++##
++## Allow collectd to connect to the
++## network using TCP.
++##
++##
++gen_tunable(collectd_can_network_connect, false)
++
+type collectd_t;
+type collectd_exec_t;
+init_daemon_domain(collectd_t, collectd_exec_t)
@@ -24052,10 +24092,12 @@ index 0000000..979ed78
+domain_use_interactive_fds(collectd_t)
+
+kernel_read_network_state(collectd_t)
++kernel_read_net_sysctls(collectd_t)
+kernel_read_system_state(collectd_t)
+
+dev_read_sysfs(collectd_t)
+
++files_getattr_all_dirs(collectd_t)
+files_read_etc_files(collectd_t)
+files_read_usr_files(collectd_t)
+
@@ -24067,6 +24109,12 @@ index 0000000..979ed78
+
+sysnet_dns_name_resolve(collectd_t)
+
++tunable_policy(`collectd_can_network_connect',`
++ corenet_tcp_connect_all_ports(collectd_t)
++ corenet_tcp_sendrecv_all_ports(collectd_t)
++ corenet_sendrecv_all_client_packets(collectd_t)
++')
++
+optional_policy(`
+ apache_content_template(collectd)
+ permissive httpd_collectd_script_t;
@@ -24153,7 +24201,7 @@ index 0000000..939d76e
+')
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
new file mode 100644
-index 0000000..3d9234d
+index 0000000..76bf893
--- /dev/null
+++ b/policy/modules/services/colord.te
@@ -0,0 +1,132 @@
@@ -24210,7 +24258,7 @@ index 0000000..3d9234d
+kernel_request_load_module(colord_t)
+
+# reads *.ini files
-+corecmd_read_bin_files(colord_t)
++corecmd_exec_bin(colord_t)
+
+corenet_udp_bind_generic_node(colord_t)
+corenet_udp_bind_ipp_port(colord_t)
@@ -24649,10 +24697,10 @@ index 13d2f63..a048c53 100644
type cpuspeed_t;
type cpuspeed_exec_t;
diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc
-index 2eefc08..34ab5ce 100644
+index 2eefc08..aa1c934 100644
--- a/policy/modules/services/cron.fc
+++ b/policy/modules/services/cron.fc
-@@ -14,9 +14,10 @@
+@@ -14,14 +14,15 @@
/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -24664,6 +24712,12 @@ index 2eefc08..34ab5ce 100644
/var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/at(/.*)? gen_context(system_u:object_r:user_cron_spool_t,s0)
+
+-/var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0)
++/var/spool/cron -d gen_context(system_u:object_r:user_cron_spool_t,s0)
+ #/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
+ /var/spool/cron/[^/]* -- <