diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 1ab902e..2fccd35 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -13080,7 +13080,7 @@ index 3fe3cb8..b8e08c6 100644
 +	')
  ')
 diff --git a/condor.te b/condor.te
-index 3f2b672..8dee63d 100644
+index 3f2b672..95daaa7 100644
 --- a/condor.te
 +++ b/condor.te
 @@ -46,6 +46,9 @@ files_lock_file(condor_var_lock_t)
@@ -13111,7 +13111,14 @@ index 3f2b672..8dee63d 100644
  
  manage_dirs_pattern(condor_domain, condor_log_t, condor_log_t)
  append_files_pattern(condor_domain, condor_log_t, condor_log_t)
-@@ -91,8 +99,6 @@ kernel_read_system_state(condor_domain)
+@@ -86,13 +94,12 @@ allow condor_domain condor_master_t:tcp_socket getattr;
+ 
+ kernel_read_kernel_sysctls(condor_domain)
+ kernel_read_network_state(condor_domain)
+-kernel_read_system_state(condor_domain)
++
++
+ 
  corecmd_exec_bin(condor_domain)
  corecmd_exec_shell(condor_domain)
  
@@ -13120,7 +13127,7 @@ index 3f2b672..8dee63d 100644
  corenet_tcp_sendrecv_generic_if(condor_domain)
  corenet_tcp_sendrecv_generic_node(condor_domain)
  
-@@ -106,9 +112,7 @@ dev_read_rand(condor_domain)
+@@ -106,9 +113,7 @@ dev_read_rand(condor_domain)
  dev_read_sysfs(condor_domain)
  dev_read_urand(condor_domain)
  
@@ -13131,7 +13138,7 @@ index 3f2b672..8dee63d 100644
  
  tunable_policy(`condor_tcp_network_connect',`
  	corenet_sendrecv_all_client_packets(condor_domain)
-@@ -125,7 +129,7 @@ optional_policy(`
+@@ -125,7 +130,7 @@ optional_policy(`
  # Master local policy
  #
  
@@ -13140,18 +13147,16 @@ index 3f2b672..8dee63d 100644
  
  allow condor_master_t condor_domain:process { sigkill signal };
  
-@@ -133,6 +137,10 @@ manage_dirs_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
+@@ -133,6 +138,8 @@ manage_dirs_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
  manage_files_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
  files_tmp_filetrans(condor_master_t, condor_master_tmp_t, { file dir })
  
 +can_exec(condor_master_t, condor_master_exec_t)
 +
-+kernel_read_system_state(condor_master_tmp_t)
-+
  corenet_udp_sendrecv_generic_if(condor_master_t)
  corenet_udp_sendrecv_generic_node(condor_master_t)
  corenet_tcp_bind_generic_node(condor_master_t)
-@@ -150,7 +158,7 @@ corenet_tcp_sendrecv_amqp_port(condor_master_t)
+@@ -150,7 +157,7 @@ corenet_tcp_sendrecv_amqp_port(condor_master_t)
  
  domain_read_all_domains_state(condor_master_t)
  
@@ -13160,7 +13165,7 @@ index 3f2b672..8dee63d 100644
  
  optional_policy(`
  	mta_send_mail(condor_master_t)
-@@ -169,6 +177,8 @@ allow condor_collector_t condor_master_t:udp_socket rw_socket_perms;
+@@ -169,6 +176,8 @@ allow condor_collector_t condor_master_t:udp_socket rw_socket_perms;
  
  kernel_read_network_state(condor_collector_t)
  
@@ -13169,7 +13174,7 @@ index 3f2b672..8dee63d 100644
  #####################################
  #
  # Negotiator local policy
-@@ -178,6 +188,8 @@ allow condor_negotiator_t self:capability { setuid setgid };
+@@ -178,6 +187,8 @@ allow condor_negotiator_t self:capability { setuid setgid };
  allow condor_negotiator_t condor_master_t:tcp_socket rw_stream_socket_perms;
  allow condor_negotiator_t condor_master_t:udp_socket getattr;
  
@@ -13178,7 +13183,7 @@ index 3f2b672..8dee63d 100644
  ######################################
  #
  # Procd local policy
-@@ -201,6 +213,8 @@ allow condor_schedd_t condor_master_t:udp_socket getattr;
+@@ -201,6 +212,8 @@ allow condor_schedd_t condor_master_t:udp_socket getattr;
  
  allow condor_schedd_t condor_var_lock_t:dir manage_file_perms;
  
@@ -13187,7 +13192,7 @@ index 3f2b672..8dee63d 100644
  domtrans_pattern(condor_schedd_t, condor_procd_exec_t, condor_procd_t)
  domtrans_pattern(condor_schedd_t, condor_startd_exec_t, condor_startd_t)
  
-@@ -209,6 +223,8 @@ manage_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
+@@ -209,6 +222,8 @@ manage_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
  relabel_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
  files_tmp_filetrans(condor_schedd_t, condor_schedd_tmp_t, { file dir })
  
@@ -13196,7 +13201,7 @@ index 3f2b672..8dee63d 100644
  #####################################
  #
  # Startd local policy
-@@ -233,11 +249,10 @@ domain_read_all_domains_state(condor_startd_t)
+@@ -233,11 +248,10 @@ domain_read_all_domains_state(condor_startd_t)
  mcs_process_set_categories(condor_startd_t)
  
  init_domtrans_script(condor_startd_t)
@@ -13209,7 +13214,7 @@ index 3f2b672..8dee63d 100644
  optional_policy(`
  	ssh_basic_client_template(condor_startd, condor_startd_t, system_r)
  	ssh_domtrans(condor_startd_t)
-@@ -249,3 +264,7 @@ optional_policy(`
+@@ -249,3 +263,7 @@ optional_policy(`
  		kerberos_use(condor_startd_ssh_t)
  	')
  ')
@@ -52546,10 +52551,10 @@ index 96db654..ff3aadd 100644
 +	virt_rw_svirt_dev(pcscd_t)
 +')
 diff --git a/pegasus.fc b/pegasus.fc
-index dfd46e4..0aaa891 100644
+index dfd46e4..6667b8a 100644
 --- a/pegasus.fc
 +++ b/pegasus.fc
-@@ -1,15 +1,24 @@
+@@ -1,15 +1,20 @@
 -/etc/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_conf_t,s0)
 +
 +/etc/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_conf_t,s0)
@@ -52558,28 +52563,24 @@ index dfd46e4..0aaa891 100644
 -/etc/rc\.d/init\.d/tog-pegasus	--	gen_context(system_u:object_r:pegasus_initrc_exec_t,s0)
 +/usr/sbin/cimserver		--	gen_context(system_u:object_r:pegasus_exec_t,s0)
 +/usr/sbin/init_repository	-- 	gen_context(system_u:object_r:pegasus_exec_t,s0)
-+
-+/var/lib/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_data_t,s0)
-+
-+/var/run/tog-pegasus(/.*)?		gen_context(system_u:object_r:pegasus_var_run_t,s0)
-+
-+/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
-+
-+#openlmi agents
-+/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_LogicalFile-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_logicalfile_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_networking_exec_t,s0)
-+/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt   --  gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
-+
  
 -/usr/sbin/cimserver	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
 -/usr/sbin/init_repository	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
++/var/lib/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_data_t,s0)
  
 -/var/cache/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_cache_t,s0)
++/var/run/tog-pegasus(/.*)?		gen_context(system_u:object_r:pegasus_var_run_t,s0)
  
 -/var/lib/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_data_t,s0)
++/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
  
 -/var/run/tog-pegasus(/.*)?	gen_context(system_u:object_r:pegasus_var_run_t,s0)
++#openlmi agents
++/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_LogicalFile-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_logicalfile_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_networking_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt     --  gen_context(system_u:object_r:pegasus_openlmi_service_exec_t,s0)
++/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt   --  gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
  
 -/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
 diff --git a/pegasus.if b/pegasus.if
@@ -52683,7 +52684,7 @@ index d2fc677..ded726f 100644
  ')
 +
 diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..193d6c3 100644
+index 7bcf327..71ab12b 100644
 --- a/pegasus.te
 +++ b/pegasus.te
 @@ -1,17 +1,16 @@
@@ -52707,7 +52708,7 @@ index 7bcf327..193d6c3 100644
  type pegasus_cache_t;
  files_type(pegasus_cache_t)
  
-@@ -30,20 +29,176 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,196 @@ files_type(pegasus_mof_t)
  type pegasus_var_run_t;
  files_pid_file(pegasus_var_run_t)
  
@@ -52715,6 +52716,7 @@ index 7bcf327..193d6c3 100644
 +pegasus_openlmi_domain_template(account)
 +pegasus_openlmi_domain_template(logicalfile)
 +pegasus_openlmi_domain_template(networking)
++pegasus_openlmi_domain_template(service)
 +
 +pegasus_openlmi_domain_template(storage)
 +type pegasus_openlmi_storage_tmp_t;
@@ -52734,8 +52736,6 @@ index 7bcf327..193d6c3 100644
 +list_dirs_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
 +rw_files_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
 +
-+kernel_read_system_state(pegasus_openlmi_domain)
-+
 +corecmd_exec_bin(pegasus_openlmi_domain)
 +corecmd_exec_shell(pegasus_openlmi_domain)
 +
@@ -52832,6 +52832,27 @@ index 7bcf327..193d6c3 100644
 +
 +######################################
 +#
++# pegasus openlmi service local policy
++#
++
++
++init_disable_services(pegasus_openlmi_service_t)
++init_enable_services(pegasus_openlmi_service_t)
++init_reload_services(pegasus_openlmi_service_t)
++init_exec(pegasus_openlmi_service_t)
++
++systemd_config_all_services(pegasus_openlmi_service_t)
++systemd_manage_all_unit_files(pegasus_openlmi_service_t)
++systemd_manage_all_unit_lnk_files(pegasus_openlmi_service_t)
++
++allow pegasus_openlmi_service_t self:udp_socket create_socket_perms;
++
++optional_policy(`
++    dbus_system_bus_client(pegasus_openlmi_service_t)
++')
++
++######################################
++#
 +# pegasus openlmi storage local policy
 +#
 +
@@ -52889,7 +52910,7 @@ index 7bcf327..193d6c3 100644
  allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
  
  manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +209,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +229,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
  manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
  manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
  manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@@ -52920,7 +52941,7 @@ index 7bcf327..193d6c3 100644
  
  kernel_read_network_state(pegasus_t)
  kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +235,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +255,21 @@ kernel_read_net_sysctls(pegasus_t)
  kernel_read_xen_state(pegasus_t)
  kernel_write_xen_state(pegasus_t)
  
@@ -52953,7 +52974,7 @@ index 7bcf327..193d6c3 100644
  
  corecmd_exec_bin(pegasus_t)
  corecmd_exec_shell(pegasus_t)
-@@ -114,6 +263,7 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,6 +283,7 @@ files_getattr_all_dirs(pegasus_t)
  
  auth_use_nsswitch(pegasus_t)
  auth_domtrans_chk_passwd(pegasus_t)
@@ -52961,7 +52982,7 @@ index 7bcf327..193d6c3 100644
  
  domain_use_interactive_fds(pegasus_t)
  domain_read_all_domains_state(pegasus_t)
-@@ -128,18 +278,25 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +298,25 @@ init_stream_connect_script(pegasus_t)
  logging_send_audit_msgs(pegasus_t)
  logging_send_syslog_msg(pegasus_t)
  
@@ -52979,21 +53000,21 @@ index 7bcf327..193d6c3 100644
 -	dbus_connect_system_bus(pegasus_t)
 +    dbus_system_bus_client(pegasus_t)
 +    dbus_connect_system_bus(pegasus_t)
- 
--	optional_policy(`
--		networkmanager_dbus_chat(pegasus_t)
--	')
++
 +    optional_policy(`
 +	networkmanager_dbus_chat(pegasus_t)
 +    ')
 +')
-+
+ 
+-	optional_policy(`
+-		networkmanager_dbus_chat(pegasus_t)
+-	')
 +optional_policy(`
 +	rhcs_stream_connect_cluster(pegasus_t)
  ')
  
  optional_policy(`
-@@ -151,16 +308,24 @@ optional_policy(`
+@@ -151,16 +328,24 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -53022,7 +53043,7 @@ index 7bcf327..193d6c3 100644
  ')
  
  optional_policy(`
-@@ -168,7 +333,7 @@ optional_policy(`
+@@ -168,7 +353,7 @@ optional_policy(`
  ')
  
  optional_policy(`