diff --git a/docker-selinux.tgz b/docker-selinux.tgz
index dbf6054..62b738f 100644
Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ
diff --git a/policy-f24-base.patch b/policy-f24-base.patch
index 78fc080..30dd766 100644
--- a/policy-f24-base.patch
+++ b/policy-f24-base.patch
@@ -27048,10 +27048,10 @@ index 0000000..03faeac
 +
 diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
 new file mode 100644
-index 0000000..270e9a8
+index 0000000..a298e23
 --- /dev/null
 +++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,350 @@
+@@ -0,0 +1,354 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -27359,6 +27359,10 @@ index 0000000..270e9a8
 +')
 +
 +optional_policy(`
++	ipa_run_helper(unconfined_t, unconfined_r)
++')
++
++optional_policy(`
 +	oddjob_run_mkhomedir(unconfined_t, unconfined_r)
 +	oddjob_run(unconfined_t, unconfined_r)
 +')
@@ -35499,7 +35503,7 @@ index bc0ffc8..37b8ea5 100644
  ')
 +/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 79a45f6..e69fa39 100644
+index 79a45f6..d4f6066 100644
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
 @@ -1,5 +1,21 @@
@@ -36629,7 +36633,7 @@ index 79a45f6..e69fa39 100644
  ########################################
  ## <summary>
  ##	Allow the specified domain to connect to daemon with a tcp socket
-@@ -1840,3 +2418,511 @@ interface(`init_udp_recvfrom_all_daemons',`
+@@ -1840,3 +2418,547 @@ interface(`init_udp_recvfrom_all_daemons',`
  	')
  	corenet_udp_recvfrom_labeled($1, daemon)
  ')
@@ -36879,6 +36883,42 @@ index 79a45f6..e69fa39 100644
 +
 +########################################
 +## <summary>
++##	Stop system from init
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_stop',`
++	gen_require(`
++		type init_t;
++	')
++
++	allow $1 init_t:system stop;
++')
++
++########################################
++## <summary>
++##	Start  system from init
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_start',`
++	gen_require(`
++		type init_t;
++	')
++
++	allow $1 init_t:system start;
++')
++
++########################################
++## <summary>
 +##	Tell init to reboot the system.
 +## </summary>
 +## <param name="domain">
@@ -41626,7 +41666,7 @@ index 59b04c1..6810e0b 100644
 +
 +logging_stream_connect_syslog(syslog_client_type)
 diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
-index 6b91740..7c98978 100644
+index 6b91740..7724116 100644
 --- a/policy/modules/system/lvm.fc
 +++ b/policy/modules/system/lvm.fc
 @@ -23,6 +23,8 @@ ifdef(`distro_gentoo',`
@@ -41747,7 +41787,7 @@ index 6b91740..7c98978 100644
  
  #
  # /var
-@@ -98,5 +174,9 @@ ifdef(`distro_gentoo',`
+@@ -98,5 +174,11 @@ ifdef(`distro_gentoo',`
  /var/cache/multipathd(/.*)?	gen_context(system_u:object_r:lvm_metadata_t,s0)
  /var/lib/multipath(/.*)?	gen_context(system_u:object_r:lvm_var_lib_t,s0)
  /var/lock/lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
@@ -41757,6 +41797,8 @@ index 6b91740..7c98978 100644
  /var/run/multipathd\.sock -s	gen_context(system_u:object_r:lvm_var_run_t,s0)
 +/var/run/clvmd\.pid --  gen_context(system_u:object_r:clvmd_var_run_t,s0)
  /var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
++
++/var/run/storaged(/.*)?   gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
 index 58bc27f..9e86fce 100644
 --- a/policy/modules/system/lvm.if
@@ -48691,10 +48733,10 @@ index 0000000..16cd1ac
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..7d871ee
+index 0000000..564202a
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,957 @@
+@@ -0,0 +1,959 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -48922,6 +48964,8 @@ index 0000000..7d871ee
 +init_named_pid_filetrans(systemd_logind_t, systemd_logind_inhibit_var_run_t, dir, "inhibit")
 +
 +init_status(systemd_logind_t)
++init_start(systemd_logind_t)
++init_stop(systemd_logind_t)
 +init_signal(systemd_logind_t)
 +init_reboot(systemd_logind_t)
 +init_halt(systemd_logind_t)
@@ -51066,7 +51110,7 @@ index db75976..c54480a 100644
 +/var/tmp/hsperfdata_root    gen_context(system_u:object_r:user_tmp_t,s0)
 +
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 9dc60c6..420907f 100644
+index 9dc60c6..beadc1e 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
 @@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -54368,7 +54412,7 @@ index 9dc60c6..420907f 100644
  ##	Create keys for all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -3435,4 +4628,1781 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3435,4 +4628,1799 @@ interface(`userdom_dbus_send_all_users',`
  	')
  
  	allow $1 userdomain:dbus send_msg;
@@ -54560,6 +54604,24 @@ index 9dc60c6..420907f 100644
 +
 +########################################
 +## <summary>
++##	dontaudit create dirs /root
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`userdom_dontaudit_create_admin_dir',`
++	gen_require(`
++		type admin_home_t;
++	')
++
++	dontaudit $1 admin_home_t:dir create_dir_perms;
++')
++
++########################################
++## <summary>
 +##	RW unpriviledged user SysV sempaphores.
 +## </summary>
 +## <param name="domain">
diff --git a/policy-f24-contrib.patch b/policy-f24-contrib.patch
index f6615c4..fbfcb53 100644
--- a/policy-f24-contrib.patch
+++ b/policy-f24-contrib.patch
@@ -16971,7 +16971,7 @@ index bd18063..47c8fd0 100644
  optional_policy(`
  	policykit_domtrans_auth(consolekit_t)
 diff --git a/corosync.fc b/corosync.fc
-index da39f0f..6a96733 100644
+index da39f0f..b26d3e0 100644
 --- a/corosync.fc
 +++ b/corosync.fc
 @@ -1,5 +1,7 @@
@@ -16982,6 +16982,12 @@ index da39f0f..6a96733 100644
  /usr/sbin/corosync	--	gen_context(system_u:object_r:corosync_exec_t,s0)
  /usr/sbin/corosync-notifyd	--	gen_context(system_u:object_r:corosync_exec_t,s0)
  
+@@ -10,3 +12,5 @@
+ /var/run/cman_.*	-s	gen_context(system_u:object_r:corosync_var_run_t,s0)
+ /var/run/corosync\.pid	--	gen_context(system_u:object_r:corosync_var_run_t,s0)
+ /var/run/rsctmp(/.*)?	gen_context(system_u:object_r:corosync_var_run_t,s0)
++/var/run/corosync-qdevice(/.*)?	gen_context(system_u:object_r:corosync_var_run_t,s0)
++/var/run/corosync-qnetd(/.*)?	gen_context(system_u:object_r:corosync_var_run_t,s0)
 diff --git a/corosync.if b/corosync.if
 index 694a037..d859681 100644
 --- a/corosync.if
@@ -20797,7 +20803,7 @@ index 3023be7..4f0fe46 100644
 +	files_var_filetrans($1, cupsd_rw_etc_t, dir, "cups")
  ')
 diff --git a/cups.te b/cups.te
-index c91813c..8aececf 100644
+index c91813c..71b61c4 100644
 --- a/cups.te
 +++ b/cups.te
 @@ -5,19 +5,31 @@ policy_module(cups, 1.16.2)
@@ -21199,7 +21205,11 @@ index c91813c..8aececf 100644
  allow cupsd_config_t cupsd_t:process signal;
  ps_process_pattern(cupsd_config_t, cupsd_t)
  
-@@ -370,20 +434,19 @@ allow cupsd_config_t cupsd_var_run_t:file read_file_perms;
+@@ -367,23 +431,23 @@ manage_dirs_pattern(cupsd_config_t, cupsd_tmp_t, cupsd_tmp_t)
+ files_tmp_filetrans(cupsd_config_t, cupsd_tmp_t, { lnk_file file dir })
+ 
+ allow cupsd_config_t cupsd_var_run_t:file read_file_perms;
++allow cupsd_config_t cupsd_var_run_t:sock_file read_file_perms;
  
  manage_dirs_pattern(cupsd_config_t, cupsd_config_var_run_t, cupsd_config_var_run_t)
  manage_files_pattern(cupsd_config_t, cupsd_config_var_run_t, cupsd_config_var_run_t)
@@ -21223,7 +21233,7 @@ index c91813c..8aececf 100644
  corenet_all_recvfrom_netlabel(cupsd_config_t)
  corenet_tcp_sendrecv_generic_if(cupsd_config_t)
  corenet_tcp_sendrecv_generic_node(cupsd_config_t)
-@@ -392,20 +455,12 @@ corenet_tcp_sendrecv_all_ports(cupsd_config_t)
+@@ -392,20 +456,12 @@ corenet_tcp_sendrecv_all_ports(cupsd_config_t)
  corenet_sendrecv_all_client_packets(cupsd_config_t)
  corenet_tcp_connect_all_ports(cupsd_config_t)
  
@@ -21244,7 +21254,7 @@ index c91813c..8aececf 100644
  fs_search_auto_mountpoints(cupsd_config_t)
  
  domain_use_interactive_fds(cupsd_config_t)
-@@ -417,11 +472,6 @@ auth_use_nsswitch(cupsd_config_t)
+@@ -417,11 +473,6 @@ auth_use_nsswitch(cupsd_config_t)
  
  logging_send_syslog_msg(cupsd_config_t)
  
@@ -21256,7 +21266,7 @@ index c91813c..8aececf 100644
  userdom_dontaudit_use_unpriv_user_fds(cupsd_config_t)
  userdom_dontaudit_search_user_home_dirs(cupsd_config_t)
  userdom_read_all_users_state(cupsd_config_t)
-@@ -449,9 +499,12 @@ optional_policy(`
+@@ -449,9 +500,12 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -21270,7 +21280,7 @@ index c91813c..8aececf 100644
  ')
  
  optional_policy(`
-@@ -467,6 +520,10 @@ optional_policy(`
+@@ -467,6 +521,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -21281,7 +21291,7 @@ index c91813c..8aececf 100644
  	rpm_read_db(cupsd_config_t)
  ')
  
-@@ -487,10 +544,6 @@ optional_policy(`
+@@ -487,10 +545,6 @@ optional_policy(`
  # Lpd local policy
  #
  
@@ -21292,7 +21302,7 @@ index c91813c..8aececf 100644
  allow cupsd_lpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
  
  allow cupsd_lpd_t { cupsd_etc_t cupsd_rw_etc_t }:dir list_dir_perms;
-@@ -508,15 +561,15 @@ stream_connect_pattern(cupsd_lpd_t, cupsd_var_run_t, cupsd_var_run_t, cupsd_t)
+@@ -508,15 +562,15 @@ stream_connect_pattern(cupsd_lpd_t, cupsd_var_run_t, cupsd_var_run_t, cupsd_t)
  
  kernel_read_kernel_sysctls(cupsd_lpd_t)
  kernel_read_system_state(cupsd_lpd_t)
@@ -21310,7 +21320,7 @@ index c91813c..8aececf 100644
  corenet_tcp_sendrecv_ipp_port(cupsd_lpd_t)
  
  corenet_sendrecv_printer_server_packets(cupsd_lpd_t)
-@@ -537,9 +590,6 @@ auth_use_nsswitch(cupsd_lpd_t)
+@@ -537,9 +591,6 @@ auth_use_nsswitch(cupsd_lpd_t)
  
  logging_send_syslog_msg(cupsd_lpd_t)
  
@@ -21320,7 +21330,7 @@ index c91813c..8aececf 100644
  optional_policy(`
  	inetd_service_domain(cupsd_lpd_t, cupsd_lpd_exec_t)
  ')
-@@ -550,7 +600,6 @@ optional_policy(`
+@@ -550,7 +601,6 @@ optional_policy(`
  #
  
  allow cups_pdf_t self:capability { chown fowner fsetid setuid setgid dac_override };
@@ -21328,7 +21338,7 @@ index c91813c..8aececf 100644
  allow cups_pdf_t self:unix_stream_socket create_stream_socket_perms;
  
  append_files_pattern(cups_pdf_t, cupsd_log_t, cupsd_log_t)
-@@ -566,148 +615,23 @@ fs_search_auto_mountpoints(cups_pdf_t)
+@@ -566,148 +616,23 @@ fs_search_auto_mountpoints(cups_pdf_t)
  
  kernel_read_system_state(cups_pdf_t)
  
@@ -21480,7 +21490,7 @@ index c91813c..8aececf 100644
  
  ########################################
  #
-@@ -735,7 +659,6 @@ kernel_read_kernel_sysctls(ptal_t)
+@@ -735,7 +660,6 @@ kernel_read_kernel_sysctls(ptal_t)
  kernel_list_proc(ptal_t)
  kernel_read_proc_symlinks(ptal_t)
  
@@ -21488,7 +21498,7 @@ index c91813c..8aececf 100644
  corenet_all_recvfrom_netlabel(ptal_t)
  corenet_tcp_sendrecv_generic_if(ptal_t)
  corenet_tcp_sendrecv_generic_node(ptal_t)
-@@ -745,13 +668,11 @@ corenet_sendrecv_ptal_server_packets(ptal_t)
+@@ -745,13 +669,11 @@ corenet_sendrecv_ptal_server_packets(ptal_t)
  corenet_tcp_bind_ptal_port(ptal_t)
  corenet_tcp_sendrecv_ptal_port(ptal_t)
  
@@ -21502,7 +21512,7 @@ index c91813c..8aececf 100644
  files_read_etc_runtime_files(ptal_t)
  
  fs_getattr_all_fs(ptal_t)
-@@ -759,8 +680,6 @@ fs_search_auto_mountpoints(ptal_t)
+@@ -759,8 +681,6 @@ fs_search_auto_mountpoints(ptal_t)
  
  logging_send_syslog_msg(ptal_t)
  
@@ -21511,7 +21521,7 @@ index c91813c..8aececf 100644
  sysnet_read_config(ptal_t)
  
  userdom_dontaudit_use_unpriv_user_fds(ptal_t)
-@@ -773,3 +692,4 @@ optional_policy(`
+@@ -773,3 +693,4 @@ optional_policy(`
  optional_policy(`
  	udev_read_db(ptal_t)
  ')
@@ -28820,7 +28830,7 @@ index c62c567..a74f123 100644
 +	allow $1 firewalld_unit_file_t:service all_service_perms;
  ')
 diff --git a/firewalld.te b/firewalld.te
-index 98072a3..9670e41 100644
+index 98072a3..e42654a 100644
 --- a/firewalld.te
 +++ b/firewalld.te
 @@ -21,9 +21,15 @@ logging_log_file(firewalld_var_log_t)
@@ -28864,7 +28874,7 @@ index 98072a3..9670e41 100644
  
  kernel_read_network_state(firewalld_t)
  kernel_read_system_state(firewalld_t)
-@@ -63,20 +77,23 @@ dev_search_sysfs(firewalld_t)
+@@ -63,20 +77,25 @@ dev_search_sysfs(firewalld_t)
  
  domain_use_interactive_fds(firewalld_t)
  
@@ -28892,10 +28902,12 @@ index 98072a3..9670e41 100644
 +sysnet_manage_config(firewalld_t)
 +sysnet_relabelfrom_net_conf(firewalld_t)
 +sysnet_relabelto_net_conf(firewalld_t)
++
++userdom_dontaudit_create_admin_dir(firewalld_t)
  
  optional_policy(`
  	dbus_system_domain(firewalld_t, firewalld_exec_t)
-@@ -95,6 +112,10 @@ optional_policy(`
+@@ -95,6 +114,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -29224,7 +29236,7 @@ index 5010f04..3b73741 100644
  
  optional_policy(`
 diff --git a/fprintd.te b/fprintd.te
-index 92a6479..59a65a4 100644
+index 92a6479..f064c94 100644
 --- a/fprintd.te
 +++ b/fprintd.te
 @@ -18,25 +18,29 @@ files_type(fprintd_var_lib_t)
@@ -29260,7 +29272,7 @@ index 92a6479..59a65a4 100644
  
  userdom_use_user_ptys(fprintd_t)
  userdom_read_all_users_state(fprintd_t)
-@@ -54,8 +58,17 @@ optional_policy(`
+@@ -54,8 +58,21 @@ optional_policy(`
  	')
  ')
  
@@ -29273,6 +29285,10 @@ index 92a6479..59a65a4 100644
 +')
 +
 +optional_policy(`
++	rhcs_dbus_chat_cluster(fprintd_t)
++')
++
++optional_policy(`
 +	udev_read_db(fprintd_t)
 +')
 +
@@ -46813,7 +46829,7 @@ index d314333..27ede09 100644
 +	')
  ')
 diff --git a/lsm.te b/lsm.te
-index 4ec0eea..693d9ae 100644
+index 4ec0eea..1400ca8 100644
 --- a/lsm.te
 +++ b/lsm.te
 @@ -4,6 +4,13 @@ policy_module(lsm, 1.0.0)
@@ -46855,7 +46871,7 @@ index 4ec0eea..693d9ae 100644
  allow lsmd_t self:unix_stream_socket create_stream_socket_perms;
  
  manage_dirs_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
-@@ -26,4 +44,71 @@ manage_lnk_files_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
+@@ -26,4 +44,72 @@ manage_lnk_files_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
  manage_sock_files_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
  files_pid_filetrans(lsmd_t, lsmd_var_run_t, { dir file sock_file })
  
@@ -46924,6 +46940,7 @@ index 4ec0eea..693d9ae 100644
 +sysnet_read_config(lsmd_plugin_t)
 +
 +storage_raw_rw_fixed_disk(lsmd_plugin_t)
++storage_create_fixed_disk_dev(lsmd_plugin_t)
 +storage_read_scsi_generic(lsmd_plugin_t)
 +storage_write_scsi_generic(lsmd_plugin_t)
 +storage_dev_filetrans_named_fixed_disk(lsmd_plugin_t)
@@ -64198,10 +64215,10 @@ index 0000000..eac3932
 +')
 diff --git a/opendnssec.te b/opendnssec.te
 new file mode 100644
-index 0000000..83507cf
+index 0000000..e246d45
 --- /dev/null
 +++ b/opendnssec.te
-@@ -0,0 +1,59 @@
+@@ -0,0 +1,68 @@
 +policy_module(opendnssec, 1.0.0)
 +
 +########################################
@@ -64222,6 +64239,9 @@ index 0000000..83507cf
 +type opendnssec_var_run_t;
 +files_pid_file(opendnssec_var_run_t)
 +
++type opendnssec_tmp_t;
++files_tmp_file(opendnssec_tmp_t)
++
 +type opendnssec_unit_file_t;
 +systemd_unit_file(opendnssec_unit_file_t)
 +
@@ -64247,6 +64267,12 @@ index 0000000..83507cf
 +manage_sock_files_pattern(opendnssec_t, opendnssec_var_run_t, opendnssec_var_run_t)
 +files_pid_filetrans(opendnssec_t, opendnssec_var_run_t, { dir file lnk_file })
 +
++manage_dirs_pattern(opendnssec_t, opendnssec_tmp_t, opendnssec_tmp_t)
++manage_files_pattern(opendnssec_t, opendnssec_tmp_t, opendnssec_tmp_t)
++files_tmp_filetrans(opendnssec_t, opendnssec_tmp_t, { file dir })
++
++kernel_read_system_state(opendnssec_t)
++
 +auth_use_nsswitch(opendnssec_t)
 +
 +corecmd_exec_bin(opendnssec_t)
@@ -97600,7 +97626,7 @@ index 0000000..7a058a8
 +')
 diff --git a/sbd.te b/sbd.te
 new file mode 100644
-index 0000000..f6e5b0f
+index 0000000..95a5182
 --- /dev/null
 +++ b/sbd.te
 @@ -0,0 +1,52 @@
@@ -97625,7 +97651,7 @@ index 0000000..f6e5b0f
 +#
 +# sbd local policy
 +#
-+allow sbd_t self:capability { dac_override ipc_lock sys_nice };
++allow sbd_t self:capability { dac_override ipc_lock sys_nice sys_admin};
 +allow sbd_t self:process { fork setsched signal_perms };
 +allow sbd_t self:fifo_file rw_fifo_file_perms;
 +allow sbd_t self:unix_stream_socket create_stream_socket_perms;
@@ -110885,7 +110911,7 @@ index 31c752e..ef52235 100644
  	init_labeled_script_domtrans($1, vdagentd_initrc_exec_t)
  	domain_system_change_exemption($1)
 diff --git a/vdagent.te b/vdagent.te
-index 87da8a2..4ca0271 100644
+index 87da8a2..4be1fcb 100644
 --- a/vdagent.te
 +++ b/vdagent.te
 @@ -25,6 +25,7 @@ logging_log_file(vdagent_log_t)
@@ -110896,7 +110922,7 @@ index 87da8a2..4ca0271 100644
  allow vdagent_t self:fifo_file rw_fifo_file_perms;
  allow vdagent_t self:unix_stream_socket { accept listen };
  
-@@ -39,23 +40,28 @@ create_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
+@@ -39,23 +40,29 @@ create_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
  setattr_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
  logging_log_filetrans(vdagent_t, vdagent_log_t, file)
  
@@ -110917,6 +110943,7 @@ index 87da8a2..4ca0271 100644
 -logging_send_syslog_msg(vdagent_t)
 +systemd_read_logind_sessions_files(vdagent_t)
 +systemd_login_read_pid_files(vdagent_t)
++systemd_dbus_chat_logind(vdagent_t)
  
 -miscfiles_read_localization(vdagent_t)
 +logging_send_syslog_msg(vdagent_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7d86f93..2f7c2ed 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 191.11%{?dist}
+Release: 191.12%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -645,6 +645,25 @@ exit 0
 %endif
 
 %changelog
+* Tue  Aug 16 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-191.12
+- Fix lsm SELinux module
+- Dontaudit firewalld to create dirs in /root/ BZ(1340611)
+- Label /run/corosync-qdevice and /run/corosync-qnetd as corosync_var_run_t
+- Allow fprintd and cluster domains to cummunicate via dbus BZ(1355774)
+- Allow cupsd_config_t domain to read cupsd_var_run_t sock_file. BZ(1361299)
+- Add sys_admin capability to sbd domain
+- Allow vdagent to comunnicate with systemd-logind via dbus
+- Allow lsmd_plugin_t domain to create fixed_disk device.
+- Allow opendnssec domain to create and manage own tmp dirs/files
+- Allow opendnssec domain to read system state
+- Allow systemd_logind stop system init_t
+- Add interface init_stop()
+- Add init_start() interface
+- Allow systemd_logind_t to start init_t BZ(1367393)
+- Add interface userdom_dontaudit_create_admin_dir()
+- Label /var/run/storaged as lvm_var_run_t.
+- Allow unconfineduser to run ipa_helper_t.
+
 * Fri  Aug 12 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-191.11
 - Allow cups_config_t domain also mange sock_files. BZ(1361299)
 - Add wake_alarm capability to fprintd domain BZ(1362430)