diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 2613303..55ccf84 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -32417,7 +32417,7 @@ index 9933677..ca14c17 100644
+
+/var/run/tmpfiles.d/kmod.conf -- gen_context(system_u:object_r:insmod_var_run_t,s0)
diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
-index 7449974..4f4ac3a 100644
+index 7449974..23bbbf2 100644
--- a/policy/modules/system/modutils.if
+++ b/policy/modules/system/modutils.if
@@ -12,7 +12,7 @@
@@ -32499,7 +32499,32 @@ index 7449974..4f4ac3a 100644
## Execute insmod in the insmod domain, and
## allow the specified role the insmod domain,
## and use the caller's terminal. Has a sigchld
-@@ -308,11 +364,18 @@ interface(`modutils_domtrans_update_mods',`
+@@ -208,6 +264,24 @@ interface(`modutils_exec_insmod',`
+ can_exec($1, insmod_exec_t)
+ ')
+
++#######################################
++##
++## Don't audit execute insmod in the caller domain.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`modutils_dontaudit_exec_insmod',`
++ gen_require(`
++ type insmod_exec_t;
++ ')
++
++ dontaudit $1 insmod_exec_t:file exec_file_perms;
++')
++
+ ########################################
+ ##
+ ## Execute depmod in the depmod domain.
+@@ -308,11 +382,18 @@ interface(`modutils_domtrans_update_mods',`
#
interface(`modutils_run_update_mods',`
gen_require(`
@@ -32520,7 +32545,7 @@ index 7449974..4f4ac3a 100644
')
########################################
-@@ -333,3 +396,25 @@ interface(`modutils_exec_update_mods',`
+@@ -333,3 +414,25 @@ interface(`modutils_exec_update_mods',`
corecmd_search_bin($1)
can_exec($1, update_modules_exec_t)
')
@@ -35229,7 +35254,7 @@ index 346a7cc..42a48b6 100644
+/var/run/netns(/.*)? gen_context(system_u:object_r:ifconfig_var_run_t,s0)
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 6944526..0bd8d93 100644
+index 6944526..a76e22c 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -35504,7 +35529,7 @@ index 6944526..0bd8d93 100644
corenet_tcp_sendrecv_generic_if($1)
corenet_udp_sendrecv_generic_if($1)
corenet_tcp_sendrecv_generic_node($1)
-@@ -766,3 +918,76 @@ interface(`sysnet_use_portmap',`
+@@ -766,3 +918,114 @@ interface(`sysnet_use_portmap',`
sysnet_read_config($1)
')
@@ -35557,6 +35582,24 @@ index 6944526..0bd8d93 100644
+
+########################################
+##
++## Transition to sysnet ifconfig named content
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`sysnet_filetrans_named_content_ifconfig',`
++ gen_require(`
++ type ifconfig_var_run_t;
++ ')
++
++ files_pid_filetrans($1, ifconfig_var_run_t, dir, "netns")
++')
++
++########################################
++##
+## Transition to sysnet named content
+##
+##
@@ -35581,6 +35624,26 @@ index 6944526..0bd8d93 100644
+ files_etc_filetrans($1, net_conf_t, file, "yp.conf")
+ files_etc_filetrans($1, net_conf_t, file, "ntp.conf")
+')
++
++########################################
++##
++## Transition to sysnet ifconfig named content
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`sysnet_manage_ifconfig_run',`
++ gen_require(`
++ type ifconfig_var_run_t;
++ ')
++
++ manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++ manage_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++ manage_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index b7686d5..087fe08 100644
--- a/policy/modules/system/sysnetwork.te