diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index 67411f3..f921776 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -22051,7 +22051,7 @@ index 5fc0391..3b3225a 100644
 +	xserver_rw_xdm_pipes(ssh_agent_type)
 +')
 diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
-index d1f64a0..3fe692c 100644
+index d1f64a0..8773437 100644
 --- a/policy/modules/services/xserver.fc
 +++ b/policy/modules/services/xserver.fc
 @@ -2,13 +2,35 @@
@@ -22113,7 +22113,7 @@ index d1f64a0..3fe692c 100644
  /etc/X11/[wx]dm/Xreset.* --	gen_context(system_u:object_r:xsession_exec_t,s0)
  /etc/X11/[wxg]dm/Xsession --	gen_context(system_u:object_r:xsession_exec_t,s0)
  /etc/X11/wdm(/.*)?		gen_context(system_u:object_r:xdm_rw_etc_t,s0)
-@@ -46,26 +76,32 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
+@@ -46,26 +76,33 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
  # /tmp
  #
  
@@ -22142,6 +22142,7 @@ index d1f64a0..3fe692c 100644
 +/usr/s?bin/lxdm(-binary)? --	gen_context(system_u:object_r:xdm_exec_t,s0)
 +/usr/s?bin/[mxgkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
 +
++/usr/bin/sddm-greeter	--	gen_context(system_u:object_r:xdm_exec_t,s0)
  /usr/bin/gpe-dm		--	gen_context(system_u:object_r:xdm_exec_t,s0)
  /usr/bin/iceauth	--	gen_context(system_u:object_r:iceauth_exec_t,s0)
 +/usr/bin/razor-lightdm-.*    --  gen_context(system_u:object_r:xdm_exec_t,s0)
@@ -22155,7 +22156,7 @@ index d1f64a0..3fe692c 100644
  
  /usr/lib/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
  
-@@ -92,25 +128,49 @@ ifndef(`distro_debian',`
+@@ -92,25 +129,49 @@ ifndef(`distro_debian',`
  
  /var/lib/gdm(3)?(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)
  /var/lib/lxdm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)
@@ -23823,7 +23824,7 @@ index 6bf0ecc..115c533 100644
 +	dontaudit $1 xserver_log_t:dir search_dir_perms;
 +')
 diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 2696452..40660b1 100644
+index 2696452..a2c6981 100644
 --- a/policy/modules/services/xserver.te
 +++ b/policy/modules/services/xserver.te
 @@ -26,28 +26,59 @@ gen_require(`
@@ -24181,7 +24182,7 @@ index 2696452..40660b1 100644
  
 -allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
 -allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
-+allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service sys_ptrace };
++allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service net_admin sys_ptrace };
 +allow xdm_t self:capability2 { block_suspend };
 +dontaudit xdm_t self:capability sys_admin;
 +tunable_policy(`deny_ptrace',`',`
@@ -27278,6 +27279,18 @@ index 9dfecf7..6d00f5c 100644
  /bin/hostname		--	gen_context(system_u:object_r:hostname_exec_t,s0)
 +
 +/usr/bin/hostname	--	gen_context(system_u:object_r:hostname_exec_t,s0)
+diff --git a/policy/modules/system/hostname.if b/policy/modules/system/hostname.if
+index 187f04f..cf0af09 100644
+--- a/policy/modules/system/hostname.if
++++ b/policy/modules/system/hostname.if
+@@ -53,7 +53,6 @@ interface(`hostname_run',`
+ ##	Domain allowed access.
+ ## 	</summary>
+ ## </param>
+-## <rolecap/>
+ #
+ interface(`hostname_exec',`
+ 	gen_require(`
 diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
 index f6cbda9..51e9aef 100644
 --- a/policy/modules/system/hostname.te
@@ -27479,7 +27492,7 @@ index 9a4d3a7..9d960bb 100644
  ')
 +/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 24e7804..e28a0ca 100644
+index 24e7804..50a981b 100644
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
 @@ -1,5 +1,21 @@
@@ -27862,7 +27875,7 @@ index 24e7804..e28a0ca 100644
 +        type init_t;
 +    ')
 +
-+    dontaudit $1 init_t:unix_stream_socket { getattr read write };
++    dontaudit $1 init_t:unix_stream_socket { getattr read write ioctl };
  ')
  
  ########################################
@@ -28913,7 +28926,7 @@ index 24e7804..e28a0ca 100644
 +	files_etc_filetrans($1, machineid_t, file, "machine-id" )
 +')
 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index dd3be8d..381903f 100644
+index dd3be8d..28c790f 100644
 --- a/policy/modules/system/init.te
 +++ b/policy/modules/system/init.te
 @@ -11,10 +11,31 @@ gen_require(`
@@ -29052,7 +29065,7 @@ index dd3be8d..381903f 100644
 +manage_files_pattern(init_t, init_tmp_t, init_tmp_t)
 +manage_dirs_pattern(init_t, init_tmp_t, init_tmp_t)
 +manage_lnk_files_pattern(init_t, init_tmp_t, init_tmp_t)
-+files_tmp_filetrans(init_t, init_tmp_t, { file dir })
++files_tmp_filetrans(init_t, init_tmp_t, { file })
 +
 +manage_dirs_pattern(init_t, init_var_lib_t, init_var_lib_t)
 +manage_files_pattern(init_t, init_var_lib_t, init_var_lib_t)
@@ -37412,10 +37425,10 @@ index 0000000..e9f1096
 +/var/run/initramfs(/.*)?	<<none>>
 diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
 new file mode 100644
-index 0000000..1d9bdfd
+index 0000000..8bca1d7
 --- /dev/null
 +++ b/policy/modules/system/systemd.if
-@@ -0,0 +1,1419 @@
+@@ -0,0 +1,1440 @@
 +## <summary>SELinux policy for systemd components</summary>
 +
 +######################################
@@ -38362,6 +38375,27 @@ index 0000000..1d9bdfd
 +	allow $1 hostname_etc_t:file read_file_perms;
 +')
 +
++########################################
++## <summary>
++##	Allow process to manage hostname config file.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`systemd_hostnamed_manage_config',`
++	gen_require(`
++		type hostname_etc_t;
++	')
++
++	files_search_etc($1)
++	allow $1 hostname_etc_t:file manage_file_perms;
++    files_etc_filetrans($1, hostname_etc_t, file, "hostname")
++')
++
 +#######################################
 +## <summary>
 +##  Create objects in /run/systemd/generator directory
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 7461ae5..57f52be 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -14409,10 +14409,10 @@ index 5b830ec..0647a3b 100644
 +	ps_process_pattern($1, consolekit_t)
 +')
 diff --git a/consolekit.te b/consolekit.te
-index 5f0c793..62ae9b2 100644
+index 5f0c793..580dff0 100644
 --- a/consolekit.te
 +++ b/consolekit.te
-@@ -19,12 +19,16 @@ type consolekit_var_run_t;
+@@ -19,21 +19,23 @@ type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
  init_daemon_run_dir(consolekit_var_run_t, "ConsoleKit")
  
@@ -14429,16 +14429,19 @@ index 5f0c793..62ae9b2 100644
  allow consolekit_t self:process { getsched signal };
  allow consolekit_t self:fifo_file rw_fifo_file_perms;
  allow consolekit_t self:unix_stream_socket { accept listen };
-@@ -33,7 +37,7 @@ create_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
- append_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
- read_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
- setattr_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
+ 
+-create_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
+-append_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
+-read_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
+-setattr_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
 -logging_log_filetrans(consolekit_t, consolekit_log_t, file)
++manage_dirs_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
++manage_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
 +logging_log_filetrans(consolekit_t, consolekit_log_t, { dir file })
  
  manage_dirs_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
  manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
-@@ -54,37 +58,36 @@ dev_read_sysfs(consolekit_t)
+@@ -54,37 +56,36 @@ dev_read_sysfs(consolekit_t)
  
  domain_read_all_domains_state(consolekit_t)
  domain_use_interactive_fds(consolekit_t)
@@ -14485,7 +14488,7 @@ index 5f0c793..62ae9b2 100644
  ')
  
  ifdef(`distro_debian',`
-@@ -112,13 +115,6 @@ optional_policy(`
+@@ -112,13 +113,6 @@ optional_policy(`
  	')
  ')
  
@@ -14715,7 +14718,7 @@ index c086302..4f33119 100644
  
  /etc/rc\.d/init\.d/couchdb	--	gen_context(system_u:object_r:couchdb_initrc_exec_t,s0)
 diff --git a/couchdb.if b/couchdb.if
-index 83d6744..36d5a7d 100644
+index 83d6744..3f0c0dc 100644
 --- a/couchdb.if
 +++ b/couchdb.if
 @@ -2,6 +2,44 @@
@@ -14763,7 +14766,7 @@ index 83d6744..36d5a7d 100644
  ##	All of the rules required to
  ##	administrate an couchdb environment.
  ## </summary>
-@@ -10,6 +48,149 @@
+@@ -10,6 +48,151 @@
  ##	Domain allowed access.
  ##	</summary>
  ## </param>
@@ -14868,11 +14871,13 @@ index 83d6744..36d5a7d 100644
 +                type couchdb_var_run_t;
 +                type couchdb_log_t;
 +                type couchdb_var_lib_t;
++                type couchdb_conf_t;
 +        ')
 +
 +    manage_files_pattern($1, couchdb_log_t, couchdb_log_t)
 +    manage_files_pattern($1, couchdb_var_lib_t, couchdb_var_lib_t)
 +    manage_files_pattern($1, couchdb_var_run_t, couchdb_var_run_t)
++    manage_files_pattern($1, couchdb_conf_t, couchdb_conf_t)
 +')
 +
 +########################################
@@ -14913,7 +14918,7 @@ index 83d6744..36d5a7d 100644
  ## <param name="role">
  ##	<summary>
  ##	Role allowed access.
-@@ -19,14 +200,19 @@
+@@ -19,14 +202,19 @@
  #
  interface(`couchdb_admin',`
  	gen_require(`
@@ -14934,7 +14939,7 @@ index 83d6744..36d5a7d 100644
  	init_labeled_script_domtrans($1, couchdb_initrc_exec_t)
  	domain_system_change_exemption($1)
  	role_transition $2 couchdb_initrc_exec_t system_r;
-@@ -46,4 +232,13 @@ interface(`couchdb_admin',`
+@@ -46,4 +234,13 @@ interface(`couchdb_admin',`
  
  	files_search_pids($1)
  	admin_pattern($1, couchdb_var_run_t)
@@ -30944,7 +30949,7 @@ index 180f1b7..951b790 100644
 +	userdom_user_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg")
 +')
 diff --git a/gpg.te b/gpg.te
-index 44cf341..52ce110 100644
+index 44cf341..4af1ba0 100644
 --- a/gpg.te
 +++ b/gpg.te
 @@ -1,47 +1,47 @@
@@ -31068,7 +31073,7 @@ index 44cf341..52ce110 100644
 +allow gpgdomain self:process { getsched setsched };
 +#at setrlimit is for ulimit -c 0
 +allow gpgdomain self:process { signal signull setrlimit getcap setcap setpgid };
-+dontaudit gpgdomain self:netlink_audit_socket r_netlink_socket_perms;
++dontaudit gpgdomain self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
 +
 +allow gpgdomain self:fifo_file rw_fifo_file_perms;
 +allow gpgdomain self:tcp_socket create_stream_socket_perms;
@@ -32691,10 +32696,10 @@ index 0000000..deb738f
 +
 diff --git a/ipa.te b/ipa.te
 new file mode 100644
-index 0000000..589066e
+index 0000000..0fd2678
 --- /dev/null
 +++ b/ipa.te
-@@ -0,0 +1,38 @@
+@@ -0,0 +1,40 @@
 +policy_module(ipa, 1.0.0)
 +
 +########################################
@@ -32716,6 +32721,8 @@ index 0000000..589066e
 +# ipa_otpd local policy
 +#
 +
++allow ipa_otpd_t self:capability2 block_suspend;
++
 +allow ipa_otpd_t self:fifo_file rw_fifo_file_perms;
 +allow ipa_otpd_t self:unix_stream_socket create_stream_socket_perms;
 +
@@ -38681,7 +38688,7 @@ index 7bab8e5..f8c5464 100644
  logging_read_all_logs(logrotate_mail_t)
 +manage_files_pattern(logrotate_mail_t, logrotate_tmp_t, logrotate_tmp_t)
 diff --git a/logwatch.te b/logwatch.te
-index 4256a4c..81fec37 100644
+index 4256a4c..7569cd9 100644
 --- a/logwatch.te
 +++ b/logwatch.te
 @@ -5,9 +5,17 @@ policy_module(logwatch, 1.11.6)
@@ -38768,7 +38775,7 @@ index 4256a4c..81fec37 100644
  ########################################
  #
  # Mail local policy
-@@ -164,6 +186,12 @@ dev_read_sysfs(logwatch_mail_t)
+@@ -164,6 +186,17 @@ dev_read_sysfs(logwatch_mail_t)
  
  logging_read_all_logs(logwatch_mail_t)
  
@@ -38781,6 +38788,11 @@ index 4256a4c..81fec37 100644
 +optional_policy(`
 +	courier_stream_connect_authdaemon(logwatch_mail_t)
 +')
++
++optional_policy(`
++	qmail_domtrans_inject(logwatch_mail_t)
++	qmail_domtrans_queue(logwatch_mail_t)
++')
 diff --git a/lpd.fc b/lpd.fc
 index 2fb9b2e..08974e3 100644
 --- a/lpd.fc
@@ -39242,16 +39254,23 @@ index 0000000..da30c5d
 +')
 diff --git a/lsm.te b/lsm.te
 new file mode 100644
-index 0000000..5a9d09d
+index 0000000..7e8fde0
 --- /dev/null
 +++ b/lsm.te
-@@ -0,0 +1,72 @@
+@@ -0,0 +1,90 @@
 +policy_module(lsm, 1.0.0)
 +
 +########################################
 +#
 +# Declarations
 +#
++## <desc>
++##	<p>
++##	Determine whether lsmd_plugin can
++##	connect to all TCP ports.
++##	</p>
++## </desc>
++gen_tunable(lsmd_plugin_connect_any, false)
 +
 +type lsmd_t;
 +type lsmd_exec_t;
@@ -39295,6 +39314,7 @@ index 0000000..5a9d09d
 +#
 +
 +allow lsmd_plugin_t self:udp_socket create_socket_perms;
++allow lsmd_plugin_t self:tcp_socket create_stream_socket_perms;
 +
 +domtrans_pattern(lsmd_t, lsmd_plugin_exec_t, lsmd_plugin_t)
 +allow lsmd_plugin_t lsmd_t:unix_stream_socket { read write };
@@ -39306,12 +39326,22 @@ index 0000000..5a9d09d
 +manage_dirs_pattern(lsmd_plugin_t, lsmd_plugin_tmp_t, lsmd_plugin_tmp_t)
 +files_tmp_filetrans(lsmd_plugin_t, lsmd_plugin_tmp_t, { file dir })
 +
++tunable_policy(`lsmd_plugin_connect_any',`
++	corenet_tcp_connect_all_ports(lsmd_plugin_t)
++	corenet_sendrecv_all_packets(lsmd_plugin_t)
++	corenet_tcp_sendrecv_all_ports(lsmd_plugin_t)
++')
++
 +kernel_read_system_state(lsmd_plugin_t)
 +
 +dev_read_urand(lsmd_plugin_t)
 +
 +corecmd_exec_bin(lsmd_plugin_t)
 +
++corenet_tcp_connect_http_port(lsmd_plugin_t)
++corenet_tcp_connect_http_cache_port(lsmd_plugin_t)
++corenet_tcp_connect_ssh_port(lsmd_plugin_t)
++
 +init_stream_connect(lsmd_plugin_t)
 +init_dontaudit_rw_stream_socket(lsmd_plugin_t)
 +
@@ -43699,7 +43729,7 @@ index 6194b80..03c6414 100644
  ')
 +
 diff --git a/mozilla.te b/mozilla.te
-index 6a306ee..055286f 100644
+index 6a306ee..405e285 100644
 --- a/mozilla.te
 +++ b/mozilla.te
 @@ -1,4 +1,4 @@
@@ -44145,7 +44175,7 @@ index 6a306ee..055286f 100644
  ')
  
  optional_policy(`
-@@ -300,259 +326,241 @@ optional_policy(`
+@@ -300,259 +326,243 @@ optional_policy(`
  
  ########################################
  #
@@ -44159,7 +44189,7 @@ index 6a306ee..055286f 100644
 +dontaudit mozilla_plugin_t self:capability { sys_admin ipc_lock sys_nice sys_tty_config };
 +dontaudit mozilla_plugin_t self:capability2 block_suspend;
 +
-+allow mozilla_plugin_t self:process { setpgid getsched setsched signal_perms execmem execstack setrlimit transition };
++allow mozilla_plugin_t self:process { setcap setpgid getsched setsched signal_perms execmem execstack setrlimit transition };
 +allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms;
 +allow mozilla_plugin_t self:netlink_socket create_socket_perms;
 +allow mozilla_plugin_t self:tcp_socket create_stream_socket_perms;
@@ -44244,6 +44274,8 @@ index 6a306ee..055286f 100644
  kernel_request_load_module(mozilla_plugin_t)
  kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
 +files_dontaudit_read_root_files(mozilla_plugin_t)
++kernel_dontaudit_list_all_proc(mozilla_plugin_t)
++kernel_dontaudit_list_all_sysctls(mozilla_plugin_t)
  
  corecmd_exec_bin(mozilla_plugin_t)
  corecmd_exec_shell(mozilla_plugin_t)
@@ -44536,7 +44568,7 @@ index 6a306ee..055286f 100644
  ')
  
  optional_policy(`
-@@ -560,7 +568,11 @@ optional_policy(`
+@@ -560,7 +570,11 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -44549,7 +44581,7 @@ index 6a306ee..055286f 100644
  ')
  
  optional_policy(`
-@@ -568,108 +580,131 @@ optional_policy(`
+@@ -568,108 +582,131 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -48076,7 +48108,7 @@ index 687af38..404ed6d 100644
 +	mysql_stream_connect($1)
  ')
 diff --git a/mysql.te b/mysql.te
-index 9f6179e..c75403e 100644
+index 9f6179e..699587e 100644
 --- a/mysql.te
 +++ b/mysql.te
 @@ -1,4 +1,4 @@
@@ -48249,7 +48281,7 @@ index 9f6179e..c75403e 100644
  	seutil_sigchld_newrole(mysqld_t)
  ')
  
-@@ -153,29 +160,24 @@ optional_policy(`
+@@ -153,29 +160,25 @@ optional_policy(`
  
  #######################################
  #
@@ -48259,6 +48291,7 @@ index 9f6179e..c75403e 100644
  
 -allow mysqld_safe_t self:capability { chown dac_override fowner kill };
 +allow mysqld_safe_t self:capability { chown dac_override fowner kill sys_nice sys_resource };
++dontaudit mysqld_safe_t self:capability sys_ptrace;
  allow mysqld_safe_t self:process { setsched getsched setrlimit };
  allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
  
@@ -48287,7 +48320,7 @@ index 9f6179e..c75403e 100644
  
  kernel_read_system_state(mysqld_safe_t)
  kernel_read_kernel_sysctls(mysqld_safe_t)
-@@ -183,21 +185,29 @@ kernel_read_kernel_sysctls(mysqld_safe_t)
+@@ -183,21 +186,29 @@ kernel_read_kernel_sysctls(mysqld_safe_t)
  corecmd_exec_bin(mysqld_safe_t)
  corecmd_exec_shell(mysqld_safe_t)
  
@@ -48323,7 +48356,7 @@ index 9f6179e..c75403e 100644
  
  optional_policy(`
  	hostname_exec(mysqld_safe_t)
-@@ -205,7 +215,7 @@ optional_policy(`
+@@ -205,7 +216,7 @@ optional_policy(`
  
  ########################################
  #
@@ -48332,7 +48365,7 @@ index 9f6179e..c75403e 100644
  #
  
  allow mysqlmanagerd_t self:capability { dac_override kill };
-@@ -214,11 +224,12 @@ allow mysqlmanagerd_t self:fifo_file rw_fifo_file_perms;
+@@ -214,11 +225,12 @@ allow mysqlmanagerd_t self:fifo_file rw_fifo_file_perms;
  allow mysqlmanagerd_t self:tcp_socket create_stream_socket_perms;
  allow mysqlmanagerd_t self:unix_stream_socket create_stream_socket_perms;
  
@@ -48350,7 +48383,7 @@ index 9f6179e..c75403e 100644
  
  domtrans_pattern(mysqlmanagerd_t, mysqld_exec_t, mysqld_t)
  
-@@ -226,31 +237,20 @@ manage_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t)
+@@ -226,31 +238,20 @@ manage_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t)
  manage_sock_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t)
  filetrans_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t, { file sock_file })
  
@@ -50027,7 +50060,7 @@ index 0e8508c..647712a 100644
 +	logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
  ')
 diff --git a/networkmanager.te b/networkmanager.te
-index 0b48a30..a732e30 100644
+index 0b48a30..f031bc6 100644
 --- a/networkmanager.te
 +++ b/networkmanager.te
 @@ -1,4 +1,4 @@
@@ -50395,7 +50428,7 @@ index 0b48a30..a732e30 100644
 +	systemd_write_inhibit_pipes(NetworkManager_t)
 +	systemd_read_logind_sessions_files(NetworkManager_t)
 +	systemd_dbus_chat_logind(NetworkManager_t)
-+	systemd_hostnamed_read_config(NetworkManager_t)
++    systemd_hostnamed_manage_config(NetworkManager_t)
 +')
 +
 +optional_policy(`
@@ -58853,10 +58886,10 @@ index 0000000..ba24b40
 +
 diff --git a/pcp.te b/pcp.te
 new file mode 100644
-index 0000000..d21c5d7
+index 0000000..3bd4aa3
 --- /dev/null
 +++ b/pcp.te
-@@ -0,0 +1,192 @@
+@@ -0,0 +1,196 @@
 +policy_module(pcp, 1.0.0)
 +
 +########################################
@@ -58963,6 +58996,7 @@ index 0000000..d21c5d7
 +fs_getattr_all_fs(pcp_pmcd_t)
 +fs_getattr_all_dirs(pcp_pmcd_t)
 +fs_list_cgroup_dirs(pcp_pmcd_t)
++fs_read_cgroup_files(pcp_pmcd_t)
 +
 +logging_send_syslog_msg(pcp_pmcd_t)
 +
@@ -59031,11 +59065,14 @@ index 0000000..d21c5d7
 +#
 +
 +allow pcp_pmie_t self:netlink_route_socket { create_socket_perms nlmsg_read };
++allow pcp_pmie_t self:unix_dgram_socket { create_socket_perms sendto };
 +
 +allow pcp_pmie_t pcp_pmcd_t:unix_stream_socket connectto;
 +
 +corenet_tcp_connect_all_ephemeral_ports(pcp_pmie_t)
 +
++logging_send_syslog_msg(pcp_pmie_t)
++
 +########################################
 +#
 +# pcp_pmlogger local  policy
@@ -60819,10 +60856,10 @@ index 0000000..848ddc9
 +')
 diff --git a/pkcsslotd.te b/pkcsslotd.te
 new file mode 100644
-index 0000000..2ce92e0
+index 0000000..a82ca85
 --- /dev/null
 +++ b/pkcsslotd.te
-@@ -0,0 +1,67 @@
+@@ -0,0 +1,69 @@
 +policy_module(pkcsslotd, 1.0.0)
 +
 +########################################
@@ -60890,6 +60927,8 @@ index 0000000..2ce92e0
 +auth_read_passwd(pkcsslotd_t)
 +
 +logging_send_syslog_msg(pkcsslotd_t)
++
++userdom_read_all_users_state(pkcsslotd_t)
 diff --git a/pki.fc b/pki.fc
 new file mode 100644
 index 0000000..726d992
@@ -72601,7 +72640,7 @@ index 2c3d338..cf3e5ad 100644
  
  ########################################
 diff --git a/rabbitmq.te b/rabbitmq.te
-index 3698b51..b475e72 100644
+index 3698b51..5240406 100644
 --- a/rabbitmq.te
 +++ b/rabbitmq.te
 @@ -19,6 +19,9 @@ init_script_file(rabbitmq_initrc_exec_t)
@@ -72623,7 +72662,7 @@ index 3698b51..b475e72 100644
  allow rabbitmq_beam_t self:process { setsched signal signull };
  allow rabbitmq_beam_t self:fifo_file rw_fifo_file_perms;
  allow rabbitmq_beam_t self:tcp_socket { accept listen };
-@@ -38,50 +43,88 @@ manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
+@@ -38,50 +43,84 @@ manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
  manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
  
  manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
@@ -72661,35 +72700,35 @@ index 3698b51..b475e72 100644
 +corenet_tcp_connect_all_ephemeral_ports(rabbitmq_beam_t)
  
  corenet_sendrecv_amqp_server_packets(rabbitmq_beam_t)
- corenet_tcp_bind_amqp_port(rabbitmq_beam_t)
-+corenet_tcp_connect_amqp_port(rabbitmq_beam_t)
- corenet_tcp_sendrecv_amqp_port(rabbitmq_beam_t)
+-corenet_tcp_bind_amqp_port(rabbitmq_beam_t)
+-corenet_tcp_sendrecv_amqp_port(rabbitmq_beam_t)
  
  corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
++corenet_tcp_sendrecv_amqp_port(rabbitmq_beam_t)
++corenet_tcp_bind_amqp_port(rabbitmq_beam_t)
++corenet_tcp_bind_couchdb_port(rabbitmq_beam_t)
++corenet_tcp_bind_jabber_client_port(rabbitmq_beam_t)
++corenet_tcp_bind_jabber_interserver_port(rabbitmq_beam_t)
++corenet_tcp_connect_amqp_port(rabbitmq_beam_t)
++corenet_tcp_connect_couchdb_port(rabbitmq_beam_t)
  corenet_tcp_connect_epmd_port(rabbitmq_beam_t)
++corenet_tcp_connect_jabber_interserver_port(rabbitmq_beam_t)
  corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t)
  
 -dev_read_sysfs(rabbitmq_beam_t)
-+corenet_tcp_bind_couchdb_port(rabbitmq_beam_t)
-+
-+corenet_tcp_bind_jabber_client_port(rabbitmq_beam_t)
-+corenet_tcp_bind_jabber_interserver_port(rabbitmq_beam_t)
-+
 +domain_read_all_domains_state(rabbitmq_beam_t)
-+
+ 
+-files_read_etc_files(rabbitmq_beam_t)
 +auth_read_passwd(rabbitmq_beam_t)
 +auth_use_pam(rabbitmq_beam_t)
-+
-+files_getattr_all_mountpoints(rabbitmq_beam_t)
  
--files_read_etc_files(rabbitmq_beam_t)
+-miscfiles_read_localization(rabbitmq_beam_t)
++files_getattr_all_mountpoints(rabbitmq_beam_t)
++
 +fs_getattr_all_fs(rabbitmq_beam_t)
 +fs_getattr_all_dirs(rabbitmq_beam_t)
 +fs_getattr_cgroup(rabbitmq_beam_t)
 +fs_search_cgroup_dirs(rabbitmq_beam_t)
- 
--miscfiles_read_localization(rabbitmq_beam_t)
-+corenet_tcp_connect_couchdb_port(rabbitmq_beam_t)
 +
 +dev_read_sysfs(rabbitmq_beam_t)
 +dev_read_urand(rabbitmq_beam_t)
@@ -72702,8 +72741,6 @@ index 3698b51..b475e72 100644
 +
 +optional_policy(`
 +    couchdb_manage_files(rabbitmq_beam_t)
-+    couchdb_manage_lib_files(rabbitmq_beam_t)
-+    couchdb_read_conf_files(rabbitmq_beam_t)
 +')
 +
 +optional_policy(`
@@ -72719,7 +72756,7 @@ index 3698b51..b475e72 100644
  allow rabbitmq_epmd_t self:process signal;
  allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms;
  allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms;
-@@ -89,6 +132,8 @@ allow rabbitmq_epmd_t self:unix_stream_socket { accept listen };
+@@ -89,6 +128,8 @@ allow rabbitmq_epmd_t self:unix_stream_socket { accept listen };
  
  allow rabbitmq_epmd_t rabbitmq_var_log_t:file append_file_perms;
  
@@ -72728,7 +72765,7 @@ index 3698b51..b475e72 100644
  corenet_all_recvfrom_unlabeled(rabbitmq_epmd_t)
  corenet_all_recvfrom_netlabel(rabbitmq_epmd_t)
  corenet_tcp_sendrecv_generic_if(rabbitmq_epmd_t)
-@@ -99,8 +144,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
+@@ -99,8 +140,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
  corenet_tcp_bind_epmd_port(rabbitmq_epmd_t)
  corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t)
  
@@ -74619,10 +74656,10 @@ index 9a8f052..3baa71a 100644
  ')
 diff --git a/redis.fc b/redis.fc
 new file mode 100644
-index 0000000..638d6b4
+index 0000000..741b785
 --- /dev/null
 +++ b/redis.fc
-@@ -0,0 +1,11 @@
+@@ -0,0 +1,12 @@
 +/etc/rc\.d/init\.d/redis	--	gen_context(system_u:object_r:redis_initrc_exec_t,s0)
 +
 +/usr/lib/systemd/system/redis.*		--	gen_context(system_u:object_r:redis_unit_file_t,s0)
@@ -74634,6 +74671,7 @@ index 0000000..638d6b4
 +/var/log/redis(/.*)?		gen_context(system_u:object_r:redis_log_t,s0)
 +
 +/var/run/redis(/.*)?		gen_context(system_u:object_r:redis_var_run_t,s0)
++/var/run/redis\.sock    --  gen_context(system_u:object_r:redis_var_run_t,s0)
 diff --git a/redis.if b/redis.if
 new file mode 100644
 index 0000000..2640ab5
@@ -74908,10 +74946,10 @@ index 0000000..2640ab5
 +')
 diff --git a/redis.te b/redis.te
 new file mode 100644
-index 0000000..e5e9cf7
+index 0000000..51cd1fe
 --- /dev/null
 +++ b/redis.te
-@@ -0,0 +1,62 @@
+@@ -0,0 +1,64 @@
 +policy_module(redis, 1.0.0)
 +
 +########################################
@@ -74959,6 +74997,8 @@ index 0000000..e5e9cf7
 +manage_dirs_pattern(redis_t, redis_var_run_t, redis_var_run_t)
 +manage_files_pattern(redis_t, redis_var_run_t, redis_var_run_t)
 +manage_lnk_files_pattern(redis_t, redis_var_run_t, redis_var_run_t)
++manage_sock_files_pattern(redis_t, redis_var_run_t, redis_var_run_t)
++files_pid_filetrans(redis_t, redis_var_run_t, { sock_file })
 +
 +kernel_read_system_state(redis_t)
 +
@@ -80451,7 +80491,7 @@ index 0628d50..e9dbd7e 100644
 +	allow rpm_script_t $1:process sigchld;
  ')
 diff --git a/rpm.te b/rpm.te
-index 5cbe81c..ce45f0c 100644
+index 5cbe81c..be4fc7f 100644
 --- a/rpm.te
 +++ b/rpm.te
 @@ -1,15 +1,13 @@
@@ -80856,7 +80896,7 @@ index 5cbe81c..ce45f0c 100644
  
  ifdef(`distro_redhat',`
  	optional_policy(`
-@@ -363,41 +385,69 @@ ifdef(`distro_redhat',`
+@@ -363,41 +385,70 @@ ifdef(`distro_redhat',`
  	')
  ')
  
@@ -80894,6 +80934,7 @@ index 5cbe81c..ce45f0c 100644
 -	')
 +    optional_policy(`
 +        systemd_dbus_chat_logind(rpm_script_t)
++        systemd_dbus_chat_timedated(rpm_script_t)
 +    ')
 +')
 +
@@ -80936,7 +80977,7 @@ index 5cbe81c..ce45f0c 100644
  
  	optional_policy(`
  		java_domtrans_unconfined(rpm_script_t)
-@@ -409,6 +459,6 @@ optional_policy(`
+@@ -409,6 +460,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -84233,10 +84274,10 @@ index 0000000..b7db254
 +# Empty
 diff --git a/sandbox.if b/sandbox.if
 new file mode 100644
-index 0000000..8a6ad19
+index 0000000..89bc443
 --- /dev/null
 +++ b/sandbox.if
-@@ -0,0 +1,56 @@
+@@ -0,0 +1,57 @@
 +
 +## <summary>policy for sandbox</summary>
 +
@@ -84267,6 +84308,7 @@ index 0000000..8a6ad19
 +	allow sandbox_domain $1:process { sigchld signull };
 +	allow sandbox_domain $1:fifo_file rw_inherited_fifo_file_perms;
 +	dontaudit sandbox_domain $1:process signal;
++	dontaudit sandbox_domain $1:key { link read search view };
 +	dontaudit sandbox_domain $1:unix_stream_socket rw_socket_perms;
 +')
 +
@@ -84371,10 +84413,10 @@ index 0000000..6caef63
 +/usr/share/sandbox/start --	gen_context(system_u:object_r:sandbox_exec_t,s0)
 diff --git a/sandboxX.if b/sandboxX.if
 new file mode 100644
-index 0000000..e30b346
+index 0000000..3258f45
 --- /dev/null
 +++ b/sandboxX.if
-@@ -0,0 +1,393 @@
+@@ -0,0 +1,394 @@
 +
 +## <summary>policy for sandboxX </summary>
 +
@@ -84416,6 +84458,7 @@ index 0000000..e30b346
 +	dontaudit sandbox_xserver_t $1:file read;
 +	allow sandbox_x_domain sandbox_x_domain:process signal;
 +	# Dontaudit leaked file descriptors
++	dontaudit sandbox_x_domain $1:key { link read search view };
 +	dontaudit sandbox_x_domain $1:fifo_file { read write };
 +	dontaudit sandbox_x_domain $1:tcp_socket rw_socket_perms;
 +	dontaudit sandbox_x_domain $1:udp_socket rw_socket_perms;
@@ -88967,10 +89010,12 @@ index cbfe369..6594af3 100644
  	files_search_var_lib($1)
 diff --git a/snapper.fc b/snapper.fc
 new file mode 100644
-index 0000000..1cb1360
+index 0000000..77ae4f3
 --- /dev/null
 +++ b/snapper.fc
-@@ -0,0 +1,5 @@
+@@ -0,0 +1,7 @@
++HOME_DIR/\.snapshots    -d  gen_context(system_u:object_r:snapperd_home_t,s0)
++
 +/usr/sbin/snapperd		--	gen_context(system_u:object_r:snapperd_exec_t,s0)
 +
 +/etc/snapper(/.*)?          gen_context(system_u:object_r:snapperd_conf_t,s0)
@@ -89026,10 +89071,10 @@ index 0000000..94105ee
 +')
 diff --git a/snapper.te b/snapper.te
 new file mode 100644
-index 0000000..a299f53
+index 0000000..5fad225
 --- /dev/null
 +++ b/snapper.te
-@@ -0,0 +1,66 @@
+@@ -0,0 +1,73 @@
 +policy_module(snapper, 1.0.0)
 +
 +########################################
@@ -89050,6 +89095,9 @@ index 0000000..a299f53
 +type snapperd_data_t;
 +files_type(snapperd_data_t)
 +
++type snapperd_home_t;
++userdom_user_home_content(snapperd_home_t)
++
 +########################################
 +#
 +# snapperd local policy
@@ -89069,6 +89117,10 @@ index 0000000..a299f53
 +manage_dirs_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)
 +manage_lnk_files_pattern(snapperd_t, snapperd_data_t, snapperd_data_t)
 +
++manage_files_pattern(snapperd_t, snapperd_home_t, snapperd_home_t)
++manage_dirs_pattern(snapperd_t, snapperd_home_t, snapperd_home_t)
++manage_lnk_files_pattern(snapperd_t, snapperd_home_t, snapperd_home_t)
++
 +domain_read_all_domains_state(snapperd_t)
 +
 +corecmd_exec_shell(snapperd_t)
@@ -89423,7 +89475,7 @@ index 634c6b4..e1edfd9 100644
  
  ########################################
 diff --git a/sosreport.te b/sosreport.te
-index 703efa3..1a35702 100644
+index 703efa3..08a6332 100644
 --- a/sosreport.te
 +++ b/sosreport.te
 @@ -19,6 +19,9 @@ files_tmp_file(sosreport_tmp_t)
@@ -89485,17 +89537,18 @@ index 703efa3..1a35702 100644
  
  corecmd_exec_all_executables(sosreport_t)
  
-@@ -58,6 +82,9 @@ dev_read_rand(sosreport_t)
+@@ -58,6 +82,10 @@ dev_read_rand(sosreport_t)
  dev_read_urand(sosreport_t)
  dev_read_raw_memory(sosreport_t)
  dev_read_sysfs(sosreport_t)
 +dev_rw_generic_usb_dev(sosreport_t)
++dev_rw_lvm_control(sosreport_t)
 +dev_getattr_all_chr_files(sosreport_t)
 +dev_getattr_all_blk_files(sosreport_t)
  
  domain_getattr_all_domains(sosreport_t)
  domain_read_all_domains_state(sosreport_t)
-@@ -65,12 +92,13 @@ domain_getattr_all_sockets(sosreport_t)
+@@ -65,12 +93,13 @@ domain_getattr_all_sockets(sosreport_t)
  domain_getattr_all_pipes(sosreport_t)
  
  files_getattr_all_sockets(sosreport_t)
@@ -89510,7 +89563,7 @@ index 703efa3..1a35702 100644
  files_read_var_lib_files(sosreport_t)
  files_read_var_symlinks(sosreport_t)
  files_read_kernel_modules(sosreport_t)
-@@ -79,27 +107,45 @@ files_manage_etc_runtime_files(sosreport_t)
+@@ -79,27 +108,49 @@ files_manage_etc_runtime_files(sosreport_t)
  files_etc_filetrans_etc_runtime(sosreport_t, file)
  
  fs_getattr_all_fs(sosreport_t)
@@ -89555,14 +89608,19 @@ index 703efa3..1a35702 100644
 +')
 +
 +optional_policy(`
++    bootloader_exec(sosreport_t)
++')
++
++optional_policy(`
 +	brctl_domtrans(sosreport_t)
  ')
  
  optional_policy(`
-@@ -111,6 +157,15 @@ optional_policy(`
+@@ -111,6 +162,16 @@ optional_policy(`
  ')
  
  optional_policy(`
++    lvm_read_config(sosreport_t)
 +    lvm_dontaudit_access_check_lock(sosreport_t)
 +')
 +
@@ -89575,7 +89633,7 @@ index 703efa3..1a35702 100644
  	fstools_domtrans(sosreport_t)
  ')
  
-@@ -120,6 +175,10 @@ optional_policy(`
+@@ -120,6 +181,10 @@ optional_policy(`
  	optional_policy(`
  		hal_dbus_chat(sosreport_t)
  	')
@@ -89586,7 +89644,7 @@ index 703efa3..1a35702 100644
  ')
  
  optional_policy(`
-@@ -131,13 +190,34 @@ optional_policy(`
+@@ -131,15 +196,40 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -89624,6 +89682,12 @@ index 703efa3..1a35702 100644
  ')
  
  optional_policy(`
+ 	xserver_stream_connect(sosreport_t)
+ ')
++
++optional_policy(`
++    unconfined_domain(sosreport_t)
++')
 diff --git a/soundserver.if b/soundserver.if
 index a5abc5a..b9eff74 100644
 --- a/soundserver.if
@@ -97377,7 +97441,7 @@ index af9acc0..cdaf82e 100644
  	admin_pattern($1, uucpd_log_t)
  
 diff --git a/uucp.te b/uucp.te
-index 380902c..75545d6 100644
+index 380902c..c09534e 100644
 --- a/uucp.te
 +++ b/uucp.te
 @@ -31,7 +31,7 @@ type uucpd_ro_t;
@@ -97389,7 +97453,7 @@ index 380902c..75545d6 100644
  
  type uucpd_log_t;
  logging_log_file(uucpd_log_t)
-@@ -84,15 +84,19 @@ kernel_read_kernel_sysctls(uucpd_t)
+@@ -84,15 +84,20 @@ kernel_read_kernel_sysctls(uucpd_t)
  kernel_read_system_state(uucpd_t)
  kernel_read_network_state(uucpd_t)
  
@@ -97405,12 +97469,13 @@ index 380902c..75545d6 100644
  corenet_tcp_connect_ssh_port(uucpd_t)
  corenet_tcp_sendrecv_ssh_port(uucpd_t)
  
++corenet_tcp_bind_uucpd_port(uucpd_t)
 +corenet_tcp_connect_uucpd_port(uucpd_t)
 +
  corecmd_exec_bin(uucpd_t)
  corecmd_exec_shell(uucpd_t)
  
-@@ -110,7 +114,7 @@ auth_use_nsswitch(uucpd_t)
+@@ -110,7 +115,7 @@ auth_use_nsswitch(uucpd_t)
  
  logging_send_syslog_msg(uucpd_t)
  
@@ -97419,7 +97484,7 @@ index 380902c..75545d6 100644
  
  optional_policy(`
  	cron_system_entry(uucpd_t, uucpd_exec_t)
-@@ -125,10 +129,6 @@ optional_policy(`
+@@ -125,10 +130,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -97430,7 +97495,7 @@ index 380902c..75545d6 100644
  	ssh_exec(uucpd_t)
  ')
  
-@@ -160,10 +160,15 @@ auth_use_nsswitch(uux_t)
+@@ -160,10 +161,15 @@ auth_use_nsswitch(uux_t)
  logging_search_logs(uux_t)
  logging_send_syslog_msg(uux_t)
  
@@ -101953,10 +102018,10 @@ index 0000000..7933d80
 +')
 diff --git a/vmtools.te b/vmtools.te
 new file mode 100644
-index 0000000..b881c53
+index 0000000..ab589a9
 --- /dev/null
 +++ b/vmtools.te
-@@ -0,0 +1,82 @@
+@@ -0,0 +1,87 @@
 +policy_module(vmtools, 1.0.0)
 +
 +########################################
@@ -101976,7 +102041,8 @@ index 0000000..b881c53
 +type vmtools_helper_t;
 +type vmtools_helper_exec_t;
 +application_domain(vmtools_helper_t, vmtools_helper_exec_t)
-+role vmtools_helper_roles types vmtools_t;
++domain_system_change_exemption(vmtools_helper_t)
++role vmtools_helper_roles types vmtools_helper_t;
 +
 +type vmtools_unit_file_t;
 +systemd_unit_file(vmtools_unit_file_t)
@@ -102027,6 +102093,10 @@ index 0000000..b881c53
 +xserver_stream_connect(vmtools_t)
 +
 +optional_policy(`
++    networkmanager_dbus_chat(vmtools_t)
++')
++
++optional_policy(`
 +    unconfined_domain(vmtools_t)
 +')
 +
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 17b87f4..91ea267 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 126%{?dist}
+Release: 127%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,37 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Tue Feb 25 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-127
+- Add snapperd_home_t for HOME_DIR/.snapshots directory
+- Make sosreport as unconfined domain
+- Allow sosreport to execute grub2-probe
+- Allow NM to manage hostname config file
+- Allow systemd_timedated_t to dbus chat with rpm_script_t
+- Allow lsmd plugins to connect to http/ssh/http_cache ports by default
+- Add lsmd_plugin_connect_any boolean
+- Allow mozilla_plugin to attempt to set capabilities
+- Allow lsdm_plugins to use tcp_socket
+- Dontaudit mozilla plugin from getattr on /proc or /sys
+- Dontaudit use of the keyring by the services in a sandbox
+- Dontaudit attempts to sys_ptrace caused by running ps for mysqld_safe_t
+- Allow rabbitmq_beam to connect to jabber_interserver_port
+- Allow logwatch_mail_t to transition to qmail_inject and queueu
+- Added new rules to pcp policy
+- Allow vmtools_helper_t to change role to system_r
+- Allow NM to dbus chat with vmtools
+- Fix couchdb_manage_files() to allow manage couchdb conf files
+- Add support for /var/run/redis.sock
+- dontaudit gpg trying to use audit
+- Allow consolekit to create log directories and files
+- Fix vmtools policy to allow user roles to access vmtools_helper_t
+- Allow block_suspend cap2 for ipa-otpd
+- Allow pkcsslotd to read users state
+- Add ioctl to init_dontaudit_rw_stream_socket
+- Add systemd_hostnamed_manage_config() interface
+- Remove transition for temp dirs created by init_t
+- gdm-simple-slave uses use setsockopt
+- sddm-greater is a xdm type program
+
 * Tue Feb 18 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-126
 - Add lvm_read_metadata()
 - Allow auditadm to search /var/log/audit dir