-+## Allow samba to export ntfs/fusefs volumes. ++## Allow ftpd to use ntfs/fusefs volumes. +##
+##
## Determine whether openvpn can
## read generic user home content files.
-@@ -26,6 +33,9 @@ files_config_file(openvpn_etc_t)
+@@ -26,12 +33,18 @@ files_config_file(openvpn_etc_t)
type openvpn_etc_rw_t;
files_config_file(openvpn_etc_rw_t)
@@ -51118,7 +51254,16 @@ index 3270ff9..8e252e4 100644
type openvpn_initrc_exec_t;
init_script_file(openvpn_initrc_exec_t)
-@@ -43,7 +53,7 @@ files_pid_file(openvpn_var_run_t)
+ type openvpn_status_t;
+ logging_log_file(openvpn_status_t)
+
++type openvpn_var_lib_t;
++files_type(openvpn_var_lib_t)
++
+ type openvpn_var_log_t;
+ logging_log_file(openvpn_var_log_t)
+
+@@ -43,7 +56,7 @@ files_pid_file(openvpn_var_run_t)
# Local policy
#
@@ -51127,17 +51272,20 @@ index 3270ff9..8e252e4 100644
allow openvpn_t self:process { signal getsched setsched };
allow openvpn_t self:fifo_file rw_fifo_file_perms;
allow openvpn_t self:unix_dgram_socket sendto;
-@@ -62,6 +72,9 @@ filetrans_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t, file)
+@@ -62,6 +75,12 @@ filetrans_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t, file)
allow openvpn_t openvpn_status_t:file manage_file_perms;
logging_log_filetrans(openvpn_t, openvpn_status_t, file, "openvpn-status.log")
+manage_files_pattern(openvpn_t, openvpn_tmp_t, openvpn_tmp_t)
+files_tmp_filetrans(openvpn_t, openvpn_tmp_t, file)
+
++manage_files_pattern(openvpn_t, openvpn_var_lib_t, openvpn_var_lib_t)
++files_var_lib_filetrans(openvpn_t, openvpn_var_lib_t, { dir file })
++
manage_dirs_pattern(openvpn_t, openvpn_var_log_t, openvpn_var_log_t)
append_files_pattern(openvpn_t, openvpn_var_log_t, openvpn_var_log_t)
create_files_pattern(openvpn_t, openvpn_var_log_t, openvpn_var_log_t)
-@@ -83,7 +96,6 @@ kernel_request_load_module(openvpn_t)
+@@ -83,7 +102,6 @@ kernel_request_load_module(openvpn_t)
corecmd_exec_bin(openvpn_t)
corecmd_exec_shell(openvpn_t)
@@ -51145,7 +51293,7 @@ index 3270ff9..8e252e4 100644
corenet_all_recvfrom_netlabel(openvpn_t)
corenet_tcp_sendrecv_generic_if(openvpn_t)
corenet_udp_sendrecv_generic_if(openvpn_t)
-@@ -105,11 +117,12 @@ corenet_tcp_bind_http_port(openvpn_t)
+@@ -105,11 +123,12 @@ corenet_tcp_bind_http_port(openvpn_t)
corenet_sendrecv_http_client_packets(openvpn_t)
corenet_tcp_connect_http_port(openvpn_t)
corenet_tcp_sendrecv_http_port(openvpn_t)
@@ -51159,7 +51307,7 @@ index 3270ff9..8e252e4 100644
corenet_rw_tun_tap_dev(openvpn_t)
dev_read_rand(openvpn_t)
-@@ -121,18 +134,24 @@ fs_search_auto_mountpoints(openvpn_t)
+@@ -121,18 +140,24 @@ fs_search_auto_mountpoints(openvpn_t)
auth_use_pam(openvpn_t)
@@ -51187,7 +51335,7 @@ index 3270ff9..8e252e4 100644
')
tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
-@@ -155,3 +174,27 @@ optional_policy(`
+@@ -155,3 +180,27 @@ optional_policy(`
networkmanager_dbus_chat(openvpn_t)
')
')
@@ -57268,7 +57416,7 @@ index 2e23946..589bbf2 100644
+ postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch")
')
diff --git a/postfix.te b/postfix.te
-index 191a66f..5acf87c 100644
+index 191a66f..cddce7d 100644
--- a/postfix.te
+++ b/postfix.te
@@ -1,4 +1,4 @@
@@ -57357,7 +57505,7 @@ index 191a66f..5acf87c 100644
type postfix_data_t;
files_type(postfix_data_t)
-@@ -102,160 +102,64 @@ mta_mailserver_delivery(postfix_virtual_t)
+@@ -102,160 +102,61 @@ mta_mailserver_delivery(postfix_virtual_t)
########################################
#
@@ -57521,19 +57669,19 @@ index 191a66f..5acf87c 100644
-manage_sock_files_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
-setattr_dirs_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
-filetrans_pattern(postfix_master_t, postfix_spool_t, postfix_public_t, dir, "public")
-
+-
-create_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_maildrop_t)
- delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
- rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-+rw_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
- setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+-delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+-rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+-setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-filetrans_pattern(postfix_master_t, postfix_spool_t, postfix_spool_maildrop_t, dir, "maildrop")
--
+
-create_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_var_run_t)
-setattr_dirs_pattern(postfix_master_t, postfix_var_run_t, postfix_var_run_t)
-filetrans_pattern(postfix_master_t, postfix_spool_t, postfix_var_run_t, dir, "pid")
-
-can_exec(postfix_master_t, postfix_exec_t)
++manage_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
-domtrans_pattern(postfix_master_t, postfix_postqueue_exec_t, postfix_postqueue_t)
-domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
@@ -57543,7 +57691,7 @@ index 191a66f..5acf87c 100644
corenet_all_recvfrom_netlabel(postfix_master_t)
corenet_tcp_sendrecv_generic_if(postfix_master_t)
corenet_udp_sendrecv_generic_if(postfix_master_t)
-@@ -263,50 +167,44 @@ corenet_tcp_sendrecv_generic_node(postfix_master_t)
+@@ -263,50 +164,44 @@ corenet_tcp_sendrecv_generic_node(postfix_master_t)
corenet_udp_sendrecv_generic_node(postfix_master_t)
corenet_tcp_sendrecv_all_ports(postfix_master_t)
corenet_udp_sendrecv_all_ports(postfix_master_t)
@@ -57612,7 +57760,7 @@ index 191a66f..5acf87c 100644
optional_policy(`
cyrus_stream_connect(postfix_master_t)
')
-@@ -316,14 +214,11 @@ optional_policy(`
+@@ -316,14 +211,11 @@ optional_policy(`
')
optional_policy(`
@@ -57628,7 +57776,7 @@ index 191a66f..5acf87c 100644
postgrey_search_spool(postfix_master_t)
')
-@@ -333,12 +228,14 @@ optional_policy(`
+@@ -333,12 +225,14 @@ optional_policy(`
########################################
#
@@ -57645,7 +57793,7 @@ index 191a66f..5acf87c 100644
manage_dirs_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
manage_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
-@@ -355,37 +252,34 @@ manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool
+@@ -355,37 +249,34 @@ manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool
########################################
#
@@ -57692,7 +57840,7 @@ index 191a66f..5acf87c 100644
optional_policy(`
mailman_read_data_files(postfix_cleanup_t)
-@@ -393,36 +287,50 @@ optional_policy(`
+@@ -393,36 +284,50 @@ optional_policy(`
########################################
#
@@ -57752,7 +57900,7 @@ index 191a66f..5acf87c 100644
')
optional_policy(`
-@@ -434,6 +342,7 @@ optional_policy(`
+@@ -434,6 +339,7 @@ optional_policy(`
')
optional_policy(`
@@ -57760,7 +57908,7 @@ index 191a66f..5acf87c 100644
mailman_manage_data_files(postfix_local_t)
mailman_append_log(postfix_local_t)
mailman_read_log(postfix_local_t)
-@@ -444,6 +353,10 @@ optional_policy(`
+@@ -444,6 +350,10 @@ optional_policy(`
')
optional_policy(`
@@ -57771,7 +57919,7 @@ index 191a66f..5acf87c 100644
procmail_domtrans(postfix_local_t)
')
-@@ -458,15 +371,17 @@ optional_policy(`
+@@ -458,15 +368,17 @@ optional_policy(`
########################################
#
@@ -57795,7 +57943,7 @@ index 191a66f..5acf87c 100644
manage_dirs_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
manage_files_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
-@@ -476,14 +391,15 @@ kernel_read_kernel_sysctls(postfix_map_t)
+@@ -476,14 +388,15 @@ kernel_read_kernel_sysctls(postfix_map_t)
kernel_dontaudit_list_proc(postfix_map_t)
kernel_dontaudit_read_system_state(postfix_map_t)
@@ -57815,7 +57963,7 @@ index 191a66f..5acf87c 100644
corecmd_list_bin(postfix_map_t)
corecmd_read_bin_symlinks(postfix_map_t)
-@@ -492,7 +408,6 @@ corecmd_read_bin_pipes(postfix_map_t)
+@@ -492,7 +405,6 @@ corecmd_read_bin_pipes(postfix_map_t)
corecmd_read_bin_sockets(postfix_map_t)
files_list_home(postfix_map_t)
@@ -57823,7 +57971,7 @@ index 191a66f..5acf87c 100644
files_read_etc_runtime_files(postfix_map_t)
files_dontaudit_search_var(postfix_map_t)
-@@ -500,21 +415,22 @@ auth_use_nsswitch(postfix_map_t)
+@@ -500,21 +412,22 @@ auth_use_nsswitch(postfix_map_t)
logging_send_syslog_msg(postfix_map_t)
@@ -57849,7 +57997,7 @@ index 191a66f..5acf87c 100644
stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t)
rw_fifo_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
-@@ -524,16 +440,15 @@ allow postfix_pickup_t postfix_spool_t:dir list_dir_perms;
+@@ -524,16 +437,15 @@ allow postfix_pickup_t postfix_spool_t:dir list_dir_perms;
read_files_pattern(postfix_pickup_t, postfix_spool_t, postfix_spool_t)
delete_files_pattern(postfix_pickup_t, postfix_spool_t, postfix_spool_t)
@@ -57869,7 +58017,7 @@ index 191a66f..5acf87c 100644
#
allow postfix_pipe_t self:process setrlimit;
-@@ -576,19 +491,26 @@ optional_policy(`
+@@ -576,19 +488,26 @@ optional_policy(`
########################################
#
@@ -57901,7 +58049,7 @@ index 191a66f..5acf87c 100644
term_dontaudit_use_all_ptys(postfix_postdrop_t)
term_dontaudit_use_all_ttys(postfix_postdrop_t)
-@@ -603,10 +525,7 @@ optional_policy(`
+@@ -603,10 +522,7 @@ optional_policy(`
cron_system_entry(postfix_postdrop_t, postfix_postdrop_exec_t)
')
@@ -57913,7 +58061,7 @@ index 191a66f..5acf87c 100644
optional_policy(`
fstools_read_pipes(postfix_postdrop_t)
')
-@@ -621,17 +540,24 @@ optional_policy(`
+@@ -621,17 +537,24 @@ optional_policy(`
#######################################
#
@@ -57941,7 +58089,7 @@ index 191a66f..5acf87c 100644
init_sigchld_script(postfix_postqueue_t)
init_use_script_fds(postfix_postqueue_t)
-@@ -647,67 +573,77 @@ optional_policy(`
+@@ -647,67 +570,77 @@ optional_policy(`
########################################
#
@@ -58037,7 +58185,7 @@ index 191a66f..5acf87c 100644
')
optional_policy(`
-@@ -720,29 +656,30 @@ optional_policy(`
+@@ -720,29 +653,30 @@ optional_policy(`
########################################
#
@@ -58076,7 +58224,7 @@ index 191a66f..5acf87c 100644
optional_policy(`
dovecot_stream_connect_auth(postfix_smtpd_t)
dovecot_stream_connect(postfix_smtpd_t)
-@@ -754,6 +691,7 @@ optional_policy(`
+@@ -754,6 +688,7 @@ optional_policy(`
optional_policy(`
milter_stream_connect_all(postfix_smtpd_t)
@@ -58084,7 +58232,7 @@ index 191a66f..5acf87c 100644
')
optional_policy(`
-@@ -764,31 +702,99 @@ optional_policy(`
+@@ -764,31 +699,99 @@ optional_policy(`
sasl_connect(postfix_smtpd_t)
')
@@ -65760,7 +65908,7 @@ index 951db7f..7736755 100644
+ allow $1 mdadm_exec_t:file { getattr_file_perms execute };
')
diff --git a/raid.te b/raid.te
-index 2c1730b..f60c494 100644
+index 2c1730b..1e9ad6b 100644
--- a/raid.te
+++ b/raid.te
@@ -15,6 +15,12 @@ role mdadm_roles types mdadm_t;
@@ -65812,7 +65960,7 @@ index 2c1730b..f60c494 100644
corecmd_exec_bin(mdadm_t)
corecmd_exec_shell(mdadm_t)
-@@ -49,19 +63,25 @@ corecmd_exec_shell(mdadm_t)
+@@ -49,19 +63,26 @@ corecmd_exec_shell(mdadm_t)
dev_rw_sysfs(mdadm_t)
dev_dontaudit_getattr_all_blk_files(mdadm_t)
dev_dontaudit_getattr_all_chr_files(mdadm_t)
@@ -65823,6 +65971,7 @@ index 2c1730b..f60c494 100644
+dev_read_kvm(mdadm_t)
+dev_read_nvram(mdadm_t)
+dev_read_generic_files(mdadm_t)
++dev_read_generic_usb_dev(mdadm_t)
+domain_read_all_domains_state(mdadm_t)
domain_use_interactive_fds(mdadm_t)
@@ -65840,7 +65989,7 @@ index 2c1730b..f60c494 100644
mls_file_read_all_levels(mdadm_t)
mls_file_write_all_levels(mdadm_t)
-@@ -70,15 +90,19 @@ storage_dev_filetrans_fixed_disk(mdadm_t)
+@@ -70,15 +91,19 @@ storage_dev_filetrans_fixed_disk(mdadm_t)
storage_manage_fixed_disk(mdadm_t)
storage_read_scsi_generic(mdadm_t)
storage_write_scsi_generic(mdadm_t)
@@ -65861,7 +66010,7 @@ index 2c1730b..f60c494 100644
userdom_dontaudit_use_unpriv_user_fds(mdadm_t)
userdom_dontaudit_search_user_home_content(mdadm_t)
-@@ -97,9 +121,17 @@ optional_policy(`
+@@ -97,9 +122,17 @@ optional_policy(`
')
optional_policy(`
@@ -67533,10 +67682,10 @@ index b418d1c..1ad9c12 100644
xen_domtrans_xm(rgmanager_t)
')
diff --git a/rhcs.fc b/rhcs.fc
-index 47de2d6..347ddf7 100644
+index 47de2d6..98a4280 100644
--- a/rhcs.fc
+++ b/rhcs.fc
-@@ -1,31 +1,80 @@
+@@ -1,31 +1,85 @@
-/etc/rc\.d/init\.d/dlm -- gen_context(system_u:object_r:dlm_controld_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/foghorn -- gen_context(system_u:object_r:foghorn_initrc_exec_t,s0)
+/usr/sbin/dlm_controld -- gen_context(system_u:object_r:dlm_controld_exec_t,s0)
@@ -67607,6 +67756,7 @@ index 47de2d6..347ddf7 100644
+
+/usr/lib/systemd/system/corosync.* -- gen_context(system_u:object_r:cluster_unit_file_t,s0)
+/usr/lib/systemd/system/pacemaker.* -- gen_context(system_u:object_r:cluster_unit_file_t,s0)
++/usr/lib/systemd/system/pcsd.* -- gen_context(system_u:object_r:cluster_unit_file_t,s0)
+
+/usr/sbin/aisexec -- gen_context(system_u:object_r:cluster_exec_t,s0)
+/usr/sbin/corosync -- gen_context(system_u:object_r:cluster_exec_t,s0)
@@ -67618,12 +67768,15 @@ index 47de2d6..347ddf7 100644
+/usr/sbin/rgmanager -- gen_context(system_u:object_r:cluster_exec_t,s0)
+/usr/sbin/pacemakerd -- gen_context(system_u:object_r:cluster_exec_t,s0)
+
++/usr/lib/pcsd/pcsd -- gen_context(system_u:object_r:cluster_exec_t,s0)
++
+/usr/lib/heartbeat(/.*)? gen_context(system_u:object_r:cluster_var_lib_t,s0)
+/usr/lib/heartbeat/heartbeat -- gen_context(system_u:object_r:cluster_exec_t,s0)
+/var/lib/heartbeat(/.*)? gen_context(system_u:object_r:cluster_var_lib_t,s0)
+/var/lib/corosync(/.*)? gen_context(system_u:object_r:cluster_var_lib_t,s0)
+/var/lib/openais(/.*)? gen_context(system_u:object_r:cluster_var_lib_t,s0)
+/var/lib/pacemaker(/.*)? gen_context(system_u:object_r:cluster_var_lib_t,s0)
++/var/lib/pcsd(/.*)? gen_context(system_u:object_r:cluster_var_lib_t,s0)
+/var/lib/pengine(/.*)? gen_context(system_u:object_r:cluster_var_lib_t,s0)
+
+/var/run/aisexec.* gen_context(system_u:object_r:cluster_var_run_t,s0)
@@ -67640,6 +67793,7 @@ index 47de2d6..347ddf7 100644
+/var/log/cluster/cpglockd\.log.* -- gen_context(system_u:object_r:cluster_var_log_t,s0)
+/var/log/cluster/corosync\.log.* -- gen_context(system_u:object_r:cluster_var_log_t,s0)
+/var/log/cluster/rgmanager\.log.* -- gen_context(system_u:object_r:cluster_var_log_t,s0)
++/var/log/pcsd(/.*)? gen_context(system_u:object_r:cluster_var_log_t,s0)
diff --git a/rhcs.if b/rhcs.if
index 56bc01f..4699b1b 100644
--- a/rhcs.if
@@ -68347,7 +68501,7 @@ index 56bc01f..4699b1b 100644
+ allow $1 cluster_unit_file_t:service all_service_perms;
')
diff --git a/rhcs.te b/rhcs.te
-index 2c2de9a..2a210ef 100644
+index 2c2de9a..a4a6d82 100644
--- a/rhcs.te
+++ b/rhcs.te
@@ -20,6 +20,27 @@ gen_tunable(fenced_can_network_connect, false)
@@ -68736,6 +68890,15 @@ index 2c2de9a..2a210ef 100644
tunable_policy(`fenced_can_network_connect',`
corenet_sendrecv_all_client_packets(fenced_t)
+@@ -182,7 +461,7 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- corosync_exec(fenced_t)
++ rhcs_exec_cluster(fenced_t)
+ ')
+
+ optional_policy(`
@@ -190,10 +469,6 @@ optional_policy(`
')
@@ -68761,12 +68924,15 @@ index 2c2de9a..2a210ef 100644
#######################################
#
# foghorn local policy
-@@ -223,14 +505,16 @@ corenet_tcp_sendrecv_agentx_port(foghorn_t)
+@@ -221,16 +503,18 @@ corenet_sendrecv_agentx_client_packets(foghorn_t)
+ corenet_tcp_connect_agentx_port(foghorn_t)
+ corenet_tcp_sendrecv_agentx_port(foghorn_t)
++corenet_tcp_connect_snmp_port(foghorn_t)
++
dev_read_urand(foghorn_t)
-files_read_usr_files(foghorn_t)
-+
+logging_send_syslog_msg(foghorn_t)
optional_policy(`
@@ -68775,7 +68941,6 @@ index 2c2de9a..2a210ef 100644
optional_policy(`
- snmp_read_snmp_var_lib_files(foghorn_t)
-+ #snmp_manage_var_lib_dirs(foghorn_t)
+ snmp_manage_var_lib_files(foghorn_t)
snmp_stream_connect(foghorn_t)
')
@@ -68789,7 +68954,7 @@ index 2c2de9a..2a210ef 100644
optional_policy(`
lvm_exec(gfs_controld_t)
dev_rw_lvm_control(gfs_controld_t)
-@@ -275,10 +561,36 @@ domtrans_pattern(groupd_t, fenced_exec_t, fenced_t)
+@@ -275,10 +561,39 @@ domtrans_pattern(groupd_t, fenced_exec_t, fenced_t)
dev_list_sysfs(groupd_t)
@@ -68823,12 +68988,15 @@ index 2c2de9a..2a210ef 100644
+corenet_tcp_connect_commplex_main_port(haproxy_t)
+corenet_tcp_bind_commplex_main_port(haproxy_t)
+
++corenet_tcp_connect_fmpro_internal_port(haproxy_t)
++corenet_tcp_connect_rtp_media_port(haproxy_t)
++
+sysnet_dns_name_resolve(haproxy_t)
+
######################################
#
# qdiskd local policy
-@@ -321,6 +633,8 @@ storage_raw_write_fixed_disk(qdiskd_t)
+@@ -321,6 +636,8 @@ storage_raw_write_fixed_disk(qdiskd_t)
auth_use_nsswitch(qdiskd_t)
@@ -77050,7 +77218,7 @@ index 98c9e0a..df51942 100644
files_search_pids($1)
admin_pattern($1, sblim_var_run_t)
diff --git a/sblim.te b/sblim.te
-index 4a23d84..49c7362 100644
+index 4a23d84..d90604c 100644
--- a/sblim.te
+++ b/sblim.te
@@ -7,13 +7,9 @@ policy_module(sblim, 1.0.3)
@@ -77080,7 +77248,7 @@ index 4a23d84..49c7362 100644
corenet_tcp_sendrecv_generic_if(sblim_domain)
corenet_tcp_sendrecv_generic_node(sblim_domain)
-@@ -44,19 +37,13 @@ corenet_tcp_sendrecv_repository_port(sblim_domain)
+@@ -44,19 +37,15 @@ corenet_tcp_sendrecv_repository_port(sblim_domain)
dev_read_sysfs(sblim_domain)
@@ -77089,7 +77257,8 @@ index 4a23d84..49c7362 100644
-files_read_etc_files(sblim_domain)
-
-miscfiles_read_localization(sblim_domain)
--
++auth_read_passwd(sblim_domain)
+
########################################
#
# Gatherd local policy
@@ -77102,7 +77271,7 @@ index 4a23d84..49c7362 100644
allow sblim_gatherd_t self:fifo_file rw_fifo_file_perms;
allow sblim_gatherd_t self:unix_stream_socket { accept listen };
-@@ -84,6 +71,8 @@ storage_raw_read_removable_device(sblim_gatherd_t)
+@@ -84,6 +73,8 @@ storage_raw_read_removable_device(sblim_gatherd_t)
init_read_utmp(sblim_gatherd_t)
@@ -77111,7 +77280,7 @@ index 4a23d84..49c7362 100644
sysnet_dns_name_resolve(sblim_gatherd_t)
term_getattr_pty_fs(sblim_gatherd_t)
-@@ -103,8 +92,9 @@ optional_policy(`
+@@ -103,8 +94,9 @@ optional_policy(`
')
optional_policy(`
@@ -77122,8 +77291,12 @@ index 4a23d84..49c7362 100644
')
optional_policy(`
-@@ -119,4 +109,6 @@ optional_policy(`
+@@ -117,6 +109,10 @@ optional_policy(`
+ # Reposd local policy
+ #
++corenet_tcp_bind_generic_node(sblim_reposd_t)
++
corenet_sendrecv_repository_server_packets(sblim_reposd_t)
corenet_tcp_bind_repository_port(sblim_reposd_t)
-corenet_tcp_bind_generic_node(sblim_domain)
@@ -79292,13 +79465,15 @@ index ca32e89..98278dd 100644
+
')
diff --git a/slpd.te b/slpd.te
-index 66ac42a..f28fadc 100644
+index 66ac42a..1a4c952 100644
--- a/slpd.te
+++ b/slpd.te
-@@ -50,6 +50,8 @@ corenet_sendrecv_svrloc_server_packets(slpd_t)
+@@ -50,6 +50,10 @@ corenet_sendrecv_svrloc_server_packets(slpd_t)
corenet_tcp_bind_svrloc_port(slpd_t)
corenet_udp_bind_svrloc_port(slpd_t)
++corenet_udp_bind_dhcpc_port(slpd_t)
++
+dev_read_urand(slpd_t)
+
auth_use_nsswitch(slpd_t)
@@ -82329,7 +82504,7 @@ index a240455..54c5c1f 100644
- admin_pattern($1, sssd_log_t)
')
diff --git a/sssd.te b/sssd.te
-index 8b537aa..eaa7a83 100644
+index 8b537aa..e9632c3 100644
--- a/sssd.te
+++ b/sssd.te
@@ -1,4 +1,4 @@
@@ -82418,7 +82593,7 @@ index 8b537aa..eaa7a83 100644
auth_domtrans_chk_passwd(sssd_t)
auth_domtrans_upd_passwd(sssd_t)
auth_manage_cache(sssd_t)
-@@ -112,18 +105,30 @@ logging_send_syslog_msg(sssd_t)
+@@ -112,18 +105,31 @@ logging_send_syslog_msg(sssd_t)
logging_send_audit_msgs(sssd_t)
miscfiles_read_generic_certs(sssd_t)
@@ -82448,6 +82623,7 @@ index 8b537aa..eaa7a83 100644
+
+optional_policy(`
+ ldap_stream_connect(sssd_t)
++ ldap_read_certs(sssd_t)
+')
+
+userdom_home_reader(sssd_t)
@@ -83618,7 +83794,7 @@ index c7de0cf..9813503 100644
+/usr/libexec/telepathy-stream-engine -- gen_context(system_u:object_r:telepathy_stream_engine_exec_t, s0)
+/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0)
diff --git a/telepathy.if b/telepathy.if
-index 42946bc..95a9aa3 100644
+index 42946bc..3d30062 100644
--- a/telepathy.if
+++ b/telepathy.if
@@ -2,45 +2,39 @@
@@ -83698,7 +83874,7 @@ index 42946bc..95a9aa3 100644
type telepathy_gabble_t, telepathy_sofiasip_t, telepathy_idle_t;
type telepathy_mission_control_t, telepathy_salut_t, telepathy_sunshine_t;
type telepathy_stream_engine_t, telepathy_msn_t, telepathy_gabble_exec_t;
-@@ -63,91 +62,61 @@ template(`telepathy_role_template',`
+@@ -63,91 +62,79 @@ template(`telepathy_role_template',`
type telepathy_mission_control_exec_t, telepathy_salut_exec_t;
type telepathy_sunshine_exec_t, telepathy_stream_engine_exec_t;
type telepathy_msn_exec_t;
@@ -83712,11 +83888,14 @@ index 42946bc..95a9aa3 100644
-
- allow $3 telepathy_domain:process { ptrace signal_perms };
- ps_process_pattern($3, telepathy_domain)
--
++ role $1 types telepathy_domain;
+
- telepathy_gabble_stream_connect($3)
- telepathy_msn_stream_connect($3)
- telepathy_salut_stream_connect($3)
--
++ allow $2 telepathy_domain:process signal_perms;
++ ps_process_pattern($2, telepathy_domain)
+
- dbus_spec_session_domain($1, telepathy_gabble_exec_t, telepathy_gabble_t)
- dbus_spec_session_domain($1, telepathy_sofiasip_exec_t, telepathy_sofiasip_t)
- dbus_spec_session_domain($1, telepathy_idle_exec_t, telepathy_idle_t)
@@ -83726,30 +83905,13 @@ index 42946bc..95a9aa3 100644
- dbus_spec_session_domain($1, telepathy_sunshine_exec_t, telepathy_sunshine_t)
- dbus_spec_session_domain($1, telepathy_stream_engine_exec_t, telepathy_stream_engine_t)
- dbus_spec_session_domain($1, telepathy_msn_exec_t, telepathy_msn_t)
--
-- allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:dir { manage_dir_perms relabel_dir_perms };
-- allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
-- allow $3 { telepathy_mission_control_data_home_t telepathy_sunshine_home_t telepathy_logger_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
--
-- allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:file { manage_file_perms relabel_file_perms };
-- allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:file { manage_file_perms relabel_file_perms };
-- allow $3 { telepathy_mission_control_data_home_t telepathy_sunshine_home_t telepathy_logger_data_home_t }:file { manage_file_perms relabel_file_perms };
-+ role $1 types telepathy_domain;
-
-- filetrans_pattern($3, telepathy_cache_home_t, telepathy_gabble_cache_home_t, dir, "gabble")
-- # gnome_cache_filetrans($3, telepathy_gabble_cache_home_t, dir, "wocky")
-+ allow $2 telepathy_domain:process signal_perms;
-+ ps_process_pattern($2, telepathy_domain)
-
-- filetrans_pattern($3, telepathy_cache_home_t, telepathy_logger_cache_home_t, dir, "logger")
-- # gnome_data_filetrans($3, telepathy_logger_data_home_t, dir, "TpLogger")
+ telepathy_gabble_stream_connect($2)
+ telepathy_msn_stream_connect($2)
+ telepathy_salut_stream_connect($2)
-- userdom_user_home_dir_filetrans($3, telepathy_mission_control_home_t, dir, ".mission-control")
-- filetrans_pattern($3, telepathy_data_home_t, telepathy_mission_control_data_home_t, dir, "mission-control")
-- # gnome_cache_filetrans($3, telepathy_mission_control_cache_home_t, file, ".mc_connections")
+- allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:dir { manage_dir_perms relabel_dir_perms };
+- allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
+- allow $3 { telepathy_mission_control_data_home_t telepathy_sunshine_home_t telepathy_logger_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
+ dbus_session_domain($3, telepathy_gabble_exec_t, telepathy_gabble_t)
+ dbus_session_domain($3, telepathy_sofiasip_exec_t, telepathy_sofiasip_t)
+ dbus_session_domain($3, telepathy_idle_exec_t, telepathy_idle_t)
@@ -83760,6 +83922,20 @@ index 42946bc..95a9aa3 100644
+ dbus_session_domain($3, telepathy_stream_engine_exec_t, telepathy_stream_engine_t)
+ dbus_session_domain($3, telepathy_msn_exec_t, telepathy_msn_t)
+- allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:file { manage_file_perms relabel_file_perms };
+- allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:file { manage_file_perms relabel_file_perms };
+- allow $3 { telepathy_mission_control_data_home_t telepathy_sunshine_home_t telepathy_logger_data_home_t }:file { manage_file_perms relabel_file_perms };
+-
+- filetrans_pattern($3, telepathy_cache_home_t, telepathy_gabble_cache_home_t, dir, "gabble")
+- # gnome_cache_filetrans($3, telepathy_gabble_cache_home_t, dir, "wocky")
+-
+- filetrans_pattern($3, telepathy_cache_home_t, telepathy_logger_cache_home_t, dir, "logger")
+- # gnome_data_filetrans($3, telepathy_logger_data_home_t, dir, "TpLogger")
+-
+- userdom_user_home_dir_filetrans($3, telepathy_mission_control_home_t, dir, ".mission-control")
+- filetrans_pattern($3, telepathy_data_home_t, telepathy_mission_control_data_home_t, dir, "mission-control")
+- # gnome_cache_filetrans($3, telepathy_mission_control_cache_home_t, file, ".mc_connections")
+-
- userdom_user_home_dir_filetrans($3, telepathy_sunshine_home_t, dir, ".telepathy-sunshine")
-
- # gnome_cache_filetrans($3, telepathy_cache_home_t, dir, "telepathy")
@@ -83799,8 +83975,7 @@ index 42946bc..95a9aa3 100644
##