diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 4498c5b..71b66a6 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -10021,10 +10021,10 @@ index 0000000..de66654
+')
diff --git a/bumblebee.te b/bumblebee.te
new file mode 100644
-index 0000000..00e1ff2
+index 0000000..daceb19
--- /dev/null
+++ b/bumblebee.te
-@@ -0,0 +1,58 @@
+@@ -0,0 +1,59 @@
+policy_module(bumblebee, 1.0.0)
+
+########################################
@@ -10075,6 +10075,7 @@ index 0000000..00e1ff2
+sysnet_dns_name_resolve(bumblebee_t)
+
+xserver_domtrans(bumblebee_t)
++xserver_kill(bumblebee_t)
+xserver_signal(bumblebee_t)
+xserver_stream_connect(bumblebee_t)
+xserver_manage_xkb_libs(bumblebee_t)
@@ -23230,10 +23231,10 @@ index 0000000..3061ae5
+')
diff --git a/docker.te b/docker.te
new file mode 100644
-index 0000000..99211cd
+index 0000000..1e88da4
--- /dev/null
+++ b/docker.te
-@@ -0,0 +1,223 @@
+@@ -0,0 +1,224 @@
+policy_module(docker, 1.0.0)
+
+########################################
@@ -23328,6 +23329,7 @@ index 0000000..99211cd
+kernel_read_system_state(docker_t)
+kernel_read_network_state(docker_t)
+kernel_read_all_sysctls(docker_t)
++kernel_rw_net_sysctls(docker_t)
+
+domain_use_interactive_fds(docker_t)
+
@@ -57431,6 +57433,234 @@ index 0000000..0493b99
+optional_policy(`
+ modutils_domtrans_insmod(oracleasm_t)
+')
+diff --git a/osad.fc b/osad.fc
+new file mode 100644
+index 0000000..1e1eceb
+--- /dev/null
++++ b/osad.fc
+@@ -0,0 +1,7 @@
++/etc/rc\.d/init\.d/osad -- gen_context(system_u:object_r:osad_initrc_exec_t,s0)
++
++/usr/sbin/osad -- gen_context(system_u:object_r:osad_exec_t,s0)
++
++/var/log/osad -- gen_context(system_u:object_r:osad_log_t,s0)
++
++/var/run/osad.* -- gen_context(system_u:object_r:osad_var_run_t,s0)
+diff --git a/osad.if b/osad.if
+new file mode 100644
+index 0000000..05648bd
+--- /dev/null
++++ b/osad.if
+@@ -0,0 +1,165 @@
++
++## Client-side service written in Python that responds to pings and runs rhn_check when told to by osa-dispatcher.
++
++########################################
++##
++## Execute osad in the osad domin.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++#
++interface(`osad_domtrans',`
++ gen_require(`
++ type osad_t, osad_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domtrans_pattern($1, osad_exec_t, osad_t)
++')
++
++########################################
++##
++## Execute osad server in the osad domain.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`osad_initrc_domtrans',`
++ gen_require(`
++ type osad_initrc_exec_t;
++ ')
++
++ init_labeled_script_domtrans($1, osad_initrc_exec_t)
++')
++########################################
++##
++## Read osad's log files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`osad_read_log',`
++ gen_require(`
++ type osad_log_t;
++ ')
++
++ logging_search_logs($1)
++ read_files_pattern($1, osad_log_t, osad_log_t)
++')
++
++########################################
++##
++## Append to osad log files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`osad_append_log',`
++ gen_require(`
++ type osad_log_t;
++ ')
++
++ logging_search_logs($1)
++ append_files_pattern($1, osad_log_t, osad_log_t)
++')
++
++########################################
++##
++## Manage osad log files
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`osad_manage_log',`
++ gen_require(`
++ type osad_log_t;
++ ')
++
++ logging_search_logs($1)
++ manage_dirs_pattern($1, osad_log_t, osad_log_t)
++ manage_files_pattern($1, osad_log_t, osad_log_t)
++ manage_lnk_files_pattern($1, osad_log_t, osad_log_t)
++')
++########################################
++##
++## Read osad PID files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`osad_read_pid_files',`
++ gen_require(`
++ type osad_var_run_t;
++ ')
++
++ files_search_pids($1)
++ read_files_pattern($1, osad_var_run_t, osad_var_run_t)
++')
++
++
++########################################
++##
++## All of the rules required to administrate
++## an osad environment
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## Role allowed access.
++##
++##
++##
++#
++interface(`osad_admin',`
++ gen_require(`
++ type osad_t;
++ type osad_initrc_exec_t;
++ type osad_log_t;
++ type osad_var_run_t;
++ ')
++
++ allow $1 osad_t:process { signal_perms };
++ ps_process_pattern($1, osad_t)
++
++ tunable_policy(`deny_ptrace',`',`
++ allow $1 osad_t:process ptrace;
++ ')
++
++ osad_initrc_domtrans($1)
++ domain_system_change_exemption($1)
++ role_transition $2 osad_initrc_exec_t system_r;
++ allow $2 system_r;
++
++ logging_search_logs($1)
++ admin_pattern($1, osad_log_t)
++
++ files_search_pids($1)
++ admin_pattern($1, osad_var_run_t)
++ optional_policy(`
++ systemd_passwd_agent_exec($1)
++ systemd_read_fifo_file_passwd_run($1)
++ ')
++')
+diff --git a/osad.te b/osad.te
+new file mode 100644
+index 0000000..ac767bc
+--- /dev/null
++++ b/osad.te
+@@ -0,0 +1,38 @@
++policy_module(osad, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type osad_t;
++type osad_exec_t;
++init_daemon_domain(osad_t, osad_exec_t)
++
++type osad_initrc_exec_t;
++init_script_file(osad_initrc_exec_t)
++
++type osad_log_t;
++logging_log_file(osad_log_t)
++
++type osad_var_run_t;
++files_pid_file(osad_var_run_t)
++
++########################################
++#
++# osad local policy
++#
++allow osad_t self:process setpgid;
++
++manage_files_pattern(osad_t, osad_log_t, osad_log_t)
++logging_log_filetrans(osad_t, osad_log_t, { file })
++
++manage_files_pattern(osad_t, osad_var_run_t, osad_var_run_t)
++files_pid_filetrans(osad_t, osad_var_run_t, { file})
++
++kernel_read_system_state(osad_t)
++
++auth_read_passwd(osad_t)
++
++dev_read_urand(osad_t)
++
diff --git a/pacemaker.fc b/pacemaker.fc
index 2f0ad56..d4da0b8 100644
--- a/pacemaker.fc
@@ -66479,7 +66709,7 @@ index 00edeab..166e9c3 100644
+ read_files_pattern($1, procmail_home_t, procmail_home_t)
')
diff --git a/procmail.te b/procmail.te
-index d447152..73c437c 100644
+index d447152..2f0ae78 100644
--- a/procmail.te
+++ b/procmail.te
@@ -1,4 +1,4 @@
@@ -66514,7 +66744,7 @@ index d447152..73c437c 100644
allow procmail_t procmail_log_t:dir setattr_dir_perms;
create_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
append_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
-@@ -40,89 +44,106 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
+@@ -40,89 +44,107 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
allow procmail_t procmail_tmp_t:file manage_file_perms;
files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
@@ -66546,6 +66776,7 @@ index d447152..73c437c 100644
-corecmd_exec_bin(procmail_t)
-corecmd_exec_shell(procmail_t)
++dev_read_rand(procmail_t)
dev_read_urand(procmail_t)
-fs_getattr_all_fs(procmail_t)
@@ -66568,10 +66799,10 @@ index d447152..73c437c 100644
-miscfiles_read_localization(procmail_t)
+init_read_utmp(procmail_t)
-+
+
+logging_send_syslog_msg(procmail_t)
+logging_append_all_logs(procmail_t)
-
++
+list_dirs_pattern(procmail_t, procmail_home_t, procmail_home_t)
+read_files_pattern(procmail_t, procmail_home_t, procmail_home_t)
userdom_search_user_home_dirs(procmail_t)
@@ -66593,17 +66824,17 @@ index d447152..73c437c 100644
+userdom_manage_user_tmp_dirs(procmail_t)
+userdom_manage_user_tmp_files(procmail_t)
+userdom_manage_user_tmp_symlinks(procmail_t)
-+
-+# Execute user executables
-+userdom_exec_user_bin_files(procmail_t)
-+
-+mta_manage_spool(procmail_t)
-+mta_read_queue(procmail_t)
-tunable_policy(`use_samba_home_dirs',`
- fs_manage_cifs_dirs(procmail_t)
- fs_manage_cifs_files(procmail_t)
- fs_manage_cifs_symlinks(procmail_t)
++# Execute user executables
++userdom_exec_user_bin_files(procmail_t)
++
++mta_manage_spool(procmail_t)
++mta_read_queue(procmail_t)
++
+ifdef(`hide_broken_symptoms',`
+ mta_dontaudit_rw_queue(procmail_t)
')
@@ -66658,7 +66889,7 @@ index d447152..73c437c 100644
')
optional_policy(`
-@@ -131,6 +152,8 @@ optional_policy(`
+@@ -131,6 +153,8 @@ optional_policy(`
')
optional_policy(`
@@ -66667,6 +66898,15 @@ index d447152..73c437c 100644
sendmail_domtrans(procmail_t)
sendmail_signal(procmail_t)
sendmail_dontaudit_rw_tcp_sockets(procmail_t)
+@@ -145,3 +169,8 @@ optional_policy(`
+ spamassassin_domtrans_client(procmail_t)
+ spamassassin_read_lib_files(procmail_t)
+ ')
++
++optional_policy(`
++ zarafa_stream_connect_server(procmail_t)
++ zarafa_domtrans_deliver(procmail_t)
++')
diff --git a/prosody.fc b/prosody.fc
new file mode 100644
index 0000000..96a0d9f
@@ -101126,10 +101366,10 @@ index 0000000..044be2f
+')
diff --git a/vmtools.te b/vmtools.te
new file mode 100644
-index 0000000..1398ead
+index 0000000..5549375
--- /dev/null
+++ b/vmtools.te
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,46 @@
+policy_module(vmtools, 1.0.0)
+
+########################################
@@ -101151,6 +101391,7 @@ index 0000000..1398ead
+#
+# vmtools local policy
+#
++
+allow vmtools_t self:capability { sys_time sys_rawio };
+allow vmtools_t self:fifo_file rw_fifo_file_perms;
+allow vmtools_t self:unix_stream_socket create_stream_socket_perms;
@@ -101164,6 +101405,7 @@ index 0000000..1398ead
+kernel_read_system_state(vmtools_t)
+kernel_read_network_state(vmtools_t)
+
++corecmd_exec_bin(vmtools_t)
+corecmd_exec_shell(vmtools_t)
+
+dev_read_urand(vmtools_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 843f956..c709ae0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 123%{?dist}
+Release: 124%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,24 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Feb 3 2014 Miroslav Grepl 3.12.1-124
+- Added osad policy
+- Allow postfix to deliver to procmail
+- Allow bumblebee to seng kill signal to xserver
+- Allow vmtools to execute /usr/bin/lsb_release
+- Allow docker to write system net ctrls
+- Add support for rhnsd unit file
+- Add dbus_chat_session_bus() interface
+- Add dbus_stream_connect_session_bus() interface
+- Fix pcp.te
+- Fix logrotate_use_nfs boolean
+- Add lot of pcp fixes found in RHEL7
+- fix labeling for pmie for pcp pkg
+- Change thumb_t to be allowed to chat/connect with session bus type
+- Allow call renice in mlocate
+- Add logrotate_use_nfs boolean
+- Allow setroubleshootd to read rpc sysctl
+
* Fri Jan 31 2014 Miroslav Grepl 3.12.1-123
- Turn on bacula, rhnsd policy
- Add support for rhnsd unit file