diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 342b464..da6bf89 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -2575,7 +2575,7 @@ index 99e3903..7270808 100644
  
  ########################################
 diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
-index d555767..3053e39 100644
+index d555767..dd089fa 100644
 --- a/policy/modules/admin/usermanage.te
 +++ b/policy/modules/admin/usermanage.te
 @@ -5,18 +5,18 @@ policy_module(usermanage, 1.18.1)
@@ -2857,7 +2857,7 @@ index d555767..3053e39 100644
  userdom_use_unpriv_users_fds(passwd_t)
  # make sure that getcon succeeds
  userdom_getattr_all_users(passwd_t)
-@@ -349,9 +389,17 @@ userdom_read_user_tmp_files(passwd_t)
+@@ -349,9 +389,18 @@ userdom_read_user_tmp_files(passwd_t)
  # user generally runs this from their home directory, so do not audit a search
  # on user home dir
  userdom_dontaudit_search_user_home_content(passwd_t)
@@ -2867,6 +2867,7 @@ index d555767..3053e39 100644
 -	nscd_run(passwd_t, passwd_roles)
 +	gnome_exec_keyringd(passwd_t)
 +	gnome_manage_cache_home_dir(passwd_t)
++	gnome_manage_generic_cache_sockets(passwd_t)
 +	gnome_stream_connect_gkeyringd(passwd_t)
 +')
 +
@@ -2876,7 +2877,7 @@ index d555767..3053e39 100644
  ')
  
  ########################################
-@@ -398,9 +446,10 @@ dev_read_urand(sysadm_passwd_t)
+@@ -398,9 +447,10 @@ dev_read_urand(sysadm_passwd_t)
  fs_getattr_xattr_fs(sysadm_passwd_t)
  fs_search_auto_mountpoints(sysadm_passwd_t)
  
@@ -2889,7 +2890,7 @@ index d555767..3053e39 100644
  auth_manage_shadow(sysadm_passwd_t)
  auth_relabel_shadow(sysadm_passwd_t)
  auth_etc_filetrans_shadow(sysadm_passwd_t)
-@@ -413,7 +462,6 @@ files_read_usr_files(sysadm_passwd_t)
+@@ -413,7 +463,6 @@ files_read_usr_files(sysadm_passwd_t)
  
  domain_use_interactive_fds(sysadm_passwd_t)
  
@@ -2897,7 +2898,7 @@ index d555767..3053e39 100644
  files_relabel_etc_files(sysadm_passwd_t)
  files_read_etc_runtime_files(sysadm_passwd_t)
  # for nscd lookups
-@@ -423,19 +471,17 @@ files_dontaudit_search_pids(sysadm_passwd_t)
+@@ -423,19 +472,17 @@ files_dontaudit_search_pids(sysadm_passwd_t)
  # correctly without it.  Do not audit write denials to utmp.
  init_dontaudit_rw_utmp(sysadm_passwd_t)
  
@@ -2919,7 +2920,7 @@ index d555767..3053e39 100644
  ')
  
  ########################################
-@@ -443,7 +489,8 @@ optional_policy(`
+@@ -443,7 +490,8 @@ optional_policy(`
  # Useradd local policy
  #
  
@@ -2929,7 +2930,7 @@ index d555767..3053e39 100644
  dontaudit useradd_t self:capability sys_tty_config;
  allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow useradd_t self:process setfscreate;
-@@ -458,6 +505,10 @@ allow useradd_t self:unix_stream_socket create_stream_socket_perms;
+@@ -458,6 +506,10 @@ allow useradd_t self:unix_stream_socket create_stream_socket_perms;
  allow useradd_t self:unix_dgram_socket sendto;
  allow useradd_t self:unix_stream_socket connectto;
  
@@ -2940,7 +2941,7 @@ index d555767..3053e39 100644
  # for getting the number of groups
  kernel_read_kernel_sysctls(useradd_t)
  
-@@ -465,36 +516,36 @@ corecmd_exec_shell(useradd_t)
+@@ -465,36 +517,36 @@ corecmd_exec_shell(useradd_t)
  # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
  corecmd_exec_bin(useradd_t)
  
@@ -2989,7 +2990,7 @@ index d555767..3053e39 100644
  auth_manage_shadow(useradd_t)
  auth_relabel_shadow(useradd_t)
  auth_etc_filetrans_shadow(useradd_t)
-@@ -505,33 +556,36 @@ init_rw_utmp(useradd_t)
+@@ -505,33 +557,36 @@ init_rw_utmp(useradd_t)
  logging_send_audit_msgs(useradd_t)
  logging_send_syslog_msg(useradd_t)
  
@@ -3040,7 +3041,7 @@ index d555767..3053e39 100644
  optional_policy(`
  	apache_manage_all_user_content(useradd_t)
  ')
-@@ -542,7 +596,12 @@ optional_policy(`
+@@ -542,7 +597,12 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -3054,7 +3055,7 @@ index d555767..3053e39 100644
  ')
  
  optional_policy(`
-@@ -550,6 +609,11 @@ optional_policy(`
+@@ -550,6 +610,11 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -3066,7 +3067,7 @@ index d555767..3053e39 100644
  	tunable_policy(`samba_domain_controller',`
  		samba_append_log(useradd_t)
  	')
-@@ -559,3 +623,12 @@ optional_policy(`
+@@ -559,3 +624,12 @@ optional_policy(`
  	rpm_use_fds(useradd_t)
  	rpm_rw_pipes(useradd_t)
  ')
@@ -9402,7 +9403,7 @@ index c2c6e05..be423a7 100644
 +/nsr(/.*)?			gen_context(system_u:object_r:var_t,s0)
 +/nsr/logs(/.*)?			gen_context(system_u:object_r:var_log_t,s0)
 diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
-index 64ff4d7..3e91f7d 100644
+index 64ff4d7..48e851f 100644
 --- a/policy/modules/kernel/files.if
 +++ b/policy/modules/kernel/files.if
 @@ -19,6 +19,136 @@
@@ -11932,7 +11933,7 @@ index 64ff4d7..3e91f7d 100644
  	')
  
  	allow $1 var_t:dir search_dir_perms;
-@@ -6562,3 +7839,491 @@ interface(`files_unconfined',`
+@@ -6562,3 +7839,509 @@ interface(`files_unconfined',`
  
  	typeattribute $1 files_unconfined_type;
  ')
@@ -12243,6 +12244,24 @@ index 64ff4d7..3e91f7d 100644
 +
 +########################################
 +## <summary>
++##	Allow domain to delete to all dirs
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`files_delete_all_non_security_dirs',`
++	gen_require(`
++		attribute non_security_file_type;
++	')
++
++	allow $1 non_security_file_type:dir { del_entry_dir_perms delete_dir_perms };
++')
++
++########################################
++## <summary>
 +##	Transition named content in the var_run_t directory
 +## </summary>
 +## <param name="domain">
@@ -37231,10 +37250,10 @@ index 0000000..ba2e887
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..c617553
+index 0000000..4015e6a
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,664 @@
+@@ -0,0 +1,665 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -37550,6 +37569,7 @@ index 0000000..c617553
 +files_read_generic_tmp_symlinks(systemd_tmpfiles_t)
 +files_setattr_all_tmp_dirs(systemd_tmpfiles_t)
 +files_delete_boot_flag(systemd_tmpfiles_t)
++files_delete_all_non_security_dirs(systemd_tmpfiles_t)
 +files_delete_all_non_security_files(systemd_tmpfiles_t)
 +files_delete_all_pid_sockets(systemd_tmpfiles_t)
 +files_delete_all_pid_pipes(systemd_tmpfiles_t)
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index 55302d1..9fdd91f 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -4678,7 +4678,7 @@ index 83e899c..fac6fe5 100644
 +	filetrans_pattern($1, { httpd_user_content_t httpd_user_script_exec_t }, httpd_user_htaccess_t, file, ".htaccess")
  ')
 diff --git a/apache.te b/apache.te
-index 1a82e29..25fbcc6 100644
+index 1a82e29..4457dc9 100644
 --- a/apache.te
 +++ b/apache.te
 @@ -1,297 +1,367 @@
@@ -5868,7 +5868,7 @@ index 1a82e29..25fbcc6 100644
  	dbus_system_bus_client(httpd_t)
  
  	tunable_policy(`httpd_dbus_avahi',`
-@@ -781,34 +918,46 @@ optional_policy(`
+@@ -781,34 +918,47 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -5901,6 +5901,7 @@ index 1a82e29..25fbcc6 100644
 -	tunable_policy(`httpd_can_network_connect_ldap',`
 -		ldap_tcp_connect(httpd_t)
 -	')
++	ldap_read_certs(httpd_t)
  ')
  
  optional_policy(`
@@ -5926,7 +5927,7 @@ index 1a82e29..25fbcc6 100644
  
  	tunable_policy(`httpd_manage_ipa',`
  		memcached_manage_pid_files(httpd_t)
-@@ -816,8 +965,18 @@ optional_policy(`
+@@ -816,8 +966,18 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -5945,7 +5946,7 @@ index 1a82e29..25fbcc6 100644
  
  	tunable_policy(`httpd_can_network_connect_db',`
  		mysql_tcp_connect(httpd_t)
-@@ -826,6 +985,7 @@ optional_policy(`
+@@ -826,6 +986,7 @@ optional_policy(`
  
  optional_policy(`
  	nagios_read_config(httpd_t)
@@ -5953,7 +5954,7 @@ index 1a82e29..25fbcc6 100644
  ')
  
  optional_policy(`
-@@ -836,20 +996,39 @@ optional_policy(`
+@@ -836,20 +997,39 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -5979,7 +5980,7 @@ index 1a82e29..25fbcc6 100644
 +	pki_manage_apache_lib(httpd_t)
 +	pki_manage_apache_log_files(httpd_t)
 +	pki_manage_apache_run(httpd_t)
-+    pki_read_tomcat_cert(httpd_t)
++	pki_read_tomcat_cert(httpd_t)
 +')
  
 -	tunable_policy(`httpd_can_network_connect_db',`
@@ -5999,7 +6000,7 @@ index 1a82e29..25fbcc6 100644
  ')
  
  optional_policy(`
-@@ -857,19 +1036,35 @@ optional_policy(`
+@@ -857,19 +1037,35 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -6035,7 +6036,7 @@ index 1a82e29..25fbcc6 100644
  	udev_read_db(httpd_t)
  ')
  
-@@ -877,65 +1072,171 @@ optional_policy(`
+@@ -877,65 +1073,171 @@ optional_policy(`
  	yam_read_content(httpd_t)
  ')
  
@@ -6229,7 +6230,7 @@ index 1a82e29..25fbcc6 100644
  files_dontaudit_search_pids(httpd_suexec_t)
  files_search_home(httpd_suexec_t)
  
-@@ -944,123 +1245,74 @@ auth_use_nsswitch(httpd_suexec_t)
+@@ -944,123 +1246,74 @@ auth_use_nsswitch(httpd_suexec_t)
  logging_search_logs(httpd_suexec_t)
  logging_send_syslog_msg(httpd_suexec_t)
  
@@ -6384,7 +6385,7 @@ index 1a82e29..25fbcc6 100644
  	mysql_read_config(httpd_suexec_t)
  
  	tunable_policy(`httpd_can_network_connect_db',`
-@@ -1077,172 +1329,104 @@ optional_policy(`
+@@ -1077,172 +1330,104 @@ optional_policy(`
  	')
  ')
  
@@ -6620,7 +6621,7 @@ index 1a82e29..25fbcc6 100644
  ')
  
  tunable_policy(`httpd_read_user_content',`
-@@ -1250,64 +1434,74 @@ tunable_policy(`httpd_read_user_content',`
+@@ -1250,64 +1435,74 @@ tunable_policy(`httpd_read_user_content',`
  ')
  
  tunable_policy(`httpd_use_cifs',`
@@ -6717,7 +6718,7 @@ index 1a82e29..25fbcc6 100644
  
  ########################################
  #
-@@ -1315,8 +1509,15 @@ miscfiles_read_localization(httpd_rotatelogs_t)
+@@ -1315,8 +1510,15 @@ miscfiles_read_localization(httpd_rotatelogs_t)
  #
  
  optional_policy(`
@@ -6734,7 +6735,7 @@ index 1a82e29..25fbcc6 100644
  ')
  
  ########################################
-@@ -1324,49 +1525,38 @@ optional_policy(`
+@@ -1324,49 +1526,38 @@ optional_policy(`
  # User content local policy
  #
  
@@ -6799,7 +6800,7 @@ index 1a82e29..25fbcc6 100644
  kernel_read_system_state(httpd_passwd_t)
  
  corecmd_exec_bin(httpd_passwd_t)
-@@ -1376,38 +1566,99 @@ dev_read_urand(httpd_passwd_t)
+@@ -1376,38 +1567,99 @@ dev_read_urand(httpd_passwd_t)
  
  domain_use_interactive_fds(httpd_passwd_t)
  
@@ -45033,10 +45034,10 @@ index 0000000..6ad142d
 +')
 diff --git a/mythtv.te b/mythtv.te
 new file mode 100644
-index 0000000..90129ac
+index 0000000..395c2fd
 --- /dev/null
 +++ b/mythtv.te
-@@ -0,0 +1,41 @@
+@@ -0,0 +1,46 @@
 +policy_module(mythtv, 1.0.0)
 +
 +########################################
@@ -45056,6 +45057,9 @@ index 0000000..90129ac
 +#
 +# httpd_mythtv_script local policy
 +#
++#============= httpd_mythtv_script_t ==============
++allow httpd_mythtv_script_t self:process setpgid;
++dev_list_sysfs(httpd_mythtv_script_t)
 +
 +manage_files_pattern(httpd_mythtv_script_t, mythtv_var_lib_t, mythtv_var_lib_t)
 +manage_dirs_pattern(httpd_mythtv_script_t, mythtv_var_lib_t, mythtv_var_lib_t)
@@ -45071,6 +45075,8 @@ index 0000000..90129ac
 +
 +fs_read_nfs_files(httpd_mythtv_script_t)
 +
++auth_read_passwd(httpd_mythtv_script_t)
++
 +miscfiles_read_localization(httpd_mythtv_script_t)
 +
 +optional_policy(`
@@ -57833,7 +57839,7 @@ index ae27bb7..d00f6ba 100644
 +	allow $1 polipo_unit_file_t:service all_service_perms;
  ')
 diff --git a/polipo.te b/polipo.te
-index 316d53a..35d9018 100644
+index 316d53a..6646219 100644
 --- a/polipo.te
 +++ b/polipo.te
 @@ -1,4 +1,4 @@
@@ -57909,7 +57915,7 @@ index 316d53a..35d9018 100644
  
  type polipo_cache_t;
  files_type(polipo_cache_t)
-@@ -56,112 +63,97 @@ files_type(polipo_cache_t)
+@@ -56,112 +63,98 @@ files_type(polipo_cache_t)
  type polipo_log_t;
  logging_log_file(polipo_log_t)
  
@@ -57962,6 +57968,7 @@ index 316d53a..35d9018 100644
 +corenet_tcp_bind_http_cache_port(polipo_daemon)
 +corenet_sendrecv_http_cache_server_packets(polipo_daemon)
 +corenet_tcp_connect_http_port(polipo_daemon)
++corenet_tcp_connect_http_cache_port(polipo_daemon)
 +corenet_tcp_connect_tor_port(polipo_daemon)
 +corenet_tcp_connect_flash_port(polipo_daemon)
  
@@ -81297,10 +81304,18 @@ index 1aeef8a..d5ce40a 100644
  	admin_pattern($1, shorewall_etc_t)
  
 diff --git a/shorewall.te b/shorewall.te
-index ca03de6..c3b5559 100644
+index ca03de6..e0ebb61 100644
 --- a/shorewall.te
 +++ b/shorewall.te
-@@ -44,9 +44,7 @@ manage_files_pattern(shorewall_t, shorewall_lock_t, shorewall_lock_t)
+@@ -34,6 +34,7 @@ logging_log_file(shorewall_log_t)
+ 
+ allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_admin };
+ dontaudit shorewall_t self:capability sys_tty_config;
++allow shorewall_t self:process signal_perms;
+ allow shorewall_t self:fifo_file rw_fifo_file_perms;
+ allow shorewall_t self:netlink_socket create_socket_perms;
+ 
+@@ -44,9 +45,7 @@ manage_files_pattern(shorewall_t, shorewall_lock_t, shorewall_lock_t)
  files_lock_filetrans(shorewall_t, shorewall_lock_t, file)
  
  manage_dirs_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
@@ -81311,7 +81326,7 @@ index ca03de6..c3b5559 100644
  logging_log_filetrans(shorewall_t, shorewall_log_t, { file dir })
  
  manage_dirs_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t)
-@@ -57,6 +55,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
+@@ -57,6 +56,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
  manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
  manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
  files_var_lib_filetrans(shorewall_t, shorewall_var_lib_t, { dir file })
@@ -81321,7 +81336,7 @@ index ca03de6..c3b5559 100644
  
  allow shorewall_t shorewall_initrc_exec_t:file read_file_perms;
  
-@@ -74,7 +75,6 @@ dev_read_urand(shorewall_t)
+@@ -74,7 +76,6 @@ dev_read_urand(shorewall_t)
  domain_read_all_domains_state(shorewall_t)
  
  files_getattr_kernel_modules(shorewall_t)
@@ -81329,7 +81344,7 @@ index ca03de6..c3b5559 100644
  files_search_kernel_modules(shorewall_t)
  
  fs_getattr_all_fs(shorewall_t)
-@@ -86,12 +86,11 @@ init_rw_utmp(shorewall_t)
+@@ -86,12 +87,11 @@ init_rw_utmp(shorewall_t)
  logging_read_generic_logs(shorewall_t)
  logging_send_syslog_msg(shorewall_t)
  
@@ -88900,7 +88915,7 @@ index 61c2e07..5e1df41 100644
 +	')
  ')
 diff --git a/tor.te b/tor.te
-index 964a395..78962c4 100644
+index 964a395..ea77295 100644
 --- a/tor.te
 +++ b/tor.te
 @@ -13,6 +13,13 @@ policy_module(tor, 1.8.4)
@@ -88935,7 +88950,15 @@ index 964a395..78962c4 100644
  corenet_sendrecv_dns_server_packets(tor_t)
  corenet_udp_bind_dns_port(tor_t)
  corenet_udp_sendrecv_dns_port(tor_t)
-@@ -98,19 +107,22 @@ dev_read_urand(tor_t)
+@@ -85,6 +94,7 @@ corenet_udp_sendrecv_dns_port(tor_t)
+ corenet_sendrecv_tor_server_packets(tor_t)
+ corenet_tcp_bind_tor_port(tor_t)
+ corenet_tcp_sendrecv_tor_port(tor_t)
++corenet_tcp_bind_hplip_port(tor_t)
+ 
+ corenet_sendrecv_all_client_packets(tor_t)
+ corenet_tcp_connect_all_ports(tor_t)
+@@ -98,19 +108,22 @@ dev_read_urand(tor_t)
  domain_use_interactive_fds(tor_t)
  
  files_read_etc_runtime_files(tor_t)
@@ -96961,6 +96984,18 @@ index d837e88..910aeec 100644
  userdom_use_unpriv_users_fds(yam_t)
  userdom_search_user_home_dirs(yam_t)
  
+diff --git a/zabbix.fc b/zabbix.fc
+index ce10cb1..c8f60fc 100644
+--- a/zabbix.fc
++++ b/zabbix.fc
+@@ -10,6 +10,7 @@
+ /usr/sbin/zabbix_server_pgsql	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
+ /usr/sbin/zabbix_server_sqlite3	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
+ 
++/var/lib/zabbixsrv(/.*)?	gen_context(system_u:object_r:zabbix_var_lib_t,s0)
+ /var/log/zabbix(/.*)?	gen_context(system_u:object_r:zabbix_log_t,s0)
+ 
+ /var/run/zabbix(/.*)?	gen_context(system_u:object_r:zabbix_var_run_t,s0)
 diff --git a/zabbix.if b/zabbix.if
 index dd63de0..38ce620 100644
 --- a/zabbix.if
@@ -97124,7 +97159,7 @@ index dd63de0..38ce620 100644
 -	admin_pattern($1, zabbix_tmpfs_t)
  ')
 diff --git a/zabbix.te b/zabbix.te
-index 46e4cd3..dea93eb 100644
+index 46e4cd3..8f76086 100644
 --- a/zabbix.te
 +++ b/zabbix.te
 @@ -6,7 +6,7 @@ policy_module(zabbix, 1.5.3)
@@ -97136,7 +97171,17 @@ index 46e4cd3..dea93eb 100644
  ##	Determine whether zabbix can
  ##	connect to all TCP ports
  ##	</p>
-@@ -52,11 +52,10 @@ allow zabbix_t self:sem create_sem_perms;
+@@ -27,6 +27,9 @@ init_daemon_domain(zabbix_agent_t, zabbix_agent_exec_t)
+ type zabbix_agent_initrc_exec_t;
+ init_script_file(zabbix_agent_initrc_exec_t)
+ 
++type zabbix_var_lib_t;
++files_type(zabbix_var_lib_t)
++
+ type zabbix_log_t;
+ logging_log_file(zabbix_log_t)
+ 
+@@ -52,11 +55,15 @@ allow zabbix_t self:sem create_sem_perms;
  allow zabbix_t self:shm create_shm_perms;
  allow zabbix_t self:tcp_socket create_stream_socket_perms;
  
@@ -97145,6 +97190,11 @@ index 46e4cd3..dea93eb 100644
 -create_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
 -setattr_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
 -logging_log_filetrans(zabbix_t, zabbix_log_t, file)
++manage_dirs_pattern(zabbix_t, zabbix_var_lib_t, zabbix_var_lib_t)
++manage_files_pattern(zabbix_t, zabbix_var_lib_t, zabbix_var_lib_t)
++manage_lnk_files_pattern(zabbix_t, zabbix_var_lib_t, zabbix_var_lib_t)
++files_var_lib_filetrans(zabbix_t, zabbix_var_lib_t, dir, "zabbixsrv")
++
 +manage_dirs_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
 +manage_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
 +manage_lnk_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
@@ -97152,7 +97202,15 @@ index 46e4cd3..dea93eb 100644
  
  manage_dirs_pattern(zabbix_t, zabbix_tmp_t, zabbix_tmp_t)
  manage_files_pattern(zabbix_t, zabbix_tmp_t, zabbix_tmp_t)
-@@ -95,12 +94,8 @@ corecmd_exec_shell(zabbix_t)
+@@ -85,6 +92,7 @@ corenet_tcp_sendrecv_ftp_port(zabbix_t)
+ corenet_sendrecv_http_client_packets(zabbix_t)
+ corenet_tcp_connect_http_port(zabbix_t)
+ corenet_tcp_sendrecv_http_port(zabbix_t)
++corenet_tcp_connect_smtp_port(zabbix_t)
+ 
+ corenet_sendrecv_zabbix_server_packets(zabbix_t)
+ corenet_tcp_bind_zabbix_port(zabbix_t)
+@@ -95,12 +103,8 @@ corecmd_exec_shell(zabbix_t)
  
  dev_read_urand(zabbix_t)
  
@@ -97165,7 +97223,7 @@ index 46e4cd3..dea93eb 100644
  zabbix_agent_tcp_connect(zabbix_t)
  
  tunable_policy(`zabbix_can_network',`
-@@ -110,12 +105,11 @@ tunable_policy(`zabbix_can_network',`
+@@ -110,12 +114,11 @@ tunable_policy(`zabbix_can_network',`
  ')
  
  optional_policy(`
@@ -97180,7 +97238,7 @@ index 46e4cd3..dea93eb 100644
  ')
  
  optional_policy(`
-@@ -125,6 +119,7 @@ optional_policy(`
+@@ -125,6 +128,7 @@ optional_policy(`
  
  optional_policy(`
  	snmp_read_snmp_var_lib_files(zabbix_t)
@@ -97188,7 +97246,7 @@ index 46e4cd3..dea93eb 100644
  ')
  
  ########################################
-@@ -133,17 +128,14 @@ optional_policy(`
+@@ -133,17 +137,14 @@ optional_policy(`
  #
  
  allow zabbix_agent_t self:capability { setuid setgid };
@@ -97208,7 +97266,7 @@ index 46e4cd3..dea93eb 100644
  
  rw_files_pattern(zabbix_agent_t, zabbix_tmpfs_t, zabbix_tmpfs_t)
  fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
-@@ -154,6 +146,8 @@ files_pid_filetrans(zabbix_agent_t, zabbix_var_run_t, file)
+@@ -154,6 +155,8 @@ files_pid_filetrans(zabbix_agent_t, zabbix_var_run_t, file)
  kernel_read_all_sysctls(zabbix_agent_t)
  kernel_read_system_state(zabbix_agent_t)
  
@@ -97217,7 +97275,7 @@ index 46e4cd3..dea93eb 100644
  corecmd_read_all_executables(zabbix_agent_t)
  
  corenet_all_recvfrom_unlabeled(zabbix_agent_t)
-@@ -182,7 +176,6 @@ domain_search_all_domains_state(zabbix_agent_t)
+@@ -182,7 +185,6 @@ domain_search_all_domains_state(zabbix_agent_t)
  files_getattr_all_dirs(zabbix_agent_t)
  files_getattr_all_files(zabbix_agent_t)
  files_read_all_symlinks(zabbix_agent_t)
@@ -97225,7 +97283,7 @@ index 46e4cd3..dea93eb 100644
  
  fs_getattr_all_fs(zabbix_agent_t)
  
-@@ -190,8 +183,11 @@ init_read_utmp(zabbix_agent_t)
+@@ -190,8 +192,11 @@ init_read_utmp(zabbix_agent_t)
  
  logging_search_logs(zabbix_agent_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b25825c..8cdb099 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 74.16%{?dist}
+Release: 74.17%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -539,6 +539,17 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Fri Jan 10 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.17
+- Allow polipo to connect to http_cache_ports
+- Add new access for mythtv
+- Allow tor to bind to hplip port
+- Allow showall_t to send itself signals
+- Add  zabbix_var_lib_t for /var/lib/zabbixsrv, also allow zabix to connect to smtp port
+- Fixed filetrans in zabbix policy
+- Allow httpd to read ldap certs
+- passwd to create gnome-keyring passwd socket
+- Allow sytemd_tmpfiles_t to delete all directories
+
 * Fri Dec 20 2013 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.16
 - Allow amanda to do backups over UDP
 - Add log support for sensord