diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 831a640..6be89de 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -38579,7 +38579,7 @@ index db75976..65191bd 100644
+
+/var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 3c5dba7..89012c2 100644
+index 3c5dba7..e59f458 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -41263,7 +41263,7 @@ index 3c5dba7..89012c2 100644
## Create keys for all user domains.
##
##
-@@ -3438,4 +4214,1454 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3438,4 +4214,1491 @@ interface(`userdom_dbus_send_all_users',`
')
allow $1 userdomain:dbus send_msg;
@@ -42717,6 +42717,43 @@ index 3c5dba7..89012c2 100644
+ userdom_user_home_dir_filetrans($1, home_cert_t, dir, ".cert")
+ userdom_user_home_dir_filetrans($1, home_cert_t, dir, ".pki")
+ userdom_user_home_dir_filetrans($1, home_cert_t, dir, "certificates")
++')
++
++########################################
++##
++## Allow caller to transition to any userdomain
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`userdom_transition',`
++ gen_require(`
++ attribute userdomain;
++ ')
++
++ allow $1 userdomain:process transition;
++')
++
++########################################
++##
++## Do not audit attempts to check the
++## access on user content files
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`userdom_dontaudit_access_check_user_content',`
++ gen_require(`
++ attribute user_home_type;
++ ')
++
++ dontaudit $1 user_home_type:dir_file_class_set audit_access;
')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index e2b538b..211263f 100644
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index 236a048..33aaaa1 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -8553,10 +8553,10 @@ index bc5c984..63a4b1d 100644
+ xserver_read_state_xdm(blueman_t)
+')
diff --git a/bluetooth.fc b/bluetooth.fc
-index 2b9c7f3..e1b7177 100644
+index 2b9c7f3..63e4860 100644
--- a/bluetooth.fc
+++ b/bluetooth.fc
-@@ -5,6 +5,8 @@
+@@ -5,10 +5,13 @@
/etc/rc\.d/init\.d/dund -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
/etc/rc\.d/init\.d/pand -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
@@ -8565,6 +8565,11 @@ index 2b9c7f3..e1b7177 100644
/usr/bin/blue.*pin -- gen_context(system_u:object_r:bluetooth_helper_exec_t,s0)
/usr/bin/dund -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
/usr/bin/hidd -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
+ /usr/bin/rfcomm -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
++/usr/bin/pand -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
+
+ /usr/sbin/bluetoothd -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
+ /usr/sbin/hciattach -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
diff --git a/bluetooth.if b/bluetooth.if
index c723a0a..3e8a553 100644
--- a/bluetooth.if
@@ -44075,7 +44080,7 @@ index 0641e97..d7d9a79 100644
+ admin_pattern($1, nrpe_etc_t)
')
diff --git a/nagios.te b/nagios.te
-index 44ad3b7..ce55650 100644
+index 44ad3b7..39b7add 100644
--- a/nagios.te
+++ b/nagios.te
@@ -27,7 +27,7 @@ type nagios_var_run_t;
@@ -44206,15 +44211,17 @@ index 44ad3b7..ce55650 100644
corecmd_exec_bin(nrpe_t)
corecmd_exec_shell(nrpe_t)
-@@ -253,7 +258,6 @@ domain_use_interactive_fds(nrpe_t)
+@@ -252,8 +257,8 @@ dev_read_urand(nrpe_t)
+ domain_use_interactive_fds(nrpe_t)
domain_read_all_domains_state(nrpe_t)
++files_list_var(nrpe_t)
files_read_etc_runtime_files(nrpe_t)
-files_read_usr_files(nrpe_t)
fs_getattr_all_fs(nrpe_t)
fs_search_auto_mountpoints(nrpe_t)
-@@ -262,8 +266,6 @@ auth_use_nsswitch(nrpe_t)
+@@ -262,8 +267,6 @@ auth_use_nsswitch(nrpe_t)
logging_send_syslog_msg(nrpe_t)
@@ -44223,7 +44230,7 @@ index 44ad3b7..ce55650 100644
userdom_dontaudit_use_unpriv_user_fds(nrpe_t)
optional_policy(`
-@@ -310,15 +312,15 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
+@@ -310,15 +313,15 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
#
allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
@@ -44242,7 +44249,7 @@ index 44ad3b7..ce55650 100644
logging_send_syslog_msg(nagios_mail_plugin_t)
sysnet_dns_name_resolve(nagios_mail_plugin_t)
-@@ -345,6 +347,9 @@ allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
+@@ -345,6 +348,9 @@ allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
kernel_read_software_raid_state(nagios_checkdisk_plugin_t)
@@ -44252,7 +44259,7 @@ index 44ad3b7..ce55650 100644
files_getattr_all_mountpoints(nagios_checkdisk_plugin_t)
files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
-@@ -357,9 +362,11 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
+@@ -357,9 +363,11 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
# Services local policy
#
@@ -44266,7 +44273,7 @@ index 44ad3b7..ce55650 100644
corecmd_exec_bin(nagios_services_plugin_t)
-@@ -391,6 +398,7 @@ optional_policy(`
+@@ -391,6 +399,7 @@ optional_policy(`
optional_policy(`
mysql_stream_connect(nagios_services_plugin_t)
@@ -44274,7 +44281,7 @@ index 44ad3b7..ce55650 100644
')
optional_policy(`
-@@ -411,6 +419,7 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
+@@ -411,6 +420,7 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
manage_dirs_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
files_tmp_filetrans(nagios_system_plugin_t, nagios_system_plugin_tmp_t, { dir file })
@@ -44282,7 +44289,7 @@ index 44ad3b7..ce55650 100644
kernel_read_kernel_sysctls(nagios_system_plugin_t)
corecmd_exec_bin(nagios_system_plugin_t)
-@@ -420,10 +429,10 @@ dev_read_sysfs(nagios_system_plugin_t)
+@@ -420,10 +430,10 @@ dev_read_sysfs(nagios_system_plugin_t)
domain_read_all_domains_state(nagios_system_plugin_t)
@@ -44295,7 +44302,7 @@ index 44ad3b7..ce55650 100644
optional_policy(`
init_read_utmp(nagios_system_plugin_t)
')
-@@ -442,11 +451,44 @@ corecmd_exec_shell(nagios_eventhandler_plugin_t)
+@@ -442,11 +452,44 @@ corecmd_exec_shell(nagios_eventhandler_plugin_t)
init_domtrans_script(nagios_eventhandler_plugin_t)
@@ -52640,10 +52647,10 @@ index 96db654..ff3aadd 100644
+ virt_rw_svirt_dev(pcscd_t)
+')
diff --git a/pegasus.fc b/pegasus.fc
-index dfd46e4..2e04b85 100644
+index dfd46e4..31122bd 100644
--- a/pegasus.fc
+++ b/pegasus.fc
-@@ -1,15 +1,24 @@
+@@ -1,15 +1,26 @@
-/etc/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_conf_t,s0)
+
+/etc/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_conf_t,s0)
@@ -52652,17 +52659,21 @@ index dfd46e4..2e04b85 100644
-/etc/rc\.d/init\.d/tog-pegasus -- gen_context(system_u:object_r:pegasus_initrc_exec_t,s0)
+/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
+/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-+
-+/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
-/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-+/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
++/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
-/var/cache/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_cache_t,s0)
-+/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
++/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
++/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
+
+-/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
++/var/lib/openlmi-storage(/.*)? gen_context(system_u:object_r:pegasus_openlmi_storage_lib_t,s0)
+
+-/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
+#openlmi agents
+/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
+/usr/libexec/pegasus/cmpiLMI_Fan-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
@@ -52671,10 +52682,8 @@ index dfd46e4..2e04b85 100644
+/usr/libexec/pegasus/cmpiLMI_PowerManagement-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
+/usr/libexec/pegasus/cmpiLMI_Realmd-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_services_exec_t,s0)
+/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_admin_exec_t,s0)
-
--/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-
--/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
++
++
+/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
diff --git a/pegasus.if b/pegasus.if
index d2fc677..ded726f 100644
@@ -52777,7 +52786,7 @@ index d2fc677..ded726f 100644
')
+
diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..366eeaf 100644
+index 7bcf327..74e4179 100644
--- a/pegasus.te
+++ b/pegasus.te
@@ -1,17 +1,16 @@
@@ -52801,7 +52810,7 @@ index 7bcf327..366eeaf 100644
type pegasus_cache_t;
files_type(pegasus_cache_t)
-@@ -30,20 +29,216 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,239 @@ files_type(pegasus_mof_t)
type pegasus_var_run_t;
files_pid_file(pegasus_var_run_t)
@@ -52810,7 +52819,6 @@ index 7bcf327..366eeaf 100644
+typealias pegasus_openlmi_admin_t alias pegasus_openlmi_service_t;
+typealias pegasus_openlmi_admin_exec_t alias pegasus_openlmi_service_exec_t;
+
-+
+pegasus_openlmi_domain_template(account)
+pegasus_openlmi_domain_template(logicalfile)
+pegasus_openlmi_domain_template(services)
@@ -52819,6 +52827,9 @@ index 7bcf327..366eeaf 100644
+type pegasus_openlmi_storage_tmp_t;
+files_tmp_file(pegasus_openlmi_storage_tmp_t)
+
++type pegasus_openlmi_storage_lib_t;
++files_type(pegasus_openlmi_storage_lib_t)
++
+pegasus_openlmi_domain_template(system)
+typealias pegasus_openlmi_system_t alias pegasus_openlmi_networking_t;
+typealias pegasus_openlmi_system_exec_t alias pegasus_openlmi_networking_exec_t;
@@ -52832,6 +52843,7 @@ index 7bcf327..366eeaf 100644
+allow pegasus_openlmi_domain self:capability { setuid setgid };
+
+allow pegasus_openlmi_domain self:fifo_file rw_fifo_file_perms;
++allow pegasus_openlmi_domain self:udp_socket create_socket_perms;
+
+list_dirs_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
+rw_files_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
@@ -52910,6 +52922,7 @@ index 7bcf327..366eeaf 100644
+ # so we want to have unconfined_domain attribute for filename rules
+ unconfined_domain(pegasus_openlmi_logicalfile_t)
+')
++
+######################################
+#
+# pegasus openlmi networking local policy
@@ -52931,7 +52944,6 @@ index 7bcf327..366eeaf 100644
+allow pegasus_openlmi_system_t self:capability { net_admin };
+
+allow pegasus_openlmi_system_t self:netlink_route_socket r_netlink_socket_perms;;
-+allow pegasus_openlmi_system_t self:udp_socket create_socket_perms;
+
+dev_rw_sysfs(pegasus_openlmi_system_t)
+dev_read_urand(pegasus_openlmi_system_t)
@@ -52969,17 +52981,37 @@ index 7bcf327..366eeaf 100644
+# pegasus openlmi storage local policy
+#
+
++
++manage_files_pattern(pegasus_openlmi_storage_t, pegasus_openlmi_storage_lib_t, pegasus_openlmi_storage_lib_t)
++manage_dirs_pattern(pegasus_openlmi_storage_t, pegasus_openlmi_storage_lib_t, pegasus_openlmi_storage_lib_t)
++files_var_lib_filetrans(pegasus_openlmi_storage_t, pegasus_openlmi_storage_lib_t, { dir file })
++
+manage_files_pattern(pegasus_openlmi_storage_t, pegasus_openlmi_storage_tmp_t, pegasus_openlmi_storage_tmp_t)
+manage_dirs_pattern(pegasus_openlmi_storage_t, pegasus_openlmi_storage_tmp_t, pegasus_openlmi_storage_tmp_t)
+files_tmp_filetrans(pegasus_openlmi_storage_tmp_t, pegasus_openlmi_storage_tmp_t, { file dir})
+
-+storage_rw_inherited_fixed_disk_dev(pegasus_openlmi_networking_t)
++kernel_read_all_sysctls(pegasus_openlmi_storage_t)
++
++dev_read_rand(pegasus_openlmi_storage_t)
++dev_read_urand(pegasus_openlmi_storage_t)
++
++dev_rw_lvm_control(pegasus_openlmi_storage_t)
++
++selinux_validate_context(pegasus_openlmi_storage_t)
++
++seutil_read_file_contexts(pegasus_openlmi_storage_t)
++
++storage_rw_inherited_fixed_disk_dev(pegasus_openlmi_storage_t)
+
+modutils_domtrans_insmod(pegasus_openlmi_storage_t)
+
+udev_domtrans(pegasus_openlmi_storage_t)
+
+optional_policy(`
++ dmidecode_domtrans(pegasus_openlmi_storage_t)
++')
++
++optional_policy(`
+ lvm_domtrans(pegasus_openlmi_storage_t)
+')
+
@@ -53023,7 +53055,7 @@ index 7bcf327..366eeaf 100644
allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +249,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +272,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@@ -53054,7 +53086,7 @@ index 7bcf327..366eeaf 100644
kernel_read_network_state(pegasus_t)
kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +275,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +298,21 @@ kernel_read_net_sysctls(pegasus_t)
kernel_read_xen_state(pegasus_t)
kernel_write_xen_state(pegasus_t)
@@ -53087,7 +53119,7 @@ index 7bcf327..366eeaf 100644
corecmd_exec_bin(pegasus_t)
corecmd_exec_shell(pegasus_t)
-@@ -114,6 +303,7 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,6 +326,7 @@ files_getattr_all_dirs(pegasus_t)
auth_use_nsswitch(pegasus_t)
auth_domtrans_chk_passwd(pegasus_t)
@@ -53095,7 +53127,7 @@ index 7bcf327..366eeaf 100644
domain_use_interactive_fds(pegasus_t)
domain_read_all_domains_state(pegasus_t)
-@@ -128,18 +318,25 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +341,25 @@ init_stream_connect_script(pegasus_t)
logging_send_audit_msgs(pegasus_t)
logging_send_syslog_msg(pegasus_t)
@@ -53113,21 +53145,21 @@ index 7bcf327..366eeaf 100644
- dbus_connect_system_bus(pegasus_t)
+ dbus_system_bus_client(pegasus_t)
+ dbus_connect_system_bus(pegasus_t)
-+
-+ optional_policy(`
-+ networkmanager_dbus_chat(pegasus_t)
-+ ')
-+')
- optional_policy(`
- networkmanager_dbus_chat(pegasus_t)
- ')
++ optional_policy(`
++ networkmanager_dbus_chat(pegasus_t)
++ ')
++')
++
+optional_policy(`
+ rhcs_stream_connect_cluster(pegasus_t)
')
optional_policy(`
-@@ -151,16 +348,24 @@ optional_policy(`
+@@ -151,16 +371,24 @@ optional_policy(`
')
optional_policy(`
@@ -53156,7 +53188,7 @@ index 7bcf327..366eeaf 100644
')
optional_policy(`
-@@ -168,7 +373,7 @@ optional_policy(`
+@@ -168,7 +396,7 @@ optional_policy(`
')
optional_policy(`
@@ -79354,10 +79386,21 @@ index 1aeef8a..d5ce40a 100644
admin_pattern($1, shorewall_etc_t)
diff --git a/shorewall.te b/shorewall.te
-index ca03de6..bac98d6 100644
+index ca03de6..c3b5559 100644
--- a/shorewall.te
+++ b/shorewall.te
-@@ -57,6 +57,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
+@@ -44,9 +44,7 @@ manage_files_pattern(shorewall_t, shorewall_lock_t, shorewall_lock_t)
+ files_lock_filetrans(shorewall_t, shorewall_lock_t, file)
+
+ manage_dirs_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+-append_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+-create_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+-setattr_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
++manage_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+ logging_log_filetrans(shorewall_t, shorewall_log_t, { file dir })
+
+ manage_dirs_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t)
+@@ -57,6 +55,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
files_var_lib_filetrans(shorewall_t, shorewall_var_lib_t, { dir file })
@@ -79367,7 +79410,7 @@ index ca03de6..bac98d6 100644
allow shorewall_t shorewall_initrc_exec_t:file read_file_perms;
-@@ -74,7 +77,6 @@ dev_read_urand(shorewall_t)
+@@ -74,7 +75,6 @@ dev_read_urand(shorewall_t)
domain_read_all_domains_state(shorewall_t)
files_getattr_kernel_modules(shorewall_t)
@@ -79375,7 +79418,7 @@ index ca03de6..bac98d6 100644
files_search_kernel_modules(shorewall_t)
fs_getattr_all_fs(shorewall_t)
-@@ -86,12 +88,11 @@ init_rw_utmp(shorewall_t)
+@@ -86,12 +86,11 @@ init_rw_utmp(shorewall_t)
logging_read_generic_logs(shorewall_t)
logging_send_syslog_msg(shorewall_t)
@@ -95182,7 +95225,7 @@ index 36e32df..3d08962 100644
+ manage_dirs_pattern($1, zarafa_var_lib_t, zarafa_var_lib_t)
')
diff --git a/zarafa.te b/zarafa.te
-index a4479b1..1d12d58 100644
+index a4479b1..7a9f1b6 100644
--- a/zarafa.te
+++ b/zarafa.te
@@ -1,4 +1,4 @@
@@ -95305,7 +95348,7 @@ index a4479b1..1d12d58 100644
manage_dirs_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
manage_files_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
files_tmp_filetrans(zarafa_server_t, zarafa_server_tmp_t, { file dir })
-@@ -109,70 +117,78 @@ files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir lnk_file }
+@@ -109,70 +117,80 @@ files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir lnk_file }
stream_connect_pattern(zarafa_server_t, zarafa_indexer_var_run_t, zarafa_indexer_var_run_t, zarafa_indexer_t)
@@ -95362,9 +95405,10 @@ index a4479b1..1d12d58 100644
-corenet_tcp_sendrecv_smtp_port(zarafa_spooler_t)
+
+auth_use_nsswitch(zarafa_spooler_t)
-+
-+########################################
-+#
+
+ ########################################
+ #
+-# Zarafa domain local policy
+# zarafa_gateway local policy
+#
+corenet_tcp_bind_pop_port(zarafa_gateway_t)
@@ -95372,8 +95416,8 @@ index a4479b1..1d12d58 100644
+#######################################
+#
+# zarafa-ical local policy
-+#
-+
+ #
+
+corenet_tcp_bind_http_cache_port(zarafa_ical_t)
+
+######################################
@@ -95381,13 +95425,12 @@ index a4479b1..1d12d58 100644
+# zarafa-monitor local policy
+#
+
-
- ########################################
- #
--# Zarafa domain local policy
++
++########################################
++#
+# zarafa domains local policy
- #
-
++#
++
+# bad permission on /etc/zarafa
allow zarafa_domain self:capability { kill dac_override chown setgid setuid };
-allow zarafa_domain self:process { setrlimit signal };
@@ -95406,10 +95449,11 @@ index a4479b1..1d12d58 100644
-
dev_read_rand(zarafa_domain)
dev_read_urand(zarafa_domain)
--
+
-logging_send_syslog_msg(zarafa_domain)
-
-miscfiles_read_localization(zarafa_domain)
++dev_read_sysfs(zarafa_domain)
diff --git a/zebra.fc b/zebra.fc
index 28ee4ca..e1b30b2 100644
--- a/zebra.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c586d41..cbfc18d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 68%{?dist}
+Release: 69%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -539,6 +539,14 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Fri Aug 2 2013 Miroslav Grepl 3.12.1-69
+- Add fix for pand service
+- Fix pegasus.te
+- shorewall touches own log
+- Allow nrpe to list /var
+- Add additional fixes for pegasus_openlmi_storage_t. Domtrans to demicode. A type for openlmi_storage lib files.
+- Dontaudit attempts by thumb_t to check access on files/dirs in user homedir
+
* Tue Jul 30 2013 Miroslav Grepl 3.12.1-68
- Add more aliases in pegasus.te
- Add more fixes for *_admin interfaces