diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 9e6f2d3..af4d7ad 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -35253,7 +35253,7 @@ index 346a7cc..42a48b6 100644
+/var/run/netns(/.*)? gen_context(system_u:object_r:ifconfig_var_run_t,s0)
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 6944526..0bd8d93 100644
+index 6944526..a76e22c 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -35528,7 +35528,7 @@ index 6944526..0bd8d93 100644
corenet_tcp_sendrecv_generic_if($1)
corenet_udp_sendrecv_generic_if($1)
corenet_tcp_sendrecv_generic_node($1)
-@@ -766,3 +918,76 @@ interface(`sysnet_use_portmap',`
+@@ -766,3 +918,114 @@ interface(`sysnet_use_portmap',`
sysnet_read_config($1)
')
@@ -35581,6 +35581,24 @@ index 6944526..0bd8d93 100644
+
+########################################
+##
++## Transition to sysnet ifconfig named content
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`sysnet_filetrans_named_content_ifconfig',`
++ gen_require(`
++ type ifconfig_var_run_t;
++ ')
++
++ files_pid_filetrans($1, ifconfig_var_run_t, dir, "netns")
++')
++
++########################################
++##
+## Transition to sysnet named content
+##
+##
@@ -35605,6 +35623,26 @@ index 6944526..0bd8d93 100644
+ files_etc_filetrans($1, net_conf_t, file, "yp.conf")
+ files_etc_filetrans($1, net_conf_t, file, "ntp.conf")
+')
++
++########################################
++##
++## Transition to sysnet ifconfig named content
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`sysnet_manage_ifconfig_run',`
++ gen_require(`
++ type ifconfig_var_run_t;
++ ')
++
++ manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++ manage_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++ manage_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index b7686d5..087fe08 100644
--- a/policy/modules/system/sysnetwork.te
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index ef54c62..d1644f4 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -21641,7 +21641,7 @@ index 23ab808..4a801b5 100644
/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
diff --git a/dnsmasq.if b/dnsmasq.if
-index 19aa0b8..1e8b244 100644
+index 19aa0b8..c3fc3f4 100644
--- a/dnsmasq.if
+++ b/dnsmasq.if
@@ -10,7 +10,6 @@
@@ -21785,7 +21785,7 @@ index 19aa0b8..1e8b244 100644
read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
')
-@@ -214,37 +292,46 @@ interface(`dnsmasq_create_pid_dirs',`
+@@ -214,37 +292,63 @@ interface(`dnsmasq_create_pid_dirs',`
########################################
##
@@ -21797,34 +21797,26 @@ index 19aa0b8..1e8b244 100644
##
##
-## Domain allowed access.
--##
--##
--##
--##
--## Directory to transition on.
--##
--##
--##
--##
--## The object class of the object being created.
+## Domain allowed access.
##
##
--##
+-##
+##
##
--## The name of the object being created.
+-## Directory to transition on.
+## The type of the directory for the object to be created.
##
##
- #
--interface(`dnsmasq_spec_filetrans_pid',`
+-##
+-##
+-## The object class of the object being created.
+-##
++#
+interface(`dnsmasq_filetrans_named_content_fromdir',`
- gen_require(`
- type dnsmasq_var_run_t;
- ')
-
-- filetrans_pattern($1, $2, dnsmasq_var_run_t, $3, $4)
++ gen_require(`
++ type dnsmasq_var_run_t;
++ ')
++
+ filetrans_pattern($1, $2, dnsmasq_var_run_t, dir, "network")
+ filetrans_pattern($1, $2, dnsmasq_var_run_t, file, "dnsmasq.pid")
+')
@@ -21837,7 +21829,8 @@ index 19aa0b8..1e8b244 100644
+##
+## Domain allowed access.
+##
-+##
+ ##
+-##
+#
+interface(`dnsmasq_filetrans_named_content',`
+ gen_require(`
@@ -21847,10 +21840,32 @@ index 19aa0b8..1e8b244 100644
+ files_pid_filetrans($1, dnsmasq_var_run_t, dir, "network")
+ files_pid_filetrans($1, dnsmasq_var_run_t, file, "dnsmasq.pid")
+ virt_pid_filetrans($1, dnsmasq_var_run_t, file, "network")
++')
++
++########################################
++##
++## Create dnsmasq pid directories.
++##
++##
+ ##
+-## The name of the object being created.
++## Domain allowed access.
+ ##
+ ##
+ #
+-interface(`dnsmasq_spec_filetrans_pid',`
++interface(`dnsmasq_read_state',`
+ gen_require(`
+- type dnsmasq_var_run_t;
++ type dnsmasq_t;
+ ')
+-
+- filetrans_pattern($1, $2, dnsmasq_var_run_t, $3, $4)
++ ps_process_pattern($1, dnsmasq_t)
')
########################################
-@@ -267,12 +354,18 @@ interface(`dnsmasq_spec_filetrans_pid',`
+@@ -267,12 +371,18 @@ interface(`dnsmasq_spec_filetrans_pid',`
interface(`dnsmasq_admin',`
gen_require(`
type dnsmasq_t, dnsmasq_lease_t, dnsmasq_var_run_t;
@@ -21871,7 +21886,7 @@ index 19aa0b8..1e8b244 100644
init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 dnsmasq_initrc_exec_t system_r;
-@@ -281,9 +374,13 @@ interface(`dnsmasq_admin',`
+@@ -281,9 +391,13 @@ interface(`dnsmasq_admin',`
files_list_var_lib($1)
admin_pattern($1, dnsmasq_lease_t)
@@ -67148,10 +67163,10 @@ index afc0068..3105104 100644
+ ')
')
diff --git a/quantum.te b/quantum.te
-index 769d1fd..d7d6b4a 100644
+index 769d1fd..bf904a9 100644
--- a/quantum.te
+++ b/quantum.te
-@@ -1,96 +1,122 @@
+@@ -1,96 +1,130 @@
-policy_module(quantum, 1.0.2)
+policy_module(quantum, 1.0.3)
@@ -67169,7 +67184,7 @@ index 769d1fd..d7d6b4a 100644
-type quantum_initrc_exec_t;
-init_script_file(quantum_initrc_exec_t)
-+type neutron_initrc_exec_t alias qauntum_initrc_exec_t;
++type neutron_initrc_exec_t alias quantum_initrc_exec_t;
+init_script_file(neutron_initrc_exec_t)
-type quantum_log_t;
@@ -67201,13 +67216,13 @@ index 769d1fd..d7d6b4a 100644
-allow quantum_t self:key manage_key_perms;
-allow quantum_t self:tcp_socket { accept listen };
-allow quantum_t self:unix_stream_socket { accept listen };
-+allow neutron_t self:capability { setgid setuid sys_resource net_admin sys_admin };
++allow neutron_t self:capability { sys_ptrace kill setgid setuid sys_resource net_admin sys_admin net_raw };
+allow neutron_t self:process { setsched setrlimit };
+allow neutron_t self:fifo_file rw_fifo_file_perms;
+allow neutron_t self:key manage_key_perms;
+allow neutron_t self:tcp_socket { accept listen };
-+allow neutron_t self:netlink_route_socket rw_netlink_socket_perms;
+allow neutron_t self:unix_stream_socket { accept listen };
++allow neutron_t self:netlink_route_socket rw_netlink_socket_perms;
+
+manage_dirs_pattern(neutron_t, neutron_log_t, neutron_log_t)
+append_files_pattern(neutron_t, neutron_log_t, neutron_log_t)
@@ -67235,8 +67250,8 @@ index 769d1fd..d7d6b4a 100644
-manage_files_pattern(quantum_t, quantum_var_lib_t, quantum_var_lib_t)
-files_var_lib_filetrans(quantum_t, quantum_var_lib_t, dir)
+kernel_read_kernel_sysctls(neutron_t)
-+kernel_read_network_state(neutron_t)
+kernel_read_system_state(neutron_t)
++kernel_read_network_state(neutron_t)
+kernel_request_load_module(neutron_t)
-can_exec(quantum_t, quantum_tmp_t)
@@ -67269,66 +67284,74 @@ index 769d1fd..d7d6b4a 100644
+dev_read_urand(neutron_t)
+dev_mounton_sysfs(neutron_t)
+dev_mount_sysfs_fs(neutron_t)
++dev_unmount_sysfs_fs(neutron_t)
-dev_list_sysfs(quantum_t)
-dev_read_urand(quantum_t)
-+auth_use_nsswitch(neutron_t)
++files_mounton_non_security(neutron_t)
-files_read_usr_files(quantum_t)
-+libs_exec_ldconfig(neutron_t)
++auth_use_nsswitch(neutron_t)
-auth_use_nsswitch(quantum_t)
-+logging_send_audit_msgs(neutron_t)
-+logging_send_syslog_msg(neutron_t)
++libs_exec_ldconfig(neutron_t)
-libs_exec_ldconfig(quantum_t)
-+sysnet_domtrans_ifconfig(neutron_t)
++logging_send_audit_msgs(neutron_t)
++logging_send_syslog_msg(neutron_t)
-logging_send_audit_msgs(quantum_t)
-logging_send_syslog_msg(quantum_t)
-+optional_policy(`
-+ brctl_domtrans(neutron_t)
-+')
++sysnet_exec_ifconfig(neutron_t)
++sysnet_manage_ifconfig_run(neutron_t)
++sysnet_filetrans_named_content_ifconfig(neutron_t)
-miscfiles_read_localization(quantum_t)
+optional_policy(`
-+ dnsmasq_domtrans(neutron_t)
++ brctl_domtrans(neutron_t)
+')
-sysnet_domtrans_ifconfig(quantum_t)
+optional_policy(`
-+ iptables_domtrans(neutron_t)
++ dnsmasq_domtrans(neutron_t)
++ dnsmasq_signal(neutron_t)
++ dnsmasq_kill(neutron_t)
++ dnsmasq_read_state(neutron_t)
+')
optional_policy(`
- brctl_domtrans(quantum_t)
-+ mysql_stream_connect(neutron_t)
-+ mysql_read_config(neutron_t)
-+
-+ mysql_tcp_connect(neutron_t)
++ iptables_domtrans(neutron_t)
')
optional_policy(`
- mysql_stream_connect(quantum_t)
- mysql_read_config(quantum_t)
-+ postgresql_stream_connect(neutron_t)
-+ postgresql_unpriv_client(neutron_t)
++ mysql_stream_connect(neutron_t)
++ mysql_read_config(neutron_t)
- mysql_tcp_connect(quantum_t)
-+ postgresql_tcp_connect(neutron_t)
++ mysql_tcp_connect(neutron_t)
')
optional_policy(`
- postgresql_stream_connect(quantum_t)
- postgresql_unpriv_client(quantum_t)
-+ openvswitch_domtrans(neutron_t)
-+ openvswitch_stream_connect(neutron_t)
++ postgresql_stream_connect(neutron_t)
++ postgresql_unpriv_client(neutron_t)
++
++ postgresql_tcp_connect(neutron_t)
+')
- postgresql_tcp_connect(quantum_t)
+optional_policy(`
-+ sudo_exec(neutron_t)
++ openvswitch_domtrans(neutron_t)
++ openvswitch_stream_connect(neutron_t)
')
++
++optional_policy(`
++ sudo_exec(neutron_t)
++')
diff --git a/quota.fc b/quota.fc
index cadabe3..0ee2489 100644
--- a/quota.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 31c6914..c8d5ead 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 74.24%{?dist}
+Release: 74.25%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -542,6 +542,13 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Fri May 02 2014 Lukas Vrabec 3.12.1-74.25
+- Add interface sysnet_manage_ifconfig_run
+- Added sysnet_filetrans_named_content_ifconfig interface
+- Added dnsmasq_read_state interface
+- Add some rules from F20 branch in quantum policy
+- Allow exim to use pam stack to check passwords
+
* Mon Apr 14 2014 Lukas Vrabec 3.12.1-74.24
- Add modutils_dontaudit_exec_insmod interface
- Allow rabbitmq to bind to amanda port