diff --git a/cmirrord.fc b/cmirrord.fc
index 049e2b611a..4d5ab0dfab 100644
--- a/cmirrord.fc
+++ b/cmirrord.fc
@@ -1,5 +1,5 @@
/etc/rc\.d/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
-/usr/sbin/cmirrord -- gen_context(system_u:object_r:cmirrord_exec_t,s0)
+/usr/sbin/cmirrord -- gen_context(system_u:object_r:cmirrord_exec_t,s0)
-/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0)
+/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0)
diff --git a/cmirrord.if b/cmirrord.if
index f8463c0f76..cc4e7cb969 100644
--- a/cmirrord.if
+++ b/cmirrord.if
@@ -1,8 +1,9 @@
-## Cluster mirror log daemon
+## Cluster mirror log daemon.
########################################
##
-## Execute a domain transition to run cmirrord.
+## Execute a domain transition to
+## run cmirrord.
##
##
##
@@ -15,12 +16,14 @@ interface(`cmirrord_domtrans',`
type cmirrord_t, cmirrord_exec_t;
')
+ corecmd_search_bin($1)
domtrans_pattern($1, cmirrord_exec_t, cmirrord_t)
')
########################################
##
-## Execute cmirrord server in the cmirrord domain.
+## Execute cmirrord server in the
+## cmirrord domain.
##
##
##
@@ -57,7 +60,7 @@ interface(`cmirrord_read_pid_files',`
#######################################
##
-## Read and write to cmirrord shared memory.
+## Read and write cmirrord shared memory.
##
##
##
@@ -80,8 +83,8 @@ interface(`cmirrord_rw_shm',`
########################################
##
-## All of the rules required to administrate
-## an cmirrord environment
+## All of the rules required to
+## administrate an cmirrord environment.
##
##
##
diff --git a/cmirrord.te b/cmirrord.te
index 28fdd8ad94..d8e995855a 100644
--- a/cmirrord.te
+++ b/cmirrord.te
@@ -1,4 +1,4 @@
-policy_module(cmirrord, 1.0.0)
+policy_module(cmirrord, 1.0.1)
########################################
#
@@ -20,23 +20,22 @@ files_pid_file(cmirrord_var_run_t)
########################################
#
-# cmirrord local policy
+# Local policy
#
allow cmirrord_t self:capability { net_admin kill };
dontaudit cmirrord_t self:capability sys_tty_config;
-allow cmirrord_t self:process { setfscreate signal};
+allow cmirrord_t self:process { setfscreate signal };
allow cmirrord_t self:fifo_file rw_fifo_file_perms;
allow cmirrord_t self:sem create_sem_perms;
allow cmirrord_t self:shm create_shm_perms;
allow cmirrord_t self:netlink_socket create_socket_perms;
-allow cmirrord_t self:unix_stream_socket create_stream_socket_perms;
+allow cmirrord_t self:unix_stream_socket { accept listen };
manage_dirs_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
manage_files_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
fs_tmpfs_filetrans(cmirrord_t, cmirrord_tmpfs_t, { dir file })
-manage_dirs_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
manage_files_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
files_pid_filetrans(cmirrord_t, cmirrord_var_run_t, file)