diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index a94c887..42c6b4f 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -15055,7 +15055,7 @@ index 649e458..646d467 100644
 +	list_dirs_pattern($1, sysctl_vm_overcommit_t, sysctl_vm_overcommit_t)
  ')
 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 6fac350..5a087a7 100644
+index 6fac350..cdc610d 100644
 --- a/policy/modules/kernel/kernel.te
 +++ b/policy/modules/kernel/kernel.te
 @@ -25,6 +25,9 @@ attribute kern_unconfined;
@@ -15236,18 +15236,19 @@ index 6fac350..5a087a7 100644
  ')
  
  optional_policy(`
-@@ -312,6 +368,10 @@ optional_policy(`
+@@ -312,6 +368,11 @@ optional_policy(`
  ')
  
  optional_policy(`
 +    plymouthd_create_log(kernel_t)
++    plymouthd_filetrans_named_content(kernel_t)
 +')
 +
 +optional_policy(`
  	# nfs kernel server needs kernel UDP access. It is less risky and painful
  	# to just give it everything.
  	allow kernel_t self:tcp_socket create_stream_socket_perms;
-@@ -332,9 +392,6 @@ optional_policy(`
+@@ -332,9 +393,6 @@ optional_policy(`
  
  	sysnet_read_config(kernel_t)
  
@@ -15257,7 +15258,7 @@ index 6fac350..5a087a7 100644
  	rpc_udp_rw_nfs_sockets(kernel_t)
  
  	tunable_policy(`nfs_export_all_ro',`
-@@ -343,9 +400,7 @@ optional_policy(`
+@@ -343,9 +401,7 @@ optional_policy(`
  		fs_read_noxattr_fs_files(kernel_t)
  		fs_read_noxattr_fs_symlinks(kernel_t)
  
@@ -15268,7 +15269,7 @@ index 6fac350..5a087a7 100644
  	')
  
  	tunable_policy(`nfs_export_all_rw',`
-@@ -354,7 +409,7 @@ optional_policy(`
+@@ -354,7 +410,7 @@ optional_policy(`
  		fs_read_noxattr_fs_files(kernel_t)
  		fs_read_noxattr_fs_symlinks(kernel_t)
  
@@ -15277,7 +15278,7 @@ index 6fac350..5a087a7 100644
  	')
  ')
  
-@@ -367,6 +422,15 @@ optional_policy(`
+@@ -367,6 +423,15 @@ optional_policy(`
  	unconfined_domain_noaudit(kernel_t)
  ')
  
@@ -15293,7 +15294,7 @@ index 6fac350..5a087a7 100644
  ########################################
  #
  # Unlabeled process local policy
-@@ -409,4 +473,26 @@ allow kern_unconfined unlabeled_t:dir_file_class_set *;
+@@ -409,4 +474,26 @@ allow kern_unconfined unlabeled_t:dir_file_class_set *;
  allow kern_unconfined unlabeled_t:filesystem *;
  allow kern_unconfined unlabeled_t:association *;
  allow kern_unconfined unlabeled_t:packet *;
@@ -19031,7 +19032,7 @@ index 0000000..cf6582f
 +
 diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
 new file mode 100644
-index 0000000..1357cda
+index 0000000..539c163
 --- /dev/null
 +++ b/policy/modules/roles/unconfineduser.te
 @@ -0,0 +1,328 @@
@@ -19327,7 +19328,7 @@ index 0000000..1357cda
 +')
 +
 +optional_policy(`
-+#	rpm_run(unconfined_t, unconfined_r)
++	rpm_run(unconfined_t, unconfined_r)
 +	# Allow SELinux aware applications to request rpm_script execution
 +	rpm_transition_script(unconfined_t)
 +	rpm_dbus_chat(unconfined_t)
@@ -31278,7 +31279,7 @@ index b50c5fe..e55a556 100644
 +/var/webmin(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
 +
 diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 4e94884..ae63d78 100644
+index 4e94884..6118015 100644
 --- a/policy/modules/system/logging.if
 +++ b/policy/modules/system/logging.if
 @@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
@@ -31485,7 +31486,33 @@ index 4e94884..ae63d78 100644
  ')
  
  ########################################
-@@ -722,6 +866,25 @@ interface(`logging_setattr_all_log_dirs',`
+@@ -609,6 +753,25 @@ interface(`logging_read_syslog_config',`
+ 
+ ########################################
+ ## <summary>
++##	Manage syslog configuration files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`logging_manage_syslog_config',`
++	gen_require(`
++		type syslog_conf_t;
++	')
++
++    manage_files_pattern($1, syslog_conf_t, syslog_conf_t)
++')
++
++########################################
++## <summary>
+ ##	Allows the domain to open a file in the
+ ##	log directory, but does not allow the listing
+ ##	of the contents of the log directory.
+@@ -722,6 +885,25 @@ interface(`logging_setattr_all_log_dirs',`
  	allow $1 logfile:dir setattr;
  ')
  
@@ -31511,7 +31538,7 @@ index 4e94884..ae63d78 100644
  ########################################
  ## <summary>
  ##	Do not audit attempts to get the attributes
-@@ -776,7 +939,25 @@ interface(`logging_append_all_logs',`
+@@ -776,7 +958,25 @@ interface(`logging_append_all_logs',`
  	')
  
  	files_search_var($1)
@@ -31538,7 +31565,7 @@ index 4e94884..ae63d78 100644
  ')
  
  ########################################
-@@ -859,7 +1040,7 @@ interface(`logging_manage_all_logs',`
+@@ -859,7 +1059,7 @@ interface(`logging_manage_all_logs',`
  
  	files_search_var($1)
  	manage_files_pattern($1, logfile, logfile)
@@ -31547,7 +31574,7 @@ index 4e94884..ae63d78 100644
  ')
  
  ########################################
-@@ -885,6 +1066,44 @@ interface(`logging_read_generic_logs',`
+@@ -885,6 +1085,44 @@ interface(`logging_read_generic_logs',`
  
  ########################################
  ## <summary>
@@ -31592,7 +31619,7 @@ index 4e94884..ae63d78 100644
  ##	Write generic log files.
  ## </summary>
  ## <param name="domain">
-@@ -905,6 +1124,24 @@ interface(`logging_write_generic_logs',`
+@@ -905,6 +1143,24 @@ interface(`logging_write_generic_logs',`
  
  ########################################
  ## <summary>
@@ -31617,7 +31644,7 @@ index 4e94884..ae63d78 100644
  ##	Dontaudit Write generic log files.
  ## </summary>
  ## <param name="domain">
-@@ -984,11 +1221,16 @@ interface(`logging_admin_audit',`
+@@ -984,11 +1240,16 @@ interface(`logging_admin_audit',`
  		type auditd_t, auditd_etc_t, auditd_log_t;
  		type auditd_var_run_t;
  		type auditd_initrc_exec_t;
@@ -31635,7 +31662,7 @@ index 4e94884..ae63d78 100644
  	manage_dirs_pattern($1, auditd_etc_t, auditd_etc_t)
  	manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
  
-@@ -1004,6 +1246,33 @@ interface(`logging_admin_audit',`
+@@ -1004,6 +1265,33 @@ interface(`logging_admin_audit',`
  	domain_system_change_exemption($1)
  	role_transition $2 auditd_initrc_exec_t system_r;
  	allow $2 system_r;
@@ -31669,7 +31696,7 @@ index 4e94884..ae63d78 100644
  ')
  
  ########################################
-@@ -1032,10 +1301,15 @@ interface(`logging_admin_syslog',`
+@@ -1032,10 +1320,15 @@ interface(`logging_admin_syslog',`
  		type syslogd_initrc_exec_t;
  	')
  
@@ -31687,7 +31714,7 @@ index 4e94884..ae63d78 100644
  
  	manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t)
  	manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t)
-@@ -1057,6 +1331,8 @@ interface(`logging_admin_syslog',`
+@@ -1057,6 +1350,8 @@ interface(`logging_admin_syslog',`
  	manage_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
  
  	logging_manage_all_logs($1)
@@ -31696,7 +31723,7 @@ index 4e94884..ae63d78 100644
  
  	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
  	domain_system_change_exemption($1)
-@@ -1085,3 +1361,35 @@ interface(`logging_admin',`
+@@ -1085,3 +1380,35 @@ interface(`logging_admin',`
  	logging_admin_audit($1, $2)
  	logging_admin_syslog($1, $2)
  ')
@@ -35814,7 +35841,7 @@ index 346a7cc..42a48b6 100644
 +/var/run/netns(/.*)?		gen_context(system_u:object_r:ifconfig_var_run_t,s0)
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 6944526..c9ab542 100644
+index 6944526..86c7a82 100644
 --- a/policy/modules/system/sysnetwork.if
 +++ b/policy/modules/system/sysnetwork.if
 @@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -36062,8 +36089,11 @@ index 6944526..c9ab542 100644
  	corenet_tcp_sendrecv_generic_if($1)
  	corenet_udp_sendrecv_generic_if($1)
  	corenet_tcp_sendrecv_generic_node($1)
-@@ -692,6 +842,8 @@ interface(`sysnet_dns_name_resolve',`
+@@ -690,8 +840,11 @@ interface(`sysnet_dns_name_resolve',`
+ 	corenet_tcp_sendrecv_dns_port($1)
+ 	corenet_udp_sendrecv_dns_port($1)
  	corenet_tcp_connect_dns_port($1)
++    corenet_tcp_connect_dnssec_port($1)
  	corenet_sendrecv_dns_client_packets($1)
  
 +	miscfiles_read_generic_certs($1)
@@ -36071,7 +36101,7 @@ index 6944526..c9ab542 100644
  	sysnet_read_config($1)
  
  	optional_policy(`
-@@ -720,8 +872,6 @@ interface(`sysnet_use_ldap',`
+@@ -720,8 +873,6 @@ interface(`sysnet_use_ldap',`
  
  	allow $1 self:tcp_socket create_socket_perms;
  
@@ -36080,7 +36110,7 @@ index 6944526..c9ab542 100644
  	corenet_tcp_sendrecv_generic_if($1)
  	corenet_tcp_sendrecv_generic_node($1)
  	corenet_tcp_sendrecv_ldap_port($1)
-@@ -733,6 +883,9 @@ interface(`sysnet_use_ldap',`
+@@ -733,6 +884,9 @@ interface(`sysnet_use_ldap',`
  	dev_read_urand($1)
  
  	sysnet_read_config($1)
@@ -36090,7 +36120,7 @@ index 6944526..c9ab542 100644
  ')
  
  ########################################
-@@ -754,7 +907,6 @@ interface(`sysnet_use_portmap',`
+@@ -754,7 +908,6 @@ interface(`sysnet_use_portmap',`
  	allow $1 self:udp_socket create_socket_perms;
  
  	corenet_all_recvfrom_unlabeled($1)
@@ -36098,7 +36128,7 @@ index 6944526..c9ab542 100644
  	corenet_tcp_sendrecv_generic_if($1)
  	corenet_udp_sendrecv_generic_if($1)
  	corenet_tcp_sendrecv_generic_node($1)
-@@ -766,3 +918,76 @@ interface(`sysnet_use_portmap',`
+@@ -766,3 +919,76 @@ interface(`sysnet_use_portmap',`
  
  	sysnet_read_config($1)
  ')
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index a5fd50f..c50e452 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -68,7 +68,7 @@ index e4f84de..2ed712d 100644
 +/var/cache/retrace-server(/.*)?						gen_context(system_u:object_r:abrt_retrace_cache_t,s0)
 +/var/spool/retrace-server(/.*)?						gen_context(system_u:object_r:abrt_retrace_spool_t,s0)
 diff --git a/abrt.if b/abrt.if
-index 058d908..ff0f9c2 100644
+index 058d908..10edac5 100644
 --- a/abrt.if
 +++ b/abrt.if
 @@ -1,4 +1,26 @@
@@ -278,8 +278,30 @@ index 058d908..ff0f9c2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -220,7 +297,7 @@ interface(`abrt_read_config',`
+@@ -218,9 +295,29 @@ interface(`abrt_read_config',`
+ 	read_files_pattern($1, abrt_etc_t, abrt_etc_t)
+ ')
  
++####################################
++## <summary>
++##	Dontaudit read abrt configuration file.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`abrt_dontaudit_read_config',`
++	gen_require(`
++		type abrt_etc_t;
++	')
++
++	files_search_etc($1)
++    dontaudit $1 abrt_etc_t:dir list_dir_perms;
++    dontaudit $1 abrt_etc_t:file read_file_perms;
++')
++
  ######################################
  ## <summary>
 -##	Read abrt log files.
@@ -287,7 +309,7 @@ index 058d908..ff0f9c2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -258,8 +335,7 @@ interface(`abrt_read_pid_files',`
+@@ -258,8 +355,7 @@ interface(`abrt_read_pid_files',`
  
  ######################################
  ## <summary>
@@ -297,7 +319,7 @@ index 058d908..ff0f9c2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -276,10 +352,51 @@ interface(`abrt_manage_pid_files',`
+@@ -276,10 +372,51 @@ interface(`abrt_manage_pid_files',`
  	manage_files_pattern($1, abrt_var_run_t, abrt_var_run_t)
  ')
  
@@ -351,7 +373,7 @@ index 058d908..ff0f9c2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -288,39 +405,172 @@ interface(`abrt_manage_pid_files',`
+@@ -288,39 +425,172 @@ interface(`abrt_manage_pid_files',`
  ## </param>
  ## <param name="role">
  ##	<summary>
@@ -2016,7 +2038,7 @@ index 708b743..cc78465 100644
 +	ps_process_pattern($1, alsa_t)
  ')
 diff --git a/alsa.te b/alsa.te
-index cda6d20..443ce3c 100644
+index cda6d20..a80ddb9 100644
 --- a/alsa.te
 +++ b/alsa.te
 @@ -21,16 +21,23 @@ files_tmp_file(alsa_tmp_t)
@@ -2045,7 +2067,7 @@ index cda6d20..443ce3c 100644
  allow alsa_t self:sem create_sem_perms;
  allow alsa_t self:shm create_shm_perms;
  allow alsa_t self:unix_stream_socket { accept listen };
-@@ -51,6 +58,11 @@ userdom_user_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
+@@ -51,7 +58,13 @@ userdom_user_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
  manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
  manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
  
@@ -2055,9 +2077,11 @@ index cda6d20..443ce3c 100644
 +files_pid_filetrans(alsa_t, alsa_var_run_t, { file dir })
 +
  kernel_read_system_state(alsa_t)
++kernel_signal(alsa_t)
  
  corecmd_exec_bin(alsa_t)
-@@ -59,7 +71,6 @@ dev_read_sound(alsa_t)
+ 
+@@ -59,7 +72,6 @@ dev_read_sound(alsa_t)
  dev_read_sysfs(alsa_t)
  dev_write_sound(alsa_t)
  
@@ -2065,7 +2089,7 @@ index cda6d20..443ce3c 100644
  files_search_var_lib(alsa_t)
  
  term_dontaudit_use_console(alsa_t)
-@@ -72,8 +83,6 @@ init_use_fds(alsa_t)
+@@ -72,8 +84,6 @@ init_use_fds(alsa_t)
  
  logging_send_syslog_msg(alsa_t)
  
@@ -4792,7 +4816,7 @@ index 83e899c..64beed7 100644
 +	filetrans_pattern($1, { httpd_user_content_t httpd_user_script_exec_t }, httpd_user_htaccess_t, file, ".htaccess")
  ')
 diff --git a/apache.te b/apache.te
-index 1a82e29..b192ed8 100644
+index 1a82e29..9ac02fd 100644
 --- a/apache.te
 +++ b/apache.te
 @@ -1,297 +1,367 @@
@@ -5482,7 +5506,7 @@ index 1a82e29..b192ed8 100644
  allow httpd_t httpd_sys_script_t:unix_stream_socket connectto;
  
  manage_dirs_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
-@@ -445,140 +552,167 @@ manage_dirs_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
+@@ -445,140 +552,168 @@ manage_dirs_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
  manage_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
  manage_lnk_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
  
@@ -5560,6 +5584,7 @@ index 1a82e29..b192ed8 100644
 +domain_use_interactive_fds(httpd_t)
 +domain_dontaudit_read_all_domains_state(httpd_t)
  
++files_dontaudit_search_all_pids(httpd_t)
  files_dontaudit_getattr_all_pids(httpd_t)
 -files_read_usr_files(httpd_t)
 +files_exec_usr_files(httpd_t)
@@ -5715,7 +5740,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  tunable_policy(`httpd_enable_cgi && httpd_use_nfs',`
-@@ -589,28 +723,50 @@ tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
+@@ -589,28 +724,50 @@ tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
  	fs_cifs_domtrans(httpd_t, httpd_sys_script_t)
  ')
  
@@ -5775,7 +5800,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -619,68 +775,44 @@ tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
+@@ -619,68 +776,44 @@ tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
  	fs_read_nfs_symlinks(httpd_t)
  ')
  
@@ -5866,7 +5891,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  tunable_policy(`httpd_setrlimit',`
-@@ -690,66 +822,56 @@ tunable_policy(`httpd_setrlimit',`
+@@ -690,66 +823,56 @@ tunable_policy(`httpd_setrlimit',`
  
  tunable_policy(`httpd_ssi_exec',`
  	corecmd_shell_domtrans(httpd_t, httpd_sys_script_t)
@@ -5964,7 +5989,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  optional_policy(`
-@@ -765,6 +887,23 @@ optional_policy(`
+@@ -765,6 +888,23 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -5988,7 +6013,7 @@ index 1a82e29..b192ed8 100644
  	dbus_system_bus_client(httpd_t)
  
  	tunable_policy(`httpd_dbus_avahi',`
-@@ -781,34 +920,52 @@ optional_policy(`
+@@ -781,34 +921,53 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -6002,6 +6027,7 @@ index 1a82e29..b192ed8 100644
 +')
 +
 +optional_policy(`
++	mirrormanager_read_pid_files(httpd_t)
 +	mirrormanager_read_lib_files(httpd_t)
 +	mirrormanager_read_log(httpd_t)
 +')
@@ -6052,7 +6078,7 @@ index 1a82e29..b192ed8 100644
  
  	tunable_policy(`httpd_manage_ipa',`
  		memcached_manage_pid_files(httpd_t)
-@@ -816,8 +973,18 @@ optional_policy(`
+@@ -816,8 +975,18 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -6071,7 +6097,7 @@ index 1a82e29..b192ed8 100644
  
  	tunable_policy(`httpd_can_network_connect_db',`
  		mysql_tcp_connect(httpd_t)
-@@ -826,6 +993,7 @@ optional_policy(`
+@@ -826,6 +995,7 @@ optional_policy(`
  
  optional_policy(`
  	nagios_read_config(httpd_t)
@@ -6079,7 +6105,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  optional_policy(`
-@@ -836,20 +1004,39 @@ optional_policy(`
+@@ -836,20 +1006,39 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -6125,7 +6151,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  optional_policy(`
-@@ -857,19 +1044,35 @@ optional_policy(`
+@@ -857,19 +1046,35 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -6161,7 +6187,7 @@ index 1a82e29..b192ed8 100644
  	udev_read_db(httpd_t)
  ')
  
-@@ -877,65 +1080,173 @@ optional_policy(`
+@@ -877,65 +1082,173 @@ optional_policy(`
  	yam_read_content(httpd_t)
  ')
  
@@ -6357,7 +6383,7 @@ index 1a82e29..b192ed8 100644
  files_dontaudit_search_pids(httpd_suexec_t)
  files_search_home(httpd_suexec_t)
  
-@@ -944,123 +1255,74 @@ auth_use_nsswitch(httpd_suexec_t)
+@@ -944,123 +1257,74 @@ auth_use_nsswitch(httpd_suexec_t)
  logging_search_logs(httpd_suexec_t)
  logging_send_syslog_msg(httpd_suexec_t)
  
@@ -6512,7 +6538,7 @@ index 1a82e29..b192ed8 100644
  	mysql_read_config(httpd_suexec_t)
  
  	tunable_policy(`httpd_can_network_connect_db',`
-@@ -1077,172 +1339,106 @@ optional_policy(`
+@@ -1077,172 +1341,106 @@ optional_policy(`
  	')
  ')
  
@@ -6749,7 +6775,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  tunable_policy(`httpd_read_user_content',`
-@@ -1250,64 +1446,74 @@ tunable_policy(`httpd_read_user_content',`
+@@ -1250,64 +1448,74 @@ tunable_policy(`httpd_read_user_content',`
  ')
  
  tunable_policy(`httpd_use_cifs',`
@@ -6846,7 +6872,7 @@ index 1a82e29..b192ed8 100644
  
  ########################################
  #
-@@ -1315,8 +1521,15 @@ miscfiles_read_localization(httpd_rotatelogs_t)
+@@ -1315,8 +1523,15 @@ miscfiles_read_localization(httpd_rotatelogs_t)
  #
  
  optional_policy(`
@@ -6863,7 +6889,7 @@ index 1a82e29..b192ed8 100644
  ')
  
  ########################################
-@@ -1324,49 +1537,38 @@ optional_policy(`
+@@ -1324,49 +1539,38 @@ optional_policy(`
  # User content local policy
  #
  
@@ -6928,7 +6954,7 @@ index 1a82e29..b192ed8 100644
  kernel_read_system_state(httpd_passwd_t)
  
  corecmd_exec_bin(httpd_passwd_t)
-@@ -1376,38 +1578,99 @@ dev_read_urand(httpd_passwd_t)
+@@ -1376,38 +1580,99 @@ dev_read_urand(httpd_passwd_t)
  
  domain_use_interactive_fds(httpd_passwd_t)
  
@@ -17195,18 +17221,26 @@ index 28e1b86..0cf34ad 100644
 +	openshift_transition(system_cronjob_t)
  ')
 diff --git a/ctdb.fc b/ctdb.fc
-index 8401fe6..507804b 100644
+index 8401fe6..9131995 100644
 --- a/ctdb.fc
 +++ b/ctdb.fc
-@@ -2,6 +2,8 @@
+@@ -2,11 +2,16 @@
  
  /usr/sbin/ctdbd	--	gen_context(system_u:object_r:ctdbd_exec_t,s0)
  
 +/var/ctdb(/.*)?    gen_context(system_u:object_r:ctdbd_var_t,s0)
 +
++/var/lib/ctdb(/.*)?	gen_context(system_u:object_r:ctdbd_var_lib_t,s0)
  /var/lib/ctdbd(/.*)?	gen_context(system_u:object_r:ctdbd_var_lib_t,s0)
  
  /var/log/ctdb\.log.*	--	gen_context(system_u:object_r:ctdbd_log_t,s0)
+ /var/log/log\.ctdb.*	--	gen_context(system_u:object_r:ctdbd_log_t,s0)
+ 
++
++/var/run/ctdb(/.*)?	gen_context(system_u:object_r:ctdbd_var_run_t,s0)
+ /var/run/ctdbd(/.*)?	gen_context(system_u:object_r:ctdbd_var_run_t,s0)
+ 
+ /var/spool/ctdb(/.*)?	gen_context(system_u:object_r:ctdbd_spool_t,s0)
 diff --git a/ctdb.if b/ctdb.if
 index b25b01d..e99c5c6 100644
 --- a/ctdb.if
@@ -17498,7 +17532,7 @@ index b25b01d..e99c5c6 100644
  ')
 +
 diff --git a/ctdb.te b/ctdb.te
-index 6ce66e7..dc080a7 100644
+index 6ce66e7..06f71d5 100644
 --- a/ctdb.te
 +++ b/ctdb.te
 @@ -24,6 +24,9 @@ files_tmp_file(ctdbd_tmp_t)
@@ -17526,19 +17560,22 @@ index 6ce66e7..dc080a7 100644
  
  append_files_pattern(ctdbd_t, ctdbd_log_t, ctdbd_log_t)
  create_files_pattern(ctdbd_t, ctdbd_log_t, ctdbd_log_t)
-@@ -59,6 +64,11 @@ manage_dirs_pattern(ctdbd_t, ctdbd_var_lib_t, ctdbd_var_lib_t)
+@@ -57,7 +62,13 @@ files_spool_filetrans(ctdbd_t, ctdbd_spool_t, dir)
+ exec_files_pattern(ctdbd_t, ctdbd_var_lib_t, ctdbd_var_lib_t)
+ manage_dirs_pattern(ctdbd_t, ctdbd_var_lib_t, ctdbd_var_lib_t)
  manage_files_pattern(ctdbd_t, ctdbd_var_lib_t, ctdbd_var_lib_t)
- files_var_lib_filetrans(ctdbd_t, ctdbd_var_lib_t, dir)
- 
+-files_var_lib_filetrans(ctdbd_t, ctdbd_var_lib_t, dir)
++files_var_lib_filetrans(ctdbd_t, ctdbd_var_lib_t, dir, "ctdb")
++
 +manage_dirs_pattern(ctdbd_t, ctdbd_var_t, ctdbd_var_t)
 +manage_files_pattern(ctdbd_t, ctdbd_var_t, ctdbd_var_t)
 +manage_lnk_files_pattern(ctdbd_t, ctdbd_var_t, ctdbd_var_t)
++files_var_filetrans(ctdbd_t, ctdbd_var_t, dir, "ctdbd")
 +files_var_filetrans(ctdbd_t, ctdbd_var_t, dir, "ctdb")
-+
+ 
  manage_dirs_pattern(ctdbd_t, ctdbd_var_run_t, ctdbd_var_run_t)
  manage_files_pattern(ctdbd_t, ctdbd_var_run_t, ctdbd_var_run_t)
- files_pid_filetrans(ctdbd_t, ctdbd_var_run_t, dir)
-@@ -72,9 +82,11 @@ corenet_all_recvfrom_netlabel(ctdbd_t)
+@@ -72,9 +83,11 @@ corenet_all_recvfrom_netlabel(ctdbd_t)
  corenet_tcp_sendrecv_generic_if(ctdbd_t)
  corenet_tcp_sendrecv_generic_node(ctdbd_t)
  corenet_tcp_bind_generic_node(ctdbd_t)
@@ -17550,7 +17587,7 @@ index 6ce66e7..dc080a7 100644
  corenet_tcp_sendrecv_ctdb_port(ctdbd_t)
  
  corecmd_exec_bin(ctdbd_t)
-@@ -85,12 +97,14 @@ dev_read_urand(ctdbd_t)
+@@ -85,12 +98,14 @@ dev_read_urand(ctdbd_t)
  
  domain_dontaudit_read_all_domains_state(ctdbd_t)
  
@@ -17567,7 +17604,7 @@ index 6ce66e7..dc080a7 100644
  miscfiles_read_public_files(ctdbd_t)
  
  optional_policy(`
-@@ -109,6 +123,7 @@ optional_policy(`
+@@ -109,6 +124,7 @@ optional_policy(`
  	samba_initrc_domtrans(ctdbd_t)
  	samba_domtrans_net(ctdbd_t)
  	samba_rw_var_files(ctdbd_t)
@@ -27070,7 +27107,7 @@ index 0000000..1ed97fe
 +
 diff --git a/glusterd.te b/glusterd.te
 new file mode 100644
-index 0000000..ed9fdd0
+index 0000000..36ff903
 --- /dev/null
 +++ b/glusterd.te
 @@ -0,0 +1,200 @@
@@ -27228,7 +27265,7 @@ index 0000000..ed9fdd0
 +fs_unmount_all_fs(glusterd_t)
 +fs_getattr_all_fs(glusterd_t)
 +
-+files_mounton_mnt(glusterd_t)
++files_mounton_non_security(glusterd_t)
 +
 +storage_rw_fuse(glusterd_t)
 +
@@ -31556,10 +31593,10 @@ index 0000000..b7ca833
 +')
 diff --git a/hypervkvp.te b/hypervkvp.te
 new file mode 100644
-index 0000000..3543847
+index 0000000..b2d134d
 --- /dev/null
 +++ b/hypervkvp.te
-@@ -0,0 +1,65 @@
+@@ -0,0 +1,74 @@
 +policy_module(hypervkvp, 1.0.0)
 +
 +########################################
@@ -31601,6 +31638,7 @@ index 0000000..3543847
 +allow hyperv_domain self:unix_stream_socket create_stream_socket_perms;
 +
 +corecmd_exec_shell(hyperv_domain)
++corecmd_exec_bin(hyperv_domain)
 +
 +dev_read_sysfs(hyperv_domain)
 +
@@ -31613,10 +31651,18 @@ index 0000000..3543847
 +manage_files_pattern(hypervkvp_t, hypervkvp_var_lib_t, hypervkvp_var_lib_t)
 +files_var_lib_filetrans(hypervkvp_t, hypervkvp_var_lib_t, dir)
 +
++files_dontaudit_search_home(hypervkvp_t)
++
 +logging_send_syslog_msg(hypervkvp_t)
 +
 +sysnet_dns_name_resolve(hypervkvp_t)
 +
++userdom_dontaudit_search_admin_dir(hypervkvp_t)
++
++optional_policy(`
++    sysnet_exec_ifconfig(hypervkvp_t)
++')
++
 +########################################
 +#
 +# hypervvssd local policy
@@ -42102,7 +42148,7 @@ index 6ffaba2..cb1e8b0 100644
 +/usr/lib/nspluginwrapper/plugin-config			--	gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0)
 +')
 diff --git a/mozilla.if b/mozilla.if
-index 6194b80..b8952a1 100644
+index 6194b80..03c6414 100644
 --- a/mozilla.if
 +++ b/mozilla.if
 @@ -1,146 +1,75 @@
@@ -42388,7 +42434,7 @@ index 6194b80..b8952a1 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -265,140 +173,153 @@ interface(`mozilla_exec_user_plugin_home_files',`
+@@ -265,140 +173,155 @@ interface(`mozilla_exec_user_plugin_home_files',`
  ## </param>
  #
  interface(`mozilla_execmod_user_home_files',`
@@ -42488,6 +42534,8 @@ index 6194b80..b8952a1 100644
 +	allow mozilla_plugin_t $1:unix_dgram_socket { sendto rw_socket_perms };
 +	allow mozilla_plugin_t $1:shm { rw_shm_perms destroy };
 +	allow mozilla_plugin_t $1:sem create_sem_perms;
++	allow $1 mozilla_plugin_t:sem rw_sem_perms;
++	allow $1 mozilla_plugin_t:shm rw_shm_perms;
 +
 +	ps_process_pattern($1, mozilla_plugin_t)
 +	allow $1 mozilla_plugin_t:process signal_perms;
@@ -42602,7 +42650,7 @@ index 6194b80..b8952a1 100644
  ')
  
  ########################################
-@@ -424,8 +345,7 @@ interface(`mozilla_dbus_chat',`
+@@ -424,8 +347,7 @@ interface(`mozilla_dbus_chat',`
  
  ########################################
  ## <summary>
@@ -42612,7 +42660,7 @@ index 6194b80..b8952a1 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -433,76 +353,144 @@ interface(`mozilla_dbus_chat',`
+@@ -433,76 +355,144 @@ interface(`mozilla_dbus_chat',`
  ##	</summary>
  ## </param>
  #
@@ -42786,7 +42834,7 @@ index 6194b80..b8952a1 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -510,19 +498,18 @@ interface(`mozilla_plugin_read_tmpfs_files',`
+@@ -510,19 +500,18 @@ interface(`mozilla_plugin_read_tmpfs_files',`
  ##	</summary>
  ## </param>
  #
@@ -42811,7 +42859,7 @@ index 6194b80..b8952a1 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -530,45 +517,56 @@ interface(`mozilla_plugin_delete_tmpfs_files',`
+@@ -530,45 +519,56 @@ interface(`mozilla_plugin_delete_tmpfs_files',`
  ##	</summary>
  ## </param>
  #
@@ -48514,10 +48562,10 @@ index 0000000..8d7c751
 +')
 diff --git a/namespace.te b/namespace.te
 new file mode 100644
-index 0000000..c674894
+index 0000000..e289f2d
 --- /dev/null
 +++ b/namespace.te
-@@ -0,0 +1,39 @@
+@@ -0,0 +1,41 @@
 +policy_module(namespace,1.0.0)
 +
 +########################################
@@ -48549,6 +48597,8 @@ index 0000000..c674894
 +
 +files_polyinstantiate_all(namespace_init_t)
 +
++fs_getattr_xattr_fs(namespace_init_t)
++
 +auth_use_nsswitch(namespace_init_t)
 +
 +term_use_console(namespace_init_t)
@@ -49161,7 +49211,7 @@ index 0e8508c..ee2e3de 100644
 +	logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
  ')
 diff --git a/networkmanager.te b/networkmanager.te
-index 0b48a30..bcaf742 100644
+index 0b48a30..34207b9 100644
 --- a/networkmanager.te
 +++ b/networkmanager.te
 @@ -1,4 +1,4 @@
@@ -49201,7 +49251,7 @@ index 0b48a30..bcaf742 100644
 -allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
 +# networkmanager will ptrace itself if gdb is installed
 +# and it receives a unexpected signal (rh bug #204161)
-+allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_admin sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
++allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_admin sys_nice dac_override net_admin net_raw net_bind_service ipc_lock sys_chroot };
 +dontaudit NetworkManager_t self:capability sys_tty_config;
 +ifdef(`hide_broken_symptoms',`
 +	# caused by some bogus kernel code
@@ -60329,7 +60379,7 @@ index 30e751f..78fb7c6 100644
  	admin_pattern($1, plymouthd_var_run_t)
  ')
 diff --git a/plymouthd.te b/plymouthd.te
-index b1f412b..52acfb0 100644
+index b1f412b..b78836f 100644
 --- a/plymouthd.te
 +++ b/plymouthd.te
 @@ -1,4 +1,4 @@
@@ -60375,13 +60425,13 @@ index b1f412b..52acfb0 100644
  logging_log_filetrans(plymouthd_t, plymouthd_var_log_t, { file dir })
  
  manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
-@@ -70,19 +69,27 @@ domain_use_interactive_fds(plymouthd_t)
+@@ -70,19 +69,26 @@ domain_use_interactive_fds(plymouthd_t)
  
  fs_getattr_all_fs(plymouthd_t)
  
 -files_read_etc_files(plymouthd_t)
 -files_read_usr_files(plymouthd_t)
- 
+-
  term_getattr_pty_fs(plymouthd_t)
  term_use_all_terms(plymouthd_t)
  term_use_ptmx(plymouthd_t)
@@ -60407,12 +60457,16 @@ index b1f412b..52acfb0 100644
  ')
  
  optional_policy(`
-@@ -90,35 +97,33 @@ optional_policy(`
+@@ -90,35 +96,37 @@ optional_policy(`
  ')
  
  optional_policy(`
 -	xserver_manage_xdm_spool_files(plymouthd_t)
 -	xserver_read_xdm_state(plymouthd_t)
++    udev_read_pid_files(plymouthd_t)
++')
++
++optional_policy(`
 +	xserver_xdm_manage_spool(plymouthd_t)
 +	xserver_read_state_xdm(plymouthd_t)
  ')
@@ -88302,7 +88356,7 @@ index 1499b0b..6950cab 100644
 -	spamassassin_role($2, $1)
  ')
 diff --git a/spamassassin.te b/spamassassin.te
-index 4faa7e0..4babad1 100644
+index 4faa7e0..04dd34a 100644
 --- a/spamassassin.te
 +++ b/spamassassin.te
 @@ -1,4 +1,4 @@
@@ -88381,7 +88435,7 @@ index 4faa7e0..4babad1 100644
  type spamd_initrc_exec_t;
  init_script_file(spamd_initrc_exec_t)
  
-@@ -72,87 +39,196 @@ type spamd_log_t;
+@@ -72,87 +39,198 @@ type spamd_log_t;
  logging_log_file(spamd_log_t)
  
  type spamd_spool_t;
@@ -88518,6 +88572,8 @@ index 4faa7e0..4babad1 100644
 +manage_lnk_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
 +manage_fifo_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
 +manage_sock_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
++userdom_user_home_dir_filetrans(spamd_t, spamassassin_home_t, dir, ".spamassassin")
++userdom_admin_home_dir_filetrans(spamd_t, spamassassin_home_t, dir, ".spamassassin")
 +userdom_home_manager(spamassassin_t)
 +
  kernel_read_kernel_sysctls(spamassassin_t)
@@ -88600,7 +88656,7 @@ index 4faa7e0..4babad1 100644
  		nis_use_ypbind_uncond(spamassassin_t)
  	')
  ')
-@@ -160,6 +236,8 @@ optional_policy(`
+@@ -160,6 +238,8 @@ optional_policy(`
  optional_policy(`
  	mta_read_config(spamassassin_t)
  	sendmail_stub(spamassassin_t)
@@ -88609,7 +88665,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  ########################################
-@@ -167,72 +245,85 @@ optional_policy(`
+@@ -167,72 +247,85 @@ optional_policy(`
  # Client local policy
  #
  
@@ -88726,7 +88782,7 @@ index 4faa7e0..4babad1 100644
  
  optional_policy(`
  	abrt_stream_connect(spamc_t)
-@@ -243,6 +334,7 @@ optional_policy(`
+@@ -243,6 +336,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -88734,7 +88790,7 @@ index 4faa7e0..4babad1 100644
  	evolution_stream_connect(spamc_t)
  ')
  
-@@ -251,52 +343,55 @@ optional_policy(`
+@@ -251,52 +345,55 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -88815,7 +88871,7 @@ index 4faa7e0..4babad1 100644
  logging_log_filetrans(spamd_t, spamd_log_t, file)
  
  manage_dirs_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-@@ -308,7 +403,8 @@ manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
+@@ -308,7 +405,8 @@ manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
  manage_files_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
  files_tmp_filetrans(spamd_t, spamd_tmp_t, { file dir })
  
@@ -88825,7 +88881,7 @@ index 4faa7e0..4babad1 100644
  manage_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
  manage_lnk_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
  
-@@ -317,12 +413,13 @@ manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
+@@ -317,12 +415,13 @@ manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
  manage_sock_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
  files_pid_filetrans(spamd_t, spamd_var_run_t, { file dir })
  
@@ -88841,7 +88897,7 @@ index 4faa7e0..4babad1 100644
  corenet_all_recvfrom_netlabel(spamd_t)
  corenet_tcp_sendrecv_generic_if(spamd_t)
  corenet_udp_sendrecv_generic_if(spamd_t)
-@@ -331,78 +428,58 @@ corenet_udp_sendrecv_generic_node(spamd_t)
+@@ -331,78 +430,58 @@ corenet_udp_sendrecv_generic_node(spamd_t)
  corenet_tcp_sendrecv_all_ports(spamd_t)
  corenet_udp_sendrecv_all_ports(spamd_t)
  corenet_tcp_bind_generic_node(spamd_t)
@@ -88944,7 +89000,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -421,21 +498,13 @@ optional_policy(`
+@@ -421,21 +500,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -88968,7 +89024,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -443,8 +512,8 @@ optional_policy(`
+@@ -443,8 +514,8 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -88978,7 +89034,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -455,7 +524,12 @@ optional_policy(`
+@@ -455,7 +526,12 @@ optional_policy(`
  optional_policy(`
  	razor_domtrans(spamd_t)
  	razor_read_lib_files(spamd_t)
@@ -88992,7 +89048,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -463,9 +537,9 @@ optional_policy(`
+@@ -463,9 +539,9 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -89003,7 +89059,7 @@ index 4faa7e0..4babad1 100644
  ')
  
  optional_policy(`
-@@ -474,32 +548,32 @@ optional_policy(`
+@@ -474,32 +550,32 @@ optional_policy(`
  
  ########################################
  #
@@ -89046,7 +89102,7 @@ index 4faa7e0..4babad1 100644
  
  corecmd_exec_bin(spamd_update_t)
  corecmd_exec_shell(spamd_update_t)
-@@ -508,25 +582,21 @@ dev_read_urand(spamd_update_t)
+@@ -508,25 +584,21 @@ dev_read_urand(spamd_update_t)
  
  domain_use_interactive_fds(spamd_update_t)
  
@@ -94238,7 +94294,7 @@ index e29db63..061fb98 100644
  	domain_system_change_exemption($1)
  	role_transition $2 tuned_initrc_exec_t system_r;
 diff --git a/tuned.te b/tuned.te
-index 7116181..92703c0 100644
+index 7116181..177ecd6 100644
 --- a/tuned.te
 +++ b/tuned.te
 @@ -21,6 +21,9 @@ files_config_file(tuned_rw_etc_t)
@@ -94301,7 +94357,7 @@ index 7116181..92703c0 100644
  
  corecmd_exec_bin(tuned_t)
  corecmd_exec_shell(tuned_t)
-@@ -64,31 +78,57 @@ corecmd_exec_shell(tuned_t)
+@@ -64,31 +78,59 @@ corecmd_exec_shell(tuned_t)
  dev_getattr_all_blk_files(tuned_t)
  dev_getattr_all_chr_files(tuned_t)
  dev_read_urand(tuned_t)
@@ -94323,10 +94379,12 @@ index 7116181..92703c0 100644
 +auth_use_nsswitch(tuned_t)
  
  logging_send_syslog_msg(tuned_t)
++#bug in tuned
++logging_manage_syslog_config(tuned_t)
++
++mount_read_pid_files(tuned_t)
  
 -miscfiles_read_localization(tuned_t)
-+mount_read_pid_files(tuned_t)
-+
 +modutils_domtrans_insmod(tuned_t)
  
  udev_read_pid_files(tuned_t)
@@ -102271,7 +102329,7 @@ index 0cea2cd..7668014 100644
  
  userdom_dontaudit_use_unpriv_user_fds(xfs_t)
 diff --git a/xguest.te b/xguest.te
-index 2882821..8cf4841 100644
+index 2882821..0f1f514 100644
 --- a/xguest.te
 +++ b/xguest.te
 @@ -1,4 +1,4 @@
@@ -102382,18 +102440,26 @@ index 2882821..8cf4841 100644
  	')
  ')
  
-@@ -84,12 +97,17 @@ optional_policy(`
+@@ -84,12 +97,25 @@ optional_policy(`
  	')
  ')
  
 +
  optional_policy(`
 -	apache_role(xguest_r, xguest_t)
++    abrt_dontaudit_read_config(xguest_t)
++')
++
++optional_policy(`
 +	colord_dbus_chat(xguest_t)
 +')
 +
 +optional_policy(`
 +	chrome_role(xguest_r, xguest_t)
++')
++
++optional_policy(`
++    thumb_role(xguest_r, xguest_t)
  ')
  
  optional_policy(`
@@ -102402,7 +102468,7 @@ index 2882821..8cf4841 100644
  ')
  
  optional_policy(`
-@@ -97,75 +115,82 @@ optional_policy(`
+@@ -97,75 +123,82 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -102420,7 +102486,7 @@ index 2882821..8cf4841 100644
 -		kernel_read_network_state(xguest_t)
 +	mozilla_run_plugin(xguest_t, xguest_r)
 +')
- 
++
 +optional_policy(`
 +	mount_run_fusermount(xguest_t, xguest_r)
 +')
@@ -102429,7 +102495,7 @@ index 2882821..8cf4841 100644
 +	pcscd_read_pid_files(xguest_t)
 +	pcscd_stream_connect(xguest_t)
 +')
-+
+ 
 +optional_policy(`
 +	rhsmcertd_dontaudit_dbus_chat(xguest_t)
 +')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3ea8db9..ed7629e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 116%{?dist}
+Release: 117%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -576,6 +576,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Jan 15 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-117
+- Add back rpm_run for unconfined_t
+
 * Mon Jan 13 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-116
 - Add missing files_create_var_lib_dirs()
 - Fix typo in ipsec.te