diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 4498c5b..71b66a6 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -10021,10 +10021,10 @@ index 0000000..de66654
 +')
 diff --git a/bumblebee.te b/bumblebee.te
 new file mode 100644
-index 0000000..00e1ff2
+index 0000000..daceb19
 --- /dev/null
 +++ b/bumblebee.te
-@@ -0,0 +1,58 @@
+@@ -0,0 +1,59 @@
 +policy_module(bumblebee, 1.0.0)
 +
 +########################################
@@ -10075,6 +10075,7 @@ index 0000000..00e1ff2
 +sysnet_dns_name_resolve(bumblebee_t)
 +
 +xserver_domtrans(bumblebee_t)
++xserver_kill(bumblebee_t)
 +xserver_signal(bumblebee_t)
 +xserver_stream_connect(bumblebee_t)
 +xserver_manage_xkb_libs(bumblebee_t)
@@ -23230,10 +23231,10 @@ index 0000000..3061ae5
 +')
 diff --git a/docker.te b/docker.te
 new file mode 100644
-index 0000000..99211cd
+index 0000000..1e88da4
 --- /dev/null
 +++ b/docker.te
-@@ -0,0 +1,223 @@
+@@ -0,0 +1,224 @@
 +policy_module(docker, 1.0.0)
 +
 +########################################
@@ -23328,6 +23329,7 @@ index 0000000..99211cd
 +kernel_read_system_state(docker_t)
 +kernel_read_network_state(docker_t)
 +kernel_read_all_sysctls(docker_t)
++kernel_rw_net_sysctls(docker_t)
 +
 +domain_use_interactive_fds(docker_t)
 +
@@ -57431,6 +57433,234 @@ index 0000000..0493b99
 +optional_policy(`
 +    modutils_domtrans_insmod(oracleasm_t)
 +')
+diff --git a/osad.fc b/osad.fc
+new file mode 100644
+index 0000000..1e1eceb
+--- /dev/null
++++ b/osad.fc
+@@ -0,0 +1,7 @@
++/etc/rc\.d/init\.d/osad	--	gen_context(system_u:object_r:osad_initrc_exec_t,s0)
++
++/usr/sbin/osad		--	gen_context(system_u:object_r:osad_exec_t,s0)
++
++/var/log/osad		--	gen_context(system_u:object_r:osad_log_t,s0)
++
++/var/run/osad.*		--	gen_context(system_u:object_r:osad_var_run_t,s0)
+diff --git a/osad.if b/osad.if
+new file mode 100644
+index 0000000..05648bd
+--- /dev/null
++++ b/osad.if
+@@ -0,0 +1,165 @@
++
++## <summary>Client-side service written in Python that responds to pings and runs rhn_check when told to by osa-dispatcher. </summary>
++
++########################################
++## <summary>
++##	Execute osad in the osad domin.
++## </summary>
++## <param name="domain">
++## <summary>
++##	Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`osad_domtrans',`
++	gen_require(`
++		type osad_t, osad_exec_t;
++	')
++
++	corecmd_search_bin($1)
++	domtrans_pattern($1, osad_exec_t, osad_t)
++')
++
++########################################
++## <summary>
++##	Execute osad server in the osad domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`osad_initrc_domtrans',`
++	gen_require(`
++		type osad_initrc_exec_t;
++	')
++
++	init_labeled_script_domtrans($1, osad_initrc_exec_t)
++')
++########################################
++## <summary>
++##	Read osad's log files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`osad_read_log',`
++	gen_require(`
++		type osad_log_t;
++	')
++
++	logging_search_logs($1)
++	read_files_pattern($1, osad_log_t, osad_log_t)
++')
++
++########################################
++## <summary>
++##	Append to osad log files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`osad_append_log',`
++	gen_require(`
++		type osad_log_t;
++	')
++
++	logging_search_logs($1)
++	append_files_pattern($1, osad_log_t, osad_log_t)
++')
++
++########################################
++## <summary>
++##	Manage osad log files
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`osad_manage_log',`
++	gen_require(`
++		type osad_log_t;
++	')
++
++	logging_search_logs($1)
++	manage_dirs_pattern($1, osad_log_t, osad_log_t)
++	manage_files_pattern($1, osad_log_t, osad_log_t)
++	manage_lnk_files_pattern($1, osad_log_t, osad_log_t)
++')
++########################################
++## <summary>
++##	Read osad PID files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`osad_read_pid_files',`
++	gen_require(`
++		type osad_var_run_t;
++	')
++
++	files_search_pids($1)
++	read_files_pattern($1, osad_var_run_t, osad_var_run_t)
++')
++
++
++########################################
++## <summary>
++##	All of the rules required to administrate
++##	an osad environment
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <param name="role">
++##	<summary>
++##	Role allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`osad_admin',`
++	gen_require(`
++		type osad_t;
++		type osad_initrc_exec_t;
++		type osad_log_t;
++		type osad_var_run_t;
++	')
++
++	allow $1 osad_t:process { signal_perms };
++	ps_process_pattern($1, osad_t)
++
++    	tunable_policy(`deny_ptrace',`',`
++        	allow $1 osad_t:process ptrace;
++    	')
++
++	osad_initrc_domtrans($1)
++	domain_system_change_exemption($1)
++	role_transition $2 osad_initrc_exec_t system_r;
++	allow $2 system_r;
++
++	logging_search_logs($1)
++	admin_pattern($1, osad_log_t)
++
++	files_search_pids($1)
++	admin_pattern($1, osad_var_run_t)
++	optional_policy(`
++		systemd_passwd_agent_exec($1)
++		systemd_read_fifo_file_passwd_run($1)
++	')
++')
+diff --git a/osad.te b/osad.te
+new file mode 100644
+index 0000000..ac767bc
+--- /dev/null
++++ b/osad.te
+@@ -0,0 +1,38 @@
++policy_module(osad, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type osad_t;
++type osad_exec_t;
++init_daemon_domain(osad_t, osad_exec_t)
++
++type osad_initrc_exec_t;
++init_script_file(osad_initrc_exec_t)
++
++type osad_log_t;
++logging_log_file(osad_log_t)
++
++type osad_var_run_t;
++files_pid_file(osad_var_run_t)
++
++########################################
++#
++# osad local policy
++#
++allow osad_t self:process setpgid;
++
++manage_files_pattern(osad_t, osad_log_t, osad_log_t)
++logging_log_filetrans(osad_t, osad_log_t, { file })
++
++manage_files_pattern(osad_t, osad_var_run_t, osad_var_run_t)
++files_pid_filetrans(osad_t, osad_var_run_t, { file})
++
++kernel_read_system_state(osad_t)
++
++auth_read_passwd(osad_t)
++
++dev_read_urand(osad_t)
++
 diff --git a/pacemaker.fc b/pacemaker.fc
 index 2f0ad56..d4da0b8 100644
 --- a/pacemaker.fc
@@ -66479,7 +66709,7 @@ index 00edeab..166e9c3 100644
 +	read_files_pattern($1, procmail_home_t, procmail_home_t)
  ')
 diff --git a/procmail.te b/procmail.te
-index d447152..73c437c 100644
+index d447152..2f0ae78 100644
 --- a/procmail.te
 +++ b/procmail.te
 @@ -1,4 +1,4 @@
@@ -66514,7 +66744,7 @@ index d447152..73c437c 100644
  allow procmail_t procmail_log_t:dir setattr_dir_perms;
  create_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
  append_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
-@@ -40,89 +44,106 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
+@@ -40,89 +44,107 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
  allow procmail_t procmail_tmp_t:file manage_file_perms;
  files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
  
@@ -66546,6 +66776,7 @@ index d447152..73c437c 100644
 -corecmd_exec_bin(procmail_t)
 -corecmd_exec_shell(procmail_t)
  
++dev_read_rand(procmail_t)
  dev_read_urand(procmail_t)
  
 -fs_getattr_all_fs(procmail_t)
@@ -66568,10 +66799,10 @@ index d447152..73c437c 100644
  
 -miscfiles_read_localization(procmail_t)
 +init_read_utmp(procmail_t)
-+
+ 
 +logging_send_syslog_msg(procmail_t)
 +logging_append_all_logs(procmail_t)
- 
++
 +list_dirs_pattern(procmail_t, procmail_home_t, procmail_home_t)
 +read_files_pattern(procmail_t, procmail_home_t, procmail_home_t)
  userdom_search_user_home_dirs(procmail_t)
@@ -66593,17 +66824,17 @@ index d447152..73c437c 100644
 +userdom_manage_user_tmp_dirs(procmail_t)
 +userdom_manage_user_tmp_files(procmail_t)
 +userdom_manage_user_tmp_symlinks(procmail_t)
-+
-+# Execute user executables
-+userdom_exec_user_bin_files(procmail_t)
-+
-+mta_manage_spool(procmail_t)
-+mta_read_queue(procmail_t)
  
 -tunable_policy(`use_samba_home_dirs',`
 -	fs_manage_cifs_dirs(procmail_t)
 -	fs_manage_cifs_files(procmail_t)
 -	fs_manage_cifs_symlinks(procmail_t)
++# Execute user executables
++userdom_exec_user_bin_files(procmail_t)
++
++mta_manage_spool(procmail_t)
++mta_read_queue(procmail_t)
++
 +ifdef(`hide_broken_symptoms',`
 +	mta_dontaudit_rw_queue(procmail_t)
  ')
@@ -66658,7 +66889,7 @@ index d447152..73c437c 100644
  ')
  
  optional_policy(`
-@@ -131,6 +152,8 @@ optional_policy(`
+@@ -131,6 +153,8 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -66667,6 +66898,15 @@ index d447152..73c437c 100644
  	sendmail_domtrans(procmail_t)
  	sendmail_signal(procmail_t)
  	sendmail_dontaudit_rw_tcp_sockets(procmail_t)
+@@ -145,3 +169,8 @@ optional_policy(`
+ 	spamassassin_domtrans_client(procmail_t)
+ 	spamassassin_read_lib_files(procmail_t)
+ ')
++
++optional_policy(`
++    zarafa_stream_connect_server(procmail_t)
++    zarafa_domtrans_deliver(procmail_t)
++')
 diff --git a/prosody.fc b/prosody.fc
 new file mode 100644
 index 0000000..96a0d9f
@@ -101126,10 +101366,10 @@ index 0000000..044be2f
 +')
 diff --git a/vmtools.te b/vmtools.te
 new file mode 100644
-index 0000000..1398ead
+index 0000000..5549375
 --- /dev/null
 +++ b/vmtools.te
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,46 @@
 +policy_module(vmtools, 1.0.0)
 +
 +########################################
@@ -101151,6 +101391,7 @@ index 0000000..1398ead
 +#
 +# vmtools local policy
 +#
++
 +allow vmtools_t self:capability { sys_time sys_rawio };
 +allow vmtools_t self:fifo_file rw_fifo_file_perms;
 +allow vmtools_t self:unix_stream_socket create_stream_socket_perms;
@@ -101164,6 +101405,7 @@ index 0000000..1398ead
 +kernel_read_system_state(vmtools_t)
 +kernel_read_network_state(vmtools_t)
 +
++corecmd_exec_bin(vmtools_t)
 +corecmd_exec_shell(vmtools_t)
 +
 +dev_read_urand(vmtools_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 843f956..c709ae0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 123%{?dist}
+Release: 124%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,24 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Mon Feb 3 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-124
+- Added osad policy
+- Allow postfix to deliver to procmail
+- Allow bumblebee to seng kill signal to xserver
+- Allow vmtools to execute /usr/bin/lsb_release
+- Allow docker to write system net ctrls
+- Add support for rhnsd unit file
+- Add dbus_chat_session_bus() interface
+- Add dbus_stream_connect_session_bus() interface
+- Fix pcp.te
+- Fix logrotate_use_nfs boolean
+- Add lot of pcp fixes found in RHEL7
+- fix labeling for pmie for pcp pkg
+- Change thumb_t to be allowed to chat/connect with session bus type
+- Allow call renice in mlocate
+- Add logrotate_use_nfs boolean
+- Allow setroubleshootd to read rpc sysctl
+
 * Fri Jan 31 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-123
 - Turn on bacula, rhnsd policy
 - Add support for rhnsd unit file