diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf
index 414f92e..c2dfa00 100644
--- a/modules-targeted-contrib.conf
+++ b/modules-targeted-contrib.conf
@@ -2485,3 +2485,10 @@ gear = module
 # geoclue policy
 #
 geoclue = module
+
+# Layer: contrib
+# Module: cinder
+#
+# openstack-cinder policy
+#
+cinder = module
diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index d0bca17..300776f 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -5646,7 +5646,7 @@ index 8e0f9cd..b9f45b9 100644
  
  define(`create_packet_interfaces',``
 diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 4edc40d..40073cb 100644
+index 4edc40d..5ef57e0 100644
 --- a/policy/modules/kernel/corenetwork.te.in
 +++ b/policy/modules/kernel/corenetwork.te.in
 @@ -5,6 +5,7 @@ policy_module(corenetwork, 1.18.4)
@@ -5915,7 +5915,7 @@ index 4edc40d..40073cb 100644
  network_port(puppet, tcp, 8140, s0)
  network_port(pxe, udp,4011,s0)
  network_port(pyzor, udp,24441,s0)
-+network_port(neutron, tcp,9696,s0, tcp,9697,s0)
++network_port(neutron, tcp, 8775, s0, tcp,9696,s0, tcp,9697,s0)
  network_port(radacct, udp,1646,s0, udp,1813,s0)
  network_port(radius, udp,1645,s0, udp,1812,s0)
  network_port(radsec, tcp,2083,s0)
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index dc357e4..226276e 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -12012,6 +12012,264 @@ index 914ee2d..d0c8001 100644
 -optional_policy(`
 -	mta_send_mail(chronyd_t)
 -')
+diff --git a/cinder.fc b/cinder.fc
+new file mode 100644
+index 0000000..4b318b7
+--- /dev/null
++++ b/cinder.fc
+@@ -0,0 +1,16 @@
++
++/usr/bin/cinder-api             --  gen_context(system_u:object_r:cinder_api_exec_t,s0)
++/usr/bin/cinder-backup          --  gen_context(system_u:object_r:cinder_backup_exec_t,s0)     
++/usr/bin/cinder-scheduler       --  gen_context(system_u:object_r:cinder_scheduler_exec_t,s0)
++/usr/bin/cinder-volume          --  gen_context(system_u:object_r:cinder_volume_exec_t,s0)
++
++/usr/lib/systemd/system/openstack-cinder-api.*		--	gen_context(system_u:object_r:cinder_api_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-cinder-backup.*	--	gen_context(system_u:object_r:cinder_backup_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-cinder-scheduler.*	--	gen_context(system_u:object_r:cinder_scheduler_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-cinder-volume.*		--	gen_context(system_u:object_r:cinder_volume_unit_file_t,s0)
++
++/var/lib/cinder(/.*)?     gen_context(system_u:object_r:cinder_var_lib_t,s0)
++
++/var/log/cinder(/.*)?     gen_context(system_u:object_r:cinder_log_t,s0)
++
++/var/run/cinder(/.*)?     gen_context(system_u:object_r:cinder_var_run_t,s0)
+diff --git a/cinder.if b/cinder.if
+new file mode 100644
+index 0000000..fc9cae7
+--- /dev/null
++++ b/cinder.if
+@@ -0,0 +1,57 @@
++## <summary>openstack-cinder</summary>
++
++######################################
++## <summary>
++##  Manage cinder lib files.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`cinder_manage_lib_files',`
++    gen_require(`
++                type cinder_var_lib_t;
++                                ')
++
++    files_search_var_lib($1)
++    manage_files_pattern($1, cinder_var_lib_t, cinder_var_lib_t)
++')
++
++#######################################
++## <summary>
++##  Creates types and rules for a basic
++##  openstack-cinder systemd daemon domain.
++## </summary>
++## <param name="prefix">
++##  <summary>
++##  Prefix for the domain.
++##  </summary>
++## </param>
++#
++template(`cinder_domain_template',`
++	gen_require(`
++		attribute cinder_domain;
++	')
++
++	type cinder_$1_t, cinder_domain;
++	type cinder_$1_exec_t;
++	init_daemon_domain(cinder_$1_t, cinder_$1_exec_t)
++
++	type cinder_$1_unit_file_t;
++	systemd_unit_file(cinder_$1_unit_file_t)
++
++	type cinder_$1_tmp_t;
++	files_tmp_file(cinder_$1_tmp_t)
++
++	manage_dirs_pattern(cinder_$1_t, cinder_$1_tmp_t, cinder_$1_tmp_t)
++	manage_files_pattern(cinder_$1_t, cinder_$1_tmp_t, cinder_$1_tmp_t)
++	files_tmp_filetrans(cinder_$1_t, cinder_$1_tmp_t, { file dir })
++	can_exec(cinder_$1_t, cinder_$1_tmp_t)
++
++	kernel_read_system_state(cinder_$1_t)
++
++    logging_send_syslog_msg(cinder_$1_t)
++
++')
+diff --git a/cinder.te b/cinder.te
+new file mode 100644
+index 0000000..f257547
+--- /dev/null
++++ b/cinder.te
+@@ -0,0 +1,167 @@
++policy_module(cinder, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++#
++# cinder-stack daemons contain security issue with using sudo in the code
++# we make this policy as unconfined until this issue is fixed
++#
++
++attribute cinder_domain;
++
++cinder_domain_template(api)
++cinder_domain_template(backup)
++cinder_domain_template(scheduler)
++cinder_domain_template(volume)
++
++type cinder_log_t;
++logging_log_file(cinder_log_t)
++
++type cinder_var_lib_t;
++files_type(cinder_var_lib_t)
++
++type cinder_var_run_t;
++files_pid_file(cinder_var_run_t)
++
++######################################
++#
++# cinder general domain local policy
++#
++
++allow cinder_domain self:process signal_perms;
++allow cinder_domain self:fifo_file rw_fifo_file_perms;
++allow cinder_domain self:tcp_socket create_stream_socket_perms;
++allow cinder_domain self:unix_stream_socket create_stream_socket_perms;
++
++manage_dirs_pattern(cinder_domain, cinder_log_t, cinder_log_t)
++manage_files_pattern(cinder_domain, cinder_log_t, cinder_log_t)
++
++manage_dirs_pattern(cinder_domain, cinder_var_lib_t, cinder_var_lib_t)
++manage_files_pattern(cinder_domain, cinder_var_lib_t, cinder_var_lib_t)
++
++manage_dirs_pattern(cinder_domain, cinder_var_run_t, cinder_var_run_t)
++manage_files_pattern(cinder_domain, cinder_var_run_t, cinder_var_run_t)
++
++corenet_tcp_connect_amqp_port(cinder_domain)
++corenet_tcp_connect_mysqld_port(cinder_domain)
++
++kernel_read_network_state(cinder_domain)
++
++corecmd_exec_bin(cinder_domain)
++corecmd_exec_shell(cinder_domain)
++corenet_tcp_connect_mysqld_port(cinder_domain)
++
++auth_read_passwd(cinder_domain)
++
++dev_read_sysfs(cinder_domain)
++dev_read_urand(cinder_domain)
++
++fs_getattr_xattr_fs(cinder_domain)
++
++init_read_utmp(cinder_domain)
++
++libs_exec_ldconfig(cinder_domain)
++
++optional_policy(`
++    mysql_stream_connect(cinder_domain)
++    mysql_read_db_lnk_files(cinder_domain)
++')
++
++optional_policy(`
++	sysnet_read_config(cinder_domain)
++	sysnet_exec_ifconfig(cinder_domain)
++')
++
++#######################################
++#
++# cinder api local policy
++#
++
++allow cinder_api_t self:process setfscreate;
++allow cinder_api_t self:key write;
++allow cinder_api_t self:netlink_route_socket r_netlink_socket_perms;
++allow cinder_api_t self:udp_socket create_socket_perms;
++
++kernel_read_kernel_sysctls(cinder_api_t)
++
++corenet_tcp_bind_generic_node(cinder_api_t)
++corenet_udp_bind_generic_node(cinder_api_t)
++# should be add to booleans
++corenet_tcp_connect_all_ports(cinder_api_t)
++corenet_tcp_bind_all_unreserved_ports(cinder_api_t)
++
++auth_read_passwd(cinder_api_t)
++
++logging_send_syslog_msg(cinder_api_t)
++
++miscfiles_read_certs(cinder_api_t)
++
++optional_policy(`
++	iptables_domtrans(cinder_api_t)
++')
++
++optional_policy(`
++	ssh_exec_keygen(cinder_api_t)
++')
++
++optional_policy(`
++    gnome_dontaudit_search_config(cinder_api_t)
++')
++
++optional_policy(`
++	unconfined_domain(cinder_api_t)
++')
++
++#######################################
++#
++# cinder backup local policy
++#
++
++allow cinder_backup_t self:udp_socket create_socket_perms;
++
++auth_use_nsswitch(cinder_backup_t)
++
++optional_policy(`
++    unconfined_domain(cinder_backup_t)
++')
++
++#######################################
++#
++# cinder scheduler local policy
++#
++
++allow cinder_scheduler_t self:netlink_route_socket r_netlink_socket_perms;
++allow cinder_scheduler_t self:udp_socket create_socket_perms;
++
++auth_read_passwd(cinder_scheduler_t)
++
++init_read_utmp(cinder_scheduler_t)
++
++optional_policy(`
++    unconfined_domain(cinder_scheduler_t)
++')
++
++#######################################
++#
++# cinder volume local policy
++#
++
++allow cinder_volume_t self:netlink_route_socket r_netlink_socket_perms;
++
++allow cinder_volume_t self:udp_socket create_socket_perms;
++
++kernel_read_kernel_sysctls(cinder_volume_t)
++
++logging_send_syslog_msg(cinder_volume_t)
++
++optional_policy(`
++	lvm_domtrans(cinder_volume_t)
++')
++
++optional_policy(`
++    unconfined_domain(cinder_volume_t)
++')
++
 diff --git a/cipe.te b/cipe.te
 index 28c8475..9b86dd1 100644
 --- a/cipe.te
@@ -53115,16 +53373,17 @@ index 3e4a31c..6aeb9dd 100644
  sysnet_read_config(ypxfr_t)
 diff --git a/nova.fc b/nova.fc
 new file mode 100644
-index 0000000..02dc6dc
+index 0000000..d6de5b6
 --- /dev/null
 +++ b/nova.fc
-@@ -0,0 +1,32 @@
+@@ -0,0 +1,33 @@
 +
 +/usr/bin/nova-ajax-console-proxy	--	gen_context(system_u:object_r:nova_ajax_exec_t,s0)
 +/usr/bin/nova-console.*		--	gen_context(system_u:object_r:nova_console_exec_t,s0)
 +/usr/bin/nova-direct-api	--  gen_context(system_u:object_r:nova_direct_exec_t,s0)
 +/usr/bin/nova-api			--  gen_context(system_u:object_r:nova_api_exec_t,s0)
 +/usr/bin/nova-cert           --  gen_context(system_u:object_r:nova_cert_exec_t,s0)
++/usr/bin/nova-conductor     --  gen_context(system_u:object_r:nova_conductor_exec_t,s0)
 +/usr//bin/nova-api-metadata	--	gen_context(system_u:object_r:nova_api_exec_t,s0)
 +/usr/bin/nova-network       --  gen_context(system_u:object_r:nova_network_exec_t,s0)
 +/usr/bin/nova-objectstore       --  gen_context(system_u:object_r:nova_objectstore_exec_t,s0)
@@ -53216,10 +53475,10 @@ index 0000000..28936b4
 +')
 diff --git a/nova.te b/nova.te
 new file mode 100644
-index 0000000..4d6335e
+index 0000000..40ebbed
 --- /dev/null
 +++ b/nova.te
-@@ -0,0 +1,328 @@
+@@ -0,0 +1,338 @@
 +policy_module(nova, 1.0.0)
 +
 +########################################
@@ -53238,6 +53497,7 @@ index 0000000..4d6335e
 +nova_domain_template(ajax)
 +nova_domain_template(api)
 +nova_domain_template(cert)
++nova_domain_template(conductor)
 +nova_domain_template(compute)
 +nova_domain_template(console)
 +nova_domain_template(direct)
@@ -53383,6 +53643,15 @@ index 0000000..4d6335e
 +
 +#######################################
 +#
++# nova conductor local policy
++#
++
++optional_policy(`
++    unconfined_domain(nova_conductor_t)
++')
++
++#######################################
++#
 +# nova compute local policy
 +#
 +
@@ -74206,10 +74475,10 @@ index afc0068..3105104 100644
 +	')
  ')
 diff --git a/quantum.te b/quantum.te
-index 769d1fd..ad29df7 100644
+index 769d1fd..daaaf4f 100644
 --- a/quantum.te
 +++ b/quantum.te
-@@ -1,96 +1,153 @@
+@@ -1,96 +1,169 @@
 -policy_module(quantum, 1.0.2)
 +policy_module(quantum, 1.0.3)
  
@@ -74221,27 +74490,35 @@ index 769d1fd..ad29df7 100644
 -type quantum_t;
 -type quantum_exec_t;
 -init_daemon_domain(quantum_t, quantum_exec_t)
-+type neutron_t alias quantum_t;
-+type neutron_exec_t alias quantum_exec_t;
-+init_daemon_domain(neutron_t, neutron_exec_t)
++## <desc>
++##  <p>
++##	Determine whether neutron can
++##	connect to all TCP ports
++##	</p>
++## </desc>
++gen_tunable(neutron_can_network, false)
  
 -type quantum_initrc_exec_t;
 -init_script_file(quantum_initrc_exec_t)
-+type neutron_initrc_exec_t alias quantum_initrc_exec_t;
-+init_script_file(neutron_initrc_exec_t)
++type neutron_t alias quantum_t;
++type neutron_exec_t alias quantum_exec_t;
++init_daemon_domain(neutron_t, neutron_exec_t)
  
 -type quantum_log_t;
 -logging_log_file(quantum_log_t)
-+type neutron_log_t alias quantum_log_t;
-+logging_log_file(neutron_log_t)
++type neutron_initrc_exec_t alias quantum_initrc_exec_t;
++init_script_file(neutron_initrc_exec_t)
  
 -type quantum_tmp_t;
 -files_tmp_file(quantum_tmp_t)
-+type neutron_tmp_t alias quantum_tmp_t;
-+files_tmp_file(neutron_tmp_t)
++type neutron_log_t alias quantum_log_t;
++logging_log_file(neutron_log_t)
  
 -type quantum_var_lib_t;
 -files_type(quantum_var_lib_t)
++type neutron_tmp_t alias quantum_tmp_t;
++files_tmp_file(neutron_tmp_t)
++
 +type neutron_var_lib_t alias quantum_var_lib_t;
 +files_type(neutron_var_lib_t)
 +
@@ -74259,6 +74536,43 @@ index 769d1fd..ad29df7 100644
 -allow quantum_t self:key manage_key_perms;
 -allow quantum_t self:tcp_socket { accept listen };
 -allow quantum_t self:unix_stream_socket { accept listen };
+-
+-manage_dirs_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-append_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-create_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-setattr_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-logging_log_filetrans(quantum_t, quantum_log_t, dir)
+-
+-manage_files_pattern(quantum_t, quantum_tmp_t, quantum_tmp_t)
+-files_tmp_filetrans(quantum_t, quantum_tmp_t, file)
+-
+-manage_dirs_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
+-manage_files_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
+-files_var_lib_filetrans(quantum_t, quantum_var_lib_t, dir)
+-
+-can_exec(quantum_t, quantum_tmp_t)
+-
+-kernel_read_kernel_sysctls(quantum_t)
+-kernel_read_system_state(quantum_t)
+-
+-corecmd_exec_shell(quantum_t)
+-corecmd_exec_bin(quantum_t)
+-
+-corenet_all_recvfrom_unlabeled(quantum_t)
+-corenet_all_recvfrom_netlabel(quantum_t)
+-corenet_tcp_sendrecv_generic_if(quantum_t)
+-corenet_tcp_sendrecv_generic_node(quantum_t)
+-corenet_tcp_sendrecv_all_ports(quantum_t)
+-corenet_tcp_bind_generic_node(quantum_t)
+-
+-dev_list_sysfs(quantum_t)
+-dev_read_urand(quantum_t)
+-
+-files_read_usr_files(quantum_t)
+-
+-auth_use_nsswitch(quantum_t)
+-
+-libs_exec_ldconfig(quantum_t)
 +allow neutron_t self:capability { dac_override sys_ptrace kill setgid setuid sys_resource net_admin sys_admin net_raw net_bind_service};
 +allow neutron_t self:capability2 block_suspend;
 +allow neutron_t self:process { setsched setrlimit setcap signal_perms };
@@ -74285,76 +74599,50 @@ index 769d1fd..ad29df7 100644
 +manage_files_pattern(neutron_t, neutron_var_lib_t, neutron_var_lib_t)
 +manage_sock_files_pattern(neutron_t, neutron_var_lib_t, neutron_var_lib_t)
 +files_var_lib_filetrans(neutron_t, neutron_var_lib_t, dir)
- 
--manage_dirs_pattern(quantum_t, quantum_log_t, quantum_log_t)
--append_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
--create_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
--setattr_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
--logging_log_filetrans(quantum_t, quantum_log_t, dir)
++
 +can_exec(neutron_t, neutron_tmp_t)
- 
--manage_files_pattern(quantum_t, quantum_tmp_t, quantum_tmp_t)
--files_tmp_filetrans(quantum_t, quantum_tmp_t, file)
++
 +kernel_read_system_state(neutron_t)
 +kernel_read_network_state(neutron_t)
 +kernel_request_load_module(neutron_t)
 +kernel_rw_kernel_sysctl(neutron_t)
 +kernel_rw_net_sysctls(neutron_t)
- 
--manage_dirs_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
--manage_files_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
--files_var_lib_filetrans(quantum_t, quantum_var_lib_t, dir)
++
 +corecmd_exec_shell(neutron_t)
 +corecmd_exec_bin(neutron_t)
- 
--can_exec(quantum_t, quantum_tmp_t)
++
 +corenet_all_recvfrom_unlabeled(neutron_t)
 +corenet_all_recvfrom_netlabel(neutron_t)
 +corenet_tcp_sendrecv_generic_if(neutron_t)
 +corenet_tcp_sendrecv_generic_node(neutron_t)
 +corenet_tcp_sendrecv_all_ports(neutron_t)
 +corenet_tcp_bind_generic_node(neutron_t)
- 
--kernel_read_kernel_sysctls(quantum_t)
--kernel_read_system_state(quantum_t)
++
 +corenet_tcp_bind_neutron_port(neutron_t)
++corenet_tcp_connect_neutron_port(neutron_t)
 +corenet_tcp_connect_keystone_port(neutron_t)
 +corenet_tcp_connect_amqp_port(neutron_t)
++corenet_tcp_connect_commplex_main_port(neutron_t)
 +corenet_tcp_connect_mysqld_port(neutron_t)
 +corenet_tcp_connect_osapi_compute_port(neutron_t)
- 
--corecmd_exec_shell(quantum_t)
--corecmd_exec_bin(quantum_t)
++
 +domain_read_all_domains_state(neutron_t)
 +domain_named_filetrans(neutron_t)
- 
--corenet_all_recvfrom_unlabeled(quantum_t)
--corenet_all_recvfrom_netlabel(quantum_t)
--corenet_tcp_sendrecv_generic_if(quantum_t)
--corenet_tcp_sendrecv_generic_node(quantum_t)
--corenet_tcp_sendrecv_all_ports(quantum_t)
--corenet_tcp_bind_generic_node(quantum_t)
++
 +dev_read_sysfs(neutron_t)
 +dev_read_urand(neutron_t)
 +dev_mounton_sysfs(neutron_t)
 +dev_mount_sysfs_fs(neutron_t)
 +dev_unmount_sysfs_fs(neutron_t)
- 
--dev_list_sysfs(quantum_t)
--dev_read_urand(quantum_t)
++
 +files_mounton_non_security(neutron_t)
- 
--files_read_usr_files(quantum_t)
++
 +fs_getattr_all_fs(neutron_t)
- 
--auth_use_nsswitch(quantum_t)
++
 +auth_use_nsswitch(neutron_t)
- 
--libs_exec_ldconfig(quantum_t)
++
 +libs_exec_ldconfig(neutron_t)
- 
--logging_send_audit_msgs(quantum_t)
--logging_send_syslog_msg(quantum_t)
++
 +logging_send_audit_msgs(neutron_t)
 +logging_send_syslog_msg(neutron_t)
 +
@@ -74365,6 +74653,14 @@ index 769d1fd..ad29df7 100644
 +sysnet_manage_ifconfig_run(neutron_t)
 +sysnet_filetrans_named_content_ifconfig(neutron_t)
 +
++tunable_policy(`neutron_can_network',`
++	corenet_sendrecv_all_client_packets(neutron_t)
++	corenet_tcp_connect_all_ports(neutron_t)
++	corenet_tcp_sendrecv_all_ports(neutron_t)
++')
+ 
+-logging_send_audit_msgs(quantum_t)
+-logging_send_syslog_msg(quantum_t)
 +optional_policy(`
 +	brctl_domtrans(neutron_t)
 +')
@@ -95078,10 +95374,10 @@ index c6aaac7..84cdcac 100644
  sysnet_dns_name_resolve(svnserve_t)
 diff --git a/swift.fc b/swift.fc
 new file mode 100644
-index 0000000..d9a58dc
+index 0000000..7e59e7e
 --- /dev/null
 +++ b/swift.fc
-@@ -0,0 +1,31 @@
+@@ -0,0 +1,33 @@
 +/usr/bin/swift-account-auditor		--	gen_context(system_u:object_r:swift_exec_t,s0)
 +/usr/bin/swift-account-reaper		--	gen_context(system_u:object_r:swift_exec_t,s0)
 +/usr/bin/swift-account-replicator	--	gen_context(system_u:object_r:swift_exec_t,s0)
@@ -95100,6 +95396,8 @@ index 0000000..d9a58dc
 +/usr/bin/swift-object-server		--	gen_context(system_u:object_r:swift_exec_t,s0)
 +/usr/bin/swift-object-updater		--	gen_context(system_u:object_r:swift_exec_t,s0)
 +
++/usr/bin/swift-proxy-server         --  gen_context(system_u:object_r:swift_exec_t,s0)
++
 +/usr/lib/systemd/system/openstack-swift.*      --  gen_context(system_u:object_r:swift_unit_file_t,s0)
 +
 +/var/lock/swift.*                   gen_context(system_u:object_r:swift_lock_t,s0)
@@ -95276,10 +95574,10 @@ index 0000000..6a1f575
 +')
 diff --git a/swift.te b/swift.te
 new file mode 100644
-index 0000000..d3fe02a
+index 0000000..3d21c49
 --- /dev/null
 +++ b/swift.te
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,126 @@
 +policy_module(swift, 1.0.0)
 +
 +########################################
@@ -95366,9 +95664,12 @@ index 0000000..d3fe02a
 +
 +# bug in swift
 +corenet_tcp_bind_xserver_port(swift_t)
++
++corenet_tcp_bind_swift_port(swift_t)
 +corenet_tcp_bind_http_cache_port(swift_t)
 +
 +corenet_tcp_connect_xserver_port(swift_t)
++corenet_tcp_connect_swift_port(swift_t)
 +
 +corecmd_exec_shell(swift_t)
 +corecmd_exec_bin(swift_t)
@@ -95396,6 +95697,10 @@ index 0000000..d3fe02a
 +')
 +
 +optional_policy(`
++    apache_search_config(swift_t)
++')
++
++optional_policy(`
 +    rpm_exec(swift_t)
 +    rpm_dontaudit_manage_db(swift_t)
 +')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 233422d..88856be 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 173%{?dist}
+Release: 174%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Fri Jun 26 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-174
+- Add openstack-cinder policy
+- Add additional fixes for OpenStack
+
 * Thu Jun 26 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-173
 - Added changes to fedora from bug bz#1082183
 - Back ported swift ports