diff -Naur ccstools.orig/init_policy.sh ccstools/init_policy.sh
--- ccstools.orig/init_policy.sh	2009-06-23 09:00:00.000000000 +0900
+++ ccstools/init_policy.sh	2009-07-05 11:36:47.000000000 +0900
@@ -132,16 +132,26 @@
 	grep -qF "Fedora Core" /etc/issue && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?'         # FC3
 	grep -qF "Debian" /etc/issue && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?/crontab'          # Sarge
 	
+	CRONTAB_PATH=`which crontab 2> /dev/null`
+	if [ -n "$CRONTAB_PATH" ]; then
+		# vixie-cron and cronie
+		grep -qF 'crontab.XXXXXXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?'
+		# dcron 
+		grep -qF 'crontab.XXXXXX'     $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?'
+		# fcron
+		grep -qF 'fcr-XXXXXX'         $CRONTAB_PATH && echo 'file_pattern /tmp/fcr-\?\?\?\?\?\?'
+	fi
+	
 	#
 	# Allow reading some data files.
 	#
-	for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib/gconv/gconv-modules.cache /usr/share/locale/locale.alias
+	for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib{,32,64}/gconv/gconv-modules.cache /usr/share/locale/locale.alias
 	do
 		FILE=`realpath $i`
 		[ -n "$FILE" -a -r "$FILE" -a ! -L "$FILE" ] && echo 'allow_read '$FILE
 	done
 	set -f
-	for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/`
+	for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/` `realpath -n /usr/lib32/` `realpath -n /usr/lib64/`
 	  do
 	  if [ -d $dir ]; then
         # Allow reading font files.
@@ -221,7 +231,7 @@
 	#
 	# You can add as you like to the list below.
 	#
-	for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd
+	for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd
 	do
 		FILE=`realpath $FILE 2> /dev/null`
 		[ -n "$FILE" -a -f "$FILE" -a -x "$FILE" -a ! -L "$FILE" ] && echo 'initialize_domain '$FILE
@@ -256,6 +266,11 @@
 		echo 'file_pattern /var/spool/squid/\*/\*/'
 		echo 'file_pattern /var/spool/squid/\*/\*/\*'
 	fi
+	if [ -d /var/cache/squid/ ]; then
+		echo 'file_pattern /var/cache/squid/\*/'
+		echo 'file_pattern /var/cache/squid/\*/\*/'
+		echo 'file_pattern /var/cache/squid/\*/\*/\*'
+	fi
 	
 	#
 	# Make patterns for spamd(1).
@@ -369,6 +384,10 @@
 		if grep -qF '/tmp/whatis.XXXXXX' $MAKEWHATIS_PATH; then
 			echo 'file_pattern /tmp/whatis.\?\?\?\?\?\?'
 		fi
+		if grep -qF '/tmp/whatis.tmp.dir.$$' $MAKEWHATIS_PATH; then
+			echo 'file_pattern /tmp/whatis.tmp.dir.\$/'
+			echo 'file_pattern /tmp/whatis.tmp.dir.\$/w'
+		fi
 	fi
 	
 	#
@@ -514,6 +533,41 @@
 		echo 'file_pattern /var/run/nscd/db\?\?\?\?\?\?'
 	fi
 	
+	if [ -e /etc/gentoo-release ]; then
+		echo 'file_pattern /var/cache/edb/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/eix'
+		echo 'file_pattern /var/cache/revdep-rebuild/\*.rr'
+		echo 'file_pattern /var/db/pkg/\*'
+		echo 'file_pattern /var/db/pkg/\*/\*'
+		echo 'file_pattern /var/db/pkg/\*/\*/\*'
+		echo 'file_pattern /var/lib/portage/\*'
+		echo 'file_pattern /var/tmp/portage/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+	fi
+	
 	if [ -d /var/lib/init.d/ ]; then
 	    echo 'file_pattern /var/lib/init.d/mtime-test.\$'
 	    echo 'file_pattern /var/lib/init.d/exclusive/\*.\$'
@@ -525,6 +579,10 @@
 	echo 'file_pattern /etc/gshadow.\$'
 	echo 'file_pattern /etc/passwd.\$'
 	echo 'file_pattern /etc/shadow.\$'
+	echo 'file_pattern /etc/group.edit'
+	echo 'file_pattern /etc/gshadow.edit'
+	echo 'file_pattern /etc/passwd.edit'
+	echo 'file_pattern /etc/shadow.edit'
 	echo 'file_pattern /var/cache/logwatch/logwatch.\*/'
 	echo 'file_pattern /var/cache/logwatch/logwatch.\*/\*'
 	echo 'file_pattern /var/tmp/sqlite_\*'
diff -Naur ccstools.orig/tomoyo_init_policy.sh ccstools/tomoyo_init_policy.sh
--- ccstools.orig/tomoyo_init_policy.sh	2009-06-23 09:00:00.000000000 +0900
+++ ccstools/tomoyo_init_policy.sh	2009-07-05 11:36:40.000000000 +0900
@@ -120,16 +120,26 @@
 	grep -qF "Fedora Core" /etc/issue && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?'         # FC3
 	grep -qF "Debian" /etc/issue && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?/crontab'          # Sarge
 	
+	CRONTAB_PATH=`which crontab 2> /dev/null`
+	if [ -n "$CRONTAB_PATH" ]; then
+		# vixie-cron and cronie
+		grep -qF 'crontab.XXXXXXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?'
+		# dcron 
+		grep -qF 'crontab.XXXXXX'     $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?'
+		# fcron
+		grep -qF 'fcr-XXXXXX'         $CRONTAB_PATH && echo 'file_pattern /tmp/fcr-\?\?\?\?\?\?'
+	fi
+	
 	#
 	# Allow reading some data files.
 	#
-	for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib/gconv/gconv-modules.cache /usr/share/locale/locale.alias
+	for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib{,32,64}/gconv/gconv-modules.cache /usr/share/locale/locale.alias
 	do
 		FILE=`realpath $i`
 		[ -n "$FILE" -a -r "$FILE" -a ! -L "$FILE" ] && echo 'allow_read '$FILE
 	done
 	set -f
-	for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/`
+	for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/` `realpath -n /usr/lib32/` `realpath -n /usr/lib64/`
 	  do
 	  if [ -d $dir ]; then
         # Allow reading font files.
@@ -209,7 +219,7 @@
 	#
 	# You can add as you like to the list below.
 	#
-	for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd
+	for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd
 	do
 		FILE=`realpath $FILE 2> /dev/null`
 		[ -n "$FILE" -a -f "$FILE" -a -x "$FILE" -a ! -L "$FILE" ] && echo 'initialize_domain '$FILE
@@ -244,6 +254,11 @@
 		echo 'file_pattern /var/spool/squid/\*/\*/'
 		echo 'file_pattern /var/spool/squid/\*/\*/\*'
 	fi
+	if [ -d /var/cache/squid/ ]; then
+		echo 'file_pattern /var/cache/squid/\*/'
+		echo 'file_pattern /var/cache/squid/\*/\*/'
+		echo 'file_pattern /var/cache/squid/\*/\*/\*'
+	fi
 	
 	#
 	# Make patterns for spamd(1).
@@ -357,6 +372,10 @@
 		if grep -qF '/tmp/whatis.XXXXXX' $MAKEWHATIS_PATH; then
 			echo 'file_pattern /tmp/whatis.\?\?\?\?\?\?'
 		fi
+		if grep -qF '/tmp/whatis.tmp.dir.$$' $MAKEWHATIS_PATH; then
+			echo 'file_pattern /tmp/whatis.tmp.dir.\$/'
+			echo 'file_pattern /tmp/whatis.tmp.dir.\$/w'
+		fi
 	fi
 	
 	#
@@ -502,6 +521,41 @@
 		echo 'file_pattern /var/run/nscd/db\?\?\?\?\?\?'
 	fi
 	
+	if [ -e /etc/gentoo-release ]; then
+		echo 'file_pattern /var/cache/edb/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/cache/eix'
+		echo 'file_pattern /var/cache/revdep-rebuild/\*.rr'
+		echo 'file_pattern /var/db/pkg/\*'
+		echo 'file_pattern /var/db/pkg/\*/\*'
+		echo 'file_pattern /var/db/pkg/\*/\*/\*'
+		echo 'file_pattern /var/lib/portage/\*'
+		echo 'file_pattern /var/tmp/portage/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+		echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*'
+	fi
+	
 	if [ -d /var/lib/init.d/ ]; then
 	    echo 'file_pattern /var/lib/init.d/mtime-test.\$'
 	    echo 'file_pattern /var/lib/init.d/exclusive/\*.\$'
@@ -513,6 +567,10 @@
 	echo 'file_pattern /etc/gshadow.\$'
 	echo 'file_pattern /etc/passwd.\$'
 	echo 'file_pattern /etc/shadow.\$'
+	echo 'file_pattern /etc/group.edit'
+	echo 'file_pattern /etc/gshadow.edit'
+	echo 'file_pattern /etc/passwd.edit'
+	echo 'file_pattern /etc/shadow.edit'
 	echo 'file_pattern /var/cache/logwatch/logwatch.\*/'
 	echo 'file_pattern /var/cache/logwatch/logwatch.\*/\*'
 	echo 'file_pattern /var/tmp/sqlite_\*'