diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 14358b4..2f5cbbb 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -19544,7 +19544,7 @@ index 9d2f311..9e87525 100644
+ postgresql_filetrans_named_content($1)
')
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
-index 346d011..3e23acb 100644
+index 346d011..358881b 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -19,25 +19,32 @@ gen_require(`
@@ -19618,7 +19618,13 @@ index 346d011..3e23acb 100644
manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })
-@@ -304,7 +313,6 @@ kernel_list_proc(postgresql_t)
+@@ -299,12 +308,12 @@ manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run
+ files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })
+
+ kernel_read_kernel_sysctls(postgresql_t)
++kernel_read_network_state(postgresql_t)
+ kernel_read_system_state(postgresql_t)
+ kernel_list_proc(postgresql_t)
kernel_read_all_sysctls(postgresql_t)
kernel_read_proc_symlinks(postgresql_t)
@@ -19626,7 +19632,7 @@ index 346d011..3e23acb 100644
corenet_all_recvfrom_netlabel(postgresql_t)
corenet_tcp_sendrecv_generic_if(postgresql_t)
corenet_udp_sendrecv_generic_if(postgresql_t)
-@@ -342,8 +350,7 @@ domain_dontaudit_list_all_domains_state(postgresql_t)
+@@ -342,8 +351,7 @@ domain_dontaudit_list_all_domains_state(postgresql_t)
domain_use_interactive_fds(postgresql_t)
files_dontaudit_search_home(postgresql_t)
@@ -19636,7 +19642,7 @@ index 346d011..3e23acb 100644
files_read_etc_runtime_files(postgresql_t)
files_read_usr_files(postgresql_t)
-@@ -354,7 +361,6 @@ init_read_utmp(postgresql_t)
+@@ -354,7 +362,6 @@ init_read_utmp(postgresql_t)
logging_send_syslog_msg(postgresql_t)
logging_send_audit_msgs(postgresql_t)
@@ -19644,7 +19650,7 @@ index 346d011..3e23acb 100644
seutil_libselinux_linked(postgresql_t)
seutil_read_default_contexts(postgresql_t)
-@@ -364,10 +370,18 @@ userdom_dontaudit_search_user_home_dirs(postgresql_t)
+@@ -364,10 +371,18 @@ userdom_dontaudit_search_user_home_dirs(postgresql_t)
userdom_dontaudit_use_user_terminals(postgresql_t)
optional_policy(`
@@ -19664,7 +19670,7 @@ index 346d011..3e23acb 100644
allow postgresql_t self:process execmem;
')
-@@ -485,10 +499,52 @@ dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfin
+@@ -485,10 +500,52 @@ dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfin
# It is always allowed to operate temporary objects for any database client.
allow sepgsql_client_type sepgsql_temp_object_t:{db_schema db_table db_column db_tuple db_sequence db_view db_procedure} ~{ relabelto relabelfrom };
@@ -19721,7 +19727,7 @@ index 346d011..3e23acb 100644
allow sepgsql_client_type sepgsql_schema_t:db_schema { add_name remove_name };
')
-@@ -536,7 +592,7 @@ allow sepgsql_admin_type sepgsql_module_type:db_database install_module;
+@@ -536,7 +593,7 @@ allow sepgsql_admin_type sepgsql_module_type:db_database install_module;
kernel_relabelfrom_unlabeled_database(sepgsql_admin_type)
@@ -19730,7 +19736,7 @@ index 346d011..3e23acb 100644
allow sepgsql_admin_type sepgsql_database_type:db_database *;
allow sepgsql_admin_type sepgsql_schema_type:db_schema *;
-@@ -589,3 +645,17 @@ allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
+@@ -589,3 +646,17 @@ allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type)
@@ -43550,7 +43556,7 @@ index 3c5dba7..a44c781 100644
+ dontaudit $1 user_home_type:dir_file_class_set audit_access;
')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
-index e2b538b..3a775a7 100644
+index e2b538b..158e013 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -7,48 +7,42 @@ policy_module(userdomain, 4.8.5)
@@ -43638,7 +43644,7 @@ index e2b538b..3a775a7 100644
type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
fs_associate_tmpfs(user_home_dir_t)
files_type(user_home_dir_t)
-@@ -70,26 +82,227 @@ ubac_constrained(user_home_dir_t)
+@@ -70,26 +82,228 @@ ubac_constrained(user_home_dir_t)
type user_home_t alias { staff_home_t sysadm_home_t secadm_home_t auditadm_home_t unconfined_home_t };
typealias user_home_t alias { staff_untrusted_content_t sysadm_untrusted_content_t secadm_untrusted_content_t auditadm_untrusted_content_t unconfined_untrusted_content_t };
@@ -43694,6 +43700,7 @@ index e2b538b..3a775a7 100644
+
+allow userdomain userdomain:process signull;
+allow userdomain userdomain:fifo_file rw_inherited_fifo_file_perms;
++dontaudit unpriv_userdomain self:rawip_socket create_socket_perms;
+
+# Nautilus causes this avc
+domain_dontaudit_access_check(unpriv_userdomain)
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index e7fd9c2..da02e7c 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -13996,7 +13996,7 @@ index c086302..4f33119 100644
/etc/rc\.d/init\.d/couchdb -- gen_context(system_u:object_r:couchdb_initrc_exec_t,s0)
diff --git a/couchdb.if b/couchdb.if
-index 83d6744..afa2f78 100644
+index 83d6744..694db7b 100644
--- a/couchdb.if
+++ b/couchdb.if
@@ -2,6 +2,44 @@
@@ -14193,7 +14193,7 @@ index 83d6744..afa2f78 100644
init_labeled_script_domtrans($1, couchdb_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 couchdb_initrc_exec_t system_r;
-@@ -46,4 +210,13 @@ interface(`couchdb_admin',`
+@@ -46,4 +210,37 @@ interface(`couchdb_admin',`
files_search_pids($1)
admin_pattern($1, couchdb_var_run_t)
@@ -14207,6 +14207,31 @@ index 83d6744..afa2f78 100644
+ systemd_read_fifo_file_passwd_run($1)
+ ')
')
++
++#######################################
++##
++## Allow domain to manage couchdb content.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`couchdb_manage_files',`
++ gen_require(`
++ type couchdb_var_run_t;
++ type couchdb_log_t;
++ type couchdb_var_lib_t;
++ type couchdb_conf_t;
++ ')
++
++ manage_files_pattern($1, couchdb_log_t, couchdb_log_t)
++ manage_files_pattern($1, couchdb_var_lib_t, couchdb_var_lib_t)
++ manage_files_pattern($1, couchdb_var_run_t, couchdb_var_run_t)
++ manage_files_pattern($1, couchdb_conf_t, couchdb_conf_t)
++')
+\ No newline at end of file
diff --git a/couchdb.te b/couchdb.te
index 503adab..046fe9b 100644
--- a/couchdb.te
@@ -21958,7 +21983,7 @@ index c880070..4448055 100644
-/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
+/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
diff --git a/dovecot.if b/dovecot.if
-index dbcac59..067c453 100644
+index dbcac59..f3e446c 100644
--- a/dovecot.if
+++ b/dovecot.if
@@ -1,29 +1,49 @@
@@ -22085,7 +22110,7 @@ index dbcac59..067c453 100644
##
##
##
-@@ -120,10 +136,29 @@ interface(`dovecot_write_inherited_tmp_files',`
+@@ -120,10 +136,30 @@ interface(`dovecot_write_inherited_tmp_files',`
allow $1 dovecot_tmp_t:file write;
')
@@ -22105,6 +22130,7 @@ index dbcac59..067c453 100644
+ ')
+
+ files_search_etc($1)
++ list_dirs_pattern($1, dovecot_etc_t, dovecot_etc_t)
+ read_files_pattern($1, dovecot_etc_t, dovecot_etc_t)
+')
+
@@ -22117,7 +22143,7 @@ index dbcac59..067c453 100644
##
##
##
-@@ -132,21 +167,24 @@ interface(`dovecot_write_inherited_tmp_files',`
+@@ -132,21 +168,24 @@ interface(`dovecot_write_inherited_tmp_files',`
##
##
##
@@ -22148,7 +22174,7 @@ index dbcac59..067c453 100644
init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
domain_system_change_exemption($1)
-@@ -156,20 +194,25 @@ interface(`dovecot_admin',`
+@@ -156,20 +195,25 @@ interface(`dovecot_admin',`
files_list_etc($1)
admin_pattern($1, dovecot_etc_t)
@@ -66547,10 +66573,10 @@ index 76f5b39..8bb80a2 100644
+')
+
diff --git a/quantum.fc b/quantum.fc
-index 70ab68b..1de192b 100644
+index 70ab68b..c8dbee3 100644
--- a/quantum.fc
+++ b/quantum.fc
-@@ -1,10 +1,26 @@
+@@ -1,10 +1,29 @@
-/etc/rc\.d/init\.d/quantum.* -- gen_context(system_u:object_r:quantum_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/neutron.* -- gen_context(system_u:object_r:neutron_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/quantum.* -- gen_context(system_u:object_r:neutron_initrc_exec_t,s0)
@@ -66566,6 +66592,10 @@ index 70ab68b..1de192b 100644
+/usr/bin/neutron-ovs-cleanup -- gen_context(system_u:object_r:neutron_exec_t,s0)
+/usr/bin/neutron-ryu-agent -- gen_context(system_u:object_r:neutron_exec_t,s0)
+/usr/bin/neutron-server -- gen_context(system_u:object_r:neutron_exec_t,s0)
++/usr/bin/neutron-lbaas-agent -- gen_context(system_u:object_r:neutron_exec_t,s0)
++/usr/bin/neutron-rootwrap -- gen_context(system_u:object_r:neutron_exec_t,s0)
+
+-/var/lib/quantum(/.*)? gen_context(system_u:object_r:quantum_var_lib_t,s0)
+/usr/bin/quantum-dhcp-agent -- gen_context(system_u:object_r:neutron_exec_t,s0)
+/usr/bin/quantum-l3-agent -- gen_context(system_u:object_r:neutron_exec_t,s0)
+/usr/bin/quantum-linuxbridge-agent -- gen_context(system_u:object_r:neutron_exec_t,s0)
@@ -66574,11 +66604,10 @@ index 70ab68b..1de192b 100644
+/usr/bin/quantum-ryu-agent -- gen_context(system_u:object_r:neutron_exec_t,s0)
+/usr/bin/quantum-server -- gen_context(system_u:object_r:neutron_exec_t,s0)
--/var/lib/quantum(/.*)? gen_context(system_u:object_r:quantum_var_lib_t,s0)
+-/var/log/quantum(/.*)? gen_context(system_u:object_r:quantum_log_t,s0)
+/usr/lib/systemd/system/neutron.* -- gen_context(system_u:object_r:neutron_unit_file_t,s0)
+/usr/lib/systemd/system/quantum.* -- gen_context(system_u:object_r:neutron_unit_file_t,s0)
-
--/var/log/quantum(/.*)? gen_context(system_u:object_r:quantum_log_t,s0)
++
+/var/lib/neutron(/.*)? gen_context(system_u:object_r:neutron_var_lib_t,s0)
+/var/lib/quantum(/.*)? gen_context(system_u:object_r:neutron_var_lib_t,s0)
+
@@ -66900,10 +66929,10 @@ index afc0068..3105104 100644
+ ')
')
diff --git a/quantum.te b/quantum.te
-index 769d1fd..0a85601 100644
+index 769d1fd..51e20cd 100644
--- a/quantum.te
+++ b/quantum.te
-@@ -1,96 +1,113 @@
+@@ -1,96 +1,122 @@
-policy_module(quantum, 1.0.2)
+policy_module(quantum, 1.0.3)
@@ -66953,55 +66982,50 @@ index 769d1fd..0a85601 100644
-allow quantum_t self:key manage_key_perms;
-allow quantum_t self:tcp_socket { accept listen };
-allow quantum_t self:unix_stream_socket { accept listen };
-+allow neutron_t self:capability { setgid setuid sys_resource };
++allow neutron_t self:capability { setgid setuid sys_resource net_admin sys_admin };
+allow neutron_t self:process { setsched setrlimit };
+allow neutron_t self:fifo_file rw_fifo_file_perms;
+allow neutron_t self:key manage_key_perms;
+allow neutron_t self:tcp_socket { accept listen };
++allow neutron_t self:netlink_route_socket rw_netlink_socket_perms;
+allow neutron_t self:unix_stream_socket { accept listen };
-
--manage_dirs_pattern(quantum_t, quantum_log_t, quantum_log_t)
--append_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
--create_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
--setattr_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
--logging_log_filetrans(quantum_t, quantum_log_t, dir)
++
+manage_dirs_pattern(neutron_t, neutron_log_t, neutron_log_t)
+append_files_pattern(neutron_t, neutron_log_t, neutron_log_t)
+create_files_pattern(neutron_t, neutron_log_t, neutron_log_t)
+setattr_files_pattern(neutron_t, neutron_log_t, neutron_log_t)
+logging_log_filetrans(neutron_t, neutron_log_t, dir)
-
--manage_files_pattern(quantum_t, quantum_tmp_t, quantum_tmp_t)
--files_tmp_filetrans(quantum_t, quantum_tmp_t, file)
++
+manage_files_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t)
+files_tmp_filetrans(neutron_t, neutron_tmp_t, file)
--manage_dirs_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
--manage_files_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
--files_var_lib_filetrans(quantum_t, quantum_var_lib_t, dir)
+-manage_dirs_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-append_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-create_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-setattr_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
+-logging_log_filetrans(quantum_t, quantum_log_t, dir)
+manage_dirs_pattern(neutron_t, neutron_var_lib_t, neutron_var_lib_t)
+manage_files_pattern(neutron_t, neutron_var_lib_t, neutron_var_lib_t)
+files_var_lib_filetrans(neutron_t, neutron_var_lib_t, dir)
--can_exec(quantum_t, quantum_tmp_t)
+-manage_files_pattern(quantum_t, quantum_tmp_t, quantum_tmp_t)
+-files_tmp_filetrans(quantum_t, quantum_tmp_t, file)
+can_exec(neutron_t, neutron_tmp_t)
--kernel_read_kernel_sysctls(quantum_t)
--kernel_read_system_state(quantum_t)
+-manage_dirs_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
+-manage_files_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
+-files_var_lib_filetrans(quantum_t, quantum_var_lib_t, dir)
+kernel_read_kernel_sysctls(neutron_t)
++kernel_read_network_state(neutron_t)
+kernel_read_system_state(neutron_t)
++kernel_request_load_module(neutron_t)
--corecmd_exec_shell(quantum_t)
--corecmd_exec_bin(quantum_t)
+-can_exec(quantum_t, quantum_tmp_t)
+corecmd_exec_shell(neutron_t)
+corecmd_exec_bin(neutron_t)
--corenet_all_recvfrom_unlabeled(quantum_t)
--corenet_all_recvfrom_netlabel(quantum_t)
--corenet_tcp_sendrecv_generic_if(quantum_t)
--corenet_tcp_sendrecv_generic_node(quantum_t)
--corenet_tcp_sendrecv_all_ports(quantum_t)
--corenet_tcp_bind_generic_node(quantum_t)
+-kernel_read_kernel_sysctls(quantum_t)
+-kernel_read_system_state(quantum_t)
+corenet_all_recvfrom_unlabeled(neutron_t)
+corenet_all_recvfrom_netlabel(neutron_t)
+corenet_tcp_sendrecv_generic_if(neutron_t)
@@ -67009,66 +67033,80 @@ index 769d1fd..0a85601 100644
+corenet_tcp_sendrecv_all_ports(neutron_t)
+corenet_tcp_bind_generic_node(neutron_t)
--dev_list_sysfs(quantum_t)
--dev_read_urand(quantum_t)
+-corecmd_exec_shell(quantum_t)
+-corecmd_exec_bin(quantum_t)
+corenet_tcp_bind_quantum_port(neutron_t)
+corenet_tcp_connect_keystone_port(neutron_t)
+corenet_tcp_connect_amqp_port(neutron_t)
+corenet_tcp_connect_mysqld_port(neutron_t)
--files_read_usr_files(quantum_t)
-+dev_list_sysfs(neutron_t)
+-corenet_all_recvfrom_unlabeled(quantum_t)
+-corenet_all_recvfrom_netlabel(quantum_t)
+-corenet_tcp_sendrecv_generic_if(quantum_t)
+-corenet_tcp_sendrecv_generic_node(quantum_t)
+-corenet_tcp_sendrecv_all_ports(quantum_t)
+-corenet_tcp_bind_generic_node(quantum_t)
++dev_read_sysfs(neutron_t)
+dev_read_urand(neutron_t)
++dev_mounton_sysfs(neutron_t)
++dev_mount_sysfs_fs(neutron_t)
--auth_use_nsswitch(quantum_t)
+-dev_list_sysfs(quantum_t)
+-dev_read_urand(quantum_t)
+auth_use_nsswitch(neutron_t)
--libs_exec_ldconfig(quantum_t)
+-files_read_usr_files(quantum_t)
+libs_exec_ldconfig(neutron_t)
--logging_send_audit_msgs(quantum_t)
--logging_send_syslog_msg(quantum_t)
+-auth_use_nsswitch(quantum_t)
+logging_send_audit_msgs(neutron_t)
+logging_send_syslog_msg(neutron_t)
+-libs_exec_ldconfig(quantum_t)
++sysnet_exec_ifconfig(neutron_t)
+
+-logging_send_audit_msgs(quantum_t)
+-logging_send_syslog_msg(quantum_t)
++optional_policy(`
++ brctl_domtrans(neutron_t)
++')
+
-miscfiles_read_localization(quantum_t)
-+sysnet_domtrans_ifconfig(neutron_t)
++optional_policy(`
++ dnsmasq_domtrans(neutron_t)
++')
-sysnet_domtrans_ifconfig(quantum_t)
+optional_policy(`
-+ brctl_domtrans(neutron_t)
++ iptables_domtrans(neutron_t)
+')
optional_policy(`
- brctl_domtrans(quantum_t)
-+ iptables_domtrans(neutron_t)
++ mysql_stream_connect(neutron_t)
++ mysql_read_config(neutron_t)
++
++ mysql_tcp_connect(neutron_t)
')
optional_policy(`
- mysql_stream_connect(quantum_t)
- mysql_read_config(quantum_t)
-+ mysql_stream_connect(neutron_t)
-+ mysql_read_config(neutron_t)
++ postgresql_stream_connect(neutron_t)
++ postgresql_unpriv_client(neutron_t)
- mysql_tcp_connect(quantum_t)
-+ mysql_tcp_connect(neutron_t)
++ postgresql_tcp_connect(neutron_t)
')
optional_policy(`
- postgresql_stream_connect(quantum_t)
- postgresql_unpriv_client(quantum_t)
-+ postgresql_stream_connect(neutron_t)
-+ postgresql_unpriv_client(neutron_t)
-+
-+ postgresql_tcp_connect(neutron_t)
-+')
-
-- postgresql_tcp_connect(quantum_t)
-+optional_policy(`
+ openvswitch_domtrans(neutron_t)
+ openvswitch_stream_connect(neutron_t)
+')
-+
+
+- postgresql_tcp_connect(quantum_t)
+optional_policy(`
+ sudo_exec(neutron_t)
')
@@ -67518,7 +67556,7 @@ index 2c3d338..cf3e5ad 100644
########################################
diff --git a/rabbitmq.te b/rabbitmq.te
-index 3698b51..136b017 100644
+index 3698b51..4e0be2d 100644
--- a/rabbitmq.te
+++ b/rabbitmq.te
@@ -19,6 +19,9 @@ init_script_file(rabbitmq_initrc_exec_t)
@@ -67579,7 +67617,7 @@ index 3698b51..136b017 100644
corenet_sendrecv_amqp_server_packets(rabbitmq_beam_t)
corenet_tcp_bind_amqp_port(rabbitmq_beam_t)
-@@ -68,20 +81,50 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
+@@ -68,20 +81,47 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
corenet_tcp_connect_epmd_port(rabbitmq_beam_t)
corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t)
@@ -67615,10 +67653,7 @@ index 3698b51..136b017 100644
+logging_send_syslog_msg(rabbitmq_beam_t)
+
+optional_policy(`
-+ couchdb_manage_lib_files(rabbitmq_beam_t)
-+ couchdb_read_conf_files(rabbitmq_beam_t)
-+ couchdb_read_log_files(rabbitmq_beam_t)
-+ couchdb_search_pid_dirs(rabbitmq_beam_t)
++ couchdb_manage_files(rabbitmq_beam_t)
+')
+
+optional_policy(`
@@ -67634,7 +67669,7 @@ index 3698b51..136b017 100644
allow rabbitmq_epmd_t self:process signal;
allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms;
allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms;
-@@ -99,8 +142,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
+@@ -99,8 +139,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
corenet_tcp_bind_epmd_port(rabbitmq_epmd_t)
corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t)
@@ -82719,7 +82754,7 @@ index 7d86b34..5f58180 100644
+ files_list_pids($1)
')
diff --git a/snort.te b/snort.te
-index ccd28bb..80106ac 100644
+index ccd28bb..6e335a9 100644
--- a/snort.te
+++ b/snort.te
@@ -32,10 +32,13 @@ files_pid_file(snort_var_run_t)
@@ -82737,7 +82772,18 @@ index ccd28bb..80106ac 100644
allow snort_t self:netlink_firewall_socket create_socket_perms;
allow snort_t snort_etc_t:dir list_dir_perms;
-@@ -63,7 +66,6 @@ kernel_request_load_module(snort_t)
+@@ -43,9 +46,7 @@ allow snort_t snort_etc_t:file read_file_perms;
+ allow snort_t snort_etc_t:lnk_file read_lnk_file_perms;
+
+ manage_dirs_pattern(snort_t, snort_log_t, snort_log_t)
+-append_files_pattern(snort_t, snort_log_t, snort_log_t)
+-create_files_pattern(snort_t, snort_log_t, snort_log_t)
+-setattr_files_pattern(snort_t, snort_log_t, snort_log_t)
++manage_files_pattern(snort_t, snort_log_t, snort_log_t)
+ logging_log_filetrans(snort_t, snort_log_t, { file dir })
+
+ manage_dirs_pattern(snort_t, snort_tmp_t, snort_tmp_t)
+@@ -63,7 +64,6 @@ kernel_request_load_module(snort_t)
kernel_dontaudit_read_system_state(snort_t)
kernel_read_network_state(snort_t)
@@ -82745,7 +82791,7 @@ index ccd28bb..80106ac 100644
corenet_all_recvfrom_netlabel(snort_t)
corenet_tcp_sendrecv_generic_if(snort_t)
corenet_udp_sendrecv_generic_if(snort_t)
-@@ -86,18 +88,17 @@ dev_rw_generic_usb_dev(snort_t)
+@@ -86,18 +86,17 @@ dev_rw_generic_usb_dev(snort_t)
domain_use_interactive_fds(snort_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 46b7d8c..48fffee 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 74.19%{?dist}
+Release: 74.20%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -542,6 +542,16 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Mar 17 2014 Lukas Vrabec 3.12.1-74.20
+- Backported quantum and neutron rules from rawhide
+- Allow couchdb can manage rabbitmq files
+- Added couchdb_manage_files interface
+- Fixed quantum policy
+- Allow snort to manage its log files
+- Allow procman to list doveconf_etc_t
+- Dontaudit unpriv users creating rawip_socket, will be blocked by DAC
+- Allow postgresql to read network state
+
* Mon Feb 24 2014 Lukas Vrabec 3.12.1-74.19
- Added var_lib filetrans in iscsi policy
- Allow iscsi to manage iscsi_var_lib_t files and dirs