diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 206fded..31259b3 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -7035,10 +7035,12 @@ index 1a82e29..9a065a0 100644
+ corenet_tcp_connect_osapi_compute_port(httpd_t)
')
diff --git a/apcupsd.fc b/apcupsd.fc
-index 5ec0e13..1c37fe1 100644
+index 5ec0e13..462acb8 100644
--- a/apcupsd.fc
+++ b/apcupsd.fc
-@@ -1,10 +1,13 @@
+@@ -1,10 +1,15 @@
++/etc/apcupsd/powerfail -- gen_context(system_u:object_r:apcupsd_power_t,s0)
++
/etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
+/usr/lib/systemd/system/apcupsd.* -- gen_context(system_u:object_r:apcupsd_unit_file_t,s0)
@@ -7053,7 +7055,7 @@ index 5ec0e13..1c37fe1 100644
/var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
/var/log/apcupsd\.status.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
diff --git a/apcupsd.if b/apcupsd.if
-index f3c0aba..b6afc90 100644
+index f3c0aba..cbe3d4a 100644
--- a/apcupsd.if
+++ b/apcupsd.if
@@ -125,6 +125,49 @@ interface(`apcupsd_cgi_script_domtrans',`
@@ -7106,11 +7108,12 @@ index f3c0aba..b6afc90 100644
## All of the rules required to
## administrate an apcupsd environment.
##
-@@ -144,11 +187,16 @@ interface(`apcupsd_admin',`
+@@ -144,11 +187,17 @@ interface(`apcupsd_admin',`
gen_require(`
type apcupsd_t, apcupsd_tmp_t, apcupsd_log_t;
type apcupsd_var_run_t, apcupsd_initrc_exec_t, apcupsd_lock_t;
+ type apcupsd_unit_file_t;
++ type apcupsd_power_t;
')
- allow $1 apcupsd_t:process { ptrace signal_perms };
@@ -7124,7 +7127,7 @@ index f3c0aba..b6afc90 100644
apcupsd_initrc_domtrans($1, apcupsd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 apcupsd_initrc_exec_t system_r;
-@@ -165,4 +213,8 @@ interface(`apcupsd_admin',`
+@@ -165,4 +214,11 @@ interface(`apcupsd_admin',`
files_list_pids($1)
admin_pattern($1, apcupsd_var_run_t)
@@ -7132,33 +7135,42 @@ index f3c0aba..b6afc90 100644
+ apcupsd_systemctl($1)
+ admin_pattern($1, apcupsd_unit_file_t)
+ allow $1 apcupsd_unit_file_t:service all_service_perms;
++
++ manage_files_pattern($1, apcupsd_power_t, apcupsd_power_t)
++ files_etc_filetrans(apcupsd_t, apcupsd_power_t, file, "powerfail")
')
diff --git a/apcupsd.te b/apcupsd.te
-index b236327..11fcb66 100644
+index b236327..a370cb8 100644
--- a/apcupsd.te
+++ b/apcupsd.te
-@@ -24,6 +24,9 @@ files_tmp_file(apcupsd_tmp_t)
+@@ -24,6 +24,12 @@ files_tmp_file(apcupsd_tmp_t)
type apcupsd_var_run_t;
files_pid_file(apcupsd_var_run_t)
++type apcupsd_power_t;
++files_type(apcupsd_power_t)
++
+type apcupsd_unit_file_t;
+systemd_unit_file(apcupsd_unit_file_t)
+
########################################
#
# Local policy
-@@ -38,9 +41,7 @@ allow apcupsd_t self:tcp_socket create_stream_socket_perms;
+@@ -38,9 +44,10 @@ allow apcupsd_t self:tcp_socket create_stream_socket_perms;
allow apcupsd_t apcupsd_lock_t:file manage_file_perms;
files_lock_filetrans(apcupsd_t, apcupsd_lock_t, file)
-append_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
-create_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
-setattr_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
++manage_files_pattern(apcupsd_t, apcupsd_power_t, apcupsd_power_t)
++files_etc_filetrans(apcupsd_t, apcupsd_power_t, file, "powerfail")
++
+manage_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
logging_log_filetrans(apcupsd_t, apcupsd_log_t, file)
manage_files_pattern(apcupsd_t, apcupsd_tmp_t, apcupsd_tmp_t)
-@@ -54,7 +55,6 @@ kernel_read_system_state(apcupsd_t)
+@@ -54,7 +61,6 @@ kernel_read_system_state(apcupsd_t)
corecmd_exec_bin(apcupsd_t)
corecmd_exec_shell(apcupsd_t)
@@ -7166,7 +7178,7 @@ index b236327..11fcb66 100644
corenet_all_recvfrom_netlabel(apcupsd_t)
corenet_tcp_sendrecv_generic_if(apcupsd_t)
corenet_tcp_sendrecv_generic_node(apcupsd_t)
-@@ -67,6 +67,8 @@ corenet_tcp_bind_apcupsd_port(apcupsd_t)
+@@ -67,6 +73,8 @@ corenet_tcp_bind_apcupsd_port(apcupsd_t)
corenet_sendrecv_apcupsd_server_packets(apcupsd_t)
corenet_tcp_sendrecv_apcupsd_port(apcupsd_t)
corenet_tcp_connect_apcupsd_port(apcupsd_t)
@@ -7175,7 +7187,7 @@ index b236327..11fcb66 100644
corenet_udp_bind_snmp_port(apcupsd_t)
corenet_sendrecv_snmp_server_packets(apcupsd_t)
-@@ -74,19 +76,23 @@ corenet_udp_sendrecv_snmp_port(apcupsd_t)
+@@ -74,19 +82,23 @@ corenet_udp_sendrecv_snmp_port(apcupsd_t)
dev_rw_generic_usb_dev(apcupsd_t)
@@ -7190,10 +7202,10 @@ index b236327..11fcb66 100644
+#apcupsd runs shutdown, probably need a shutdown domain
+init_rw_utmp(apcupsd_t)
+init_telinit(apcupsd_t)
-+
-+auth_use_nsswitch(apcupsd_t)
-miscfiles_read_localization(apcupsd_t)
++auth_use_nsswitch(apcupsd_t)
++
+logging_send_syslog_msg(apcupsd_t)
sysnet_dns_name_resolve(apcupsd_t)
@@ -7203,7 +7215,7 @@ index b236327..11fcb66 100644
optional_policy(`
hostname_exec(apcupsd_t)
-@@ -101,6 +107,11 @@ optional_policy(`
+@@ -101,6 +113,11 @@ optional_policy(`
shutdown_domtrans(apcupsd_t)
')
@@ -7215,7 +7227,7 @@ index b236327..11fcb66 100644
########################################
#
# CGI local policy
-@@ -112,7 +123,6 @@ optional_policy(`
+@@ -112,7 +129,6 @@ optional_policy(`
allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;
@@ -9931,10 +9943,10 @@ index 0000000..de66654
+')
diff --git a/bumblebee.te b/bumblebee.te
new file mode 100644
-index 0000000..8c82398
+index 0000000..f94a10e
--- /dev/null
+++ b/bumblebee.te
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,49 @@
+policy_module(bumblebee, 1.0.0)
+
+########################################
@@ -9971,6 +9983,8 @@ index 0000000..8c82398
+kernel_read_system_state(bumblebee_t)
+kernel_dontaudit_access_check_proc(bumblebee_t)
+
++corecmd_exec_shell(bumblebee_t)
++
+dev_read_sysfs(bumblebee_t)
+
+auth_read_passwd(bumblebee_t)
@@ -9979,6 +9993,9 @@ index 0000000..8c82398
+
+modutils_domtrans_insmod(bumblebee_t)
+
++sysnet_dns_name_resolve(bumblebee_t)
++
++xserver_domtrans(bumblebee_t)
diff --git a/cachefilesd.fc b/cachefilesd.fc
index 648c790..aa03fc8 100644
--- a/cachefilesd.fc
@@ -20923,12 +20940,13 @@ index ff933af..cd1d88d 100644
+')
+
diff --git a/dhcp.fc b/dhcp.fc
-index 7956248..5fee161 100644
+index 7956248..333d214 100644
--- a/dhcp.fc
+++ b/dhcp.fc
-@@ -1,4 +1,5 @@
+@@ -1,4 +1,6 @@
/etc/rc\.d/init\.d/dhcpd(6)? -- gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0)
+/usr/lib/systemd/system/dhcpcd.* -- gen_context(system_u:object_r:dhcpd_unit_file_t,s0)
++/usr/lib/systemd/system/dhcpd.* -- gen_context(system_u:object_r:dhcpd_unit_file_t,s0)
/usr/sbin/dhcpd.* -- gen_context(system_u:object_r:dhcpd_exec_t,s0)
@@ -22814,10 +22832,10 @@ index 0000000..543baf1
+')
diff --git a/docker.te b/docker.te
new file mode 100644
-index 0000000..f156949
+index 0000000..68e0556
--- /dev/null
+++ b/docker.te
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,148 @@
+policy_module(docker, 1.0.0)
+
+########################################
@@ -22892,6 +22910,8 @@ index 0000000..f156949
+
+fs_read_cgroup_files(docker_t)
+
++storage_raw_rw_fixed_disk(docker_t)
++
+auth_use_nsswitch(docker_t)
+
+miscfiles_read_localization(docker_t)
@@ -22914,7 +22934,7 @@ index 0000000..f156949
+#
+
+allow docker_t self:capability { sys_admin sys_boot dac_override setpcap sys_ptrace };
-+allow docker_t self:process { setpgid setsched signal_perms };
++allow docker_t self:process { getcap setcap setpgid setsched signal_perms };
+allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
+allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
+allow docker_t self:unix_dgram_socket create_socket_perms;
@@ -22926,12 +22946,14 @@ index 0000000..f156949
+
+kernel_setsched(docker_t)
+kernel_get_sysvipc_info(docker_t)
++kernel_request_load_module(docker_t)
+
+dev_getattr_all_blk_files(docker_t)
+dev_getattr_sysfs_fs(docker_t)
+dev_read_urand(docker_t)
+dev_read_lvm_control(docker_t)
+dev_read_sysfs(docker_t)
++dev_rw_loop_control(docker_t)
+dev_rw_lvm_control(docker_t)
+
+files_manage_isid_type_dirs(docker_t)
@@ -22962,7 +22984,6 @@ index 0000000..f156949
+ virt_read_config(docker_t)
+ virt_exec(docker_t)
+')
-+
diff --git a/dovecot.fc b/dovecot.fc
index c880070..4448055 100644
--- a/dovecot.fc
@@ -31459,10 +31480,10 @@ index 0000000..17c3627
+')
diff --git a/hypervkvp.te b/hypervkvp.te
new file mode 100644
-index 0000000..ddc67b0
+index 0000000..88bd0b2
--- /dev/null
+++ b/hypervkvp.te
-@@ -0,0 +1,61 @@
+@@ -0,0 +1,63 @@
+policy_module(hypervkvp, 1.0.0)
+
+########################################
@@ -31523,6 +31544,8 @@ index 0000000..ddc67b0
+# hypervvssd local policy
+#
+
++allow hypervvssd_t self:capability sys_admin;
++
+logging_send_syslog_msg(hypervvssd_t)
diff --git a/i18n_input.te b/i18n_input.te
index 3bed8fa..a738d7f 100644
@@ -31893,13 +31916,32 @@ index ca07a87..6ea129c 100644
+
/usr/sbin/iodined -- gen_context(system_u:object_r:iodined_exec_t,s0)
diff --git a/iodine.if b/iodine.if
-index a0bfbd0..47f7c75 100644
+index a0bfbd0..a3b02e6 100644
--- a/iodine.if
+++ b/iodine.if
-@@ -2,6 +2,30 @@
+@@ -2,6 +2,49 @@
########################################
##
++## Execute NetworkManager with a domain transition.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++#
++interface(`iodined_domtrans',`
++ gen_require(`
++ type iodined_t, iodined_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domtrans_pattern($1, iodined_exec_t, iodined_t)
++')
++
++########################################
++##
+## Execute iodined server in the iodined domain.
+##
+##
@@ -31928,9 +31970,15 @@ index a0bfbd0..47f7c75 100644
## administrate an iodined environment
##
diff --git a/iodine.te b/iodine.te
-index 94ec5f8..8556c27 100644
+index 94ec5f8..6cbbf7d 100644
--- a/iodine.te
+++ b/iodine.te
+@@ -1,4 +1,4 @@
+-policy_module(iodine, 1.0.2)
++policy_module(iodine, 1.1.0)
+
+ ########################################
+ #
@@ -12,6 +12,9 @@ init_daemon_domain(iodined_t, iodined_exec_t)
type iodined_initrc_exec_t;
init_script_file(iodined_initrc_exec_t)
@@ -31941,11 +31989,12 @@ index 94ec5f8..8556c27 100644
########################################
#
# Local policy
-@@ -43,7 +46,6 @@ corenet_udp_sendrecv_dns_port(iodined_t)
+@@ -43,7 +46,7 @@ corenet_udp_sendrecv_dns_port(iodined_t)
corecmd_exec_shell(iodined_t)
-files_read_etc_files(iodined_t)
++auth_use_nsswitch(iodined_t)
logging_send_syslog_msg(iodined_t)
@@ -40966,10 +41015,10 @@ index 0000000..6568bfe
+')
diff --git a/mock.te b/mock.te
new file mode 100644
-index 0000000..7245033
+index 0000000..92c3b35
--- /dev/null
+++ b/mock.te
-@@ -0,0 +1,273 @@
+@@ -0,0 +1,275 @@
+policy_module(mock,1.0.0)
+
+##
@@ -41240,6 +41289,8 @@ index 0000000..7245033
+
+libs_exec_ldconfig(mock_build_t)
+
++userdom_use_inherited_user_ptys(mock_build_t)
++
+tunable_policy(`mock_enable_homedirs',`
+ userdom_read_user_home_content_files(mock_build_t)
+')
@@ -45234,7 +45285,7 @@ index ed81cac..26c97cd 100644
+ mta_filetrans_admin_home_content($1)
+')
diff --git a/mta.te b/mta.te
-index afd2fad..17466ee 100644
+index afd2fad..5979160 100644
--- a/mta.te
+++ b/mta.te
@@ -1,4 +1,4 @@
@@ -45502,7 +45553,7 @@ index afd2fad..17466ee 100644
courier_manage_spool_dirs(system_mail_t)
courier_manage_spool_files(system_mail_t)
courier_rw_spool_pipes(system_mail_t)
-@@ -245,13 +146,8 @@ optional_policy(`
+@@ -245,14 +146,10 @@ optional_policy(`
')
optional_policy(`
@@ -45512,12 +45563,16 @@ index afd2fad..17466ee 100644
-
-optional_policy(`
- fail2ban_dontaudit_rw_stream_sockets(system_mail_t)
- fail2ban_append_log(system_mail_t)
-+ fail2ban_dontaudit_leaks(system_mail_t)
- fail2ban_rw_inherited_tmp_files(system_mail_t)
+- fail2ban_append_log(system_mail_t)
+- fail2ban_rw_inherited_tmp_files(system_mail_t)
++ fail2ban_append_log(user_mail_domain)
++ fail2ban_dontaudit_leaks(user_mail_domain)
++ fail2ban_rw_inherited_tmp_files(mta_user_agent)
++ fail2ban_rw_inherited_tmp_files(user_mail_domain)
')
-@@ -264,10 +160,15 @@ optional_policy(`
+ optional_policy(`
+@@ -264,10 +161,15 @@ optional_policy(`
')
optional_policy(`
@@ -45533,7 +45588,7 @@ index afd2fad..17466ee 100644
nagios_read_tmp_files(system_mail_t)
')
-@@ -278,6 +179,19 @@ optional_policy(`
+@@ -278,6 +180,19 @@ optional_policy(`
manage_fifo_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
manage_sock_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
@@ -45553,7 +45608,7 @@ index afd2fad..17466ee 100644
')
optional_policy(`
-@@ -293,42 +207,36 @@ optional_policy(`
+@@ -293,42 +208,36 @@ optional_policy(`
')
optional_policy(`
@@ -45606,7 +45661,7 @@ index afd2fad..17466ee 100644
allow mailserver_delivery mail_spool_t:dir list_dir_perms;
create_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
-@@ -337,40 +245,26 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+@@ -337,40 +246,26 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
@@ -45655,7 +45710,7 @@ index afd2fad..17466ee 100644
files_search_var_lib(mailserver_delivery)
mailman_domtrans(mailserver_delivery)
-@@ -387,24 +281,177 @@ optional_policy(`
+@@ -387,24 +282,177 @@ optional_policy(`
########################################
#
@@ -48897,7 +48952,7 @@ index 0e8508c..ee2e3de 100644
+ logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
')
diff --git a/networkmanager.te b/networkmanager.te
-index 0b48a30..340630c 100644
+index 0b48a30..7688ca5 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -1,4 +1,4 @@
@@ -49150,7 +49205,7 @@ index 0b48a30..340630c 100644
')
')
-@@ -231,18 +254,19 @@ optional_policy(`
+@@ -231,18 +254,23 @@ optional_policy(`
dnsmasq_kill(NetworkManager_t)
dnsmasq_signal(NetworkManager_t)
dnsmasq_signull(NetworkManager_t)
@@ -49170,10 +49225,14 @@ index 0b48a30..340630c 100644
optional_policy(`
- howl_signal(NetworkManager_t)
+ gnome_dontaudit_search_config(NetworkManager_t)
++')
++
++optional_policy(`
++ iodined_domtrans(NetworkManager_t)
')
optional_policy(`
-@@ -250,6 +274,10 @@ optional_policy(`
+@@ -250,6 +278,10 @@ optional_policy(`
ipsec_kill_mgmt(NetworkManager_t)
ipsec_signal_mgmt(NetworkManager_t)
ipsec_signull_mgmt(NetworkManager_t)
@@ -49184,7 +49243,7 @@ index 0b48a30..340630c 100644
')
optional_policy(`
-@@ -257,11 +285,10 @@ optional_policy(`
+@@ -257,11 +289,10 @@ optional_policy(`
')
optional_policy(`
@@ -49200,7 +49259,7 @@ index 0b48a30..340630c 100644
')
optional_policy(`
-@@ -274,10 +301,17 @@ optional_policy(`
+@@ -274,10 +305,17 @@ optional_policy(`
nscd_signull(NetworkManager_t)
nscd_kill(NetworkManager_t)
nscd_initrc_domtrans(NetworkManager_t)
@@ -49218,7 +49277,7 @@ index 0b48a30..340630c 100644
')
optional_policy(`
-@@ -289,6 +323,7 @@ optional_policy(`
+@@ -289,6 +327,7 @@ optional_policy(`
')
optional_policy(`
@@ -49226,7 +49285,7 @@ index 0b48a30..340630c 100644
policykit_domtrans_auth(NetworkManager_t)
policykit_read_lib(NetworkManager_t)
policykit_read_reload(NetworkManager_t)
-@@ -296,7 +331,7 @@ optional_policy(`
+@@ -296,7 +335,7 @@ optional_policy(`
')
optional_policy(`
@@ -49235,7 +49294,7 @@ index 0b48a30..340630c 100644
')
optional_policy(`
-@@ -307,6 +342,7 @@ optional_policy(`
+@@ -307,6 +346,7 @@ optional_policy(`
ppp_signal(NetworkManager_t)
ppp_signull(NetworkManager_t)
ppp_read_config(NetworkManager_t)
@@ -49243,7 +49302,7 @@ index 0b48a30..340630c 100644
')
optional_policy(`
-@@ -320,13 +356,19 @@ optional_policy(`
+@@ -320,13 +360,19 @@ optional_policy(`
')
optional_policy(`
@@ -49253,21 +49312,21 @@ index 0b48a30..340630c 100644
+ systemd_read_logind_sessions_files(NetworkManager_t)
+ systemd_dbus_chat_logind(NetworkManager_t)
+ systemd_hostnamed_read_config(NetworkManager_t)
++')
++
++optional_policy(`
++ ssh_exec(NetworkManager_t)
')
optional_policy(`
- # unconfined_dgram_send(NetworkManager_t)
- unconfined_stream_connect(NetworkManager_t)
-+ ssh_exec(NetworkManager_t)
-+')
-+
-+optional_policy(`
+ udev_exec(NetworkManager_t)
+ udev_read_db(NetworkManager_t)
')
optional_policy(`
-@@ -356,6 +398,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
+@@ -356,6 +402,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
init_dontaudit_use_fds(wpa_cli_t)
init_use_script_ptys(wpa_cli_t)
@@ -57285,12 +57344,15 @@ index 43d50f9..7f77d32 100644
########################################
diff --git a/pcscd.te b/pcscd.te
-index 96db654..ff3aadd 100644
+index 96db654..6d3feb9 100644
--- a/pcscd.te
+++ b/pcscd.te
-@@ -24,8 +24,9 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
+@@ -22,10 +22,11 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
+ #
+
allow pcscd_t self:capability { dac_override dac_read_search fsetid };
- allow pcscd_t self:process signal;
+-allow pcscd_t self:process signal;
++allow pcscd_t self:process { signal signull };
allow pcscd_t self:fifo_file rw_fifo_file_perms;
-allow pcscd_t self:unix_stream_socket { accept listen };
-allow pcscd_t self:tcp_socket { accept listen };
@@ -57476,7 +57538,7 @@ index d2fc677..ded726f 100644
')
+
diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..38e75ee 100644
+index 7bcf327..d40a4ee 100644
--- a/pegasus.te
+++ b/pegasus.te
@@ -1,17 +1,16 @@
@@ -57500,7 +57562,7 @@ index 7bcf327..38e75ee 100644
type pegasus_cache_t;
files_type(pegasus_cache_t)
-@@ -30,20 +29,288 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,290 @@ files_type(pegasus_mof_t)
type pegasus_var_run_t;
files_pid_file(pegasus_var_run_t)
@@ -57656,6 +57718,8 @@ index 7bcf327..38e75ee 100644
+dev_rw_sysfs(pegasus_openlmi_system_t)
+dev_read_urand(pegasus_openlmi_system_t)
+
++systemd_config_power_services(pegasus_openlmi_system_t)
++
+optional_policy(`
+ dbus_system_bus_client(pegasus_openlmi_system_t)
+')
@@ -57794,7 +57858,7 @@ index 7bcf327..38e75ee 100644
allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +321,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +323,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@@ -57825,7 +57889,7 @@ index 7bcf327..38e75ee 100644
kernel_read_network_state(pegasus_t)
kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +347,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +349,21 @@ kernel_read_net_sysctls(pegasus_t)
kernel_read_xen_state(pegasus_t)
kernel_write_xen_state(pegasus_t)
@@ -57858,7 +57922,7 @@ index 7bcf327..38e75ee 100644
corecmd_exec_bin(pegasus_t)
corecmd_exec_shell(pegasus_t)
-@@ -114,9 +375,11 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,9 +377,11 @@ files_getattr_all_dirs(pegasus_t)
auth_use_nsswitch(pegasus_t)
auth_domtrans_chk_passwd(pegasus_t)
@@ -57870,7 +57934,7 @@ index 7bcf327..38e75ee 100644
files_list_var_lib(pegasus_t)
files_read_var_lib_files(pegasus_t)
-@@ -128,18 +391,29 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +393,29 @@ init_stream_connect_script(pegasus_t)
logging_send_audit_msgs(pegasus_t)
logging_send_syslog_msg(pegasus_t)
@@ -57906,7 +57970,7 @@ index 7bcf327..38e75ee 100644
')
optional_policy(`
-@@ -151,16 +425,24 @@ optional_policy(`
+@@ -151,16 +427,24 @@ optional_policy(`
')
optional_policy(`
@@ -57935,7 +57999,7 @@ index 7bcf327..38e75ee 100644
')
optional_policy(`
-@@ -168,7 +450,7 @@ optional_policy(`
+@@ -168,7 +452,7 @@ optional_policy(`
')
optional_policy(`
@@ -60050,7 +60114,7 @@ index 30e751f..78fb7c6 100644
admin_pattern($1, plymouthd_var_run_t)
')
diff --git a/plymouthd.te b/plymouthd.te
-index b1f412b..3a3249a 100644
+index b1f412b..52acfb0 100644
--- a/plymouthd.te
+++ b/plymouthd.te
@@ -1,4 +1,4 @@
@@ -60068,7 +60132,7 @@ index b1f412b..3a3249a 100644
type plymouthd_var_lib_t;
files_type(plymouthd_var_lib_t)
-@@ -28,12 +28,12 @@ files_pid_file(plymouthd_var_run_t)
+@@ -28,13 +28,14 @@ files_pid_file(plymouthd_var_run_t)
########################################
#
@@ -60081,9 +60145,11 @@ index b1f412b..3a3249a 100644
allow plymouthd_t self:capability2 block_suspend;
+dontaudit plymouthd_t self:capability dac_override;
allow plymouthd_t self:process { signal getsched };
++allow plymouthd_t self:netlink_kobject_uevent_socket create_socket_perms;
allow plymouthd_t self:fifo_file rw_fifo_file_perms;
allow plymouthd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -48,9 +48,7 @@ manage_files_pattern(plymouthd_t, plymouthd_var_lib_t, plymouthd_var_lib_t)
+
+@@ -48,9 +49,7 @@ manage_files_pattern(plymouthd_t, plymouthd_var_lib_t, plymouthd_var_lib_t)
files_var_lib_filetrans(plymouthd_t, plymouthd_var_lib_t, { file dir })
manage_dirs_pattern(plymouthd_t, plymouthd_var_log_t, plymouthd_var_log_t)
@@ -60094,7 +60160,7 @@ index b1f412b..3a3249a 100644
logging_log_filetrans(plymouthd_t, plymouthd_var_log_t, { file dir })
manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
-@@ -70,19 +68,27 @@ domain_use_interactive_fds(plymouthd_t)
+@@ -70,19 +69,27 @@ domain_use_interactive_fds(plymouthd_t)
fs_getattr_all_fs(plymouthd_t)
@@ -60126,7 +60192,7 @@ index b1f412b..3a3249a 100644
')
optional_policy(`
-@@ -90,35 +96,33 @@ optional_policy(`
+@@ -90,35 +97,33 @@ optional_policy(`
')
optional_policy(`
@@ -66453,7 +66519,7 @@ index fa3dc8e..99cfa95 100644
+ ps_process_pattern($1, pulseaudio_t)
')
diff --git a/pulseaudio.te b/pulseaudio.te
-index e31bbe1..822ab6c 100644
+index e31bbe1..5f0e288 100644
--- a/pulseaudio.te
+++ b/pulseaudio.te
@@ -1,4 +1,4 @@
@@ -66470,7 +66536,8 @@ index e31bbe1..822ab6c 100644
-
type pulseaudio_t;
type pulseaudio_exec_t;
- init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
+-init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
++#init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
userdom_user_application_domain(pulseaudio_t, pulseaudio_exec_t)
-role pulseaudio_roles types pulseaudio_t;
+role system_r types pulseaudio_t;
@@ -73736,10 +73803,10 @@ index b418d1c..1ad9c12 100644
xen_domtrans_xm(rgmanager_t)
')
diff --git a/rhcs.fc b/rhcs.fc
-index 47de2d6..98a4280 100644
+index 47de2d6..a7e8263 100644
--- a/rhcs.fc
+++ b/rhcs.fc
-@@ -1,31 +1,85 @@
+@@ -1,31 +1,86 @@
-/etc/rc\.d/init\.d/dlm -- gen_context(system_u:object_r:dlm_controld_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/foghorn -- gen_context(system_u:object_r:foghorn_initrc_exec_t,s0)
+/usr/sbin/dlm_controld -- gen_context(system_u:object_r:dlm_controld_exec_t,s0)
@@ -73821,6 +73888,7 @@ index 47de2d6..98a4280 100644
+/usr/sbin/ldirectord -- gen_context(system_u:object_r:cluster_exec_t,s0)
+/usr/sbin/rgmanager -- gen_context(system_u:object_r:cluster_exec_t,s0)
+/usr/sbin/pacemakerd -- gen_context(system_u:object_r:cluster_exec_t,s0)
++/usr/sbin/pacemaker_remoted -- gen_context(system_u:object_r:cluster_exec_t,s0)
+
+/usr/lib/pcsd/pcsd -- gen_context(system_u:object_r:cluster_exec_t,s0)
+
@@ -87189,7 +87257,7 @@ index 634c6b4..e1edfd9 100644
########################################
diff --git a/sosreport.te b/sosreport.te
-index 703efa3..2c05493 100644
+index 703efa3..678439a 100644
--- a/sosreport.te
+++ b/sosreport.te
@@ -19,6 +19,9 @@ files_tmp_file(sosreport_tmp_t)
@@ -87276,7 +87344,7 @@ index 703efa3..2c05493 100644
files_read_var_lib_files(sosreport_t)
files_read_var_symlinks(sosreport_t)
files_read_kernel_modules(sosreport_t)
-@@ -79,27 +107,44 @@ files_manage_etc_runtime_files(sosreport_t)
+@@ -79,27 +107,45 @@ files_manage_etc_runtime_files(sosreport_t)
files_etc_filetrans_etc_runtime(sosreport_t, file)
fs_getattr_all_fs(sosreport_t)
@@ -87303,6 +87371,7 @@ index 703efa3..2c05493 100644
+init_stream_connect(sosreport_t)
libs_domtrans_ldconfig(sosreport_t)
++libs_use_ld_so(sosreport_t)
logging_read_all_logs(sosreport_t)
logging_send_syslog_msg(sosreport_t)
@@ -87324,7 +87393,7 @@ index 703efa3..2c05493 100644
')
optional_policy(`
-@@ -111,6 +156,15 @@ optional_policy(`
+@@ -111,6 +157,15 @@ optional_policy(`
')
optional_policy(`
@@ -87340,7 +87409,7 @@ index 703efa3..2c05493 100644
fstools_domtrans(sosreport_t)
')
-@@ -120,6 +174,10 @@ optional_policy(`
+@@ -120,6 +175,10 @@ optional_policy(`
optional_policy(`
hal_dbus_chat(sosreport_t)
')
@@ -87351,7 +87420,7 @@ index 703efa3..2c05493 100644
')
optional_policy(`
-@@ -135,9 +193,25 @@ optional_policy(`
+@@ -135,9 +194,25 @@ optional_policy(`
')
optional_policy(`
@@ -90191,7 +90260,7 @@ index 2ac91b6..dd2ac36 100644
')
+
diff --git a/svnserve.te b/svnserve.te
-index c6aaac7..a5600a8 100644
+index c6aaac7..84cdcac 100644
--- a/svnserve.te
+++ b/svnserve.te
@@ -12,12 +12,18 @@ init_daemon_domain(svnserve_t, svnserve_exec_t)
@@ -90235,12 +90304,16 @@ index c6aaac7..a5600a8 100644
corenet_all_recvfrom_unlabeled(svnserve_t)
corenet_all_recvfrom_netlabel(svnserve_t)
corenet_tcp_sendrecv_generic_if(svnserve_t)
-@@ -54,6 +62,4 @@ corenet_udp_sendrecv_svn_port(svnserve_t)
+@@ -52,8 +60,8 @@ corenet_tcp_sendrecv_svn_port(svnserve_t)
+ corenet_udp_bind_svn_port(svnserve_t)
+ corenet_udp_sendrecv_svn_port(svnserve_t)
- logging_send_syslog_msg(svnserve_t)
+-logging_send_syslog_msg(svnserve_t)
++dev_read_urand(svnserve_t)
-miscfiles_read_localization(svnserve_t)
--
++logging_send_syslog_msg(svnserve_t)
+
sysnet_dns_name_resolve(svnserve_t)
diff --git a/swift.fc b/swift.fc
new file mode 100644