Hi, policy 1.17.3 and later are not being handled properly by checkpolicy, because the update that was supposed to go out with checkpolicy-1.16.2 was not built properly due to a packaging mistake. End result: All reserved ports are remapped to reserved_port_t, and most daemons will fail during startup due to a lack of name_bind permission, at least with strict policy. Fixed checkpolicy should be available soon. -- Stephen Smalley <sds(a)epoch.ncsc.mil&gt; National Security Agency