ports(cupsd_lpd_t)
+corenet_non_ipsec_sendrecv(cupsd_lpd_t)
 corenet_tcp_bind_all_nodes(cupsd_lpd_t)
 corenet_udp_bind_all_nodes(cupsd_lpd_t)
 corenet_tcp_connect_ipp_port(cupsd_lpd_t)
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index e2c87e13..0dd1d2de 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -1,5 +1,5 @@
 
-policy_module(cvs,1.0)
+policy_module(cvs,1.0.1)
 
 ########################################
 #
@@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(cvs_t)
 corenet_raw_sendrecv_all_nodes(cvs_t)
 corenet_tcp_sendrecv_all_ports(cvs_t)
 corenet_udp_sendrecv_all_ports(cvs_t)
+corenet_non_ipsec_sendrecv(cvs_t)
 corenet_tcp_bind_all_nodes(cvs_t)
 corenet_udp_bind_all_nodes(cvs_t)
 
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index fa3c8975..83d91ad7 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -1,5 +1,5 @@
 
-policy_module(cyrus,1.0)
+policy_module(cyrus,1.0.1)
 
 ########################################
 #
@@ -67,6 +67,7 @@ corenet_udp_sendrecv_all_nodes(cyrus_t)
 corenet_raw_sendrecv_all_nodes(cyrus_t)
 corenet_tcp_sendrecv_all_ports(cyrus_t)
 corenet_udp_sendrecv_all_ports(cyrus_t)
+corenet_non_ipsec_sendrecv(cyrus_t)
 corenet_tcp_bind_all_nodes(cyrus_t)
 corenet_udp_bind_all_nodes(cyrus_t)
 corenet_tcp_bind_mail_port(cyrus_t)
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index 935427cf..09a97b8d 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -1,5 +1,5 @@
 
-policy_module(dbskk,1.0)
+policy_module(dbskk,1.0.1)
 
 ########################################
 #
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(dbskkd_t)
 corenet_raw_sendrecv_all_nodes(dbskkd_t)
 corenet_tcp_sendrecv_all_ports(dbskkd_t)
 corenet_udp_sendrecv_all_ports(dbskkd_t)
+corenet_non_ipsec_sendrecv(dbskkd_t)
 corenet_tcp_bind_all_nodes(dbskkd_t)
 corenet_udp_bind_all_nodes(dbskkd_t)
 
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index 3259c6a4..a271d272 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -107,6 +107,7 @@ template(`dbus_per_userdomain_template',`
 	corenet_tcp_sendrecv_all_nodes($1_dbusd_t)
 	corenet_raw_sendrecv_all_nodes($1_dbusd_t)
 	corenet_tcp_sendrecv_all_ports($1_dbusd_t)
+	corenet_non_ipsec_sendrecv($1_dbusd_t)
 	corenet_tcp_bind_all_nodes($1_dbusd_t)
 	corenet_tcp_bind_reserved_port($1_dbusd_t)
 
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index ff68da78..64d25a99 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
 
-policy_module(dbus,1.0.1)
+policy_module(dbus,1.0.2)
 
 gen_require(`
 	class dbus { send_msg acquire_svc };
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index 0ad9809c..9b879a7d 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -1,5 +1,5 @@
 
-policy_module(dhcp,1.0)
+policy_module(dhcp,1.0.1)
 
 ########################################
 #
@@ -62,6 +62,7 @@ corenet_udp_sendrecv_all_nodes(dhcpd_t)
 corenet_raw_sendrecv_all_nodes(dhcpd_t)
 corenet_tcp_sendrecv_all_ports(dhcpd_t)
 corenet_udp_sendrecv_all_ports(dhcpd_t)
+corenet_non_ipsec_sendrecv(dhcpd_t)
 corenet_tcp_bind_all_nodes(dhcpd_t)
 corenet_udp_bind_all_nodes(dhcpd_t)
 corenet_tcp_bind_dhcpd_port(dhcpd_t)
diff --git a/refpolicy/policy/modules/services/dictd.te b/refpolicy/policy/modules/services/dictd.te
index c13cf87e..3fb6a037 100644
--- a/refpolicy/policy/modules/services/dictd.te
+++ b/refpolicy/policy/modules/services/dictd.te
@@ -1,5 +1,5 @@
 
-policy_module(dictd,1.0)
+policy_module(dictd,1.0.1)
 
 ########################################
 #
@@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(dictd_t)
 corenet_raw_sendrecv_all_nodes(dictd_t)
 corenet_tcp_sendrecv_all_ports(dictd_t)
 corenet_udp_sendrecv_all_ports(dictd_t)
+corenet_non_ipsec_sendrecv(dictd_t)
 corenet_tcp_bind_all_nodes(dictd_t)
 corenet_udp_bind_all_nodes(dictd_t)
 corenet_tcp_bind_dict_port(dictd_t)
diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te
index c84cd3ad..b480c932 100644
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@@ -1,5 +1,5 @@
 
-policy_module(distcc,1.0)
+policy_module(distcc,1.0.1)
 
 ########################################
 #
@@ -45,8 +45,6 @@ files_create_pid(distccd_t,distccd_var_run_t)
 kernel_read_system_state(distccd_t)
 kernel_read_kernel_sysctl(distccd_t)
 
-allow distccd_t self:tcp_socket create_stream_socket_perms;
-allow distccd_t self:udp_socket create_socket_perms;
 corenet_tcp_sendrecv_all_if(distccd_t)
 corenet_udp_sendrecv_all_if(distccd_t)
 corenet_raw_sendrecv_all_if(distccd_t)
@@ -55,6 +53,7 @@ corenet_udp_sendrecv_all_nodes(distccd_t)
 corenet_raw_sendrecv_all_nodes(distccd_t)
 corenet_tcp_sendrecv_all_ports(distccd_t)
 corenet_udp_sendrecv_all_ports(distccd_t)
+corenet_non_ipsec_sendrecv(distccd_t)
 corenet_tcp_bind_all_nodes(distccd_t)
 corenet_udp_bind_all_nodes(distccd_t)
 corenet_tcp_bind_distccd_port(distccd_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 718dc0f3..df378728 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -75,6 +75,7 @@ corenet_raw_sendrecv_all_if(dovecot_t)
 corenet_tcp_sendrecv_all_nodes(dovecot_t)
 corenet_raw_sendrecv_all_nodes(dovecot_t)
 corenet_tcp_sendrecv_all_ports(dovecot_t)
+corenet_non_ipsec_sendrecv(dovecot_t)
 corenet_tcp_bind_all_nodes(dovecot_t)
 corenet_tcp_bind_pop_port(dovecot_t)
 corenet_tcp_connect_all_ports(dovecot_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index 50b67693..0667d932 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -1,5 +1,5 @@
 
-policy_module(finger,1.0)
+policy_module(finger,1.0.1)
 
 ########################################
 #
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(fingerd_t)
 corenet_raw_sendrecv_all_nodes(fingerd_t)
 corenet_tcp_sendrecv_all_ports(fingerd_t)
 corenet_udp_sendrecv_all_ports(fingerd_t)
+corenet_non_ipsec_sendrecv(fingerd_t)
 corenet_tcp_bind_all_nodes(fingerd_t)
 corenet_udp_bind_all_nodes(fingerd_t)
 corenet_tcp_bind_fingerd_port(fingerd_t)
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index 1490fb1b..1a83d1c9 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -1,5 +1,5 @@
 
-policy_module(ftp,1.0.1)
+policy_module(ftp,1.0.2)
 
 ########################################
 #
@@ -82,6 +82,7 @@ corenet_udp_sendrecv_all_nodes(ftpd_t)
 corenet_raw_sendrecv_all_nodes(ftpd_t)
 corenet_tcp_sendrecv_all_ports(ftpd_t)
 corenet_udp_sendrecv_all_ports(ftpd_t)
+corenet_non_ipsec_sendrecv(ftpd_t)
 corenet_tcp_bind_all_nodes(ftpd_t)
 corenet_udp_bind_all_nodes(ftpd_t)
 corenet_tcp_bind_ftp_data_port(ftpd_t)
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 215e5bce..8f5a8f3a 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
 
-policy_module(hal,1.0.3)
+policy_module(hal,1.0.4)
 
 ########################################
 #
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(hald_t)
 corenet_raw_sendrecv_all_nodes(hald_t)
 corenet_tcp_sendrecv_all_ports(hald_t)
 corenet_udp_sendrecv_all_ports(hald_t)
+corenet_non_ipsec_sendrecv(hald_t)
 corenet_tcp_bind_all_nodes(hald_t)
 corenet_udp_bind_all_nodes(hald_t)
 
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index 5673c90c..3e1c8fc9 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -1,5 +1,5 @@
 
-policy_module(howl,1.0)
+policy_module(howl,1.0.1)
 
 ########################################
 #
@@ -43,6 +43,7 @@ corenet_udp_sendrecv_all_nodes(howl_t)
 corenet_raw_sendrecv_all_nodes(howl_t)
 corenet_tcp_sendrecv_all_ports(howl_t)
 corenet_udp_sendrecv_all_ports(howl_t)
+corenet_non_ipsec_sendrecv(howl_t)
 corenet_tcp_bind_all_nodes(howl_t)
 corenet_udp_bind_all_nodes(howl_t)
 corenet_tcp_bind_howl_port(howl_t)
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index 9501590e..02ac2a4c 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -1,5 +1,5 @@
 
-policy_module(i18n_input,1.0.0)
+policy_module(i18n_input,1.0.1)
 
 ########################################
 #
@@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(i18n_input_t)
 corenet_raw_sendrecv_all_nodes(i18n_input_t)
 corenet_tcp_sendrecv_all_ports(i18n_input_t)
 corenet_udp_sendrecv_all_ports(i18n_input_t)
+corenet_non_ipsec_sendrecv(i18n_input_t)
 corenet_tcp_bind_all_nodes(i18n_input_t)
 corenet_udp_bind_all_nodes(i18n_input_t)
 corenet_tcp_bind_i18n_input_port(i18n_input_t)
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 37de5439..898b5516 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -1,5 +1,5 @@
 
-policy_module(inetd,1.0.1)
+policy_module(inetd,1.0.2)
 
 ########################################
 #
@@ -66,6 +66,7 @@ corenet_udp_sendrecv_all_nodes(inetd_t)
 corenet_raw_sendrecv_all_nodes(inetd_t)
 corenet_tcp_sendrecv_all_ports(inetd_t)
 corenet_udp_sendrecv_all_ports(inetd_t)
+corenet_non_ipsec_sendrecv(inetd_t)
 corenet_tcp_bind_all_nodes(inetd_t)
 corenet_udp_bind_all_nodes(inetd_t)
 corenet_tcp_connect_all_ports(inetd_t)
@@ -192,6 +193,7 @@ corenet_udp_sendrecv_all_nodes(inetd_child_t)
 corenet_raw_sendrecv_all_nodes(inetd_child_t)
 corenet_tcp_sendrecv_all_ports(inetd_child_t)
 corenet_udp_sendrecv_all_ports(inetd_child_t)
+corenet_non_ipsec_sendrecv(inetd_child_t)
 corenet_tcp_bind_all_nodes(inetd_child_t)
 corenet_udp_bind_all_nodes(inetd_child_t)
 
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index cc15668d..95b87dca 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -1,5 +1,5 @@
 
-policy_module(inn,1.0)
+policy_module(inn,1.0.1)
 
 ########################################
 #
@@ -71,6 +71,7 @@ corenet_tcp_sendrecv_all_nodes(innd_t)
 corenet_udp_sendrecv_all_nodes(innd_t)
 corenet_tcp_sendrecv_all_ports(innd_t)
 corenet_udp_sendrecv_all_ports(innd_t)
+corenet_non_ipsec_sendrecv(innd_t)
 corenet_tcp_bind_all_nodes(innd_t)
 corenet_udp_bind_all_nodes(innd_t)
 corenet_tcp_bind_innd_port(innd_t)
diff --git a/refpolicy/policy/modules/services/kerberos.if b/refpolicy/policy/modules/services/kerberos.if
index 9821152a..153fd02f 100644
--- a/refpolicy/policy/modules/services/kerberos.if
+++ b/refpolicy/policy/modules/services/kerberos.if
@@ -49,6 +49,7 @@ interface(`kerberos_use',`
 		corenet_raw_sendrecv_all_nodes($1)
 		corenet_tcp_sendrecv_kerberos_port($1)
 		corenet_udp_sendrecv_kerberos_port($1)
+		corenet_non_ipsec_sendrecv($1)
 		corenet_tcp_bind_all_nodes($1)
 		corenet_udp_bind_all_nodes($1)
 		corenet_tcp_connect_kerberos_port($1)
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 852efe57..3406a9fa 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
 
-policy_module(kerberos,1.0)
+policy_module(kerberos,1.0.1)
 
 ########################################
 #
@@ -95,6 +95,7 @@ corenet_udp_sendrecv_all_nodes(kadmind_t)
 corenet_raw_sendrecv_all_nodes(kadmind_t)
 corenet_tcp_sendrecv_all_ports(kadmind_t)
 corenet_udp_sendrecv_all_ports(kadmind_t)
+corenet_non_ipsec_sendrecv(kadmind_t)
 corenet_tcp_bind_all_nodes(kadmind_t)
 corenet_udp_bind_all_nodes(kadmind_t)
 corenet_tcp_bind_kerberos_admin_port(kadmind_t)
@@ -197,6 +198,7 @@ corenet_udp_sendrecv_all_nodes(krb5kdc_t)
 corenet_raw_sendrecv_all_nodes(krb5kdc_t)
 corenet_tcp_sendrecv_all_ports(krb5kdc_t)
 corenet_udp_sendrecv_all_ports(krb5kdc_t)
+corenet_non_ipsec_sendrecv(krb5kdc_t)
 corenet_tcp_bind_all_nodes(krb5kdc_t)
 corenet_udp_bind_all_nodes(krb5kdc_t)
 corenet_tcp_bind_kerberos_port(krb5kdc_t)
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
index e346e998..9966c38c 100644
--- a/refpolicy/policy/modules/services/ktalk.te
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -1,5 +1,5 @@
 
-policy_module(ktalk,1.0)
+policy_module(ktalk,1.0.1)
 
 ########################################
 #
@@ -58,6 +58,7 @@ corenet_udp_sendrecv_all_nodes(ktalkd_t)
 corenet_raw_sendrecv_all_nodes(ktalkd_t)
 corenet_tcp_sendrecv_all_ports(ktalkd_t)
 corenet_udp_sendrecv_all_ports(ktalkd_t)
+corenet_non_ipsec_sendrecv(ktalkd_t)
 corenet_tcp_bind_all_nodes(ktalkd_t)
 corenet_udp_bind_all_nodes(ktalkd_t)
 
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index 973a7d3e..5ac24951 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -1,5 +1,5 @@
 
-policy_module(ldap,1.0.1)
+policy_module(ldap,1.0.2)
 
 ########################################
 #
@@ -86,6 +86,7 @@ corenet_udp_sendrecv_all_nodes(slapd_t)
 corenet_raw_sendrecv_all_nodes(slapd_t)
 corenet_tcp_sendrecv_all_ports(slapd_t)
 corenet_udp_sendrecv_all_ports(slapd_t)
+corenet_non_ipsec_sendrecv(slapd_t)
 corenet_tcp_bind_all_nodes(slapd_t)
 corenet_udp_bind_all_nodes(slapd_t)
 corenet_tcp_bind_ldap_port(slapd_t)
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index 976f7541..5498f9e1 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
 
-policy_module(lpd,1.0)
+policy_module(lpd,1.0.1)
 
 ########################################
 #
@@ -70,6 +70,7 @@ corenet_udp_sendrecv_all_nodes(checkpc_t)
 corenet_raw_sendrecv_all_nodes(checkpc_t)
 corenet_tcp_sendrecv_all_ports(checkpc_t)
 corenet_udp_sendrecv_all_ports(checkpc_t)
+corenet_non_ipsec_sendrecv(checkpc_t)
 corenet_tcp_bind_all_nodes(checkpc_t)
 corenet_udp_bind_all_nodes(checkpc_t)
 corenet_tcp_connect_all_ports(checkpc_t)
@@ -164,6 +165,7 @@ corenet_udp_sendrecv_all_nodes(lpd_t)
 corenet_raw_sendrecv_all_nodes(lpd_t)
 corenet_tcp_sendrecv_all_ports(lpd_t)
 corenet_udp_sendrecv_all_ports(lpd_t)
+corenet_non_ipsec_sendrecv(lpd_t)
 corenet_tcp_bind_all_nodes(lpd_t)
 corenet_udp_bind_all_nodes(lpd_t)
 corenet_tcp_bind_printer_port(lpd_t)
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index 626e96c4..cd4e1a5c 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -56,6 +56,7 @@ template(`mailman_domain_template', `
 	corenet_raw_sendrecv_all_nodes(mailman_$1_t)
 	corenet_tcp_sendrecv_all_ports(mailman_$1_t)
 	corenet_udp_sendrecv_all_ports(mailman_$1_t)
+	corenet_non_ipsec_sendrecv(mailman_$1_t)
 	corenet_tcp_bind_all_nodes(mailman_$1_t)
 	corenet_udp_bind_all_nodes(mailman_$1_t)
 	corenet_tcp_connect_smtp_port(mailman_$1_t)
diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te
index e834acae..aefb7ec5 100644
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@@ -1,5 +1,5 @@
 
-policy_module(mailman,1.0)
+policy_module(mailman,1.0.1)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 29ef5782..bf2bb0f3 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -73,6 +73,7 @@ template(`mta_base_mail_template',`
 	corenet_tcp_sendrecv_all_nodes($1_mail_t)
 	corenet_raw_sendrecv_all_nodes($1_mail_t)
 	corenet_tcp_sendrecv_all_ports($1_mail_t)
+	corenet_non_ipsec_sendrecv($1_mail_t)
 	corenet_tcp_bind_all_nodes($1_mail_t)
 	corenet_tcp_connect_all_ports($1_mail_t)
 	corenet_tcp_connect_smtp_port($1_mail_t)
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index b9ff82f9..810d7113 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
 
-policy_module(mta,1.0.3)
+policy_module(mta,1.0.4)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 6a23c8dd..8810a019 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
 
-policy_module(mysql,1.0)
+policy_module(mysql,1.0.1)
 
 ########################################
 #
@@ -73,6 +73,7 @@ corenet_udp_sendrecv_all_nodes(mysqld_t)
 corenet_raw_sendrecv_all_nodes(mysqld_t)
 corenet_tcp_sendrecv_all_ports(mysqld_t)
 corenet_udp_sendrecv_all_ports(mysqld_t)
+corenet_non_ipsec_sendrecv(mysqld_t)
 corenet_tcp_bind_all_nodes(mysqld_t)
 corenet_udp_bind_all_nodes(mysqld_t)
 corenet_tcp_bind_mysqld_port(mysqld_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 68ac5a7a..c378beec 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
 
-policy_module(networkmanager,1.0.1)
+policy_module(networkmanager,1.0.2)
 
 ########################################
 #
@@ -48,6 +48,7 @@ corenet_udp_sendrecv_all_nodes(NetworkManager_t)
 corenet_raw_sendrecv_all_nodes(NetworkManager_t)
 corenet_tcp_sendrecv_all_ports(NetworkManager_t)
 corenet_udp_sendrecv_all_ports(NetworkManager_t)
+corenet_non_ipsec_sendrecv(NetworkManager_t)
 corenet_tcp_bind_all_nodes(NetworkManager_t)
 corenet_udp_bind_all_nodes(NetworkManager_t)
 corenet_tcp_connect_all_ports(NetworkManager_t)
diff --git a/refpolicy/policy/modules/services/nis.if b/refpolicy/policy/modules/services/nis.if
index e7b62b68..9193fbe7 100644
--- a/refpolicy/policy/modules/services/nis.if
+++ b/refpolicy/policy/modules/services/nis.if
@@ -43,6 +43,7 @@ interface(`nis_use_ypbind_uncond',`
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_all_ports($1)
 	corenet_udp_sendrecv_all_ports($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_udp_bind_all_nodes($1)
 	corenet_tcp_bind_generic_port($1)
@@ -90,6 +91,7 @@ interface(`nis_use_ypbind',`
 		corenet_raw_sendrecv_all_nodes($1)
 		corenet_tcp_sendrecv_all_ports($1)
 		corenet_udp_sendrecv_all_ports($1)
+		corenet_non_ipsec_sendrecv($1)
 		corenet_tcp_bind_all_nodes($1)
 		corenet_udp_bind_all_nodes($1)
 		corenet_tcp_bind_generic_port($1)
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index c7300539..9eb0bfa5 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -74,10 +74,11 @@ corenet_raw_sendrecv_all_if(ypbind_t)
 corenet_tcp_sendrecv_all_nodes(ypbind_t)
 corenet_udp_sendrecv_all_nodes(ypbind_t)
 corenet_raw_sendrecv_all_nodes(ypbind_t)
-corenet_tcp_bind_all_nodes(ypbind_t)
-corenet_udp_bind_all_nodes(ypbind_t)
 corenet_tcp_sendrecv_all_ports(ypbind_t)
 corenet_udp_sendrecv_all_ports(ypbind_t)
+corenet_non_ipsec_sendrecv(ypbind_t)
+corenet_tcp_bind_all_nodes(ypbind_t)
+corenet_udp_bind_all_nodes(ypbind_t)
 corenet_tcp_bind_generic_port(ypbind_t)
 corenet_udp_bind_generic_port(ypbind_t)
 corenet_tcp_bind_reserved_port(ypbind_t)
@@ -169,6 +170,7 @@ corenet_udp_sendrecv_all_nodes(yppasswdd_t)
 corenet_raw_sendrecv_all_nodes(yppasswdd_t)
 corenet_tcp_sendrecv_all_ports(yppasswdd_t)
 corenet_udp_sendrecv_all_ports(yppasswdd_t)
+corenet_non_ipsec_sendrecv(yppasswdd_t)
 corenet_tcp_bind_all_nodes(yppasswdd_t)
 corenet_udp_bind_all_nodes(yppasswdd_t)
 corenet_tcp_bind_reserved_port(yppasswdd_t)
@@ -272,6 +274,7 @@ corenet_udp_sendrecv_all_nodes(ypserv_t)
 corenet_raw_sendrecv_all_nodes(ypserv_t)
 corenet_tcp_sendrecv_all_ports(ypserv_t)
 corenet_udp_sendrecv_all_ports(ypserv_t)
+corenet_non_ipsec_sendrecv(ypserv_t)
 corenet_tcp_bind_all_nodes(ypserv_t)
 corenet_udp_bind_all_nodes(ypserv_t)
 corenet_tcp_bind_reserved_port(ypserv_t)
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index ff3eedfa..f03d6eb5 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
 
-policy_module(nscd,1.0)
+policy_module(nscd,1.0.1)
 
 gen_require(`
 	class nscd all_nscd_perms;
@@ -76,6 +76,7 @@ corenet_udp_sendrecv_all_nodes(nscd_t)
 corenet_raw_sendrecv_all_nodes(nscd_t)
 corenet_tcp_sendrecv_all_ports(nscd_t)
 corenet_udp_sendrecv_all_ports(nscd_t)
+corenet_non_ipsec_sendrecv(nscd_t)
 corenet_tcp_bind_all_nodes(nscd_t)
 corenet_udp_bind_all_nodes(nscd_t)
 corenet_tcp_connect_all_ports(nscd_t)
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index 2752ca55..9d112cb3 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -1,5 +1,5 @@
 
-policy_module(ntp,1.0)
+policy_module(ntp,1.0.1)
 
 ########################################
 #
@@ -71,6 +71,7 @@ corenet_udp_sendrecv_all_nodes(ntpd_t)
 corenet_raw_sendrecv_all_nodes(ntpd_t)
 corenet_tcp_sendrecv_all_ports(ntpd_t)
 corenet_udp_sendrecv_all_ports(ntpd_t)
+corenet_non_ipsec_sendrecv(ntpd_t)
 corenet_tcp_bind_all_nodes(ntpd_t)
 corenet_udp_bind_all_nodes(ntpd_t)
 corenet_udp_bind_ntp_port(ntpd_t)
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index d55ed993..6c16b990 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -1,5 +1,5 @@
 
-policy_module(pegasus,1.0.2)
+policy_module(pegasus,1.0.3)
 
 ########################################
 #
@@ -71,6 +71,7 @@ corenet_raw_sendrecv_all_if(pegasus_t)
 corenet_tcp_sendrecv_all_nodes(pegasus_t)
 corenet_raw_sendrecv_all_nodes(pegasus_t)
 corenet_tcp_sendrecv_all_ports(pegasus_t)
+corenet_non_ipsec_sendrecv(pegasus_t)
 corenet_tcp_bind_all_nodes(pegasus_t)
 corenet_tcp_bind_pegasus_http_port(pegasus_t)
 corenet_tcp_bind_pegasus_https_port(pegasus_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index b3c0188f..789ca013 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
 
-policy_module(portmap,1.0)
+policy_module(portmap,1.0.1)
 
 ########################################
 #
@@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(portmap_t)
 corenet_raw_sendrecv_all_nodes(portmap_t)
 corenet_tcp_sendrecv_all_ports(portmap_t)
 corenet_udp_sendrecv_all_ports(portmap_t)
+corenet_non_ipsec_sendrecv(portmap_t)
 corenet_tcp_bind_all_nodes(portmap_t)
 corenet_udp_bind_all_nodes(portmap_t)
 corenet_tcp_bind_portmap_port(portmap_t)
@@ -172,6 +173,7 @@ corenet_udp_sendrecv_all_nodes(portmap_helper_t)
 corenet_raw_sendrecv_all_nodes(portmap_helper_t)
 corenet_tcp_sendrecv_all_ports(portmap_helper_t)
 corenet_udp_sendrecv_all_ports(portmap_helper_t)
+corenet_non_ipsec_sendrecv(portmap_helper_t)
 corenet_tcp_bind_all_nodes(portmap_helper_t)
 corenet_udp_bind_all_nodes(portmap_helper_t)
 corenet_tcp_bind_reserved_port(portmap_helper_t)
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index d4afb661..3c4f4034 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -120,6 +120,7 @@ template(`postfix_server_domain_template',`
 	corenet_raw_sendrecv_all_nodes(postfix_$1_t)
 	corenet_tcp_sendrecv_all_ports(postfix_$1_t)
 	corenet_udp_sendrecv_all_ports(postfix_$1_t)
+	corenet_non_ipsec_sendrecv(postfix_$1_t)
 	corenet_tcp_bind_all_nodes(postfix_$1_t)
 	corenet_udp_bind_all_nodes(postfix_$1_t)
 	corenet_tcp_connect_all_ports(postfix_$1_t)
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index 6cbbec10..3575eb50 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
 
-policy_module(postfix,1.0.3)
+policy_module(postfix,1.0.4)
 
 ########################################
 #
@@ -142,6 +142,7 @@ corenet_udp_sendrecv_all_nodes(postfix_master_t)
 corenet_raw_sendrecv_all_nodes(postfix_master_t)
 corenet_tcp_sendrecv_all_ports(postfix_master_t)
 corenet_udp_sendrecv_all_ports(postfix_master_t)
+corenet_non_ipsec_sendrecv(postfix_master_t)
 corenet_tcp_bind_all_nodes(postfix_master_t)
 corenet_udp_bind_all_nodes(postfix_master_t)
 corenet_tcp_bind_amavisd_send_port(postfix_master_t)
@@ -309,10 +310,11 @@ corenet_raw_sendrecv_all_if(postfix_map_t)
 corenet_tcp_sendrecv_all_nodes(postfix_map_t)
 corenet_udp_sendrecv_all_nodes(postfix_map_t)
 corenet_raw_sendrecv_all_nodes(postfix_map_t)
-corenet_tcp_bind_all_nodes(postfix_map_t)
-corenet_udp_bind_all_nodes(postfix_map_t)
 corenet_tcp_sendrecv_all_ports(postfix_map_t)
 corenet_udp_sendrecv_all_ports(postfix_map_t)
+corenet_non_ipsec_sendrecv(postfix_map_t)
+corenet_tcp_bind_all_nodes(postfix_map_t)
+corenet_udp_bind_all_nodes(postfix_map_t)
 corenet_tcp_connect_all_ports(postfix_map_t)
 
 corecmd_list_bin(postfix_map_t)
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index fad6075c..a89c5bba 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -1,5 +1,5 @@
 
-policy_module(postgresql,1.0)
+policy_module(postgresql,1.0.1)
 
 #################################
 #
@@ -92,6 +92,7 @@ corenet_udp_sendrecv_all_nodes(postgresql_t)
 corenet_raw_sendrecv_all_nodes(postgresql_t)
 corenet_tcp_sendrecv_all_ports(postgresql_t)
 corenet_udp_sendrecv_all_ports(postgresql_t)
+corenet_non_ipsec_sendrecv(postgresql_t)
 corenet_tcp_bind_all_nodes(postgresql_t)
 corenet_udp_bind_all_nodes(postgresql_t)
 corenet_tcp_bind_postgresql_port(postgresql_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 3f55df5f..3fdaafd7 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
 
-policy_module(ppp,1.0)
+policy_module(ppp,1.0.1)
 
 ########################################
 #
@@ -125,6 +125,7 @@ corenet_raw_sendrecv_all_nodes(pppd_t)
 corenet_udp_sendrecv_all_nodes(pppd_t)
 corenet_tcp_sendrecv_all_ports(pppd_t)
 corenet_udp_sendrecv_all_ports(pppd_t)
+corenet_non_ipsec_sendrecv(pppd_t)
 corenet_tcp_bind_all_nodes(pppd_t)
 corenet_udp_bind_all_nodes(pppd_t)
 # Access /dev/ppp.
@@ -265,6 +266,7 @@ corenet_raw_sendrecv_all_if(pptp_t)
 corenet_tcp_sendrecv_all_nodes(pptp_t)
 corenet_raw_sendrecv_all_nodes(pptp_t)
 corenet_tcp_sendrecv_all_ports(pptp_t)
+corenet_non_ipsec_sendrecv(pptp_t)
 corenet_tcp_bind_all_nodes(pptp_t)
 corenet_tcp_connect_generic_port(pptp_t)
 corenet_tcp_connect_all_reserved_ports(pptp_t)
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index 5b2780c5..e791b628 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -1,5 +1,5 @@
 
-policy_module(privoxy,1.0.1)
+policy_module(privoxy,1.0.2)
 
 ########################################
 #
@@ -47,6 +47,7 @@ corenet_raw_sendrecv_all_if(privoxy_t)
 corenet_tcp_sendrecv_all_nodes(privoxy_t)
 corenet_raw_sendrecv_all_nodes(privoxy_t)
 corenet_tcp_sendrecv_all_ports(privoxy_t)
+corenet_non_ipsec_sendrecv(privoxy_t)
 corenet_tcp_bind_http_cache_port(privoxy_t)
 corenet_tcp_connect_http_port(privoxy_t)
 corenet_tcp_connect_ftp_port(privoxy_t)
diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te
index 38623165..6b1038c2 100644
--- a/refpolicy/policy/modules/services/procmail.te
+++ b/refpolicy/policy/modules/services/procmail.te
@@ -1,5 +1,5 @@
 
-policy_module(procmail,1.0.1)
+policy_module(procmail,1.0.2)
 
 ########################################
 #
@@ -36,6 +36,7 @@ corenet_udp_sendrecv_all_nodes(procmail_t)
 corenet_raw_sendrecv_all_nodes(procmail_t)
 corenet_tcp_sendrecv_all_ports(procmail_t)
 corenet_udp_sendrecv_all_ports(procmail_t)
+corenet_non_ipsec_sendrecv(procmail_t)
 corenet_tcp_bind_all_nodes(procmail_t)
 corenet_udp_bind_all_nodes(procmail_t)
 corenet_tcp_connect_spamd_port(procmail_t)
diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te
index e115360e..dfddca68 100644
--- a/refpolicy/policy/modules/services/radius.te
+++ b/refpolicy/policy/modules/services/radius.te
@@ -56,10 +56,11 @@ corenet_raw_sendrecv_all_if(radiusd_t)
 corenet_tcp_sendrecv_all_nodes(radiusd_t)
 corenet_udp_sendrecv_all_nodes(radiusd_t)
 corenet_raw_sendrecv_all_nodes(radiusd_t)
-corenet_tcp_bind_all_nodes(radiusd_t)
-corenet_udp_bind_all_nodes(radiusd_t)
 corenet_tcp_sendrecv_all_ports(radiusd_t)
 corenet_udp_sendrecv_all_ports(radiusd_t)
+corenet_non_ipsec_sendrecv(radiusd_t)
+corenet_tcp_bind_all_nodes(radiusd_t)
+corenet_udp_bind_all_nodes(radiusd_t)
 corenet_udp_bind_radacct_port(radiusd_t)
 corenet_udp_bind_radius_port(radiusd_t)
 # for RADIUS proxy port
diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te
index b5b07b2e..6af80399 100644
--- a/refpolicy/policy/modules/services/radvd.te
+++ b/refpolicy/policy/modules/services/radvd.te
@@ -1,5 +1,5 @@
 
-policy_module(radvd,1.0)
+policy_module(radvd,1.0.1)
 
 ########################################
 #
@@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(radvd_t)
 corenet_raw_sendrecv_all_nodes(radvd_t)
 corenet_tcp_sendrecv_all_ports(radvd_t)
 corenet_udp_sendrecv_all_ports(radvd_t)
+corenet_non_ipsec_sendrecv(radvd_t)
 corenet_tcp_bind_all_nodes(radvd_t)
 corenet_udp_bind_all_nodes(radvd_t)
 
diff --git a/refpolicy/policy/modules/services/rdisc.te b/refpolicy/policy/modules/services/rdisc.te
index 97c573bc..873b86fc 100644
--- a/refpolicy/policy/modules/services/rdisc.te
+++ b/refpolicy/policy/modules/services/rdisc.te
@@ -1,5 +1,5 @@
 
-policy_module(rdisc,1.0.0)
+policy_module(rdisc,1.0.1)
 
 ########################################
 #
@@ -31,6 +31,7 @@ corenet_raw_sendrecv_generic_if(rdisc_t)
 corenet_udp_sendrecv_all_nodes(rdisc_t)
 corenet_raw_sendrecv_all_nodes(rdisc_t)
 corenet_udp_sendrecv_all_ports(rdisc_t)
+corenet_non_ipsec_sendrecv(rdisc_t)
 corenet_udp_bind_all_nodes(rdisc_t)
 
 dev_read_sysfs(rdisc_t)
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index 2b284e46..bf05a199 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(rlogin,1.0)
+policy_module(rlogin,1.0.1)
 
 ########################################
 #
@@ -59,6 +59,7 @@ corenet_udp_sendrecv_all_nodes(rlogind_t)
 corenet_raw_sendrecv_all_nodes(rlogind_t)
 corenet_tcp_sendrecv_all_ports(rlogind_t)
 corenet_udp_sendrecv_all_ports(rlogind_t)
+corenet_non_ipsec_sendrecv(rlogind_t)
 corenet_tcp_bind_all_nodes(rlogind_t)
 corenet_udp_bind_all_nodes(rlogind_t)
 
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index da50403d..50ba3a31 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -58,6 +58,7 @@ template(`rpc_domain_template', `
 	corenet_raw_sendrecv_all_nodes($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_tcp_bind_reserved_port($1_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index cb50dd59..dd7df907 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
 
-policy_module(rpc,1.0.2)
+policy_module(rpc,1.0.3)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
index 2ebf6f0b..87e8e12c 100644
--- a/refpolicy/policy/modules/services/rshd.te
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -1,5 +1,5 @@
 
-policy_module(rshd,1.0)
+policy_module(rshd,1.0.1)
 
 ########################################
 #
@@ -31,6 +31,7 @@ corenet_udp_sendrecv_all_nodes(rshd_t)
 corenet_raw_sendrecv_all_nodes(rshd_t)
 corenet_tcp_sendrecv_all_ports(rshd_t)
 corenet_udp_sendrecv_all_ports(rshd_t)
+corenet_non_ipsec_sendrecv(rshd_t)
 corenet_tcp_bind_all_nodes(rshd_t)
 corenet_tcp_bind_rsh_port(rshd_t)
 
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index 57211caf..94a560d9 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -1,5 +1,5 @@
 
-policy_module(rsync,1.0)
+policy_module(rsync,1.0.1)
 
 ########################################
 #
@@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(rsync_t)
 corenet_raw_sendrecv_all_nodes(rsync_t)
 corenet_tcp_sendrecv_all_ports(rsync_t)
 corenet_udp_sendrecv_all_ports(rsync_t)
+corenet_non_ipsec_sendrecv(rsync_t)
 corenet_tcp_bind_all_nodes(rsync_t)
 corenet_udp_bind_all_nodes(rsync_t)
 
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index f4536be7..06eea35f 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
 
-policy_module(samba,1.0)
+policy_module(samba,1.0.1)
 
 #################################
 #
@@ -108,6 +108,7 @@ corenet_udp_sendrecv_all_nodes(samba_net_t)
 corenet_raw_sendrecv_all_nodes(samba_net_t)
 corenet_tcp_sendrecv_all_ports(samba_net_t)
 corenet_udp_sendrecv_all_ports(samba_net_t)
+corenet_non_ipsec_sendrecv(samba_net_t)
 corenet_tcp_bind_all_nodes(samba_net_t)
 corenet_udp_bind_all_nodes(samba_net_t)
 corenet_tcp_connect_smbd_port(samba_net_t)
@@ -145,6 +146,7 @@ optional_policy(`ldap',`
 	corenet_tcp_sendrecv_all_nodes(samba_net_t)
 	corenet_raw_sendrecv_all_nodes(samba_net_t)
 	corenet_tcp_sendrecv_ldap_port(samba_net_t)
+	corenet_non_ipsec_sendrecv(samba_net_t)
 	corenet_tcp_bind_all_nodes(samba_net_t)
 	sysnet_read_config(samba_net_t)
 ')
@@ -225,6 +227,7 @@ corenet_udp_sendrecv_all_nodes(smbd_t)
 corenet_raw_sendrecv_all_nodes(smbd_t)
 corenet_tcp_sendrecv_all_ports(smbd_t)
 corenet_udp_sendrecv_all_ports(smbd_t)
+corenet_non_ipsec_sendrecv(smbd_t)
 corenet_tcp_bind_all_nodes(smbd_t)
 corenet_udp_bind_all_nodes(smbd_t)
 corenet_tcp_bind_smbd_port(smbd_t)
@@ -370,6 +373,7 @@ corenet_udp_sendrecv_all_nodes(nmbd_t)
 corenet_raw_sendrecv_all_nodes(nmbd_t)
 corenet_tcp_sendrecv_all_ports(nmbd_t)
 corenet_udp_sendrecv_all_ports(nmbd_t)
+corenet_non_ipsec_sendrecv(nmbd_t)
 corenet_tcp_bind_all_nodes(nmbd_t)
 corenet_udp_bind_all_nodes(nmbd_t)
 corenet_udp_bind_nmbd_port(nmbd_t)
@@ -458,6 +462,7 @@ corenet_raw_sendrecv_all_nodes(smbmount_t)
 corenet_udp_sendrecv_all_nodes(smbmount_t)
 corenet_tcp_sendrecv_all_ports(smbmount_t)
 corenet_udp_sendrecv_all_ports(smbmount_t)
+corenet_non_ipsec_sendrecv(smbmount_t)
 corenet_tcp_bind_all_nodes(smbmount_t)
 corenet_udp_bind_all_nodes(smbmount_t)
 corenet_tcp_connect_all_ports(smbmount_t)
@@ -567,6 +572,7 @@ corenet_udp_sendrecv_all_nodes(winbind_t)
 corenet_raw_sendrecv_all_nodes(winbind_t)
 corenet_tcp_sendrecv_all_ports(winbind_t)
 corenet_udp_sendrecv_all_ports(winbind_t)
+corenet_non_ipsec_sendrecv(winbind_t)
 corenet_tcp_bind_all_nodes(winbind_t)
 corenet_udp_bind_all_nodes(winbind_t)
 corenet_tcp_connect_smbd_port(winbind_t)
diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te
index 2baadce8..c81a934a 100644
--- a/refpolicy/policy/modules/services/sasl.te
+++ b/refpolicy/policy/modules/services/sasl.te
@@ -1,5 +1,5 @@
 
-policy_module(sasl,1.0.1)
+policy_module(sasl,1.0.2)
 
 ########################################
 #
@@ -38,6 +38,7 @@ corenet_raw_sendrecv_all_if(saslauthd_t)
 corenet_tcp_sendrecv_all_nodes(saslauthd_t)
 corenet_raw_sendrecv_all_nodes(saslauthd_t)
 corenet_tcp_sendrecv_all_ports(saslauthd_t)
+corenet_non_ipsec_sendrecv(saslauthd_t)
 corenet_tcp_bind_all_nodes(saslauthd_t)
 corenet_tcp_connect_pop_port(saslauthd_t)
 
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 593d14fd..02533606 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
 
-policy_module(sendmail,1.0)
+policy_module(sendmail,1.0.1)
 
 ########################################
 #
@@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(sendmail_t)
 corenet_udp_sendrecv_all_nodes(sendmail_t)
 corenet_tcp_sendrecv_all_ports(sendmail_t)
 corenet_udp_sendrecv_all_ports(sendmail_t)
+corenet_non_ipsec_sendrecv(sendmail_t)
 corenet_tcp_bind_all_nodes(sendmail_t)
 corenet_udp_bind_all_nodes(sendmail_t)
 corenet_tcp_bind_smtp_port(sendmail_t)
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index a7ed81b9..9bd0b099 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -1,5 +1,5 @@
 
-policy_module(snmp,1.0.2)
+policy_module(snmp,1.0.3)
 
 ########################################
 #
@@ -68,6 +68,7 @@ corenet_udp_sendrecv_all_nodes(snmpd_t)
 corenet_raw_sendrecv_all_nodes(snmpd_t)
 corenet_tcp_sendrecv_all_ports(snmpd_t)
 corenet_udp_sendrecv_all_ports(snmpd_t)
+corenet_non_ipsec_sendrecv(snmpd_t)
 corenet_tcp_bind_all_nodes(snmpd_t)
 corenet_udp_bind_all_nodes(snmpd_t)
 corenet_tcp_bind_snmp_port(snmpd_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if
index 83179b8e..589ae521 100644
--- a/refpolicy/policy/modules/services/spamassassin.if
+++ b/refpolicy/policy/modules/services/spamassassin.if
@@ -100,6 +100,7 @@ template(`spamassassin_per_userdomain_template',`
 	corenet_raw_sendrecv_all_nodes($1_spamc_t)
 	corenet_tcp_sendrecv_all_ports($1_spamc_t)
 	corenet_udp_sendrecv_all_ports($1_spamc_t)
+	corenet_non_ipsec_sendrecv($1_spamc_t)
 	corenet_tcp_bind_all_nodes($1_spamc_t)
 	corenet_udp_bind_all_nodes($1_spamc_t)
 	corenet_tcp_connect_all_ports($1_spamc_t)
@@ -282,6 +283,7 @@ template(`spamassassin_per_userdomain_template',`
 		corenet_raw_sendrecv_all_nodes($1_spamassassin_t)
 		corenet_tcp_sendrecv_all_ports($1_spamassassin_t)
 		corenet_udp_sendrecv_all_ports($1_spamassassin_t)
+		corenet_non_ipsec_sendrecv($1_spamassassin_t)
 		corenet_tcp_bind_all_nodes($1_spamassassin_t)
 		corenet_udp_bind_all_nodes($1_spamassassin_t)
 		corenet_tcp_connect_all_ports($1_spamassassin_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index f58f9401..ba7b4673 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -1,5 +1,5 @@
 
-policy_module(spamassassin,1.0.0)
+policy_module(spamassassin,1.0.1)
 
 ########################################
 #
@@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(spamd_t)
 corenet_raw_sendrecv_all_nodes(spamd_t)
 corenet_tcp_sendrecv_all_ports(spamd_t)
 corenet_udp_sendrecv_all_ports(spamd_t)
+corenet_non_ipsec_sendrecv(spamd_t)
 corenet_tcp_bind_all_nodes(spamd_t)
 corenet_udp_bind_all_nodes(spamd_t)
 corenet_tcp_bind_spamd_port(spamd_t)
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index f4cc464f..f4dfdec3 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -1,5 +1,5 @@
 
-policy_module(squid,1.0)
+policy_module(squid,1.0.1)
 
 ########################################
 #
@@ -78,6 +78,7 @@ corenet_udp_sendrecv_all_nodes(squid_t)
 corenet_raw_sendrecv_all_nodes(squid_t)
 corenet_tcp_sendrecv_all_ports(squid_t)
 corenet_udp_sendrecv_all_ports(squid_t)
+corenet_non_ipsec_sendrecv(squid_t)
 corenet_tcp_bind_all_nodes(squid_t)
 corenet_udp_bind_all_nodes(squid_t)
 corenet_tcp_bind_http_cache_port(squid_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index 5ca043f3..f804d88b 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -123,6 +123,7 @@ template(`ssh_per_userdomain_template',`
 	corenet_tcp_sendrecv_all_nodes($1_ssh_t)
 	corenet_raw_sendrecv_all_nodes($1_ssh_t)
 	corenet_tcp_sendrecv_all_ports($1_ssh_t)
+	corenet_non_ipsec_sendrecv($1_ssh_t)
 	corenet_tcp_bind_all_nodes($1_ssh_t)
 	corenet_tcp_connect_ssh_port($1_ssh_t)
 
@@ -437,6 +438,7 @@ template(`ssh_server_template', `
 	corenet_raw_sendrecv_all_nodes($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_tcp_connect_all_ports($1_t)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index d7b84d79..391a9895 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
 
-policy_module(ssh,1.0)
+policy_module(ssh,1.0.1)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te
index f274d294..b2c0c555 100644
--- a/refpolicy/policy/modules/services/stunnel.te
+++ b/refpolicy/policy/modules/services/stunnel.te
@@ -1,5 +1,5 @@
 
-policy_module(stunnel,1.0)
+policy_module(stunnel,1.0.1)
 
 ########################################
 #
@@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(stunnel_t)
 corenet_raw_sendrecv_all_nodes(stunnel_t)
 corenet_tcp_sendrecv_all_ports(stunnel_t)
 corenet_udp_sendrecv_all_ports(stunnel_t)
+corenet_non_ipsec_sendrecv(stunnel_t)
 corenet_tcp_bind_all_nodes(stunnel_t)
 corenet_udp_bind_all_nodes(stunnel_t)
 #corenet_tcp_bind_stunnel_port(stunnel_t)
diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te
index fea27843..e8d843ec 100644
--- a/refpolicy/policy/modules/services/tcpd.te
+++ b/refpolicy/policy/modules/services/tcpd.te
@@ -28,6 +28,7 @@ corenet_tcp_sendrecv_all_if(tcpd_t)
 corenet_raw_sendrecv_all_nodes(tcpd_t)
 corenet_tcp_sendrecv_all_nodes(tcpd_t)
 corenet_tcp_sendrecv_all_ports(tcpd_t)
+corenet_non_ipsec_sendrecv(tcpd_t)
 corenet_tcp_bind_all_nodes(tcpd_t)
 
 fs_getattr_xattr_fs(tcpd_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 85a20c46..814832a1 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -1,5 +1,5 @@
 
-policy_module(telnet,1.0)
+policy_module(telnet,1.0.1)
 
 ########################################
 #
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(telnetd_t)
 corenet_raw_sendrecv_all_nodes(telnetd_t)
 corenet_tcp_sendrecv_all_ports(telnetd_t)
 corenet_udp_sendrecv_all_ports(telnetd_t)
+corenet_non_ipsec_sendrecv(telnetd_t)
 corenet_tcp_bind_all_nodes(telnetd_t)
 corenet_udp_bind_all_nodes(telnetd_t)
 
diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te
index af3268fd..fddd1666 100644
--- a/refpolicy/policy/modules/services/tftp.te
+++ b/refpolicy/policy/modules/services/tftp.te
@@ -1,5 +1,5 @@
 
-policy_module(tftp,1.0)
+policy_module(tftp,1.0.1)
 
 ########################################
 #
@@ -49,6 +49,7 @@ corenet_udp_sendrecv_all_nodes(tftpd_t)
 corenet_raw_sendrecv_all_nodes(tftpd_t)
 corenet_tcp_sendrecv_all_ports(tftpd_t)
 corenet_udp_sendrecv_all_ports(tftpd_t)
+corenet_non_ipsec_sendrecv(tftpd_t)
 corenet_tcp_bind_all_nodes(tftpd_t)
 corenet_udp_bind_all_nodes(tftpd_t)
 corenet_udp_bind_tftp_port(tftpd_t)
diff --git a/refpolicy/policy/modules/services/timidity.te b/refpolicy/policy/modules/services/timidity.te
index 214c69df..70905d54 100644
--- a/refpolicy/policy/modules/services/timidity.te
+++ b/refpolicy/policy/modules/services/timidity.te
@@ -1,5 +1,5 @@
 
-policy_module(timidity,1.0.0)
+policy_module(timidity,1.0.1)
 
 # Note: You only need this policy if you want to run timidity as a server
 
@@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(timidity_t)
 corenet_raw_sendrecv_all_nodes(timidity_t)
 corenet_tcp_sendrecv_all_ports(timidity_t)
 corenet_udp_sendrecv_all_ports(timidity_t)
+corenet_non_ipsec_sendrecv(timidity_t)
 corenet_tcp_bind_all_nodes(timidity_t)
 corenet_udp_bind_all_nodes(timidity_t)
 
diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te
index 27b822a4..262307e4 100644
--- a/refpolicy/policy/modules/services/uucp.te
+++ b/refpolicy/policy/modules/services/uucp.te
@@ -1,5 +1,5 @@
 
-policy_module(uucp,1.0)
+policy_module(uucp,1.0.1)
 
 ########################################
 #
@@ -75,6 +75,7 @@ corenet_udp_sendrecv_all_nodes(uucpd_t)
 corenet_raw_sendrecv_all_nodes(uucpd_t)
 corenet_tcp_sendrecv_all_ports(uucpd_t)
 corenet_udp_sendrecv_all_ports(uucpd_t)
+corenet_non_ipsec_sendrecv(uucpd_t)
 corenet_tcp_bind_all_nodes(uucpd_t)
 corenet_udp_bind_all_nodes(uucpd_t)
 
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index f08ecdf4..0ef18e6a 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -1,5 +1,5 @@
 
-policy_module(zebra,1.0.1)
+policy_module(zebra,1.0.2)
 
 ########################################
 #
@@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(zebra_t)
 corenet_raw_sendrecv_all_nodes(zebra_t)
 corenet_tcp_sendrecv_all_ports(zebra_t)
 corenet_udp_sendrecv_all_ports(zebra_t)
+corenet_non_ipsec_sendrecv(zebra_t)
 corenet_tcp_bind_all_nodes(zebra_t)
 corenet_udp_bind_all_nodes(zebra_t)
 corenet_tcp_bind_zebra_port(zebra_t)
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 675d0391..22b0fe51 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -1,5 +1,5 @@
 
-policy_module(hotplug,1.0.1)
+policy_module(hotplug,1.0.2)
 
 ########################################
 #
@@ -61,6 +61,7 @@ corenet_udp_sendrecv_all_nodes(hotplug_t)
 corenet_raw_sendrecv_all_nodes(hotplug_t)
 corenet_tcp_sendrecv_all_ports(hotplug_t)
 corenet_udp_sendrecv_all_ports(hotplug_t)
+corenet_non_ipsec_sendrecv(hotplug_t)
 corenet_tcp_bind_all_nodes(hotplug_t)
 corenet_udp_bind_all_nodes(hotplug_t)
 
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 72b8312b..f5b856da 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init,1.0.3)
+policy_module(init,1.0.4)
 
 gen_require(`
 	class passwd rootok;
@@ -257,6 +257,7 @@ corenet_raw_sendrecv_all_nodes(initrc_t)
 corenet_udp_sendrecv_all_nodes(initrc_t)
 corenet_tcp_sendrecv_all_ports(initrc_t)
 corenet_udp_sendrecv_all_ports(initrc_t)
+corenet_non_ipsec_sendrecv(initrc_t)
 corenet_tcp_bind_all_nodes(initrc_t)
 corenet_udp_bind_all_nodes(initrc_t)
 corenet_tcp_connect_all_ports(initrc_t)
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index cc6d402b..331dda55 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -1,5 +1,5 @@
 
-policy_module(ipsec,1.0)
+policy_module(ipsec,1.0.1)
 
 ########################################
 #
@@ -87,6 +87,7 @@ corenet_raw_sendrecv_all_if(ipsec_t)
 corenet_tcp_sendrecv_all_nodes(ipsec_t)
 corenet_raw_sendrecv_all_nodes(ipsec_t)
 corenet_tcp_sendrecv_all_ports(ipsec_t)
+corenet_non_ipsec_sendrecv(ipsec_t)
 corenet_tcp_bind_all_nodes(ipsec_t)
 corenet_udp_bind_reserved_port(ipsec_t)
 corenet_udp_bind_isakmp_port(ipsec_t)
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 29519958..aac06255 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
 
-policy_module(logging,1.0.2)
+policy_module(logging,1.0.3)
 
 ########################################
 #
@@ -313,6 +313,7 @@ corenet_udp_sendrecv_all_if(syslogd_t)
 corenet_raw_sendrecv_all_nodes(syslogd_t)
 corenet_udp_sendrecv_all_nodes(syslogd_t)
 corenet_udp_sendrecv_all_ports(syslogd_t)
+corenet_non_ipsec_sendrecv(syslogd_t)
 corenet_udp_bind_all_nodes(syslogd_t)
 corenet_tcp_bind_syslogd_port(syslogd_t)
 #cjp: why?
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 6fadbbcb..ed7c016f 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
 
-policy_module(lvm,1.0)
+policy_module(lvm,1.0.1)
 
 ########################################
 #
@@ -65,6 +65,7 @@ corenet_udp_sendrecv_all_nodes(clvmd_t)
 corenet_raw_sendrecv_all_nodes(clvmd_t)
 corenet_tcp_sendrecv_all_ports(clvmd_t)
 corenet_udp_sendrecv_all_ports(clvmd_t)
+corenet_non_ipsec_sendrecv(clvmd_t)
 corenet_tcp_bind_all_nodes(clvmd_t)
 corenet_udp_bind_all_nodes(clvmd_t)
 corenet_tcp_bind_reserved_port(clvmd_t)
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 82ae9be6..9c724baa 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -1,5 +1,5 @@
 
-policy_module(mount,1.0)
+policy_module(mount,1.0.1)
 
 ########################################
 #
@@ -106,6 +106,7 @@ optional_policy(`portmap',`
 	corenet_udp_sendrecv_all_nodes(mount_t)
 	corenet_tcp_sendrecv_all_ports(mount_t)
 	corenet_udp_sendrecv_all_ports(mount_t)
+	corenet_non_ipsec_sendrecv(mount_t)
 	corenet_tcp_bind_all_nodes(mount_t)
 	corenet_udp_bind_all_nodes(mount_t)
 	corenet_tcp_bind_generic_port(mount_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 6ecf59d7..9b0a2349 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -440,6 +440,7 @@ interface(`sysnet_dns_name_resolve',`
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_dns_port($1)
 	corenet_udp_sendrecv_dns_port($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_udp_bind_all_nodes($1)
 	corenet_tcp_connect_dns_port($1)
@@ -468,6 +469,7 @@ interface(`sysnet_use_ldap',`
 	corenet_tcp_sendrecv_all_nodes($1)
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_ldap_port($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_tcp_connect_ldap_port($1)
 
@@ -499,6 +501,7 @@ interface(`sysnet_use_portmap',`
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_portmap_port($1)
 	corenet_udp_sendrecv_portmap_port($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_udp_bind_all_nodes($1)
 	corenet_tcp_connect_portmap_port($1)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 302ae6d8..175bb3bb 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
 
-policy_module(sysnetwork,1.0.3)
+policy_module(sysnetwork,1.0.4)
 
 ########################################
 #
@@ -99,6 +99,7 @@ corenet_raw_sendrecv_all_nodes(dhcpc_t)
 corenet_udp_sendrecv_all_nodes(dhcpc_t)
 corenet_tcp_sendrecv_all_ports(dhcpc_t)
 corenet_udp_sendrecv_all_ports(dhcpc_t)
+corenet_non_ipsec_sendrecv(dhcpc_t)
 corenet_tcp_bind_all_nodes(dhcpc_t)
 corenet_udp_bind_all_nodes(dhcpc_t)
 corenet_udp_bind_dhcpc_port(dhcpc_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 9167d695..53d45a34 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -173,6 +173,7 @@ template(`base_user_template',`
 	corenet_udp_sendrecv_all_nodes($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_udp_bind_generic_port($1_t)
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 6c228fa8..7c66a13b 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,1.0.6)
+policy_module(userdomain,1.0.7)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;