fixes

docs/macro_conversion_guide

@@ -41,10 +41,12 @@ kernel_read_system_state($1)
 corecmd_exec_shell($1)
 files_read_etc_runtime_files($1)
 mta_append_spool($1)
+ifdef(`TODO',`
 optional_policy(`arpwatch.te',`
 	# why is mail delivered to a directory of type arpwatch_data_t?
 	allow mta_delivery_agent arpwatch_data_t:dir search;
 ')
+') dnl end TODO
 
 #
 # mta_user_agent:
@@ -743,7 +745,7 @@ type $1_var_run_t;
 files_pid_file($1_var_run_t)
 allow $1_t self:process signal_perms;
 allow $1_t self:fifo_file rw_file_perms;
-allow $1_t self:tcp_socket { listen accept connected_socket_perms }
+allow $1_t self:tcp_socket connected_stream_socket_perms;
 # for identd
 # cjp: this should probably only be inetd_child rules?
 allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;