diff --git a/modules-minimum.conf b/modules-minimum.conf
index 7c892d7..e90c4e9 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -973,7 +973,7 @@ mls = base
 #
 # Policy for mock rpm builder
 # 
-mock = base
+mock = module
 
 # Layer: system
 # Module: modutils
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 7c892d7..e90c4e9 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -973,7 +973,7 @@ mls = base
 #
 # Policy for mock rpm builder
 # 
-mock = base
+mock = module
 
 # Layer: system
 # Module: modutils
diff --git a/policy-F14.patch b/policy-F14.patch
index 819892a..165119e 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -22073,7 +22073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  /var/vdsm(/.*)?			gen_context(system_u:object_r:virt_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.8.6/policy/modules/services/virt.if
 --- nsaserefpolicy/policy/modules/services/virt.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.if	2010-06-25 15:32:58.000000000 -0400
++++ serefpolicy-3.8.6/policy/modules/services/virt.if	2010-06-28 17:16:24.000000000 -0400
 @@ -21,6 +21,7 @@
  	type $1_t, virt_domain;
  	domain_type($1_t)
@@ -22220,8 +22220,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.8.6/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.te	2010-06-25 15:28:29.000000000 -0400
-@@ -50,12 +50,12 @@
++++ serefpolicy-3.8.6/policy/modules/services/virt.te	2010-06-28 17:20:07.000000000 -0400
+@@ -4,6 +4,7 @@
+ #
+ # Declarations
+ #
++attribute virsh_transition_domain;
+ 
+ ## <desc>
+ ## <p>
+@@ -50,12 +51,12 @@
  virt_domain_template(svirt)
  role system_r types svirt_t;
  
@@ -22237,7 +22245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  type virt_etc_t;
  files_config_file(virt_etc_t)
  
-@@ -71,8 +71,12 @@
+@@ -71,8 +72,12 @@
  virt_image(virt_content_t)
  userdom_user_home_content(virt_content_t)
  
@@ -22250,7 +22258,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
  type virt_var_run_t;
  files_pid_file(virt_var_run_t)
-@@ -89,6 +93,11 @@
+@@ -89,6 +94,11 @@
  type virtd_initrc_exec_t;
  init_script_file(virtd_initrc_exec_t)
  
@@ -22262,7 +22270,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  ifdef(`enable_mcs',`
  	init_ranged_daemon_domain(virtd_t, virtd_exec_t, s0 - mcs_systemhigh)
  ')
-@@ -104,15 +113,12 @@
+@@ -104,15 +114,12 @@
  
  allow svirt_t self:udp_socket create_socket_perms;
  
@@ -22279,7 +22287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  fs_hugetlbfs_filetrans(svirt_t, svirt_image_t, file)
  
  list_dirs_pattern(svirt_t, virt_content_t, virt_content_t)
-@@ -160,6 +166,7 @@
+@@ -160,6 +167,7 @@
  
  tunable_policy(`virt_use_usb',`
  	dev_rw_usbfs(svirt_t)
@@ -22287,7 +22295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  	fs_manage_dos_dirs(svirt_t)
  	fs_manage_dos_files(svirt_t)
  ')
-@@ -178,22 +185,29 @@
+@@ -178,22 +186,29 @@
  #
  
  allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setpcap setuid setgid sys_admin sys_nice sys_ptrace };
@@ -22320,7 +22328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
  read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
  
-@@ -204,9 +218,15 @@
+@@ -204,9 +219,15 @@
  
  manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
  manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type)
@@ -22336,7 +22344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
  manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
  logging_log_filetrans(virtd_t, virt_log_t, { file dir })
-@@ -247,18 +267,25 @@
+@@ -247,18 +268,25 @@
  dev_rw_kvm(virtd_t)
  dev_getattr_all_chr_files(virtd_t)
  dev_rw_mtrr(virtd_t)
@@ -22363,7 +22371,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
  fs_list_auto_mountpoints(virtd_t)
  fs_getattr_xattr_fs(virtd_t)
-@@ -267,6 +294,15 @@
+@@ -267,6 +295,15 @@
  fs_manage_cgroup_dirs(virtd_t)
  fs_rw_cgroup_files(virtd_t)
  
@@ -22379,7 +22387,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  mcs_process_set_categories(virtd_t)
  
  storage_manage_fixed_disk(virtd_t)
-@@ -290,15 +326,22 @@
+@@ -290,15 +327,22 @@
  
  logging_send_syslog_msg(virtd_t)
  
@@ -22402,7 +22410,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
  tunable_policy(`virt_use_nfs',`
  	fs_manage_nfs_dirs(virtd_t)
-@@ -369,6 +412,7 @@
+@@ -369,6 +413,7 @@
  	qemu_signal(virtd_t)
  	qemu_kill(virtd_t)
  	qemu_setsched(virtd_t)
@@ -22410,7 +22418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  ')
  
  optional_policy(`
-@@ -406,6 +450,19 @@
+@@ -406,6 +451,19 @@
  allow virt_domain self:unix_dgram_socket { create_socket_perms sendto };
  allow virt_domain self:tcp_socket create_stream_socket_perms;
  
@@ -22430,7 +22438,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  append_files_pattern(virt_domain, virt_log_t, virt_log_t)
  
  append_files_pattern(virt_domain, virt_var_lib_t, virt_var_lib_t)
-@@ -426,6 +483,7 @@
+@@ -426,6 +484,7 @@
  corenet_tcp_bind_virt_migration_port(virt_domain)
  corenet_tcp_connect_virt_migration_port(virt_domain)
  
@@ -22438,7 +22446,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  dev_read_rand(virt_domain)
  dev_read_sound(virt_domain)
  dev_read_urand(virt_domain)
-@@ -433,6 +491,7 @@
+@@ -433,6 +492,7 @@
  dev_rw_ksm(virt_domain)
  dev_rw_kvm(virt_domain)
  dev_rw_qemu(virt_domain)
@@ -22446,7 +22454,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
  domain_use_interactive_fds(virt_domain)
  
-@@ -444,6 +503,11 @@
+@@ -444,6 +504,11 @@
  fs_getattr_tmpfs(virt_domain)
  fs_rw_anon_inodefs_files(virt_domain)
  fs_rw_tmpfs_files(virt_domain)
@@ -22458,7 +22466,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
  
  term_use_all_terms(virt_domain)
  term_getattr_pty_fs(virt_domain)
-@@ -461,8 +525,122 @@
+@@ -461,8 +526,120 @@
  ')
  
  optional_policy(`
@@ -22491,14 +22499,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +allow virsh_t self:unix_stream_socket { create_stream_socket_perms connectto };
 +allow virsh_t self:tcp_socket create_stream_socket_perms;
 +
-+manage_files_pattern(virsh_t, xend_var_lib_t, xend_var_lib_t)
-+manage_fifo_files_pattern(virsh_t, xend_var_lib_t, xend_var_lib_t)
-+manage_sock_files_pattern(virsh_t, xend_var_lib_t, xend_var_lib_t)
-+files_search_var_lib(virsh_t)
-+
-+allow virsh_t xen_image_t:dir rw_dir_perms;
-+allow virsh_t xen_image_t:file read_file_perms;
-+allow virsh_t xen_image_t:blk_file read_blk_file_perms;
++manage_files_pattern(virsh_t, virt_image_type, virt_image_type)
++manage_blk_files_pattern(virsh_t, virt_image_type, virt_image_type)
++manage_lnk_files_pattern(virsh_t, virt_image_type, virt_image_type)
 +
 +dontaudit virsh_t virt_var_lib_t:file read_inherited_file_perms;
 +
@@ -22541,9 +22544,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
 +
 +sysnet_dns_name_resolve(virsh_t)
 +
-+xen_append_log(virsh_t)
-+xen_stream_connect(virsh_t)
-+xen_stream_connect_xenstore(virsh_t)
++optional_policy(`
++	xen_manage_image_dirs(virsh_t)
++	xen_append_log(virsh_t)
++	xen_stream_connect(virsh_t)
++	xen_stream_connect_xenstore(virsh_t)
++')
 +
 +optional_policy(`
 +	dbus_system_bus_client(virsh_t)
@@ -32105,21 +32111,48 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc
  ifdef(`distro_debian',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.8.6/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/xen.if	2010-06-21 10:53:58.000000000 -0400
-@@ -213,8 +213,9 @@
++++ serefpolicy-3.8.6/policy/modules/system/xen.if	2010-06-28 17:17:26.000000000 -0400
+@@ -87,6 +87,26 @@
+ ## 	</summary>
+ ## </param>
+ #
++interface(`xen_manage_image_dirs',`
++	gen_require(`
++		type xend_var_lib_t;
++	')
++
++	files_list_var_lib($1)
++	manage_dirs_pattern($1, xend_var_lib_t, xend_var_lib_t)
++')
++
++########################################
++## <summary>
++##	Allow the specified domain to read/write
++##	xend image files.
++## </summary>
++## <param name="domain">
++## 	<summary>
++##	Domain allowed to transition.
++## 	</summary>
++## </param>
++#
+ interface(`xen_rw_image_files',`
+ 	gen_require(`
+ 		type xen_image_t, xend_var_lib_t;
+@@ -213,8 +233,9 @@
  interface(`xen_domtrans_xm',`
  	gen_require(`
  		type xm_t, xm_exec_t;
-+		attribute xm_transition_domain;
++		attribute virsh_transition_domain;
  	')
 -
-+	typeattribute $1 xm_transition_domain;
++	typeattribute $1 virsh_transition_domain;
  	domtrans_pattern($1, xm_exec_t, xm_t)
  ')
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.8.6/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/xen.te	2010-06-22 09:24:13.000000000 -0400
++++ serefpolicy-3.8.6/policy/modules/system/xen.te	2010-06-28 17:16:48.000000000 -0400
 @@ -4,6 +4,7 @@
  #
  # Declarations
@@ -32128,7 +32161,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
  
  ## <desc>
  ## <p>
-@@ -89,11 +90,6 @@
+@@ -34,6 +35,7 @@
+ files_type(xen_image_t)
+ # xen_image_t can be assigned to blk devices
+ dev_node(xen_image_t)
++virt_image(xen_image_t)
+ 
+ type xenctl_t;
+ files_type(xenctl_t)
+@@ -89,11 +91,6 @@
  type xenconsoled_var_run_t;
  files_pid_file(xenconsoled_var_run_t)
  
@@ -32140,7 +32181,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
  #######################################
  #
  # evtchnd local policy
-@@ -346,6 +342,7 @@
+@@ -346,6 +343,7 @@
  
  files_read_usr_files(xenstored_t)
  
@@ -32148,7 +32189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
  fs_manage_xenfs_files(xenstored_t)
  
  storage_raw_read_fixed_disk(xenstored_t)
-@@ -366,98 +363,9 @@
+@@ -366,98 +364,9 @@
  
  ########################################
  #