diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 206fded..31259b3 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -7035,10 +7035,12 @@ index 1a82e29..9a065a0 100644
 +    corenet_tcp_connect_osapi_compute_port(httpd_t)
  ')
 diff --git a/apcupsd.fc b/apcupsd.fc
-index 5ec0e13..1c37fe1 100644
+index 5ec0e13..462acb8 100644
 --- a/apcupsd.fc
 +++ b/apcupsd.fc
-@@ -1,10 +1,13 @@
+@@ -1,10 +1,15 @@
++/etc/apcupsd/powerfail	--	gen_context(system_u:object_r:apcupsd_power_t,s0)
++
  /etc/rc\.d/init\.d/apcupsd	--	gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
  
 +/usr/lib/systemd/system/apcupsd.*  -- gen_context(system_u:object_r:apcupsd_unit_file_t,s0)
@@ -7053,7 +7055,7 @@ index 5ec0e13..1c37fe1 100644
  /var/log/apcupsd\.events.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
  /var/log/apcupsd\.status.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
 diff --git a/apcupsd.if b/apcupsd.if
-index f3c0aba..b6afc90 100644
+index f3c0aba..cbe3d4a 100644
 --- a/apcupsd.if
 +++ b/apcupsd.if
 @@ -125,6 +125,49 @@ interface(`apcupsd_cgi_script_domtrans',`
@@ -7106,11 +7108,12 @@ index f3c0aba..b6afc90 100644
  ##	All of the rules required to
  ##	administrate an apcupsd environment.
  ## </summary>
-@@ -144,11 +187,16 @@ interface(`apcupsd_admin',`
+@@ -144,11 +187,17 @@ interface(`apcupsd_admin',`
  	gen_require(`
  		type apcupsd_t, apcupsd_tmp_t, apcupsd_log_t;
  		type apcupsd_var_run_t, apcupsd_initrc_exec_t, apcupsd_lock_t;
 +		type apcupsd_unit_file_t;
++		type apcupsd_power_t;
  	')
  
 -	allow $1 apcupsd_t:process { ptrace signal_perms };
@@ -7124,7 +7127,7 @@ index f3c0aba..b6afc90 100644
  	apcupsd_initrc_domtrans($1, apcupsd_initrc_exec_t)
  	domain_system_change_exemption($1)
  	role_transition $2 apcupsd_initrc_exec_t system_r;
-@@ -165,4 +213,8 @@ interface(`apcupsd_admin',`
+@@ -165,4 +214,11 @@ interface(`apcupsd_admin',`
  
  	files_list_pids($1)
  	admin_pattern($1, apcupsd_var_run_t)
@@ -7132,33 +7135,42 @@ index f3c0aba..b6afc90 100644
 +	apcupsd_systemctl($1)
 +	admin_pattern($1, apcupsd_unit_file_t)
 +	allow $1 apcupsd_unit_file_t:service all_service_perms;
++
++	manage_files_pattern($1, apcupsd_power_t, apcupsd_power_t)
++	files_etc_filetrans(apcupsd_t, apcupsd_power_t, file, "powerfail")
  ')
 diff --git a/apcupsd.te b/apcupsd.te
-index b236327..11fcb66 100644
+index b236327..a370cb8 100644
 --- a/apcupsd.te
 +++ b/apcupsd.te
-@@ -24,6 +24,9 @@ files_tmp_file(apcupsd_tmp_t)
+@@ -24,6 +24,12 @@ files_tmp_file(apcupsd_tmp_t)
  type apcupsd_var_run_t;
  files_pid_file(apcupsd_var_run_t)
  
++type apcupsd_power_t;
++files_type(apcupsd_power_t)
++
 +type apcupsd_unit_file_t;
 +systemd_unit_file(apcupsd_unit_file_t)
 +
  ########################################
  #
  # Local policy
-@@ -38,9 +41,7 @@ allow apcupsd_t self:tcp_socket create_stream_socket_perms;
+@@ -38,9 +44,10 @@ allow apcupsd_t self:tcp_socket create_stream_socket_perms;
  allow apcupsd_t apcupsd_lock_t:file manage_file_perms;
  files_lock_filetrans(apcupsd_t, apcupsd_lock_t, file)
  
 -append_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
 -create_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
 -setattr_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
++manage_files_pattern(apcupsd_t, apcupsd_power_t, apcupsd_power_t)
++files_etc_filetrans(apcupsd_t, apcupsd_power_t, file, "powerfail")
++
 +manage_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
  logging_log_filetrans(apcupsd_t, apcupsd_log_t, file)
  
  manage_files_pattern(apcupsd_t, apcupsd_tmp_t, apcupsd_tmp_t)
-@@ -54,7 +55,6 @@ kernel_read_system_state(apcupsd_t)
+@@ -54,7 +61,6 @@ kernel_read_system_state(apcupsd_t)
  corecmd_exec_bin(apcupsd_t)
  corecmd_exec_shell(apcupsd_t)
  
@@ -7166,7 +7178,7 @@ index b236327..11fcb66 100644
  corenet_all_recvfrom_netlabel(apcupsd_t)
  corenet_tcp_sendrecv_generic_if(apcupsd_t)
  corenet_tcp_sendrecv_generic_node(apcupsd_t)
-@@ -67,6 +67,8 @@ corenet_tcp_bind_apcupsd_port(apcupsd_t)
+@@ -67,6 +73,8 @@ corenet_tcp_bind_apcupsd_port(apcupsd_t)
  corenet_sendrecv_apcupsd_server_packets(apcupsd_t)
  corenet_tcp_sendrecv_apcupsd_port(apcupsd_t)
  corenet_tcp_connect_apcupsd_port(apcupsd_t)
@@ -7175,7 +7187,7 @@ index b236327..11fcb66 100644
  
  corenet_udp_bind_snmp_port(apcupsd_t)
  corenet_sendrecv_snmp_server_packets(apcupsd_t)
-@@ -74,19 +76,23 @@ corenet_udp_sendrecv_snmp_port(apcupsd_t)
+@@ -74,19 +82,23 @@ corenet_udp_sendrecv_snmp_port(apcupsd_t)
  
  dev_rw_generic_usb_dev(apcupsd_t)
  
@@ -7190,10 +7202,10 @@ index b236327..11fcb66 100644
 +#apcupsd runs shutdown, probably need a shutdown domain
 +init_rw_utmp(apcupsd_t)
 +init_telinit(apcupsd_t)
-+
-+auth_use_nsswitch(apcupsd_t)
  
 -miscfiles_read_localization(apcupsd_t)
++auth_use_nsswitch(apcupsd_t)
++
 +logging_send_syslog_msg(apcupsd_t)
  
  sysnet_dns_name_resolve(apcupsd_t)
@@ -7203,7 +7215,7 @@ index b236327..11fcb66 100644
  
  optional_policy(`
  	hostname_exec(apcupsd_t)
-@@ -101,6 +107,11 @@ optional_policy(`
+@@ -101,6 +113,11 @@ optional_policy(`
  	shutdown_domtrans(apcupsd_t)
  ')
  
@@ -7215,7 +7227,7 @@ index b236327..11fcb66 100644
  ########################################
  #
  # CGI local policy
-@@ -112,7 +123,6 @@ optional_policy(`
+@@ -112,7 +129,6 @@ optional_policy(`
  	allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
  	allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;
  
@@ -9931,10 +9943,10 @@ index 0000000..de66654
 +')
 diff --git a/bumblebee.te b/bumblebee.te
 new file mode 100644
-index 0000000..8c82398
+index 0000000..f94a10e
 --- /dev/null
 +++ b/bumblebee.te
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,49 @@
 +policy_module(bumblebee, 1.0.0)
 +
 +########################################
@@ -9971,6 +9983,8 @@ index 0000000..8c82398
 +kernel_read_system_state(bumblebee_t)
 +kernel_dontaudit_access_check_proc(bumblebee_t)
 +
++corecmd_exec_shell(bumblebee_t)
++
 +dev_read_sysfs(bumblebee_t)
 +
 +auth_read_passwd(bumblebee_t)
@@ -9979,6 +9993,9 @@ index 0000000..8c82398
 +
 +modutils_domtrans_insmod(bumblebee_t)
 +
++sysnet_dns_name_resolve(bumblebee_t)
++
++xserver_domtrans(bumblebee_t)
 diff --git a/cachefilesd.fc b/cachefilesd.fc
 index 648c790..aa03fc8 100644
 --- a/cachefilesd.fc
@@ -20923,12 +20940,13 @@ index ff933af..cd1d88d 100644
 +')
 +
 diff --git a/dhcp.fc b/dhcp.fc
-index 7956248..5fee161 100644
+index 7956248..333d214 100644
 --- a/dhcp.fc
 +++ b/dhcp.fc
-@@ -1,4 +1,5 @@
+@@ -1,4 +1,6 @@
  /etc/rc\.d/init\.d/dhcpd(6)?	--	gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0)
 +/usr/lib/systemd/system/dhcpcd.*	--	gen_context(system_u:object_r:dhcpd_unit_file_t,s0)
++/usr/lib/systemd/system/dhcpd.*	    --	gen_context(system_u:object_r:dhcpd_unit_file_t,s0)
  
  /usr/sbin/dhcpd.*		--	gen_context(system_u:object_r:dhcpd_exec_t,s0)
  
@@ -22814,10 +22832,10 @@ index 0000000..543baf1
 +')
 diff --git a/docker.te b/docker.te
 new file mode 100644
-index 0000000..f156949
+index 0000000..68e0556
 --- /dev/null
 +++ b/docker.te
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,148 @@
 +policy_module(docker, 1.0.0)
 +
 +########################################
@@ -22892,6 +22910,8 @@ index 0000000..f156949
 +
 +fs_read_cgroup_files(docker_t)
 +
++storage_raw_rw_fixed_disk(docker_t)
++
 +auth_use_nsswitch(docker_t)
 +
 +miscfiles_read_localization(docker_t)
@@ -22914,7 +22934,7 @@ index 0000000..f156949
 +#
 +
 +allow docker_t self:capability { sys_admin sys_boot dac_override setpcap sys_ptrace };
-+allow docker_t self:process { setpgid setsched signal_perms };
++allow docker_t self:process { getcap setcap setpgid setsched signal_perms };
 +allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
 +allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
 +allow docker_t self:unix_dgram_socket create_socket_perms;
@@ -22926,12 +22946,14 @@ index 0000000..f156949
 +
 +kernel_setsched(docker_t)
 +kernel_get_sysvipc_info(docker_t)
++kernel_request_load_module(docker_t)
 +
 +dev_getattr_all_blk_files(docker_t)
 +dev_getattr_sysfs_fs(docker_t)
 +dev_read_urand(docker_t)
 +dev_read_lvm_control(docker_t)
 +dev_read_sysfs(docker_t)
++dev_rw_loop_control(docker_t)
 +dev_rw_lvm_control(docker_t)
 +
 +files_manage_isid_type_dirs(docker_t)
@@ -22962,7 +22984,6 @@ index 0000000..f156949
 +	virt_read_config(docker_t)
 +	virt_exec(docker_t)
 +')
-+
 diff --git a/dovecot.fc b/dovecot.fc
 index c880070..4448055 100644
 --- a/dovecot.fc
@@ -31459,10 +31480,10 @@ index 0000000..17c3627
 +')
 diff --git a/hypervkvp.te b/hypervkvp.te
 new file mode 100644
-index 0000000..ddc67b0
+index 0000000..88bd0b2
 --- /dev/null
 +++ b/hypervkvp.te
-@@ -0,0 +1,61 @@
+@@ -0,0 +1,63 @@
 +policy_module(hypervkvp, 1.0.0)
 +
 +########################################
@@ -31523,6 +31544,8 @@ index 0000000..ddc67b0
 +# hypervvssd local policy
 +#
 +
++allow hypervvssd_t self:capability sys_admin;
++
 +logging_send_syslog_msg(hypervvssd_t)
 diff --git a/i18n_input.te b/i18n_input.te
 index 3bed8fa..a738d7f 100644
@@ -31893,13 +31916,32 @@ index ca07a87..6ea129c 100644
 +
  /usr/sbin/iodined	--	gen_context(system_u:object_r:iodined_exec_t,s0)
 diff --git a/iodine.if b/iodine.if
-index a0bfbd0..47f7c75 100644
+index a0bfbd0..a3b02e6 100644
 --- a/iodine.if
 +++ b/iodine.if
-@@ -2,6 +2,30 @@
+@@ -2,6 +2,49 @@
  
  ########################################
  ## <summary>
++##	Execute NetworkManager with a domain transition.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed to transition.
++##	</summary>
++## </param>
++#
++interface(`iodined_domtrans',`
++	gen_require(`
++		type iodined_t, iodined_exec_t;
++	')
++
++	corecmd_search_bin($1)
++	domtrans_pattern($1, iodined_exec_t, iodined_t)
++')
++
++########################################
++## <summary>
 +##  Execute iodined server in the iodined domain.
 +## </summary>
 +## <param name="domain">
@@ -31928,9 +31970,15 @@ index a0bfbd0..47f7c75 100644
  ##	administrate an iodined environment
  ## </summary>
 diff --git a/iodine.te b/iodine.te
-index 94ec5f8..8556c27 100644
+index 94ec5f8..6cbbf7d 100644
 --- a/iodine.te
 +++ b/iodine.te
+@@ -1,4 +1,4 @@
+-policy_module(iodine, 1.0.2)
++policy_module(iodine, 1.1.0)
+ 
+ ########################################
+ #
 @@ -12,6 +12,9 @@ init_daemon_domain(iodined_t, iodined_exec_t)
  type iodined_initrc_exec_t;
  init_script_file(iodined_initrc_exec_t)
@@ -31941,11 +31989,12 @@ index 94ec5f8..8556c27 100644
  ########################################
  #
  # Local policy
-@@ -43,7 +46,6 @@ corenet_udp_sendrecv_dns_port(iodined_t)
+@@ -43,7 +46,7 @@ corenet_udp_sendrecv_dns_port(iodined_t)
  
  corecmd_exec_shell(iodined_t)
  
 -files_read_etc_files(iodined_t)
++auth_use_nsswitch(iodined_t)
  
  logging_send_syslog_msg(iodined_t)
  
@@ -40966,10 +41015,10 @@ index 0000000..6568bfe
 +')
 diff --git a/mock.te b/mock.te
 new file mode 100644
-index 0000000..7245033
+index 0000000..92c3b35
 --- /dev/null
 +++ b/mock.te
-@@ -0,0 +1,273 @@
+@@ -0,0 +1,275 @@
 +policy_module(mock,1.0.0)
 +
 +## <desc>
@@ -41240,6 +41289,8 @@ index 0000000..7245033
 +
 +libs_exec_ldconfig(mock_build_t)
 +
++userdom_use_inherited_user_ptys(mock_build_t)
++
 +tunable_policy(`mock_enable_homedirs',`
 +	userdom_read_user_home_content_files(mock_build_t)
 +')
@@ -45234,7 +45285,7 @@ index ed81cac..26c97cd 100644
 +	mta_filetrans_admin_home_content($1)
 +')
 diff --git a/mta.te b/mta.te
-index afd2fad..17466ee 100644
+index afd2fad..5979160 100644
 --- a/mta.te
 +++ b/mta.te
 @@ -1,4 +1,4 @@
@@ -45502,7 +45553,7 @@ index afd2fad..17466ee 100644
  	courier_manage_spool_dirs(system_mail_t)
  	courier_manage_spool_files(system_mail_t)
  	courier_rw_spool_pipes(system_mail_t)
-@@ -245,13 +146,8 @@ optional_policy(`
+@@ -245,14 +146,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -45512,12 +45563,16 @@ index afd2fad..17466ee 100644
 -
 -optional_policy(`
 -	fail2ban_dontaudit_rw_stream_sockets(system_mail_t)
- 	fail2ban_append_log(system_mail_t)
-+	fail2ban_dontaudit_leaks(system_mail_t)
- 	fail2ban_rw_inherited_tmp_files(system_mail_t)
+-	fail2ban_append_log(system_mail_t)
+-	fail2ban_rw_inherited_tmp_files(system_mail_t)
++	fail2ban_append_log(user_mail_domain)
++	fail2ban_dontaudit_leaks(user_mail_domain)
++	fail2ban_rw_inherited_tmp_files(mta_user_agent)
++	fail2ban_rw_inherited_tmp_files(user_mail_domain)
  ')
  
-@@ -264,10 +160,15 @@ optional_policy(`
+ optional_policy(`
+@@ -264,10 +161,15 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -45533,7 +45588,7 @@ index afd2fad..17466ee 100644
  	nagios_read_tmp_files(system_mail_t)
  ')
  
-@@ -278,6 +179,19 @@ optional_policy(`
+@@ -278,6 +180,19 @@ optional_policy(`
  	manage_fifo_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
  	manage_sock_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
  	files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
@@ -45553,7 +45608,7 @@ index afd2fad..17466ee 100644
  ')
  
  optional_policy(`
-@@ -293,42 +207,36 @@ optional_policy(`
+@@ -293,42 +208,36 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -45606,7 +45661,7 @@ index afd2fad..17466ee 100644
  
  allow mailserver_delivery mail_spool_t:dir list_dir_perms;
  create_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
-@@ -337,40 +245,26 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+@@ -337,40 +246,26 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
  create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
  read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
  
@@ -45655,7 +45710,7 @@ index afd2fad..17466ee 100644
  	files_search_var_lib(mailserver_delivery)
  
  	mailman_domtrans(mailserver_delivery)
-@@ -387,24 +281,177 @@ optional_policy(`
+@@ -387,24 +282,177 @@ optional_policy(`
  
  ########################################
  #
@@ -48897,7 +48952,7 @@ index 0e8508c..ee2e3de 100644
 +	logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
  ')
 diff --git a/networkmanager.te b/networkmanager.te
-index 0b48a30..340630c 100644
+index 0b48a30..7688ca5 100644
 --- a/networkmanager.te
 +++ b/networkmanager.te
 @@ -1,4 +1,4 @@
@@ -49150,7 +49205,7 @@ index 0b48a30..340630c 100644
  	')
  ')
  
-@@ -231,18 +254,19 @@ optional_policy(`
+@@ -231,18 +254,23 @@ optional_policy(`
  	dnsmasq_kill(NetworkManager_t)
  	dnsmasq_signal(NetworkManager_t)
  	dnsmasq_signull(NetworkManager_t)
@@ -49170,10 +49225,14 @@ index 0b48a30..340630c 100644
  optional_policy(`
 -	howl_signal(NetworkManager_t)
 +	gnome_dontaudit_search_config(NetworkManager_t)
++')
++
++optional_policy(`
++    iodined_domtrans(NetworkManager_t)
  ')
  
  optional_policy(`
-@@ -250,6 +274,10 @@ optional_policy(`
+@@ -250,6 +278,10 @@ optional_policy(`
  	ipsec_kill_mgmt(NetworkManager_t)
  	ipsec_signal_mgmt(NetworkManager_t)
  	ipsec_signull_mgmt(NetworkManager_t)
@@ -49184,7 +49243,7 @@ index 0b48a30..340630c 100644
  ')
  
  optional_policy(`
-@@ -257,11 +285,10 @@ optional_policy(`
+@@ -257,11 +289,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -49200,7 +49259,7 @@ index 0b48a30..340630c 100644
  ')
  
  optional_policy(`
-@@ -274,10 +301,17 @@ optional_policy(`
+@@ -274,10 +305,17 @@ optional_policy(`
  	nscd_signull(NetworkManager_t)
  	nscd_kill(NetworkManager_t)
  	nscd_initrc_domtrans(NetworkManager_t)
@@ -49218,7 +49277,7 @@ index 0b48a30..340630c 100644
  ')
  
  optional_policy(`
-@@ -289,6 +323,7 @@ optional_policy(`
+@@ -289,6 +327,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -49226,7 +49285,7 @@ index 0b48a30..340630c 100644
  	policykit_domtrans_auth(NetworkManager_t)
  	policykit_read_lib(NetworkManager_t)
  	policykit_read_reload(NetworkManager_t)
-@@ -296,7 +331,7 @@ optional_policy(`
+@@ -296,7 +335,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -49235,7 +49294,7 @@ index 0b48a30..340630c 100644
  ')
  
  optional_policy(`
-@@ -307,6 +342,7 @@ optional_policy(`
+@@ -307,6 +346,7 @@ optional_policy(`
  	ppp_signal(NetworkManager_t)
  	ppp_signull(NetworkManager_t)
  	ppp_read_config(NetworkManager_t)
@@ -49243,7 +49302,7 @@ index 0b48a30..340630c 100644
  ')
  
  optional_policy(`
-@@ -320,13 +356,19 @@ optional_policy(`
+@@ -320,13 +360,19 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -49253,21 +49312,21 @@ index 0b48a30..340630c 100644
 +	systemd_read_logind_sessions_files(NetworkManager_t)
 +	systemd_dbus_chat_logind(NetworkManager_t)
 +	systemd_hostnamed_read_config(NetworkManager_t)
++')
++
++optional_policy(`
++    ssh_exec(NetworkManager_t)
  ')
  
  optional_policy(`
 -	# unconfined_dgram_send(NetworkManager_t)
 -	unconfined_stream_connect(NetworkManager_t)
-+    ssh_exec(NetworkManager_t)
-+')
-+
-+optional_policy(`
 +	udev_exec(NetworkManager_t)
 +	udev_read_db(NetworkManager_t)
  ')
  
  optional_policy(`
-@@ -356,6 +398,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
+@@ -356,6 +402,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
  init_dontaudit_use_fds(wpa_cli_t)
  init_use_script_ptys(wpa_cli_t)
  
@@ -57285,12 +57344,15 @@ index 43d50f9..7f77d32 100644
  
  ########################################
 diff --git a/pcscd.te b/pcscd.te
-index 96db654..ff3aadd 100644
+index 96db654..6d3feb9 100644
 --- a/pcscd.te
 +++ b/pcscd.te
-@@ -24,8 +24,9 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
+@@ -22,10 +22,11 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
+ #
+ 
  allow pcscd_t self:capability { dac_override dac_read_search fsetid };
- allow pcscd_t self:process signal;
+-allow pcscd_t self:process signal;
++allow pcscd_t self:process { signal signull };
  allow pcscd_t self:fifo_file rw_fifo_file_perms;
 -allow pcscd_t self:unix_stream_socket { accept listen };
 -allow pcscd_t self:tcp_socket { accept listen };
@@ -57476,7 +57538,7 @@ index d2fc677..ded726f 100644
  ')
 +
 diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..38e75ee 100644
+index 7bcf327..d40a4ee 100644
 --- a/pegasus.te
 +++ b/pegasus.te
 @@ -1,17 +1,16 @@
@@ -57500,7 +57562,7 @@ index 7bcf327..38e75ee 100644
  type pegasus_cache_t;
  files_type(pegasus_cache_t)
  
-@@ -30,20 +29,288 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,290 @@ files_type(pegasus_mof_t)
  type pegasus_var_run_t;
  files_pid_file(pegasus_var_run_t)
  
@@ -57656,6 +57718,8 @@ index 7bcf327..38e75ee 100644
 +dev_rw_sysfs(pegasus_openlmi_system_t)
 +dev_read_urand(pegasus_openlmi_system_t)
 +
++systemd_config_power_services(pegasus_openlmi_system_t)
++
 +optional_policy(`
 +    dbus_system_bus_client(pegasus_openlmi_system_t)
 +')
@@ -57794,7 +57858,7 @@ index 7bcf327..38e75ee 100644
  allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
  
  manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +321,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +323,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
  manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
  manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
  manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@@ -57825,7 +57889,7 @@ index 7bcf327..38e75ee 100644
  
  kernel_read_network_state(pegasus_t)
  kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +347,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +349,21 @@ kernel_read_net_sysctls(pegasus_t)
  kernel_read_xen_state(pegasus_t)
  kernel_write_xen_state(pegasus_t)
  
@@ -57858,7 +57922,7 @@ index 7bcf327..38e75ee 100644
  
  corecmd_exec_bin(pegasus_t)
  corecmd_exec_shell(pegasus_t)
-@@ -114,9 +375,11 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,9 +377,11 @@ files_getattr_all_dirs(pegasus_t)
  
  auth_use_nsswitch(pegasus_t)
  auth_domtrans_chk_passwd(pegasus_t)
@@ -57870,7 +57934,7 @@ index 7bcf327..38e75ee 100644
  
  files_list_var_lib(pegasus_t)
  files_read_var_lib_files(pegasus_t)
-@@ -128,18 +391,29 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +393,29 @@ init_stream_connect_script(pegasus_t)
  logging_send_audit_msgs(pegasus_t)
  logging_send_syslog_msg(pegasus_t)
  
@@ -57906,7 +57970,7 @@ index 7bcf327..38e75ee 100644
  ')
  
  optional_policy(`
-@@ -151,16 +425,24 @@ optional_policy(`
+@@ -151,16 +427,24 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -57935,7 +57999,7 @@ index 7bcf327..38e75ee 100644
  ')
  
  optional_policy(`
-@@ -168,7 +450,7 @@ optional_policy(`
+@@ -168,7 +452,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -60050,7 +60114,7 @@ index 30e751f..78fb7c6 100644
  	admin_pattern($1, plymouthd_var_run_t)
  ')
 diff --git a/plymouthd.te b/plymouthd.te
-index b1f412b..3a3249a 100644
+index b1f412b..52acfb0 100644
 --- a/plymouthd.te
 +++ b/plymouthd.te
 @@ -1,4 +1,4 @@
@@ -60068,7 +60132,7 @@ index b1f412b..3a3249a 100644
  
  type plymouthd_var_lib_t;
  files_type(plymouthd_var_lib_t)
-@@ -28,12 +28,12 @@ files_pid_file(plymouthd_var_run_t)
+@@ -28,13 +28,14 @@ files_pid_file(plymouthd_var_run_t)
  
  ########################################
  #
@@ -60081,9 +60145,11 @@ index b1f412b..3a3249a 100644
  allow plymouthd_t self:capability2 block_suspend;
 +dontaudit plymouthd_t self:capability dac_override;
  allow plymouthd_t self:process { signal getsched };
++allow plymouthd_t self:netlink_kobject_uevent_socket create_socket_perms;
  allow plymouthd_t self:fifo_file rw_fifo_file_perms;
  allow plymouthd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -48,9 +48,7 @@ manage_files_pattern(plymouthd_t, plymouthd_var_lib_t, plymouthd_var_lib_t)
+ 
+@@ -48,9 +49,7 @@ manage_files_pattern(plymouthd_t, plymouthd_var_lib_t, plymouthd_var_lib_t)
  files_var_lib_filetrans(plymouthd_t, plymouthd_var_lib_t, { file dir })
  
  manage_dirs_pattern(plymouthd_t, plymouthd_var_log_t, plymouthd_var_log_t)
@@ -60094,7 +60160,7 @@ index b1f412b..3a3249a 100644
  logging_log_filetrans(plymouthd_t, plymouthd_var_log_t, { file dir })
  
  manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
-@@ -70,19 +68,27 @@ domain_use_interactive_fds(plymouthd_t)
+@@ -70,19 +69,27 @@ domain_use_interactive_fds(plymouthd_t)
  
  fs_getattr_all_fs(plymouthd_t)
  
@@ -60126,7 +60192,7 @@ index b1f412b..3a3249a 100644
  ')
  
  optional_policy(`
-@@ -90,35 +96,33 @@ optional_policy(`
+@@ -90,35 +97,33 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -66453,7 +66519,7 @@ index fa3dc8e..99cfa95 100644
 +	ps_process_pattern($1, pulseaudio_t)
  ')
 diff --git a/pulseaudio.te b/pulseaudio.te
-index e31bbe1..822ab6c 100644
+index e31bbe1..5f0e288 100644
 --- a/pulseaudio.te
 +++ b/pulseaudio.te
 @@ -1,4 +1,4 @@
@@ -66470,7 +66536,8 @@ index e31bbe1..822ab6c 100644
 -
  type pulseaudio_t;
  type pulseaudio_exec_t;
- init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
+-init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
++#init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
  userdom_user_application_domain(pulseaudio_t, pulseaudio_exec_t)
 -role pulseaudio_roles types pulseaudio_t;
 +role system_r types pulseaudio_t;
@@ -73736,10 +73803,10 @@ index b418d1c..1ad9c12 100644
  	xen_domtrans_xm(rgmanager_t)
  ')
 diff --git a/rhcs.fc b/rhcs.fc
-index 47de2d6..98a4280 100644
+index 47de2d6..a7e8263 100644
 --- a/rhcs.fc
 +++ b/rhcs.fc
-@@ -1,31 +1,85 @@
+@@ -1,31 +1,86 @@
 -/etc/rc\.d/init\.d/dlm	--	gen_context(system_u:object_r:dlm_controld_initrc_exec_t,s0)
 -/etc/rc\.d/init\.d/foghorn	--	gen_context(system_u:object_r:foghorn_initrc_exec_t,s0)
 +/usr/sbin/dlm_controld			--	gen_context(system_u:object_r:dlm_controld_exec_t,s0)
@@ -73821,6 +73888,7 @@ index 47de2d6..98a4280 100644
 +/usr/sbin/ldirectord        --  gen_context(system_u:object_r:cluster_exec_t,s0)
 +/usr/sbin/rgmanager         --  gen_context(system_u:object_r:cluster_exec_t,s0)
 +/usr/sbin/pacemakerd    	--  gen_context(system_u:object_r:cluster_exec_t,s0)
++/usr/sbin/pacemaker_remoted --  gen_context(system_u:object_r:cluster_exec_t,s0)
 +
 +/usr/lib/pcsd/pcsd          --  gen_context(system_u:object_r:cluster_exec_t,s0)
 +
@@ -87189,7 +87257,7 @@ index 634c6b4..e1edfd9 100644
  
  ########################################
 diff --git a/sosreport.te b/sosreport.te
-index 703efa3..2c05493 100644
+index 703efa3..678439a 100644
 --- a/sosreport.te
 +++ b/sosreport.te
 @@ -19,6 +19,9 @@ files_tmp_file(sosreport_tmp_t)
@@ -87276,7 +87344,7 @@ index 703efa3..2c05493 100644
  files_read_var_lib_files(sosreport_t)
  files_read_var_symlinks(sosreport_t)
  files_read_kernel_modules(sosreport_t)
-@@ -79,27 +107,44 @@ files_manage_etc_runtime_files(sosreport_t)
+@@ -79,27 +107,45 @@ files_manage_etc_runtime_files(sosreport_t)
  files_etc_filetrans_etc_runtime(sosreport_t, file)
  
  fs_getattr_all_fs(sosreport_t)
@@ -87303,6 +87371,7 @@ index 703efa3..2c05493 100644
 +init_stream_connect(sosreport_t)
  
  libs_domtrans_ldconfig(sosreport_t)
++libs_use_ld_so(sosreport_t)
  
  logging_read_all_logs(sosreport_t)
  logging_send_syslog_msg(sosreport_t)
@@ -87324,7 +87393,7 @@ index 703efa3..2c05493 100644
  ')
  
  optional_policy(`
-@@ -111,6 +156,15 @@ optional_policy(`
+@@ -111,6 +157,15 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -87340,7 +87409,7 @@ index 703efa3..2c05493 100644
  	fstools_domtrans(sosreport_t)
  ')
  
-@@ -120,6 +174,10 @@ optional_policy(`
+@@ -120,6 +175,10 @@ optional_policy(`
  	optional_policy(`
  		hal_dbus_chat(sosreport_t)
  	')
@@ -87351,7 +87420,7 @@ index 703efa3..2c05493 100644
  ')
  
  optional_policy(`
-@@ -135,9 +193,25 @@ optional_policy(`
+@@ -135,9 +194,25 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -90191,7 +90260,7 @@ index 2ac91b6..dd2ac36 100644
  ')
 +
 diff --git a/svnserve.te b/svnserve.te
-index c6aaac7..a5600a8 100644
+index c6aaac7..84cdcac 100644
 --- a/svnserve.te
 +++ b/svnserve.te
 @@ -12,12 +12,18 @@ init_daemon_domain(svnserve_t, svnserve_exec_t)
@@ -90235,12 +90304,16 @@ index c6aaac7..a5600a8 100644
  corenet_all_recvfrom_unlabeled(svnserve_t)
  corenet_all_recvfrom_netlabel(svnserve_t)
  corenet_tcp_sendrecv_generic_if(svnserve_t)
-@@ -54,6 +62,4 @@ corenet_udp_sendrecv_svn_port(svnserve_t)
+@@ -52,8 +60,8 @@ corenet_tcp_sendrecv_svn_port(svnserve_t)
+ corenet_udp_bind_svn_port(svnserve_t)
+ corenet_udp_sendrecv_svn_port(svnserve_t)
  
- logging_send_syslog_msg(svnserve_t)
+-logging_send_syslog_msg(svnserve_t)
++dev_read_urand(svnserve_t)
  
 -miscfiles_read_localization(svnserve_t)
--
++logging_send_syslog_msg(svnserve_t)
+ 
  sysnet_dns_name_resolve(svnserve_t)
 diff --git a/swift.fc b/swift.fc
 new file mode 100644