diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index cac1fe2..1617852 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -6206,7 +6206,7 @@ index b31c054..0ad8553 100644
+/usr/lib/udev/devices/null -c gen_context(system_u:object_r:null_device_t,s0)
+/usr/lib/udev/devices/zero -c gen_context(system_u:object_r:zero_device_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
-index 76f285e..d86836b 100644
+index 76f285e..a5b4426 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -143,13 +143,32 @@ interface(`dev_relabel_all_dev_nodes',`
@@ -7268,15 +7268,7 @@ index 76f285e..d86836b 100644
##
-## Read hardware state information.
+## Do not audit attempts to search sysfs.
- ##
--##
--##
--## Allow the specified domain to read the contents of
--## the sysfs filesystem. This filesystem contains
--## information, parameters, and other settings on the
--## hardware installed on the system.
--##
--##
++##
+##
+##
+## Domain to not audit.
@@ -7313,7 +7305,15 @@ index 76f285e..d86836b 100644
+########################################
+##
+## Write in a sysfs directories.
-+##
+ ##
+-##
+-##
+-## Allow the specified domain to read the contents of
+-## the sysfs filesystem. This filesystem contains
+-## information, parameters, and other settings on the
+-## hardware installed on the system.
+-##
+-##
+##
+##
+## Domain allowed access.
@@ -7752,7 +7752,7 @@ index 76f285e..d86836b 100644
## Read and write to the zero device (/dev/zero).
##
##
-@@ -4851,3 +5659,946 @@ interface(`dev_unconfined',`
+@@ -4851,3 +5659,964 @@ interface(`dev_unconfined',`
typeattribute $1 devices_unconfined_type;
')
@@ -7832,6 +7832,24 @@ index 76f285e..d86836b 100644
+
+########################################
+##
++## Read and write uhid devices.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dev_rw_uhid_dev',`
++ gen_require(`
++ type device_t, uhid_device_t;
++ ')
++
++ rw_chr_files_pattern($1, device_t, uhid_device_t)
++')
++
++########################################
++##
+## Create all named devices with the correct label
+##
+##
@@ -40250,10 +40268,10 @@ index 0000000..d2a8fc7
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644
-index 0000000..8c56513
+index 0000000..a35f6c6
--- /dev/null
+++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,635 @@
+@@ -0,0 +1,637 @@
+policy_module(systemd, 1.0.0)
+
+#######################################
@@ -40390,6 +40408,8 @@ index 0000000..8c56513
+fs_manage_cgroup_files(systemd_logind_t)
+fs_getattr_tmpfs(systemd_logind_t)
+fs_read_tmpfs_symlinks(systemd_logind_t)
++fs_mount_tmpfs(systemd_logind_t)
++userdom_mounton_tmp_dirs(systemd_logind_t)
+
+storage_setattr_removable_dev(systemd_logind_t)
+storage_setattr_scsi_generic_dev(systemd_logind_t)
@@ -42286,7 +42306,7 @@ index db75976..cb4a211 100644
+/var/tmp/hsperfdata_root gen_context(system_u:object_r:user_tmp_t,s0)
+
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 3c5dba7..ff283b4 100644
+index 3c5dba7..95b1263 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -42600,7 +42620,7 @@ index 3c5dba7..ff283b4 100644
')
')
-@@ -273,6 +315,63 @@ interface(`userdom_manage_home_role',`
+@@ -273,6 +315,82 @@ interface(`userdom_manage_home_role',`
##
## Manage user temporary files
##
@@ -42659,12 +42679,31 @@ index 3c5dba7..ff283b4 100644
+
+#######################################
+##
++## Manage user temporary directories
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`userdom_mounton_tmp_dirs',`
++ gen_require(`
++ type user_tmp_t;
++ ')
++
++ allow $1 user_tmp_t:dir mounton;
++')
++
++#######################################
++##
+## Manage user temporary files
+##
##
##
## Role allowed access.
-@@ -287,17 +386,64 @@ interface(`userdom_manage_home_role',`
+@@ -287,17 +405,66 @@ interface(`userdom_manage_home_role',`
#
interface(`userdom_manage_tmp_role',`
gen_require(`
@@ -42695,6 +42734,8 @@ index 3c5dba7..ff283b4 100644
+ relabel_fifo_files_pattern($2, user_tmp_type, user_tmp_type)
+')
+
++
++
+#######################################
+##
+## Dontaudit search of user bin dirs.
@@ -42734,7 +42775,7 @@ index 3c5dba7..ff283b4 100644
')
#######################################
-@@ -317,11 +463,31 @@ interface(`userdom_exec_user_tmp_files',`
+@@ -317,11 +484,31 @@ interface(`userdom_exec_user_tmp_files',`
')
exec_files_pattern($1, user_tmp_t, user_tmp_t)
@@ -42766,7 +42807,7 @@ index 3c5dba7..ff283b4 100644
## Role access for the user tmpfs type
## that the user has full access.
##
-@@ -348,59 +514,60 @@ interface(`userdom_exec_user_tmp_files',`
+@@ -348,59 +535,60 @@ interface(`userdom_exec_user_tmp_files',`
#
interface(`userdom_manage_tmpfs_role',`
gen_require(`
@@ -42818,9 +42859,7 @@ index 3c5dba7..ff283b4 100644
- allow $1_t self:tcp_socket create_stream_socket_perms;
- allow $1_t self:udp_socket create_socket_perms;
-+ allow $1 self:tcp_socket create_stream_socket_perms;
-+ allow $1 self:udp_socket create_socket_perms;
-
+-
- corenet_all_recvfrom_unlabeled($1_t)
- corenet_all_recvfrom_netlabel($1_t)
- corenet_tcp_sendrecv_generic_if($1_t)
@@ -42831,7 +42870,9 @@ index 3c5dba7..ff283b4 100644
- corenet_udp_sendrecv_all_ports($1_t)
- corenet_tcp_connect_all_ports($1_t)
- corenet_sendrecv_all_client_packets($1_t)
--
++ allow $1 self:tcp_socket create_stream_socket_perms;
++ allow $1 self:udp_socket create_socket_perms;
+
- corenet_all_recvfrom_labeled($1_t, $1_t)
+ corenet_tcp_sendrecv_generic_if($1)
+ corenet_udp_sendrecv_generic_if($1)
@@ -42857,7 +42898,7 @@ index 3c5dba7..ff283b4 100644
')
#######################################
-@@ -431,6 +598,7 @@ template(`userdom_xwindows_client_template',`
+@@ -431,6 +619,7 @@ template(`userdom_xwindows_client_template',`
dev_dontaudit_rw_dri($1_t)
# GNOME checks for usb and other devices:
dev_rw_usbfs($1_t)
@@ -42865,7 +42906,7 @@ index 3c5dba7..ff283b4 100644
xserver_user_x_domain_template($1, $1_t, user_tmpfs_t)
xserver_xsession_entry_type($1_t)
-@@ -463,8 +631,8 @@ template(`userdom_change_password_template',`
+@@ -463,8 +652,8 @@ template(`userdom_change_password_template',`
')
optional_policy(`
@@ -42876,7 +42917,7 @@ index 3c5dba7..ff283b4 100644
')
')
-@@ -491,51 +659,63 @@ template(`userdom_common_user_template',`
+@@ -491,51 +680,63 @@ template(`userdom_common_user_template',`
attribute unpriv_userdomain;
')
@@ -42954,17 +42995,17 @@ index 3c5dba7..ff283b4 100644
+ fs_read_noxattr_fs_files($1_usertype)
+ fs_read_noxattr_fs_symlinks($1_usertype)
+ fs_rw_cgroup_files($1_usertype)
-+
+
+- fs_rw_cgroup_files($1_t)
+ application_getattr_socket($1_usertype)
+
+ logging_send_syslog_msg($1_t)
-
-- fs_rw_cgroup_files($1_t)
++
+ selinux_get_enforce_mode($1_t)
# cjp: some of this probably can be removed
selinux_get_fs_mount($1_t)
-@@ -546,93 +726,128 @@ template(`userdom_common_user_template',`
+@@ -546,93 +747,128 @@ template(`userdom_common_user_template',`
selinux_compute_user_contexts($1_t)
# for eject
@@ -43131,7 +43172,7 @@ index 3c5dba7..ff283b4 100644
')
optional_policy(`
-@@ -642,23 +857,21 @@ template(`userdom_common_user_template',`
+@@ -642,23 +878,21 @@ template(`userdom_common_user_template',`
optional_policy(`
mpd_manage_user_data_content($1_t)
mpd_relabel_user_data_content($1_t)
@@ -43160,7 +43201,7 @@ index 3c5dba7..ff283b4 100644
mysql_stream_connect($1_t)
')
')
-@@ -671,7 +884,7 @@ template(`userdom_common_user_template',`
+@@ -671,7 +905,7 @@ template(`userdom_common_user_template',`
optional_policy(`
# to allow monitoring of pcmcia status
@@ -43169,7 +43210,7 @@ index 3c5dba7..ff283b4 100644
')
optional_policy(`
-@@ -680,9 +893,9 @@ template(`userdom_common_user_template',`
+@@ -680,9 +914,9 @@ template(`userdom_common_user_template',`
')
optional_policy(`
@@ -43182,7 +43223,7 @@ index 3c5dba7..ff283b4 100644
')
')
-@@ -693,32 +906,35 @@ template(`userdom_common_user_template',`
+@@ -693,32 +927,35 @@ template(`userdom_common_user_template',`
')
optional_policy(`
@@ -43192,31 +43233,27 @@ index 3c5dba7..ff283b4 100644
+
+ optional_policy(`
+ rpc_dontaudit_getattr_exports($1_usertype)
-+ ')
-+
-+ optional_policy(`
-+ rpcbind_stream_connect($1_usertype)
')
optional_policy(`
- rpc_dontaudit_getattr_exports($1_t)
- rpc_manage_nfs_rw_content($1_t)
-+ samba_stream_connect_winbind($1_usertype)
++ rpcbind_stream_connect($1_usertype)
')
optional_policy(`
- samba_stream_connect_winbind($1_t)
-+ sandbox_transition($1_usertype, $1_r)
++ samba_stream_connect_winbind($1_usertype)
')
optional_policy(`
- slrnpull_search_spool($1_t)
-+ seunshare_role_template($1, $1_r, $1_t)
++ sandbox_transition($1_usertype, $1_r)
')
optional_policy(`
- usernetctl_run($1_t, $1_r)
-+ slrnpull_search_spool($1_usertype)
++ seunshare_role_template($1, $1_r, $1_t)
')
optional_policy(`
@@ -43225,11 +43262,15 @@ index 3c5dba7..ff283b4 100644
- virt_home_filetrans_virt_content($1_t, dir, "isos")
- virt_home_filetrans_svirt_home($1_t, dir, "qemu")
- virt_home_filetrans_virt_home($1_t, dir, "VirtualMachines")
++ slrnpull_search_spool($1_usertype)
++ ')
++
++ optional_policy(`
+ thumb_role($1_r, $1_usertype)
')
')
-@@ -743,17 +959,33 @@ template(`userdom_common_user_template',`
+@@ -743,17 +980,33 @@ template(`userdom_common_user_template',`
template(`userdom_login_user_template', `
gen_require(`
class context contains;
@@ -43267,7 +43308,7 @@ index 3c5dba7..ff283b4 100644
userdom_change_password_template($1)
-@@ -761,83 +993,107 @@ template(`userdom_login_user_template', `
+@@ -761,83 +1014,107 @@ template(`userdom_login_user_template', `
#
# User domain Local policy
#
@@ -43411,7 +43452,7 @@ index 3c5dba7..ff283b4 100644
')
#######################################
-@@ -868,6 +1124,12 @@ template(`userdom_restricted_user_template',`
+@@ -868,6 +1145,12 @@ template(`userdom_restricted_user_template',`
typeattribute $1_t unpriv_userdomain;
domain_interactive_fd($1_t)
@@ -43424,7 +43465,7 @@ index 3c5dba7..ff283b4 100644
##############################
#
# Local policy
-@@ -907,42 +1169,99 @@ template(`userdom_restricted_xwindows_user_template',`
+@@ -907,42 +1190,99 @@ template(`userdom_restricted_xwindows_user_template',`
#
# Local policy
#
@@ -43487,15 +43528,17 @@ index 3c5dba7..ff283b4 100644
+ gnome_role_gkeyringd($1, $1_r, $1_usertype)
+ # cjp: telepathy F15 bugs
+ telepathy_role($1_r, $1_t, $1)
-+ ')
-+
-+ optional_policy(`
-+ obex_role($1_r, $1_t, $1)
')
optional_policy(`
- dbus_role_template($1, $1_r, $1_t)
- dbus_system_bus_client($1_t)
++ obex_role($1_r, $1_t, $1)
++ ')
+
+- optional_policy(`
+- consolekit_dbus_chat($1_t)
++ optional_policy(`
+ dbus_role_template($1, $1_r, $1_usertype)
+ dbus_system_bus_client($1_usertype)
+ allow $1_usertype $1_usertype:dbus send_msg;
@@ -43513,9 +43556,8 @@ index 3c5dba7..ff283b4 100644
+ consolekit_dontaudit_read_log($1_usertype)
+ consolekit_dbus_chat($1_usertype)
+ ')
-
- optional_policy(`
-- consolekit_dbus_chat($1_t)
++
++ optional_policy(`
+ cups_dbus_chat($1_usertype)
+ cups_dbus_chat_config($1_usertype)
')
@@ -43537,35 +43579,30 @@ index 3c5dba7..ff283b4 100644
')
optional_policy(`
-@@ -951,17 +1270,38 @@ template(`userdom_restricted_xwindows_user_template',`
+@@ -951,12 +1291,33 @@ template(`userdom_restricted_xwindows_user_template',`
')
optional_policy(`
- java_role($1_r, $1_t)
+ policykit_role($1_r, $1_usertype)
- ')
-
- optional_policy(`
-- setroubleshoot_dontaudit_stream_connect($1_t)
++ ')
++
++ optional_policy(`
+ pulseaudio_role($1_r, $1_usertype)
+ pulseaudio_filetrans_admin_home_content($1_usertype)
- ')
--')
-
--#######################################
--##
--## The template for creating a unprivileged user roughly
-+ optional_policy(`
-+ rtkit_scheduled($1_usertype)
+ ')
+
+ optional_policy(`
-+ systemd_filetrans_home_content($1_usertype)
++ rtkit_scheduled($1_usertype)
+ ')
+
+ optional_policy(`
-+ setroubleshoot_dontaudit_stream_connect($1_t)
-+ ')
++ systemd_filetrans_home_content($1_usertype)
+ ')
+
+ optional_policy(`
+ setroubleshoot_dontaudit_stream_connect($1_t)
+ ')
+
+ optional_policy(`
+ udev_read_db($1_usertype)
@@ -43574,15 +43611,10 @@ index 3c5dba7..ff283b4 100644
+ optional_policy(`
+ xserver_xdm_ioctl_log($1_t)
+ ')
-+')
-+
-+#######################################
-+##
-+## The template for creating a unprivileged user roughly
- ## equivalent to a regular linux user.
- ##
- ##
-@@ -990,27 +1330,33 @@ template(`userdom_unpriv_user_template', `
+ ')
+
+ #######################################
+@@ -990,27 +1351,33 @@ template(`userdom_unpriv_user_template', `
#
# Inherit rules for ordinary users.
@@ -43620,7 +43652,7 @@ index 3c5dba7..ff283b4 100644
fs_manage_noxattr_fs_files($1_t)
fs_manage_noxattr_fs_dirs($1_t)
# Write floppies
-@@ -1021,23 +1367,60 @@ template(`userdom_unpriv_user_template', `
+@@ -1021,23 +1388,60 @@ template(`userdom_unpriv_user_template', `
')
')
@@ -43672,26 +43704,26 @@ index 3c5dba7..ff283b4 100644
+
+ optional_policy(`
+ gpm_stream_connect($1_usertype)
- ')
-
- optional_policy(`
-- netutils_run_ping_cond($1_t, $1_r)
-- netutils_run_traceroute_cond($1_t, $1_r)
-+ mount_run_fusermount($1_t, $1_r)
-+ mount_read_pid_files($1_t)
+ ')
+
+ optional_policy(`
-+ wine_role_template($1, $1_r, $1_t)
++ mount_run_fusermount($1_t, $1_r)
++ mount_read_pid_files($1_t)
+ ')
+
+ optional_policy(`
++ wine_role_template($1, $1_r, $1_t)
+ ')
+
+ optional_policy(`
+- netutils_run_ping_cond($1_t, $1_r)
+- netutils_run_traceroute_cond($1_t, $1_r)
+ postfix_run_postdrop($1_t, $1_r)
+ postfix_search_spool($1_t)
')
# Run pppd in pppd_t by default for user
-@@ -1046,7 +1429,9 @@ template(`userdom_unpriv_user_template', `
+@@ -1046,7 +1450,9 @@ template(`userdom_unpriv_user_template', `
')
optional_policy(`
@@ -43702,7 +43734,7 @@ index 3c5dba7..ff283b4 100644
')
')
-@@ -1082,7 +1467,9 @@ template(`userdom_unpriv_user_template', `
+@@ -1082,7 +1488,9 @@ template(`userdom_unpriv_user_template', `
template(`userdom_admin_user_template',`
gen_require(`
attribute admindomain;
@@ -43713,7 +43745,7 @@ index 3c5dba7..ff283b4 100644
')
##############################
-@@ -1098,6 +1485,7 @@ template(`userdom_admin_user_template',`
+@@ -1098,6 +1506,7 @@ template(`userdom_admin_user_template',`
role system_r types $1_t;
typeattribute $1_t admindomain;
@@ -43721,7 +43753,7 @@ index 3c5dba7..ff283b4 100644
ifdef(`direct_sysadm_daemon',`
domain_system_change_exemption($1_t)
-@@ -1108,14 +1496,8 @@ template(`userdom_admin_user_template',`
+@@ -1108,14 +1517,8 @@ template(`userdom_admin_user_template',`
# $1_t local policy
#
@@ -43738,7 +43770,7 @@ index 3c5dba7..ff283b4 100644
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
-@@ -1131,6 +1513,7 @@ template(`userdom_admin_user_template',`
+@@ -1131,6 +1534,7 @@ template(`userdom_admin_user_template',`
kernel_sigstop_unlabeled($1_t)
kernel_signull_unlabeled($1_t)
kernel_sigchld_unlabeled($1_t)
@@ -43746,7 +43778,7 @@ index 3c5dba7..ff283b4 100644
corenet_tcp_bind_generic_port($1_t)
# allow setting up tunnels
-@@ -1148,10 +1531,15 @@ template(`userdom_admin_user_template',`
+@@ -1148,10 +1552,15 @@ template(`userdom_admin_user_template',`
dev_rename_all_blk_files($1_t)
dev_rename_all_chr_files($1_t)
dev_create_generic_symlinks($1_t)
@@ -43762,7 +43794,7 @@ index 3c5dba7..ff283b4 100644
domain_dontaudit_ptrace_all_domains($1_t)
# signal all domains:
domain_kill_all_domains($1_t)
-@@ -1162,29 +1550,38 @@ template(`userdom_admin_user_template',`
+@@ -1162,29 +1571,38 @@ template(`userdom_admin_user_template',`
domain_sigchld_all_domains($1_t)
# for lsof
domain_getattr_all_sockets($1_t)
@@ -43805,7 +43837,7 @@ index 3c5dba7..ff283b4 100644
# The following rule is temporary until such time that a complete
# policy management infrastructure is in place so that an administrator
-@@ -1194,6 +1591,8 @@ template(`userdom_admin_user_template',`
+@@ -1194,6 +1612,8 @@ template(`userdom_admin_user_template',`
# But presently necessary for installing the file_contexts file.
seutil_manage_bin_policy($1_t)
@@ -43814,7 +43846,7 @@ index 3c5dba7..ff283b4 100644
userdom_manage_user_home_content_dirs($1_t)
userdom_manage_user_home_content_files($1_t)
userdom_manage_user_home_content_symlinks($1_t)
-@@ -1201,13 +1600,17 @@ template(`userdom_admin_user_template',`
+@@ -1201,13 +1621,17 @@ template(`userdom_admin_user_template',`
userdom_manage_user_home_content_sockets($1_t)
userdom_user_home_dir_filetrans_user_home_content($1_t, { dir file lnk_file fifo_file sock_file })
@@ -43833,7 +43865,7 @@ index 3c5dba7..ff283b4 100644
optional_policy(`
postgresql_unconfined($1_t)
')
-@@ -1243,7 +1646,7 @@ template(`userdom_admin_user_template',`
+@@ -1243,7 +1667,7 @@ template(`userdom_admin_user_template',`
##
##
#
@@ -43842,7 +43874,7 @@ index 3c5dba7..ff283b4 100644
allow $1 self:capability { dac_read_search dac_override };
corecmd_exec_shell($1)
-@@ -1253,6 +1656,8 @@ template(`userdom_security_admin_template',`
+@@ -1253,6 +1677,8 @@ template(`userdom_security_admin_template',`
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -43851,7 +43883,7 @@ index 3c5dba7..ff283b4 100644
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1265,8 +1670,10 @@ template(`userdom_security_admin_template',`
+@@ -1265,8 +1691,10 @@ template(`userdom_security_admin_template',`
selinux_set_enforce_mode($1)
selinux_set_all_booleans($1)
selinux_set_parameters($1)
@@ -43863,7 +43895,7 @@ index 3c5dba7..ff283b4 100644
auth_relabel_shadow($1)
init_exec($1)
-@@ -1277,29 +1684,31 @@ template(`userdom_security_admin_template',`
+@@ -1277,29 +1705,31 @@ template(`userdom_security_admin_template',`
logging_read_audit_config($1)
seutil_manage_bin_policy($1)
@@ -43906,7 +43938,7 @@ index 3c5dba7..ff283b4 100644
')
optional_policy(`
-@@ -1360,14 +1769,17 @@ interface(`userdom_user_home_content',`
+@@ -1360,14 +1790,17 @@ interface(`userdom_user_home_content',`
gen_require(`
attribute user_home_content_type;
type user_home_t;
@@ -43925,7 +43957,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -1408,6 +1820,51 @@ interface(`userdom_user_tmpfs_file',`
+@@ -1408,6 +1841,51 @@ interface(`userdom_user_tmpfs_file',`
##
## Allow domain to attach to TUN devices created by administrative users.
##
@@ -43977,7 +44009,7 @@ index 3c5dba7..ff283b4 100644
##
##
## Domain allowed access.
-@@ -1512,11 +1969,31 @@ interface(`userdom_search_user_home_dirs',`
+@@ -1512,11 +1990,31 @@ interface(`userdom_search_user_home_dirs',`
')
allow $1 user_home_dir_t:dir search_dir_perms;
@@ -44009,7 +44041,7 @@ index 3c5dba7..ff283b4 100644
## Do not audit attempts to search user home directories.
##
##
-@@ -1558,6 +2035,14 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1558,6 +2056,14 @@ interface(`userdom_list_user_home_dirs',`
allow $1 user_home_dir_t:dir list_dir_perms;
files_search_home($1)
@@ -44024,7 +44056,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -1573,9 +2058,11 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1573,9 +2079,11 @@ interface(`userdom_list_user_home_dirs',`
interface(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
type user_home_dir_t;
@@ -44036,7 +44068,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -1632,6 +2119,42 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1632,6 +2140,42 @@ interface(`userdom_relabelto_user_home_dirs',`
allow $1 user_home_dir_t:dir relabelto;
')
@@ -44079,7 +44111,7 @@ index 3c5dba7..ff283b4 100644
########################################
##
## Create directories in the home dir root with
-@@ -1711,6 +2234,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
+@@ -1711,6 +2255,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
')
dontaudit $1 user_home_t:dir search_dir_perms;
@@ -44088,7 +44120,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -1744,10 +2269,12 @@ interface(`userdom_list_all_user_home_content',`
+@@ -1744,10 +2290,12 @@ interface(`userdom_list_all_user_home_content',`
#
interface(`userdom_list_user_home_content',`
gen_require(`
@@ -44103,7 +44135,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -1772,7 +2299,25 @@ interface(`userdom_manage_user_home_content_dirs',`
+@@ -1772,7 +2320,25 @@ interface(`userdom_manage_user_home_content_dirs',`
########################################
##
@@ -44130,7 +44162,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -1782,53 +2327,70 @@ interface(`userdom_manage_user_home_content_dirs',`
+@@ -1782,53 +2348,70 @@ interface(`userdom_manage_user_home_content_dirs',`
#
interface(`userdom_delete_all_user_home_content_dirs',`
gen_require(`
@@ -44213,7 +44245,7 @@ index 3c5dba7..ff283b4 100644
## Do not audit attempts to set the
## attributes of user home files.
##
-@@ -1848,6 +2410,25 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
+@@ -1848,6 +2431,25 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
########################################
##
@@ -44239,7 +44271,7 @@ index 3c5dba7..ff283b4 100644
## Mmap user home files.
##
##
-@@ -1878,14 +2459,36 @@ interface(`userdom_mmap_user_home_content_files',`
+@@ -1878,14 +2480,36 @@ interface(`userdom_mmap_user_home_content_files',`
interface(`userdom_read_user_home_content_files',`
gen_require(`
type user_home_dir_t, user_home_t;
@@ -44277,7 +44309,7 @@ index 3c5dba7..ff283b4 100644
## Do not audit attempts to read user home files.
##
##
-@@ -1896,11 +2499,14 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1896,11 +2520,14 @@ interface(`userdom_read_user_home_content_files',`
#
interface(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -44295,7 +44327,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -1941,7 +2547,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
+@@ -1941,7 +2568,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
########################################
##
@@ -44304,7 +44336,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -1949,19 +2555,17 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
+@@ -1949,19 +2576,17 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
##
##
#
@@ -44328,38 +44360,35 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -1969,21 +2573,75 @@ interface(`userdom_delete_all_user_home_content_files',`
+@@ -1969,12 +2594,66 @@ interface(`userdom_delete_all_user_home_content_files',`
##
##
#
-interface(`userdom_delete_user_home_content_files',`
+interface(`userdom_delete_all_user_home_content_files',`
- gen_require(`
-- type user_home_t;
++ gen_require(`
+ attribute user_home_type;
- ')
-
-- allow $1 user_home_t:file delete_file_perms;
++ ')
++
+ allow $1 user_home_type:file delete_file_perms;
- ')
-
- ########################################
- ##
--## Do not audit attempts to write user home files.
++')
++
++########################################
++##
+## Delete sock files in a user home subdirectory.
- ##
- ##
- ##
--## Domain to not audit.
++##
++##
++##
+## Domain allowed access.
+##
+##
+#
+interface(`userdom_delete_user_home_content_sock_files',`
-+ gen_require(`
-+ type user_home_t;
-+ ')
-+
+ gen_require(`
+ type user_home_t;
+ ')
+
+- allow $1 user_home_t:file delete_file_perms;
+ allow $1 user_home_t:sock_file delete_file_perms;
+')
+
@@ -44397,19 +44426,10 @@ index 3c5dba7..ff283b4 100644
+ ')
+
+ allow $1 user_home_type:dir_file_class_set delete_file_perms;
-+')
-+
-+########################################
-+##
-+## Do not audit attempts to write user home files.
-+##
-+##
-+##
-+## Domain to not audit.
- ##
- ##
- #
-@@ -2010,8 +2668,7 @@ interface(`userdom_read_user_home_content_symlinks',`
+ ')
+
+ ########################################
+@@ -2010,8 +2689,7 @@ interface(`userdom_read_user_home_content_symlinks',`
type user_home_dir_t, user_home_t;
')
@@ -44419,7 +44439,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -2027,20 +2684,14 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -2027,20 +2705,14 @@ interface(`userdom_read_user_home_content_symlinks',`
#
interface(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -44444,7 +44464,7 @@ index 3c5dba7..ff283b4 100644
########################################
##
-@@ -2123,7 +2774,7 @@ interface(`userdom_manage_user_home_content_symlinks',`
+@@ -2123,7 +2795,7 @@ interface(`userdom_manage_user_home_content_symlinks',`
########################################
##
@@ -44453,7 +44473,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -2131,19 +2782,17 @@ interface(`userdom_manage_user_home_content_symlinks',`
+@@ -2131,19 +2803,17 @@ interface(`userdom_manage_user_home_content_symlinks',`
##
##
#
@@ -44477,7 +44497,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -2151,12 +2800,12 @@ interface(`userdom_delete_all_user_home_content_symlinks',`
+@@ -2151,12 +2821,12 @@ interface(`userdom_delete_all_user_home_content_symlinks',`
##
##
#
@@ -44493,7 +44513,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -2393,11 +3042,11 @@ interface(`userdom_dontaudit_manage_user_tmp_dirs',`
+@@ -2393,11 +3063,11 @@ interface(`userdom_dontaudit_manage_user_tmp_dirs',`
#
interface(`userdom_read_user_tmp_files',`
gen_require(`
@@ -44508,7 +44528,7 @@ index 3c5dba7..ff283b4 100644
files_search_tmp($1)
')
-@@ -2417,7 +3066,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
+@@ -2417,7 +3087,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
type user_tmp_t;
')
@@ -44517,7 +44537,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -2541,6 +3190,26 @@ interface(`userdom_manage_user_tmp_files',`
+@@ -2541,6 +3211,26 @@ interface(`userdom_manage_user_tmp_files',`
########################################
##
## Create, read, write, and delete user
@@ -44544,7 +44564,7 @@ index 3c5dba7..ff283b4 100644
## temporary symbolic links.
##
##
-@@ -2569,6 +3238,27 @@ interface(`userdom_manage_user_tmp_symlinks',`
+@@ -2569,6 +3259,27 @@ interface(`userdom_manage_user_tmp_symlinks',`
##
##
#
@@ -44572,7 +44592,7 @@ index 3c5dba7..ff283b4 100644
interface(`userdom_manage_user_tmp_pipes',`
gen_require(`
type user_tmp_t;
-@@ -2664,6 +3354,25 @@ interface(`userdom_tmp_filetrans_user_tmp',`
+@@ -2664,6 +3375,25 @@ interface(`userdom_tmp_filetrans_user_tmp',`
files_tmp_filetrans($1, user_tmp_t, $2, $3)
')
@@ -44598,7 +44618,7 @@ index 3c5dba7..ff283b4 100644
########################################
##
## Read user tmpfs files.
-@@ -2680,13 +3389,14 @@ interface(`userdom_read_user_tmpfs_files',`
+@@ -2680,13 +3410,14 @@ interface(`userdom_read_user_tmpfs_files',`
')
read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
@@ -44614,7 +44634,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -2707,7 +3417,7 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2707,7 +3438,7 @@ interface(`userdom_rw_user_tmpfs_files',`
########################################
##
@@ -44623,7 +44643,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -2715,14 +3425,30 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2715,14 +3446,30 @@ interface(`userdom_rw_user_tmpfs_files',`
##
##
#
@@ -44658,7 +44678,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -2817,6 +3543,24 @@ interface(`userdom_use_user_ttys',`
+@@ -2817,6 +3564,24 @@ interface(`userdom_use_user_ttys',`
########################################
##
@@ -44683,7 +44703,7 @@ index 3c5dba7..ff283b4 100644
## Read and write a user domain pty.
##
##
-@@ -2835,22 +3579,34 @@ interface(`userdom_use_user_ptys',`
+@@ -2835,22 +3600,34 @@ interface(`userdom_use_user_ptys',`
########################################
##
@@ -44726,7 +44746,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -2859,14 +3615,33 @@ interface(`userdom_use_user_ptys',`
+@@ -2859,14 +3636,33 @@ interface(`userdom_use_user_ptys',`
##
##
#
@@ -44764,7 +44784,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -2885,8 +3660,27 @@ interface(`userdom_dontaudit_use_user_terminals',`
+@@ -2885,8 +3681,27 @@ interface(`userdom_dontaudit_use_user_terminals',`
type user_tty_device_t, user_devpts_t;
')
@@ -44794,7 +44814,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -2958,69 +3752,68 @@ interface(`userdom_spec_domtrans_unpriv_users',`
+@@ -2958,69 +3773,68 @@ interface(`userdom_spec_domtrans_unpriv_users',`
allow unpriv_userdomain $1:process sigchld;
')
@@ -44895,7 +44915,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -3028,12 +3821,12 @@ interface(`userdom_manage_unpriv_user_semaphores',`
+@@ -3028,12 +3842,12 @@ interface(`userdom_manage_unpriv_user_semaphores',`
##
##
#
@@ -44910,7 +44930,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -3097,7 +3890,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -3097,7 +3911,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
@@ -44919,7 +44939,7 @@ index 3c5dba7..ff283b4 100644
allow unpriv_userdomain $1:process sigchld;
')
-@@ -3113,16 +3906,18 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -3113,16 +3927,18 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
#
interface(`userdom_search_user_home_content',`
gen_require(`
@@ -44941,7 +44961,7 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -3130,17 +3925,17 @@ interface(`userdom_search_user_home_content',`
+@@ -3130,17 +3946,17 @@ interface(`userdom_search_user_home_content',`
##
##
#
@@ -44962,16 +44982,15 @@ index 3c5dba7..ff283b4 100644
##
##
##
-@@ -3148,30 +3943,12 @@ interface(`userdom_signull_unpriv_users',`
+@@ -3148,25 +3964,7 @@ interface(`userdom_signull_unpriv_users',`
##
##
#
-interface(`userdom_signal_unpriv_users',`
-+interface(`userdom_use_unpriv_users_fds',`
- gen_require(`
- attribute unpriv_userdomain;
- ')
-
+- gen_require(`
+- attribute unpriv_userdomain;
+- ')
+-
- allow $1 unpriv_userdomain:process signal;
-')
-
@@ -44986,16 +45005,11 @@ index 3c5dba7..ff283b4 100644
-##
-#
-interface(`userdom_use_unpriv_users_fds',`
-- gen_require(`
-- attribute unpriv_userdomain;
-- ')
--
-- allow $1 unpriv_userdomain:fd use;
-+ allow $1 unpriv_userdomain:fd use;
- ')
-
- ########################################
-@@ -3217,7 +3994,25 @@ interface(`userdom_dontaudit_use_user_ptys',`
++interface(`userdom_use_unpriv_users_fds',`
+ gen_require(`
+ attribute unpriv_userdomain;
+ ')
+@@ -3217,7 +4015,25 @@ interface(`userdom_dontaudit_use_user_ptys',`
type user_devpts_t;
')
@@ -45022,7 +45036,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -3272,7 +4067,83 @@ interface(`userdom_write_user_tmp_files',`
+@@ -3272,7 +4088,83 @@ interface(`userdom_write_user_tmp_files',`
type user_tmp_t;
')
@@ -45107,7 +45121,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -3290,7 +4161,7 @@ interface(`userdom_dontaudit_use_user_ttys',`
+@@ -3290,7 +4182,7 @@ interface(`userdom_dontaudit_use_user_ttys',`
type user_tty_device_t;
')
@@ -45116,7 +45130,7 @@ index 3c5dba7..ff283b4 100644
')
########################################
-@@ -3309,6 +4180,7 @@ interface(`userdom_read_all_users_state',`
+@@ -3309,6 +4201,7 @@ interface(`userdom_read_all_users_state',`
')
read_files_pattern($1, userdomain, userdomain)
@@ -45124,7 +45138,7 @@ index 3c5dba7..ff283b4 100644
kernel_search_proc($1)
')
-@@ -3385,6 +4257,42 @@ interface(`userdom_signal_all_users',`
+@@ -3385,6 +4278,42 @@ interface(`userdom_signal_all_users',`
allow $1 userdomain:process signal;
')
@@ -45167,7 +45181,7 @@ index 3c5dba7..ff283b4 100644
########################################
##
## Send a SIGCHLD signal to all user domains.
-@@ -3405,6 +4313,24 @@ interface(`userdom_sigchld_all_users',`
+@@ -3405,6 +4334,24 @@ interface(`userdom_sigchld_all_users',`
########################################
##
@@ -45192,7 +45206,7 @@ index 3c5dba7..ff283b4 100644
## Create keys for all user domains.
##
##
-@@ -3423,6 +4349,24 @@ interface(`userdom_create_all_users_keys',`
+@@ -3423,6 +4370,24 @@ interface(`userdom_create_all_users_keys',`
########################################
##
@@ -45217,7 +45231,7 @@ index 3c5dba7..ff283b4 100644
## Send a dbus message to all user domains.
##
##
-@@ -3438,4 +4382,1663 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3438,4 +4403,1663 @@ interface(`userdom_dbus_send_all_users',`
')
allow $1 userdomain:dbus send_msg;
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 37a0de4..3af5411 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -3251,10 +3251,10 @@ index 0000000..cb58319
+ spamassassin_read_pid_files(antivirus_domain)
+')
diff --git a/apache.fc b/apache.fc
-index 550a69e..100d8aa 100644
+index 550a69e..044b13d 100644
--- a/apache.fc
+++ b/apache.fc
-@@ -1,161 +1,213 @@
+@@ -1,161 +1,214 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
-HOME_DIR/((www)|(web)|(public_html))/cgi-bin(/.+)? gen_context(system_u:object_r:httpd_user_script_exec_t,s0)
+HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -3499,6 +3499,7 @@ index 550a69e..100d8aa 100644
+/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/glpi(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
++/var/log/horizon(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/cacti(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/cgiwrap\.log.* -- gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/cherokee(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
@@ -9482,7 +9483,7 @@ index c723a0a..3e8a553 100644
+ allow $1 bluetooth_unit_file_t:service all_service_perms;
')
diff --git a/bluetooth.te b/bluetooth.te
-index 6f09d24..231de05 100644
+index 6f09d24..a4110db 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -49,6 +49,9 @@ files_type(bluetooth_var_lib_t)
@@ -9532,7 +9533,13 @@ index 6f09d24..231de05 100644
dev_read_sysfs(bluetooth_t)
dev_rw_usbfs(bluetooth_t)
-@@ -110,7 +124,6 @@ domain_use_interactive_fds(bluetooth_t)
+@@ -105,12 +119,12 @@ dev_rw_generic_usb_dev(bluetooth_t)
+ dev_read_urand(bluetooth_t)
+ dev_rw_input_dev(bluetooth_t)
+ dev_rw_wireless(bluetooth_t)
++dev_rw_uhid_dev(bluetooth_t)
+
+ domain_use_interactive_fds(bluetooth_t)
domain_dontaudit_search_all_domains_state(bluetooth_t)
files_read_etc_runtime_files(bluetooth_t)
@@ -9540,7 +9547,7 @@ index 6f09d24..231de05 100644
fs_getattr_all_fs(bluetooth_t)
fs_search_auto_mountpoints(bluetooth_t)
-@@ -122,7 +135,6 @@ auth_use_nsswitch(bluetooth_t)
+@@ -122,7 +136,6 @@ auth_use_nsswitch(bluetooth_t)
logging_send_syslog_msg(bluetooth_t)
@@ -9548,7 +9555,7 @@ index 6f09d24..231de05 100644
miscfiles_read_fonts(bluetooth_t)
miscfiles_read_hwdata(bluetooth_t)
-@@ -130,8 +142,13 @@ userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
+@@ -130,8 +143,13 @@ userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
userdom_dontaudit_use_user_terminals(bluetooth_t)
userdom_dontaudit_search_user_home_dirs(bluetooth_t)
@@ -9562,7 +9569,7 @@ index 6f09d24..231de05 100644
optional_policy(`
cups_dbus_chat(bluetooth_t)
-@@ -199,7 +216,6 @@ dev_read_urand(bluetooth_helper_t)
+@@ -199,7 +217,6 @@ dev_read_urand(bluetooth_helper_t)
domain_read_all_domains_state(bluetooth_helper_t)
files_read_etc_runtime_files(bluetooth_helper_t)
@@ -16337,7 +16344,7 @@ index a3bbc21..7fd7d8f 100644
+ xserver_dbus_chat_xdm(cpufreqselector_t)
+')
diff --git a/cron.fc b/cron.fc
-index 6e76215..4819e90 100644
+index 6e76215..a665f12 100644
--- a/cron.fc
+++ b/cron.fc
@@ -3,6 +3,9 @@
@@ -16388,12 +16395,9 @@ index 6e76215..4819e90 100644
/var/spool/cron/crontabs/.* -- <>
#/var/spool/cron/crontabs/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
-@@ -43,19 +54,23 @@
- /var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
+@@ -44,18 +55,20 @@
/var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
-+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
-+
ifdef(`distro_debian',`
-/var/spool/cron/atjobs -d gen_context(system_u:object_r:cron_spool_t,s0)
+/var/log/prelink.log.* -- gen_context(system_u:object_r:cron_log_t,s0)
@@ -24387,10 +24391,10 @@ index 0000000..683dfdc
+')
diff --git a/docker.te b/docker.te
new file mode 100644
-index 0000000..2faebf0
+index 0000000..3ca773f
--- /dev/null
+++ b/docker.te
-@@ -0,0 +1,280 @@
+@@ -0,0 +1,284 @@
+policy_module(docker, 1.0.0)
+
+########################################
@@ -24450,7 +24454,7 @@ index 0000000..2faebf0
+#
+# docker local policy
+#
-+allow docker_t self:capability { chown fowner fsetid mknod net_admin net_bind_service setfcap };
++allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
+allow docker_t self:process { getattr signal_perms };
+allow docker_t self:fifo_file rw_fifo_file_perms;
+allow docker_t self:unix_stream_socket create_stream_socket_perms;
@@ -24477,11 +24481,14 @@ index 0000000..2faebf0
+manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
+manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
++manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
++can_exec(docker_t, docker_tmpfs_t)
+fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
+
+manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
+manage_files_pattern(docker_t, docker_share_t, docker_share_t)
+manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
++allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
+can_exec(docker_t, docker_share_t)
+docker_filetrans_named_content(docker_t)
+
@@ -24510,6 +24517,7 @@ index 0000000..2faebf0
+kernel_read_all_proc(docker_t)
+
+domain_use_interactive_fds(docker_t)
++domain_dontaudit_read_all_domains_state(docker_t)
+
+corecmd_exec_bin(docker_t)
+corecmd_exec_shell(docker_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f8d4d1c..5c77ecd 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 193%{?dist}
+Release: 194%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -582,6 +582,14 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Fri Nov 14 2014 Lukas vrabec 3.12.1-194
+- New interface dev_rw_uhid_dev
+- Allow systemd-logind to mount /run/user/1000 to get gdm working
+- Remove label for /var/lib/glpi/ in cron policy. BZ(1033025)
+- Allow bluetooth read/write uhid devices. BZ (1161169
+- Label /var/log/horizon as an apache log
+- Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc
+
* Mon Nov 03 2014 Lukas Vrabec 3.12.1-193
- Label also logrotate.status.tmp as logrotate_var_lib_t. BZ(1158835)
- xserver_manage_xdm_tmp_files is depracated and replaced with userdom_manage_user_tmp_files