Again, looking through the policy I see sections for policy to confine cardmgr, /etc/hotplug scripts, updfstab, etc. Do we do any routine policy updates to purge obsolete policy? If not, should we? Bill