diff --git a/container-selinux.tgz b/container-selinux.tgz
index adf3610..a013fe7 100644
Binary files a/container-selinux.tgz and b/container-selinux.tgz differ
diff --git a/policy-f25-base.patch b/policy-f25-base.patch
index 9ac5efb..0e4c203 100644
--- a/policy-f25-base.patch
+++ b/policy-f25-base.patch
@@ -1,5 +1,5 @@
diff --git a/.gitmodules b/.gitmodules
-index 360bd03..f9d7f35 100644
+index 360bd0388..f9d7f3550 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,4 @@
@@ -9,7 +9,7 @@ index 360bd03..f9d7f35 100644
+ url = https://github.com/fedora-selinux/selinux-policy-contrib
+ branch = f25
diff --git a/Makefile b/Makefile
-index ec7b5cb..e2936c6 100644
+index ec7b5cba8..e2936c695 100644
--- a/Makefile
+++ b/Makefile
@@ -61,6 +61,7 @@ SEMODULE ?= $(tc_usrsbindir)/semodule
@@ -56,7 +56,7 @@ index ec7b5cb..e2936c6 100644
ifndef LOCAL_ROOT
rm -f $(fcsort)
diff --git a/Rules.modular b/Rules.modular
-index 313d837..4f261a9 100644
+index 313d8375b..4f261a9dd 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -71,7 +71,7 @@ $(modpkgdir)/%.pp: $(builddir)%.pp
@@ -77,7 +77,7 @@ index 313d837..4f261a9 100644
########################################
diff --git a/config/appconfig-mcs/default_contexts b/config/appconfig-mcs/default_contexts
-index 801d97b..698d54c 100644
+index 801d97b6f..698d54ce8 100644
--- a/config/appconfig-mcs/default_contexts
+++ b/config/appconfig-mcs/default_contexts
@@ -1,4 +1,4 @@
@@ -88,13 +88,13 @@ index 801d97b..698d54c 100644
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
diff --git a/config/appconfig-mcs/openssh_contexts b/config/appconfig-mcs/openssh_contexts
new file mode 100644
-index 0000000..6de0b01
+index 000000000..6de0b016d
--- /dev/null
+++ b/config/appconfig-mcs/openssh_contexts
@@ -0,0 +1 @@
+privsep_preauth=sshd_net_t
diff --git a/config/appconfig-mcs/staff_u_default_contexts b/config/appconfig-mcs/staff_u_default_contexts
-index 881a292..5606c4e 100644
+index 881a292e3..5606c4ea6 100644
--- a/config/appconfig-mcs/staff_u_default_contexts
+++ b/config/appconfig-mcs/staff_u_default_contexts
@@ -1,7 +1,7 @@
@@ -108,7 +108,7 @@ index 881a292..5606c4e 100644
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
diff --git a/config/appconfig-mcs/sysadm_u_default_contexts b/config/appconfig-mcs/sysadm_u_default_contexts
new file mode 100644
-index 0000000..b8fda95
+index 000000000..b8fda9543
--- /dev/null
+++ b/config/appconfig-mcs/sysadm_u_default_contexts
@@ -0,0 +1,12 @@
@@ -126,13 +126,13 @@ index 0000000..b8fda95
+
diff --git a/config/appconfig-mcs/systemd_contexts b/config/appconfig-mcs/systemd_contexts
new file mode 100644
-index 0000000..ff32acc
+index 000000000..ff32accd1
--- /dev/null
+++ b/config/appconfig-mcs/systemd_contexts
@@ -0,0 +1 @@
+runtime=system_u:object_r:systemd_runtime_unit_file_t:s0
diff --git a/config/appconfig-mcs/user_u_default_contexts b/config/appconfig-mcs/user_u_default_contexts
-index cacbc93..56d6071 100644
+index cacbc939f..56d6071c2 100644
--- a/config/appconfig-mcs/user_u_default_contexts
+++ b/config/appconfig-mcs/user_u_default_contexts
@@ -1,7 +1,7 @@
@@ -145,14 +145,14 @@ index cacbc93..56d6071 100644
user_r:user_su_t:s0 user_r:user_t:s0
user_r:user_sudo_t:s0 user_r:user_t:s0
diff --git a/config/appconfig-mcs/virtual_domain_context b/config/appconfig-mcs/virtual_domain_context
-index d387b42..150f281 100644
+index d387b428b..150f281d1 100644
--- a/config/appconfig-mcs/virtual_domain_context
+++ b/config/appconfig-mcs/virtual_domain_context
@@ -1 +1,2 @@
system_u:system_r:svirt_t:s0
+system_u:system_r:svirt_tcg_t:s0
diff --git a/config/appconfig-mls/default_contexts b/config/appconfig-mls/default_contexts
-index 801d97b..698d54c 100644
+index 801d97b6f..698d54ce8 100644
--- a/config/appconfig-mls/default_contexts
+++ b/config/appconfig-mls/default_contexts
@@ -1,4 +1,4 @@
@@ -163,13 +163,13 @@ index 801d97b..698d54c 100644
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
diff --git a/config/appconfig-mls/openssh_contexts b/config/appconfig-mls/openssh_contexts
new file mode 100644
-index 0000000..6de0b01
+index 000000000..6de0b016d
--- /dev/null
+++ b/config/appconfig-mls/openssh_contexts
@@ -0,0 +1 @@
+privsep_preauth=sshd_net_t
diff --git a/config/appconfig-mls/staff_u_default_contexts b/config/appconfig-mls/staff_u_default_contexts
-index 881a292..5606c4e 100644
+index 881a292e3..5606c4ea6 100644
--- a/config/appconfig-mls/staff_u_default_contexts
+++ b/config/appconfig-mls/staff_u_default_contexts
@@ -1,7 +1,7 @@
@@ -183,13 +183,13 @@ index 881a292..5606c4e 100644
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
diff --git a/config/appconfig-mls/systemd_contexts b/config/appconfig-mls/systemd_contexts
new file mode 100644
-index 0000000..ff32acc
+index 000000000..ff32accd1
--- /dev/null
+++ b/config/appconfig-mls/systemd_contexts
@@ -0,0 +1 @@
+runtime=system_u:object_r:systemd_runtime_unit_file_t:s0
diff --git a/config/appconfig-mls/user_u_default_contexts b/config/appconfig-mls/user_u_default_contexts
-index cacbc93..56d6071 100644
+index cacbc939f..56d6071c2 100644
--- a/config/appconfig-mls/user_u_default_contexts
+++ b/config/appconfig-mls/user_u_default_contexts
@@ -1,7 +1,7 @@
@@ -202,7 +202,7 @@ index cacbc93..56d6071 100644
user_r:user_su_t:s0 user_r:user_t:s0
user_r:user_sudo_t:s0 user_r:user_t:s0
diff --git a/config/appconfig-standard/default_contexts b/config/appconfig-standard/default_contexts
-index 64a0a90..25ee341 100644
+index 64a0a90c3..25ee341c1 100644
--- a/config/appconfig-standard/default_contexts
+++ b/config/appconfig-standard/default_contexts
@@ -1,4 +1,4 @@
@@ -213,13 +213,13 @@ index 64a0a90..25ee341 100644
system_r:sshd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
diff --git a/config/appconfig-standard/openssh_contexts b/config/appconfig-standard/openssh_contexts
new file mode 100644
-index 0000000..6de0b01
+index 000000000..6de0b016d
--- /dev/null
+++ b/config/appconfig-standard/openssh_contexts
@@ -0,0 +1 @@
+privsep_preauth=sshd_net_t
diff --git a/config/appconfig-standard/staff_u_default_contexts b/config/appconfig-standard/staff_u_default_contexts
-index c2a5ea8..300694c 100644
+index c2a5ea871..300694ce8 100644
--- a/config/appconfig-standard/staff_u_default_contexts
+++ b/config/appconfig-standard/staff_u_default_contexts
@@ -1,7 +1,7 @@
@@ -233,7 +233,7 @@ index c2a5ea8..300694c 100644
staff_r:staff_sudo_t staff_r:staff_t
diff --git a/config/appconfig-standard/sysadm_u_default_contexts b/config/appconfig-standard/sysadm_u_default_contexts
new file mode 100644
-index 0000000..b8fda95
+index 000000000..b8fda9543
--- /dev/null
+++ b/config/appconfig-standard/sysadm_u_default_contexts
@@ -0,0 +1,12 @@
@@ -251,13 +251,13 @@ index 0000000..b8fda95
+
diff --git a/config/appconfig-standard/systemd_contexts b/config/appconfig-standard/systemd_contexts
new file mode 100644
-index 0000000..ff32acc
+index 000000000..ff32accd1
--- /dev/null
+++ b/config/appconfig-standard/systemd_contexts
@@ -0,0 +1 @@
+runtime=system_u:object_r:systemd_runtime_unit_file_t:s0
diff --git a/config/appconfig-standard/user_u_default_contexts b/config/appconfig-standard/user_u_default_contexts
-index f5bfac3..63b7eec 100644
+index f5bfac34a..63b7eecd1 100644
--- a/config/appconfig-standard/user_u_default_contexts
+++ b/config/appconfig-standard/user_u_default_contexts
@@ -1,7 +1,7 @@
@@ -270,7 +270,7 @@ index f5bfac3..63b7eec 100644
user_r:user_su_t user_r:user_t
user_r:user_sudo_t user_r:user_t
diff --git a/config/appconfig-standard/virtual_domain_context b/config/appconfig-standard/virtual_domain_context
-index c049e10..150f281 100644
+index c049e104b..150f281d1 100644
--- a/config/appconfig-standard/virtual_domain_context
+++ b/config/appconfig-standard/virtual_domain_context
@@ -1 +1,2 @@
@@ -279,7 +279,7 @@ index c049e10..150f281 100644
+system_u:system_r:svirt_tcg_t:s0
diff --git a/man/man8/ftpd_selinux.8 b/man/man8/ftpd_selinux.8
deleted file mode 100644
-index 5bebd82..0000000
+index 5bebd82d4..000000000
--- a/man/man8/ftpd_selinux.8
+++ /dev/null
@@ -1,65 +0,0 @@
@@ -350,7 +350,7 @@ index 5bebd82..0000000
-selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
diff --git a/man/man8/git_selinux.8 b/man/man8/git_selinux.8
deleted file mode 100644
-index e9c43b1..0000000
+index e9c43b190..000000000
--- a/man/man8/git_selinux.8
+++ /dev/null
@@ -1,109 +0,0 @@
@@ -465,7 +465,7 @@ index e9c43b1..0000000
-selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
deleted file mode 100644
-index 16e8b13..0000000
+index 16e8b1323..000000000
--- a/man/man8/httpd_selinux.8
+++ /dev/null
@@ -1,120 +0,0 @@
@@ -591,7 +591,7 @@ index 16e8b13..0000000
-
diff --git a/man/man8/kerberos_selinux.8 b/man/man8/kerberos_selinux.8
deleted file mode 100644
-index a8f81c8..0000000
+index a8f81c8e7..000000000
--- a/man/man8/kerberos_selinux.8
+++ /dev/null
@@ -1,28 +0,0 @@
@@ -625,7 +625,7 @@ index a8f81c8..0000000
-selinux(8), kerberos(1), chcon(1), setsebool(8)
diff --git a/man/man8/named_selinux.8 b/man/man8/named_selinux.8
deleted file mode 100644
-index fce0b48..0000000
+index fce0b4815..000000000
--- a/man/man8/named_selinux.8
+++ /dev/null
@@ -1,30 +0,0 @@
@@ -661,7 +661,7 @@ index fce0b48..0000000
-
diff --git a/man/man8/nfs_selinux.8 b/man/man8/nfs_selinux.8
deleted file mode 100644
-index 8e30c4c..0000000
+index 8e30c4c65..000000000
--- a/man/man8/nfs_selinux.8
+++ /dev/null
@@ -1,31 +0,0 @@
@@ -698,14 +698,14 @@ index 8e30c4c..0000000
-selinux(8), chcon(1), setsebool(8)
diff --git a/man/man8/nis_selinux.8 b/man/man8/nis_selinux.8
deleted file mode 100644
-index 6271c95..0000000
+index 6271c951f..000000000
--- a/man/man8/nis_selinux.8
+++ /dev/null
@@ -1 +0,0 @@
-.so man8/ypbind_selinux.8
diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
deleted file mode 100644
-index ad9ccf5..0000000
+index ad9ccf5cd..000000000
--- a/man/man8/rsync_selinux.8
+++ /dev/null
@@ -1,52 +0,0 @@
@@ -763,7 +763,7 @@ index ad9ccf5..0000000
-selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)
diff --git a/man/man8/samba_selinux.8 b/man/man8/samba_selinux.8
deleted file mode 100644
-index ca702c7..0000000
+index ca702c799..000000000
--- a/man/man8/samba_selinux.8
+++ /dev/null
@@ -1,56 +0,0 @@
@@ -825,7 +825,7 @@ index ca702c7..0000000
-selinux(8), samba(7), chcon(1), setsebool(8), semanage(8)
diff --git a/man/man8/ypbind_selinux.8 b/man/man8/ypbind_selinux.8
deleted file mode 100644
-index 5061a5f..0000000
+index 5061a5f04..000000000
--- a/man/man8/ypbind_selinux.8
+++ /dev/null
@@ -1,19 +0,0 @@
@@ -849,7 +849,7 @@ index 5061a5f..0000000
-.SH "SEE ALSO"
-selinux(8), ypbind(8), chcon(1), setsebool(8)
diff --git a/policy/constraints b/policy/constraints
-index 3a45f23..ee7d7b3 100644
+index 3a45f236b..ee7d7b392 100644
--- a/policy/constraints
+++ b/policy/constraints
@@ -105,6 +105,18 @@ constrain process { transition dyntransition noatsecure siginh rlimitinh }
@@ -887,7 +887,7 @@ index 3a45f23..ee7d7b3 100644
constrain socket_class_set { create relabelto relabelfrom }
(
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
-index a94b169..7c61322 100644
+index a94b16980..7c6132221 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -121,6 +121,60 @@ common x_device
@@ -1117,7 +1117,7 @@ index a94b169..7c61322 100644
+class cap2_userns
+inherits cap2
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
-index 14a4799..6e16f5e 100644
+index 14a479911..6e16f5e63 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -121,6 +121,18 @@ class kernel_service
@@ -1156,7 +1156,7 @@ index 14a4799..6e16f5e 100644
+
# FLASK
diff --git a/policy/global_booleans b/policy/global_booleans
-index 66e85ea..d02654d 100644
+index 66e85ea54..d02654d7f 100644
--- a/policy/global_booleans
+++ b/policy/global_booleans
@@ -6,7 +6,7 @@
@@ -1169,7 +1169,7 @@ index 66e85ea..d02654d 100644
## user domains.
##
diff --git a/policy/global_tunables b/policy/global_tunables
-index 4705ab6..b82865c 100644
+index 4705ab618..b82865c43 100644
--- a/policy/global_tunables
+++ b/policy/global_tunables
@@ -6,52 +6,59 @@
@@ -1300,7 +1300,7 @@ index 4705ab6..b82865c 100644
+##
+gen_tunable(mount_anyfile, false)
diff --git a/policy/mcs b/policy/mcs
-index 216b3d1..064ec83 100644
+index 216b3d125..064ec83b6 100644
--- a/policy/mcs
+++ b/policy/mcs
@@ -1,4 +1,6 @@
@@ -1422,7 +1422,7 @@ index 216b3d1..064ec83 100644
+
') dnl end enable_mcs
diff --git a/policy/mls b/policy/mls
-index f11e5e2..c67dbb9 100644
+index f11e5e2b7..c67dbb976 100644
--- a/policy/mls
+++ b/policy/mls
@@ -70,7 +70,9 @@ mlsconstrain { file lnk_file fifo_file } { create relabelto }
@@ -1526,7 +1526,7 @@ index f11e5e2..c67dbb9 100644
(( l1 eq l2 ) or
(( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
-index 2626ebf..5745bb2 100644
+index 2626ebf95..5745bb240 100644
--- a/policy/modules/admin/bootloader.fc
+++ b/policy/modules/admin/bootloader.fc
@@ -1,11 +1,16 @@
@@ -1554,7 +1554,7 @@ index 2626ebf..5745bb2 100644
-/usr/sbin/grub2-probe -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+/var/lib/os-prober(/.*)? gen_context(system_u:object_r:bootloader_var_lib_t,s0)
diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if
-index cc8df9d..90467f3 100644
+index cc8df9d7d..90467f3af 100644
--- a/policy/modules/admin/bootloader.if
+++ b/policy/modules/admin/bootloader.if
@@ -19,6 +19,24 @@ interface(`bootloader_domtrans',`
@@ -1698,7 +1698,7 @@ index cc8df9d..90467f3 100644
+ files_etc_filetrans($1,bootloader_etc_t,file, "zipl.conf")
+')
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
-index 0fd5c5f..a14addb 100644
+index 0fd5c5f2e..a14addb41 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -20,13 +20,20 @@ type bootloader_t;
@@ -1869,7 +1869,7 @@ index 0fd5c5f..a14addb 100644
+ udev_read_pid_files(bootloader_t)
')
diff --git a/policy/modules/admin/consoletype.fc b/policy/modules/admin/consoletype.fc
-index b7f053b..5d4fc31 100644
+index b7f053bf6..5d4fc3188 100644
--- a/policy/modules/admin/consoletype.fc
+++ b/policy/modules/admin/consoletype.fc
@@ -1,2 +1,4 @@
@@ -1878,7 +1878,7 @@ index b7f053b..5d4fc31 100644
+
+/usr/sbin/consoletype -- gen_context(system_u:object_r:consoletype_exec_t,s0)
diff --git a/policy/modules/admin/consoletype.if b/policy/modules/admin/consoletype.if
-index 0f57d3b..655d07f 100644
+index 0f57d3bc0..655d07f01 100644
--- a/policy/modules/admin/consoletype.if
+++ b/policy/modules/admin/consoletype.if
@@ -19,10 +19,6 @@ interface(`consoletype_domtrans',`
@@ -1893,7 +1893,7 @@ index 0f57d3b..655d07f 100644
########################################
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
-index cd5e005..247259a 100644
+index cd5e005ce..247259ac4 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -7,8 +7,8 @@ policy_module(consoletype, 1.10.0)
@@ -1957,7 +1957,7 @@ index cd5e005..247259a 100644
optional_policy(`
diff --git a/policy/modules/admin/dmesg.fc b/policy/modules/admin/dmesg.fc
-index d6cc2d9..0685b19 100644
+index d6cc2d970..0685b190d 100644
--- a/policy/modules/admin/dmesg.fc
+++ b/policy/modules/admin/dmesg.fc
@@ -1,2 +1,4 @@
@@ -1966,7 +1966,7 @@ index d6cc2d9..0685b19 100644
+
+/usr/bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0)
diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te
-index 72bc6d8..bb4a6f0 100644
+index 72bc6d815..bb4a6f0d7 100644
--- a/policy/modules/admin/dmesg.te
+++ b/policy/modules/admin/dmesg.te
@@ -9,6 +9,10 @@ type dmesg_t;
@@ -2017,7 +2017,7 @@ index 72bc6d8..bb4a6f0 100644
optional_policy(`
seutil_sigchld_newrole(dmesg_t)
diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
-index 407078f..1a09bea 100644
+index 407078f4b..1a09bead7 100644
--- a/policy/modules/admin/netutils.fc
+++ b/policy/modules/admin/netutils.fc
@@ -1,15 +1,22 @@
@@ -2046,7 +2046,7 @@ index 407078f..1a09bea 100644
/usr/sbin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0)
/usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0)
diff --git a/policy/modules/admin/netutils.if b/policy/modules/admin/netutils.if
-index c6ca761..0c86bfd 100644
+index c6ca761c9..0c86bfd54 100644
--- a/policy/modules/admin/netutils.if
+++ b/policy/modules/admin/netutils.if
@@ -42,6 +42,7 @@ interface(`netutils_run',`
@@ -2108,7 +2108,7 @@ index c6ca761..0c86bfd 100644
')
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
-index c44c359..5038ed0 100644
+index c44c3592a..5038ed0d5 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -7,10 +7,10 @@ policy_module(netutils, 1.12.1)
@@ -2310,7 +2310,7 @@ index c44c359..5038ed0 100644
+ term_dontaudit_use_all_ptys(traceroute_t)
+')
diff --git a/policy/modules/admin/su.fc b/policy/modules/admin/su.fc
-index 688abc2..3d89250 100644
+index 688abc2ae..3d89250a6 100644
--- a/policy/modules/admin/su.fc
+++ b/policy/modules/admin/su.fc
@@ -3,3 +3,4 @@
@@ -2319,7 +2319,7 @@ index 688abc2..3d89250 100644
/usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
+/usr/bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
-index 03ec5ca..1e3ace4 100644
+index 03ec5cafe..1e3ace4cf 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -41,13 +41,14 @@ template(`su_restricted_domain_template', `
@@ -2515,7 +2515,7 @@ index 03ec5ca..1e3ace4 100644
#######################################
diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te
-index 85bb77e..a430233 100644
+index 85bb77e05..a4302332a 100644
--- a/policy/modules/admin/su.te
+++ b/policy/modules/admin/su.te
@@ -9,3 +9,82 @@ attribute su_domain_type;
@@ -2602,7 +2602,7 @@ index 85bb77e..a430233 100644
+ xserver_domtrans_xauth(su_domain_type)
+')
diff --git a/policy/modules/admin/sudo.fc b/policy/modules/admin/sudo.fc
-index 7bddc02..2b59ed0 100644
+index 7bddc02a4..2b59ed0a0 100644
--- a/policy/modules/admin/sudo.fc
+++ b/policy/modules/admin/sudo.fc
@@ -1,2 +1,4 @@
@@ -2611,7 +2611,7 @@ index 7bddc02..2b59ed0 100644
+
+/var/db/sudo(/.*)? gen_context(system_u:object_r:sudo_db_t,s0)
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
-index 0960199..2e75ec7 100644
+index 096019932..2e75ec7de 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -32,6 +32,7 @@ template(`sudo_role_template',`
@@ -2796,7 +2796,7 @@ index 0960199..2e75ec7 100644
+ manage_files_pattern($1, sudo_db_t, sudo_db_t)
+')
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
-index d9fce57..174f893 100644
+index d9fce57ab..174f89336 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -7,3 +7,111 @@ attribute sudodomain;
@@ -2912,7 +2912,7 @@ index d9fce57..174f893 100644
+ fprintd_dbus_chat(sudodomain)
+')
diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
-index f82f0ce..7b8915d 100644
+index f82f0ce0a..7b8915d47 100644
--- a/policy/modules/admin/usermanage.fc
+++ b/policy/modules/admin/usermanage.fc
@@ -20,6 +20,7 @@ ifdef(`distro_gentoo',`
@@ -2932,7 +2932,7 @@ index f82f0ce..7b8915d 100644
/usr/share/cracklib(/.*)? gen_context(system_u:object_r:crack_db_t,s0)
diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if
-index 99e3903..fa68362 100644
+index 99e3903ea..fa68362ea 100644
--- a/policy/modules/admin/usermanage.if
+++ b/policy/modules/admin/usermanage.if
@@ -17,10 +17,6 @@ interface(`usermanage_domtrans_chfn',`
@@ -3089,7 +3089,7 @@ index 99e3903..fa68362 100644
##
##
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
-index 1d732f1..84225b4 100644
+index 1d732f1e7..84225b490 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -26,6 +26,7 @@ type chfn_exec_t;
@@ -3570,7 +3570,7 @@ index 1d732f1..84225b4 100644
+ stapserver_manage_lib(useradd_t)
+')
diff --git a/policy/modules/apps/seunshare.if b/policy/modules/apps/seunshare.if
-index 1dc7a85..e4f6fc2 100644
+index 1dc7a85d3..e4f6fc227 100644
--- a/policy/modules/apps/seunshare.if
+++ b/policy/modules/apps/seunshare.if
@@ -43,18 +43,18 @@ interface(`seunshare_run',`
@@ -3654,7 +3654,7 @@ index 1dc7a85..e4f6fc2 100644
+ corecmd_shell_domtrans($1_seunshare_t, $1_t)
')
diff --git a/policy/modules/apps/seunshare.te b/policy/modules/apps/seunshare.te
-index 7590165..f50f799 100644
+index 759016583..f50f79935 100644
--- a/policy/modules/apps/seunshare.te
+++ b/policy/modules/apps/seunshare.te
@@ -5,40 +5,65 @@ policy_module(seunshare, 1.1.0)
@@ -3744,7 +3744,7 @@ index 7590165..f50f799 100644
+ fs_mounton_fusefs(seunshare_domain)
')
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 33e0f8d..1b07806 100644
+index 33e0f8dad..1eb3faaa3 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -1,9 +1,10 @@
@@ -3968,7 +3968,7 @@ index 33e0f8d..1b07806 100644
/usr/lib/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0)
-@@ -245,26 +298,40 @@ ifdef(`distro_gentoo',`
+@@ -245,26 +298,41 @@ ifdef(`distro_gentoo',`
/usr/lib/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/debug/usr/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/debug/usr/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
@@ -3994,6 +3994,7 @@ index 33e0f8d..1b07806 100644
+/usr/libexec/cockpit-agent -- gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/cockpit-bridge -- gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/libexec/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/libexec/sudo/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
@@ -4014,7 +4015,7 @@ index 33e0f8d..1b07806 100644
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -280,10 +347,14 @@ ifdef(`distro_gentoo',`
+@@ -280,10 +348,14 @@ ifdef(`distro_gentoo',`
/usr/share/cluster/.*\.sh gen_context(system_u:object_r:bin_t,s0)
/usr/share/cluster/ocf-shellfuncs -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
@@ -4029,7 +4030,7 @@ index 33e0f8d..1b07806 100644
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -298,16 +369,22 @@ ifdef(`distro_gentoo',`
+@@ -298,16 +370,22 @@ ifdef(`distro_gentoo',`
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
@@ -4054,7 +4055,7 @@ index 33e0f8d..1b07806 100644
ifdef(`distro_debian',`
/usr/lib/ConsoleKit/.* -- gen_context(system_u:object_r:bin_t,s0)
-@@ -325,20 +402,27 @@ ifdef(`distro_redhat', `
+@@ -325,20 +403,27 @@ ifdef(`distro_redhat', `
/etc/gdm/[^/]+ -d gen_context(system_u:object_r:bin_t,s0)
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
@@ -4083,7 +4084,7 @@ index 33e0f8d..1b07806 100644
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -346,6 +430,7 @@ ifdef(`distro_redhat', `
+@@ -346,6 +431,7 @@ ifdef(`distro_redhat', `
/usr/share/ssl/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
@@ -4091,7 +4092,7 @@ index 33e0f8d..1b07806 100644
/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
-@@ -387,17 +472,36 @@ ifdef(`distro_suse', `
+@@ -387,17 +473,36 @@ ifdef(`distro_suse', `
#
# /var
#
@@ -4130,7 +4131,7 @@ index 33e0f8d..1b07806 100644
+/usr/lib/ruby/gems/.*/agents(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/virtualbox/VBoxManage -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
-index 9e9263a..cb42593 100644
+index 9e9263a68..cb425934b 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -8,6 +8,22 @@
@@ -4440,7 +4441,7 @@ index 9e9263a..cb42593 100644
+ filetrans_pattern($1, bin_t, $2, $3, $4)
+')
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
-index 20c76cf..cc63dcc 100644
+index 20c76cff9..cc63dcc9c 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -13,7 +13,8 @@ attribute exec_type;
@@ -4462,7 +4463,7 @@ index 20c76cf..cc63dcc 100644
type chroot_exec_t;
diff --git a/policy/modules/kernel/corenetwork.fc b/policy/modules/kernel/corenetwork.fc
-index f9b25c1..9af1f7a 100644
+index f9b25c12f..9af1f7a61 100644
--- a/policy/modules/kernel/corenetwork.fc
+++ b/policy/modules/kernel/corenetwork.fc
@@ -8,3 +8,6 @@
@@ -4473,7 +4474,7 @@ index f9b25c1..9af1f7a 100644
+/usr/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0)
+/usr/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0)
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
-index 07126bd..04cf2da 100644
+index 07126bdcc..04cf2dafe 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -55,6 +55,7 @@ interface(`corenet_reserved_port',`
@@ -5970,7 +5971,7 @@ index 07126bd..04cf2da 100644
+ dev_filetrans($1, ppp_device_t, chr_file, "ppp")
+')
diff --git a/policy/modules/kernel/corenetwork.if.m4 b/policy/modules/kernel/corenetwork.if.m4
-index 8e0f9cd..b9f45b9 100644
+index 8e0f9cd14..b9f45b996 100644
--- a/policy/modules/kernel/corenetwork.if.m4
+++ b/policy/modules/kernel/corenetwork.if.m4
@@ -631,6 +631,26 @@ interface(`corenet_udp_bind_$1_port',`
@@ -6025,7 +6026,7 @@ index 8e0f9cd..b9f45b9 100644
define(`create_packet_interfaces',``
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index b191055..4d57db3 100644
+index b191055f9..4d57db3a5 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2)
@@ -6486,7 +6487,7 @@ index b191055..4d57db3 100644
+typealias neutron_server_packet_t alias quantum_server_packet_t;
+typealias neutron_client_packet_t alias quantum_client_packet_t;
diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4
-index 3f6e168..340e49f 100644
+index 3f6e16889..340e49fd6 100644
--- a/policy/modules/kernel/corenetwork.te.m4
+++ b/policy/modules/kernel/corenetwork.te.m4
@@ -86,6 +86,11 @@ define(`add_port_attribute',`dnl
@@ -6510,7 +6511,7 @@ index 3f6e168..340e49f 100644
')
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
-index b31c054..0becf07 100644
+index b31c05491..0becf07e9 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -15,15 +15,18 @@
@@ -6681,7 +6682,7 @@ index b31c054..0becf07 100644
+/usr/lib/udev/devices/null -c gen_context(system_u:object_r:null_device_t,s0)
+/usr/lib/udev/devices/zero -c gen_context(system_u:object_r:zero_device_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
-index 76f285e..881eeef 100644
+index 76f285ea6..881eeefc9 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -143,13 +143,32 @@ interface(`dev_relabel_all_dev_nodes',`
@@ -9727,7 +9728,7 @@ index 76f285e..881eeef 100644
+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card9")
+')
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
-index 0b1a871..29965c3 100644
+index 0b1a8715a..29965c3f2 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -15,11 +15,12 @@ attribute devices_unconfined_type;
@@ -9911,7 +9912,7 @@ index 0b1a871..29965c3 100644
+dev_getattr_all(devices_unconfined_type)
+
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
-index 6a1e4d1..08fd8e4 100644
+index 6a1e4d156..08fd8e44a 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -76,33 +76,8 @@ interface(`domain_type',`
@@ -10260,7 +10261,7 @@ index 6a1e4d1..08fd8e4 100644
+ allow $1 domain:process rlimitinh;
')
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
-index cf04cb5..8d3d65b 100644
+index cf04cb509..8d3d65b2a 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -4,17 +4,49 @@ policy_module(domain, 1.11.0)
@@ -10818,7 +10819,7 @@ index cf04cb5..8d3d65b 100644
+ unconfined_server_stream_connect(domain)
+')
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
-index b876c48..d7cfba9 100644
+index b876c48ad..d7cfba96f 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -18,6 +18,7 @@ ifdef(`distro_redhat',`
@@ -11087,7 +11088,7 @@ index b876c48..d7cfba9 100644
+/nsr(/.*)? gen_context(system_u:object_r:var_t,s0)
+/nsr/logs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
-index f962f76..8c91d26 100644
+index f962f76ad..8c91d265c 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -19,6 +19,136 @@
@@ -15212,7 +15213,7 @@ index f962f76..8c91d26 100644
+ allow $1 etc_t:service status;
+')
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
-index 1a03abd..3221f80 100644
+index 1a03abdd7..3221f8018 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -5,12 +5,16 @@ policy_module(files, 1.18.1)
@@ -15415,7 +15416,7 @@ index 1a03abd..3221f80 100644
allow files_unconfined_type file_type:file execmod;
')
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
-index d7c11a0..f521a50 100644
+index d7c11a0b3..f521a50f8 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -1,23 +1,28 @@
@@ -15458,7 +15459,7 @@ index d7c11a0..f521a50 100644
/var/run/shm/.* <>
-')
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
-index 8416beb..2ebb524 100644
+index 8416beb43..2ebb52493 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -577,6 +577,24 @@ interface(`fs_mount_cgroup', `
@@ -19491,7 +19492,7 @@ index 8416beb..2ebb524 100644
+ allow $1 tracefs_t:filesystem unmount;
+')
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
-index e7d1738..59c1cb8 100644
+index e7d173844..59c1cb880 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -26,14 +26,19 @@ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
@@ -19681,7 +19682,7 @@ index e7d1738..59c1cb8 100644
+allow filesystem_unconfined_type filesystem_type:{ file } ~entrypoint;
+allow filesystem_unconfined_type filesystem_type:{ dir lnk_file sock_file fifo_file chr_file blk_file } *;
diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
-index 7be4ddf..9710b33 100644
+index 7be4ddf74..9710b3336 100644
--- a/policy/modules/kernel/kernel.fc
+++ b/policy/modules/kernel/kernel.fc
@@ -1 +1,5 @@
@@ -19692,7 +19693,7 @@ index 7be4ddf..9710b33 100644
+/sys/kernel/debug -d gen_context(system_u:object_r:debugfs_t,s0)
+/sys/kernel/debug/.* <>
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
-index e100d88..f005fc5 100644
+index e100d886b..f005fc59a 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -126,6 +126,24 @@ interface(`kernel_setsched',`
@@ -21153,7 +21154,7 @@ index e100d88..f005fc5 100644
+')
+
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 8dbab4c..a2f0d06 100644
+index 8dbab4c5e..a2f0d0614 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -25,6 +25,9 @@ attribute kern_unconfined;
@@ -21509,7 +21510,7 @@ index 8dbab4c..a2f0d06 100644
+read_lnk_files_pattern(kernel_system_state_reader, proc_t, proc_t)
+list_dirs_pattern(kernel_system_state_reader, proc_t, proc_t)
diff --git a/policy/modules/kernel/mcs.if b/policy/modules/kernel/mcs.if
-index b08a6e8..43d504b 100644
+index b08a6e849..43d504b88 100644
--- a/policy/modules/kernel/mcs.if
+++ b/policy/modules/kernel/mcs.if
@@ -44,11 +44,7 @@ interface(`mcs_constrained',`
@@ -21585,7 +21586,7 @@ index b08a6e8..43d504b 100644
+ refpolicywarn(`$0() has been deprecated, please remove mcs_constrained() instead.')
+')
diff --git a/policy/modules/kernel/mcs.te b/policy/modules/kernel/mcs.te
-index 2da98c2..31bed0a 100644
+index 2da98c257..31bed0a7c 100644
--- a/policy/modules/kernel/mcs.te
+++ b/policy/modules/kernel/mcs.te
@@ -11,3 +11,4 @@ attribute mcssetcats;
@@ -21594,7 +21595,7 @@ index 2da98c2..31bed0a 100644
attribute mcs_constrained_type;
+attribute mcsnetwrite;
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
-index d178478..42bf05b 100644
+index d178478da..42bf05bcd 100644
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@@ -100,6 +100,26 @@ interface(`mls_file_write_to_clearance',`
@@ -21625,7 +21626,7 @@ index d178478..42bf05b 100644
##
##
diff --git a/policy/modules/kernel/mls.te b/policy/modules/kernel/mls.te
-index 8c7bd90..66ee5b9 100644
+index 8c7bd90d2..66ee5b9a1 100644
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@@ -12,6 +12,7 @@ attribute mlsfilewritetoclr;
@@ -21637,14 +21638,14 @@ index 8c7bd90..66ee5b9 100644
attribute mlsnetread;
attribute mlsnetreadtoclr;
diff --git a/policy/modules/kernel/selinux.fc b/policy/modules/kernel/selinux.fc
-index 7be4ddf..4d4c577 100644
+index 7be4ddf74..4d4c577ad 100644
--- a/policy/modules/kernel/selinux.fc
+++ b/policy/modules/kernel/selinux.fc
@@ -1 +1 @@
-# This module currently does not have any file contexts.
+/selinux -l gen_context(system_u:object_r:security_t,s0)
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
-index 6d0811d..708f074 100644
+index 6d0811da3..708f07490 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
@@ -22013,7 +22014,7 @@ index 6d0811d..708f074 100644
+ mls_trusted_object($1)
')
diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te
-index e0a973b..7d3e431 100644
+index e0a973ba1..7d3e431ee 100644
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@@ -17,6 +17,7 @@ gen_bool(secure_mode_policyload,false)
@@ -22079,7 +22080,7 @@ index e0a973b..7d3e431 100644
')
}
diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
-index 54f1827..6910c88 100644
+index 54f182702..6910c8869 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -7,6 +7,7 @@
@@ -22118,7 +22119,7 @@ index 54f1827..6910c88 100644
+/usr/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/usr/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
-index 64c4cd0..52070af 100644
+index 64c4cd01c..52070af0b 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -22,6 +22,30 @@ interface(`storage_getattr_fixed_disk_dev',`
@@ -22767,7 +22768,7 @@ index 64c4cd0..52070af 100644
+
+')
diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te
-index 156c333..02f5a3c 100644
+index 156c33310..02f5a3c91 100644
--- a/policy/modules/kernel/storage.te
+++ b/policy/modules/kernel/storage.te
@@ -57,3 +57,9 @@ dev_node(tape_device_t)
@@ -22781,7 +22782,7 @@ index 156c333..02f5a3c 100644
+ dev_manage_generic_blk_files(fixed_disk_raw_write)
+')
diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
-index 0ea25b6..37069ae 100644
+index 0ea25b653..37069ae93 100644
--- a/policy/modules/kernel/terminal.fc
+++ b/policy/modules/kernel/terminal.fc
@@ -14,12 +14,13 @@
@@ -22809,7 +22810,7 @@ index 0ea25b6..37069ae 100644
+
+/usr/lib/udev/devices/pts -d gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
-index cbb729b..ce0291e 100644
+index cbb729b66..ce0291ec6 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -124,7 +124,7 @@ interface(`term_user_tty',`
@@ -23685,7 +23686,7 @@ index cbb729b..ce0291e 100644
+ dev_filetrans($1, tty_device_t, chr_file, "xvc9")
')
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
-index 66e116a..a0a5d90 100644
+index 66e116a3f..a0a5d90fe 100644
--- a/policy/modules/kernel/terminal.te
+++ b/policy/modules/kernel/terminal.te
@@ -29,6 +29,7 @@ files_mountpoint(devpts_t)
@@ -23707,21 +23708,21 @@ index 66e116a..a0a5d90 100644
dev_node(virtio_device_t)
diff --git a/policy/modules/kernel/unlabelednet.fc b/policy/modules/kernel/unlabelednet.fc
new file mode 100644
-index 0000000..f310b9d
+index 000000000..f310b9d55
--- /dev/null
+++ b/policy/modules/kernel/unlabelednet.fc
@@ -0,0 +1 @@
+# No unlabelednet file contexts.
diff --git a/policy/modules/kernel/unlabelednet.if b/policy/modules/kernel/unlabelednet.if
new file mode 100644
-index 0000000..0ce0470
+index 000000000..0ce04703a
--- /dev/null
+++ b/policy/modules/kernel/unlabelednet.if
@@ -0,0 +1 @@
+## Policy for allowing confined domains to use unlabeled_t packets
diff --git a/policy/modules/kernel/unlabelednet.te b/policy/modules/kernel/unlabelednet.te
new file mode 100644
-index 0000000..48caabc
+index 000000000..48caabc7e
--- /dev/null
+++ b/policy/modules/kernel/unlabelednet.te
@@ -0,0 +1,12 @@
@@ -23738,7 +23739,7 @@ index 0000000..48caabc
+allow domain unlabeled_t:packet { send recv };
+
diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te
-index 834a065..ff93697 100644
+index 834a065de..ff9369756 100644
--- a/policy/modules/roles/auditadm.te
+++ b/policy/modules/roles/auditadm.te
@@ -7,7 +7,7 @@ policy_module(auditadm, 2.2.0)
@@ -23775,7 +23776,7 @@ index 834a065..ff93697 100644
consoletype_exec(auditadm_t)
')
diff --git a/policy/modules/roles/logadm.te b/policy/modules/roles/logadm.te
-index 3a45a3e..7499f24 100644
+index 3a45a3ef0..7499f24b5 100644
--- a/policy/modules/roles/logadm.te
+++ b/policy/modules/roles/logadm.te
@@ -7,13 +7,12 @@ policy_module(logadm, 1.0.0)
@@ -23795,7 +23796,7 @@ index 3a45a3e..7499f24 100644
+allow logadm_t self:capability { dac_override dac_read_search kill sys_nice };
logging_admin(logadm_t, logadm_r)
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
-index da11120..621ec5a 100644
+index da111206f..621ec5afc 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -7,8 +7,11 @@ policy_module(secadm, 2.4.0)
@@ -23836,7 +23837,7 @@ index da11120..621ec5a 100644
init_exec(secadm_t)
diff --git a/policy/modules/roles/staff.if b/policy/modules/roles/staff.if
-index 234a940..a92415a 100644
+index 234a940f9..a92415a9d 100644
--- a/policy/modules/roles/staff.if
+++ b/policy/modules/roles/staff.if
@@ -1,4 +1,20 @@
@@ -23862,7 +23863,7 @@ index 234a940..a92415a 100644
########################################
##
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index 0fef1fc..8116042 100644
+index 0fef1fca2..811604297 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -8,12 +8,73 @@ policy_module(staff, 2.4.0)
@@ -24239,7 +24240,7 @@ index 0fef1fc..8116042 100644
+ ')
+')
diff --git a/policy/modules/roles/sysadm.if b/policy/modules/roles/sysadm.if
-index ff92430..36740ea 100644
+index ff9243078..36740eab3 100644
--- a/policy/modules/roles/sysadm.if
+++ b/policy/modules/roles/sysadm.if
@@ -70,6 +70,23 @@ interface(`sysadm_shell_domtrans',`
@@ -24267,7 +24268,7 @@ index ff92430..36740ea 100644
##
## Execute a generic bin program in the sysadm domain.
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
-index 2522ca6..24d8439 100644
+index 2522ca6c0..24d84394a 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -5,39 +5,92 @@ policy_module(sysadm, 2.6.1)
@@ -24910,21 +24911,21 @@ index 2522ca6..24d8439 100644
+')
diff --git a/policy/modules/roles/sysadm_secadm.fc b/policy/modules/roles/sysadm_secadm.fc
new file mode 100644
-index 0000000..ae3b6db
+index 000000000..ae3b6db92
--- /dev/null
+++ b/policy/modules/roles/sysadm_secadm.fc
@@ -0,0 +1 @@
+# No context
diff --git a/policy/modules/roles/sysadm_secadm.if b/policy/modules/roles/sysadm_secadm.if
new file mode 100644
-index 0000000..bd83148
+index 000000000..bd83148e1
--- /dev/null
+++ b/policy/modules/roles/sysadm_secadm.if
@@ -0,0 +1 @@
+## No Interfaces
diff --git a/policy/modules/roles/sysadm_secadm.te b/policy/modules/roles/sysadm_secadm.te
new file mode 100644
-index 0000000..63bc797
+index 000000000..63bc79792
--- /dev/null
+++ b/policy/modules/roles/sysadm_secadm.te
@@ -0,0 +1,25 @@
@@ -24955,7 +24956,7 @@ index 0000000..63bc797
+logging_stream_connect_syslog(sysadm_t)
diff --git a/policy/modules/roles/unconfineduser.fc b/policy/modules/roles/unconfineduser.fc
new file mode 100644
-index 0000000..d9efb90
+index 000000000..d9efb902a
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.fc
@@ -0,0 +1,8 @@
@@ -24969,7 +24970,7 @@ index 0000000..d9efb90
+#/usr/sbin/xrdp-sesman -- gen_context(system_u:object_r:unconfined_exec_t,s0)
diff --git a/policy/modules/roles/unconfineduser.if b/policy/modules/roles/unconfineduser.if
new file mode 100644
-index 0000000..15b42ae
+index 000000000..15b42aef6
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.if
@@ -0,0 +1,727 @@
@@ -25702,7 +25703,7 @@ index 0000000..15b42ae
+
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
new file mode 100644
-index 0000000..883d9ea
+index 000000000..883d9eaa3
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.te
@@ -0,0 +1,362 @@
@@ -26069,7 +26070,7 @@ index 0000000..883d9ea
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+
diff --git a/policy/modules/roles/unprivuser.if b/policy/modules/roles/unprivuser.if
-index 3835596..fbca2be 100644
+index 383559646..fbca2be81 100644
--- a/policy/modules/roles/unprivuser.if
+++ b/policy/modules/roles/unprivuser.if
@@ -1,4 +1,4 @@
@@ -26079,7 +26080,7 @@ index 3835596..fbca2be 100644
########################################
##
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
-index 6d77e81..20657b8 100644
+index 6d77e81c5..20657b824 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -1,5 +1,12 @@
@@ -26267,7 +26268,7 @@ index 6d77e81..20657b8 100644
+ ')
')
diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc
-index a26f84f..f4a44eb 100644
+index a26f84f40..f4a44ebc6 100644
--- a/policy/modules/services/postgresql.fc
+++ b/policy/modules/services/postgresql.fc
@@ -10,11 +10,16 @@
@@ -26307,7 +26308,7 @@ index a26f84f..f4a44eb 100644
-/var/run/postmaster.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
+#/var/run/postmaster.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
-index 9d2f311..2d782e0 100644
+index 9d2f31168..2d782e051 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -10,90 +10,46 @@
@@ -26662,7 +26663,7 @@ index 9d2f311..2d782e0 100644
+ postgresql_filetrans_named_content($1)
')
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
-index 0306134..bb5f3dd 100644
+index 03061349c..bb5f3dd51 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -19,25 +19,32 @@ gen_require(`
@@ -26887,7 +26888,7 @@ index 0306134..bb5f3dd 100644
+ ')
+')
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
-index 76d9f66..7528851 100644
+index 76d9f66ec..7528851ad 100644
--- a/policy/modules/services/ssh.fc
+++ b/policy/modules/services/ssh.fc
@@ -1,16 +1,42 @@
@@ -26936,7 +26937,7 @@ index 76d9f66..7528851 100644
+/root/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/root/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index fe0c682..92e8e48 100644
+index fe0c68272..92e8e489b 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -32,10 +32,11 @@
@@ -27664,7 +27665,7 @@ index fe0c682..92e8e48 100644
+ ps_process_pattern($1, sshd_t)
+')
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
-index cc877c7..3038b08 100644
+index cc877c7b0..3038b0862 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -6,43 +6,69 @@ policy_module(ssh, 2.4.2)
@@ -28338,7 +28339,7 @@ index cc877c7..3038b08 100644
+ xserver_rw_xdm_pipes(ssh_agent_type)
+')
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
-index 8274418..a47fd0b4 100644
+index 8274418c6..a47fd0b4d 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -2,13 +2,39 @@
@@ -28507,7 +28508,7 @@ index 8274418..a47fd0b4 100644
+/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
-index 6bf0ecc..e6be63a 100644
+index 6bf0ecc2d..e6be63aa8 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -18,100 +18,36 @@
@@ -30267,7 +30268,7 @@ index 6bf0ecc..e6be63a 100644
+')
+
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 8b40377..3b99ed3 100644
+index 8b403774f..3b99ed336 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -26,28 +26,66 @@ gen_require(`
@@ -31792,7 +31793,7 @@ index 8b40377..3b99ed3 100644
+ dev_dontaudit_rw_dri(dridomain)
+')
diff --git a/policy/modules/system/application.if b/policy/modules/system/application.if
-index 1b6619e..be02b96 100644
+index 1b6619e64..be02b9618 100644
--- a/policy/modules/system/application.if
+++ b/policy/modules/system/application.if
@@ -43,6 +43,27 @@ interface(`application_executable_file',`
@@ -31903,7 +31904,7 @@ index 1b6619e..be02b96 100644
+ allow $1 application_domain_type:socket_class_set getattr;
+')
diff --git a/policy/modules/system/application.te b/policy/modules/system/application.te
-index c6fdab7..af71c62 100644
+index c6fdab72d..af71c62f7 100644
--- a/policy/modules/system/application.te
+++ b/policy/modules/system/application.te
@@ -6,15 +6,40 @@ attribute application_domain_type;
@@ -31949,7 +31950,7 @@ index c6fdab7..af71c62 100644
sudo_sigchld(application_domain_type)
')
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
-index 2479587..890e1e2 100644
+index 247958765..890e1e293 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -1,14 +1,28 @@
@@ -32044,7 +32045,7 @@ index 2479587..890e1e2 100644
/var/(db|adm)/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
/var/lib/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
-index 3efd5b6..3db526f 100644
+index 3efd5b669..3db526f84 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -23,11 +23,17 @@ interface(`auth_role',`
@@ -32962,7 +32963,7 @@ index 3efd5b6..3db526f 100644
+ allow $1 login_pgm:key manage_key_perms;
+')
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
-index 09b791d..2d255df 100644
+index 09b791dcc..2d255df93 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -5,6 +5,19 @@ policy_module(authlogin, 2.5.1)
@@ -33465,7 +33466,7 @@ index 09b791d..2d255df 100644
+ ssh_read_user_home_files(login_pgm)
+')
diff --git a/policy/modules/system/clock.fc b/policy/modules/system/clock.fc
-index c5e05ca..c9ddbee 100644
+index c5e05ca70..c9ddbeeca 100644
--- a/policy/modules/system/clock.fc
+++ b/policy/modules/system/clock.fc
@@ -3,3 +3,5 @@
@@ -33475,7 +33476,7 @@ index c5e05ca..c9ddbee 100644
+/usr/sbin/hwclock -- gen_context(system_u:object_r:hwclock_exec_t,s0)
+
diff --git a/policy/modules/system/clock.if b/policy/modules/system/clock.if
-index d475c2d..55305d5 100644
+index d475c2deb..55305d5f3 100644
--- a/policy/modules/system/clock.if
+++ b/policy/modules/system/clock.if
@@ -117,3 +117,40 @@ interface(`clock_rw_adjtime',`
@@ -33520,7 +33521,7 @@ index d475c2d..55305d5 100644
+ files_etc_filetrans($1, adjtime_t, file, "adjtime" )
+')
diff --git a/policy/modules/system/clock.te b/policy/modules/system/clock.te
-index edece47..2e7b811 100644
+index edece47dc..2e7b81176 100644
--- a/policy/modules/system/clock.te
+++ b/policy/modules/system/clock.te
@@ -20,7 +20,7 @@ role system_r types hwclock_t;
@@ -33567,7 +33568,7 @@ index edece47..2e7b811 100644
')
diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
-index 948ce2a..8cab8ae 100644
+index 948ce2a32..8cab8aef2 100644
--- a/policy/modules/system/fstools.fc
+++ b/policy/modules/system/fstools.fc
@@ -1,4 +1,3 @@
@@ -33640,7 +33641,7 @@ index 948ce2a..8cab8ae 100644
+
+/var/run/blkid(/.*)? gen_context(system_u:object_r:fsadm_var_run_t,s0)
diff --git a/policy/modules/system/fstools.if b/policy/modules/system/fstools.if
-index 016a770..3fce820 100644
+index 016a770b9..3fce820a5 100644
--- a/policy/modules/system/fstools.if
+++ b/policy/modules/system/fstools.if
@@ -154,3 +154,42 @@ interface(`fstools_getattr_swap_files',`
@@ -33687,7 +33688,7 @@ index 016a770..3fce820 100644
+ files_pid_filetrans($1, fsadm_var_run_t, dir, "blkid")
+')
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
-index 3f48d30..cb4f966 100644
+index 3f48d300a..cb4f966c0 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -13,9 +13,15 @@ role system_r types fsadm_t;
@@ -33840,7 +33841,7 @@ index 3f48d30..cb4f966 100644
xen_rw_image_files(fsadm_t)
')
diff --git a/policy/modules/system/getty.fc b/policy/modules/system/getty.fc
-index e1a1848..4927638 100644
+index e1a1848a2..492763873 100644
--- a/policy/modules/system/getty.fc
+++ b/policy/modules/system/getty.fc
@@ -3,8 +3,12 @@
@@ -33859,7 +33860,7 @@ index e1a1848..4927638 100644
/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
diff --git a/policy/modules/system/getty.if b/policy/modules/system/getty.if
-index e4376aa..2c98c56 100644
+index e4376aa98..2c98c5647 100644
--- a/policy/modules/system/getty.if
+++ b/policy/modules/system/getty.if
@@ -96,3 +96,45 @@ interface(`getty_rw_config',`
@@ -33909,7 +33910,7 @@ index e4376aa..2c98c56 100644
+ allow $1 getty_unit_file_t:service start;
+')
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
-index f6743ea..ef08ff3 100644
+index f6743ea19..ef08ff3cf 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -27,13 +27,24 @@ files_tmp_file(getty_tmp_t)
@@ -33997,7 +33998,7 @@ index f6743ea..ef08ff3 100644
optional_policy(`
diff --git a/policy/modules/system/hostname.fc b/policy/modules/system/hostname.fc
-index 9dfecf7..6d00f5c 100644
+index 9dfecf77c..6d00f5c13 100644
--- a/policy/modules/system/hostname.fc
+++ b/policy/modules/system/hostname.fc
@@ -1,2 +1,4 @@
@@ -34006,7 +34007,7 @@ index 9dfecf7..6d00f5c 100644
+
+/usr/bin/hostname -- gen_context(system_u:object_r:hostname_exec_t,s0)
diff --git a/policy/modules/system/hostname.if b/policy/modules/system/hostname.if
-index 187f04f..cf0af09 100644
+index 187f04f83..cf0af0991 100644
--- a/policy/modules/system/hostname.if
+++ b/policy/modules/system/hostname.if
@@ -53,7 +53,6 @@ interface(`hostname_run',`
@@ -34018,7 +34019,7 @@ index 187f04f..cf0af09 100644
interface(`hostname_exec',`
gen_require(`
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
-index 24a7889..619b32e 100644
+index 24a78897a..619b32ebe 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -23,33 +23,36 @@ dontaudit hostname_t self:capability sys_tty_config;
@@ -34085,7 +34086,7 @@ index 24a7889..619b32e 100644
xen_dontaudit_use_fds(hostname_t)
')
diff --git a/policy/modules/system/hotplug.fc b/policy/modules/system/hotplug.fc
-index caf736b..91c4c6f 100644
+index caf736b3b..91c4c6f23 100644
--- a/policy/modules/system/hotplug.fc
+++ b/policy/modules/system/hotplug.fc
@@ -7,5 +7,8 @@
@@ -34098,7 +34099,7 @@ index caf736b..91c4c6f 100644
/var/run/usb(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
/var/run/hotplug(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
diff --git a/policy/modules/system/hotplug.if b/policy/modules/system/hotplug.if
-index 40eb10c..2a0a32c 100644
+index 40eb10c60..2a0a32c2d 100644
--- a/policy/modules/system/hotplug.if
+++ b/policy/modules/system/hotplug.if
@@ -34,7 +34,7 @@ interface(`hotplug_domtrans',`
@@ -34111,7 +34112,7 @@ index 40eb10c..2a0a32c 100644
corecmd_search_bin($1)
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
-index b2097e7..0a49e14 100644
+index b2097e743..0a49e14ba 100644
--- a/policy/modules/system/hotplug.te
+++ b/policy/modules/system/hotplug.te
@@ -23,7 +23,7 @@ files_pid_file(hotplug_var_run_t)
@@ -34166,7 +34167,7 @@ index b2097e7..0a49e14 100644
')
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
-index bc0ffc8..37b8ea5 100644
+index bc0ffc84e..37b8ea5ec 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -1,6 +1,9 @@
@@ -34234,7 +34235,7 @@ index bc0ffc8..37b8ea5 100644
')
+/var/run/systemd(/.*)? gen_context(system_u:object_r:init_var_run_t,s0)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 79a45f6..4181811 100644
+index 79a45f62e..4181811d2 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1,5 +1,21 @@
@@ -36030,7 +36031,7 @@ index 79a45f6..4181811 100644
+ allow $1 init_var_lib_t:dir search_dir_perms;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index 17eda24..a11f1ad 100644
+index 17eda2480..a11f1adcb 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -11,10 +11,31 @@ gen_require(`
@@ -37517,7 +37518,7 @@ index 17eda24..a11f1ad 100644
+ ')
+ ')
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
-index 662e79b..d32012f 100644
+index 662e79be8..d32012ffe 100644
--- a/policy/modules/system/ipsec.fc
+++ b/policy/modules/system/ipsec.fc
@@ -1,14 +1,26 @@
@@ -37579,7 +37580,7 @@ index 662e79b..d32012f 100644
+/var/run/pluto/ipsec\.info -- gen_context(system_u:object_r:ipsec_mgmt_var_run_t, s0)
+/var/run/pluto/ipsec_setup\.pid -- gen_context(system_u:object_r:ipsec_mgmt_var_run_t, s0)
diff --git a/policy/modules/system/ipsec.if b/policy/modules/system/ipsec.if
-index 0d4c8d3..537aa42 100644
+index 0d4c8d35e..537aa4274 100644
--- a/policy/modules/system/ipsec.if
+++ b/policy/modules/system/ipsec.if
@@ -18,6 +18,24 @@ interface(`ipsec_domtrans',`
@@ -37821,7 +37822,7 @@ index 0d4c8d3..537aa42 100644
+ ps_process_pattern($1, ipsec_mgmt_t)
+')
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
-index 312cd04..102b975 100644
+index 312cd0417..102b975de 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -48,6 +48,9 @@ init_system_domain(ipsec_mgmt_t, ipsec_mgmt_exec_t)
@@ -38160,7 +38161,7 @@ index 312cd04..102b975 100644
+userdom_use_inherited_user_terminals(setkey_t)
+userdom_read_user_tmp_files(setkey_t)
diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc
-index 73a1c4e..1ca98b8 100644
+index 73a1c4e1e..1ca98b865 100644
--- a/policy/modules/system/iptables.fc
+++ b/policy/modules/system/iptables.fc
@@ -1,22 +1,49 @@
@@ -38230,7 +38231,7 @@ index 73a1c4e..1ca98b8 100644
+
+/var/run/xtables.* -- gen_context(system_u:object_r:iptables_var_run_t,s0)
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
-index c42fbc3..bf211db 100644
+index c42fbc329..bf211dbee 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -17,10 +17,6 @@ interface(`iptables_domtrans',`
@@ -38298,7 +38299,7 @@ index c42fbc3..bf211db 100644
+ files_pid_filetrans($1, iptables_var_run_t, file, "xtables.lock")
+')
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
-index be8ed1e..aa38f90 100644
+index be8ed1e6c..aa38f909f 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -16,15 +16,21 @@ role iptables_roles types iptables_t;
@@ -38473,14 +38474,14 @@ index be8ed1e..aa38f90 100644
optional_policy(`
diff --git a/policy/modules/system/kdbus.fc b/policy/modules/system/kdbus.fc
new file mode 100644
-index 0000000..1bb8bf6
+index 000000000..1bb8bf6d7
--- /dev/null
+++ b/policy/modules/system/kdbus.fc
@@ -0,0 +1 @@
+# empty
diff --git a/policy/modules/system/kdbus.if b/policy/modules/system/kdbus.if
new file mode 100644
-index 0000000..6a1c9ed
+index 000000000..6a1c9ed87
--- /dev/null
+++ b/policy/modules/system/kdbus.if
@@ -0,0 +1,2 @@
@@ -38488,7 +38489,7 @@ index 0000000..6a1c9ed
+
diff --git a/policy/modules/system/kdbus.te b/policy/modules/system/kdbus.te
new file mode 100644
-index 0000000..c814795
+index 000000000..c8147952a
--- /dev/null
+++ b/policy/modules/system/kdbus.te
@@ -0,0 +1,14 @@
@@ -38507,7 +38508,7 @@ index 0000000..c814795
+fs_manage_kdbus_dirs(systemd_logind_t)
+fs_manage_kdbus_files(systemd_logind_t)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
-index 73bb3c0..a70bee5 100644
+index 73bb3c00c..a70bee5b0 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -1,3 +1,4 @@
@@ -38851,7 +38852,7 @@ index 73bb3c0..a70bee5 100644
+
+/usr/sbin/ldconfig -- gen_context(system_u:object_r:ldconfig_exec_t,s0)
diff --git a/policy/modules/system/libraries.if b/policy/modules/system/libraries.if
-index 808ba93..baca326 100644
+index 808ba93eb..baca32645 100644
--- a/policy/modules/system/libraries.if
+++ b/policy/modules/system/libraries.if
@@ -66,6 +66,25 @@ interface(`libs_exec_ldconfig',`
@@ -39065,7 +39066,7 @@ index 808ba93..baca326 100644
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
+')
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
-index 54f8fa5..b9dbbe0 100644
+index 54f8fa5c8..b9dbbe005 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -32,14 +32,14 @@ files_tmp_file(ldconfig_tmp_t)
@@ -39189,7 +39190,7 @@ index 54f8fa5..b9dbbe0 100644
- unconfined_domain(ldconfig_t)
-')
diff --git a/policy/modules/system/locallogin.fc b/policy/modules/system/locallogin.fc
-index be6a81b..a5303e9 100644
+index be6a81b80..a5303e920 100644
--- a/policy/modules/system/locallogin.fc
+++ b/policy/modules/system/locallogin.fc
@@ -1,3 +1,8 @@
@@ -39202,7 +39203,7 @@ index be6a81b..a5303e9 100644
+/usr/sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0)
+/usr/sbin/sushell -- gen_context(system_u:object_r:sulogin_exec_t,s0)
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
-index 0e3c2a9..ea9bd57 100644
+index 0e3c2a977..ea9bd57dc 100644
--- a/policy/modules/system/locallogin.if
+++ b/policy/modules/system/locallogin.if
@@ -129,3 +129,59 @@ interface(`locallogin_domtrans_sulogin',`
@@ -39266,7 +39267,7 @@ index 0e3c2a9..ea9bd57 100644
+ userdom_admin_home_dir_filetrans($1, local_login_home_t, file, ".hushlogin")
+')
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
-index 446fa99..fcf08ac 100644
+index 446fa9908..fcf08acb2 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -13,9 +13,8 @@ auth_login_entry_type(local_login_t)
@@ -39481,7 +39482,7 @@ index 446fa99..fcf08ac 100644
+ plymouthd_exec_plymouth(sulogin_t)
')
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index b50c5fe..9eacd9b 100644
+index b50c5fe81..9eacd9ba1 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -1,11 +1,15 @@
@@ -39573,7 +39574,7 @@ index b50c5fe..9eacd9b 100644
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
+
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 4e94884..0690edf 100644
+index 4e9488463..0690edf4c 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
@@ -40160,7 +40161,7 @@ index 4e94884..0690edf 100644
+ filetrans_pattern($1, syslogd_var_run_t, $2, $3, $4)
+')
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 59b04c1..2ce4886 100644
+index 59b04c1a2..2ce4886a4 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -4,6 +4,29 @@ policy_module(logging, 1.20.1)
@@ -40648,7 +40649,7 @@ index 59b04c1..2ce4886 100644
+
+logging_stream_connect_syslog(syslog_client_type)
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
-index 6b91740..7724116 100644
+index 6b917403e..772411608 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -23,6 +23,8 @@ ifdef(`distro_gentoo',`
@@ -40782,7 +40783,7 @@ index 6b91740..7724116 100644
+
+/var/run/storaged(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
-index 58bc27f..9e86fce 100644
+index 58bc27f22..9e86fceec 100644
--- a/policy/modules/system/lvm.if
+++ b/policy/modules/system/lvm.if
@@ -1,5 +1,41 @@
@@ -41081,7 +41082,7 @@ index 58bc27f..9e86fce 100644
+
+
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
-index 79048c4..b0cb1e5 100644
+index 79048c410..b0cb1e565 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -12,6 +12,9 @@ init_daemon_domain(clvmd_t, clvmd_exec_t)
@@ -41362,7 +41363,7 @@ index 79048c4..b0cb1e5 100644
udev_read_pid_files(lvm_t)
')
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
-index 9fe8e01..c62c761 100644
+index 9fe8e01e3..c62c76136 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -9,11 +9,16 @@ ifdef(`distro_gentoo',`
@@ -41432,7 +41433,7 @@ index 9fe8e01..c62c761 100644
/var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
')
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
-index fc28bc3..8828b8a 100644
+index fc28bc31b..8828b8a45 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -67,6 +67,27 @@ interface(`miscfiles_read_all_certs',`
@@ -41697,7 +41698,7 @@ index fc28bc3..8828b8a 100644
+ files_var_filetrans($1, public_content_t, dir, "ftp")
+')
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
-index 1361961..be6b7fc 100644
+index 1361961d0..be6b7fc80 100644
--- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te
@@ -4,7 +4,6 @@ policy_module(miscfiles, 1.11.0)
@@ -41722,7 +41723,7 @@ index 1361961..be6b7fc 100644
#
# Base type for the tests directory.
diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc
-index 9933677..7875b79 100644
+index 993367709..7875b79fa 100644
--- a/policy/modules/system/modutils.fc
+++ b/policy/modules/system/modutils.fc
@@ -10,8 +10,6 @@ ifdef(`distro_gentoo',`
@@ -41751,7 +41752,7 @@ index 9933677..7875b79 100644
+
+/var/run/tmpfiles.d/kmod.conf -- gen_context(system_u:object_r:insmod_var_run_t,s0)
diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
-index 7449974..b792900 100644
+index 7449974f6..b79290062 100644
--- a/policy/modules/system/modutils.if
+++ b/policy/modules/system/modutils.if
@@ -12,11 +12,28 @@
@@ -41947,7 +41948,7 @@ index 7449974..b792900 100644
+ #files_kernel_modules_filetrans($1, modules_dep_t, file, "modules.symbols.bin")
+')
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
-index 7a363b8..3788291 100644
+index 7a363b8b2..3788291a1 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -5,7 +5,7 @@ policy_module(modutils, 1.14.0)
@@ -42225,7 +42226,7 @@ index 7a363b8..3788291 100644
ifdef(`distro_gentoo',`
diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc
-index a38605e..f035d9f 100644
+index a38605e50..f035d9fbb 100644
--- a/policy/modules/system/mount.fc
+++ b/policy/modules/system/mount.fc
@@ -1,6 +1,26 @@
@@ -42258,7 +42259,7 @@ index a38605e..f035d9f 100644
+/usr/sbin/umount\.ecryptfs_private -- gen_context(system_u:object_r:mount_ecryptfs_exec_t,s0)
+/usr/sbin/umount\.ecryptfs -- gen_context(system_u:object_r:mount_ecryptfs_exec_t,s0)
diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
-index 4584457..8f676d0 100644
+index 4584457b1..8f676d0c8 100644
--- a/policy/modules/system/mount.if
+++ b/policy/modules/system/mount.if
@@ -16,6 +16,13 @@ interface(`mount_domtrans',`
@@ -42624,7 +42625,7 @@ index 4584457..8f676d0 100644
')
+
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
-index 459a0ef..ed4756e 100644
+index 459a0efbc..ed4756edc 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -5,13 +5,6 @@ policy_module(mount, 1.16.1)
@@ -43071,7 +43072,7 @@ index 459a0ef..ed4756e 100644
+ unconfined_domain(unconfined_mount_t)
')
diff --git a/policy/modules/system/netlabel.fc b/policy/modules/system/netlabel.fc
-index b263a8a..15576ab 100644
+index b263a8af5..15576ab83 100644
--- a/policy/modules/system/netlabel.fc
+++ b/policy/modules/system/netlabel.fc
@@ -1 +1,6 @@
@@ -43082,7 +43083,7 @@ index b263a8a..15576ab 100644
+/usr/sbin/netlabelctl -- gen_context(system_u:object_r:netlabel_mgmt_exec_t,s0)
+/usr/sbin/netlabel-config -- gen_context(system_u:object_r:netlabel_mgmt_exec_t,s0)
diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te
-index cbbda4a..d7c67bc 100644
+index cbbda4a3e..d7c67bc40 100644
--- a/policy/modules/system/netlabel.te
+++ b/policy/modules/system/netlabel.te
@@ -7,9 +7,13 @@ policy_module(netlabel, 1.3.0)
@@ -43125,7 +43126,7 @@ index cbbda4a..d7c67bc 100644
+userdom_use_inherited_user_terminals(netlabel_mgmt_t)
+
diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc
-index d43f3b1..c5053db 100644
+index d43f3b194..c5053dbbd 100644
--- a/policy/modules/system/selinuxutil.fc
+++ b/policy/modules/system/selinuxutil.fc
@@ -6,13 +6,15 @@
@@ -43181,7 +43182,7 @@ index d43f3b1..c5053db 100644
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
-index 3822072..d358162 100644
+index 38220721d..d3581622d 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -135,6 +135,42 @@ interface(`seutil_exec_loadpolicy',`
@@ -43979,7 +43980,7 @@ index 3822072..d358162 100644
+ allow semanage_t $1:dbus send_msg;
+')
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
-index dc46420..f9c5d20 100644
+index dc4642022..f9c5d205c 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -11,14 +11,16 @@ gen_require(`
@@ -44820,7 +44821,7 @@ index dc46420..f9c5d20 100644
+ policykit_dbus_chat(policy_manager_domain)
')
diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc
-index bea4629..06e2834 100644
+index bea462999..06e2834f7 100644
--- a/policy/modules/system/setrans.fc
+++ b/policy/modules/system/setrans.fc
@@ -2,4 +2,7 @@
@@ -44832,7 +44833,7 @@ index bea4629..06e2834 100644
/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
+/var/run/mcstransd\.pid gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
diff --git a/policy/modules/system/setrans.if b/policy/modules/system/setrans.if
-index efa9c27..536a514 100644
+index efa9c27f6..536a514fc 100644
--- a/policy/modules/system/setrans.if
+++ b/policy/modules/system/setrans.if
@@ -40,3 +40,21 @@ interface(`setrans_translate_context',`
@@ -44858,7 +44859,7 @@ index efa9c27..536a514 100644
+ manage_files_pattern($1, setrans_var_run_t, setrans_var_run_t)
+')
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
-index 1447687..0b1da4d 100644
+index 1447687d5..0b1da4d3e 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -12,6 +12,7 @@ gen_require(`
@@ -44886,7 +44887,7 @@ index 1447687..0b1da4d 100644
seutil_read_config(setrans_t)
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
-index 40edc18..95f4458 100644
+index 40edc18ab..95f4458d2 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -17,23 +17,29 @@ ifdef(`distro_debian',`
@@ -44962,7 +44963,7 @@ index 40edc18..95f4458 100644
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
+
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 2cea692..e3cb4f2 100644
+index 2cea692c0..e3cb4f2ef 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -45535,7 +45536,7 @@ index 2cea692..e3cb4f2 100644
+ files_etc_filetrans($1, net_conf_t, file)
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index a392fc4..41a5b08 100644
+index a392fc4bc..41a5b082f 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -5,6 +5,13 @@ policy_module(sysnetwork, 1.15.4)
@@ -45962,7 +45963,7 @@ index a392fc4..41a5b08 100644
+')
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
new file mode 100644
-index 0000000..21963a2
+index 000000000..21963a267
--- /dev/null
+++ b/policy/modules/system/systemd.fc
@@ -0,0 +1,72 @@
@@ -46040,7 +46041,7 @@ index 0000000..21963a2
+/var/run/initramfs(/.*)? <>
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
new file mode 100644
-index 0000000..d1356af
+index 000000000..d1356af89
--- /dev/null
+++ b/policy/modules/system/systemd.if
@@ -0,0 +1,1842 @@
@@ -47888,7 +47889,7 @@ index 0000000..d1356af
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644
-index 0000000..9318a15
+index 000000000..9318a15b1
--- /dev/null
+++ b/policy/modules/system/systemd.te
@@ -0,0 +1,982 @@
@@ -48875,7 +48876,7 @@ index 0000000..9318a15
+modutils_read_module_config(systemd_modules_load_t)
+
diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
-index f41857e..49fd32e 100644
+index f41857e09..49fd32e17 100644
--- a/policy/modules/system/udev.fc
+++ b/policy/modules/system/udev.fc
@@ -1,6 +1,8 @@
@@ -48928,7 +48929,7 @@ index f41857e..49fd32e 100644
ifdef(`distro_debian',`
/var/run/xen-hotplug -d gen_context(system_u:object_r:udev_var_run_t,s0)
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
-index 9a1650d..d7e8a01 100644
+index 9a1650d37..d7e8a0193 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -34,6 +34,7 @@ interface(`udev_domtrans',`
@@ -49172,7 +49173,7 @@ index 9a1650d..d7e8a01 100644
########################################
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
-index 39f185f..a313a7d 100644
+index 39f185f68..a313a7d1a 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -17,16 +17,17 @@ init_daemon_domain(udev_t, udev_exec_t)
@@ -49447,7 +49448,7 @@ index 39f185f..a313a7d 100644
optional_policy(`
diff --git a/policy/modules/system/unconfined.fc b/policy/modules/system/unconfined.fc
-index 0abaf84..8b34dbc 100644
+index 0abaf8432..8b34dbc09 100644
--- a/policy/modules/system/unconfined.fc
+++ b/policy/modules/system/unconfined.fc
@@ -1,21 +1 @@
@@ -49473,7 +49474,7 @@ index 0abaf84..8b34dbc 100644
-/usr/lib/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-')
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
-index 5ca20a9..5454d16 100644
+index 5ca20a97d..5454d1668 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -12,53 +12,57 @@
@@ -50022,7 +50023,7 @@ index 5ca20a9..5454d16 100644
+ allow $1 unconfined_service_t:process signull;
')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
-index 5fe902d..b31eeba 100644
+index 5fe902db3..b31eeba97 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,207 +1,32 @@
@@ -50247,7 +50248,7 @@ index 5fe902d..b31eeba 100644
+ virt_transition_svirt(unconfined_service_t, system_r)
')
diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
-index db75976..c54480a 100644
+index db7597682..c54480a1d 100644
--- a/policy/modules/system/userdomain.fc
+++ b/policy/modules/system/userdomain.fc
@@ -1,4 +1,37 @@
@@ -50290,7 +50291,7 @@ index db75976..c54480a 100644
+/var/tmp/hsperfdata_root gen_context(system_u:object_r:user_tmp_t,s0)
+
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 9dc60c6..dfb1d27 100644
+index 9dc60c6c0..dfb1d27b5 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -55410,7 +55411,7 @@ index 9dc60c6..dfb1d27 100644
+ ')
')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
-index f4ac38d..1589d60 100644
+index f4ac38dc7..1589d6065 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -7,48 +7,43 @@ policy_module(userdomain, 4.9.1)
@@ -55902,7 +55903,7 @@ index f4ac38d..1589d60 100644
+ ssh_signal(confined_admindomain)
+')
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
-index e79d545..101086d 100644
+index e79d54501..101086d66 100644
--- a/policy/support/misc_patterns.spt
+++ b/policy/support/misc_patterns.spt
@@ -4,7 +4,7 @@
@@ -55933,7 +55934,7 @@ index e79d545..101086d 100644
')
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
-index 6e91317..b80ffcb 100644
+index 6e9131723..b80ffcb86 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -28,8 +28,7 @@ define(`devfile_class_set', `{ chr_file blk_file }')
@@ -56047,7 +56048,7 @@ index 6e91317..b80ffcb 100644
+#
+define(`manage_service_perms', `{ start stop status reload enable disable } ')
diff --git a/policy/users b/policy/users
-index c4ebc7e..30d6d7a 100644
+index c4ebc7e43..30d6d7a71 100644
--- a/policy/users
+++ b/policy/users
@@ -15,7 +15,7 @@
@@ -56086,7 +56087,7 @@ index c4ebc7e..30d6d7a 100644
-')
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --git a/support/Makefile.devel b/support/Makefile.devel
-index b96e9b3..ff7340f 100644
+index b96e9b3d1..ff7340fdb 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -26,7 +26,6 @@ XMLLINT := $(BINDIR)/xmllint
diff --git a/policy-f25-contrib.patch b/policy-f25-contrib.patch
index c9e8051..8052b47 100644
--- a/policy-f25-contrib.patch
+++ b/policy-f25-contrib.patch
@@ -1,12 +1,12 @@
diff --git a/.gitignore b/.gitignore
new file mode 100644
-index 0000000..bea5755
+index 000000000..bea575523
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+TAGS
diff --git a/abrt.fc b/abrt.fc
-index 1a93dc5..e948aef 100644
+index 1a93dc578..e948aef59 100644
--- a/abrt.fc
+++ b/abrt.fc
@@ -1,31 +1,47 @@
@@ -81,7 +81,7 @@ index 1a93dc5..e948aef 100644
-/var/spool/abrt-retrace(/.*)? gen_context(system_u:object_r:abrt_retrace_spool_t,s0)
-/var/spool/retrace-server(/.*)? gen_context(system_u:object_r:abrt_retrace_spool_t,s0)
diff --git a/abrt.if b/abrt.if
-index 058d908..ee0c559 100644
+index 058d908e4..ee0c55969 100644
--- a/abrt.if
+++ b/abrt.if
@@ -1,4 +1,42 @@
@@ -589,7 +589,7 @@ index 058d908..ee0c559 100644
+')
+
diff --git a/abrt.te b/abrt.te
-index eb50f07..53512e8 100644
+index eb50f070f..53512e89f 100644
--- a/abrt.te
+++ b/abrt.te
@@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1)
@@ -1220,7 +1220,7 @@ index eb50f07..53512e8 100644
-
-miscfiles_read_localization(abrt_domain)
diff --git a/accountsd.fc b/accountsd.fc
-index f9d8d7a..0682710 100644
+index f9d8d7a92..068271030 100644
--- a/accountsd.fc
+++ b/accountsd.fc
@@ -1,3 +1,5 @@
@@ -1230,7 +1230,7 @@ index f9d8d7a..0682710 100644
/usr/lib/accountsservice/accounts-daemon -- gen_context(system_u:object_r:accountsd_exec_t,s0)
diff --git a/accountsd.if b/accountsd.if
-index bd5ec9a..554177c 100644
+index bd5ec9ab0..554177cd2 100644
--- a/accountsd.if
+++ b/accountsd.if
@@ -126,23 +126,51 @@ interface(`accountsd_manage_lib_files',`
@@ -1291,7 +1291,7 @@ index bd5ec9a..554177c 100644
+ allow $1 accountsd_unit_file_t:service all_service_perms;
')
diff --git a/accountsd.te b/accountsd.te
-index 3593510..7c13845 100644
+index 3593510d8..7c13845fd 100644
--- a/accountsd.te
+++ b/accountsd.te
@@ -4,6 +4,10 @@ gen_require(`
@@ -1372,7 +1372,7 @@ index 3593510..7c13845 100644
+ xserver_manage_xdm_etc_files(accountsd_t)
')
diff --git a/acct.if b/acct.if
-index 81280d0..bc4038b 100644
+index 81280d008..bc4038b45 100644
--- a/acct.if
+++ b/acct.if
@@ -83,6 +83,24 @@ interface(`acct_manage_data',`
@@ -1416,7 +1416,7 @@ index 81280d0..bc4038b 100644
domain_system_change_exemption($1)
role_transition $2 acct_initrc_exec_t system_r;
diff --git a/acct.te b/acct.te
-index 8b9ad83..f4f2486 100644
+index 8b9ad83c5..f4f24864b 100644
--- a/acct.te
+++ b/acct.te
@@ -40,8 +40,6 @@ corecmd_exec_shell(acct_t)
@@ -1446,7 +1446,7 @@ index 8b9ad83..f4f2486 100644
userdom_dontaudit_use_unpriv_user_fds(acct_t)
diff --git a/ada.te b/ada.te
-index 8d42c97..2377f8f 100644
+index 8d42c97ae..2377f8f82 100644
--- a/ada.te
+++ b/ada.te
@@ -20,7 +20,7 @@ role ada_roles types ada_t;
@@ -1459,7 +1459,7 @@ index 8d42c97..2377f8f 100644
optional_policy(`
unconfined_domain(ada_t)
diff --git a/afs.fc b/afs.fc
-index 8926c16..206ea16 100644
+index 8926c1696..206ea16fd 100644
--- a/afs.fc
+++ b/afs.fc
@@ -3,6 +3,8 @@
@@ -1483,7 +1483,7 @@ index 8926c16..206ea16 100644
/usr/afs/db -d gen_context(system_u:object_r:afs_dbdir_t,s0)
/usr/afs/db/pr.* -- gen_context(system_u:object_r:afs_pt_db_t,s0)
diff --git a/afs.if b/afs.if
-index 3b41be6..97d99f9 100644
+index 3b41be699..97d99f979 100644
--- a/afs.if
+++ b/afs.if
@@ -40,6 +40,24 @@ interface(`afs_rw_udp_sockets',`
@@ -1533,7 +1533,7 @@ index 3b41be6..97d99f9 100644
afs_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/afs.te b/afs.te
-index 90ce637..8cf712d 100644
+index 90ce63748..8cf712d15 100644
--- a/afs.te
+++ b/afs.te
@@ -72,7 +72,7 @@ role system_r types afs_vlserver_t;
@@ -1724,7 +1724,7 @@ index 90ce637..8cf712d 100644
sysnet_read_config(afs_domain)
+
diff --git a/aiccu.if b/aiccu.if
-index 3b5dcb9..fbe187f 100644
+index 3b5dcb947..fbe187fe1 100644
--- a/aiccu.if
+++ b/aiccu.if
@@ -79,9 +79,13 @@ interface(`aiccu_admin',`
@@ -1743,7 +1743,7 @@ index 3b5dcb9..fbe187f 100644
domain_system_change_exemption($1)
role_transition $2 aiccu_initrc_exec_t system_r;
diff --git a/aiccu.te b/aiccu.te
-index 5d2b90e..7374df0 100644
+index 5d2b90e04..7374df0b9 100644
--- a/aiccu.te
+++ b/aiccu.te
@@ -48,7 +48,6 @@ corenet_all_recvfrom_unlabeled(aiccu_t)
@@ -1782,7 +1782,7 @@ index 5d2b90e..7374df0 100644
sysnet_domtrans_ifconfig(aiccu_t)
')
diff --git a/aide.if b/aide.if
-index 01cbb67..94a4a24 100644
+index 01cbb67df..94a4a2406 100644
--- a/aide.if
+++ b/aide.if
@@ -67,9 +67,13 @@ interface(`aide_admin',`
@@ -1801,7 +1801,7 @@ index 01cbb67..94a4a24 100644
files_list_etc($1)
diff --git a/aide.te b/aide.te
-index 03831e6..3d35fff 100644
+index 03831e6e5..3d35fff8e 100644
--- a/aide.te
+++ b/aide.te
@@ -10,6 +10,7 @@ attribute_role aide_roles;
@@ -1853,7 +1853,7 @@ index 03831e6..3d35fff 100644
optional_policy(`
seutil_use_newrole_fds(aide_t)
diff --git a/aisexec.if b/aisexec.if
-index a2997fa..861cebd 100644
+index a2997fa57..861cebdf9 100644
--- a/aisexec.if
+++ b/aisexec.if
@@ -83,9 +83,13 @@ interface(`aisexecd_admin',`
@@ -1872,7 +1872,7 @@ index a2997fa..861cebd 100644
domain_system_change_exemption($1)
role_transition $2 aisexec_initrc_exec_t system_r;
diff --git a/aisexec.te b/aisexec.te
-index 4e4f063..808e067 100644
+index 4e4f06364..808e067e8 100644
--- a/aisexec.te
+++ b/aisexec.te
@@ -63,6 +63,7 @@ files_pid_filetrans(aisexec_t, aisexec_var_run_t, { file sock_file })
@@ -1906,7 +1906,7 @@ index 4e4f063..808e067 100644
rhcs_rw_fenced_semaphores(aisexec_t)
diff --git a/ajaxterm.fc b/ajaxterm.fc
new file mode 100644
-index 0000000..aeb1888
+index 000000000..aeb1888a7
--- /dev/null
+++ b/ajaxterm.fc
@@ -0,0 +1,6 @@
@@ -1918,7 +1918,7 @@ index 0000000..aeb1888
+/var/run/ajaxterm\.pid -- gen_context(system_u:object_r:ajaxterm_var_run_t,s0)
diff --git a/ajaxterm.if b/ajaxterm.if
new file mode 100644
-index 0000000..7abe946
+index 000000000..7abe946d4
--- /dev/null
+++ b/ajaxterm.if
@@ -0,0 +1,90 @@
@@ -2014,7 +2014,7 @@ index 0000000..7abe946
+')
diff --git a/ajaxterm.te b/ajaxterm.te
new file mode 100644
-index 0000000..a95a4ad
+index 000000000..a95a4adf3
--- /dev/null
+++ b/ajaxterm.te
@@ -0,0 +1,60 @@
@@ -2079,7 +2079,7 @@ index 0000000..a95a4ad
+')
+
diff --git a/alsa.fc b/alsa.fc
-index 33d9d31..58bf182 100644
+index 33d9d3111..58bf1829a 100644
--- a/alsa.fc
+++ b/alsa.fc
@@ -23,4 +23,10 @@ ifdef(`distro_debian',`
@@ -2095,7 +2095,7 @@ index 33d9d31..58bf182 100644
+
+/var/run/alsactl\.pid -- gen_context(system_u:object_r:alsa_var_run_t,s0)
diff --git a/alsa.if b/alsa.if
-index ca8d8cf..053a30a 100644
+index ca8d8cf3b..053a30ad4 100644
--- a/alsa.if
+++ b/alsa.if
@@ -168,6 +168,7 @@ interface(`alsa_manage_home_files',`
@@ -2211,7 +2211,7 @@ index ca8d8cf..053a30a 100644
#########################################
diff --git a/alsa.te b/alsa.te
-index 4b153f1..a799cd3 100644
+index 4b153f179..a799cd394 100644
--- a/alsa.te
+++ b/alsa.te
@@ -15,6 +15,9 @@ role alsa_roles types alsa_t;
@@ -2292,7 +2292,7 @@ index 4b153f1..a799cd3 100644
userdom_manage_unpriv_user_shared_mem(alsa_t)
userdom_search_user_home_dirs(alsa_t)
diff --git a/amanda.fc b/amanda.fc
-index 7f4dfbc..e5c9f45 100644
+index 7f4dfbca3..e5c9f45b8 100644
--- a/amanda.fc
+++ b/amanda.fc
@@ -1,5 +1,6 @@
@@ -2312,7 +2312,7 @@ index 7f4dfbc..e5c9f45 100644
/usr/sbin/amrecover -- gen_context(system_u:object_r:amanda_recover_exec_t,s0)
diff --git a/amanda.te b/amanda.te
-index 519051c..6f75843 100644
+index 519051c7d..6f75843d5 100644
--- a/amanda.te
+++ b/amanda.te
@@ -9,11 +9,14 @@ attribute_role amanda_recover_roles;
@@ -2455,7 +2455,7 @@ index 519051c..6f75843 100644
+ fstools_signal(amanda_t)
+')
diff --git a/amavis.fc b/amavis.fc
-index 17689a7..8aa6849 100644
+index 17689a707..8aa684917 100644
--- a/amavis.fc
+++ b/amavis.fc
@@ -12,8 +12,6 @@ ifdef(`distro_debian',`
@@ -2468,7 +2468,7 @@ index 17689a7..8aa6849 100644
/var/lib/amavis(/.*)? gen_context(system_u:object_r:amavis_var_lib_t,s0)
diff --git a/amavis.if b/amavis.if
-index 60d4f8c..18ef077 100644
+index 60d4f8c90..18ef0772c 100644
--- a/amavis.if
+++ b/amavis.if
@@ -54,6 +54,7 @@ interface(`amavis_read_spool_files',`
@@ -2522,7 +2522,7 @@ index 60d4f8c..18ef077 100644
domain_system_change_exemption($1)
role_transition $2 amavis_initrc_exec_t system_r;
diff --git a/amavis.te b/amavis.te
-index 91fa72a..1736250 100644
+index 91fa72ae1..1736250ae 100644
--- a/amavis.te
+++ b/amavis.te
@@ -39,14 +39,14 @@ type amavis_quarantine_t;
@@ -2616,7 +2616,7 @@ index 91fa72a..1736250 100644
postfix_list_spool(amavis_t)
')
diff --git a/amtu.te b/amtu.te
-index 16d0d66..60abfd0 100644
+index 16d0d66eb..60abfd080 100644
--- a/amtu.te
+++ b/amtu.te
@@ -24,11 +24,10 @@ kernel_read_system_state(amtu_t)
@@ -2633,7 +2633,7 @@ index 16d0d66..60abfd0 100644
optional_policy(`
nscd_dontaudit_search_pid(amtu_t)
diff --git a/anaconda.fc b/anaconda.fc
-index b098089..fe35beb 100644
+index b098089d0..fe35bebfd 100644
--- a/anaconda.fc
+++ b/anaconda.fc
@@ -1 +1,13 @@
@@ -2651,7 +2651,7 @@ index b098089..fe35beb 100644
+/var/lib/preupgrade(/.*)? gen_context(system_u:object_r:preupgrade_data_t,s0)
+/var/log/preupgrade(/.*)? gen_context(system_u:object_r:preupgrade_data_t,s0)
diff --git a/anaconda.if b/anaconda.if
-index 14a61b7..76d9329 100644
+index 14a61b7e1..76d93294d 100644
--- a/anaconda.if
+++ b/anaconda.if
@@ -1 +1,132 @@
@@ -2788,7 +2788,7 @@ index 14a61b7..76d9329 100644
+ files_search_var_lib($1)
+')
diff --git a/anaconda.te b/anaconda.te
-index aa44abf..9e76516 100644
+index aa44abfe4..9e76516c2 100644
--- a/anaconda.te
+++ b/anaconda.te
@@ -4,6 +4,10 @@ gen_require(`
@@ -2894,7 +2894,7 @@ index aa44abf..9e76516 100644
+')
diff --git a/antivirus.fc b/antivirus.fc
new file mode 100644
-index 0000000..219f32d
+index 000000000..219f32db0
--- /dev/null
+++ b/antivirus.fc
@@ -0,0 +1,44 @@
@@ -2944,7 +2944,7 @@ index 0000000..219f32d
+
diff --git a/antivirus.if b/antivirus.if
new file mode 100644
-index 0000000..36251b9
+index 000000000..36251b926
--- /dev/null
+++ b/antivirus.if
@@ -0,0 +1,325 @@
@@ -3275,7 +3275,7 @@ index 0000000..36251b9
+')
diff --git a/antivirus.te b/antivirus.te
new file mode 100644
-index 0000000..d202f69
+index 000000000..d202f695a
--- /dev/null
+++ b/antivirus.te
@@ -0,0 +1,274 @@
@@ -3554,7 +3554,7 @@ index 0000000..d202f69
+ spamassassin_read_pid_files(antivirus_domain)
+')
diff --git a/apache.fc b/apache.fc
-index 7caefc3..966c2f3 100644
+index 7caefc353..966c2f3e6 100644
--- a/apache.fc
+++ b/apache.fc
@@ -1,162 +1,218 @@
@@ -3916,7 +3916,7 @@ index 7caefc3..966c2f3 100644
+/var/run/dirsrv/admin-serv.* gen_context(system_u:object_r:httpd_var_run_t,s0)
+/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
diff --git a/apache.if b/apache.if
-index f6eb485..fe461a3 100644
+index f6eb4851f..fe461a3fc 100644
--- a/apache.if
+++ b/apache.if
@@ -1,9 +1,9 @@
@@ -5570,7 +5570,7 @@ index f6eb485..fe461a3 100644
+ ps_process_pattern(httpd_t, $1)
')
diff --git a/apache.te b/apache.te
-index 6649962..4e15480 100644
+index 6649962b6..4e154808c 100644
--- a/apache.te
+++ b/apache.te
@@ -5,280 +5,346 @@ policy_module(apache, 2.7.2)
@@ -7940,7 +7940,7 @@ index 6649962..4e15480 100644
')
+
diff --git a/apcupsd.fc b/apcupsd.fc
-index 5ec0e13..97c204f 100644
+index 5ec0e13c8..97c204fe5 100644
--- a/apcupsd.fc
+++ b/apcupsd.fc
@@ -1,18 +1,23 @@
@@ -7973,7 +7973,7 @@ index 5ec0e13..97c204f 100644
+/var/www/apcupsd/upsstats\.cgi -- gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)
+/var/www/cgi-bin/apcgui(/.*)? gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)
diff --git a/apcupsd.if b/apcupsd.if
-index f3c0aba..f6e25ed 100644
+index f3c0abac6..f6e25eda4 100644
--- a/apcupsd.if
+++ b/apcupsd.if
@@ -102,7 +102,7 @@ interface(`apcupsd_append_log',`
@@ -8082,7 +8082,7 @@ index f3c0aba..f6e25ed 100644
+ files_etc_filetrans(apcupsd_t, apcupsd_power_t, file, "powerfail")
')
diff --git a/apcupsd.te b/apcupsd.te
-index 080bc4d..a78dbce 100644
+index 080bc4ddb..a78dbced6 100644
--- a/apcupsd.te
+++ b/apcupsd.te
@@ -24,12 +24,18 @@ files_tmp_file(apcupsd_tmp_t)
@@ -8229,7 +8229,7 @@ index 080bc4d..a78dbce 100644
+ sysnet_dns_name_resolve(apcupsd_cgi_script_t)
')
diff --git a/apm.fc b/apm.fc
-index ce27d2f..b2ba16a 100644
+index ce27d2fb3..b2ba16a04 100644
--- a/apm.fc
+++ b/apm.fc
@@ -1,3 +1,4 @@
@@ -8247,7 +8247,7 @@ index ce27d2f..b2ba16a 100644
/var/log/acpid.* -- gen_context(system_u:object_r:apmd_log_t,s0)
diff --git a/apm.if b/apm.if
-index 1a7a97e..2c7252a 100644
+index 1a7a97e5c..2c7252a39 100644
--- a/apm.if
+++ b/apm.if
@@ -141,6 +141,30 @@ interface(`apm_stream_connect',`
@@ -8297,7 +8297,7 @@ index 1a7a97e..2c7252a 100644
domain_system_change_exemption($1)
role_transition $2 apmd_initrc_exec_t system_r;
diff --git a/apm.te b/apm.te
-index 7fd431b..f944ecc 100644
+index 7fd431bcd..f944eccf1 100644
--- a/apm.te
+++ b/apm.te
@@ -35,12 +35,15 @@ files_type(apmd_var_lib_t)
@@ -8413,7 +8413,7 @@ index 7fd431b..f944ecc 100644
optional_policy(`
diff --git a/apt.if b/apt.if
-index cde81d2..2fe0201 100644
+index cde81d248..2fe02018a 100644
--- a/apt.if
+++ b/apt.if
@@ -171,7 +171,7 @@ interface(`apt_read_cache',`
@@ -8426,7 +8426,7 @@ index cde81d2..2fe0201 100644
')
diff --git a/apt.te b/apt.te
-index efa8530..ae5d0c9 100644
+index efa853059..ae5d0c9f2 100644
--- a/apt.te
+++ b/apt.te
@@ -39,7 +39,7 @@ logging_log_file(apt_var_log_t)
@@ -8477,7 +8477,7 @@ index efa8530..ae5d0c9 100644
optional_policy(`
backup_manage_store_files(apt_t)
diff --git a/arpwatch.fc b/arpwatch.fc
-index 9ca0d0f..9a1a61f 100644
+index 9ca0d0fb8..9a1a61f82 100644
--- a/arpwatch.fc
+++ b/arpwatch.fc
@@ -1,5 +1,7 @@
@@ -8489,7 +8489,7 @@ index 9ca0d0f..9a1a61f 100644
/var/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0)
diff --git a/arpwatch.if b/arpwatch.if
-index 50c9b9c..533a555 100644
+index 50c9b9c87..533a555a2 100644
--- a/arpwatch.if
+++ b/arpwatch.if
@@ -119,6 +119,30 @@ interface(`arpwatch_dontaudit_rw_packet_sockets',`
@@ -8551,7 +8551,7 @@ index 50c9b9c..533a555 100644
+ allow $1 arpwatch_unit_file_t:service all_service_perms;
')
diff --git a/arpwatch.te b/arpwatch.te
-index 2d7bf34..766a91a 100644
+index 2d7bf345b..766a91a41 100644
--- a/arpwatch.te
+++ b/arpwatch.te
@@ -21,6 +21,9 @@ files_tmp_file(arpwatch_tmp_t)
@@ -8615,7 +8615,7 @@ index 2d7bf34..766a91a 100644
userdom_dontaudit_use_unpriv_user_fds(arpwatch_t)
diff --git a/asterisk.if b/asterisk.if
-index 2077053..198a02a 100644
+index 2077053ea..198a02ab4 100644
--- a/asterisk.if
+++ b/asterisk.if
@@ -124,9 +124,13 @@ interface(`asterisk_admin',`
@@ -8634,7 +8634,7 @@ index 2077053..198a02a 100644
domain_system_change_exemption($1)
role_transition $2 asterisk_initrc_exec_t system_r;
diff --git a/asterisk.te b/asterisk.te
-index 7e41350..1e0f4c4 100644
+index 7e4135022..1e0f4c49b 100644
--- a/asterisk.te
+++ b/asterisk.te
@@ -19,7 +19,7 @@ type asterisk_log_t;
@@ -8704,7 +8704,7 @@ index 7e41350..1e0f4c4 100644
diff --git a/authconfig.fc b/authconfig.fc
new file mode 100644
-index 0000000..4579cfe
+index 000000000..4579cfe17
--- /dev/null
+++ b/authconfig.fc
@@ -0,0 +1,3 @@
@@ -8713,7 +8713,7 @@ index 0000000..4579cfe
+/var/lib/authconfig(/.*)? gen_context(system_u:object_r:authconfig_var_lib_t,s0)
diff --git a/authconfig.if b/authconfig.if
new file mode 100644
-index 0000000..316c324
+index 000000000..316c324f2
--- /dev/null
+++ b/authconfig.if
@@ -0,0 +1,127 @@
@@ -8846,7 +8846,7 @@ index 0000000..316c324
+')
diff --git a/authconfig.te b/authconfig.te
new file mode 100644
-index 0000000..362a049
+index 000000000..362a049e9
--- /dev/null
+++ b/authconfig.te
@@ -0,0 +1,33 @@
@@ -8884,7 +8884,7 @@ index 0000000..362a049
+
+unconfined_domain_noaudit(authconfig_t)
diff --git a/automount.fc b/automount.fc
-index 92adb37..0a2ffc6 100644
+index 92adb37e1..0a2ffc62d 100644
--- a/automount.fc
+++ b/automount.fc
@@ -1,6 +1,8 @@
@@ -8897,7 +8897,7 @@ index 92adb37..0a2ffc6 100644
/var/lock/subsys/autofs -- gen_context(system_u:object_r:automount_lock_t,s0)
diff --git a/automount.if b/automount.if
-index f24e369..4484a98 100644
+index f24e36960..4484a98da 100644
--- a/automount.if
+++ b/automount.if
@@ -29,7 +29,6 @@ interface(`automount_domtrans',`
@@ -8994,7 +8994,7 @@ index f24e369..4484a98 100644
+ allow $1 automount_unit_file_t:service all_service_perms;
')
diff --git a/automount.te b/automount.te
-index 27d2f40..1297f5b 100644
+index 27d2f400b..1297f5bbe 100644
--- a/automount.te
+++ b/automount.te
@@ -22,6 +22,9 @@ type automount_tmp_t;
@@ -9082,7 +9082,7 @@ index 27d2f40..1297f5b 100644
+')
+
diff --git a/avahi.fc b/avahi.fc
-index e9fe2ca..4c2d076 100644
+index e9fe2cac1..4c2d0769e 100644
--- a/avahi.fc
+++ b/avahi.fc
@@ -1,5 +1,7 @@
@@ -9094,7 +9094,7 @@ index e9fe2ca..4c2d076 100644
/usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0)
/usr/sbin/avahi-autoipd -- gen_context(system_u:object_r:avahi_exec_t,s0)
diff --git a/avahi.if b/avahi.if
-index 9078c3d..2f6b250 100644
+index 9078c3d85..2f6b2503e 100644
--- a/avahi.if
+++ b/avahi.if
@@ -211,6 +211,30 @@ interface(`avahi_dontaudit_search_pid',`
@@ -9157,7 +9157,7 @@ index 9078c3d..2f6b250 100644
+ allow $1 avahi_unit_file_t:service all_service_perms;
')
diff --git a/avahi.te b/avahi.te
-index b8355b3..51ce1b6 100644
+index b8355b32f..51ce1b60f 100644
--- a/avahi.te
+++ b/avahi.te
@@ -13,17 +13,21 @@ type avahi_initrc_exec_t;
@@ -9220,7 +9220,7 @@ index b8355b3..51ce1b6 100644
userdom_dontaudit_search_user_home_dirs(avahi_t)
diff --git a/awstats.fc b/awstats.fc
-index 11e6d5f..73b4ea4 100644
+index 11e6d5ffe..73b4ea47c 100644
--- a/awstats.fc
+++ b/awstats.fc
@@ -1,5 +1,5 @@
@@ -9232,7 +9232,7 @@ index 11e6d5f..73b4ea4 100644
/var/lib/awstats(/.*)? gen_context(system_u:object_r:awstats_var_lib_t,s0)
diff --git a/awstats.te b/awstats.te
-index c1b16c3..ffbf2cb 100644
+index c1b16c392..ffbf2cb8f 100644
--- a/awstats.te
+++ b/awstats.te
@@ -26,6 +26,7 @@ type awstats_var_lib_t;
@@ -9292,7 +9292,7 @@ index c1b16c3..ffbf2cb 100644
+read_files_pattern(awstats_script_t, awstats_var_lib_t, awstats_var_lib_t)
+files_search_var_lib(awstats_script_t)
diff --git a/backup.te b/backup.te
-index 7811450..e787033 100644
+index 7811450b6..e78703340 100644
--- a/backup.te
+++ b/backup.te
@@ -21,7 +21,7 @@ files_type(backup_store_t)
@@ -9322,7 +9322,7 @@ index 7811450..e787033 100644
optional_policy(`
cron_system_entry(backup_t, backup_exec_t)
diff --git a/bacula.fc b/bacula.fc
-index 27ec3d5..65aa71b 100644
+index 27ec3d519..65aa71bf6 100644
--- a/bacula.fc
+++ b/bacula.fc
@@ -8,6 +8,8 @@
@@ -9335,7 +9335,7 @@ index 27ec3d5..65aa71b 100644
/var/log/bacula.* gen_context(system_u:object_r:bacula_log_t,s0)
diff --git a/bacula.if b/bacula.if
-index dcd774e..c240ffa 100644
+index dcd774ee4..c240ffaf6 100644
--- a/bacula.if
+++ b/bacula.if
@@ -69,6 +69,7 @@ interface(`bacula_admin',`
@@ -9347,7 +9347,7 @@ index dcd774e..c240ffa 100644
allow $1 bacula_t:process { ptrace signal_perms };
diff --git a/bacula.te b/bacula.te
-index f16b000..1a7c80f 100644
+index f16b00008..1a7c80f01 100644
--- a/bacula.te
+++ b/bacula.te
@@ -27,6 +27,9 @@ type bacula_store_t;
@@ -9485,7 +9485,7 @@ index f16b000..1a7c80f 100644
+ ')
+')
diff --git a/bcfg2.fc b/bcfg2.fc
-index fb42e35..8af0e14 100644
+index fb42e352b..8af0e14ce 100644
--- a/bcfg2.fc
+++ b/bcfg2.fc
@@ -1,5 +1,7 @@
@@ -9497,7 +9497,7 @@ index fb42e35..8af0e14 100644
/var/lib/bcfg2(/.*)? gen_context(system_u:object_r:bcfg2_var_lib_t,s0)
diff --git a/bcfg2.if b/bcfg2.if
-index ec95d36..186271b 100644
+index ec95d361e..186271b74 100644
--- a/bcfg2.if
+++ b/bcfg2.if
@@ -117,6 +117,32 @@ interface(`bcfg2_manage_lib_dirs',`
@@ -9566,7 +9566,7 @@ index ec95d36..186271b 100644
+ ')
')
diff --git a/bcfg2.te b/bcfg2.te
-index c3fd7b1..e189593 100644
+index c3fd7b148..e18959384 100644
--- a/bcfg2.te
+++ b/bcfg2.te
@@ -15,6 +15,9 @@ init_script_file(bcfg2_initrc_exec_t)
@@ -9591,7 +9591,7 @@ index c3fd7b1..e189593 100644
-
-miscfiles_read_localization(bcfg2_t)
diff --git a/bind.fc b/bind.fc
-index 2b9a3a1..982ce9b 100644
+index 2b9a3a10d..982ce9b71 100644
--- a/bind.fc
+++ b/bind.fc
@@ -1,54 +1,78 @@
@@ -9716,7 +9716,7 @@ index 2b9a3a1..982ce9b 100644
+/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
+')
diff --git a/bind.if b/bind.if
-index 531a8f2..3fcf187 100644
+index 531a8f244..3fcf18722 100644
--- a/bind.if
+++ b/bind.if
@@ -20,6 +20,30 @@ interface(`bind_initrc_domtrans',`
@@ -9897,7 +9897,7 @@ index 531a8f2..3fcf187 100644
+ allow $1 named_unit_file_t:service all_service_perms;
')
diff --git a/bind.te b/bind.te
-index 1241123..5d5bb14 100644
+index 124112346..5d5bb14a1 100644
--- a/bind.te
+++ b/bind.te
@@ -34,7 +34,7 @@ type named_checkconf_exec_t;
@@ -10064,7 +10064,7 @@ index 1241123..5d5bb14 100644
userdom_use_user_terminals(ndc_t)
diff --git a/bird.te b/bird.te
-index 1d60c27..f8bb700 100644
+index 1d60c2730..f8bb70055 100644
--- a/bird.te
+++ b/bird.te
@@ -51,7 +51,6 @@ corenet_tcp_connect_bgp_port(bird_t)
@@ -10076,7 +10076,7 @@ index 1d60c27..f8bb700 100644
logging_send_syslog_msg(bird_t)
diff --git a/bitlbee.fc b/bitlbee.fc
-index e9708d6..61362d0 100644
+index e9708d6cc..61362d088 100644
--- a/bitlbee.fc
+++ b/bitlbee.fc
@@ -7,7 +7,7 @@
@@ -10089,7 +10089,7 @@ index e9708d6..61362d0 100644
/var/run/bitlbee\.pid -- gen_context(system_u:object_r:bitlbee_var_run_t,s0)
/var/run/bitlbee\.sock -s gen_context(system_u:object_r:bitlbee_var_run_t,s0)
diff --git a/bitlbee.if b/bitlbee.if
-index e73fb79..2badfc0 100644
+index e73fb799e..2badfc0d9 100644
--- a/bitlbee.if
+++ b/bitlbee.if
@@ -44,9 +44,13 @@ interface(`bitlbee_admin',`
@@ -10108,7 +10108,7 @@ index e73fb79..2badfc0 100644
domain_system_change_exemption($1)
role_transition $2 bitlbee_initrc_exec_t system_r;
diff --git a/bitlbee.te b/bitlbee.te
-index f5c1a48..102fa8e 100644
+index f5c1a48b6..102fa8eae 100644
--- a/bitlbee.te
+++ b/bitlbee.te
@@ -33,11 +33,14 @@ files_pid_file(bitlbee_var_run_t)
@@ -10190,7 +10190,7 @@ index f5c1a48..102fa8e 100644
+
diff --git a/blkmapd.fc b/blkmapd.fc
new file mode 100644
-index 0000000..5e59fb4
+index 000000000..5e59fb414
--- /dev/null
+++ b/blkmapd.fc
@@ -0,0 +1,6 @@
@@ -10202,7 +10202,7 @@ index 0000000..5e59fb4
+/var/run/blkmapd\.pid -- gen_context(system_u:object_r:blkmapd_var_run_t,s0)
diff --git a/blkmapd.if b/blkmapd.if
new file mode 100644
-index 0000000..7666379
+index 000000000..76663796f
--- /dev/null
+++ b/blkmapd.if
@@ -0,0 +1,121 @@
@@ -10329,7 +10329,7 @@ index 0000000..7666379
+')
diff --git a/blkmapd.te b/blkmapd.te
new file mode 100644
-index 0000000..6cfb355
+index 000000000..6cfb35592
--- /dev/null
+++ b/blkmapd.te
@@ -0,0 +1,44 @@
@@ -10378,7 +10378,7 @@ index 0000000..6cfb355
+ rpc_read_nfs_state_data(blkmapd_t)
+')
diff --git a/blueman.fc b/blueman.fc
-index c295d2e..4f84e9c 100644
+index c295d2e01..4f84e9c14 100644
--- a/blueman.fc
+++ b/blueman.fc
@@ -1,3 +1,4 @@
@@ -10387,7 +10387,7 @@ index c295d2e..4f84e9c 100644
/var/lib/blueman(/.*)? gen_context(system_u:object_r:blueman_var_lib_t,s0)
diff --git a/blueman.if b/blueman.if
-index 16ec525..1dd4059 100644
+index 16ec52526..1dd40595c 100644
--- a/blueman.if
+++ b/blueman.if
@@ -38,6 +38,7 @@ interface(`blueman_dbus_chat',`
@@ -10399,7 +10399,7 @@ index 16ec525..1dd4059 100644
########################################
diff --git a/blueman.te b/blueman.te
-index 3a5032e..3facb71 100644
+index 3a5032e06..3facb7156 100644
--- a/blueman.te
+++ b/blueman.te
@@ -7,7 +7,7 @@ policy_module(blueman, 1.1.0)
@@ -10494,7 +10494,7 @@ index 3a5032e..3facb71 100644
+ xserver_read_state_xdm(blueman_t)
+')
diff --git a/bluetooth.fc b/bluetooth.fc
-index 2b9c7f3..0086b95 100644
+index 2b9c7f329..0086b95d1 100644
--- a/bluetooth.fc
+++ b/bluetooth.fc
@@ -5,10 +5,14 @@
@@ -10513,7 +10513,7 @@ index 2b9c7f3..0086b95 100644
/usr/sbin/bluetoothd -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
/usr/sbin/hciattach -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
diff --git a/bluetooth.if b/bluetooth.if
-index c723a0a..1c29d21 100644
+index c723a0ae0..1c29d21e7 100644
--- a/bluetooth.if
+++ b/bluetooth.if
@@ -37,7 +37,12 @@ interface(`bluetooth_role',`
@@ -10644,7 +10644,7 @@ index c723a0a..1c29d21 100644
+ allow $1 bluetooth_unit_file_t:service all_service_perms;
')
diff --git a/bluetooth.te b/bluetooth.te
-index 851769e..4b11e96 100644
+index 851769e55..4b11e9620 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -49,12 +49,15 @@ files_type(bluetooth_var_lib_t)
@@ -10745,7 +10745,7 @@ index 851769e..4b11e96 100644
term_dontaudit_use_all_ttys(bluetooth_helper_t)
diff --git a/boinc.fc b/boinc.fc
-index 6d3ccad..9c69f28 100644
+index 6d3ccad60..9c69f28ab 100644
--- a/boinc.fc
+++ b/boinc.fc
@@ -1,9 +1,15 @@
@@ -10771,7 +10771,7 @@ index 6d3ccad..9c69f28 100644
+/var/log/boinc\.log.* -- gen_context(system_u:object_r:boinc_log_t,s0)
+/var/log/boincerr\.log.* -- gen_context(system_u:object_r:boinc_log_t,s0)
diff --git a/boinc.if b/boinc.if
-index 02fefaa..308616e 100644
+index 02fefaaf7..308616e8d 100644
--- a/boinc.if
+++ b/boinc.if
@@ -1,9 +1,166 @@
@@ -10991,7 +10991,7 @@ index 02fefaa..308616e 100644
+ ')
')
diff --git a/boinc.te b/boinc.te
-index 687d4c4..ff57137 100644
+index 687d4c48d..ff5713723 100644
--- a/boinc.te
+++ b/boinc.te
@@ -1,4 +1,4 @@
@@ -11293,7 +11293,7 @@ index 687d4c4..ff57137 100644
+ unconfined_domain(boinc_project_t)
+')
diff --git a/brctl.te b/brctl.te
-index c5a9113..1919abd 100644
+index c5a91138c..1919abdd8 100644
--- a/brctl.te
+++ b/brctl.te
@@ -24,6 +24,7 @@ allow brctl_t self:unix_dgram_socket create_socket_perms;
@@ -11319,7 +11319,7 @@ index c5a9113..1919abd 100644
xen_dontaudit_rw_unix_stream_sockets(brctl_t)
diff --git a/brltty.fc b/brltty.fc
new file mode 100644
-index 0000000..05e3528
+index 000000000..05e352897
--- /dev/null
+++ b/brltty.fc
@@ -0,0 +1,10 @@
@@ -11335,7 +11335,7 @@ index 0000000..05e3528
+
diff --git a/brltty.if b/brltty.if
new file mode 100644
-index 0000000..968c957
+index 000000000..968c957ab
--- /dev/null
+++ b/brltty.if
@@ -0,0 +1,80 @@
@@ -11421,7 +11421,7 @@ index 0000000..968c957
+')
diff --git a/brltty.te b/brltty.te
new file mode 100644
-index 0000000..c167267
+index 000000000..c167267f8
--- /dev/null
+++ b/brltty.te
@@ -0,0 +1,70 @@
@@ -11496,7 +11496,7 @@ index 0000000..c167267
+
+term_use_unallocated_ttys(brltty_t)
diff --git a/bugzilla.fc b/bugzilla.fc
-index fce0b6e..9efceac 100644
+index fce0b6ebf..9efceac4e 100644
--- a/bugzilla.fc
+++ b/bugzilla.fc
@@ -1,4 +1,4 @@
@@ -11508,7 +11508,7 @@ index fce0b6e..9efceac 100644
-/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)
+/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:bugzilla_rw_content_t,s0)
diff --git a/bugzilla.if b/bugzilla.if
-index 1b22262..d9ea246 100644
+index 1b22262d5..d9ea246a1 100644
--- a/bugzilla.if
+++ b/bugzilla.if
@@ -12,10 +12,10 @@
@@ -11595,7 +11595,7 @@ index 1b22262..d9ea246 100644
+ ')
')
diff --git a/bugzilla.te b/bugzilla.te
-index 18623e3..c62f617 100644
+index 18623e39e..c62f617e1 100644
--- a/bugzilla.te
+++ b/bugzilla.te
@@ -6,42 +6,55 @@ policy_module(bugzilla, 1.1.0)
@@ -11675,7 +11675,7 @@ index 18623e3..c62f617 100644
')
diff --git a/bumblebee.fc b/bumblebee.fc
new file mode 100644
-index 0000000..b5ee23b
+index 000000000..b5ee23be7
--- /dev/null
+++ b/bumblebee.fc
@@ -0,0 +1,7 @@
@@ -11688,7 +11688,7 @@ index 0000000..b5ee23b
+/var/run/bumblebee.* gen_context(system_u:object_r:bumblebee_var_run_t,s0)
diff --git a/bumblebee.if b/bumblebee.if
new file mode 100644
-index 0000000..2d2e60c
+index 000000000..2d2e60c19
--- /dev/null
+++ b/bumblebee.if
@@ -0,0 +1,122 @@
@@ -11816,7 +11816,7 @@ index 0000000..2d2e60c
+')
diff --git a/bumblebee.te b/bumblebee.te
new file mode 100644
-index 0000000..9aee6f3
+index 000000000..9aee6f327
--- /dev/null
+++ b/bumblebee.te
@@ -0,0 +1,63 @@
@@ -11884,7 +11884,7 @@ index 0000000..9aee6f3
+ apm_stream_connect(bumblebee_t)
+')
diff --git a/cachefilesd.fc b/cachefilesd.fc
-index 648c790..aa03fc8 100644
+index 648c7902b..aa03fc8ae 100644
--- a/cachefilesd.fc
+++ b/cachefilesd.fc
@@ -1,9 +1,34 @@
@@ -11926,7 +11926,7 @@ index 648c790..aa03fc8 100644
-/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefilesd_var_run_t,s0)
+/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefilesd_var_run_t,s0)
diff --git a/cachefilesd.if b/cachefilesd.if
-index 8de2ab9..3b41945 100644
+index 8de2ab9c5..3b419455f 100644
--- a/cachefilesd.if
+++ b/cachefilesd.if
@@ -1,39 +1,35 @@
@@ -11992,7 +11992,7 @@ index 8de2ab9..3b41945 100644
+ domtrans_pattern($1, cachefilesd_exec_t, cachefilesd_t)
')
diff --git a/cachefilesd.te b/cachefilesd.te
-index a3760bc..22ed920 100644
+index a3760bc92..22ed920b7 100644
--- a/cachefilesd.te
+++ b/cachefilesd.te
@@ -1,52 +1,125 @@
@@ -12144,7 +12144,7 @@ index a3760bc..22ed920 100644
+
+init_sigchld_script(cachefiles_kernel_t)
diff --git a/calamaris.if b/calamaris.if
-index cd9c528..ba793b7 100644
+index cd9c52871..ba793b748 100644
--- a/calamaris.if
+++ b/calamaris.if
@@ -42,7 +42,7 @@ interface(`calamaris_run',`
@@ -12157,7 +12157,7 @@ index cd9c528..ba793b7 100644
')
diff --git a/calamaris.te b/calamaris.te
-index 7e57460..8d8cd78 100644
+index 7e574604b..8d8cd78e5 100644
--- a/calamaris.te
+++ b/calamaris.te
@@ -23,7 +23,7 @@ files_type(calamaris_www_t)
@@ -12199,7 +12199,7 @@ index 7e57460..8d8cd78 100644
optional_policy(`
diff --git a/callweaver.te b/callweaver.te
-index 0e5be4c..b9a407f 100644
+index 0e5be4cdf..b9a407f90 100644
--- a/callweaver.te
+++ b/callweaver.te
@@ -84,4 +84,3 @@ term_use_ptmx(callweaver_t)
@@ -12208,7 +12208,7 @@ index 0e5be4c..b9a407f 100644
-miscfiles_read_localization(callweaver_t)
diff --git a/canna.if b/canna.if
-index 400db07..f416e22 100644
+index 400db07a2..f416e22a7 100644
--- a/canna.if
+++ b/canna.if
@@ -43,9 +43,13 @@ interface(`canna_admin',`
@@ -12227,7 +12227,7 @@ index 400db07..f416e22 100644
domain_system_change_exemption($1)
role_transition $2 canna_initrc_exec_t system_r;
diff --git a/canna.te b/canna.te
-index 9fe6162..5c505e7 100644
+index 9fe61621f..5c505e7de 100644
--- a/canna.te
+++ b/canna.te
@@ -52,7 +52,6 @@ files_pid_filetrans(canna_t, canna_var_run_t, { dir sock_file })
@@ -12257,7 +12257,7 @@ index 9fe6162..5c505e7 100644
sysnet_read_config(canna_t)
diff --git a/ccs.if b/ccs.if
-index 5ded72d..cb94e5e 100644
+index 5ded72d37..cb94e5ea7 100644
--- a/ccs.if
+++ b/ccs.if
@@ -98,20 +98,24 @@ interface(`ccs_manage_config',`
@@ -12289,7 +12289,7 @@ index 5ded72d..cb94e5e 100644
files_search_var_lib($1)
admin_pattern($1, ccs_var_lib_t)
diff --git a/ccs.te b/ccs.te
-index 658134d..58deece 100644
+index 658134d8a..58deeceaa 100644
--- a/ccs.te
+++ b/ccs.te
@@ -37,7 +37,7 @@ files_pid_file(ccs_var_run_t)
@@ -12337,7 +12337,7 @@ index 658134d..58deece 100644
optional_policy(`
diff --git a/cdrecord.if b/cdrecord.if
-index fbc20f6..4de4a00 100644
+index fbc20f694..4de4a005c 100644
--- a/cdrecord.if
+++ b/cdrecord.if
@@ -27,6 +27,9 @@ interface(`cdrecord_role',`
@@ -12352,7 +12352,7 @@ index fbc20f6..4de4a00 100644
ps_process_pattern($2, cdrecord_t)
')
diff --git a/cdrecord.te b/cdrecord.te
-index 16883c9..97e9a42 100644
+index 16883c9c3..97e9a429e 100644
--- a/cdrecord.te
+++ b/cdrecord.te
@@ -29,7 +29,7 @@ role cdrecord_roles types cdrecord_t;
@@ -12399,7 +12399,7 @@ index 16883c9..97e9a42 100644
optional_policy(`
resmgr_stream_connect(cdrecord_t)
diff --git a/certmaster.if b/certmaster.if
-index 0c53b18..ef29f6e 100644
+index 0c53b189b..ef29f6e6c 100644
--- a/certmaster.if
+++ b/certmaster.if
@@ -117,13 +117,16 @@ interface(`certmaster_manage_log',`
@@ -12423,7 +12423,7 @@ index 0c53b18..ef29f6e 100644
domain_system_change_exemption($1)
role_transition $2 certmaster_initrc_exec_t system_r;
diff --git a/certmaster.te b/certmaster.te
-index 4a87873..113f3b3 100644
+index 4a878730b..113f3b32f 100644
--- a/certmaster.te
+++ b/certmaster.te
@@ -65,11 +65,10 @@ corenet_tcp_sendrecv_certmaster_port(certmaster_t)
@@ -12441,7 +12441,7 @@ index 4a87873..113f3b3 100644
+
+mta_send_mail(certmaster_t)
diff --git a/certmonger.fc b/certmonger.fc
-index ed298d8..c887648 100644
+index ed298d8b6..c88764838 100644
--- a/certmonger.fc
+++ b/certmonger.fc
@@ -1,7 +1,12 @@
@@ -12458,7 +12458,7 @@ index ed298d8..c887648 100644
/var/run/certmonger.* gen_context(system_u:object_r:certmonger_var_run_t,s0)
diff --git a/certmonger.if b/certmonger.if
-index 008f8ef..144c074 100644
+index 008f8ef26..144c0740a 100644
--- a/certmonger.if
+++ b/certmonger.if
@@ -160,16 +160,20 @@ interface(`certmonger_admin',`
@@ -12486,7 +12486,7 @@ index 008f8ef..144c074 100644
admin_pattern($1, certmonger_var_run_t)
')
diff --git a/certmonger.te b/certmonger.te
-index 550b287..e85ac97 100644
+index 550b287ce..e85ac9761 100644
--- a/certmonger.te
+++ b/certmonger.te
@@ -18,18 +18,26 @@ files_type(certmonger_var_lib_t)
@@ -12660,7 +12660,7 @@ index 550b287..e85ac97 100644
+ ')
+')
diff --git a/certwatch.te b/certwatch.te
-index 171fafb..e88a026 100644
+index 171fafb99..e88a0268a 100644
--- a/certwatch.te
+++ b/certwatch.te
@@ -20,33 +20,45 @@ role certwatch_roles types certwatch_t;
@@ -12715,7 +12715,7 @@ index 171fafb..e88a026 100644
')
diff --git a/cfengine.if b/cfengine.if
-index a731122..5279d4e 100644
+index a7311229f..5279d4e3a 100644
--- a/cfengine.if
+++ b/cfengine.if
@@ -13,7 +13,6 @@
@@ -12815,7 +12815,7 @@ index a731122..5279d4e 100644
')
+
diff --git a/cfengine.te b/cfengine.te
-index fbe3ad9..21ab8e1 100644
+index fbe3ad955..21ab8e176 100644
--- a/cfengine.te
+++ b/cfengine.te
@@ -41,18 +41,13 @@ create_files_pattern(cfengine_domain, cfengine_log_t, cfengine_log_t)
@@ -12849,7 +12849,7 @@ index fbe3ad9..21ab8e1 100644
domain_read_all_domains_state(cfengine_monitord_t)
diff --git a/cgdcbxd.fc b/cgdcbxd.fc
new file mode 100644
-index 0000000..7567038
+index 000000000..756703813
--- /dev/null
+++ b/cgdcbxd.fc
@@ -0,0 +1,5 @@
@@ -12860,7 +12860,7 @@ index 0000000..7567038
+/var/run/cgdcbxd\.pid -- gen_context(system_u:object_r:cgdcbxd_var_run_t,s0)
diff --git a/cgdcbxd.if b/cgdcbxd.if
new file mode 100644
-index 0000000..1efacf1
+index 000000000..1efacf1d1
--- /dev/null
+++ b/cgdcbxd.if
@@ -0,0 +1,99 @@
@@ -12965,7 +12965,7 @@ index 0000000..1efacf1
+')
diff --git a/cgdcbxd.te b/cgdcbxd.te
new file mode 100644
-index 0000000..06ff1b0
+index 000000000..06ff1b01a
--- /dev/null
+++ b/cgdcbxd.te
@@ -0,0 +1,36 @@
@@ -13006,7 +13006,7 @@ index 0000000..06ff1b0
+
+domain_dontaudit_read_all_domains_state(cgdcbxd_t)
diff --git a/cgroup.if b/cgroup.if
-index 85ca63f..1d1c99c 100644
+index 85ca63f9a..1d1c99c8f 100644
--- a/cgroup.if
+++ b/cgroup.if
@@ -171,8 +171,26 @@ interface(`cgroup_admin',`
@@ -13039,7 +13039,7 @@ index 85ca63f..1d1c99c 100644
admin_pattern($1, { cgconfig_etc_t cgrules_etc_t })
files_list_etc($1)
diff --git a/cgroup.te b/cgroup.te
-index 80a88a2..514eb47 100644
+index 80a88a27a..514eb47f2 100644
--- a/cgroup.te
+++ b/cgroup.te
@@ -25,8 +25,8 @@ files_pid_file(cgred_var_run_t)
@@ -13123,7 +13123,7 @@ index 80a88a2..514eb47 100644
+logging_send_syslog_msg(cgred_t)
diff --git a/chrome.fc b/chrome.fc
new file mode 100644
-index 0000000..5c6bdb6
+index 000000000..5c6bdb68d
--- /dev/null
+++ b/chrome.fc
@@ -0,0 +1,11 @@
@@ -13140,7 +13140,7 @@ index 0000000..5c6bdb6
+HOME_DIR/\.cache/chromium(/.*)? gen_context(system_u:object_r:chrome_sandbox_home_t,s0)
diff --git a/chrome.if b/chrome.if
new file mode 100644
-index 0000000..aa308eb
+index 000000000..aa308eba6
--- /dev/null
+++ b/chrome.if
@@ -0,0 +1,137 @@
@@ -13283,7 +13283,7 @@ index 0000000..aa308eb
+')
diff --git a/chrome.te b/chrome.te
new file mode 100644
-index 0000000..435a5cd
+index 000000000..435a5cdc1
--- /dev/null
+++ b/chrome.te
@@ -0,0 +1,256 @@
@@ -13544,7 +13544,7 @@ index 0000000..435a5cd
+ gnome_dontaudit_write_config_files(chrome_sandbox_nacl_t)
+')
diff --git a/chronyd.fc b/chronyd.fc
-index 4e4143e..f03dba0 100644
+index 4e4143ed8..f03dba037 100644
--- a/chronyd.fc
+++ b/chronyd.fc
@@ -1,13 +1,18 @@
@@ -13569,7 +13569,7 @@ index 4e4143e..f03dba0 100644
/var/run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0)
/var/run/chronyd\.sock -s gen_context(system_u:object_r:chronyd_var_run_t,s0)
diff --git a/chronyd.if b/chronyd.if
-index 32e8265..ac74503 100644
+index 32e8265c2..ac74503d1 100644
--- a/chronyd.if
+++ b/chronyd.if
@@ -57,6 +57,24 @@ interface(`chronyd_exec',`
@@ -13752,7 +13752,7 @@ index 32e8265..ac74503 100644
+ allow $1 chronyd_unit_file_t:service all_service_perms;
')
diff --git a/chronyd.te b/chronyd.te
-index e5b621c..c028dfd 100644
+index e5b621c29..c028dfd93 100644
--- a/chronyd.te
+++ b/chronyd.te
@@ -18,6 +18,9 @@ files_type(chronyd_keys_t)
@@ -13839,7 +13839,7 @@ index e5b621c..c028dfd 100644
')
diff --git a/cinder.fc b/cinder.fc
new file mode 100644
-index 0000000..4b318b7
+index 000000000..4b318b783
--- /dev/null
+++ b/cinder.fc
@@ -0,0 +1,16 @@
@@ -13861,7 +13861,7 @@ index 0000000..4b318b7
+/var/run/cinder(/.*)? gen_context(system_u:object_r:cinder_var_run_t,s0)
diff --git a/cinder.if b/cinder.if
new file mode 100644
-index 0000000..fc9cae7
+index 000000000..fc9cae7c7
--- /dev/null
+++ b/cinder.if
@@ -0,0 +1,57 @@
@@ -13924,7 +13924,7 @@ index 0000000..fc9cae7
+')
diff --git a/cinder.te b/cinder.te
new file mode 100644
-index 0000000..488a7a6
+index 000000000..488a7a659
--- /dev/null
+++ b/cinder.te
@@ -0,0 +1,169 @@
@@ -14098,7 +14098,7 @@ index 0000000..488a7a6
+')
+
diff --git a/cipe.te b/cipe.te
-index a0aa693..af571ed 100644
+index a0aa693d1..af571edbb 100644
--- a/cipe.te
+++ b/cipe.te
@@ -29,7 +29,6 @@ kernel_read_system_state(ciped_t)
@@ -14127,7 +14127,7 @@ index a0aa693..af571ed 100644
userdom_dontaudit_use_unpriv_user_fds(ciped_t)
diff --git a/clamav.fc b/clamav.fc
-index d72afcc..c53b80d 100644
+index d72afcc31..c53b80dcd 100644
--- a/clamav.fc
+++ b/clamav.fc
@@ -6,6 +6,8 @@
@@ -14140,7 +14140,7 @@ index d72afcc..c53b80d 100644
/usr/sbin/clamav-milter -- gen_context(system_u:object_r:clamd_exec_t,s0)
diff --git a/clamav.if b/clamav.if
-index 4cc4a5c..a6c6322 100644
+index 4cc4a5cd0..a6c632290 100644
--- a/clamav.if
+++ b/clamav.if
@@ -1,4 +1,4 @@
@@ -14390,7 +14390,7 @@ index 4cc4a5c..a6c6322 100644
+
')
diff --git a/clamav.te b/clamav.te
-index ce3836a..10595e6 100644
+index ce3836acd..10595e6e5 100644
--- a/clamav.te
+++ b/clamav.te
@@ -18,7 +18,7 @@ gen_tunable(clamav_read_all_non_security_files_clamscan, false)
@@ -14562,7 +14562,7 @@ index ce3836a..10595e6 100644
')
diff --git a/clockspeed.te b/clockspeed.te
-index d3e2a67..f5b330c 100644
+index d3e2a67e5..f5b330c08 100644
--- a/clockspeed.te
+++ b/clockspeed.te
@@ -29,7 +29,6 @@ allow clockspeed_cli_t self:udp_socket create_socket_perms;
@@ -14605,7 +14605,7 @@ index d3e2a67..f5b330c 100644
optional_policy(`
daemontools_service_domain(clockspeed_srv_t, clockspeed_srv_exec_t)
diff --git a/clogd.te b/clogd.te
-index 4a5b3d1..cd146bd 100644
+index 4a5b3d1a5..cd146bd5a 100644
--- a/clogd.te
+++ b/clogd.te
@@ -41,9 +41,6 @@ storage_raw_write_fixed_disk(clogd_t)
@@ -14621,7 +14621,7 @@ index 4a5b3d1..cd146bd 100644
')
diff --git a/cloudform.fc b/cloudform.fc
new file mode 100644
-index 0000000..3849f13
+index 000000000..3849f134a
--- /dev/null
+++ b/cloudform.fc
@@ -0,0 +1,21 @@
@@ -14648,7 +14648,7 @@ index 0000000..3849f13
+/var/run/iwhd\.pid -- gen_context(system_u:object_r:iwhd_var_run_t,s0)
diff --git a/cloudform.if b/cloudform.if
new file mode 100644
-index 0000000..55fe0d6
+index 000000000..55fe0d668
--- /dev/null
+++ b/cloudform.if
@@ -0,0 +1,116 @@
@@ -14770,7 +14770,7 @@ index 0000000..55fe0d6
+')
diff --git a/cloudform.te b/cloudform.te
new file mode 100644
-index 0000000..21e6ae7
+index 000000000..21e6ae757
--- /dev/null
+++ b/cloudform.te
@@ -0,0 +1,249 @@
@@ -15024,7 +15024,7 @@ index 0000000..21e6ae7
+userdom_home_manager(iwhd_t)
+
diff --git a/cmirrord.if b/cmirrord.if
-index cc4e7cb..f348d27 100644
+index cc4e7cb96..f348d2746 100644
--- a/cmirrord.if
+++ b/cmirrord.if
@@ -73,10 +73,11 @@ interface(`cmirrord_rw_shm',`
@@ -15056,7 +15056,7 @@ index cc4e7cb..f348d27 100644
domain_system_change_exemption($1)
role_transition $2 cmirrord_initrc_exec_t system_r;
diff --git a/cmirrord.te b/cmirrord.te
-index bbdd396..28b1761 100644
+index bbdd3960e..28b176182 100644
--- a/cmirrord.te
+++ b/cmirrord.te
@@ -23,13 +23,14 @@ files_pid_file(cmirrord_var_run_t)
@@ -15099,7 +15099,7 @@ index bbdd396..28b1761 100644
+ rhcs_rw_cluster_tmpfs(cmirrord_t)
+')
diff --git a/cobbler.fc b/cobbler.fc
-index 973d208..6ce8803 100644
+index 973d208ff..6ce88039f 100644
--- a/cobbler.fc
+++ b/cobbler.fc
@@ -4,11 +4,15 @@
@@ -15119,7 +15119,7 @@ index 973d208..6ce8803 100644
/var/lib/tftpboot/menu\.c32 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0)
/var/lib/tftpboot/ppc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
diff --git a/cobbler.if b/cobbler.if
-index c223f81..8b567c1 100644
+index c223f8132..8b567c191 100644
--- a/cobbler.if
+++ b/cobbler.if
@@ -38,6 +38,28 @@ interface(`cobblerd_initrc_domtrans',`
@@ -15188,7 +15188,7 @@ index c223f81..8b567c1 100644
- admin_pattern($1, { httpd_cobbler_content_t httpd_cobbler_content_ra_t httpd_cobbler_content_rw_t })
')
diff --git a/cobbler.te b/cobbler.te
-index 5f306dd..36fb0e4 100644
+index 5f306dd44..36fb0e4e7 100644
--- a/cobbler.te
+++ b/cobbler.te
@@ -62,11 +62,12 @@ files_tmp_file(cobbler_tmp_t)
@@ -15306,7 +15306,7 @@ index 5f306dd..36fb0e4 100644
')
diff --git a/cockpit.fc b/cockpit.fc
new file mode 100644
-index 0000000..bf80173
+index 000000000..bf801737d
--- /dev/null
+++ b/cockpit.fc
@@ -0,0 +1,13 @@
@@ -15325,7 +15325,7 @@ index 0000000..bf80173
+/var/run/cockpit-ws(/.*)? gen_context(system_u:object_r:cockpit_var_run_t,s0)
diff --git a/cockpit.if b/cockpit.if
new file mode 100644
-index 0000000..d5920c0
+index 000000000..d5920c061
--- /dev/null
+++ b/cockpit.if
@@ -0,0 +1,188 @@
@@ -15519,7 +15519,7 @@ index 0000000..d5920c0
+')
diff --git a/cockpit.te b/cockpit.te
new file mode 100644
-index 0000000..3b59470
+index 000000000..3b5947090
--- /dev/null
+++ b/cockpit.te
@@ -0,0 +1,120 @@
@@ -15644,7 +15644,7 @@ index 0000000..3b59470
+ unconfined_domtrans(cockpit_session_t)
+')
diff --git a/collectd.fc b/collectd.fc
-index 79a3abe..3ee73d1 100644
+index 79a3abe3a..3ee73d17d 100644
--- a/collectd.fc
+++ b/collectd.fc
@@ -1,9 +1,13 @@
@@ -15663,7 +15663,7 @@ index 79a3abe..3ee73d1 100644
-/usr/share/collectd/collection3/bin/.*\.cgi -- gen_context(system_u:object_r:httpd_collectd_script_exec_t,s0)
+/usr/share/collectd/collection3/bin/.*\.cgi -- gen_context(system_u:object_r:collectd_script_exec_t,s0)
diff --git a/collectd.if b/collectd.if
-index 954309e..6780142 100644
+index 954309e64..67801421b 100644
--- a/collectd.if
+++ b/collectd.if
@@ -2,8 +2,145 @@
@@ -15846,7 +15846,7 @@ index 954309e..6780142 100644
')
+
diff --git a/collectd.te b/collectd.te
-index 6471fa8..90a9319 100644
+index 6471fa8c4..90a9319c6 100644
--- a/collectd.te
+++ b/collectd.te
@@ -26,43 +26,61 @@ files_type(collectd_var_lib_t)
@@ -15976,7 +15976,7 @@ index 6471fa8..90a9319 100644
+
+auth_read_passwd(collectd_script_t)
diff --git a/colord.fc b/colord.fc
-index 71639eb..08ab891 100644
+index 71639eb54..08ab89171 100644
--- a/colord.fc
+++ b/colord.fc
@@ -7,5 +7,7 @@
@@ -15988,7 +15988,7 @@ index 71639eb..08ab891 100644
/var/lib/color(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0)
/var/lib/colord(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0)
diff --git a/colord.if b/colord.if
-index 8e27a37..c69be28 100644
+index 8e27a37c1..c69be28b9 100644
--- a/colord.if
+++ b/colord.if
@@ -1,4 +1,4 @@
@@ -16042,7 +16042,7 @@ index 8e27a37..c69be28 100644
+ ps_process_pattern($1, colord_t)
+')
diff --git a/colord.te b/colord.te
-index 9f2dfb2..86836f9 100644
+index 9f2dfb233..86836f9cd 100644
--- a/colord.te
+++ b/colord.te
@@ -8,6 +8,7 @@ policy_module(colord, 1.1.0)
@@ -16172,7 +16172,7 @@ index 9f2dfb2..86836f9 100644
+ zoneminder_rw_tmpfs_files(colord_t)
+')
diff --git a/comsat.te b/comsat.te
-index c63cf85..dc6998b 100644
+index c63cf8556..dc6998b60 100644
--- a/comsat.te
+++ b/comsat.te
@@ -37,6 +37,13 @@ kernel_read_kernel_sysctls(comsat_t)
@@ -16199,7 +16199,7 @@ index c63cf85..dc6998b 100644
mta_getattr_spool(comsat_t)
diff --git a/condor.fc b/condor.fc
-index ad2b696..28d1af0 100644
+index ad2b69606..28d1af020 100644
--- a/condor.fc
+++ b/condor.fc
@@ -1,6 +1,7 @@
@@ -16211,7 +16211,7 @@ index ad2b696..28d1af0 100644
/usr/sbin/condor_collector -- gen_context(system_u:object_r:condor_collector_exec_t,s0)
/usr/sbin/condor_master -- gen_context(system_u:object_r:condor_master_exec_t,s0)
diff --git a/condor.if b/condor.if
-index 881d92f..a2d588a 100644
+index 881d92f35..a2d588a51 100644
--- a/condor.if
+++ b/condor.if
@@ -1,75 +1,391 @@
@@ -16670,7 +16670,7 @@ index 881d92f..a2d588a 100644
+ ')
')
diff --git a/condor.te b/condor.te
-index ce9f040..99189b5 100644
+index ce9f040e2..99189b57e 100644
--- a/condor.te
+++ b/condor.te
@@ -34,7 +34,7 @@ files_tmp_file(condor_startd_tmp_t)
@@ -16862,7 +16862,7 @@ index ce9f040..99189b5 100644
+')
diff --git a/conman.fc b/conman.fc
new file mode 100644
-index 0000000..b13a6f6
+index 000000000..b13a6f6db
--- /dev/null
+++ b/conman.fc
@@ -0,0 +1,10 @@
@@ -16878,7 +16878,7 @@ index 0000000..b13a6f6
+/var/run/conmand.* -- gen_context(system_u:object_r:conman_var_run_t,s0)
diff --git a/conman.if b/conman.if
new file mode 100644
-index 0000000..1cc5fa4
+index 000000000..1cc5fa464
--- /dev/null
+++ b/conman.if
@@ -0,0 +1,143 @@
@@ -17027,7 +17027,7 @@ index 0000000..1cc5fa4
+')
diff --git a/conman.te b/conman.te
new file mode 100644
-index 0000000..2357f3b
+index 000000000..2357f3ba8
--- /dev/null
+++ b/conman.te
@@ -0,0 +1,97 @@
@@ -17129,7 +17129,7 @@ index 0000000..2357f3b
+ unconfined_domain(conman_unconfined_script_t)
+')
diff --git a/consolekit.fc b/consolekit.fc
-index 23c9558..29e5fd3 100644
+index 23c95582f..29e5fd38d 100644
--- a/consolekit.fc
+++ b/consolekit.fc
@@ -1,3 +1,5 @@
@@ -17139,7 +17139,7 @@ index 23c9558..29e5fd3 100644
/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
diff --git a/consolekit.if b/consolekit.if
-index 5b830ec..78025c5 100644
+index 5b830ec9c..78025c5e7 100644
--- a/consolekit.if
+++ b/consolekit.if
@@ -21,6 +21,27 @@ interface(`consolekit_domtrans',`
@@ -17262,7 +17262,7 @@ index 5b830ec..78025c5 100644
+ ps_process_pattern($1, consolekit_t)
+')
diff --git a/consolekit.te b/consolekit.te
-index bd18063..94407f8 100644
+index bd18063f6..94407f854 100644
--- a/consolekit.te
+++ b/consolekit.te
@@ -19,21 +19,23 @@ type consolekit_var_run_t;
@@ -17359,7 +17359,7 @@ index bd18063..94407f8 100644
optional_policy(`
policykit_domtrans_auth(consolekit_t)
diff --git a/corosync.fc b/corosync.fc
-index da39f0f..b26d3e0 100644
+index da39f0fcc..b26d3e0a4 100644
--- a/corosync.fc
+++ b/corosync.fc
@@ -1,5 +1,7 @@
@@ -17377,7 +17377,7 @@ index da39f0f..b26d3e0 100644
+/var/run/corosync-qdevice(/.*)? gen_context(system_u:object_r:corosync_var_run_t,s0)
+/var/run/corosync-qnetd(/.*)? gen_context(system_u:object_r:corosync_var_run_t,s0)
diff --git a/corosync.if b/corosync.if
-index 694a037..d859681 100644
+index 694a037da..d8596812d 100644
--- a/corosync.if
+++ b/corosync.if
@@ -77,6 +77,25 @@ interface(`corosync_read_log',`
@@ -17498,7 +17498,7 @@ index 694a037..d859681 100644
+ allow $1 corosync_unit_file_t:service all_service_perms;
')
diff --git a/corosync.te b/corosync.te
-index d5aa1e4..9a25701 100644
+index d5aa1e446..9a2570145 100644
--- a/corosync.te
+++ b/corosync.te
@@ -28,12 +28,15 @@ logging_log_file(corosync_var_log_t)
@@ -17577,7 +17577,7 @@ index d5aa1e4..9a25701 100644
+ wdmd_rw_tmpfs(corosync_t)
+')
diff --git a/couchdb.fc b/couchdb.fc
-index c086302..5380ab6 100644
+index c0863022d..5380ab641 100644
--- a/couchdb.fc
+++ b/couchdb.fc
@@ -1,8 +1,10 @@
@@ -17595,7 +17595,7 @@ index c086302..5380ab6 100644
/var/lib/couchdb(/.*)? gen_context(system_u:object_r:couchdb_var_lib_t,s0)
diff --git a/couchdb.if b/couchdb.if
-index 715a826..a1cbdb2 100644
+index 715a826f1..a1cbdb29e 100644
--- a/couchdb.if
+++ b/couchdb.if
@@ -2,7 +2,7 @@
@@ -17825,7 +17825,7 @@ index 715a826..a1cbdb2 100644
+ ')
')
diff --git a/couchdb.te b/couchdb.te
-index ae1c1b1..9b3a328 100644
+index ae1c1b12a..9b3a328c2 100644
--- a/couchdb.te
+++ b/couchdb.te
@@ -27,18 +27,21 @@ files_type(couchdb_var_lib_t)
@@ -17902,7 +17902,7 @@ index ae1c1b1..9b3a328 100644
-miscfiles_read_localization(couchdb_t)
diff --git a/courier.fc b/courier.fc
-index 2f017a0..defdc87 100644
+index 2f017a076..defdc871e 100644
--- a/courier.fc
+++ b/courier.fc
@@ -11,17 +11,18 @@
@@ -17933,7 +17933,7 @@ index 2f017a0..defdc87 100644
/var/lib/courier(/.*)? gen_context(system_u:object_r:courier_var_lib_t,s0)
/var/lib/courier-imap(/.*)? gen_context(system_u:object_r:courier_var_lib_t,s0)
diff --git a/courier.if b/courier.if
-index 10f820f..acdb179 100644
+index 10f820fc7..acdb179e8 100644
--- a/courier.if
+++ b/courier.if
@@ -1,12 +1,12 @@
@@ -18109,7 +18109,7 @@ index 10f820f..acdb179 100644
allow $1 courier_spool_t:fifo_file rw_fifo_file_perms;
')
diff --git a/courier.te b/courier.te
-index ae3bc70..d64452f 100644
+index ae3bc70e9..d64452f77 100644
--- a/courier.te
+++ b/courier.te
@@ -18,7 +18,7 @@ type courier_etc_t;
@@ -18199,7 +18199,7 @@ index ae3bc70..d64452f 100644
########################################
#
diff --git a/cpucontrol.te b/cpucontrol.te
-index af72c4e..afab036 100644
+index af72c4e55..afab0367f 100644
--- a/cpucontrol.te
+++ b/cpucontrol.te
@@ -42,8 +42,6 @@ term_dontaudit_use_console(cpucontrol_domain)
@@ -18236,7 +18236,7 @@ index af72c4e..afab036 100644
-miscfiles_read_localization(cpuspeed_t)
+logging_send_syslog_msg(cpuspeed_t)
diff --git a/cpufreqselector.te b/cpufreqselector.te
-index 6cedb87..530e250 100644
+index 6cedb8724..530e250e5 100644
--- a/cpufreqselector.te
+++ b/cpufreqselector.te
@@ -14,21 +14,17 @@ init_daemon_domain(cpufreqselector_t, cpufreqselector_exec_t)
@@ -18274,7 +18274,7 @@ index 6cedb87..530e250 100644
+')
diff --git a/cpuplug.fc b/cpuplug.fc
new file mode 100644
-index 0000000..be203ff
+index 000000000..be203ff49
--- /dev/null
+++ b/cpuplug.fc
@@ -0,0 +1,3 @@
@@ -18283,7 +18283,7 @@ index 0000000..be203ff
+/usr/sbin/cpuplugd -- gen_context(system_u:object_r:cpuplug_exec_t,s0)
diff --git a/cpuplug.if b/cpuplug.if
new file mode 100644
-index 0000000..c68d1d3
+index 000000000..c68d1d3cf
--- /dev/null
+++ b/cpuplug.if
@@ -0,0 +1,20 @@
@@ -18309,7 +18309,7 @@ index 0000000..c68d1d3
+')
diff --git a/cpuplug.te b/cpuplug.te
new file mode 100644
-index 0000000..074f3e0
+index 000000000..074f3e04d
--- /dev/null
+++ b/cpuplug.te
@@ -0,0 +1,40 @@
@@ -18354,7 +18354,7 @@ index 0000000..074f3e0
+logging_send_syslog_msg(cpuplug_t)
+
diff --git a/cron.fc b/cron.fc
-index ad0bae9..615a947 100644
+index ad0bae948..615a947aa 100644
--- a/cron.fc
+++ b/cron.fc
@@ -1,66 +1,77 @@
@@ -18476,7 +18476,7 @@ index ad0bae9..615a947 100644
+/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0)
')
diff --git a/cron.if b/cron.if
-index 1303b30..f13c532 100644
+index 1303b3036..f13c53200 100644
--- a/cron.if
+++ b/cron.if
@@ -2,11 +2,12 @@
@@ -19511,7 +19511,7 @@ index 1303b30..f13c532 100644
+ logging_log_filetrans($1, cron_log_t, $2, $3)
')
diff --git a/cron.te b/cron.te
-index 7de3859..fd5dafc 100644
+index 7de385956..fd5dafcd0 100644
--- a/cron.te
+++ b/cron.te
@@ -11,46 +11,54 @@ gen_require(`
@@ -20497,7 +20497,7 @@ index 7de3859..fd5dafc 100644
type unconfined_cronjob_t;
diff --git a/ctdb.fc b/ctdb.fc
-index 8401fe6..84ece3e 100644
+index 8401fe6f3..84ece3e4a 100644
--- a/ctdb.fc
+++ b/ctdb.fc
@@ -1,12 +1,20 @@
@@ -20522,7 +20522,7 @@ index 8401fe6..84ece3e 100644
/var/spool/ctdb(/.*)? gen_context(system_u:object_r:ctdbd_spool_t,s0)
diff --git a/ctdb.if b/ctdb.if
-index b25b01d..06895f3 100644
+index b25b01d12..06895f39a 100644
--- a/ctdb.if
+++ b/ctdb.if
@@ -1,9 +1,178 @@
@@ -20827,7 +20827,7 @@ index b25b01d..06895f3 100644
')
+
diff --git a/ctdb.te b/ctdb.te
-index 001b502..ac0508e 100644
+index 001b502e6..ac0508eb0 100644
--- a/ctdb.te
+++ b/ctdb.te
@@ -24,6 +24,9 @@ files_tmp_file(ctdbd_tmp_t)
@@ -20946,7 +20946,7 @@ index 001b502..ac0508e 100644
optional_policy(`
diff --git a/cups.fc b/cups.fc
-index 949011e..8f8bc20 100644
+index 949011ec8..8f8bc200a 100644
--- a/cups.fc
+++ b/cups.fc
@@ -1,77 +1,92 @@
@@ -21092,7 +21092,7 @@ index 949011e..8f8bc20 100644
+/etc/opt/brother/Printers/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/opt/brother/Printers(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --git a/cups.if b/cups.if
-index 3023be7..5afde80 100644
+index 3023be7f6..5afde8039 100644
--- a/cups.if
+++ b/cups.if
@@ -70,6 +70,7 @@ interface(`cups_stream_connect',`
@@ -21231,7 +21231,7 @@ index 3023be7..5afde80 100644
+ files_var_filetrans($1, cupsd_rw_etc_t, dir, "cups")
')
diff --git a/cups.te b/cups.te
-index c91813c..1585454 100644
+index c91813ccb..1585454d9 100644
--- a/cups.te
+++ b/cups.te
@@ -5,19 +5,31 @@ policy_module(cups, 1.16.2)
@@ -21960,7 +21960,7 @@ index c91813c..1585454 100644
')
+
diff --git a/cvs.fc b/cvs.fc
-index 75c8be9..4c1a965 100644
+index 75c8be90c..4c1a965c0 100644
--- a/cvs.fc
+++ b/cvs.fc
@@ -1,13 +1,16 @@
@@ -21983,7 +21983,7 @@ index 75c8be9..4c1a965 100644
-/var/www/cgi-bin/cvsweb\.cgi -- gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
+/var/www/cgi-bin/cvsweb\.cgi -- gen_context(system_u:object_r:cvs_script_exec_t,s0)
diff --git a/cvs.if b/cvs.if
-index 64775fd..91a6056 100644
+index 64775fd37..91a60569c 100644
--- a/cvs.if
+++ b/cvs.if
@@ -1,5 +1,23 @@
@@ -22063,7 +22063,7 @@ index 64775fd..91a6056 100644
+ admin_pattern($1, cvs_home_t)
')
diff --git a/cvs.te b/cvs.te
-index 0f77550..36e4a38 100644
+index 0f7755005..36e4a38cf 100644
--- a/cvs.te
+++ b/cvs.te
@@ -11,7 +11,7 @@ policy_module(cvs, 1.10.2)
@@ -22155,7 +22155,7 @@ index 0f77550..36e4a38 100644
+ files_tmp_filetrans(cvs_script_t, cvs_tmp_t, { file dir })
')
diff --git a/cyphesis.te b/cyphesis.te
-index 77ffc73..86e11f5 100644
+index 77ffc7355..86e11f5e3 100644
--- a/cyphesis.te
+++ b/cyphesis.te
@@ -48,7 +48,6 @@ kernel_read_kernel_sysctls(cyphesis_t)
@@ -22181,7 +22181,7 @@ index 77ffc73..86e11f5 100644
optional_policy(`
diff --git a/cyrus.if b/cyrus.if
-index 83bfda6..92d9fb2 100644
+index 83bfda6ed..92d9fb2e7 100644
--- a/cyrus.if
+++ b/cyrus.if
@@ -20,6 +20,25 @@ interface(`cyrus_manage_data',`
@@ -22226,7 +22226,7 @@ index 83bfda6..92d9fb2 100644
domain_system_change_exemption($1)
role_transition $2 cyrus_initrc_exec_t system_r;
diff --git a/cyrus.te b/cyrus.te
-index 4283f2d..41de1bd 100644
+index 4283f2de2..41de1bdf6 100644
--- a/cyrus.te
+++ b/cyrus.te
@@ -29,7 +29,7 @@ files_pid_file(cyrus_var_run_t)
@@ -22306,7 +22306,7 @@ index 4283f2d..41de1bd 100644
')
diff --git a/daemontools.if b/daemontools.if
-index 3b3d9a0..6c8106a 100644
+index 3b3d9a0b7..6c8106a87 100644
--- a/daemontools.if
+++ b/daemontools.if
@@ -218,3 +218,4 @@ interface(`daemontools_manage_svc',`
@@ -22315,7 +22315,7 @@ index 3b3d9a0..6c8106a 100644
')
+
diff --git a/daemontools.te b/daemontools.te
-index ee1b4aa..2fd746e 100644
+index ee1b4aa8e..2fd746e05 100644
--- a/daemontools.te
+++ b/daemontools.te
@@ -44,7 +44,10 @@ allow svc_multilog_t svc_start_t:process sigchld;
@@ -22365,7 +22365,7 @@ index ee1b4aa..2fd746e 100644
-
-miscfiles_read_localization(svc_start_t)
diff --git a/dante.te b/dante.te
-index 5a5e290..6321a1d 100644
+index 5a5e2902a..6321a1d0a 100644
--- a/dante.te
+++ b/dante.te
@@ -53,7 +53,6 @@ dev_read_sysfs(dante_t)
@@ -22377,7 +22377,7 @@ index 5a5e290..6321a1d 100644
fs_getattr_all_fs(dante_t)
diff --git a/dbadm.te b/dbadm.te
-index b60c464..3a5246a 100644
+index b60c464f1..3a5246a9b 100644
--- a/dbadm.te
+++ b/dbadm.te
@@ -23,14 +23,14 @@ gen_tunable(dbadm_read_user_files, false)
@@ -22414,7 +22414,7 @@ index b60c464..3a5246a 100644
+ sudo_role_template(dbadm, dbadm_r, dbadm_t)
+')
diff --git a/dbskk.te b/dbskk.te
-index f55c420..e9d64ab 100644
+index f55c42082..e9d64ab5f 100644
--- a/dbskk.te
+++ b/dbskk.te
@@ -36,7 +36,6 @@ kernel_read_kernel_sysctls(dbskkd_t)
@@ -22437,7 +22437,7 @@ index f55c420..e9d64ab 100644
-
-miscfiles_read_localization(dbskkd_t)
diff --git a/dbus.fc b/dbus.fc
-index dda905b..5587295 100644
+index dda905b9c..558729530 100644
--- a/dbus.fc
+++ b/dbus.fc
@@ -1,20 +1,29 @@
@@ -22481,7 +22481,7 @@ index dda905b..5587295 100644
/var/named/chroot/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
+')
diff --git a/dbus.if b/dbus.if
-index 62d22cb..1287d08 100644
+index 62d22cb46..1287d0856 100644
--- a/dbus.if
+++ b/dbus.if
@@ -1,4 +1,4 @@
@@ -23403,7 +23403,7 @@ index 62d22cb..1287d08 100644
+
')
diff --git a/dbus.te b/dbus.te
-index c9998c8..d91f2c0 100644
+index c9998c80d..d91f2c03a 100644
--- a/dbus.te
+++ b/dbus.te
@@ -4,17 +4,15 @@ gen_require(`
@@ -23805,7 +23805,7 @@ index c9998c8..d91f2c0 100644
+kernel_stream_connect(session_bus_type)
+systemd_login_read_pid_files(session_bus_type)
diff --git a/dcc.fc b/dcc.fc
-index 62d3c4e..cef59a7 100644
+index 62d3c4e66..cef59a752 100644
--- a/dcc.fc
+++ b/dcc.fc
@@ -10,6 +10,8 @@
@@ -23818,7 +23818,7 @@ index 62d3c4e..cef59a7 100644
/usr/sbin/dccd -- gen_context(system_u:object_r:dccd_exec_t,s0)
/usr/sbin/dccifd -- gen_context(system_u:object_r:dccifd_exec_t,s0)
diff --git a/dcc.if b/dcc.if
-index a5c21e0..4639421 100644
+index a5c21e0e8..46394219a 100644
--- a/dcc.if
+++ b/dcc.if
@@ -173,6 +173,6 @@ interface(`dcc_stream_connect_dccifd',`
@@ -23830,7 +23830,7 @@ index a5c21e0..4639421 100644
stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
')
diff --git a/dcc.te b/dcc.te
-index 353fa4a..a5e912f 100644
+index 353fa4a09..a5e912fca 100644
--- a/dcc.te
+++ b/dcc.te
@@ -45,7 +45,7 @@ type dcc_var_t;
@@ -23983,7 +23983,7 @@ index 353fa4a..a5e912f 100644
userdom_dontaudit_search_user_home_dirs(dccm_t)
diff --git a/ddclient.if b/ddclient.if
-index 5606b40..cd18cf2 100644
+index 5606b4069..cd18cf2a7 100644
--- a/ddclient.if
+++ b/ddclient.if
@@ -70,9 +70,13 @@ interface(`ddclient_admin',`
@@ -24002,7 +24002,7 @@ index 5606b40..cd18cf2 100644
domain_system_change_exemption($1)
role_transition $2 ddclient_initrc_exec_t system_r;
diff --git a/ddclient.te b/ddclient.te
-index a4caa1b..42f3066 100644
+index a4caa1b5b..42f30662d 100644
--- a/ddclient.te
+++ b/ddclient.te
@@ -38,9 +38,13 @@ files_pid_file(ddclient_var_run_t)
@@ -24057,7 +24057,7 @@ index a4caa1b..42f3066 100644
sysnet_exec_ifconfig(ddclient_t)
sysnet_dns_name_resolve(ddclient_t)
diff --git a/ddcprobe.te b/ddcprobe.te
-index 8fa4bb9..8f5ffb0 100644
+index 8fa4bb994..8f5ffb00a 100644
--- a/ddcprobe.te
+++ b/ddcprobe.te
@@ -34,9 +34,7 @@ dev_read_urand(ddcprobe_t)
@@ -24071,7 +24071,7 @@ index 8fa4bb9..8f5ffb0 100644
term_use_all_ttys(ddcprobe_t)
term_use_all_ptys(ddcprobe_t)
diff --git a/denyhosts.if b/denyhosts.if
-index a7326da..c87b5b7 100644
+index a7326da62..c87b5b7c6 100644
--- a/denyhosts.if
+++ b/denyhosts.if
@@ -53,6 +53,7 @@ interface(`denyhosts_initrc_domtrans',`
@@ -24112,7 +24112,7 @@ index a7326da..c87b5b7 100644
admin_pattern($1, denyhosts_var_lock_t)
')
diff --git a/denyhosts.te b/denyhosts.te
-index 583a527..91c4104 100644
+index 583a52726..91c4104c7 100644
--- a/denyhosts.te
+++ b/denyhosts.te
@@ -25,6 +25,9 @@ logging_log_file(denyhosts_var_log_t)
@@ -24164,7 +24164,7 @@ index 583a527..91c4104 100644
+ gnome_dontaudit_search_config(denyhosts_t)
+')
diff --git a/devicekit.fc b/devicekit.fc
-index ae49c9d..99a54eb 100644
+index ae49c9d99..99a54eb7f 100644
--- a/devicekit.fc
+++ b/devicekit.fc
@@ -11,6 +11,8 @@
@@ -24182,7 +24182,7 @@ index ae49c9d..99a54eb 100644
/var/run/upower(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
+
diff --git a/devicekit.if b/devicekit.if
-index 8ce99ff..1bc5d3a 100644
+index 8ce99ff48..1bc5d3aea 100644
--- a/devicekit.if
+++ b/devicekit.if
@@ -1,4 +1,4 @@
@@ -24599,7 +24599,7 @@ index 8ce99ff..1bc5d3a 100644
+ logging_log_filetrans($1, devicekit_var_log_t, file, "pm-suspend.log")
')
diff --git a/devicekit.te b/devicekit.te
-index 77a5003..cb628f9 100644
+index 77a5003c0..cb628f935 100644
--- a/devicekit.te
+++ b/devicekit.te
@@ -7,15 +7,15 @@ policy_module(devicekit, 1.3.1)
@@ -24846,7 +24846,7 @@ index 77a5003..cb628f9 100644
+')
+
diff --git a/dhcp.fc b/dhcp.fc
-index 8182c48..0b9bb97 100644
+index 8182c4806..0b9bb9710 100644
--- a/dhcp.fc
+++ b/dhcp.fc
@@ -1,6 +1,13 @@
@@ -24865,7 +24865,7 @@ index 8182c48..0b9bb97 100644
/var/lib/dhcpd(/.*)? gen_context(system_u:object_r:dhcpd_state_t,s0)
/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
diff --git a/dhcp.if b/dhcp.if
-index c697edb..954c090 100644
+index c697edbcd..954c090bd 100644
--- a/dhcp.if
+++ b/dhcp.if
@@ -36,7 +36,7 @@ interface(`dhcpd_setattr_state_files',`
@@ -24937,7 +24937,7 @@ index c697edb..954c090 100644
+ allow $1 dhcpd_unit_file_t:service all_service_perms;
')
diff --git a/dhcp.te b/dhcp.te
-index 98a24b9..d6cb9e7 100644
+index 98a24b989..d6cb9e7ba 100644
--- a/dhcp.te
+++ b/dhcp.te
@@ -20,6 +20,9 @@ init_daemon_domain(dhcpd_t, dhcpd_exec_t)
@@ -25024,7 +25024,7 @@ index 98a24b9..d6cb9e7 100644
dbus_connect_system_bus(dhcpd_t)
')
diff --git a/dictd.if b/dictd.if
-index 3cc3494..cb0a1f4 100644
+index 3cc3494bd..cb0a1f4bf 100644
--- a/dictd.if
+++ b/dictd.if
@@ -38,8 +38,11 @@ interface(`dictd_admin',`
@@ -25041,7 +25041,7 @@ index 3cc3494..cb0a1f4 100644
init_labeled_script_domtrans($1, dictd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/dictd.te b/dictd.te
-index 433d3c5..0dccebf 100644
+index 433d3c5a0..0dccebfd9 100644
--- a/dictd.te
+++ b/dictd.te
@@ -43,7 +43,6 @@ files_pid_filetrans(dictd_t, dictd_var_run_t, file)
@@ -25070,7 +25070,7 @@ index 433d3c5..0dccebf 100644
optional_policy(`
diff --git a/dirmngr.te b/dirmngr.te
-index b3b2188..5f91705 100644
+index b3b218815..5f917054c 100644
--- a/dirmngr.te
+++ b/dirmngr.te
@@ -53,6 +53,5 @@ files_pid_filetrans(dirmngr_t, dirmngr_var_run_t, { dir file })
@@ -25082,7 +25082,7 @@ index b3b2188..5f91705 100644
miscfiles_read_localization(dirmngr_t)
diff --git a/dirsrv-admin.fc b/dirsrv-admin.fc
new file mode 100644
-index 0000000..38b17f8
+index 000000000..38b17f89f
--- /dev/null
+++ b/dirsrv-admin.fc
@@ -0,0 +1,17 @@
@@ -25105,7 +25105,7 @@ index 0000000..38b17f8
+/var/lock/subsys/dirsrv-admin -- gen_context(system_u:object_r:dirsrvadmin_lock_t,s0)
diff --git a/dirsrv-admin.if b/dirsrv-admin.if
new file mode 100644
-index 0000000..0d4e704
+index 000000000..0d4e70492
--- /dev/null
+++ b/dirsrv-admin.if
@@ -0,0 +1,157 @@
@@ -25268,7 +25268,7 @@ index 0000000..0d4e704
+')
diff --git a/dirsrv-admin.te b/dirsrv-admin.te
new file mode 100644
-index 0000000..09223af
+index 000000000..09223afb3
--- /dev/null
+++ b/dirsrv-admin.te
@@ -0,0 +1,167 @@
@@ -25441,7 +25441,7 @@ index 0000000..09223af
+
diff --git a/dirsrv.fc b/dirsrv.fc
new file mode 100644
-index 0000000..5d30dab
+index 000000000..5d30dab95
--- /dev/null
+++ b/dirsrv.fc
@@ -0,0 +1,23 @@
@@ -25470,7 +25470,7 @@ index 0000000..5d30dab
+/var/log/dirsrv/ldap-agent.log.* gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
diff --git a/dirsrv.if b/dirsrv.if
new file mode 100644
-index 0000000..b3784d8
+index 000000000..b3784d85d
--- /dev/null
+++ b/dirsrv.if
@@ -0,0 +1,232 @@
@@ -25708,7 +25708,7 @@ index 0000000..b3784d8
+')
diff --git a/dirsrv.te b/dirsrv.te
new file mode 100644
-index 0000000..383bb96
+index 000000000..383bb96ab
--- /dev/null
+++ b/dirsrv.te
@@ -0,0 +1,204 @@
@@ -25917,7 +25917,7 @@ index 0000000..383bb96
+ snmp_stream_connect(dirsrv_snmp_t)
+')
diff --git a/distcc.if b/distcc.if
-index 24d8c74..1790ec5 100644
+index 24d8c740c..1790ec5dc 100644
--- a/distcc.if
+++ b/distcc.if
@@ -19,7 +19,7 @@
@@ -25930,7 +25930,7 @@ index 24d8c74..1790ec5 100644
')
diff --git a/distcc.te b/distcc.te
-index 898b2f4..8a1725b 100644
+index 898b2f433..8a1725b62 100644
--- a/distcc.te
+++ b/distcc.te
@@ -47,7 +47,6 @@ files_pid_filetrans(distccd_t, distccd_var_run_t, file)
@@ -25951,7 +25951,7 @@ index 898b2f4..8a1725b 100644
userdom_dontaudit_search_user_home_dirs(distccd_t)
diff --git a/djbdns.if b/djbdns.if
-index 671d3c0..6d36c95 100644
+index 671d3c0a1..6d36c951a 100644
--- a/djbdns.if
+++ b/djbdns.if
@@ -39,6 +39,23 @@ template(`djbdns_daemontools_domain_template',`
@@ -25979,7 +25979,7 @@ index 671d3c0..6d36c95 100644
#####################################
diff --git a/djbdns.te b/djbdns.te
-index 87ca536..ebd327a 100644
+index 87ca536ae..ebd327ad1 100644
--- a/djbdns.te
+++ b/djbdns.te
@@ -48,6 +48,10 @@ corenet_udp_bind_generic_port(djbdns_domain)
@@ -25994,7 +25994,7 @@ index 87ca536..ebd327a 100644
#
# axfrdns local policy
diff --git a/dkim.fc b/dkim.fc
-index 5818418..674367b 100644
+index 5818418af..674367b3a 100644
--- a/dkim.fc
+++ b/dkim.fc
@@ -9,7 +9,6 @@
@@ -26006,7 +26006,7 @@ index 5818418..674367b 100644
/var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0)
diff --git a/dmidecode.if b/dmidecode.if
-index 41c3f67..653a1ec 100644
+index 41c3f6770..653a1ecbb 100644
--- a/dmidecode.if
+++ b/dmidecode.if
@@ -19,6 +19,25 @@ interface(`dmidecode_domtrans',`
@@ -26036,7 +26036,7 @@ index 41c3f67..653a1ec 100644
##
## Execute dmidecode in the dmidecode
diff --git a/dmidecode.te b/dmidecode.te
-index aa0ef6e..02bdb68 100644
+index aa0ef6e94..02bdb681d 100644
--- a/dmidecode.te
+++ b/dmidecode.te
@@ -31,4 +31,8 @@ mls_file_read_all_levels(dmidecode_t)
@@ -26050,7 +26050,7 @@ index aa0ef6e..02bdb68 100644
+ rhsmcertd_rw_inherited_lock_files(dmidecode_t)
+')
diff --git a/dnsmasq.fc b/dnsmasq.fc
-index 23ab808..84735a8 100644
+index 23ab808d8..84735a8cb 100644
--- a/dnsmasq.fc
+++ b/dnsmasq.fc
@@ -1,13 +1,16 @@
@@ -26073,7 +26073,7 @@ index 23ab808..84735a8 100644
+/var/run/dnsmasq.* gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
/var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
diff --git a/dnsmasq.if b/dnsmasq.if
-index 19aa0b8..a79982c 100644
+index 19aa0b80b..a79982cd6 100644
--- a/dnsmasq.if
+++ b/dnsmasq.if
@@ -10,7 +10,6 @@
@@ -26359,7 +26359,7 @@ index 19aa0b8..a79982c 100644
+
+
diff --git a/dnsmasq.te b/dnsmasq.te
-index 37a3b7b..78c681c 100644
+index 37a3b7b30..78c681ce9 100644
--- a/dnsmasq.te
+++ b/dnsmasq.te
@@ -24,12 +24,15 @@ logging_log_file(dnsmasq_var_log_t)
@@ -26463,7 +26463,7 @@ index 37a3b7b..78c681c 100644
+')
diff --git a/dnssec.fc b/dnssec.fc
new file mode 100644
-index 0000000..1714fa6
+index 000000000..1714fa661
--- /dev/null
+++ b/dnssec.fc
@@ -0,0 +1,6 @@
@@ -26475,7 +26475,7 @@ index 0000000..1714fa6
+/var/run/dnssec.* gen_context(system_u:object_r:dnssec_trigger_var_run_t,s0)
diff --git a/dnssec.if b/dnssec.if
new file mode 100644
-index 0000000..d22ed69
+index 000000000..d22ed691a
--- /dev/null
+++ b/dnssec.if
@@ -0,0 +1,123 @@
@@ -26604,7 +26604,7 @@ index 0000000..d22ed69
+')
diff --git a/dnssec.te b/dnssec.te
new file mode 100644
-index 0000000..2387876
+index 000000000..238787661
--- /dev/null
+++ b/dnssec.te
@@ -0,0 +1,91 @@
@@ -26700,7 +26700,7 @@ index 0000000..2387876
+ networkmanager_read_conf(dnssec_trigger_t)
+')
diff --git a/dnssectrigger.te b/dnssectrigger.te
-index c7bb4e7..e6fe2f40 100644
+index c7bb4e782..e6fe2f402 100644
--- a/dnssectrigger.te
+++ b/dnssectrigger.te
@@ -67,8 +67,6 @@ files_read_etc_runtime_files(dnssec_triggerd_t)
@@ -26713,7 +26713,7 @@ index c7bb4e7..e6fe2f40 100644
sysnet_manage_config(dnssec_triggerd_t)
sysnet_etc_filetrans_config(dnssec_triggerd_t)
diff --git a/dovecot.fc b/dovecot.fc
-index c880070..4448055 100644
+index c88007004..444805588 100644
--- a/dovecot.fc
+++ b/dovecot.fc
@@ -1,36 +1,48 @@
@@ -26788,7 +26788,7 @@ index c880070..4448055 100644
-/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
+/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
diff --git a/dovecot.if b/dovecot.if
-index d5badb7..c2431fc 100644
+index d5badb755..c2431fc73 100644
--- a/dovecot.if
+++ b/dovecot.if
@@ -1,29 +1,49 @@
@@ -27005,7 +27005,7 @@ index d5badb7..c2431fc 100644
+ admin_pattern($1, dovecot_passwd_t)
')
diff --git a/dovecot.te b/dovecot.te
-index 0aabc7e..994752c 100644
+index 0aabc7e66..994752cd2 100644
--- a/dovecot.te
+++ b/dovecot.te
@@ -7,12 +7,10 @@ policy_module(dovecot, 1.16.1)
@@ -27448,7 +27448,7 @@ index 0aabc7e..994752c 100644
sendmail_domtrans(dovecot_deliver_t)
')
diff --git a/dpkg.te b/dpkg.te
-index 50af48c..5ab4901 100644
+index 50af48c89..5ab49010f 100644
--- a/dpkg.te
+++ b/dpkg.te
@@ -49,7 +49,7 @@ files_tmpfs_file(dpkg_script_tmpfs_t)
@@ -27461,7 +27461,7 @@ index 50af48c..5ab4901 100644
allow dpkg_t self:fd use;
allow dpkg_t self:fifo_file rw_fifo_file_perms;
diff --git a/drbd.fc b/drbd.fc
-index 671a3fb..47b4958 100644
+index 671a3fb6f..47b4958d0 100644
--- a/drbd.fc
+++ b/drbd.fc
@@ -3,7 +3,7 @@
@@ -27480,7 +27480,7 @@ index 671a3fb..47b4958 100644
+
+/var/run/drbd(/.*)? gen_context(system_u:object_r:drbd_var_run_t,s0)
diff --git a/drbd.if b/drbd.if
-index 9a21639..26c5986 100644
+index 9a2163936..26c59868b 100644
--- a/drbd.if
+++ b/drbd.if
@@ -2,12 +2,11 @@
@@ -27622,7 +27622,7 @@ index 9a21639..26c5986 100644
')
+
diff --git a/drbd.te b/drbd.te
-index f2516cc..af2c2ad 100644
+index f2516cc07..af2c2ad81 100644
--- a/drbd.te
+++ b/drbd.te
@@ -18,38 +18,72 @@ files_type(drbd_var_lib_t)
@@ -27705,7 +27705,7 @@ index f2516cc..af2c2ad 100644
+ rhcs_manage_cluster_lib_files(drbd_t)
+')
diff --git a/dspam.fc b/dspam.fc
-index 5eddac5..b5fcb77 100644
+index 5eddac51c..b5fcb7760 100644
--- a/dspam.fc
+++ b/dspam.fc
@@ -2,11 +2,16 @@
@@ -27728,7 +27728,7 @@ index 5eddac5..b5fcb77 100644
+
+/var/lib/dspam/data(/.*)? gen_context(system_u:object_r:dspam_rw_content_t,s0)
diff --git a/dspam.if b/dspam.if
-index 18f2452..a446210 100644
+index 18f245250..a446210f0 100644
--- a/dspam.if
+++ b/dspam.if
@@ -1,13 +1,15 @@
@@ -28003,7 +28003,7 @@ index 18f2452..a446210 100644
+
')
diff --git a/dspam.te b/dspam.te
-index ef62363..0841716 100644
+index ef6236335..084171673 100644
--- a/dspam.te
+++ b/dspam.te
@@ -28,6 +28,9 @@ files_pid_file(dspam_var_run_t)
@@ -28081,7 +28081,7 @@ index ef62363..0841716 100644
+ procmail_domtrans(dspam_t)
+')
diff --git a/entropyd.te b/entropyd.te
-index b8b8328..e3dc7c7 100644
+index b8b8328c0..e3dc7c72c 100644
--- a/entropyd.te
+++ b/entropyd.te
@@ -12,7 +12,7 @@ policy_module(entropyd, 1.8.0)
@@ -28123,7 +28123,7 @@ index b8b8328..e3dc7c7 100644
userdom_dontaudit_search_user_home_dirs(entropyd_t)
diff --git a/etcd.fc b/etcd.fc
new file mode 100644
-index 0000000..eac30a3
+index 000000000..eac30a338
--- /dev/null
+++ b/etcd.fc
@@ -0,0 +1,5 @@
@@ -28134,7 +28134,7 @@ index 0000000..eac30a3
+/var/lib/etcd(/.*)? gen_context(system_u:object_r:etcd_var_lib_t,s0)
diff --git a/etcd.if b/etcd.if
new file mode 100644
-index 0000000..d1a05a6
+index 000000000..d1a05a650
--- /dev/null
+++ b/etcd.if
@@ -0,0 +1,161 @@
@@ -28301,7 +28301,7 @@ index 0000000..d1a05a6
+')
diff --git a/etcd.te b/etcd.te
new file mode 100644
-index 0000000..7cee445
+index 000000000..7cee445f6
--- /dev/null
+++ b/etcd.te
@@ -0,0 +1,42 @@
@@ -28348,7 +28348,7 @@ index 0000000..7cee445
+
+logging_send_syslog_msg(etcd_t)
diff --git a/evolution.fc b/evolution.fc
-index 597f305..8520653 100644
+index 597f305da..85206539c 100644
--- a/evolution.fc
+++ b/evolution.fc
@@ -1,5 +1,6 @@
@@ -28359,7 +28359,7 @@ index 597f305..8520653 100644
/tmp/\.exchange-USER(/.*)? gen_context(system_u:object_r:evolution_exchange_tmp_t,s0)
diff --git a/evolution.te b/evolution.te
-index c99e07c..ab9dd9f 100644
+index c99e07c48..ab9dd9f90 100644
--- a/evolution.te
+++ b/evolution.te
@@ -168,7 +168,6 @@ dev_read_urand(evolution_t)
@@ -28404,7 +28404,7 @@ index c99e07c..ab9dd9f 100644
fs_search_auto_mountpoints(evolution_server_t)
diff --git a/exim.if b/exim.if
-index 9bbc690..4a8d053 100644
+index 9bbc6907a..4a8d0536b 100644
--- a/exim.if
+++ b/exim.if
@@ -21,35 +21,51 @@ interface(`exim_domtrans',`
@@ -28555,7 +28555,7 @@ index 9bbc690..4a8d053 100644
role_transition $2 exim_initrc_exec_t system_r;
allow $2 system_r;
diff --git a/exim.te b/exim.te
-index 4086c51..3e7a990 100644
+index 4086c51b9..3e7a99099 100644
--- a/exim.te
+++ b/exim.te
@@ -55,7 +55,7 @@ type exim_log_t;
@@ -28637,7 +28637,7 @@ index 4086c51..3e7a990 100644
optional_policy(`
diff --git a/fail2ban.if b/fail2ban.if
-index 50d0084..94e1936 100644
+index 50d0084d4..94e193606 100644
--- a/fail2ban.if
+++ b/fail2ban.if
@@ -19,57 +19,57 @@ interface(`fail2ban_domtrans',`
@@ -28941,7 +28941,7 @@ index 50d0084..94e1936 100644
fail2ban_run_client($1, $2)
diff --git a/fail2ban.te b/fail2ban.te
-index cf0e567..7bebd26 100644
+index cf0e56772..7bebd2699 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -37,7 +37,7 @@ role fail2ban_client_roles types fail2ban_client_t;
@@ -29066,7 +29066,7 @@ index cf0e567..7bebd26 100644
+ apache_read_log(fail2ban_client_t)
+')
diff --git a/fcoe.te b/fcoe.te
-index ce358fb..cdc11a7 100644
+index ce358fb3f..cdc11a7f9 100644
--- a/fcoe.te
+++ b/fcoe.te
@@ -20,25 +20,32 @@ files_pid_file(fcoemon_var_run_t)
@@ -29107,7 +29107,7 @@ index ce358fb..cdc11a7 100644
+ networkmanager_dgram_send(fcoemon_t)
+')
diff --git a/fetchmail.fc b/fetchmail.fc
-index 133b8ee..a47a12f 100644
+index 133b8ee67..a47a12fe7 100644
--- a/fetchmail.fc
+++ b/fetchmail.fc
@@ -1,4 +1,5 @@
@@ -29117,7 +29117,7 @@ index 133b8ee..a47a12f 100644
/etc/fetchmailrc -- gen_context(system_u:object_r:fetchmail_etc_t,s0)
diff --git a/fetchmail.if b/fetchmail.if
-index c3f7916..cab3954 100644
+index c3f791660..cab3954f3 100644
--- a/fetchmail.if
+++ b/fetchmail.if
@@ -23,14 +23,16 @@ interface(`fetchmail_admin',`
@@ -29141,7 +29141,7 @@ index c3f7916..cab3954 100644
admin_pattern($1, fetchmail_etc_t)
diff --git a/fetchmail.te b/fetchmail.te
-index 742559a..fa51d09 100644
+index 742559a54..fa51d09dd 100644
--- a/fetchmail.te
+++ b/fetchmail.te
@@ -32,14 +32,18 @@ files_type(fetchmail_uidl_cache_t)
@@ -29201,7 +29201,7 @@ index 742559a..fa51d09 100644
optional_policy(`
procmail_domtrans(fetchmail_t)
diff --git a/finger.te b/finger.te
-index 35da09d..85f1e03 100644
+index 35da09d97..85f1e03d4 100644
--- a/finger.te
+++ b/finger.te
@@ -45,7 +45,6 @@ logging_log_filetrans(fingerd_t, fingerd_log_t, file)
@@ -29238,7 +29238,7 @@ index 35da09d..85f1e03 100644
userdom_dontaudit_use_unpriv_user_fds(fingerd_t)
diff --git a/firewalld.fc b/firewalld.fc
-index 21d7b84..0e272bd 100644
+index 21d7b8442..0e272bd0e 100644
--- a/firewalld.fc
+++ b/firewalld.fc
@@ -1,3 +1,5 @@
@@ -29248,7 +29248,7 @@ index 21d7b84..0e272bd 100644
/etc/firewalld(/.*)? gen_context(system_u:object_r:firewalld_etc_rw_t,s0)
diff --git a/firewalld.if b/firewalld.if
-index c62c567..a74f123 100644
+index c62c5670a..a74f123da 100644
--- a/firewalld.if
+++ b/firewalld.if
@@ -2,7 +2,7 @@
@@ -29424,7 +29424,7 @@ index c62c567..a74f123 100644
+ allow $1 firewalld_unit_file_t:service all_service_perms;
')
diff --git a/firewalld.te b/firewalld.te
-index 98072a3..42ee4d3 100644
+index 98072a3a1..42ee4d39c 100644
--- a/firewalld.te
+++ b/firewalld.te
@@ -21,15 +21,21 @@ logging_log_file(firewalld_var_log_t)
@@ -29534,7 +29534,7 @@ index 98072a3..42ee4d3 100644
')
diff --git a/firewallgui.if b/firewallgui.if
-index e6866d1..941f4ef 100644
+index e6866d1fd..941f4ef73 100644
--- a/firewallgui.if
+++ b/firewallgui.if
@@ -37,5 +37,5 @@ interface(`firewallgui_dontaudit_rw_pipes',`
@@ -29545,7 +29545,7 @@ index e6866d1..941f4ef 100644
+ dontaudit $1 firewallgui_t:fifo_file rw_inherited_fifo_file_perms;
')
diff --git a/firewallgui.te b/firewallgui.te
-index 2094546..2481a97 100644
+index 209454664..2481a9704 100644
--- a/firewallgui.te
+++ b/firewallgui.te
@@ -36,8 +36,10 @@ corecmd_exec_shell(firewallgui_t)
@@ -29576,7 +29576,7 @@ index 2094546..2481a97 100644
optional_policy(`
diff --git a/firstboot.fc b/firstboot.fc
-index 12c782c..ba614e4 100644
+index 12c782c89..ba614e457 100644
--- a/firstboot.fc
+++ b/firstboot.fc
@@ -1,5 +1,3 @@
@@ -29588,7 +29588,7 @@ index 12c782c..ba614e4 100644
-/usr/share/firstboot/firstboot\.py -- gen_context(system_u:object_r:firstboot_exec_t,s0)
+/usr/share/firstboot/firstboot\.py -- gen_context(system_u:object_r:firstboot_exec_t,s0)
diff --git a/firstboot.if b/firstboot.if
-index 280f875..f3a67c9 100644
+index 280f875f0..f3a67c911 100644
--- a/firstboot.if
+++ b/firstboot.if
@@ -1,4 +1,7 @@
@@ -29715,7 +29715,7 @@ index 280f875..f3a67c9 100644
##
##
diff --git a/firstboot.te b/firstboot.te
-index 5010f04..0341ae1 100644
+index 5010f04e1..0341ae121 100644
--- a/firstboot.te
+++ b/firstboot.te
@@ -1,7 +1,7 @@
@@ -29855,7 +29855,7 @@ index 5010f04..0341ae1 100644
optional_policy(`
diff --git a/fprintd.te b/fprintd.te
-index 92a6479..f064c94 100644
+index 92a6479a2..f064c940d 100644
--- a/fprintd.te
+++ b/fprintd.te
@@ -18,25 +18,29 @@ files_type(fprintd_var_lib_t)
@@ -29916,7 +29916,7 @@ index 92a6479..f064c94 100644
')
diff --git a/freeipmi.fc b/freeipmi.fc
new file mode 100644
-index 0000000..0942a2e
+index 000000000..0942a2e39
--- /dev/null
+++ b/freeipmi.fc
@@ -0,0 +1,17 @@
@@ -29939,7 +29939,7 @@ index 0000000..0942a2e
+/var/run/bmc-watchdog\.pid -- gen_context(system_u:object_r:freeipmi_bmc_watchdog_var_run_t,s0)
diff --git a/freeipmi.if b/freeipmi.if
new file mode 100644
-index 0000000..dc94853
+index 000000000..dc9485309
--- /dev/null
+++ b/freeipmi.if
@@ -0,0 +1,71 @@
@@ -30016,7 +30016,7 @@ index 0000000..dc94853
+
diff --git a/freeipmi.te b/freeipmi.te
new file mode 100644
-index 0000000..0ca4fc3
+index 000000000..0ca4fc3e8
--- /dev/null
+++ b/freeipmi.te
@@ -0,0 +1,79 @@
@@ -30101,14 +30101,14 @@ index 0000000..0ca4fc3
+files_pid_filetrans(freeipmi_ipmiseld_t, freeipmi_ipmiseld_var_run_t, file, "ipmiseld.pid")
diff --git a/freqset.fc b/freqset.fc
new file mode 100644
-index 0000000..3cd9c38
+index 000000000..3cd9c38fd
--- /dev/null
+++ b/freqset.fc
@@ -0,0 +1 @@
+/usr/lib/enlightenment/modules/cpufreq/linux-gnu-[^/]*/freqset -- gen_context(system_u:object_r:freqset_exec_t,s0)
diff --git a/freqset.if b/freqset.if
new file mode 100644
-index 0000000..190ccc0
+index 000000000..190ccc035
--- /dev/null
+++ b/freqset.if
@@ -0,0 +1,76 @@
@@ -30190,7 +30190,7 @@ index 0000000..190ccc0
+')
diff --git a/freqset.te b/freqset.te
new file mode 100644
-index 0000000..0d09fbd
+index 000000000..0d09fbd62
--- /dev/null
+++ b/freqset.te
@@ -0,0 +1,34 @@
@@ -30229,7 +30229,7 @@ index 0000000..0d09fbd
+
+userdom_use_inherited_user_terminals(freqset_t)
diff --git a/ftp.fc b/ftp.fc
-index ddb75c1..f38075f 100644
+index ddb75c12c..f38075ff8 100644
--- a/ftp.fc
+++ b/ftp.fc
@@ -1,5 +1,8 @@
@@ -30250,7 +30250,7 @@ index ddb75c1..f38075f 100644
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0)
diff --git a/ftp.if b/ftp.if
-index 4498143..84a4858 100644
+index 44981434b..84a4858b6 100644
--- a/ftp.if
+++ b/ftp.if
@@ -1,5 +1,67 @@
@@ -30345,7 +30345,7 @@ index 4498143..84a4858 100644
ftp_run_ftpdctl($1, $2)
')
diff --git a/ftp.te b/ftp.te
-index 36838c2..34a9ced 100644
+index 36838c202..34a9cedf3 100644
--- a/ftp.te
+++ b/ftp.te
@@ -13,7 +13,7 @@ policy_module(ftp, 1.15.1)
@@ -30739,7 +30739,7 @@ index 36838c2..34a9ced 100644
-')
diff --git a/fwupd.fc b/fwupd.fc
new file mode 100644
-index 0000000..859dc40
+index 000000000..859dc40ed
--- /dev/null
+++ b/fwupd.fc
@@ -0,0 +1,10 @@
@@ -30755,7 +30755,7 @@ index 0000000..859dc40
+/var/lib/fwupd(/.*)? gen_context(system_u:object_r:fwupd_var_lib_t,s0)
diff --git a/fwupd.if b/fwupd.if
new file mode 100644
-index 0000000..daef190
+index 000000000..daef19015
--- /dev/null
+++ b/fwupd.if
@@ -0,0 +1,281 @@
@@ -31042,7 +31042,7 @@ index 0000000..daef190
+')
diff --git a/fwupd.te b/fwupd.te
new file mode 100644
-index 0000000..7bf263a
+index 000000000..7bf263a6c
--- /dev/null
+++ b/fwupd.te
@@ -0,0 +1,70 @@
@@ -31117,7 +31117,7 @@ index 0000000..7bf263a
+ unconfined_domain(fwupd_t)
+')
diff --git a/games.if b/games.if
-index e2a3e0d..50ebd40 100644
+index e2a3e0dba..50ebd4080 100644
--- a/games.if
+++ b/games.if
@@ -58,3 +58,23 @@ interface(`games_rw_data',`
@@ -31145,7 +31145,7 @@ index e2a3e0d..50ebd40 100644
+ manage_files_pattern($1, games_data_t, games_data_t)
+')
diff --git a/games.te b/games.te
-index e5b15fb..220622e 100644
+index e5b15fb7e..220622e84 100644
--- a/games.te
+++ b/games.te
@@ -76,8 +76,6 @@ init_use_script_ptys(games_srv_t)
@@ -31192,7 +31192,7 @@ index e5b15fb..220622e 100644
')
diff --git a/gatekeeper.te b/gatekeeper.te
-index 2820368..88c98f4 100644
+index 28203689c..88c98f481 100644
--- a/gatekeeper.te
+++ b/gatekeeper.te
@@ -57,7 +57,6 @@ kernel_read_kernel_sysctls(gatekeeper_t)
@@ -31221,7 +31221,7 @@ index 2820368..88c98f4 100644
userdom_dontaudit_use_unpriv_user_fds(gatekeeper_t)
diff --git a/gear.fc b/gear.fc
new file mode 100644
-index 0000000..98c012c
+index 000000000..98c012c6e
--- /dev/null
+++ b/gear.fc
@@ -0,0 +1,7 @@
@@ -31234,7 +31234,7 @@ index 0000000..98c012c
+/var/lib/gear(/.*)? gen_context(system_u:object_r:gear_var_lib_t,s0)
diff --git a/gear.if b/gear.if
new file mode 100644
-index 0000000..d745c67
+index 000000000..d745c675f
--- /dev/null
+++ b/gear.if
@@ -0,0 +1,289 @@
@@ -31529,7 +31529,7 @@ index 0000000..d745c67
+')
diff --git a/gear.te b/gear.te
new file mode 100644
-index 0000000..33dbdf7
+index 000000000..33dbdf7ec
--- /dev/null
+++ b/gear.te
@@ -0,0 +1,136 @@
@@ -31671,7 +31671,7 @@ index 0000000..33dbdf7
+')
diff --git a/geoclue.fc b/geoclue.fc
new file mode 100644
-index 0000000..a97f14f
+index 000000000..a97f14fd9
--- /dev/null
+++ b/geoclue.fc
@@ -0,0 +1,4 @@
@@ -31681,7 +31681,7 @@ index 0000000..a97f14f
+/var/lib/geoclue(/.*)? gen_context(system_u:object_r:geoclue_var_lib_t,s0)
diff --git a/geoclue.if b/geoclue.if
new file mode 100644
-index 0000000..cf9f7bf
+index 000000000..cf9f7bfca
--- /dev/null
+++ b/geoclue.if
@@ -0,0 +1,153 @@
@@ -31840,7 +31840,7 @@ index 0000000..cf9f7bf
+')
diff --git a/geoclue.te b/geoclue.te
new file mode 100644
-index 0000000..fb8be0d
+index 000000000..fb8be0d88
--- /dev/null
+++ b/geoclue.te
@@ -0,0 +1,72 @@
@@ -31917,7 +31917,7 @@ index 0000000..fb8be0d
+ pcscd_stream_connect(geoclue_t)
+')
diff --git a/gift.te b/gift.te
-index 8a820fa..996b30c 100644
+index 8a820face..996b30c16 100644
--- a/gift.te
+++ b/gift.te
@@ -67,17 +67,7 @@ auth_use_nsswitch(gift_t)
@@ -31965,7 +31965,7 @@ index 8a820fa..996b30c 100644
+userdom_use_inherited_user_terminals(giftd_t)
+userdom_home_manager(gitd_t)
diff --git a/git.fc b/git.fc
-index 24700f8..6561d56 100644
+index 24700f84b..6561d568e 100644
--- a/git.fc
+++ b/git.fc
@@ -2,12 +2,12 @@ HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_user_content_t,s0)
@@ -31988,7 +31988,7 @@ index 24700f8..6561d56 100644
+/var/www/git/gitweb\.cgi -- gen_context(system_u:object_r:git_script_exec_t,s0)
+/var/www/gitweb-caching/gitweb\.cgi -- gen_context(system_u:object_r:git_script_exec_t,s0)
diff --git a/git.if b/git.if
-index 1e29af1..6c64f55 100644
+index 1e29af196..6c64f55c3 100644
--- a/git.if
+++ b/git.if
@@ -37,7 +37,10 @@ template(`git_role',`
@@ -32034,7 +32034,7 @@ index 1e29af1..6c64f55 100644
+ userdom_user_home_dir_filetrans($1, git_user_content_t, dir, "public_git")
+')
diff --git a/git.te b/git.te
-index dc49c71..54df5e3 100644
+index dc49c715e..54df5e36e 100644
--- a/git.te
+++ b/git.te
@@ -49,14 +49,6 @@ gen_tunable(git_session_users, false)
@@ -32209,7 +32209,7 @@ index dc49c71..54df5e3 100644
-miscfiles_read_localization(git_daemon)
diff --git a/gitosis.te b/gitosis.te
-index 582db0a..d77a1a5 100644
+index 582db0a2e..d77a1a549 100644
--- a/gitosis.te
+++ b/gitosis.te
@@ -52,12 +52,8 @@ corecmd_exec_shell(gitosis_t)
@@ -32226,7 +32226,7 @@ index 582db0a..d77a1a5 100644
tunable_policy(`gitosis_can_sendmail',`
diff --git a/glance.fc b/glance.fc
-index c21a528..a746a2b 100644
+index c21a528b5..a746a2b16 100644
--- a/glance.fc
+++ b/glance.fc
@@ -1,8 +1,14 @@
@@ -32246,7 +32246,7 @@ index c21a528..a746a2b 100644
/var/lib/glance(/.*)? gen_context(system_u:object_r:glance_var_lib_t,s0)
diff --git a/glance.if b/glance.if
-index 9eacb2c..7b19ad2 100644
+index 9eacb2c9c..7b19ad2db 100644
--- a/glance.if
+++ b/glance.if
@@ -1,5 +1,38 @@
@@ -32317,7 +32317,7 @@ index 9eacb2c..7b19ad2 100644
init_labeled_script_domtrans($1, { glance_api_initrc_exec_t glance_registry_initrc_exec_t })
domain_system_change_exemption($1)
diff --git a/glance.te b/glance.te
-index 5cd0909..bd3c3d2 100644
+index 5cd09096a..bd3c3d21b 100644
--- a/glance.te
+++ b/glance.te
@@ -5,10 +5,31 @@ policy_module(glance, 1.1.0)
@@ -32498,7 +32498,7 @@ index 5cd0909..bd3c3d2 100644
+corenet_tcp_connect_glance_registry_port(glance_scrubber_t)
diff --git a/glusterd.fc b/glusterd.fc
new file mode 100644
-index 0000000..a3633cd
+index 000000000..a3633cdc7
--- /dev/null
+++ b/glusterd.fc
@@ -0,0 +1,29 @@
@@ -32533,7 +32533,7 @@ index 0000000..a3633cd
+/var/run/ganesha.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
diff --git a/glusterd.if b/glusterd.if
new file mode 100644
-index 0000000..5e057b6
+index 000000000..5e057b628
--- /dev/null
+++ b/glusterd.if
@@ -0,0 +1,281 @@
@@ -32820,7 +32820,7 @@ index 0000000..5e057b6
+
diff --git a/glusterd.te b/glusterd.te
new file mode 100644
-index 0000000..03db2af
+index 000000000..03db2af88
--- /dev/null
+++ b/glusterd.te
@@ -0,0 +1,308 @@
@@ -33134,7 +33134,7 @@ index 0000000..03db2af
+')
diff --git a/glusterfs.fc b/glusterfs.fc
deleted file mode 100644
-index 4bd6ade..0000000
+index 4bd6ade46..000000000
--- a/glusterfs.fc
+++ /dev/null
@@ -1,16 +0,0 @@
@@ -33156,7 +33156,7 @@ index 4bd6ade..0000000
-/var/run/glusterd\.pid -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
diff --git a/glusterfs.if b/glusterfs.if
deleted file mode 100644
-index 05233c8..0000000
+index 05233c86e..000000000
--- a/glusterfs.if
+++ /dev/null
@@ -1,71 +0,0 @@
@@ -33233,7 +33233,7 @@ index 05233c8..0000000
-')
diff --git a/glusterfs.te b/glusterfs.te
deleted file mode 100644
-index 4e95c7e..0000000
+index 4e95c7e2f..000000000
--- a/glusterfs.te
+++ /dev/null
@@ -1,105 +0,0 @@
@@ -33343,7 +33343,7 @@ index 4e95c7e..0000000
-
-miscfiles_read_localization(glusterd_t)
diff --git a/gnome.fc b/gnome.fc
-index e39de43..5edcb83 100644
+index e39de436a..5edcb8330 100644
--- a/gnome.fc
+++ b/gnome.fc
@@ -1,15 +1,60 @@
@@ -33417,7 +33417,7 @@ index e39de43..5edcb83 100644
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
diff --git a/gnome.if b/gnome.if
-index ab09d61..72d67c2 100644
+index ab09d6195..72d67c2cb 100644
--- a/gnome.if
+++ b/gnome.if
@@ -1,52 +1,76 @@
@@ -35476,7 +35476,7 @@ index ab09d61..72d67c2 100644
+ type_transition $1 gkeyringd_exec_t:process $2;
')
diff --git a/gnome.te b/gnome.te
-index 63893eb..5664744 100644
+index 63893eb2d..566474488 100644
--- a/gnome.te
+++ b/gnome.te
@@ -5,14 +5,33 @@ policy_module(gnome, 2.3.0)
@@ -35793,7 +35793,7 @@ index 63893eb..5664744 100644
+
+userdom_use_inherited_user_terminals(gnomedomain)
diff --git a/gnomeclock.fc b/gnomeclock.fc
-index f9ba8cd..6906301 100644
+index f9ba8cd99..690630113 100644
--- a/gnomeclock.fc
+++ b/gnomeclock.fc
@@ -1,7 +1,10 @@
@@ -35810,7 +35810,7 @@ index f9ba8cd..6906301 100644
/usr/lib/gnome-settings-daemon/gsd-datetime-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
diff --git a/gnomeclock.if b/gnomeclock.if
-index 3f55702..25c7ab8 100644
+index 3f55702fb..25c7ab82c 100644
--- a/gnomeclock.if
+++ b/gnomeclock.if
@@ -2,8 +2,7 @@
@@ -35868,7 +35868,7 @@ index 3f55702..25c7ab8 100644
##
##
diff --git a/gnomeclock.te b/gnomeclock.te
-index 7cd7435..8f26e98 100644
+index 7cd7435e6..8f26e9862 100644
--- a/gnomeclock.te
+++ b/gnomeclock.te
@@ -5,82 +5,95 @@ policy_module(gnomeclock, 1.1.0)
@@ -35997,7 +35997,7 @@ index 7cd7435..8f26e98 100644
policykit_read_lib(gnomeclock_t)
policykit_read_reload(gnomeclock_t)
diff --git a/gpg.fc b/gpg.fc
-index 888cd2c..c02fa56 100644
+index 888cd2c68..c02fa5694 100644
--- a/gpg.fc
+++ b/gpg.fc
@@ -1,10 +1,14 @@
@@ -36020,7 +36020,7 @@ index 888cd2c..c02fa56 100644
-/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
+/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff --git a/gpg.if b/gpg.if
-index 180f1b7..3c8757e 100644
+index 180f1b7cc..3c8757e47 100644
--- a/gpg.if
+++ b/gpg.if
@@ -2,57 +2,79 @@
@@ -36316,7 +36316,7 @@ index 180f1b7..3c8757e 100644
+ userdom_user_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg")
+')
diff --git a/gpg.te b/gpg.te
-index 0e97e82..2569781 100644
+index 0e97e82f1..2569781e9 100644
--- a/gpg.te
+++ b/gpg.te
@@ -4,15 +4,7 @@ policy_module(gpg, 2.8.0)
@@ -36776,7 +36776,7 @@ index 0e97e82..2569781 100644
+ miscfiles_manage_public_files(gpg_web_t)
')
diff --git a/gpm.te b/gpm.te
-index 69734fd..a659808 100644
+index 69734fd15..a659808d0 100644
--- a/gpm.te
+++ b/gpm.te
@@ -13,7 +13,7 @@ type gpm_initrc_exec_t;
@@ -36819,7 +36819,7 @@ index 69734fd..a659808 100644
optional_policy(`
seutil_sigchld_newrole(gpm_t)
diff --git a/gpsd.te b/gpsd.te
-index fe3895e..a820546 100644
+index fe3895ece..a820546e3 100644
--- a/gpsd.te
+++ b/gpsd.te
@@ -28,11 +28,12 @@ files_pid_file(gpsd_var_run_t)
@@ -36854,7 +36854,7 @@ index fe3895e..a820546 100644
chronyd_stream_connect(gpsd_t)
diff --git a/gssproxy.fc b/gssproxy.fc
new file mode 100644
-index 0000000..f4659d1
+index 000000000..f4659d125
--- /dev/null
+++ b/gssproxy.fc
@@ -0,0 +1,8 @@
@@ -36868,7 +36868,7 @@ index 0000000..f4659d1
+/var/run/gssproxy\.sock -s gen_context(system_u:object_r:gssproxy_var_run_t,s0)
diff --git a/gssproxy.if b/gssproxy.if
new file mode 100644
-index 0000000..8a2013a
+index 000000000..8a2013af9
--- /dev/null
+++ b/gssproxy.if
@@ -0,0 +1,217 @@
@@ -37091,7 +37091,7 @@ index 0000000..8a2013a
+')
diff --git a/gssproxy.te b/gssproxy.te
new file mode 100644
-index 0000000..79e22c5
+index 000000000..79e22c58a
--- /dev/null
+++ b/gssproxy.te
@@ -0,0 +1,74 @@
@@ -37170,7 +37170,7 @@ index 0000000..79e22c5
+ kerberos_manage_host_rcache(gssproxy_t)
+')
diff --git a/guest.te b/guest.te
-index 19cdbe1..0605776 100644
+index 19cdbe1d7..060577633 100644
--- a/guest.te
+++ b/guest.te
@@ -20,4 +20,4 @@ optional_policy(`
@@ -37180,7 +37180,7 @@ index 19cdbe1..0605776 100644
-#gen_user(guest_u, user, guest_r, s0, s0)
+gen_user(guest_u, user, guest_r, s0, s0)
diff --git a/hadoop.te b/hadoop.te
-index e151378..04d173d 100644
+index e15137840..04d173d1d 100644
--- a/hadoop.te
+++ b/hadoop.te
@@ -155,7 +155,6 @@ dev_read_urand(hadoop_t)
@@ -37217,7 +37217,7 @@ index e151378..04d173d 100644
fs_getattr_xattr_fs(zookeeper_server_t)
diff --git a/hal.te b/hal.te
-index bbccc79..b027202 100644
+index bbccc79f1..b02720214 100644
--- a/hal.te
+++ b/hal.te
@@ -61,7 +61,6 @@ files_type(hald_var_lib_t)
@@ -37255,7 +37255,7 @@ index bbccc79..b027202 100644
logging_search_logs(hald_keymap_t)
diff --git a/hddtemp.if b/hddtemp.if
-index 1728071..6e2d333 100644
+index 1728071d0..6e2d333d9 100644
--- a/hddtemp.if
+++ b/hddtemp.if
@@ -19,6 +19,32 @@ interface(`hddtemp_domtrans',`
@@ -37307,7 +37307,7 @@ index 1728071..6e2d333 100644
domain_system_change_exemption($1)
role_transition $2 hddtemp_initrc_exec_t system_r;
diff --git a/hddtemp.te b/hddtemp.te
-index 9e11b98..6338ea7 100644
+index 9e11b9822..6338ea761 100644
--- a/hddtemp.te
+++ b/hddtemp.te
@@ -4,10 +4,12 @@ policy_module(hddtemp, 1.2.0)
@@ -37348,7 +37348,7 @@ index 9e11b98..6338ea7 100644
-miscfiles_read_localization(hddtemp_t)
diff --git a/hostapd.fc b/hostapd.fc
new file mode 100644
-index 0000000..0ca97b8
+index 000000000..0ca97b84b
--- /dev/null
+++ b/hostapd.fc
@@ -0,0 +1,5 @@
@@ -37360,7 +37360,7 @@ index 0000000..0ca97b8
\ No newline at end of file
diff --git a/hostapd.if b/hostapd.if
new file mode 100644
-index 0000000..d0016da
+index 000000000..d0016da91
--- /dev/null
+++ b/hostapd.if
@@ -0,0 +1,101 @@
@@ -37467,7 +37467,7 @@ index 0000000..d0016da
+')
diff --git a/hostapd.te b/hostapd.te
new file mode 100644
-index 0000000..438573d
+index 000000000..438573dfa
--- /dev/null
+++ b/hostapd.te
@@ -0,0 +1,53 @@
@@ -37525,7 +37525,7 @@ index 0000000..438573d
+
+miscfiles_read_localization(hostapd_t)
diff --git a/howl.te b/howl.te
-index b9e60ec..0477728 100644
+index b9e60ecfb..0477728a0 100644
--- a/howl.te
+++ b/howl.te
@@ -36,7 +36,6 @@ kernel_request_load_module(howl_t)
@@ -37547,7 +37547,7 @@ index b9e60ec..0477728 100644
diff --git a/hsqldb.fc b/hsqldb.fc
new file mode 100644
-index 0000000..aa92d71
+index 000000000..aa92d7118
--- /dev/null
+++ b/hsqldb.fc
@@ -0,0 +1,7 @@
@@ -37560,7 +37560,7 @@ index 0000000..aa92d71
+/var/lib/hsqldb(/.*)? gen_context(system_u:object_r:hsqldb_var_lib_t,s0)
diff --git a/hsqldb.if b/hsqldb.if
new file mode 100644
-index 0000000..f43f748
+index 000000000..f43f7489f
--- /dev/null
+++ b/hsqldb.if
@@ -0,0 +1,241 @@
@@ -37807,7 +37807,7 @@ index 0000000..f43f748
+')
diff --git a/hsqldb.te b/hsqldb.te
new file mode 100644
-index 0000000..28816b4
+index 000000000..28816b4fd
--- /dev/null
+++ b/hsqldb.te
@@ -0,0 +1,57 @@
@@ -37870,7 +37870,7 @@ index 0000000..28816b4
+sysnet_read_config(hsqldb_t)
diff --git a/hwloc.fc b/hwloc.fc
new file mode 100644
-index 0000000..d0c5a15
+index 000000000..d0c5a1502
--- /dev/null
+++ b/hwloc.fc
@@ -0,0 +1,5 @@
@@ -37881,7 +37881,7 @@ index 0000000..d0c5a15
+/var/run/hwloc(/.*)? gen_context(system_u:object_r:hwloc_var_run_t,s0)
diff --git a/hwloc.if b/hwloc.if
new file mode 100644
-index 0000000..c2349ec
+index 000000000..c2349ecf5
--- /dev/null
+++ b/hwloc.if
@@ -0,0 +1,106 @@
@@ -37993,7 +37993,7 @@ index 0000000..c2349ec
+')
diff --git a/hwloc.te b/hwloc.te
new file mode 100644
-index 0000000..0f45fd5
+index 000000000..0f45fd50e
--- /dev/null
+++ b/hwloc.te
@@ -0,0 +1,31 @@
@@ -38029,7 +38029,7 @@ index 0000000..0f45fd5
+
+dev_read_sysfs(hwloc_dhwd_t)
diff --git a/hypervkvp.fc b/hypervkvp.fc
-index b46130e..e2ae3b2 100644
+index b46130ef5..e2ae3b22b 100644
--- a/hypervkvp.fc
+++ b/hypervkvp.fc
@@ -1,3 +1,10 @@
@@ -38046,7 +38046,7 @@ index b46130e..e2ae3b2 100644
+
+/var/lib/hyperv(/.*)? gen_context(system_u:object_r:hypervkvp_var_lib_t,s0)
diff --git a/hypervkvp.if b/hypervkvp.if
-index 6517fad..f183748 100644
+index 6517fadbb..f1837481b 100644
--- a/hypervkvp.if
+++ b/hypervkvp.if
@@ -1,32 +1,135 @@
@@ -38199,7 +38199,7 @@ index 6517fad..f183748 100644
+ allow $1 hypervkvp_unit_file_t:service all_service_perms;
')
diff --git a/hypervkvp.te b/hypervkvp.te
-index 4eb7041..ea3c933 100644
+index 4eb7041ef..ea3c93385 100644
--- a/hypervkvp.te
+++ b/hypervkvp.te
@@ -5,24 +5,158 @@ policy_module(hypervkvp, 1.0.0)
@@ -38373,7 +38373,7 @@ index 4eb7041..ea3c933 100644
-sysnet_dns_name_resolve(hypervkvpd_t)
+logging_send_syslog_msg(hypervvssd_t)
diff --git a/i18n_input.te b/i18n_input.te
-index 369a056..65fde93 100644
+index 369a0566b..65fde93d9 100644
--- a/i18n_input.te
+++ b/i18n_input.te
@@ -45,7 +45,6 @@ can_exec(i18n_input_t, i18n_input_exec_t)
@@ -38415,7 +38415,7 @@ index 369a056..65fde93 100644
optional_policy(`
canna_stream_connect(i18n_input_t)
diff --git a/icecast.if b/icecast.if
-index 580b533..c267cea 100644
+index 580b533ce..c267cea58 100644
--- a/icecast.if
+++ b/icecast.if
@@ -176,6 +176,14 @@ interface(`icecast_admin',`
@@ -38434,7 +38434,7 @@ index 580b533..c267cea 100644
domain_system_change_exemption($1)
role_transition $2 icecast_initrc_exec_t system_r;
diff --git a/icecast.te b/icecast.te
-index a9e573a..9a9245f 100644
+index a9e573a50..9a9245f49 100644
--- a/icecast.te
+++ b/icecast.te
@@ -32,7 +32,7 @@ files_pid_file(icecast_var_run_t)
@@ -38460,7 +38460,7 @@ index a9e573a..9a9245f 100644
tunable_policy(`icecast_use_any_tcp_ports',`
corenet_tcp_connect_all_ports(icecast_t)
diff --git a/ifplugd.if b/ifplugd.if
-index 8999899..96909ae 100644
+index 899989996..96909ae6a 100644
--- a/ifplugd.if
+++ b/ifplugd.if
@@ -119,7 +119,7 @@ interface(`ifplugd_admin',`
@@ -38473,7 +38473,7 @@ index 8999899..96909ae 100644
init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
diff --git a/ifplugd.te b/ifplugd.te
-index b0546b4..98d7326 100644
+index b0546b43b..98d7326a8 100644
--- a/ifplugd.te
+++ b/ifplugd.te
@@ -10,7 +10,7 @@ type ifplugd_exec_t;
@@ -38501,7 +38501,7 @@ index b0546b4..98d7326 100644
sysnet_domtrans_ifconfig(ifplugd_t)
diff --git a/imaze.te b/imaze.te
-index 1eb24d8..b320d51 100644
+index 1eb24d8c8..b320d51ae 100644
--- a/imaze.te
+++ b/imaze.te
@@ -45,7 +45,6 @@ kernel_list_proc(imazesrv_t)
@@ -38522,7 +38522,7 @@ index 1eb24d8..b320d51 100644
userdom_dontaudit_search_user_home_dirs(imazesrv_t)
diff --git a/inetd.if b/inetd.if
-index fbb54e7..05c3777 100644
+index fbb54e7d8..05c377768 100644
--- a/inetd.if
+++ b/inetd.if
@@ -37,6 +37,12 @@ interface(`inetd_core_service_domain',`
@@ -38539,7 +38539,7 @@ index fbb54e7..05c3777 100644
########################################
diff --git a/inetd.te b/inetd.te
-index c6450df..ed6af79 100644
+index c6450df8a..ed6af7994 100644
--- a/inetd.te
+++ b/inetd.te
@@ -21,6 +21,7 @@ files_pid_file(inetd_var_run_t)
@@ -38655,7 +38655,7 @@ index c6450df..ed6af79 100644
optional_policy(`
unconfined_domain(inetd_child_t)
diff --git a/inn.fc b/inn.fc
-index 8c0a48b..b9eabf1 100644
+index 8c0a48b1d..b9eabf145 100644
--- a/inn.fc
+++ b/inn.fc
@@ -3,6 +3,8 @@
@@ -38748,7 +38748,7 @@ index 8c0a48b..b9eabf1 100644
/var/run/innd(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
/var/run/innd\.pid -- gen_context(system_u:object_r:innd_var_run_t,s0)
diff --git a/inn.if b/inn.if
-index eb87f23..d3d32c3 100644
+index eb87f2341..d3d32c3ad 100644
--- a/inn.if
+++ b/inn.if
@@ -124,6 +124,7 @@ interface(`inn_read_config',`
@@ -38818,7 +38818,7 @@ index eb87f23..d3d32c3 100644
init_labeled_script_domtrans($1, innd_initrc_exec_t)
diff --git a/inn.te b/inn.te
-index d39f0cc..2422996 100644
+index d39f0cc51..2422996ec 100644
--- a/inn.te
+++ b/inn.te
@@ -15,6 +15,9 @@ files_config_file(innd_etc_t)
@@ -38901,7 +38901,7 @@ index d39f0cc..2422996 100644
mta_send_mail(innd_t)
diff --git a/iodine.fc b/iodine.fc
-index ca07a87..6ea129c 100644
+index ca07a8744..6ea129cf6 100644
--- a/iodine.fc
+++ b/iodine.fc
@@ -1,3 +1,5 @@
@@ -38911,7 +38911,7 @@ index ca07a87..6ea129c 100644
+
/usr/sbin/iodined -- gen_context(system_u:object_r:iodined_exec_t,s0)
diff --git a/iodine.if b/iodine.if
-index a0bfbd0..8dc7c3e 100644
+index a0bfbd04f..8dc7c3e31 100644
--- a/iodine.if
+++ b/iodine.if
@@ -2,6 +2,50 @@
@@ -38966,7 +38966,7 @@ index a0bfbd0..8dc7c3e 100644
## administrate an iodined environment
##
diff --git a/iodine.te b/iodine.te
-index d443fee..6cbbf7d 100644
+index d443feee4..6cbbf7d84 100644
--- a/iodine.te
+++ b/iodine.te
@@ -12,6 +12,9 @@ init_daemon_domain(iodined_t, iodined_exec_t)
@@ -38990,14 +38990,14 @@ index d443fee..6cbbf7d 100644
diff --git a/iotop.fc b/iotop.fc
new file mode 100644
-index 0000000..c8d2dea
+index 000000000..c8d2deac2
--- /dev/null
+++ b/iotop.fc
@@ -0,0 +1 @@
+/usr/sbin/iotop -- gen_context(system_u:object_r:iotop_exec_t,s0)
diff --git a/iotop.if b/iotop.if
new file mode 100644
-index 0000000..7fc3464
+index 000000000..7fc3464e6
--- /dev/null
+++ b/iotop.if
@@ -0,0 +1,46 @@
@@ -39049,7 +39049,7 @@ index 0000000..7fc3464
+')
diff --git a/iotop.te b/iotop.te
new file mode 100644
-index 0000000..61f2003
+index 000000000..61f2003c8
--- /dev/null
+++ b/iotop.te
@@ -0,0 +1,39 @@
@@ -39094,7 +39094,7 @@ index 0000000..61f2003
+userdom_use_user_terminals(iotop_t)
diff --git a/ipa.fc b/ipa.fc
new file mode 100644
-index 0000000..f4f8ed0
+index 000000000..f4f8ed0e8
--- /dev/null
+++ b/ipa.fc
@@ -0,0 +1,27 @@
@@ -39127,7 +39127,7 @@ index 0000000..f4f8ed0
+
diff --git a/ipa.if b/ipa.if
new file mode 100644
-index 0000000..a25fe88
+index 000000000..a25fe8807
--- /dev/null
+++ b/ipa.if
@@ -0,0 +1,272 @@
@@ -39405,7 +39405,7 @@ index 0000000..a25fe88
+
diff --git a/ipa.te b/ipa.te
new file mode 100644
-index 0000000..ffb6e4f
+index 000000000..ffb6e4f8a
--- /dev/null
+++ b/ipa.te
@@ -0,0 +1,264 @@
@@ -39675,7 +39675,7 @@ index 0000000..ffb6e4f
+')
diff --git a/ipmievd.fc b/ipmievd.fc
new file mode 100644
-index 0000000..0f598ca
+index 000000000..0f598ca9f
--- /dev/null
+++ b/ipmievd.fc
@@ -0,0 +1,9 @@
@@ -39690,7 +39690,7 @@ index 0000000..0f598ca
+/var/lock/subsys/ipmi -- gen_context(system_u:object_r:ipmievd_lock_t,s0)
diff --git a/ipmievd.if b/ipmievd.if
new file mode 100644
-index 0000000..e86db54
+index 000000000..e86db5418
--- /dev/null
+++ b/ipmievd.if
@@ -0,0 +1,120 @@
@@ -39816,7 +39816,7 @@ index 0000000..e86db54
+')
diff --git a/ipmievd.te b/ipmievd.te
new file mode 100644
-index 0000000..a2c9648
+index 000000000..a2c964844
--- /dev/null
+++ b/ipmievd.te
@@ -0,0 +1,51 @@
@@ -39872,7 +39872,7 @@ index 0000000..a2c9648
+modutils_read_module_config(ipmievd_t)
+
diff --git a/irc.fc b/irc.fc
-index 48e7739..1bf0326 100644
+index 48e7739f9..1bf0326cd 100644
--- a/irc.fc
+++ b/irc.fc
@@ -1,6 +1,6 @@
@@ -39884,7 +39884,7 @@ index 48e7739..1bf0326 100644
/etc/irssi\.conf -- gen_context(system_u:object_r:irc_conf_t,s0)
diff --git a/irc.if b/irc.if
-index ac00fb0..36ef2e5 100644
+index ac00fb0fb..36ef2e59c 100644
--- a/irc.if
+++ b/irc.if
@@ -20,6 +20,7 @@ interface(`irc_role',`
@@ -39947,7 +39947,7 @@ index ac00fb0..36ef2e5 100644
+ userdom_user_home_dir_filetrans($1, irssi_home_t, dir, "irclogs")
')
diff --git a/irc.te b/irc.te
-index 2636503..5910c59 100644
+index 263650367..5910c5931 100644
--- a/irc.te
+++ b/irc.te
@@ -31,13 +31,35 @@ typealias irc_home_t alias { user_irc_home_t staff_irc_home_t sysadm_irc_home_t
@@ -40126,7 +40126,7 @@ index 2636503..5910c59 100644
seutil_use_newrole_fds(irc_t)
')
diff --git a/ircd.if b/ircd.if
-index ade9803..3620c9a 100644
+index ade980323..3620c9a67 100644
--- a/ircd.if
+++ b/ircd.if
@@ -33,8 +33,8 @@ interface(`ircd_admin',`
@@ -40141,7 +40141,7 @@ index ade9803..3620c9a 100644
files_search_var_lib($1)
diff --git a/ircd.te b/ircd.te
-index efaf4b1..bd1a132 100644
+index efaf4b10a..bd1a132ac 100644
--- a/ircd.te
+++ b/ircd.te
@@ -52,7 +52,6 @@ kernel_read_kernel_sysctls(ircd_t)
@@ -40162,7 +40162,7 @@ index efaf4b1..bd1a132 100644
userdom_dontaudit_search_user_home_dirs(ircd_t)
diff --git a/irqbalance.te b/irqbalance.te
-index e1f302d..1e5418a 100644
+index e1f302ddb..1e5418a2e 100644
--- a/irqbalance.te
+++ b/irqbalance.te
@@ -35,7 +35,6 @@ kernel_rw_irq_sysctls(irqbalance_t)
@@ -40183,7 +40183,7 @@ index e1f302d..1e5418a 100644
userdom_dontaudit_search_user_home_dirs(irqbalance_t)
diff --git a/iscsi.fc b/iscsi.fc
-index 08b7560..417e630 100644
+index 08b756047..417e63004 100644
--- a/iscsi.fc
+++ b/iscsi.fc
@@ -1,19 +1,18 @@
@@ -40211,7 +40211,7 @@ index 08b7560..417e630 100644
+/usr/lib/systemd/system/((iscsi)|(iscsid)|(iscsiuio))\.service -- gen_context(system_u:object_r:iscsi_unit_file_t,s0)
+/usr/lib/systemd/system/((iscsid)|(iscsiuio))\.socket -- gen_context(system_u:object_r:iscsi_unit_file_t,s0)
diff --git a/iscsi.if b/iscsi.if
-index 1a35420..8101022 100644
+index 1a354203e..8101022be 100644
--- a/iscsi.if
+++ b/iscsi.if
@@ -21,6 +21,52 @@ interface(`iscsid_domtrans',`
@@ -40350,7 +40350,7 @@ index 1a35420..8101022 100644
logging_search_logs($1)
admin_pattern($1, iscsi_log_t)
diff --git a/iscsi.te b/iscsi.te
-index ca020fa..9c628b2 100644
+index ca020faa9..9c628b22e 100644
--- a/iscsi.te
+++ b/iscsi.te
@@ -5,12 +5,15 @@ policy_module(iscsi, 1.9.0)
@@ -40458,7 +40458,7 @@ index ca020fa..9c628b2 100644
+ kdump_rw_inherited_kdumpctl_tmp_pipes(iscsid_t)
+')
diff --git a/isns.te b/isns.te
-index bc11034..3cda6e9 100644
+index bc1103493..3cda6e9bd 100644
--- a/isns.te
+++ b/isns.te
@@ -26,6 +26,7 @@ files_pid_file(isnsd_var_run_t)
@@ -40494,7 +40494,7 @@ index bc11034..3cda6e9 100644
-
-sysnet_dns_name_resolve(isnsd_t)
diff --git a/jabber.fc b/jabber.fc
-index 59ad3b3..bd02cc8 100644
+index 59ad3b3c4..bd02cc87d 100644
--- a/jabber.fc
+++ b/jabber.fc
@@ -1,25 +1,18 @@
@@ -40536,7 +40536,7 @@ index 59ad3b3..bd02cc8 100644
+
+/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_var_spool_t,s0)
diff --git a/jabber.if b/jabber.if
-index 7eb3811..8075ba5 100644
+index 7eb381121..8075ba5f0 100644
--- a/jabber.if
+++ b/jabber.if
@@ -1,29 +1,76 @@
@@ -40747,7 +40747,7 @@ index 7eb3811..8075ba5 100644
- admin_pattern($1, jabberd_var_run_t)
')
diff --git a/jabber.te b/jabber.te
-index af67c36..aa88a0a 100644
+index af67c36ee..aa88a0ac2 100644
--- a/jabber.te
+++ b/jabber.te
@@ -9,129 +9,133 @@ attribute jabberd_domain;
@@ -40961,7 +40961,7 @@ index af67c36..aa88a0a 100644
-auth_use_nsswitch(jabberd_router_t)
+sysnet_read_config(jabberd_domain)
diff --git a/java.te b/java.te
-index a7ae153..6341e31 100644
+index a7ae1531b..6341e3119 100644
--- a/java.te
+++ b/java.te
@@ -11,7 +11,7 @@ policy_module(java, 2.7.0)
@@ -40997,7 +40997,7 @@ index a7ae153..6341e31 100644
libs_legacy_use_shared_libs(java_domain)
diff --git a/jetty.fc b/jetty.fc
new file mode 100644
-index 0000000..c7c4fba
+index 000000000..c7c4fba01
--- /dev/null
+++ b/jetty.fc
@@ -0,0 +1,12 @@
@@ -41015,7 +41015,7 @@ index 0000000..c7c4fba
+/var/run/jetty(/.*)? gen_context(system_u:object_r:jetty_var_run_t,s0)
diff --git a/jetty.if b/jetty.if
new file mode 100644
-index 0000000..6679a02
+index 000000000..6679a02aa
--- /dev/null
+++ b/jetty.if
@@ -0,0 +1,415 @@
@@ -41436,7 +41436,7 @@ index 0000000..6679a02
+')
diff --git a/jetty.te b/jetty.te
new file mode 100644
-index 0000000..71325e5
+index 000000000..71325e5e6
--- /dev/null
+++ b/jetty.te
@@ -0,0 +1,78 @@
@@ -41519,7 +41519,7 @@ index 0000000..71325e5
+ abrt_read_config(jetty_t)
+')
diff --git a/jockey.if b/jockey.if
-index 2fb7a20..c6ba007 100644
+index 2fb7a20fa..c6ba00798 100644
--- a/jockey.if
+++ b/jockey.if
@@ -1 +1,131 @@
@@ -41656,7 +41656,7 @@ index 2fb7a20..c6ba007 100644
+ ')
+')
diff --git a/jockey.te b/jockey.te
-index d59ec10..a46018d 100644
+index d59ec10a2..a46018d04 100644
--- a/jockey.te
+++ b/jockey.te
@@ -15,6 +15,9 @@ files_type(jockey_cache_t)
@@ -41705,14 +41705,14 @@ index d59ec10..a46018d 100644
')
diff --git a/journalctl.fc b/journalctl.fc
new file mode 100644
-index 0000000..f270652
+index 000000000..f27065286
--- /dev/null
+++ b/journalctl.fc
@@ -0,0 +1 @@
+/usr/bin/journalctl -- gen_context(system_u:object_r:journalctl_exec_t,s0)
diff --git a/journalctl.if b/journalctl.if
new file mode 100644
-index 0000000..17126b6
+index 000000000..17126b64c
--- /dev/null
+++ b/journalctl.if
@@ -0,0 +1,95 @@
@@ -41813,7 +41813,7 @@ index 0000000..17126b6
+')
diff --git a/journalctl.te b/journalctl.te
new file mode 100644
-index 0000000..68dd2b7
+index 000000000..68dd2b7d6
--- /dev/null
+++ b/journalctl.te
@@ -0,0 +1,47 @@
@@ -41866,14 +41866,14 @@ index 0000000..68dd2b7
+userdom_rw_inherited_user_home_content_files(journalctl_t)
diff --git a/kde.fc b/kde.fc
new file mode 100644
-index 0000000..25e4b68
+index 000000000..25e4b6817
--- /dev/null
+++ b/kde.fc
@@ -0,0 +1 @@
+#/usr/libexec/kde(3|4)/backlighthelper -- gen_context(system_u:object_r:kdebacklighthelper_exec_t,s0)
diff --git a/kde.if b/kde.if
new file mode 100644
-index 0000000..cf65577
+index 000000000..cf6557769
--- /dev/null
+++ b/kde.if
@@ -0,0 +1,22 @@
@@ -41901,7 +41901,7 @@ index 0000000..cf65577
+')
diff --git a/kde.te b/kde.te
new file mode 100644
-index 0000000..dbe3f03
+index 000000000..dbe3f038d
--- /dev/null
+++ b/kde.te
@@ -0,0 +1,41 @@
@@ -41947,7 +41947,7 @@ index 0000000..dbe3f03
+')
+
diff --git a/kdump.fc b/kdump.fc
-index a49ae4e..0c0e987 100644
+index a49ae4e91..0c0e987a8 100644
--- a/kdump.fc
+++ b/kdump.fc
@@ -1,13 +1,16 @@
@@ -41975,7 +41975,7 @@ index a49ae4e..0c0e987 100644
+
+/var/lock/kdump(/.*)? gen_context(system_u:object_r:kdump_lock_t,s0)
diff --git a/kdump.if b/kdump.if
-index 3a00b3a..92f125f 100644
+index 3a00b3a13..92f125fdf 100644
--- a/kdump.if
+++ b/kdump.if
@@ -1,4 +1,4 @@
@@ -42271,7 +42271,7 @@ index 3a00b3a..92f125f 100644
+')
+
diff --git a/kdump.te b/kdump.te
-index 715fc21..667947d 100644
+index 715fc211c..667947da3 100644
--- a/kdump.te
+++ b/kdump.te
@@ -12,35 +12,58 @@ init_system_domain(kdump_t, kdump_exec_t)
@@ -42452,7 +42452,7 @@ index 715fc21..667947d 100644
+ unconfined_domain(kdumpctl_t)
')
diff --git a/kdumpgui.if b/kdumpgui.if
-index 182ab8b..8b1d9c2 100644
+index 182ab8b58..8b1d9c23c 100644
--- a/kdumpgui.if
+++ b/kdumpgui.if
@@ -1 +1,23 @@
@@ -42481,7 +42481,7 @@ index 182ab8b..8b1d9c2 100644
+')
+
diff --git a/kdumpgui.te b/kdumpgui.te
-index 2990962..6629aaf 100644
+index 2990962b6..6629aaf27 100644
--- a/kdumpgui.te
+++ b/kdumpgui.te
@@ -5,79 +5,90 @@ policy_module(kdumpgui, 1.2.0)
@@ -42608,7 +42608,7 @@ index 2990962..6629aaf 100644
')
diff --git a/keepalived.fc b/keepalived.fc
new file mode 100644
-index 0000000..9a19f91
+index 000000000..9a19f91f3
--- /dev/null
+++ b/keepalived.fc
@@ -0,0 +1,7 @@
@@ -42621,7 +42621,7 @@ index 0000000..9a19f91
+/var/run/keepalived.* -- gen_context(system_u:object_r:keepalived_var_run_t,s0)
diff --git a/keepalived.if b/keepalived.if
new file mode 100644
-index 0000000..bd7e7fa
+index 000000000..bd7e7fa17
--- /dev/null
+++ b/keepalived.if
@@ -0,0 +1,80 @@
@@ -42707,7 +42707,7 @@ index 0000000..bd7e7fa
+')
diff --git a/keepalived.te b/keepalived.te
new file mode 100644
-index 0000000..04c46e7
+index 000000000..04c46e714
--- /dev/null
+++ b/keepalived.te
@@ -0,0 +1,95 @@
@@ -42807,7 +42807,7 @@ index 0000000..04c46e7
+ ')
+')
diff --git a/kerberos.fc b/kerberos.fc
-index 4fe75fd..3504a9b 100644
+index 4fe75fd63..3504a9bf7 100644
--- a/kerberos.fc
+++ b/kerberos.fc
@@ -1,52 +1,54 @@
@@ -42903,7 +42903,7 @@ index 4fe75fd..3504a9b 100644
+/var/tmp/ldap_487 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
+/var/tmp/ldap_55 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
diff --git a/kerberos.if b/kerberos.if
-index f6c00d8..214369f 100644
+index f6c00d8e6..214369f17 100644
--- a/kerberos.if
+++ b/kerberos.if
@@ -1,27 +1,29 @@
@@ -43630,7 +43630,7 @@ index f6c00d8..214369f 100644
+ kerberos_tmp_filetrans_host_rcache($1, "ldap_55")
')
diff --git a/kerberos.te b/kerberos.te
-index 8833d59..655bdf4 100644
+index 8833d596d..655bdf42d 100644
--- a/kerberos.te
+++ b/kerberos.te
@@ -6,11 +6,11 @@ policy_module(kerberos, 1.12.0)
@@ -43998,7 +43998,7 @@ index 8833d59..655bdf4 100644
seutil_read_file_contexts(kpropd_t)
diff --git a/kerneloops.if b/kerneloops.if
-index 714448f..fa0c994 100644
+index 714448f8d..fa0c994e5 100644
--- a/kerneloops.if
+++ b/kerneloops.if
@@ -101,13 +101,16 @@ interface(`kerneloops_manage_tmp_files',`
@@ -44022,7 +44022,7 @@ index 714448f..fa0c994 100644
domain_system_change_exemption($1)
role_transition $2 kerneloops_initrc_exec_t system_r;
diff --git a/kerneloops.te b/kerneloops.te
-index bcdb295..f6e3736 100644
+index bcdb29599..f6e3736dd 100644
--- a/kerneloops.te
+++ b/kerneloops.te
@@ -31,7 +31,6 @@ kernel_read_ring_buffer(kerneloops_t)
@@ -44043,7 +44043,7 @@ index bcdb295..f6e3736 100644
dbus_system_domain(kerneloops_t, kerneloops_exec_t)
')
diff --git a/keyboardd.if b/keyboardd.if
-index 8982b91..6134ef2 100644
+index 8982b9106..6134ef258 100644
--- a/keyboardd.if
+++ b/keyboardd.if
@@ -1,19 +1,39 @@
@@ -44095,7 +44095,7 @@ index 8982b91..6134ef2 100644
+ allow $1 keyboardd_t:fifo_file read_fifo_file_perms;
')
diff --git a/keyboardd.te b/keyboardd.te
-index 628b78b..fe65617 100644
+index 628b78b4b..fe656175e 100644
--- a/keyboardd.te
+++ b/keyboardd.te
@@ -19,6 +19,3 @@ allow keyboardd_t self:unix_stream_socket create_stream_socket_perms;
@@ -44106,7 +44106,7 @@ index 628b78b..fe65617 100644
-
-miscfiles_read_localization(keyboardd_t)
diff --git a/keystone.fc b/keystone.fc
-index b273d80..6b2b50d 100644
+index b273d803c..6b2b50d69 100644
--- a/keystone.fc
+++ b/keystone.fc
@@ -1,7 +1,13 @@
@@ -44124,7 +44124,7 @@ index b273d80..6b2b50d 100644
+
+/var/run/keystone(/.*)? gen_context(system_u:object_r:keystone_var_run_t,s0)
diff --git a/keystone.if b/keystone.if
-index e88fb16..ec6121a 100644
+index e88fb16e0..ec6121a5c 100644
--- a/keystone.if
+++ b/keystone.if
@@ -1,42 +1,219 @@
@@ -44363,7 +44363,7 @@ index e88fb16..ec6121a 100644
+ ')
')
diff --git a/keystone.te b/keystone.te
-index 9929647..c573d0e 100644
+index 992964774..c573d0ed5 100644
--- a/keystone.te
+++ b/keystone.te
@@ -18,13 +18,20 @@ logging_log_file(keystone_log_t)
@@ -44455,7 +44455,7 @@ index 9929647..c573d0e 100644
+ corenet_tcp_sendrecv_commplex_main_port(keystone_cgi_script_t)
')
diff --git a/kismet.if b/kismet.if
-index aa2a337..7ff229f 100644
+index aa2a3379b..7ff229f32 100644
--- a/kismet.if
+++ b/kismet.if
@@ -283,7 +283,7 @@ interface(`kismet_manage_log',`
@@ -44481,7 +44481,7 @@ index aa2a337..7ff229f 100644
files_search_var_lib($1)
admin_pattern($1, kismet_var_lib_t)
diff --git a/kismet.te b/kismet.te
-index 8ad0d4d..01e5037 100644
+index 8ad0d4d50..01e503790 100644
--- a/kismet.te
+++ b/kismet.te
@@ -38,7 +38,7 @@ files_pid_file(kismet_var_run_t)
@@ -44529,7 +44529,7 @@ index 8ad0d4d..01e5037 100644
dbus_system_bus_client(kismet_t)
diff --git a/kmscon.fc b/kmscon.fc
new file mode 100644
-index 0000000..ccd29c0
+index 000000000..ccd29c079
--- /dev/null
+++ b/kmscon.fc
@@ -0,0 +1,3 @@
@@ -44538,7 +44538,7 @@ index 0000000..ccd29c0
+/etc/kmscon(/.*)? gen_context(system_u:object_r:kmscon_conf_t,s0)
diff --git a/kmscon.if b/kmscon.if
new file mode 100644
-index 0000000..b9347fa
+index 000000000..b9347faa9
--- /dev/null
+++ b/kmscon.if
@@ -0,0 +1,25 @@
@@ -44569,7 +44569,7 @@ index 0000000..b9347fa
+')
diff --git a/kmscon.te b/kmscon.te
new file mode 100644
-index 0000000..32a9e13
+index 000000000..32a9e1356
--- /dev/null
+++ b/kmscon.te
@@ -0,0 +1,88 @@
@@ -44662,7 +44662,7 @@ index 0000000..32a9e13
+ ')
+')
diff --git a/ksmtuned.fc b/ksmtuned.fc
-index e736c45..4b1e1e4 100644
+index e736c450c..4b1e1e453 100644
--- a/ksmtuned.fc
+++ b/ksmtuned.fc
@@ -1,5 +1,7 @@
@@ -44674,7 +44674,7 @@ index e736c45..4b1e1e4 100644
/var/log/ksmtuned.* gen_context(system_u:object_r:ksmtuned_log_t,s0)
diff --git a/ksmtuned.if b/ksmtuned.if
-index 93a64bc..af6d741 100644
+index 93a64bc50..af6d741d6 100644
--- a/ksmtuned.if
+++ b/ksmtuned.if
@@ -38,6 +38,30 @@ interface(`ksmtuned_initrc_domtrans',`
@@ -44751,7 +44751,7 @@ index 93a64bc..af6d741 100644
+ allow $1 ksmtuned_unit_file_t:service all_service_perms;
')
diff --git a/ksmtuned.te b/ksmtuned.te
-index 8eef134..a2ca1a0 100644
+index 8eef134ac..a2ca1a009 100644
--- a/ksmtuned.te
+++ b/ksmtuned.te
@@ -5,10 +5,27 @@ policy_module(ksmtuned, 1.1.1)
@@ -44804,7 +44804,7 @@ index 8eef134..a2ca1a0 100644
+ samba_read_share_files(ksmtuned_t)
+')
diff --git a/ktalk.fc b/ktalk.fc
-index 38ecb07..451067e 100644
+index 38ecb07d1..451067ebd 100644
--- a/ktalk.fc
+++ b/ktalk.fc
@@ -1,3 +1,5 @@
@@ -44814,7 +44814,7 @@ index 38ecb07..451067e 100644
/usr/sbin/in\.talkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0)
diff --git a/ktalk.if b/ktalk.if
-index 19777b8..cd721fd 100644
+index 19777b806..cd721fd6b 100644
--- a/ktalk.if
+++ b/ktalk.if
@@ -1 +1,77 @@
@@ -44897,7 +44897,7 @@ index 19777b8..cd721fd 100644
+ ')
+')
diff --git a/ktalk.te b/ktalk.te
-index c5548c5..1356fcb 100644
+index c5548c5ed..1356fcbd2 100644
--- a/ktalk.te
+++ b/ktalk.te
@@ -13,6 +13,9 @@ inetd_udp_service_domain(ktalkd_t, ktalkd_exec_t)
@@ -44929,7 +44929,7 @@ index c5548c5..1356fcb 100644
+userdom_use_user_ttys(ktalkd_t)
diff --git a/kubernetes.fc b/kubernetes.fc
new file mode 100644
-index 0000000..deda99e
+index 000000000..deda99ed6
--- /dev/null
+++ b/kubernetes.fc
@@ -0,0 +1,11 @@
@@ -44946,7 +44946,7 @@ index 0000000..deda99e
+
diff --git a/kubernetes.if b/kubernetes.if
new file mode 100644
-index 0000000..b2841e5
+index 000000000..b2841e526
--- /dev/null
+++ b/kubernetes.if
@@ -0,0 +1,87 @@
@@ -45039,7 +45039,7 @@ index 0000000..b2841e5
+')
diff --git a/kubernetes.te b/kubernetes.te
new file mode 100644
-index 0000000..b625b53
+index 000000000..b625b5343
--- /dev/null
+++ b/kubernetes.te
@@ -0,0 +1,76 @@
@@ -45120,7 +45120,7 @@ index 0000000..b625b53
+
+allow kube_proxy_t self:capability net_admin;
diff --git a/kudzu.if b/kudzu.if
-index 5297064..6ba8108 100644
+index 52970645f..6ba810834 100644
--- a/kudzu.if
+++ b/kudzu.if
@@ -86,9 +86,13 @@ interface(`kudzu_admin',`
@@ -45139,7 +45139,7 @@ index 5297064..6ba8108 100644
domain_system_change_exemption($1)
role_transition $2 kudzu_initrc_exec_t system_r;
diff --git a/kudzu.te b/kudzu.te
-index 1664036..ee7a9a1 100644
+index 16640364b..ee7a9a1d5 100644
--- a/kudzu.te
+++ b/kudzu.te
@@ -26,7 +26,7 @@ files_pid_file(kudzu_var_run_t)
@@ -45200,7 +45200,7 @@ index 1664036..ee7a9a1 100644
- unconfined_domtrans(kudzu_t)
-')
diff --git a/l2tp.fc b/l2tp.fc
-index d5d1572..ddc6ef2 100644
+index d5d1572b1..ddc6ef210 100644
--- a/l2tp.fc
+++ b/l2tp.fc
@@ -5,7 +5,9 @@
@@ -45214,7 +45214,7 @@ index d5d1572..ddc6ef2 100644
/var/run/.*l2tpd\.pid -- gen_context(system_u:object_r:l2tpd_var_run_t,s0)
+/var/run/*.xl2tpd.* -- gen_context(system_u:object_r:l2tpd_var_run_t,s0)
diff --git a/l2tp.if b/l2tp.if
-index 73e2803..34ca3aa 100644
+index 73e2803ee..34ca3aa22 100644
--- a/l2tp.if
+++ b/l2tp.if
@@ -1,9 +1,45 @@
@@ -45443,7 +45443,7 @@ index 73e2803..34ca3aa 100644
role_transition $2 l2tpd_initrc_exec_t system_r;
allow $2 system_r;
diff --git a/l2tp.te b/l2tp.te
-index bb06a7f..01e784b 100644
+index bb06a7fee..01e784bf5 100644
--- a/l2tp.te
+++ b/l2tp.te
@@ -27,7 +27,7 @@ files_pid_file(l2tpd_var_run_t)
@@ -45513,7 +45513,7 @@ index bb06a7f..01e784b 100644
ppp_signal(l2tpd_t)
ppp_kill(l2tpd_t)
diff --git a/ldap.fc b/ldap.fc
-index b7e5679..c93db33 100644
+index b7e567916..c93db3316 100644
--- a/ldap.fc
+++ b/ldap.fc
@@ -1,8 +1,11 @@
@@ -45544,7 +45544,7 @@ index b7e5679..c93db33 100644
+/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
+/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --git a/ldap.if b/ldap.if
-index 3602712..af83a5b 100644
+index 3602712d0..af83a5b6b 100644
--- a/ldap.if
+++ b/ldap.if
@@ -1,8 +1,69 @@
@@ -45790,7 +45790,7 @@ index 3602712..af83a5b 100644
+ allow $1 slapd_unit_file_t:service all_service_perms;
')
diff --git a/ldap.te b/ldap.te
-index 4c2b111..8fa1510 100644
+index 4c2b1110e..8fa1510d7 100644
--- a/ldap.te
+++ b/ldap.te
@@ -21,6 +21,9 @@ files_config_file(slapd_etc_t)
@@ -45864,7 +45864,7 @@ index 4c2b111..8fa1510 100644
')
diff --git a/lightsquid.fc b/lightsquid.fc
-index 044390c..63e2058 100644
+index 044390c6e..63e205863 100644
--- a/lightsquid.fc
+++ b/lightsquid.fc
@@ -1,11 +1,11 @@
@@ -45885,7 +45885,7 @@ index 044390c..63e2058 100644
+/var/www/html/lightsquid(/.*)? gen_context(system_u:object_r:lightsquid_content_t,s0)
+/var/www/html/lightsquid/report(/.*)? gen_context(system_u:object_r:lightsquid_report_content_t,s0)
diff --git a/lightsquid.if b/lightsquid.if
-index 33a28b9..33ffe24 100644
+index 33a28b9ad..33ffe2484 100644
--- a/lightsquid.if
+++ b/lightsquid.if
@@ -76,5 +76,7 @@ interface(`lightsquid_admin',`
@@ -45898,7 +45898,7 @@ index 33a28b9..33ffe24 100644
+ ')
')
diff --git a/lightsquid.te b/lightsquid.te
-index 09c4f27..6c7855e 100644
+index 09c4f27ba..6c7855e4e 100644
--- a/lightsquid.te
+++ b/lightsquid.te
@@ -13,38 +13,34 @@ type lightsquid_exec_t;
@@ -45951,7 +45951,7 @@ index 09c4f27..6c7855e 100644
optional_policy(`
diff --git a/likewise.if b/likewise.if
-index bd20e8c..3393a01 100644
+index bd20e8cc9..3393a01e6 100644
--- a/likewise.if
+++ b/likewise.if
@@ -1,9 +1,22 @@
@@ -46093,7 +46093,7 @@ index bd20e8c..3393a01 100644
- admin_pattern($1, { lwregd_var_run_t netlogond_var_run_t srvsvcd_var_run_t })
-')
diff --git a/likewise.te b/likewise.te
-index d8c2442..f5dff31 100644
+index d8c2442a8..f5dff3173 100644
--- a/likewise.te
+++ b/likewise.te
@@ -26,7 +26,7 @@ type likewise_var_lib_t;
@@ -46171,7 +46171,7 @@ index d8c2442..f5dff31 100644
corenet_tcp_sendrecv_generic_node(srvsvcd_t)
diff --git a/linuxptp.fc b/linuxptp.fc
new file mode 100644
-index 0000000..d2061a9
+index 000000000..d2061a9e4
--- /dev/null
+++ b/linuxptp.fc
@@ -0,0 +1,11 @@
@@ -46188,7 +46188,7 @@ index 0000000..d2061a9
+/var/run/timemaster(/.*)? gen_context(system_u:object_r:timemaster_var_run_t,s0)
diff --git a/linuxptp.if b/linuxptp.if
new file mode 100644
-index 0000000..7ba5060
+index 000000000..7ba50607c
--- /dev/null
+++ b/linuxptp.if
@@ -0,0 +1,121 @@
@@ -46315,7 +46315,7 @@ index 0000000..7ba5060
+
diff --git a/linuxptp.te b/linuxptp.te
new file mode 100644
-index 0000000..7acdb2d
+index 000000000..7acdb2d40
--- /dev/null
+++ b/linuxptp.te
@@ -0,0 +1,180 @@
@@ -46500,7 +46500,7 @@ index 0000000..7acdb2d
+ gpsd_rw_shm(ptp4l_t)
+')
diff --git a/lircd.if b/lircd.if
-index dff21a7..b6981c8 100644
+index dff21a7c4..b6981c846 100644
--- a/lircd.if
+++ b/lircd.if
@@ -81,8 +81,11 @@ interface(`lircd_admin',`
@@ -46517,7 +46517,7 @@ index dff21a7..b6981c8 100644
init_labeled_script_domtrans($1, lircd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/lircd.te b/lircd.te
-index 483c87b..eecd4c1 100644
+index 483c87bb6..eecd4c158 100644
--- a/lircd.te
+++ b/lircd.te
@@ -13,7 +13,7 @@ type lircd_initrc_exec_t;
@@ -46574,7 +46574,7 @@ index 483c87b..eecd4c1 100644
sysnet_dns_name_resolve(lircd_t)
diff --git a/livecd.if b/livecd.if
-index e354181..fc614ba 100644
+index e3541811a..fc614bac2 100644
--- a/livecd.if
+++ b/livecd.if
@@ -38,11 +38,36 @@ interface(`livecd_domtrans',`
@@ -46615,7 +46615,7 @@ index e354181..fc614ba 100644
########################################
diff --git a/livecd.te b/livecd.te
-index 2f974bf..f6e97fa 100644
+index 2f974bf83..f6e97faaf 100644
--- a/livecd.te
+++ b/livecd.te
@@ -21,9 +21,11 @@ files_tmp_file(livecd_tmp_t)
@@ -46649,7 +46649,7 @@ index 2f974bf..f6e97fa 100644
optional_policy(`
diff --git a/lldpad.fc b/lldpad.fc
-index 8031a78..72e56ac 100644
+index 8031a78eb..72e56acc3 100644
--- a/lldpad.fc
+++ b/lldpad.fc
@@ -5,3 +5,5 @@
@@ -46659,7 +46659,7 @@ index 8031a78..72e56ac 100644
+
+/dev/shm/lldpad.* -- gen_context(system_u:object_r:lldpad_tmpfs_t,s0)
diff --git a/lldpad.if b/lldpad.if
-index d18c960..b7bd752 100644
+index d18c96023..b7bd75245 100644
--- a/lldpad.if
+++ b/lldpad.if
@@ -2,6 +2,25 @@
@@ -46727,7 +46727,7 @@ index d18c960..b7bd752 100644
+ allow $1 lldpad_tmpfs_t:file relabelto;
+')
diff --git a/lldpad.te b/lldpad.te
-index 2a491d9..3399d59 100644
+index 2a491d96c..3399d597a 100644
--- a/lldpad.te
+++ b/lldpad.te
@@ -26,7 +26,7 @@ files_pid_file(lldpad_var_run_t)
@@ -46763,7 +46763,7 @@ index 2a491d9..3399d59 100644
+ virt_dgram_send(lldpad_t)
+')
diff --git a/loadkeys.te b/loadkeys.te
-index d2f4643..c8e6b37 100644
+index d2f464375..c8e6b37b0 100644
--- a/loadkeys.te
+++ b/loadkeys.te
@@ -25,20 +25,19 @@ kernel_read_system_state(loadkeys_t)
@@ -46791,7 +46791,7 @@ index d2f4643..c8e6b37 100644
ifdef(`hide_broken_symptoms',`
diff --git a/lockdev.if b/lockdev.if
-index 4313b8b..cd1435c 100644
+index 4313b8bc0..cd1435cdf 100644
--- a/lockdev.if
+++ b/lockdev.if
@@ -1,5 +1,25 @@
@@ -46821,7 +46821,7 @@ index 4313b8b..cd1435c 100644
##
## Role access for lockdev.
diff --git a/lockdev.te b/lockdev.te
-index 61db5a0..9d5d255 100644
+index 61db5a0a7..9d5d25524 100644
--- a/lockdev.te
+++ b/lockdev.te
@@ -36,4 +36,5 @@ fs_getattr_xattr_fs(lockdev_t)
@@ -46832,7 +46832,7 @@ index 61db5a0..9d5d255 100644
+userdom_use_inherited_user_terminals(lockdev_t)
+
diff --git a/logrotate.fc b/logrotate.fc
-index a11d5be..60f83c5 100644
+index a11d5be99..60f83c5db 100644
--- a/logrotate.fc
+++ b/logrotate.fc
@@ -1,6 +1,6 @@
@@ -46845,7 +46845,7 @@ index a11d5be..60f83c5 100644
-/var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0)
+/var/lib/logrotate\.status.* -- gen_context(system_u:object_r:logrotate_var_lib_t,s0)
diff --git a/logrotate.if b/logrotate.if
-index dd8e01a..9cd6b0b 100644
+index dd8e01af3..9cd6b0b8e 100644
--- a/logrotate.if
+++ b/logrotate.if
@@ -1,4 +1,4 @@
@@ -46900,7 +46900,7 @@ index dd8e01a..9cd6b0b 100644
##
##
diff --git a/logrotate.te b/logrotate.te
-index be0ab84..6180bdb 100644
+index be0ab84b3..6180bdbdc 100644
--- a/logrotate.te
+++ b/logrotate.te
@@ -5,16 +5,29 @@ policy_module(logrotate, 1.15.0)
@@ -47235,7 +47235,7 @@ index be0ab84..6180bdb 100644
logging_read_all_logs(logrotate_mail_t)
+manage_files_pattern(logrotate_mail_t, logrotate_tmp_t, logrotate_tmp_t)
diff --git a/logwatch.te b/logwatch.te
-index ab65034..dd17cb0 100644
+index ab650340c..dd17cb0c5 100644
--- a/logwatch.te
+++ b/logwatch.te
@@ -15,7 +15,8 @@ gen_tunable(logwatch_can_network_connect_mail, false)
@@ -47342,7 +47342,7 @@ index ab65034..dd17cb0 100644
+ qmail_domtrans_queue(logwatch_mail_t)
+')
diff --git a/lpd.fc b/lpd.fc
-index 2fb9b2e..08974e3 100644
+index 2fb9b2ec2..08974e376 100644
--- a/lpd.fc
+++ b/lpd.fc
@@ -19,6 +19,7 @@
@@ -47354,7 +47354,7 @@ index 2fb9b2e..08974e3 100644
/usr/share/printconf/.* -- gen_context(system_u:object_r:printconf_t,s0)
diff --git a/lpd.if b/lpd.if
-index 6256371..ce2acb8 100644
+index 62563717b..ce2acb881 100644
--- a/lpd.if
+++ b/lpd.if
@@ -1,44 +1,49 @@
@@ -47534,7 +47534,7 @@ index 6256371..ce2acb8 100644
can_exec($1, lpr_exec_t)
')
diff --git a/lpd.te b/lpd.te
-index 39d3164..1ec2cd2 100644
+index 39d31640e..1ec2cd26e 100644
--- a/lpd.te
+++ b/lpd.te
@@ -48,7 +48,7 @@ userdom_user_tmp_file(lpr_tmp_t)
@@ -47706,7 +47706,7 @@ index 39d3164..1ec2cd2 100644
+ mozilla_plugin_dontaudit_rw_tmp_files(lpr_t)
')
diff --git a/lsm.fc b/lsm.fc
-index c455730..6e14667 100644
+index c45573053..6e1466794 100644
--- a/lsm.fc
+++ b/lsm.fc
@@ -1,3 +1,7 @@
@@ -47718,7 +47718,7 @@ index c455730..6e14667 100644
+
/var/run/lsm(/.*)? gen_context(system_u:object_r:lsmd_var_run_t,s0)
diff --git a/lsm.if b/lsm.if
-index d314333..27ede09 100644
+index d3143334d..27ede090c 100644
--- a/lsm.if
+++ b/lsm.if
@@ -1,25 +1,86 @@
@@ -47829,7 +47829,7 @@ index d314333..27ede09 100644
+ ')
')
diff --git a/lsm.te b/lsm.te
-index 4ec0eea..1400ca8 100644
+index 4ec0eea30..1400ca864 100644
--- a/lsm.te
+++ b/lsm.te
@@ -4,6 +4,13 @@ policy_module(lsm, 1.0.0)
@@ -47946,7 +47946,7 @@ index 4ec0eea..1400ca8 100644
+storage_dev_filetrans_named_fixed_disk(lsmd_plugin_t)
diff --git a/lttng-tools.fc b/lttng-tools.fc
new file mode 100644
-index 0000000..bdd17ca
+index 000000000..bdd17ca85
--- /dev/null
+++ b/lttng-tools.fc
@@ -0,0 +1,5 @@
@@ -47957,7 +47957,7 @@ index 0000000..bdd17ca
+/var/run/lttng(/.*)? gen_context(system_u:object_r:lttng_sessiond_var_run_t,s0)
diff --git a/lttng-tools.if b/lttng-tools.if
new file mode 100644
-index 0000000..e86897d
+index 000000000..e86897d29
--- /dev/null
+++ b/lttng-tools.if
@@ -0,0 +1,117 @@
@@ -48080,7 +48080,7 @@ index 0000000..e86897d
+')
diff --git a/lttng-tools.te b/lttng-tools.te
new file mode 100644
-index 0000000..1d2ca22
+index 000000000..1d2ca2224
--- /dev/null
+++ b/lttng-tools.te
@@ -0,0 +1,60 @@
@@ -48145,7 +48145,7 @@ index 0000000..1d2ca22
+modutils_read_module_config(lttng_sessiond_t)
+files_read_kernel_modules(lttng_sessiond_t)
diff --git a/mailman.fc b/mailman.fc
-index 995d0a5..3d40d59 100644
+index 995d0a5d3..3d40d59d2 100644
--- a/mailman.fc
+++ b/mailman.fc
@@ -2,10 +2,12 @@
@@ -48163,7 +48163,7 @@ index 995d0a5..3d40d59 100644
/var/lock/mailman.* gen_context(system_u:object_r:mailman_lock_t,s0)
diff --git a/mailman.if b/mailman.if
-index 108c0f1..a248501 100644
+index 108c0f1f5..a2485018e 100644
--- a/mailman.if
+++ b/mailman.if
@@ -1,44 +1,70 @@
@@ -48473,7 +48473,7 @@ index 108c0f1..a248501 100644
domtrans_pattern($1, mailman_queue_exec_t, mailman_queue_t)
')
diff --git a/mailman.te b/mailman.te
-index ac81c7f..a9faca9 100644
+index ac81c7fa9..a9faca989 100644
--- a/mailman.te
+++ b/mailman.te
@@ -4,6 +4,12 @@ policy_module(mailman, 1.10.0)
@@ -48576,7 +48576,7 @@ index ac81c7f..a9faca9 100644
+ fs_manage_fusefs_symlinks(mailman_domain)
+')
diff --git a/mailscanner.if b/mailscanner.if
-index 214cb44..bd1d48e 100644
+index 214cb4498..bd1d48e4f 100644
--- a/mailscanner.if
+++ b/mailscanner.if
@@ -2,29 +2,27 @@
@@ -48657,7 +48657,7 @@ index 214cb44..bd1d48e 100644
+ files_list_pids($1)
')
diff --git a/mailscanner.te b/mailscanner.te
-index 6b6e2e1..3fb3393 100644
+index 6b6e2e130..3fb3393ba 100644
--- a/mailscanner.te
+++ b/mailscanner.te
@@ -29,11 +29,12 @@ files_pid_file(mscan_var_run_t)
@@ -48703,7 +48703,7 @@ index 6b6e2e1..3fb3393 100644
spamassassin_read_lib_files(mscan_t)
')
diff --git a/man2html.fc b/man2html.fc
-index 82f6255..3686732 100644
+index 82f625551..368673237 100644
--- a/man2html.fc
+++ b/man2html.fc
@@ -1,5 +1,5 @@
@@ -48717,7 +48717,7 @@ index 82f6255..3686732 100644
-/var/cache/man2html(/.*)? gen_context(system_u:object_r:httpd_man2html_script_cache_t,s0)
+/var/cache/man2html(/.*)? gen_context(system_u:object_r:man2html_rw_content_t,s0)
diff --git a/man2html.if b/man2html.if
-index 54ec04d..53eaf61 100644
+index 54ec04d3b..53eaf61d6 100644
--- a/man2html.if
+++ b/man2html.if
@@ -1 +1,137 @@
@@ -48859,7 +48859,7 @@ index 54ec04d..53eaf61 100644
+ ')
+')
diff --git a/man2html.te b/man2html.te
-index e08c55d..24b56e9 100644
+index e08c55d43..24b56e9ee 100644
--- a/man2html.te
+++ b/man2html.te
@@ -5,22 +5,18 @@ policy_module(man2html, 1.0.0)
@@ -48894,7 +48894,7 @@ index e08c55d..24b56e9 100644
+ files_var_filetrans(man2html_script_t, man2html_rw_content_t, { dir file })
+')
diff --git a/mandb.fc b/mandb.fc
-index 8ae78b5..b365cdd 100644
+index 8ae78b5bf..b365cddec 100644
--- a/mandb.fc
+++ b/mandb.fc
@@ -1 +1,12 @@
@@ -48911,7 +48911,7 @@ index 8ae78b5..b365cdd 100644
+
+/root/.manpath -- gen_context(system_u:object_r:mandb_home_t,s0)
diff --git a/mandb.if b/mandb.if
-index 327f3f7..4f61561 100644
+index 327f3f726..4f6156138 100644
--- a/mandb.if
+++ b/mandb.if
@@ -1,14 +1,14 @@
@@ -49149,7 +49149,7 @@ index 327f3f7..4f61561 100644
+ ')
')
diff --git a/mandb.te b/mandb.te
-index e6136fd..56fa2cf 100644
+index e6136fd37..56fa2cfc1 100644
--- a/mandb.te
+++ b/mandb.te
@@ -10,19 +10,40 @@ roleattribute system_r mandb_roles;
@@ -49213,7 +49213,7 @@ index e6136fd..56fa2cf 100644
ifdef(`distro_debian',`
optional_policy(`
diff --git a/mcelog.if b/mcelog.if
-index f89651e..c73214d 100644
+index f89651e75..c73214d81 100644
--- a/mcelog.if
+++ b/mcelog.if
@@ -19,6 +19,25 @@ interface(`mcelog_domtrans',`
@@ -49243,7 +49243,7 @@ index f89651e..c73214d 100644
##
## All of the rules required to
diff --git a/mcelog.te b/mcelog.te
-index 59b3b3d..494c4f3 100644
+index 59b3b3dd6..494c4f3a4 100644
--- a/mcelog.te
+++ b/mcelog.te
@@ -36,13 +36,6 @@ gen_tunable(mcelog_foreground, false)
@@ -49297,7 +49297,7 @@ index 59b3b3d..494c4f3 100644
cron_system_entry(mcelog_t, mcelog_exec_t)
diff --git a/mcollective.fc b/mcollective.fc
new file mode 100644
-index 0000000..821bf88
+index 000000000..821bf8822
--- /dev/null
+++ b/mcollective.fc
@@ -0,0 +1,3 @@
@@ -49306,7 +49306,7 @@ index 0000000..821bf88
+/usr/libexec/mcollective/update_yaml\.rb -- gen_context(system_u:object_r:mcollective_exec_t,s0)
diff --git a/mcollective.if b/mcollective.if
new file mode 100644
-index 0000000..3f433f1
+index 000000000..3f433f1e2
--- /dev/null
+++ b/mcollective.if
@@ -0,0 +1,109 @@
@@ -49421,7 +49421,7 @@ index 0000000..3f433f1
+')
diff --git a/mcollective.te b/mcollective.te
new file mode 100644
-index 0000000..8bc27f4
+index 000000000..8bc27f4c5
--- /dev/null
+++ b/mcollective.te
@@ -0,0 +1,27 @@
@@ -49453,7 +49453,7 @@ index 0000000..8bc27f4
+domain_use_interactive_fds(mcollective_t)
+
diff --git a/mediawiki.fc b/mediawiki.fc
-index 99f7c41..1745603 100644
+index 99f7c4187..174560318 100644
--- a/mediawiki.fc
+++ b/mediawiki.fc
@@ -1,8 +1,8 @@
@@ -49472,7 +49472,7 @@ index 99f7c41..1745603 100644
+/var/www/wiki[0-9]?(/.*)? gen_context(system_u:object_r:mediawiki_rw_content_t,s0)
+/var/www/wiki[0-9]?\.php -- gen_context(system_u:object_r:mediawiki_content_t,s0)
diff --git a/mediawiki.if b/mediawiki.if
-index 9771b4b..9b183e6 100644
+index 9771b4ba3..9b183e62b 100644
--- a/mediawiki.if
+++ b/mediawiki.if
@@ -1 +1,40 @@
@@ -49518,7 +49518,7 @@ index 9771b4b..9b183e6 100644
+ delete_files_pattern($1, mediawiki_tmp_t, mediawiki_tmp_t)
+')
diff --git a/mediawiki.te b/mediawiki.te
-index c528b9f..fcbc191 100644
+index c528b9fa7..fcbc1911c 100644
--- a/mediawiki.te
+++ b/mediawiki.te
@@ -5,13 +5,26 @@ policy_module(mediawiki, 1.0.0)
@@ -49552,7 +49552,7 @@ index c528b9f..fcbc191 100644
+ miscfiles_read_tetex_data(mediawiki_script_t)
+')
diff --git a/memcached.if b/memcached.if
-index 1d4eb19..650014e 100644
+index 1d4eb19b8..650014e0f 100644
--- a/memcached.if
+++ b/memcached.if
@@ -1,4 +1,4 @@
@@ -49689,7 +49689,7 @@ index 1d4eb19..650014e 100644
admin_pattern($1, memcached_var_run_t)
')
diff --git a/memcached.te b/memcached.te
-index 29b7521..68ec663 100644
+index 29b752160..68ec663c2 100644
--- a/memcached.te
+++ b/memcached.te
@@ -20,7 +20,7 @@ files_pid_file(memcached_var_run_t)
@@ -49707,7 +49707,7 @@ index 29b7521..68ec663 100644
-miscfiles_read_localization(memcached_t)
diff --git a/milter.fc b/milter.fc
-index 89409eb..67e42f6 100644
+index 89409ebbc..67e42f6a9 100644
--- a/milter.fc
+++ b/milter.fc
@@ -1,18 +1,29 @@
@@ -49751,7 +49751,7 @@ index 89409eb..67e42f6 100644
+/var/spool/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
+/var/spool/opendmarc(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
diff --git a/milter.if b/milter.if
-index cba62db..562833a 100644
+index cba62db12..562833a81 100644
--- a/milter.if
+++ b/milter.if
@@ -1,47 +1,43 @@
@@ -49889,7 +49889,7 @@ index cba62db..562833a 100644
+ delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
+')
diff --git a/milter.te b/milter.te
-index 4dc99f4..48e3f38 100644
+index 4dc99f464..48e3f3813 100644
--- a/milter.te
+++ b/milter.te
@@ -5,73 +5,117 @@ policy_module(milter, 1.5.0)
@@ -50090,7 +50090,7 @@ index 4dc99f4..48e3f38 100644
spamassassin_domtrans_client(spamass_milter_t)
')
diff --git a/minissdpd.if b/minissdpd.if
-index b330161..5450937 100644
+index b3301610f..54509375e 100644
--- a/minissdpd.if
+++ b/minissdpd.if
@@ -39,10 +39,10 @@ interface(`minissdpd_read_config',`
@@ -50108,7 +50108,7 @@ index b330161..5450937 100644
init_labeled_script_domtrans($1, minissdpd_initrc_exec_t)
diff --git a/mip6d.fc b/mip6d.fc
new file mode 100644
-index 0000000..767bbad
+index 000000000..767bbad7b
--- /dev/null
+++ b/mip6d.fc
@@ -0,0 +1,3 @@
@@ -50117,7 +50117,7 @@ index 0000000..767bbad
+/usr/sbin/mip6d -- gen_context(system_u:object_r:mip6d_exec_t,s0)
diff --git a/mip6d.if b/mip6d.if
new file mode 100644
-index 0000000..861b486
+index 000000000..861b486dc
--- /dev/null
+++ b/mip6d.if
@@ -0,0 +1,80 @@
@@ -50203,7 +50203,7 @@ index 0000000..861b486
+')
diff --git a/mip6d.te b/mip6d.te
new file mode 100644
-index 0000000..0f290e9
+index 000000000..0f290e9d4
--- /dev/null
+++ b/mip6d.te
@@ -0,0 +1,33 @@
@@ -50242,7 +50242,7 @@ index 0000000..0f290e9
+
diff --git a/mirrormanager.fc b/mirrormanager.fc
new file mode 100644
-index 0000000..abd53a4
+index 000000000..abd53a4c7
--- /dev/null
+++ b/mirrormanager.fc
@@ -0,0 +1,7 @@
@@ -50255,7 +50255,7 @@ index 0000000..abd53a4
+/var/run/mirrormanager(/.*)? gen_context(system_u:object_r:mirrormanager_var_run_t,s0)
diff --git a/mirrormanager.if b/mirrormanager.if
new file mode 100644
-index 0000000..86467cf
+index 000000000..86467cffb
--- /dev/null
+++ b/mirrormanager.if
@@ -0,0 +1,256 @@
@@ -50517,7 +50517,7 @@ index 0000000..86467cf
+')
diff --git a/mirrormanager.te b/mirrormanager.te
new file mode 100644
-index 0000000..f59af1b
+index 000000000..f59af1b98
--- /dev/null
+++ b/mirrormanager.te
@@ -0,0 +1,46 @@
@@ -50569,7 +50569,7 @@ index 0000000..f59af1b
+')
diff --git a/mock.fc b/mock.fc
new file mode 100644
-index 0000000..394bc46
+index 000000000..394bc4658
--- /dev/null
+++ b/mock.fc
@@ -0,0 +1,7 @@
@@ -50582,7 +50582,7 @@ index 0000000..394bc46
+/var/cache/mock(/.*)? gen_context(system_u:object_r:mock_cache_t,s0)
diff --git a/mock.if b/mock.if
new file mode 100644
-index 0000000..f5b98e6
+index 000000000..f5b98e6de
--- /dev/null
+++ b/mock.if
@@ -0,0 +1,311 @@
@@ -50899,7 +50899,7 @@ index 0000000..f5b98e6
+')
diff --git a/mock.te b/mock.te
new file mode 100644
-index 0000000..f647022
+index 000000000..f647022cb
--- /dev/null
+++ b/mock.te
@@ -0,0 +1,288 @@
@@ -51192,7 +51192,7 @@ index 0000000..f647022
+ userdom_read_user_home_content_files(mock_build_t)
+')
diff --git a/modemmanager.fc b/modemmanager.fc
-index a83894c..481dca3 100644
+index a83894c6e..481dca3ff 100644
--- a/modemmanager.fc
+++ b/modemmanager.fc
@@ -1 +1,4 @@
@@ -51201,7 +51201,7 @@ index a83894c..481dca3 100644
+
+/usr/lib/systemd/system/ModemManager.service -- gen_context(system_u:object_r:modemmanager_unit_file_t,s0)
diff --git a/modemmanager.if b/modemmanager.if
-index b1ac8b5..24782b3 100644
+index b1ac8b5d8..24782b35f 100644
--- a/modemmanager.if
+++ b/modemmanager.if
@@ -21,6 +21,31 @@ interface(`modemmanager_domtrans',`
@@ -51271,7 +51271,7 @@ index b1ac8b5..24782b3 100644
+ ')
+')
diff --git a/modemmanager.te b/modemmanager.te
-index d15eb5b..ad481ce 100644
+index d15eb5b64..ad481cee4 100644
--- a/modemmanager.te
+++ b/modemmanager.te
@@ -11,6 +11,9 @@ init_daemon_domain(modemmanager_t, modemmanager_exec_t)
@@ -51327,7 +51327,7 @@ index d15eb5b..ad481ce 100644
optional_policy(`
diff --git a/mojomojo.fc b/mojomojo.fc
-index 7b827ca..5ee8a0f 100644
+index 7b827ca7f..5ee8a0f2b 100644
--- a/mojomojo.fc
+++ b/mojomojo.fc
@@ -1,5 +1,5 @@
@@ -51340,7 +51340,7 @@ index 7b827ca..5ee8a0f 100644
-/var/lib/mojomojo(/.*)? gen_context(system_u:object_r:httpd_mojomojo_rw_content_t,s0)
+/var/lib/mojomojo(/.*)? gen_context(system_u:object_r:mojomojo_rw_content_t,s0)
diff --git a/mojomojo.if b/mojomojo.if
-index 73952f4..b19a6ee 100644
+index 73952f4c9..b19a6ee2d 100644
--- a/mojomojo.if
+++ b/mojomojo.if
@@ -15,7 +15,6 @@
@@ -51352,7 +51352,7 @@ index 73952f4..b19a6ee 100644
interface(`mojomojo_admin',`
refpolicywarn(`$0($*) has been deprecated, use apache_admin() instead.')
diff --git a/mojomojo.te b/mojomojo.te
-index b94102e..25d1d33 100644
+index b94102efd..25d1d33a1 100644
--- a/mojomojo.te
+++ b/mojomojo.te
@@ -5,21 +5,40 @@ policy_module(mojomojo, 1.1.0)
@@ -51406,7 +51406,7 @@ index b94102e..25d1d33 100644
+')
diff --git a/mon_statd.fc b/mon_statd.fc
new file mode 100644
-index 0000000..60c11c0
+index 000000000..60c11c060
--- /dev/null
+++ b/mon_statd.fc
@@ -0,0 +1,7 @@
@@ -51419,7 +51419,7 @@ index 0000000..60c11c0
+/var/run/fstatd.* -- gen_context(system_u:object_r:mon_statd_var_run_t,s0)
diff --git a/mon_statd.if b/mon_statd.if
new file mode 100644
-index 0000000..1ce3e44
+index 000000000..1ce3e4428
--- /dev/null
+++ b/mon_statd.if
@@ -0,0 +1,39 @@
@@ -51464,7 +51464,7 @@ index 0000000..1ce3e44
+')
diff --git a/mon_statd.te b/mon_statd.te
new file mode 100644
-index 0000000..e7220a5
+index 000000000..e7220a5a8
--- /dev/null
+++ b/mon_statd.te
@@ -0,0 +1,76 @@
@@ -51545,7 +51545,7 @@ index 0000000..e7220a5
+logging_send_syslog_msg(mon_procd_t)
+
diff --git a/mongodb.fc b/mongodb.fc
-index 6fcfc31..e9e6bc5 100644
+index 6fcfc31b4..e9e6bc51c 100644
--- a/mongodb.fc
+++ b/mongodb.fc
@@ -1,9 +1,19 @@
@@ -51572,7 +51572,7 @@ index 6fcfc31..e9e6bc5 100644
+/var/run/mongo.* gen_context(system_u:object_r:mongod_var_run_t,s0)
+/var/run/aeolus/dbomatic\.pid -- gen_context(system_u:object_r:mongod_var_run_t,s0)
diff --git a/mongodb.te b/mongodb.te
-index 169f236..eaaeb0d 100644
+index 169f236e8..eaaeb0d8b 100644
--- a/mongodb.te
+++ b/mongodb.te
@@ -12,6 +12,9 @@ init_daemon_domain(mongod_t, mongod_exec_t)
@@ -51670,7 +51670,7 @@ index 169f236..eaaeb0d 100644
+')
+
diff --git a/mono.te b/mono.te
-index a6a8643..c0f6cf5 100644
+index a6a86439f..c0f6cf503 100644
--- a/mono.te
+++ b/mono.te
@@ -28,7 +28,7 @@ allow mono_domain self:process { signal getsched execheap execmem execstack };
@@ -51683,7 +51683,7 @@ index a6a8643..c0f6cf5 100644
init_dbus_chat_script(mono_t)
diff --git a/monop.if b/monop.if
-index 8fdaece..5440757 100644
+index 8fdaecea2..544075765 100644
--- a/monop.if
+++ b/monop.if
@@ -31,7 +31,7 @@ interface(`monop_admin',`
@@ -51696,7 +51696,7 @@ index 8fdaece..5440757 100644
files_search_pids($1)
diff --git a/monop.te b/monop.te
-index 5f93763..8596763 100644
+index 5f9376384..8596763e7 100644
--- a/monop.te
+++ b/monop.te
@@ -43,7 +43,6 @@ kernel_read_kernel_sysctls(monopd_t)
@@ -51725,7 +51725,7 @@ index 5f93763..8596763 100644
userdom_dontaudit_use_unpriv_user_fds(monopd_t)
diff --git a/motion.fc b/motion.fc
new file mode 100644
-index 0000000..7415106
+index 000000000..74151069b
--- /dev/null
+++ b/motion.fc
@@ -0,0 +1,9 @@
@@ -51740,7 +51740,7 @@ index 0000000..7415106
+/var/motion(/.*)? gen_context(system_u:object_r:motion_data_t,s0)
diff --git a/motion.if b/motion.if
new file mode 100644
-index 0000000..edfd267
+index 000000000..edfd26777
--- /dev/null
+++ b/motion.if
@@ -0,0 +1,198 @@
@@ -51944,7 +51944,7 @@ index 0000000..edfd267
+')
diff --git a/motion.te b/motion.te
new file mode 100644
-index 0000000..c7f4eb5
+index 000000000..c7f4eb583
--- /dev/null
+++ b/motion.te
@@ -0,0 +1,65 @@
@@ -52014,7 +52014,7 @@ index 0000000..c7f4eb5
+')
+
diff --git a/mozilla.fc b/mozilla.fc
-index 6ffaba2..549fb8c 100644
+index 6ffaba2e4..549fb8cdd 100644
--- a/mozilla.fc
+++ b/mozilla.fc
@@ -1,38 +1,72 @@
@@ -52125,7 +52125,7 @@ index 6ffaba2..549fb8c 100644
+/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0)
+')
diff --git a/mozilla.if b/mozilla.if
-index 6194b80..e27c53d 100644
+index 6194b806b..e27c53d6e 100644
--- a/mozilla.if
+++ b/mozilla.if
@@ -1,146 +1,75 @@
@@ -52953,7 +52953,7 @@ index 6194b80..e27c53d 100644
')
+
diff --git a/mozilla.te b/mozilla.te
-index 11ac8e4..7d5d385 100644
+index 11ac8e4fc..7d5d385a2 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -6,17 +6,56 @@ policy_module(mozilla, 2.8.0)
@@ -54029,7 +54029,7 @@ index 11ac8e4..7d5d385 100644
+ corenet_udp_bind_all_unreserved_ports(mozilla_plugin_t)
')
diff --git a/mpd.fc b/mpd.fc
-index 313ce52..ae93e07 100644
+index 313ce521c..ae93e07eb 100644
--- a/mpd.fc
+++ b/mpd.fc
@@ -1,3 +1,5 @@
@@ -54045,7 +54045,7 @@ index 313ce52..ae93e07 100644
+
+/var/run/mpd(/.*)? gen_context(system_u:object_r:mpd_var_run_t,s0)
diff --git a/mpd.if b/mpd.if
-index 5fa77c7..2e01c7d 100644
+index 5fa77c7e6..2e01c7d0a 100644
--- a/mpd.if
+++ b/mpd.if
@@ -322,6 +322,25 @@ interface(`mpd_manage_lib_dirs',`
@@ -54090,7 +54090,7 @@ index 5fa77c7..2e01c7d 100644
domain_system_change_exemption($1)
role_transition $2 mpd_initrc_exec_t system_r;
diff --git a/mpd.te b/mpd.te
-index fe72523..062ad64 100644
+index fe7252355..062ad640a 100644
--- a/mpd.te
+++ b/mpd.te
@@ -62,18 +62,25 @@ files_type(mpd_var_lib_t)
@@ -54211,7 +54211,7 @@ index fe72523..062ad64 100644
')
diff --git a/mplayer.if b/mplayer.if
-index 861d5e9..1c3d5a5 100644
+index 861d5e974..1c3d5a538 100644
--- a/mplayer.if
+++ b/mplayer.if
@@ -161,3 +161,23 @@ interface(`mplayer_home_filetrans_mplayer_home',`
@@ -54239,7 +54239,7 @@ index 861d5e9..1c3d5a5 100644
+ userdom_user_home_dir_filetrans($1, mplayer_home_t, dir, ".mplayer")
+')
diff --git a/mplayer.te b/mplayer.te
-index 0f03cd9..e3ed393 100644
+index 0f03cd937..e3ed3933d 100644
--- a/mplayer.te
+++ b/mplayer.te
@@ -11,7 +11,7 @@ policy_module(mplayer, 2.5.0)
@@ -54335,7 +54335,7 @@ index 0f03cd9..e3ed393 100644
')
diff --git a/mrtg.if b/mrtg.if
-index c595094..2346458 100644
+index c595094a6..23464583b 100644
--- a/mrtg.if
+++ b/mrtg.if
@@ -2,6 +2,25 @@
@@ -54365,7 +54365,7 @@ index c595094..2346458 100644
##
##
diff --git a/mrtg.te b/mrtg.te
-index 65a246a..fa86320 100644
+index 65a246a52..fa8632064 100644
--- a/mrtg.te
+++ b/mrtg.te
@@ -65,7 +65,6 @@ kernel_read_kernel_sysctls(mrtg_t)
@@ -54401,7 +54401,7 @@ index 65a246a..fa86320 100644
netutils_domtrans_ping(mrtg_t)
diff --git a/mta.fc b/mta.fc
-index f42896c..fce39c1 100644
+index f42896cbf..fce39c1ce 100644
--- a/mta.fc
+++ b/mta.fc
@@ -1,34 +1,39 @@
@@ -54463,7 +54463,7 @@ index f42896c..fce39c1 100644
+/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
+/var/spool/smtpd(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
diff --git a/mta.if b/mta.if
-index ed81cac..ad452db 100644
+index ed81cac5a..ad452dbb4 100644
--- a/mta.if
+++ b/mta.if
@@ -1,4 +1,4 @@
@@ -55625,7 +55625,7 @@ index ed81cac..ad452db 100644
+ mta_filetrans_admin_home_content($1)
+')
diff --git a/mta.te b/mta.te
-index ff1d68c..94b1dfc 100644
+index ff1d68c6a..94b1dfca7 100644
--- a/mta.te
+++ b/mta.te
@@ -14,8 +14,6 @@ attribute mailserver_sender;
@@ -56090,7 +56090,7 @@ index ff1d68c..94b1dfc 100644
+
+
diff --git a/munin.fc b/munin.fc
-index eb4b72a..4ea6ce7 100644
+index eb4b72a92..4ea6ce7e2 100644
--- a/munin.fc
+++ b/munin.fc
@@ -1,77 +1,78 @@
@@ -56219,7 +56219,7 @@ index eb4b72a..4ea6ce7 100644
+/var/www/html/cgi/munin.* gen_context(system_u:object_r:munin_script_exec_t,s0)
+/var/www/cgi-bin/munin.* gen_context(system_u:object_r:munin_script_exec_t,s0)
diff --git a/munin.if b/munin.if
-index b744fe3..cb0e2af 100644
+index b744fe35e..cb0e2af61 100644
--- a/munin.if
+++ b/munin.if
@@ -1,12 +1,13 @@
@@ -56432,7 +56432,7 @@ index b744fe3..cb0e2af 100644
+ admin_pattern($1, munin_content_t)
')
diff --git a/munin.te b/munin.te
-index b708708..1ea095c 100644
+index b70870816..1ea095ce8 100644
--- a/munin.te
+++ b/munin.te
@@ -44,41 +44,40 @@ files_tmpfs_file(services_munin_plugin_tmpfs_t)
@@ -56710,7 +56710,7 @@ index b708708..1ea095c 100644
+ apache_search_sys_content(munin_t)
+')
diff --git a/mysql.fc b/mysql.fc
-index 06f8666..2accd90 100644
+index 06f8666df..2accd90d2 100644
--- a/mysql.fc
+++ b/mysql.fc
@@ -1,27 +1,46 @@
@@ -56777,7 +56777,7 @@ index 06f8666..2accd90 100644
+/var/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0)
+/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
diff --git a/mysql.if b/mysql.if
-index 687af38..5381f1b 100644
+index 687af38bb..5381f1b39 100644
--- a/mysql.if
+++ b/mysql.if
@@ -1,23 +1,4 @@
@@ -57330,7 +57330,7 @@ index 687af38..5381f1b 100644
+ mysql_stream_connect($1)
')
diff --git a/mysql.te b/mysql.te
-index 7584bbe..8174c48 100644
+index 7584bbe7c..8174c4802 100644
--- a/mysql.te
+++ b/mysql.te
@@ -6,20 +6,22 @@ policy_module(mysql, 1.14.1)
@@ -57656,7 +57656,7 @@ index 7584bbe..8174c48 100644
+userdom_getattr_user_home_dirs(mysqlmanagerd_t)
diff --git a/mythtv.fc b/mythtv.fc
new file mode 100644
-index 0000000..d62cf88
+index 000000000..d62cf886e
--- /dev/null
+++ b/mythtv.fc
@@ -0,0 +1,9 @@
@@ -57671,7 +57671,7 @@ index 0000000..d62cf88
+/usr/share/mythtv/mythweather/scripts(/.*)? gen_context(system_u:object_r:mythtv_script_exec_t,s0)
diff --git a/mythtv.if b/mythtv.if
new file mode 100644
-index 0000000..e2403dd
+index 000000000..e2403dd50
--- /dev/null
+++ b/mythtv.if
@@ -0,0 +1,152 @@
@@ -57829,7 +57829,7 @@ index 0000000..e2403dd
+')
diff --git a/mythtv.te b/mythtv.te
new file mode 100644
-index 0000000..0e585e3
+index 000000000..0e585e3c5
--- /dev/null
+++ b/mythtv.te
@@ -0,0 +1,47 @@
@@ -57882,7 +57882,7 @@ index 0000000..0e585e3
+')
diff --git a/naemon.fc b/naemon.fc
new file mode 100644
-index 0000000..85407d3
+index 000000000..85407d337
--- /dev/null
+++ b/naemon.fc
@@ -0,0 +1,11 @@
@@ -57899,7 +57899,7 @@ index 0000000..85407d3
+/var/run/naemon(/.*)? gen_context(system_u:object_r:naemon_var_run_t,s0)
diff --git a/naemon.if b/naemon.if
new file mode 100644
-index 0000000..e904df0
+index 000000000..e904df027
--- /dev/null
+++ b/naemon.if
@@ -0,0 +1,305 @@
@@ -58210,7 +58210,7 @@ index 0000000..e904df0
+')
diff --git a/naemon.te b/naemon.te
new file mode 100644
-index 0000000..79f1250
+index 000000000..79f1250eb
--- /dev/null
+++ b/naemon.te
@@ -0,0 +1,59 @@
@@ -58274,7 +58274,7 @@ index 0000000..79f1250
+
+fs_getattr_xattr_fs(naemon_t)
diff --git a/nagios.fc b/nagios.fc
-index d78dfc3..c781b72 100644
+index d78dfc38d..c781b72bb 100644
--- a/nagios.fc
+++ b/nagios.fc
@@ -1,88 +1,113 @@
@@ -58467,7 +58467,7 @@ index d78dfc3..c781b72 100644
+/usr/lib/icinga/plugins/eventhandlers(/.*) gen_context(system_u:object_r:nagios_eventhandler_plugin_exec_t,s0)
+
diff --git a/nagios.if b/nagios.if
-index 0641e97..f3b1111 100644
+index 0641e970f..f3b111172 100644
--- a/nagios.if
+++ b/nagios.if
@@ -1,12 +1,13 @@
@@ -58782,7 +58782,7 @@ index 0641e97..f3b1111 100644
+ admin_pattern($1, nrpe_etc_t)
')
diff --git a/nagios.te b/nagios.te
-index 7b3e682..e3a1bc5 100644
+index 7b3e682e6..e3a1bc5f5 100644
--- a/nagios.te
+++ b/nagios.te
@@ -5,6 +5,25 @@ policy_module(nagios, 1.13.0)
@@ -59253,7 +59253,7 @@ index 7b3e682..e3a1bc5 100644
optional_policy(`
diff --git a/namespace.fc b/namespace.fc
new file mode 100644
-index 0000000..ce51c8d
+index 000000000..ce51c8d4f
--- /dev/null
+++ b/namespace.fc
@@ -0,0 +1,3 @@
@@ -59262,7 +59262,7 @@ index 0000000..ce51c8d
+
diff --git a/namespace.if b/namespace.if
new file mode 100644
-index 0000000..8d7c751
+index 000000000..8d7c75157
--- /dev/null
+++ b/namespace.if
@@ -0,0 +1,48 @@
@@ -59316,7 +59316,7 @@ index 0000000..8d7c751
+')
diff --git a/namespace.te b/namespace.te
new file mode 100644
-index 0000000..814e62e
+index 000000000..814e62e4f
--- /dev/null
+++ b/namespace.te
@@ -0,0 +1,41 @@
@@ -59362,7 +59362,7 @@ index 0000000..814e62e
+userdom_relabelto_user_home_files(namespace_init_t)
+userdom_filetrans_home_content(namespace_init_t)
diff --git a/ncftool.if b/ncftool.if
-index db9578f..4309e3d 100644
+index db9578f4e..4309e3da5 100644
--- a/ncftool.if
+++ b/ncftool.if
@@ -38,9 +38,11 @@ interface(`ncftool_domtrans',`
@@ -59378,7 +59378,7 @@ index db9578f..4309e3d 100644
')
+
diff --git a/ncftool.te b/ncftool.te
-index 71f30ba..d616860 100644
+index 71f30ba60..d61686078 100644
--- a/ncftool.te
+++ b/ncftool.te
@@ -22,13 +22,14 @@ role ncftool_roles types ncftool_t;
@@ -59437,7 +59437,7 @@ index 71f30ba..d616860 100644
optional_policy(`
diff --git a/nessus.te b/nessus.te
-index fe1068b..98166ee 100644
+index fe1068ba5..98166ee0b 100644
--- a/nessus.te
+++ b/nessus.te
@@ -58,7 +58,6 @@ kernel_read_kernel_sysctls(nessusd_t)
@@ -59466,7 +59466,7 @@ index fe1068b..98166ee 100644
userdom_dontaudit_use_unpriv_user_fds(nessusd_t)
diff --git a/networkmanager.fc b/networkmanager.fc
-index 94b9734..448a7e8 100644
+index 94b973407..448a7e836 100644
--- a/networkmanager.fc
+++ b/networkmanager.fc
@@ -1,44 +1,46 @@
@@ -59538,7 +59538,7 @@ index 94b9734..448a7e8 100644
+/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --git a/networkmanager.if b/networkmanager.if
-index 86dc29d..c7d9376 100644
+index 86dc29dfa..c7d9376d5 100644
--- a/networkmanager.if
+++ b/networkmanager.if
@@ -2,7 +2,7 @@
@@ -60081,7 +60081,7 @@ index 86dc29d..c7d9376 100644
+ logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
')
diff --git a/networkmanager.te b/networkmanager.te
-index 55f2009..4419e35 100644
+index 55f20095e..4419e3531 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -9,15 +9,18 @@ type NetworkManager_t;
@@ -60538,7 +60538,7 @@ index 55f2009..4419e35 100644
term_dontaudit_use_console(wpa_cli_t)
diff --git a/ninfod.fc b/ninfod.fc
new file mode 100644
-index 0000000..cc31b9f
+index 000000000..cc31b9f27
--- /dev/null
+++ b/ninfod.fc
@@ -0,0 +1,6 @@
@@ -60550,7 +60550,7 @@ index 0000000..cc31b9f
+
diff --git a/ninfod.if b/ninfod.if
new file mode 100644
-index 0000000..409de8c
+index 000000000..409de8c3e
--- /dev/null
+++ b/ninfod.if
@@ -0,0 +1,80 @@
@@ -60636,7 +60636,7 @@ index 0000000..409de8c
+')
diff --git a/ninfod.te b/ninfod.te
new file mode 100644
-index 0000000..b3aa3ce
+index 000000000..b3aa3ce13
--- /dev/null
+++ b/ninfod.te
@@ -0,0 +1,36 @@
@@ -60677,7 +60677,7 @@ index 0000000..b3aa3ce
+
+sysnet_dns_name_resolve(ninfod_t)
diff --git a/nis.fc b/nis.fc
-index 8aa1bfa..cd0e015 100644
+index 8aa1bfa28..cd0e015f8 100644
--- a/nis.fc
+++ b/nis.fc
@@ -2,21 +2,26 @@
@@ -60712,7 +60712,7 @@ index 8aa1bfa..cd0e015 100644
+/usr/lib/systemd/system/yppasswdd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
+/usr/lib/systemd/system/ypxfrd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
diff --git a/nis.if b/nis.if
-index 46e55c3..afe399a 100644
+index 46e55c3ff..afe399a0e 100644
--- a/nis.if
+++ b/nis.if
@@ -1,4 +1,4 @@
@@ -60982,7 +60982,7 @@ index 46e55c3..afe399a 100644
+ allow $1 nis_unit_file_t:service all_service_perms;
')
diff --git a/nis.te b/nis.te
-index 3a6b035..5145db5 100644
+index 3a6b0352e..5145db555 100644
--- a/nis.te
+++ b/nis.te
@@ -5,8 +5,6 @@ policy_module(nis, 1.12.0)
@@ -61294,7 +61294,7 @@ index 3a6b035..5145db5 100644
sysnet_read_config(ypxfr_t)
diff --git a/nova.fc b/nova.fc
new file mode 100644
-index 0000000..b5fab0e
+index 000000000..b5fab0e6a
--- /dev/null
+++ b/nova.fc
@@ -0,0 +1,25 @@
@@ -61325,7 +61325,7 @@ index 0000000..b5fab0e
+/var/run/nova(/.*)? gen_context(system_u:object_r:nova_var_run_t,s0)
diff --git a/nova.if b/nova.if
new file mode 100644
-index 0000000..e328327
+index 000000000..e32832705
--- /dev/null
+++ b/nova.if
@@ -0,0 +1,47 @@
@@ -61378,7 +61378,7 @@ index 0000000..e328327
+')
diff --git a/nova.te b/nova.te
new file mode 100644
-index 0000000..2259a51
+index 000000000..2259a5192
--- /dev/null
+++ b/nova.te
@@ -0,0 +1,203 @@
@@ -61586,7 +61586,7 @@ index 0000000..2259a51
+')
+
diff --git a/nscd.fc b/nscd.fc
-index ba64485..429bd79 100644
+index ba6448507..429bd799c 100644
--- a/nscd.fc
+++ b/nscd.fc
@@ -1,13 +1,15 @@
@@ -61611,7 +61611,7 @@ index ba64485..429bd79 100644
+
+/usr/lib/systemd/system/nscd\.service -- gen_context(system_u:object_r:nscd_unit_file_t,s0)
diff --git a/nscd.if b/nscd.if
-index 8f2ab09..a298198 100644
+index 8f2ab09f5..a29819859 100644
--- a/nscd.if
+++ b/nscd.if
@@ -1,8 +1,8 @@
@@ -61928,7 +61928,7 @@ index 8f2ab09..a298198 100644
+ allow $1 nscd_unit_file_t:service all_service_perms;
')
diff --git a/nscd.te b/nscd.te
-index bcd7d0a..0188086 100644
+index bcd7d0a7d..0188086f9 100644
--- a/nscd.te
+++ b/nscd.te
@@ -4,33 +4,34 @@ gen_require(`
@@ -62118,7 +62118,7 @@ index bcd7d0a..0188086 100644
+ unconfined_dontaudit_rw_packet_sockets(nscd_t)
+')
diff --git a/nsd.fc b/nsd.fc
-index 4f2b1b6..6b300d5 100644
+index 4f2b1b663..6b300d54f 100644
--- a/nsd.fc
+++ b/nsd.fc
@@ -1,16 +1,19 @@
@@ -62152,7 +62152,7 @@ index 4f2b1b6..6b300d5 100644
+
+/var/log/nsd\.log -- gen_context(system_u:object_r:nsd_log_t,s0)
diff --git a/nsd.if b/nsd.if
-index a9c60ff..ad4f14a 100644
+index a9c60ff87..ad4f14ad6 100644
--- a/nsd.if
+++ b/nsd.if
@@ -1,8 +1,8 @@
@@ -62241,7 +62241,7 @@ index a9c60ff..ad4f14a 100644
+ refpolicywarn(`$0($*) has been deprecated.')
')
diff --git a/nsd.te b/nsd.te
-index 47bb1d2..1e55673 100644
+index 47bb1d204..1e5567367 100644
--- a/nsd.te
+++ b/nsd.te
@@ -9,9 +9,7 @@ type nsd_t;
@@ -62433,7 +62433,7 @@ index 47bb1d2..1e55673 100644
cron_system_entry(nsd_crond_t, nsd_exec_t)
')
diff --git a/nslcd.fc b/nslcd.fc
-index 402100e..ce913b2 100644
+index 402100e40..ce913b244 100644
--- a/nslcd.fc
+++ b/nslcd.fc
@@ -1,7 +1,4 @@
@@ -62449,7 +62449,7 @@ index 402100e..ce913b2 100644
+/usr/sbin/nslcd -- gen_context(system_u:object_r:nslcd_exec_t,s0)
+/var/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0)
diff --git a/nslcd.if b/nslcd.if
-index 97df768..852d1c6 100644
+index 97df768d9..852d1c6c7 100644
--- a/nslcd.if
+++ b/nslcd.if
@@ -1,4 +1,4 @@
@@ -62567,7 +62567,7 @@ index 97df768..852d1c6 100644
+ admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
')
diff --git a/nslcd.te b/nslcd.te
-index 421bf1a..1be3b6b 100644
+index 421bf1a56..1be3b6b30 100644
--- a/nslcd.te
+++ b/nslcd.te
@@ -20,12 +20,12 @@ files_config_file(nslcd_conf_t)
@@ -62628,7 +62628,7 @@ index 421bf1a..1be3b6b 100644
+
diff --git a/nsplugin.fc b/nsplugin.fc
new file mode 100644
-index 0000000..22e6c96
+index 000000000..22e6c963c
--- /dev/null
+++ b/nsplugin.fc
@@ -0,0 +1,11 @@
@@ -62645,7 +62645,7 @@ index 0000000..22e6c96
+/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --git a/nsplugin.if b/nsplugin.if
new file mode 100644
-index 0000000..bceb527
+index 000000000..bceb5271e
--- /dev/null
+++ b/nsplugin.if
@@ -0,0 +1,474 @@
@@ -63125,7 +63125,7 @@ index 0000000..bceb527
+')
diff --git a/nsplugin.te b/nsplugin.te
new file mode 100644
-index 0000000..7d839fe
+index 000000000..7d839fe6e
--- /dev/null
+++ b/nsplugin.te
@@ -0,0 +1,318 @@
@@ -63448,7 +63448,7 @@ index 0000000..7d839fe
+ pulseaudio_setattr_home_dir(nsplugin_t)
+')
diff --git a/ntop.te b/ntop.te
-index 8ec7859..c696f67 100644
+index 8ec78595b..c696f6765 100644
--- a/ntop.te
+++ b/ntop.te
@@ -29,10 +29,11 @@ files_pid_file(ntop_var_run_t)
@@ -63497,7 +63497,7 @@ index 8ec7859..c696f67 100644
')
diff --git a/ntp.fc b/ntp.fc
-index af3c91e..3e5f9cf 100644
+index af3c91e70..3e5f9cfa6 100644
--- a/ntp.fc
+++ b/ntp.fc
@@ -11,9 +11,13 @@
@@ -63515,7 +63515,7 @@ index af3c91e..3e5f9cf 100644
/var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
diff --git a/ntp.if b/ntp.if
-index e96a309..4245308 100644
+index e96a309a5..42453089c 100644
--- a/ntp.if
+++ b/ntp.if
@@ -1,4 +1,4 @@
@@ -63757,7 +63757,7 @@ index e96a309..4245308 100644
+')
+
diff --git a/ntp.te b/ntp.te
-index f81b113..4e9e52e 100644
+index f81b113c7..4e9e52e1c 100644
--- a/ntp.te
+++ b/ntp.te
@@ -18,6 +18,9 @@ role ntpd_roles types ntpd_t;
@@ -63886,7 +63886,7 @@ index f81b113..4e9e52e 100644
udev_read_db(ntpd_t)
')
diff --git a/numad.fc b/numad.fc
-index 3488bb0..1f97624 100644
+index 3488bb0d3..1f9762420 100644
--- a/numad.fc
+++ b/numad.fc
@@ -1,7 +1,7 @@
@@ -63902,7 +63902,7 @@ index 3488bb0..1f97624 100644
-/var/run/numad\.pid -- gen_context(system_u:object_r:numad_var_run_t,s0)
+/var/run/numad\.pid -- gen_context(system_u:object_r:numad_var_run_t,s0)
diff --git a/numad.if b/numad.if
-index 0d3c270..f307835 100644
+index 0d3c270b9..f307835ce 100644
--- a/numad.if
+++ b/numad.if
@@ -1,39 +1,93 @@
@@ -64018,7 +64018,7 @@ index 0d3c270..f307835 100644
+ ')
')
diff --git a/numad.te b/numad.te
-index b0a1be4..303a927 100644
+index b0a1be482..303a9279f 100644
--- a/numad.te
+++ b/numad.te
@@ -8,37 +8,44 @@ policy_module(numad, 1.1.0)
@@ -64079,7 +64079,7 @@ index b0a1be4..303a927 100644
+ virt_ptrace(numad_t)
+')
diff --git a/nut.fc b/nut.fc
-index 379af96..fac7d7b 100644
+index 379af962c..fac7d7bc9 100644
--- a/nut.fc
+++ b/nut.fc
@@ -1,23 +1,16 @@
@@ -64114,7 +64114,7 @@ index 379af96..fac7d7b 100644
+/var/www/nut-cgi-bin/upsset\.cgi -- gen_context(system_u:object_r:nutups_cgi_script_exec_t,s0)
+/var/www/nut-cgi-bin/upsstats\.cgi -- gen_context(system_u:object_r:nutups_cgi_script_exec_t,s0)
diff --git a/nut.if b/nut.if
-index 57c0161..c554eb6 100644
+index 57c0161ed..c554eb6e1 100644
--- a/nut.if
+++ b/nut.if
@@ -1,39 +1,60 @@
@@ -64205,7 +64205,7 @@ index 57c0161..c554eb6 100644
+ ps_process_pattern($1, nut_t)
')
diff --git a/nut.te b/nut.te
-index 5b2cb0d..605b54b 100644
+index 5b2cb0d59..605b54b72 100644
--- a/nut.te
+++ b/nut.te
@@ -7,154 +7,155 @@ policy_module(nut, 1.3.0)
@@ -64439,7 +64439,7 @@ index 5b2cb0d..605b54b 100644
+ sysnet_dns_name_resolve(nutups_cgi_script_t)
')
diff --git a/nx.if b/nx.if
-index 251d681..50ae2a9 100644
+index 251d6816a..50ae2a94b 100644
--- a/nx.if
+++ b/nx.if
@@ -35,7 +35,9 @@ interface(`nx_read_home_files',`
@@ -64476,7 +64476,7 @@ index 251d681..50ae2a9 100644
+ filetrans_pattern($1, nx_server_var_lib_t, nx_server_home_ssh_t, dir, ".ssh")
+')
diff --git a/nx.te b/nx.te
-index 091f872..62a0b12 100644
+index 091f87272..62a0b1229 100644
--- a/nx.te
+++ b/nx.te
@@ -27,6 +27,9 @@ files_type(nx_server_var_lib_t)
@@ -64521,7 +64521,7 @@ index 091f872..62a0b12 100644
sysnet_read_config(nx_server_t)
diff --git a/oav.te b/oav.te
-index b09c4c4..995c3f6 100644
+index b09c4c412..995c3f6a6 100644
--- a/oav.te
+++ b/oav.te
@@ -95,7 +95,6 @@ dev_read_sysfs(scannerdaemon_t)
@@ -64533,14 +64533,14 @@ index b09c4c4..995c3f6 100644
files_search_var_lib(scannerdaemon_t)
diff --git a/obex.fc b/obex.fc
-index 03fa560..000c5fe 100644
+index 03fa56040..000c5fe7b 100644
--- a/obex.fc
+++ b/obex.fc
@@ -1 +1 @@
-/usr/bin/obex-data-server -- gen_context(system_u:object_r:obex_exec_t,s0)
+/usr/bin/obex-data-server -- gen_context(system_u:object_r:obex_exec_t,s0)
diff --git a/obex.if b/obex.if
-index 8635ea2..eec20b4 100644
+index 8635ea205..eec20b413 100644
--- a/obex.if
+++ b/obex.if
@@ -1,15 +1,50 @@
@@ -64687,7 +64687,7 @@ index 8635ea2..eec20b4 100644
+ obex_dbus_chat($2)
')
diff --git a/obex.te b/obex.te
-index cd29ea8..d01d2c8 100644
+index cd29ea899..d01d2c8e6 100644
--- a/obex.te
+++ b/obex.te
@@ -1,4 +1,4 @@
@@ -64733,7 +64733,7 @@ index cd29ea8..d01d2c8 100644
')
')
diff --git a/oddjob.fc b/oddjob.fc
-index dd1d9ef..c48733a 100644
+index dd1d9ef5a..c48733aa4 100644
--- a/oddjob.fc
+++ b/oddjob.fc
@@ -1,10 +1,12 @@
@@ -64755,7 +64755,7 @@ index dd1d9ef..c48733a 100644
-/var/run/oddjobd\.pid gen_context(system_u:object_r:oddjob_var_run_t,s0)
+/var/run/oddjobd\.pid gen_context(system_u:object_r:oddjob_var_run_t,s0)
diff --git a/oddjob.if b/oddjob.if
-index c87bd2a..6180fba 100644
+index c87bd2a30..6180fba1f 100644
--- a/oddjob.if
+++ b/oddjob.if
@@ -1,4 +1,8 @@
@@ -64996,7 +64996,7 @@ index c87bd2a..6180fba 100644
+ allow $1 oddjob_mkhomedir_exec_t:file entrypoint;
')
diff --git a/oddjob.te b/oddjob.te
-index e403097..c60887d 100644
+index e403097c6..c60887de2 100644
--- a/oddjob.te
+++ b/oddjob.te
@@ -5,8 +5,6 @@ policy_module(oddjob, 1.10.0)
@@ -65105,7 +65105,7 @@ index e403097..c60887d 100644
+userdom_stream_connect(oddjob_mkhomedir_t)
+
diff --git a/openct.te b/openct.te
-index 3b6920e..577c90b 100644
+index 3b6920e31..577c90b03 100644
--- a/openct.te
+++ b/openct.te
@@ -21,6 +21,7 @@ files_pid_file(openct_var_run_t)
@@ -65149,7 +65149,7 @@ index 3b6920e..577c90b 100644
diff --git a/opendnssec.fc b/opendnssec.fc
new file mode 100644
-index 0000000..08d0e79
+index 000000000..08d0e793d
--- /dev/null
+++ b/opendnssec.fc
@@ -0,0 +1,14 @@
@@ -65169,7 +65169,7 @@ index 0000000..08d0e79
+/var/opendnssec(/.*)? gen_context(system_u:object_r:opendnssec_var_t,s0)
diff --git a/opendnssec.if b/opendnssec.if
new file mode 100644
-index 0000000..7c08157
+index 000000000..7c081576b
--- /dev/null
+++ b/opendnssec.if
@@ -0,0 +1,228 @@
@@ -65403,7 +65403,7 @@ index 0000000..7c08157
+')
diff --git a/opendnssec.te b/opendnssec.te
new file mode 100644
-index 0000000..3a760d7
+index 000000000..3a760d741
--- /dev/null
+++ b/opendnssec.te
@@ -0,0 +1,69 @@
@@ -65478,7 +65478,7 @@ index 0000000..3a760d7
+
diff --git a/openfortivpn.fc b/openfortivpn.fc
new file mode 100644
-index 0000000..2e4dd3f
+index 000000000..2e4dd3ffe
--- /dev/null
+++ b/openfortivpn.fc
@@ -0,0 +1,4 @@
@@ -65488,7 +65488,7 @@ index 0000000..2e4dd3f
+/var/lib/NetworkManager-fortisslvpn(/.*)? gen_context(system_u:object_r:openfortivpn_var_lib_t,s0)
diff --git a/openfortivpn.if b/openfortivpn.if
new file mode 100644
-index 0000000..7581b52
+index 000000000..7581b52a0
--- /dev/null
+++ b/openfortivpn.if
@@ -0,0 +1,113 @@
@@ -65607,7 +65607,7 @@ index 0000000..7581b52
+')
diff --git a/openfortivpn.te b/openfortivpn.te
new file mode 100644
-index 0000000..5a3c62b
+index 000000000..5a3c62b83
--- /dev/null
+++ b/openfortivpn.te
@@ -0,0 +1,67 @@
@@ -65679,7 +65679,7 @@ index 0000000..5a3c62b
+ ppp_kill(openfortivpn_t)
+')
diff --git a/openhpi.te b/openhpi.te
-index 8de6191..1a01e99 100644
+index 8de619112..1a01e99f2 100644
--- a/openhpi.te
+++ b/openhpi.te
@@ -38,6 +38,8 @@ files_var_lib_filetrans(openhpid_t, openhpid_var_lib_t, dir)
@@ -65706,7 +65706,7 @@ index 8de6191..1a01e99 100644
+')
diff --git a/openhpid.fc b/openhpid.fc
new file mode 100644
-index 0000000..df219e6
+index 000000000..df219e6ef
--- /dev/null
+++ b/openhpid.fc
@@ -0,0 +1,10 @@
@@ -65722,7 +65722,7 @@ index 0000000..df219e6
+/var/run/openhpid\.pid -- gen_context(system_u:object_r:openhpid_var_run_t,s0)
diff --git a/openhpid.if b/openhpid.if
new file mode 100644
-index 0000000..598789a
+index 000000000..598789a3b
--- /dev/null
+++ b/openhpid.if
@@ -0,0 +1,159 @@
@@ -65887,7 +65887,7 @@ index 0000000..598789a
+
diff --git a/openhpid.te b/openhpid.te
new file mode 100644
-index 0000000..a0e0eaf
+index 000000000..a0e0eafce
--- /dev/null
+++ b/openhpid.te
@@ -0,0 +1,67 @@
@@ -65960,21 +65960,21 @@ index 0000000..a0e0eaf
+')
diff --git a/openshift-origin.fc b/openshift-origin.fc
new file mode 100644
-index 0000000..30ca148
+index 000000000..30ca148ee
--- /dev/null
+++ b/openshift-origin.fc
@@ -0,0 +1 @@
+# Left Blank
diff --git a/openshift-origin.if b/openshift-origin.if
new file mode 100644
-index 0000000..3eb6a30
+index 000000000..3eb6a3057
--- /dev/null
+++ b/openshift-origin.if
@@ -0,0 +1 @@
+##
diff --git a/openshift-origin.te b/openshift-origin.te
new file mode 100644
-index 0000000..a437f80
+index 000000000..a437f80ca
--- /dev/null
+++ b/openshift-origin.te
@@ -0,0 +1,13 @@
@@ -65993,7 +65993,7 @@ index 0000000..a437f80
+files_read_config_files(openshift_domain)
diff --git a/openshift.fc b/openshift.fc
new file mode 100644
-index 0000000..5a2f97e
+index 000000000..5a2f97ef6
--- /dev/null
+++ b/openshift.fc
@@ -0,0 +1,30 @@
@@ -66029,7 +66029,7 @@ index 0000000..5a2f97e
+/var/run/openshift(/.*)? gen_context(system_u:object_r:openshift_var_run_t,s0)
diff --git a/openshift.if b/openshift.if
new file mode 100644
-index 0000000..c20cac3
+index 000000000..c20cac397
--- /dev/null
+++ b/openshift.if
@@ -0,0 +1,697 @@
@@ -66732,7 +66732,7 @@ index 0000000..c20cac3
+')
diff --git a/openshift.te b/openshift.te
new file mode 100644
-index 0000000..a98990f
+index 000000000..a98990f3a
--- /dev/null
+++ b/openshift.te
@@ -0,0 +1,634 @@
@@ -67372,7 +67372,7 @@ index 0000000..a98990f
+')
diff --git a/opensm.fc b/opensm.fc
new file mode 100644
-index 0000000..51650fa
+index 000000000..51650fa65
--- /dev/null
+++ b/opensm.fc
@@ -0,0 +1,7 @@
@@ -67385,7 +67385,7 @@ index 0000000..51650fa
+/var/log/opensm\.log.* -- gen_context(system_u:object_r:opensm_log_t,s0)
diff --git a/opensm.if b/opensm.if
new file mode 100644
-index 0000000..45de664
+index 000000000..45de66477
--- /dev/null
+++ b/opensm.if
@@ -0,0 +1,224 @@
@@ -67615,7 +67615,7 @@ index 0000000..45de664
+')
diff --git a/opensm.te b/opensm.te
new file mode 100644
-index 0000000..87c86ed
+index 000000000..87c86edb9
--- /dev/null
+++ b/opensm.te
@@ -0,0 +1,46 @@
@@ -67666,7 +67666,7 @@ index 0000000..87c86ed
+
+logging_send_syslog_msg(opensm_t)
diff --git a/openvpn.fc b/openvpn.fc
-index 300213f..4cdfe09 100644
+index 300213f83..4cdfe097c 100644
--- a/openvpn.fc
+++ b/openvpn.fc
@@ -1,10 +1,13 @@
@@ -67684,7 +67684,7 @@ index 300213f..4cdfe09 100644
/var/log/openvpn.* gen_context(system_u:object_r:openvpn_var_log_t,s0)
diff --git a/openvpn.if b/openvpn.if
-index 6837e9a..8d6e33b 100644
+index 6837e9a2b..8d6e33b00 100644
--- a/openvpn.if
+++ b/openvpn.if
@@ -23,6 +23,25 @@ interface(`openvpn_domtrans',`
@@ -67774,7 +67774,7 @@ index 6837e9a..8d6e33b 100644
domain_system_change_exemption($1)
role_transition $2 openvpn_initrc_exec_t system_r;
diff --git a/openvpn.te b/openvpn.te
-index 63957a3..91dead6 100644
+index 63957a362..91dead6e7 100644
--- a/openvpn.te
+++ b/openvpn.te
@@ -6,6 +6,13 @@ policy_module(openvpn, 1.12.2)
@@ -67966,7 +67966,7 @@ index 63957a3..91dead6 100644
+ can_exec(openvpn_t, openvpn_unconfined_script_exec_t)
+')
diff --git a/openvswitch.fc b/openvswitch.fc
-index 45d7cc5..c5b9607 100644
+index 45d7cc508..c5b9607c1 100644
--- a/openvswitch.fc
+++ b/openvswitch.fc
@@ -1,12 +1,16 @@
@@ -67994,7 +67994,7 @@ index 45d7cc5..c5b9607 100644
-/var/run/openvswitch(/.*)? gen_context(system_u:object_r:openvswitch_var_run_t,s0)
+/etc/openvswitch(/.*)? gen_context(system_u:object_r:openvswitch_rw_t,s0)
diff --git a/openvswitch.if b/openvswitch.if
-index 9b15730..cb00f20 100644
+index 9b157305b..cb00f200a 100644
--- a/openvswitch.if
+++ b/openvswitch.if
@@ -1,13 +1,14 @@
@@ -68267,7 +68267,7 @@ index 9b15730..cb00f20 100644
+ ')
')
diff --git a/openvswitch.te b/openvswitch.te
-index 44dbc99..9e70db7 100644
+index 44dbc99ab..9e70db7ef 100644
--- a/openvswitch.te
+++ b/openvswitch.te
@@ -9,11 +9,8 @@ type openvswitch_t;
@@ -68404,7 +68404,7 @@ index 44dbc99..9e70db7 100644
+')
diff --git a/openwsman.fc b/openwsman.fc
new file mode 100644
-index 0000000..00d0643
+index 000000000..00d0643d9
--- /dev/null
+++ b/openwsman.fc
@@ -0,0 +1,7 @@
@@ -68417,7 +68417,7 @@ index 0000000..00d0643
+/var/run/wsmand.* -- gen_context(system_u:object_r:openwsman_run_t,s0)
diff --git a/openwsman.if b/openwsman.if
new file mode 100644
-index 0000000..747853a
+index 000000000..747853a1a
--- /dev/null
+++ b/openwsman.if
@@ -0,0 +1,79 @@
@@ -68502,7 +68502,7 @@ index 0000000..747853a
+')
diff --git a/openwsman.te b/openwsman.te
new file mode 100644
-index 0000000..3bcd32c
+index 000000000..3bcd32cdf
--- /dev/null
+++ b/openwsman.te
@@ -0,0 +1,74 @@
@@ -68582,7 +68582,7 @@ index 0000000..3bcd32c
+
diff --git a/oracleasm.fc b/oracleasm.fc
new file mode 100644
-index 0000000..5655fac
+index 000000000..5655facf0
--- /dev/null
+++ b/oracleasm.fc
@@ -0,0 +1,8 @@
@@ -68596,7 +68596,7 @@ index 0000000..5655fac
+/usr/sbin/oracleasm -- gen_context(system_u:object_r:oracleasm_exec_t,s0)
diff --git a/oracleasm.if b/oracleasm.if
new file mode 100644
-index 0000000..6ae382c
+index 000000000..6ae382cb9
--- /dev/null
+++ b/oracleasm.if
@@ -0,0 +1,75 @@
@@ -68677,7 +68677,7 @@ index 0000000..6ae382c
+
diff --git a/oracleasm.te b/oracleasm.te
new file mode 100644
-index 0000000..41f3e07
+index 000000000..41f3e07b1
--- /dev/null
+++ b/oracleasm.te
@@ -0,0 +1,66 @@
@@ -68749,7 +68749,7 @@ index 0000000..41f3e07
+')
diff --git a/osad.fc b/osad.fc
new file mode 100644
-index 0000000..cf911d5
+index 000000000..cf911d54e
--- /dev/null
+++ b/osad.fc
@@ -0,0 +1,7 @@
@@ -68762,7 +68762,7 @@ index 0000000..cf911d5
+/var/run/osad.* -- gen_context(system_u:object_r:osad_var_run_t,s0)
diff --git a/osad.if b/osad.if
new file mode 100644
-index 0000000..05648bd
+index 000000000..05648bd2a
--- /dev/null
+++ b/osad.if
@@ -0,0 +1,165 @@
@@ -68933,7 +68933,7 @@ index 0000000..05648bd
+')
diff --git a/osad.te b/osad.te
new file mode 100644
-index 0000000..6c2f264
+index 000000000..b372f683a
--- /dev/null
+++ b/osad.te
@@ -0,0 +1,56 @@
@@ -68962,7 +68962,7 @@ index 0000000..6c2f264
+# osad local policy
+#
+
-+allow osad_t self:process setpgid;
++allow osad_t self:process { execmem setpgid };
+
+manage_files_pattern(osad_t, osad_log_t, osad_log_t)
+logging_log_filetrans(osad_t, osad_log_t, file)
@@ -68994,7 +68994,7 @@ index 0000000..6c2f264
+ rpm_domtrans(osad_t)
+')
diff --git a/pacemaker.fc b/pacemaker.fc
-index 2f0ad56..d4da0b8 100644
+index 2f0ad56d6..d4da0b8d0 100644
--- a/pacemaker.fc
+++ b/pacemaker.fc
@@ -1,5 +1,7 @@
@@ -69006,7 +69006,7 @@ index 2f0ad56..d4da0b8 100644
/var/lib/heartbeat/crm(/.*)? gen_context(system_u:object_r:pacemaker_var_lib_t,s0)
diff --git a/pacemaker.if b/pacemaker.if
-index 9682d9a..f1f421f 100644
+index 9682d9af8..f1f421f9e 100644
--- a/pacemaker.if
+++ b/pacemaker.if
@@ -1,9 +1,167 @@
@@ -69215,7 +69215,7 @@ index 9682d9a..f1f421f 100644
+ ')
')
diff --git a/pacemaker.te b/pacemaker.te
-index 6e6efb6..d56c049 100644
+index 6e6efb642..d56c04963 100644
--- a/pacemaker.te
+++ b/pacemaker.te
@@ -5,6 +5,13 @@ policy_module(pacemaker, 1.1.0)
@@ -69316,7 +69316,7 @@ index 6e6efb6..d56c049 100644
+ rgmanager_execute_lib(pacemaker_t)
')
diff --git a/pads.if b/pads.if
-index 6e097c9..503c97a 100644
+index 6e097c919..503c97a2d 100644
--- a/pads.if
+++ b/pads.if
@@ -17,15 +17,19 @@
@@ -69342,7 +69342,7 @@ index 6e097c9..503c97a 100644
domain_system_change_exemption($1)
role_transition $2 pads_initrc_exec_t system_r;
diff --git a/pads.te b/pads.te
-index 078adc4..f0c65e5 100644
+index 078adc478..f0c65e5de 100644
--- a/pads.te
+++ b/pads.te
@@ -24,9 +24,12 @@ files_pid_file(pads_var_run_t)
@@ -69380,7 +69380,7 @@ index 078adc4..f0c65e5 100644
sysnet_dns_name_resolve(pads_t)
diff --git a/passenger.fc b/passenger.fc
-index 2c389ea..9155bd0 100644
+index 2c389ea7c..9155bd0dd 100644
--- a/passenger.fc
+++ b/passenger.fc
@@ -1,10 +1,12 @@
@@ -69404,7 +69404,7 @@ index 2c389ea..9155bd0 100644
+
+/var/run/passenger(/.*)? gen_context(system_u:object_r:passenger_var_run_t,s0)
diff --git a/passenger.if b/passenger.if
-index bf59ef7..0e33327 100644
+index bf59ef731..0e333279c 100644
--- a/passenger.if
+++ b/passenger.if
@@ -15,17 +15,17 @@ interface(`passenger_domtrans',`
@@ -69576,7 +69576,7 @@ index bf59ef7..0e33327 100644
+')
+
diff --git a/passenger.te b/passenger.te
-index 08ec33b..e73b8a6 100644
+index 08ec33bf2..e73b8a63d 100644
--- a/passenger.te
+++ b/passenger.te
@@ -1,4 +1,4 @@
@@ -69707,7 +69707,7 @@ index 08ec33b..e73b8a6 100644
+ rpm_read_db(passenger_t)
')
diff --git a/pcmcia.te b/pcmcia.te
-index 8176e4a..2df1789 100644
+index 8176e4aa4..2df178919 100644
--- a/pcmcia.te
+++ b/pcmcia.te
@@ -88,20 +88,17 @@ libs_exec_lib_files(cardmgr_t)
@@ -69734,7 +69734,7 @@ index 8176e4a..2df1789 100644
diff --git a/pcp.fc b/pcp.fc
new file mode 100644
-index 0000000..de7c78c
+index 000000000..de7c78ca0
--- /dev/null
+++ b/pcp.fc
@@ -0,0 +1,33 @@
@@ -69773,7 +69773,7 @@ index 0000000..de7c78c
+/var/run/pmlogger\.primary\.socket -l gen_context(system_u:object_r:pcp_var_run_t,s0)
diff --git a/pcp.if b/pcp.if
new file mode 100644
-index 0000000..80246e6
+index 000000000..80246e61c
--- /dev/null
+++ b/pcp.if
@@ -0,0 +1,144 @@
@@ -69923,7 +69923,7 @@ index 0000000..80246e6
+
diff --git a/pcp.te b/pcp.te
new file mode 100644
-index 0000000..d859d4c
+index 000000000..d859d4cf5
--- /dev/null
+++ b/pcp.te
@@ -0,0 +1,312 @@
@@ -70240,7 +70240,7 @@ index 0000000..d859d4c
+')
+
diff --git a/pcscd.if b/pcscd.if
-index 43d50f9..6b1544f 100644
+index 43d50f95b..6b1544f62 100644
--- a/pcscd.if
+++ b/pcscd.if
@@ -17,6 +17,8 @@ interface(`pcscd_domtrans',`
@@ -70262,7 +70262,7 @@ index 43d50f9..6b1544f 100644
########################################
diff --git a/pcscd.te b/pcscd.te
-index 1fb1964..a8026bd 100644
+index 1fb196410..a8026bdbf 100644
--- a/pcscd.te
+++ b/pcscd.te
@@ -22,10 +22,12 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
@@ -70344,7 +70344,7 @@ index 1fb1964..a8026bd 100644
+
diff --git a/pdns.fc b/pdns.fc
new file mode 100644
-index 0000000..22bc51b
+index 000000000..22bc51be6
--- /dev/null
+++ b/pdns.fc
@@ -0,0 +1,6 @@
@@ -70356,7 +70356,7 @@ index 0000000..22bc51b
+/etc/pdns(/.*)? gen_context(system_u:object_r:pdns_conf_t,s0)
diff --git a/pdns.if b/pdns.if
new file mode 100644
-index 0000000..02df03a
+index 000000000..02df03ad6
--- /dev/null
+++ b/pdns.if
@@ -0,0 +1,81 @@
@@ -70443,7 +70443,7 @@ index 0000000..02df03a
+')
diff --git a/pdns.te b/pdns.te
new file mode 100644
-index 0000000..509d898
+index 000000000..509d89837
--- /dev/null
+++ b/pdns.te
@@ -0,0 +1,82 @@
@@ -70530,7 +70530,7 @@ index 0000000..509d898
+ ')
+')
diff --git a/pegasus.fc b/pegasus.fc
-index dfd46e4..feaa8e1 100644
+index dfd46e412..feaa8e174 100644
--- a/pegasus.fc
+++ b/pegasus.fc
@@ -1,15 +1,33 @@
@@ -70576,7 +70576,7 @@ index dfd46e4..feaa8e1 100644
+/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
+/usr/libexec/pegasus/cmpiLMI_Hardware-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
diff --git a/pegasus.if b/pegasus.if
-index d2fc677..86dce34 100644
+index d2fc677c1..86dce34a2 100644
--- a/pegasus.if
+++ b/pegasus.if
@@ -1,52 +1,60 @@
@@ -70677,7 +70677,7 @@ index d2fc677..86dce34 100644
')
+
diff --git a/pegasus.te b/pegasus.te
-index 608f454..8cccfd7 100644
+index 608f454d8..8cccfd762 100644
--- a/pegasus.te
+++ b/pegasus.te
@@ -5,13 +5,12 @@ policy_module(pegasus, 1.9.0)
@@ -71212,7 +71212,7 @@ index 608f454..8cccfd7 100644
')
diff --git a/pesign.fc b/pesign.fc
new file mode 100644
-index 0000000..7b54c39
+index 000000000..7b54c3926
--- /dev/null
+++ b/pesign.fc
@@ -0,0 +1,6 @@
@@ -71224,7 +71224,7 @@ index 0000000..7b54c39
+/var/run/pesign\.pid -- gen_context(system_u:object_r:pesign_var_run_t,s0)
diff --git a/pesign.if b/pesign.if
new file mode 100644
-index 0000000..4d531cb
+index 000000000..4d531cb9d
--- /dev/null
+++ b/pesign.if
@@ -0,0 +1,99 @@
@@ -71329,7 +71329,7 @@ index 0000000..4d531cb
+')
diff --git a/pesign.te b/pesign.te
new file mode 100644
-index 0000000..513887d
+index 000000000..513887d18
--- /dev/null
+++ b/pesign.te
@@ -0,0 +1,43 @@
@@ -71377,7 +71377,7 @@ index 0000000..513887d
+miscfiles_read_certs(pesign_t)
+miscfiles_read_localization(pesign_t)
diff --git a/pingd.if b/pingd.if
-index 21a6ecb..b99e4cb 100644
+index 21a6ecbe7..b99e4cb0b 100644
--- a/pingd.if
+++ b/pingd.if
@@ -55,7 +55,8 @@ interface(`pingd_manage_config',`
@@ -71406,7 +71406,7 @@ index 21a6ecb..b99e4cb 100644
domain_system_change_exemption($1)
role_transition $2 pingd_initrc_exec_t system_r;
diff --git a/pingd.te b/pingd.te
-index ab01060..778c8eb 100644
+index ab0106027..778c8eb12 100644
--- a/pingd.te
+++ b/pingd.te
@@ -10,7 +10,7 @@ type pingd_exec_t;
@@ -71433,7 +71433,7 @@ index ab01060..778c8eb 100644
-miscfiles_read_localization(pingd_t)
diff --git a/piranha.fc b/piranha.fc
new file mode 100644
-index 0000000..20ea9f5
+index 000000000..20ea9f54b
--- /dev/null
+++ b/piranha.fc
@@ -0,0 +1,24 @@
@@ -71463,7 +71463,7 @@ index 0000000..20ea9f5
+
diff --git a/piranha.if b/piranha.if
new file mode 100644
-index 0000000..cf54103
+index 000000000..cf54103b6
--- /dev/null
+++ b/piranha.if
@@ -0,0 +1,187 @@
@@ -71656,7 +71656,7 @@ index 0000000..cf54103
+')
diff --git a/piranha.te b/piranha.te
new file mode 100644
-index 0000000..a989aea
+index 000000000..a989aea2e
--- /dev/null
+++ b/piranha.te
@@ -0,0 +1,292 @@
@@ -71953,7 +71953,7 @@ index 0000000..a989aea
+
+sysnet_read_config(piranha_domain)
diff --git a/pkcs.fc b/pkcs.fc
-index 9a72226..b296894 100644
+index 9a72226e3..b2968942f 100644
--- a/pkcs.fc
+++ b/pkcs.fc
@@ -4,4 +4,8 @@
@@ -71966,7 +71966,7 @@ index 9a72226..b296894 100644
+
/var/run/pkcsslotd.* gen_context(system_u:object_r:pkcs_slotd_var_run_t,s0)
diff --git a/pkcs.if b/pkcs.if
-index 69be2aa..2d7b3f6 100644
+index 69be2aaf2..2d7b3f656 100644
--- a/pkcs.if
+++ b/pkcs.if
@@ -19,7 +19,7 @@
@@ -71989,7 +71989,7 @@ index 69be2aa..2d7b3f6 100644
admin_pattern($1, pkcs_slotd_var_run_t)
diff --git a/pkcs.te b/pkcs.te
-index 8eb3f7b..81ee57d 100644
+index 8eb3f7bc1..81ee57df4 100644
--- a/pkcs.te
+++ b/pkcs.te
@@ -7,21 +7,34 @@ policy_module(pkcs, 1.0.1)
@@ -72060,7 +72060,7 @@ index 8eb3f7b..81ee57d 100644
+userdom_read_all_users_state(pkcs_slotd_t)
diff --git a/pkcs11proxyd.fc b/pkcs11proxyd.fc
new file mode 100644
-index 0000000..ca1160a
+index 000000000..ca1160af2
--- /dev/null
+++ b/pkcs11proxyd.fc
@@ -0,0 +1,7 @@
@@ -72073,7 +72073,7 @@ index 0000000..ca1160a
+/var/run/pkcs11proxyd\.socket -s gen_context(system_u:object_r:pkcs11proxyd_var_run_t,s0)
diff --git a/pkcs11proxyd.if b/pkcs11proxyd.if
new file mode 100644
-index 0000000..1fa6db2
+index 000000000..1fa6db2ea
--- /dev/null
+++ b/pkcs11proxyd.if
@@ -0,0 +1,175 @@
@@ -72254,7 +72254,7 @@ index 0000000..1fa6db2
+')
diff --git a/pkcs11proxyd.te b/pkcs11proxyd.te
new file mode 100644
-index 0000000..a2cb118
+index 000000000..a2cb118ba
--- /dev/null
+++ b/pkcs11proxyd.te
@@ -0,0 +1,42 @@
@@ -72302,7 +72302,7 @@ index 0000000..a2cb118
+
diff --git a/pki.fc b/pki.fc
new file mode 100644
-index 0000000..47cd0f8
+index 000000000..47cd0f8ba
--- /dev/null
+++ b/pki.fc
@@ -0,0 +1,57 @@
@@ -72365,7 +72365,7 @@ index 0000000..47cd0f8
+/usr/lib/systemd/system/pki-tomcat.* gen_context(system_u:object_r:pki_tomcat_unit_file_t,s0)
diff --git a/pki.if b/pki.if
new file mode 100644
-index 0000000..798efb6
+index 000000000..798efb632
--- /dev/null
+++ b/pki.if
@@ -0,0 +1,287 @@
@@ -72658,7 +72658,7 @@ index 0000000..798efb6
+')
diff --git a/pki.te b/pki.te
new file mode 100644
-index 0000000..afa1ba1
+index 000000000..afa1ba1f4
--- /dev/null
+++ b/pki.te
@@ -0,0 +1,283 @@
@@ -72946,7 +72946,7 @@ index 0000000..afa1ba1
+')
+
diff --git a/plymouthd.fc b/plymouthd.fc
-index 735500f..2ba6832 100644
+index 735500fd1..2ba6832cc 100644
--- a/plymouthd.fc
+++ b/plymouthd.fc
@@ -1,15 +1,14 @@
@@ -72974,7 +72974,7 @@ index 735500f..2ba6832 100644
-/var/spool/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_spool_t,s0)
+/var/spool/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_spool_t,s0)
diff --git a/plymouthd.if b/plymouthd.if
-index 30e751f..61feb3a 100644
+index 30e751f18..61feb3a81 100644
--- a/plymouthd.if
+++ b/plymouthd.if
@@ -1,4 +1,4 @@
@@ -73287,7 +73287,7 @@ index 30e751f..61feb3a 100644
admin_pattern($1, plymouthd_var_run_t)
')
diff --git a/plymouthd.te b/plymouthd.te
-index 3078ce9..ac0b7a5 100644
+index 3078ce905..ac0b7a546 100644
--- a/plymouthd.te
+++ b/plymouthd.te
@@ -15,7 +15,7 @@ type plymouthd_exec_t;
@@ -73408,7 +73408,7 @@ index 3078ce9..ac0b7a5 100644
hal_dontaudit_write_log(plymouth_t)
hal_dontaudit_rw_pipes(plymouth_t)
diff --git a/podsleuth.te b/podsleuth.te
-index 9123f71..232e28a 100644
+index 9123f7152..232e28a75 100644
--- a/podsleuth.te
+++ b/podsleuth.te
@@ -28,8 +28,9 @@ userdom_user_tmpfs_file(podsleuth_tmpfs_t)
@@ -73447,7 +73447,7 @@ index 9123f71..232e28a 100644
optional_policy(`
dbus_system_bus_client(podsleuth_t)
diff --git a/policykit.fc b/policykit.fc
-index 1d76c72..93d09d9 100644
+index 1d76c7288..93d09d92f 100644
--- a/policykit.fc
+++ b/policykit.fc
@@ -1,23 +1,22 @@
@@ -73492,7 +73492,7 @@ index 1d76c72..93d09d9 100644
-/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
diff --git a/policykit.if b/policykit.if
-index 032a84d..be00a65 100644
+index 032a84d1c..be00a65f1 100644
--- a/policykit.if
+++ b/policykit.if
@@ -17,6 +17,8 @@ interface(`policykit_dbus_chat',`
@@ -73732,7 +73732,7 @@ index 032a84d..be00a65 100644
+ allow $1 policykit_auth_t:process signal;
')
diff --git a/policykit.te b/policykit.te
-index ee91778..fb9b69a 100644
+index ee91778f7..fb9b69ae9 100644
--- a/policykit.te
+++ b/policykit.te
@@ -7,9 +7,6 @@ policy_module(policykit, 1.3.0)
@@ -74071,7 +74071,7 @@ index ee91778..fb9b69a 100644
')
-
diff --git a/polipo.fc b/polipo.fc
-index d35614b..11f77ee 100644
+index d35614b78..11f77ee32 100644
--- a/polipo.fc
+++ b/polipo.fc
@@ -1,15 +1,16 @@
@@ -74095,7 +74095,7 @@ index d35614b..11f77ee 100644
-/var/run/polipo(/.*)? gen_context(system_u:object_r:polipo_var_run_t,s0)
+/var/run/polipo(/.*)? gen_context(system_u:object_r:polipo_pid_t,s0)
diff --git a/polipo.if b/polipo.if
-index ae27bb7..10a7787 100644
+index ae27bb7fe..10a778780 100644
--- a/polipo.if
+++ b/polipo.if
@@ -1,8 +1,8 @@
@@ -74344,7 +74344,7 @@ index ae27bb7..10a7787 100644
+ allow $1 polipo_unit_file_t:service all_service_perms;
')
diff --git a/polipo.te b/polipo.te
-index 9764bfe..8870de7 100644
+index 9764bfef8..8870de713 100644
--- a/polipo.te
+++ b/polipo.te
@@ -7,19 +7,27 @@ policy_module(polipo, 1.1.1)
@@ -74588,7 +74588,7 @@ index 9764bfe..8870de7 100644
-miscfiles_read_localization(polipo_daemon)
diff --git a/portage.if b/portage.if
-index 67e8c12..058c994 100644
+index 67e8c12c4..058c99481 100644
--- a/portage.if
+++ b/portage.if
@@ -67,9 +67,10 @@ interface(`portage_compile_domain',`
@@ -74604,7 +74604,7 @@ index 67e8c12..058c994 100644
allow $1 self:process { setpgid setsched setrlimit signal_perms execmem setfscreate };
allow $1 self:process ~{ ptrace setcurrent setexec setrlimit execmem execstack execheap };
diff --git a/portage.te b/portage.te
-index b410c67..f1ec41d 100644
+index b410c67c1..f1ec41d39 100644
--- a/portage.te
+++ b/portage.te
@@ -108,7 +108,6 @@ domain_use_interactive_fds(gcc_config_t)
@@ -74633,7 +74633,7 @@ index b410c67..f1ec41d 100644
fs_search_auto_mountpoints(portage_fetch_t)
diff --git a/portmap.fc b/portmap.fc
-index cd45831..69406ee 100644
+index cd45831ca..69406ee17 100644
--- a/portmap.fc
+++ b/portmap.fc
@@ -4,9 +4,14 @@
@@ -74652,7 +74652,7 @@ index cd45831..69406ee 100644
/var/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
/var/run/portmap_mapping -- gen_context(system_u:object_r:portmap_var_run_t,s0)
diff --git a/portmap.te b/portmap.te
-index 18b255e..e75c4ec 100644
+index 18b255e7a..e75c4ec24 100644
--- a/portmap.te
+++ b/portmap.te
@@ -45,7 +45,6 @@ files_pid_filetrans(portmap_t, portmap_var_run_t, file)
@@ -74694,7 +74694,7 @@ index 18b255e..e75c4ec 100644
+userdom_use_inherited_user_terminals(portmap_helper_t)
userdom_dontaudit_use_all_users_fds(portmap_helper_t)
diff --git a/portreserve.fc b/portreserve.fc
-index 1b2b4f9..575b7d6 100644
+index 1b2b4f908..575b7d69b 100644
--- a/portreserve.fc
+++ b/portreserve.fc
@@ -1,6 +1,6 @@
@@ -74706,7 +74706,7 @@ index 1b2b4f9..575b7d6 100644
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
diff --git a/portreserve.if b/portreserve.if
-index 5ad5291..7f1ae2a 100644
+index 5ad529154..7f1ae2a78 100644
--- a/portreserve.if
+++ b/portreserve.if
@@ -105,8 +105,11 @@ interface(`portreserve_admin',`
@@ -74723,7 +74723,7 @@ index 5ad5291..7f1ae2a 100644
portreserve_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/portreserve.te b/portreserve.te
-index 00b01e2..10b4512 100644
+index 00b01e2ea..10b45127a 100644
--- a/portreserve.te
+++ b/portreserve.te
@@ -41,7 +41,6 @@ files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file dir }
@@ -74745,7 +74745,7 @@ index 00b01e2..10b4512 100644
+auth_use_nsswitch(portreserve_t)
+
diff --git a/portslave.te b/portslave.te
-index cbe36c1..8ebeb87 100644
+index cbe36c1d0..8ebeb87d2 100644
--- a/portslave.te
+++ b/portslave.te
@@ -48,7 +48,6 @@ kernel_read_kernel_sysctls(portslave_t)
@@ -74766,7 +74766,7 @@ index cbe36c1..8ebeb87 100644
auth_domtrans_chk_passwd(portslave_t)
diff --git a/postfix.fc b/postfix.fc
-index c0e8785..3070aa0 100644
+index c0e878537..3070aa066 100644
--- a/postfix.fc
+++ b/postfix.fc
@@ -1,38 +1,38 @@
@@ -74859,7 +74859,7 @@ index c0e8785..3070aa0 100644
+/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
+/var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
diff --git a/postfix.if b/postfix.if
-index ded95ec..db49c57 100644
+index ded95ec3a..db49c5774 100644
--- a/postfix.if
+++ b/postfix.if
@@ -1,4 +1,4 @@
@@ -75744,7 +75744,7 @@ index ded95ec..db49c57 100644
+ postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch")
')
diff --git a/postfix.te b/postfix.te
-index 5cfb83e..b5e3e1f 100644
+index 5cfb83eca..b5e3e1f47 100644
--- a/postfix.te
+++ b/postfix.te
@@ -6,27 +6,23 @@ policy_module(postfix, 1.15.1)
@@ -76707,7 +76707,7 @@ index 5cfb83e..b5e3e1f 100644
+ udev_read_db(postfix_domain)
+')
diff --git a/postfixpolicyd.if b/postfixpolicyd.if
-index 5de8173..985b877 100644
+index 5de817368..985b877ab 100644
--- a/postfixpolicyd.if
+++ b/postfixpolicyd.if
@@ -23,8 +23,11 @@ interface(`postfixpolicyd_admin',`
@@ -76724,7 +76724,7 @@ index 5de8173..985b877 100644
init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/postfixpolicyd.te b/postfixpolicyd.te
-index ea1582a..0c1a059 100644
+index ea1582a3a..0c1a05983 100644
--- a/postfixpolicyd.te
+++ b/postfixpolicyd.te
@@ -34,7 +34,6 @@ allow postfix_policyd_t postfix_policyd_conf_t:lnk_file read_lnk_file_perms;
@@ -76748,7 +76748,7 @@ index ea1582a..0c1a059 100644
-
sysnet_dns_name_resolve(postfix_policyd_t)
diff --git a/postgrey.if b/postgrey.if
-index b9e71b5..a7502cd 100644
+index b9e71b537..a7502cd0e 100644
--- a/postgrey.if
+++ b/postgrey.if
@@ -16,9 +16,9 @@ interface(`postgrey_stream_connect',`
@@ -76785,7 +76785,7 @@ index b9e71b5..a7502cd 100644
domain_system_change_exemption($1)
role_transition $2 postgrey_initrc_exec_t system_r;
diff --git a/postgrey.te b/postgrey.te
-index fd58805..2ff8a1e 100644
+index fd58805e5..2ff8a1e4c 100644
--- a/postgrey.te
+++ b/postgrey.te
@@ -16,7 +16,7 @@ type postgrey_initrc_exec_t;
@@ -76835,7 +76835,7 @@ index fd58805..2ff8a1e 100644
sysnet_read_config(postgrey_t)
diff --git a/ppp.fc b/ppp.fc
-index efcb653..ff2c96a 100644
+index efcb6532d..ff2c96adb 100644
--- a/ppp.fc
+++ b/ppp.fc
@@ -1,30 +1,45 @@
@@ -76907,7 +76907,7 @@ index efcb653..ff2c96a 100644
+/var/log/ppp-connect-errors.* -- gen_context(system_u:object_r:pppd_log_t,s0)
+/var/log/ppp(/.*)? gen_context(system_u:object_r:pppd_log_t,s0)
diff --git a/ppp.if b/ppp.if
-index cd8b8b9..2cfa88a 100644
+index cd8b8b9cb..2cfa88a2d 100644
--- a/ppp.if
+++ b/ppp.if
@@ -1,110 +1,91 @@
@@ -77398,7 +77398,7 @@ index cd8b8b9..2cfa88a 100644
+ allow $1 pppd_unit_file_t:service all_service_perms;
')
diff --git a/ppp.te b/ppp.te
-index d616ca3..c87b87a 100644
+index d616ca3e3..c87b87a56 100644
--- a/ppp.te
+++ b/ppp.te
@@ -6,41 +6,47 @@ policy_module(ppp, 1.14.0)
@@ -77758,7 +77758,7 @@ index d616ca3..c87b87a 100644
optional_policy(`
diff --git a/prelink.fc b/prelink.fc
-index a90d623..62af9a4 100644
+index a90d6231f..62af9a4a0 100644
--- a/prelink.fc
+++ b/prelink.fc
@@ -1,11 +1,11 @@
@@ -77779,7 +77779,7 @@ index a90d623..62af9a4 100644
+/var/lib/misc/prelink.* -- gen_context(system_u:object_r:prelink_var_lib_t,s0)
+/var/lib/prelink(/.*)? gen_context(system_u:object_r:prelink_var_lib_t,s0)
diff --git a/prelink.if b/prelink.if
-index 20d4697..e6605c1 100644
+index 20d469793..e6605c100 100644
--- a/prelink.if
+++ b/prelink.if
@@ -2,7 +2,7 @@
@@ -77920,7 +77920,7 @@ index 20d4697..e6605c1 100644
+ files_etc_filetrans($1, prelink_cache_t, file, "prelink.cache")
+')
diff --git a/prelink.te b/prelink.te
-index 8e26216..c1d33ac 100644
+index 8e262163b..c1d33acdf 100644
--- a/prelink.te
+++ b/prelink.te
@@ -6,13 +6,10 @@ policy_module(prelink, 1.11.0)
@@ -78136,7 +78136,7 @@ index 8e26216..c1d33ac 100644
+ ')
+')
diff --git a/prelude.fc b/prelude.fc
-index 8dbc763..b580f85 100644
+index 8dbc76372..b580f852b 100644
--- a/prelude.fc
+++ b/prelude.fc
@@ -12,7 +12,7 @@
@@ -78149,7 +78149,7 @@ index 8dbc763..b580f85 100644
/var/lib/prelude-lml(/.*)? gen_context(system_u:object_r:prelude_var_lib_t,s0)
diff --git a/prelude.if b/prelude.if
-index c83a838..f41a4f7 100644
+index c83a838d7..f41a4f7dd 100644
--- a/prelude.if
+++ b/prelude.if
@@ -1,13 +1,13 @@
@@ -78310,7 +78310,7 @@ index c83a838..f41a4f7 100644
admin_pattern($1, prelude_lml_tmp_t)
')
diff --git a/prelude.te b/prelude.te
-index 8f44609..dd70653 100644
+index 8f4460928..dd7065356 100644
--- a/prelude.te
+++ b/prelude.te
@@ -13,7 +13,7 @@ type prelude_initrc_exec_t;
@@ -78482,7 +78482,7 @@ index 8f44609..dd70653 100644
')
')
diff --git a/privoxy.if b/privoxy.if
-index bdcee30..34f3143 100644
+index bdcee30f5..34f314344 100644
--- a/privoxy.if
+++ b/privoxy.if
@@ -23,8 +23,11 @@ interface(`privoxy_admin',`
@@ -78499,7 +78499,7 @@ index bdcee30..34f3143 100644
init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/privoxy.te b/privoxy.te
-index ec21f80..a9f650a 100644
+index ec21f80d7..a9f650a1f 100644
--- a/privoxy.te
+++ b/privoxy.te
@@ -85,6 +85,7 @@ corenet_sendrecv_tor_client_packets(privoxy_t)
@@ -78520,7 +78520,7 @@ index ec21f80..a9f650a 100644
userdom_dontaudit_search_user_home_dirs(privoxy_t)
diff --git a/procmail.fc b/procmail.fc
-index bdff6c9..4b36a13 100644
+index bdff6c931..4b36a13de 100644
--- a/procmail.fc
+++ b/procmail.fc
@@ -1,6 +1,7 @@
@@ -78535,7 +78535,7 @@ index bdff6c9..4b36a13 100644
+/var/log/procmail\.log.* -- gen_context(system_u:object_r:procmail_log_t,s0)
+/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0)
diff --git a/procmail.if b/procmail.if
-index 00edeab..166e9c3 100644
+index 00edeab17..166e9c333 100644
--- a/procmail.if
+++ b/procmail.if
@@ -1,4 +1,4 @@
@@ -78700,7 +78700,7 @@ index 00edeab..166e9c3 100644
+ read_files_pattern($1, procmail_home_t, procmail_home_t)
')
diff --git a/procmail.te b/procmail.te
-index cc426e6..91a1f53 100644
+index cc426e62a..91a1f537e 100644
--- a/procmail.te
+++ b/procmail.te
@@ -14,7 +14,7 @@ type procmail_home_t;
@@ -78898,7 +78898,7 @@ index cc426e6..91a1f53 100644
+')
diff --git a/prosody.fc b/prosody.fc
new file mode 100644
-index 0000000..c056a2f
+index 000000000..c056a2fb3
--- /dev/null
+++ b/prosody.fc
@@ -0,0 +1,10 @@
@@ -78914,7 +78914,7 @@ index 0000000..c056a2f
+/var/log/prosody(/.*)? gen_context(system_u:object_r:prosody_log_t,s0)
diff --git a/prosody.if b/prosody.if
new file mode 100644
-index 0000000..8231f4f
+index 000000000..8231f4ff5
--- /dev/null
+++ b/prosody.if
@@ -0,0 +1,255 @@
@@ -79175,7 +79175,7 @@ index 0000000..8231f4f
+')
diff --git a/prosody.te b/prosody.te
new file mode 100644
-index 0000000..5a9f1d4
+index 000000000..5a9f1d42c
--- /dev/null
+++ b/prosody.te
@@ -0,0 +1,99 @@
@@ -79279,7 +79279,7 @@ index 0000000..5a9f1d4
+ sasl_connect(prosody_t)
+')
diff --git a/psad.if b/psad.if
-index d4dcf78..3cce82e 100644
+index d4dcf782c..3cce82e50 100644
--- a/psad.if
+++ b/psad.if
@@ -93,9 +93,8 @@ interface(`psad_manage_config',`
@@ -79438,7 +79438,7 @@ index d4dcf78..3cce82e 100644
admin_pattern($1, psad_tmp_t)
')
diff --git a/psad.te b/psad.te
-index b5d717b..9fd153b 100644
+index b5d717b09..9fd153b1c 100644
--- a/psad.te
+++ b/psad.te
@@ -32,7 +32,7 @@ files_tmp_file(psad_tmp_t)
@@ -79476,7 +79476,7 @@ index b5d717b..9fd153b 100644
optional_policy(`
diff --git a/ptchown.te b/ptchown.te
-index 28d2abc..c2cfb5e 100644
+index 28d2abc03..c2cfb5eaa 100644
--- a/ptchown.te
+++ b/ptchown.te
@@ -21,7 +21,6 @@ role ptchown_roles types ptchown_t;
@@ -79494,7 +79494,7 @@ index 28d2abc..c2cfb5e 100644
-miscfiles_read_localization(ptchown_t)
+auth_read_passwd(ptchown_t)
diff --git a/publicfile.te b/publicfile.te
-index 3246bef..dd66a21 100644
+index 3246befff..dd66a21cb 100644
--- a/publicfile.te
+++ b/publicfile.te
@@ -17,7 +17,7 @@ files_type(publicfile_content_t)
@@ -79507,7 +79507,7 @@ index 3246bef..dd66a21 100644
allow publicfile_t publicfile_content_t:dir list_dir_perms;
allow publicfile_t publicfile_content_t:file read_file_perms;
diff --git a/pulseaudio.fc b/pulseaudio.fc
-index 6864479..0e7d875 100644
+index 6864479a7..0e7d87513 100644
--- a/pulseaudio.fc
+++ b/pulseaudio.fc
@@ -1,9 +1,14 @@
@@ -79530,7 +79530,7 @@ index 6864479..0e7d875 100644
+/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
+/var/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
diff --git a/pulseaudio.if b/pulseaudio.if
-index 45843b5..4d1adac 100644
+index 45843b55c..4d1adace5 100644
--- a/pulseaudio.if
+++ b/pulseaudio.if
@@ -2,43 +2,47 @@
@@ -79932,7 +79932,7 @@ index 45843b5..4d1adac 100644
+ ps_process_pattern($1, pulseaudio_t)
')
diff --git a/pulseaudio.te b/pulseaudio.te
-index 6643b49..dd0c3d3 100644
+index 6643b49c2..dd0c3d371 100644
--- a/pulseaudio.te
+++ b/pulseaudio.te
@@ -8,61 +8,49 @@ policy_module(pulseaudio, 1.6.0)
@@ -80233,7 +80233,7 @@ index 6643b49..dd0c3d3 100644
optional_policy(`
diff --git a/puppet.fc b/puppet.fc
-index d68e26d..3b08cfd 100644
+index d68e26d1f..3b08cfd9d 100644
--- a/puppet.fc
+++ b/puppet.fc
@@ -1,18 +1,23 @@
@@ -80274,7 +80274,7 @@ index d68e26d..3b08cfd 100644
+/var/log/puppet(/.*)? gen_context(system_u:object_r:puppet_log_t,s0)
+/var/run/puppet(/.*)? gen_context(system_u:object_r:puppet_var_run_t,s0)
diff --git a/puppet.if b/puppet.if
-index 7cb8b1f..bef7217 100644
+index 7cb8b1f9c..bef72173b 100644
--- a/puppet.if
+++ b/puppet.if
@@ -1,4 +1,32 @@
@@ -80616,7 +80616,7 @@ index 7cb8b1f..bef7217 100644
+ allow $1 puppet_var_run_t:dir search_dir_perms;
')
diff --git a/puppet.te b/puppet.te
-index 618dcfe..d5d0cfc 100644
+index 618dcfeed..d5d0cfcb8 100644
--- a/puppet.te
+++ b/puppet.te
@@ -6,25 +6,32 @@ policy_module(puppet, 1.4.0)
@@ -81139,7 +81139,7 @@ index 618dcfe..d5d0cfc 100644
+ usermanage_access_check_useradd(puppetmaster_t)
+')
diff --git a/pwauth.fc b/pwauth.fc
-index 7e7b444..e2f8687 100644
+index 7e7b44434..e2f8687db 100644
--- a/pwauth.fc
+++ b/pwauth.fc
@@ -1,3 +1,3 @@
@@ -81149,7 +81149,7 @@ index 7e7b444..e2f8687 100644
-/var/run/pwauth\.lock -- gen_context(system_u:object_r:pwauth_var_run_t,s0)
+/var/run/pwauth.lock -- gen_context(system_u:object_r:pwauth_var_run_t,s0)
diff --git a/pwauth.if b/pwauth.if
-index 1148dce..86d25ea 100644
+index 1148dce1a..86d25ea26 100644
--- a/pwauth.if
+++ b/pwauth.if
@@ -1,72 +1,74 @@
@@ -81261,7 +81261,7 @@ index 1148dce..86d25ea 100644
+ allow $2 pwauth_t:process signal;
')
diff --git a/pwauth.te b/pwauth.te
-index 3078e34..215df88 100644
+index 3078e349e..215df880c 100644
--- a/pwauth.te
+++ b/pwauth.te
@@ -5,26 +5,23 @@ policy_module(pwauth, 1.0.0)
@@ -81309,7 +81309,7 @@ index 3078e34..215df88 100644
-
-miscfiles_read_localization(pwauth_t)
diff --git a/pxe.te b/pxe.te
-index 06bec9b..1b32632 100644
+index 06bec9ba9..1b32632dc 100644
--- a/pxe.te
+++ b/pxe.te
@@ -50,15 +50,12 @@ dev_read_sysfs(pxe_t)
@@ -81330,7 +81330,7 @@ index 06bec9b..1b32632 100644
diff --git a/pyicqt.fc b/pyicqt.fc
deleted file mode 100644
-index 0c143e3..0000000
+index 0c143e3e8..000000000
--- a/pyicqt.fc
+++ /dev/null
@@ -1,11 +0,0 @@
@@ -81347,7 +81347,7 @@ index 0c143e3..0000000
-/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_spool_t,s0)
diff --git a/pyicqt.if b/pyicqt.if
deleted file mode 100644
-index 0ccea82..0000000
+index 0ccea828a..000000000
--- a/pyicqt.if
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -81398,7 +81398,7 @@ index 0ccea82..0000000
-')
diff --git a/pyicqt.te b/pyicqt.te
deleted file mode 100644
-index f2863de..0000000
+index f2863ded4..000000000
--- a/pyicqt.te
+++ /dev/null
@@ -1,92 +0,0 @@
@@ -81495,7 +81495,7 @@ index f2863de..0000000
- seutil_sigchld_newrole(pyicqt_t)
-')
diff --git a/pyzor.fc b/pyzor.fc
-index af13139..a927c5a 100644
+index af13139a1..a927c5a15 100644
--- a/pyzor.fc
+++ b/pyzor.fc
@@ -1,12 +1,13 @@
@@ -81520,7 +81520,7 @@ index af13139..a927c5a 100644
+/var/lib/pyzord(/.*)? gen_context(system_u:object_r:pyzor_var_lib_t,s0)
/var/log/pyzord\.log.* -- gen_context(system_u:object_r:pyzord_log_t,s0)
diff --git a/pyzor.if b/pyzor.if
-index 593c03d..2c411af 100644
+index 593c03d09..2c411af3e 100644
--- a/pyzor.if
+++ b/pyzor.if
@@ -2,7 +2,7 @@
@@ -81650,7 +81650,7 @@ index 593c03d..2c411af 100644
+ admin_pattern($1, pyzor_var_lib_t)
')
diff --git a/pyzor.te b/pyzor.te
-index 2439d13..d7bd6e9 100644
+index 2439d1304..d7bd6e9a1 100644
--- a/pyzor.te
+++ b/pyzor.te
@@ -5,57 +5,78 @@ policy_module(pyzor, 2.3.0)
@@ -81890,7 +81890,7 @@ index 2439d13..d7bd6e9 100644
+ logging_send_syslog_msg(pyzord_t)
+')
diff --git a/qemu.fc b/qemu.fc
-index 86ea53c..a2dcf7b 100644
+index 86ea53ce1..a2dcf7bb2 100644
--- a/qemu.fc
+++ b/qemu.fc
@@ -1,4 +1,4 @@
@@ -81900,7 +81900,7 @@ index 86ea53c..a2dcf7b 100644
/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
/usr/bin/kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff --git a/qemu.if b/qemu.if
-index eaf56b8..8894726 100644
+index eaf56b8b0..889472688 100644
--- a/qemu.if
+++ b/qemu.if
@@ -1,19 +1,21 @@
@@ -82299,7 +82299,7 @@ index eaf56b8..8894726 100644
+ allow $1 qemu_exec_t:file getattr;
')
diff --git a/qemu.te b/qemu.te
-index 4f90743..958c0ef 100644
+index 4f9074343..958c0ef1e 100644
--- a/qemu.te
+++ b/qemu.te
@@ -6,28 +6,58 @@ policy_module(qemu, 1.8.0)
@@ -82441,7 +82441,7 @@ index 4f90743..958c0ef 100644
+ xserver_stream_connect(qemu_t)
')
diff --git a/qmail.fc b/qmail.fc
-index e53fe5a..edee505 100644
+index e53fe5a97..edee505d7 100644
--- a/qmail.fc
+++ b/qmail.fc
@@ -1,22 +1,6 @@
@@ -82512,7 +82512,7 @@ index e53fe5a..edee505 100644
-/var/spool/qmail(/.*)? gen_context(system_u:object_r:qmail_spool_t,s0)
diff --git a/qmail.if b/qmail.if
-index e4f0000..05e219e 100644
+index e4f0000e5..05e219e13 100644
--- a/qmail.if
+++ b/qmail.if
@@ -1,12 +1,12 @@
@@ -82711,7 +82711,7 @@ index e4f0000..05e219e 100644
+ allow $1 qmail_spool_t:fifo_file rw_fifo_file_perms;
+')
diff --git a/qmail.te b/qmail.te
-index 8742944..53a2fe5 100644
+index 87429441c..53a2fe597 100644
--- a/qmail.te
+++ b/qmail.te
@@ -5,7 +5,7 @@ policy_module(qmail, 1.6.1)
@@ -82983,7 +82983,7 @@ index 8742944..53a2fe5 100644
allow qmail_tcp_env_t qmail_smtpd_exec_t:file read_file_perms;
diff --git a/qpid.if b/qpid.if
-index fe2adf8..f7e9c70 100644
+index fe2adf8ae..f7e9c70b0 100644
--- a/qpid.if
+++ b/qpid.if
@@ -1,4 +1,4 @@
@@ -83267,7 +83267,7 @@ index fe2adf8..f7e9c70 100644
+ admin_pattern($1, qpidd_var_run_t)
')
diff --git a/qpid.te b/qpid.te
-index 83eb09e..8f641fc 100644
+index 83eb09ef6..8f641fc92 100644
--- a/qpid.te
+++ b/qpid.te
@@ -12,6 +12,9 @@ init_daemon_domain(qpidd_t, qpidd_exec_t)
@@ -83350,7 +83350,7 @@ index 83eb09e..8f641fc 100644
+')
+
diff --git a/quantum.fc b/quantum.fc
-index 70ab68b..b985b65 100644
+index 70ab68b02..b985b6570 100644
--- a/quantum.fc
+++ b/quantum.fc
@@ -1,10 +1,34 @@
@@ -83396,7 +83396,7 @@ index 70ab68b..b985b65 100644
+/var/run/neutron(/.*)? gen_context(system_u:object_r:neutron_var_run_t,s0)
+/var/run/quantum(/.*)? gen_context(system_u:object_r:neutron_var_run_t,s0)
diff --git a/quantum.if b/quantum.if
-index afc0068..589a7fd 100644
+index afc00688d..589a7fdde 100644
--- a/quantum.if
+++ b/quantum.if
@@ -2,41 +2,295 @@
@@ -83713,7 +83713,7 @@ index afc0068..589a7fd 100644
+ ')
')
diff --git a/quantum.te b/quantum.te
-index 8644d8b..97a9b7e 100644
+index 8644d8b3f..97a9b7e76 100644
--- a/quantum.te
+++ b/quantum.te
@@ -5,92 +5,183 @@ policy_module(quantum, 1.1.0)
@@ -83963,7 +83963,7 @@ index 8644d8b..97a9b7e 100644
+ udev_domtrans(neutron_t)
+')
diff --git a/quota.fc b/quota.fc
-index cadabe3..54ba01d 100644
+index cadabe360..54ba01d0d 100644
--- a/quota.fc
+++ b/quota.fc
@@ -1,6 +1,5 @@
@@ -84013,7 +84013,7 @@ index cadabe3..54ba01d 100644
-/var/spool/mail/a?quota\.(user|group) -- gen_context(system_u:object_r:quota_db_t,s0)
+/var/run/quota_nld\.pid -- gen_context(system_u:object_r:quota_nld_var_run_t,s0)
diff --git a/quota.if b/quota.if
-index da64218..3fb8575 100644
+index da6421861..3fb8575ca 100644
--- a/quota.if
+++ b/quota.if
@@ -1,4 +1,4 @@
@@ -84246,7 +84246,7 @@ index da64218..3fb8575 100644
+ domtrans_pattern($1, quota_nld_exec_t, quota_nld_t)
')
diff --git a/quota.te b/quota.te
-index f47c8e8..ba74734 100644
+index f47c8e81f..ba74734da 100644
--- a/quota.te
+++ b/quota.te
@@ -5,12 +5,10 @@ policy_module(quota, 1.6.0)
@@ -84377,7 +84377,7 @@ index f47c8e8..ba74734 100644
+ dbus_connect_system_bus(quota_nld_t)
')
diff --git a/rabbitmq.fc b/rabbitmq.fc
-index c5ad6de..af2d46f 100644
+index c5ad6de76..af2d46f13 100644
--- a/rabbitmq.fc
+++ b/rabbitmq.fc
@@ -1,10 +1,18 @@
@@ -84402,7 +84402,7 @@ index c5ad6de..af2d46f 100644
/var/run/rabbitmq(/.*)? gen_context(system_u:object_r:rabbitmq_var_run_t,s0)
diff --git a/rabbitmq.if b/rabbitmq.if
-index 2c3d338..7d49554 100644
+index 2c3d33896..7d49554eb 100644
--- a/rabbitmq.if
+++ b/rabbitmq.if
@@ -38,12 +38,12 @@ interface(`rabbitmq_domtrans',`
@@ -84422,7 +84422,7 @@ index 2c3d338..7d49554 100644
init_labeled_script_domtrans($1, rabbitmq_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/rabbitmq.te b/rabbitmq.te
-index dc3b0ed..b0ae2c6 100644
+index dc3b0ed87..b0ae2c6bf 100644
--- a/rabbitmq.te
+++ b/rabbitmq.te
@@ -5,13 +5,14 @@ policy_module(rabbitmq, 1.0.2)
@@ -84643,7 +84643,7 @@ index dc3b0ed..b0ae2c6 100644
-miscfiles_read_localization(rabbitmq_epmd_t)
diff --git a/radius.fc b/radius.fc
-index d447e85..76ed794 100644
+index d447e8548..76ed794ce 100644
--- a/radius.fc
+++ b/radius.fc
@@ -9,7 +9,9 @@
@@ -84658,7 +84658,7 @@ index d447e85..76ed794 100644
/var/log/freeradius(/.*)? gen_context(system_u:object_r:radiusd_log_t,s0)
/var/log/radacct(/.*)? gen_context(system_u:object_r:radiusd_log_t,s0)
diff --git a/radius.if b/radius.if
-index 4460582..4c66c25 100644
+index 44605825c..4c66c2502 100644
--- a/radius.if
+++ b/radius.if
@@ -14,6 +14,30 @@ interface(`radius_use',`
@@ -84720,7 +84720,7 @@ index 4460582..4c66c25 100644
+
')
diff --git a/radius.te b/radius.te
-index 403a4fe..482046a 100644
+index 403a4fed1..482046ace 100644
--- a/radius.te
+++ b/radius.te
@@ -5,6 +5,13 @@ policy_module(radius, 1.13.0)
@@ -84867,7 +84867,7 @@ index 403a4fe..482046a 100644
udev_read_db(radiusd_t)
')
diff --git a/radvd.if b/radvd.if
-index ac7058d..48739ac 100644
+index ac7058d1e..48739ac1b 100644
--- a/radvd.if
+++ b/radvd.if
@@ -1,5 +1,24 @@
@@ -84909,7 +84909,7 @@ index ac7058d..48739ac 100644
init_labeled_script_domtrans($1, radvd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/radvd.te b/radvd.te
-index 6d162e4..502ca16 100644
+index 6d162e4e6..502ca16ba 100644
--- a/radvd.te
+++ b/radvd.te
@@ -22,7 +22,7 @@ files_pid_file(radvd_var_run_t)
@@ -84931,7 +84931,7 @@ index 6d162e4..502ca16 100644
userdom_dontaudit_search_user_home_dirs(radvd_t)
diff --git a/raid.fc b/raid.fc
-index 5806046..2a4769f 100644
+index 5806046b1..2a4769ff4 100644
--- a/raid.fc
+++ b/raid.fc
@@ -3,6 +3,12 @@
@@ -84959,7 +84959,7 @@ index 5806046..2a4769f 100644
+
/var/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0)
diff --git a/raid.if b/raid.if
-index 951db7f..00e699d 100644
+index 951db7f1b..00e699da4 100644
--- a/raid.if
+++ b/raid.if
@@ -1,9 +1,8 @@
@@ -85175,7 +85175,7 @@ index 951db7f..00e699d 100644
+ files_etc_filetrans($1, mdadm_conf_t, file, "mdadm.conf.anacbak")
')
diff --git a/raid.te b/raid.te
-index c99753f..55294ac 100644
+index c99753f2c..55294acec 100644
--- a/raid.te
+++ b/raid.te
@@ -15,54 +15,104 @@ role mdadm_roles types mdadm_t;
@@ -85361,7 +85361,7 @@ index c99753f..55294ac 100644
+')
diff --git a/rasdaemon.fc b/rasdaemon.fc
new file mode 100644
-index 0000000..8e31dd0
+index 000000000..8e31dd042
--- /dev/null
+++ b/rasdaemon.fc
@@ -0,0 +1,9 @@
@@ -85376,7 +85376,7 @@ index 0000000..8e31dd0
+/var/lib/rasdaemon(/.*)? gen_context(system_u:object_r:rasdaemon_var_lib_t,s0)
diff --git a/rasdaemon.if b/rasdaemon.if
new file mode 100644
-index 0000000..d57006d
+index 000000000..d57006d9c
--- /dev/null
+++ b/rasdaemon.if
@@ -0,0 +1,157 @@
@@ -85539,7 +85539,7 @@ index 0000000..d57006d
+')
diff --git a/rasdaemon.te b/rasdaemon.te
new file mode 100644
-index 0000000..dcdca44
+index 000000000..dcdca4448
--- /dev/null
+++ b/rasdaemon.te
@@ -0,0 +1,51 @@
@@ -85595,7 +85595,7 @@ index 0000000..dcdca44
+')
+
diff --git a/razor.fc b/razor.fc
-index 6723f4d..6e26673 100644
+index 6723f4d3b..6e2667392 100644
--- a/razor.fc
+++ b/razor.fc
@@ -1,9 +1,9 @@
@@ -85615,7 +85615,7 @@ index 6723f4d..6e26673 100644
+#/var/lib/razor(/.*)? gen_context(system_u:object_r:razor_var_lib_t,s0)
+#/var/log/razor-agent\.log.* -- gen_context(system_u:object_r:razor_log_t,s0)
diff --git a/razor.if b/razor.if
-index 1e4b523..fee3b7c 100644
+index 1e4b523bf..fee3b7cd1 100644
--- a/razor.if
+++ b/razor.if
@@ -1,72 +1,147 @@
@@ -85843,7 +85843,7 @@ index 1e4b523..fee3b7c 100644
##
##
diff --git a/razor.te b/razor.te
-index 68455f9..38f6968 100644
+index 68455f909..38f69685c 100644
--- a/razor.te
+++ b/razor.te
@@ -5,135 +5,124 @@ policy_module(razor, 2.4.0)
@@ -86099,7 +86099,7 @@ index 68455f9..38f6968 100644
+ ')
')
diff --git a/rdisc.fc b/rdisc.fc
-index e9765c0..ea21331 100644
+index e9765c0f2..ea21331d8 100644
--- a/rdisc.fc
+++ b/rdisc.fc
@@ -1,3 +1,3 @@
@@ -86108,7 +86108,7 @@ index e9765c0..ea21331 100644
/usr/sbin/rdisc -- gen_context(system_u:object_r:rdisc_exec_t,s0)
diff --git a/rdisc.if b/rdisc.if
-index 170ef52..28ccc4a 100644
+index 170ef52fb..28ccc4a75 100644
--- a/rdisc.if
+++ b/rdisc.if
@@ -18,3 +18,58 @@ interface(`rdisc_exec',`
@@ -86171,7 +86171,7 @@ index 170ef52..28ccc4a 100644
+ ')
+')
diff --git a/rdisc.te b/rdisc.te
-index 9196c1d..b775931 100644
+index 9196c1dbb..b7759316f 100644
--- a/rdisc.te
+++ b/rdisc.te
@@ -9,6 +9,9 @@ type rdisc_t;
@@ -86206,7 +86206,7 @@ index 9196c1d..b775931 100644
userdom_dontaudit_use_unpriv_user_fds(rdisc_t)
diff --git a/readahead.fc b/readahead.fc
-index f01b32f..46279e8 100644
+index f01b32fe2..46279e853 100644
--- a/readahead.fc
+++ b/readahead.fc
@@ -1,7 +1,11 @@
@@ -86223,7 +86223,7 @@ index f01b32f..46279e8 100644
+/var/run/systemd/readahead(/.*)? gen_context(system_u:object_r:readahead_var_run_t,s0)
/var/run/readahead.* gen_context(system_u:object_r:readahead_var_run_t,s0)
diff --git a/readahead.if b/readahead.if
-index 661bb88..06f69c4 100644
+index 661bb88fd..06f69c4ad 100644
--- a/readahead.if
+++ b/readahead.if
@@ -19,3 +19,27 @@ interface(`readahead_domtrans',`
@@ -86255,7 +86255,7 @@ index 661bb88..06f69c4 100644
+')
+
diff --git a/readahead.te b/readahead.te
-index c0b02c9..af81d71 100644
+index c0b02c91c..af81d71a7 100644
--- a/readahead.te
+++ b/readahead.te
@@ -15,6 +15,7 @@ typealias readahead_var_lib_t alias readahead_etc_rw_t;
@@ -86343,7 +86343,7 @@ index c0b02c9..af81d71 100644
userdom_dontaudit_search_user_home_dirs(readahead_t)
diff --git a/realmd.fc b/realmd.fc
-index 04babe3..3b92679 100644
+index 04babe3d5..3b92679bb 100644
--- a/realmd.fc
+++ b/realmd.fc
@@ -1 +1,5 @@
@@ -86354,7 +86354,7 @@ index 04babe3..3b92679 100644
+
+/var/lib/ipa-client(/.*)? gen_context(system_u:object_r:realmd_var_lib_t,s0)
diff --git a/realmd.if b/realmd.if
-index bff31df..3b2a829 100644
+index bff31dfd2..3b2a829e0 100644
--- a/realmd.if
+++ b/realmd.if
@@ -1,8 +1,9 @@
@@ -86472,7 +86472,7 @@ index bff31df..3b2a829 100644
+')
+
diff --git a/realmd.te b/realmd.te
-index 5bc878b..5736203 100644
+index 5bc878b29..573620309 100644
--- a/realmd.te
+++ b/realmd.te
@@ -7,47 +7,89 @@ policy_module(realmd, 1.1.0)
@@ -86651,7 +86651,7 @@ index 5bc878b..5736203 100644
+ unconfined_domain_noaudit(realmd_consolehelper_t)
')
diff --git a/redis.fc b/redis.fc
-index e240ac9..b9707aa 100644
+index e240ac99c..b9707aaf8 100644
--- a/redis.fc
+++ b/redis.fc
@@ -1,9 +1,13 @@
@@ -86673,7 +86673,7 @@ index e240ac9..b9707aa 100644
+
+/var/run/redis(/.*)? gen_context(system_u:object_r:redis_var_run_t,s0)
diff --git a/redis.if b/redis.if
-index 16c8ecb..4e021ec 100644
+index 16c8ecbe3..4e021eca7 100644
--- a/redis.if
+++ b/redis.if
@@ -1,9 +1,225 @@
@@ -86937,7 +86937,7 @@ index 16c8ecb..4e021ec 100644
+ ')
')
diff --git a/redis.te b/redis.te
-index 25cd417..61de827 100644
+index 25cd4175f..61de8277a 100644
--- a/redis.te
+++ b/redis.te
@@ -12,6 +12,9 @@ init_daemon_domain(redis_t, redis_exec_t)
@@ -86995,14 +86995,14 @@ index 25cd417..61de827 100644
-
sysnet_dns_name_resolve(redis_t)
diff --git a/remotelogin.fc b/remotelogin.fc
-index 327baf0..d8691bd 100644
+index 327baf059..d8691bd14 100644
--- a/remotelogin.fc
+++ b/remotelogin.fc
@@ -1 +1,2 @@
+
# Remote login currently has no file contexts.
diff --git a/remotelogin.if b/remotelogin.if
-index a9ce68e..92520aa 100644
+index a9ce68e33..92520aa92 100644
--- a/remotelogin.if
+++ b/remotelogin.if
@@ -1,4 +1,4 @@
@@ -87073,7 +87073,7 @@ index a9ce68e..92520aa 100644
+ allow $1 remote_login_t:process signull;
')
diff --git a/remotelogin.te b/remotelogin.te
-index ae30871..15a669c 100644
+index ae308717f..15a669cd4 100644
--- a/remotelogin.te
+++ b/remotelogin.te
@@ -10,81 +10,89 @@ domain_interactive_fd(remote_login_t)
@@ -87189,7 +87189,7 @@ index ae30871..15a669c 100644
')
diff --git a/resmgr.te b/resmgr.te
-index f6eb358..b631919 100644
+index f6eb358ad..b6319191c 100644
--- a/resmgr.te
+++ b/resmgr.te
@@ -23,7 +23,7 @@ files_pid_file(resmgrd_var_run_t)
@@ -87219,7 +87219,7 @@ index f6eb358..b631919 100644
optional_policy(`
diff --git a/rgmanager.fc b/rgmanager.fc
-index 5421af0..91e69b8 100644
+index 5421af0b6..91e69b869 100644
--- a/rgmanager.fc
+++ b/rgmanager.fc
@@ -1,12 +1,22 @@
@@ -87253,7 +87253,7 @@ index 5421af0..91e69b8 100644
+/var/run/heartbeat(/.*)? gen_context(system_u:object_r:rgmanager_var_run_t,s0)
+/var/run/rgmanager\.pid -- gen_context(system_u:object_r:rgmanager_var_run_t,s0)
diff --git a/rgmanager.if b/rgmanager.if
-index 1c2f9aa..a4133dc 100644
+index 1c2f9aa12..a4133dc92 100644
--- a/rgmanager.if
+++ b/rgmanager.if
@@ -1,13 +1,13 @@
@@ -87445,7 +87445,7 @@ index 1c2f9aa..a4133dc 100644
+ allow $1 rgmanager_var_lib_t:dir search_dir_perms;
+')
diff --git a/rgmanager.te b/rgmanager.te
-index c8a1e16..f9d6fb3 100644
+index c8a1e16e4..f9d6fb341 100644
--- a/rgmanager.te
+++ b/rgmanager.te
@@ -6,10 +6,9 @@ policy_module(rgmanager, 1.3.0)
@@ -87664,7 +87664,7 @@ index c8a1e16..f9d6fb3 100644
xen_domtrans_xm(rgmanager_t)
')
diff --git a/rhcs.fc b/rhcs.fc
-index 47de2d6..6baf5cd 100644
+index 47de2d681..6baf5cdae 100644
--- a/rhcs.fc
+++ b/rhcs.fc
@@ -1,31 +1,104 @@
@@ -87796,7 +87796,7 @@ index 47de2d6..6baf5cd 100644
+/var/log/pacemaker\.log.* -- gen_context(system_u:object_r:cluster_var_log_t,s0)
+/var/log/pcsd(/.*)? gen_context(system_u:object_r:cluster_var_log_t,s0)
diff --git a/rhcs.if b/rhcs.if
-index c8bdea2..beb2872 100644
+index c8bdea28d..beb2872e3 100644
--- a/rhcs.if
+++ b/rhcs.if
@@ -1,19 +1,19 @@
@@ -88681,7 +88681,7 @@ index c8bdea2..beb2872 100644
+ allow $1 haproxy_unit_file_t:service {status start};
')
diff --git a/rhcs.te b/rhcs.te
-index 6cf79c4..519e676 100644
+index 6cf79c449..519e6763c 100644
--- a/rhcs.te
+++ b/rhcs.te
@@ -20,6 +20,35 @@ gen_tunable(fenced_can_network_connect, false)
@@ -89283,7 +89283,7 @@ index 6cf79c4..519e676 100644
')
diff --git a/rhev.fc b/rhev.fc
new file mode 100644
-index 0000000..013d1d9
+index 000000000..013d1d964
--- /dev/null
+++ b/rhev.fc
@@ -0,0 +1,14 @@
@@ -89303,7 +89303,7 @@ index 0000000..013d1d9
+/var/log/ovirt-guest-agent(/.*)? gen_context(system_u:object_r:rhev_agentd_log_t,s0)
diff --git a/rhev.if b/rhev.if
new file mode 100644
-index 0000000..bf11e25
+index 000000000..bf11e2563
--- /dev/null
+++ b/rhev.if
@@ -0,0 +1,76 @@
@@ -89385,7 +89385,7 @@ index 0000000..bf11e25
+')
diff --git a/rhev.te b/rhev.te
new file mode 100644
-index 0000000..8b7aa12
+index 000000000..8b7aa12d8
--- /dev/null
+++ b/rhev.te
@@ -0,0 +1,128 @@
@@ -89518,7 +89518,7 @@ index 0000000..8b7aa12
+ ')
+')
diff --git a/rhgb.if b/rhgb.if
-index 1a134a7..793a29f 100644
+index 1a134a72e..793a29f88 100644
--- a/rhgb.if
+++ b/rhgb.if
@@ -1,4 +1,4 @@
@@ -89622,7 +89622,7 @@ index 1a134a7..793a29f 100644
allow $1 rhgb_tmpfs_t:file rw_file_perms;
')
diff --git a/rhgb.te b/rhgb.te
-index 3f32e4b..f97ea42 100644
+index 3f32e4bb3..f97ea42f8 100644
--- a/rhgb.te
+++ b/rhgb.te
@@ -43,7 +43,6 @@ kernel_read_system_state(rhgb_t)
@@ -89655,7 +89655,7 @@ index 3f32e4b..f97ea42 100644
diff --git a/rhnsd.fc b/rhnsd.fc
new file mode 100644
-index 0000000..860a91d
+index 000000000..860a91df8
--- /dev/null
+++ b/rhnsd.fc
@@ -0,0 +1,9 @@
@@ -89670,7 +89670,7 @@ index 0000000..860a91d
+/etc/sysconfig/rhn(/.*)? gen_context(system_u:object_r:rhnsd_conf_t,s0)
diff --git a/rhnsd.if b/rhnsd.if
new file mode 100644
-index 0000000..a161c70
+index 000000000..a161c70f9
--- /dev/null
+++ b/rhnsd.if
@@ -0,0 +1,120 @@
@@ -89796,7 +89796,7 @@ index 0000000..a161c70
+')
diff --git a/rhnsd.te b/rhnsd.te
new file mode 100644
-index 0000000..b947f09
+index 000000000..b947f092a
--- /dev/null
+++ b/rhnsd.te
@@ -0,0 +1,48 @@
@@ -89849,7 +89849,7 @@ index 0000000..b947f09
+ rpm_domtrans(rhnsd_t)
+')
diff --git a/rhsmcertd.fc b/rhsmcertd.fc
-index 8c02804..896c8c6 100644
+index 8c0280418..896c8c67f 100644
--- a/rhsmcertd.fc
+++ b/rhsmcertd.fc
@@ -2,6 +2,8 @@
@@ -89862,7 +89862,7 @@ index 8c02804..896c8c6 100644
/var/lock/subsys/rhsmcertd -- gen_context(system_u:object_r:rhsmcertd_lock_t,s0)
diff --git a/rhsmcertd.if b/rhsmcertd.if
-index 6dbc905..4b17c93 100644
+index 6dbc905b3..4b17c933e 100644
--- a/rhsmcertd.if
+++ b/rhsmcertd.if
@@ -1,8 +1,8 @@
@@ -90121,7 +90121,7 @@ index 6dbc905..4b17c93 100644
- admin_pattern($1, rhsmcertd_lock_t)
')
diff --git a/rhsmcertd.te b/rhsmcertd.te
-index d32e1a2..75b615f 100644
+index d32e1a279..75b615f81 100644
--- a/rhsmcertd.te
+++ b/rhsmcertd.te
@@ -18,6 +18,9 @@ logging_log_file(rhsmcertd_log_t)
@@ -90261,7 +90261,7 @@ index d32e1a2..75b615f 100644
+ unconfined_server_signull(rhsmcertd_t)
')
diff --git a/ricci.if b/ricci.if
-index 2ab3ed1..23d579c 100644
+index 2ab3ed1d4..23d579cde 100644
--- a/ricci.if
+++ b/ricci.if
@@ -1,13 +1,13 @@
@@ -90494,7 +90494,7 @@ index 2ab3ed1..23d579c 100644
role_transition $2 ricci_initrc_exec_t system_r;
allow $2 system_r;
diff --git a/ricci.te b/ricci.te
-index 0ba2569..161850d 100644
+index 0ba2569a5..161850d41 100644
--- a/ricci.te
+++ b/ricci.te
@@ -115,7 +115,6 @@ kernel_read_system_state(ricci_t)
@@ -90660,14 +90660,14 @@ index 0ba2569..161850d 100644
ccs_stream_connect(ricci_modstorage_t)
diff --git a/rkhunter.fc b/rkhunter.fc
new file mode 100644
-index 0000000..645a9cc
+index 000000000..645a9cc1a
--- /dev/null
+++ b/rkhunter.fc
@@ -0,0 +1 @@
+/var/lib/rkhunter(/.*)? gen_context(system_u:object_r:rkhunter_var_lib_t,s0)
diff --git a/rkhunter.if b/rkhunter.if
new file mode 100644
-index 0000000..0be4cee
+index 000000000..0be4ceec0
--- /dev/null
+++ b/rkhunter.if
@@ -0,0 +1,39 @@
@@ -90712,7 +90712,7 @@ index 0000000..0be4cee
+')
diff --git a/rkhunter.te b/rkhunter.te
new file mode 100644
-index 0000000..44de480
+index 000000000..44de48092
--- /dev/null
+++ b/rkhunter.te
@@ -0,0 +1,4 @@
@@ -90722,7 +90722,7 @@ index 0000000..44de480
+files_type(rkhunter_var_lib_t)
diff --git a/rkt.fc b/rkt.fc
new file mode 100644
-index 0000000..1941457
+index 000000000..19414579e
--- /dev/null
+++ b/rkt.fc
@@ -0,0 +1,11 @@
@@ -90739,7 +90739,7 @@ index 0000000..1941457
+/var/lib/rkt(/.*)? gen_context(system_u:object_r:rkt_var_lib_t,s0)
diff --git a/rkt.if b/rkt.if
new file mode 100644
-index 0000000..8f367ed
+index 000000000..8f367ed44
--- /dev/null
+++ b/rkt.if
@@ -0,0 +1,177 @@
@@ -90922,7 +90922,7 @@ index 0000000..8f367ed
+')
diff --git a/rkt.te b/rkt.te
new file mode 100644
-index 0000000..4e962a7
+index 000000000..4e962a7bf
--- /dev/null
+++ b/rkt.te
@@ -0,0 +1,38 @@
@@ -90965,7 +90965,7 @@ index 0000000..4e962a7
+
+sysnet_dns_name_resolve(rkt_t)
diff --git a/rlogin.fc b/rlogin.fc
-index f111877..e361ee9 100644
+index f11187720..e361ee9e2 100644
--- a/rlogin.fc
+++ b/rlogin.fc
@@ -1,5 +1,7 @@
@@ -90979,7 +90979,7 @@ index f111877..e361ee9 100644
/usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0)
diff --git a/rlogin.if b/rlogin.if
-index 050479d..0e1b364 100644
+index 050479dea..0e1b364fb 100644
--- a/rlogin.if
+++ b/rlogin.if
@@ -29,7 +29,7 @@ interface(`rlogin_domtrans',`
@@ -90992,7 +90992,7 @@ index 050479d..0e1b364 100644
type rlogind_home_t;
')
diff --git a/rlogin.te b/rlogin.te
-index ee27948..34d2ee9 100644
+index ee2794858..34d2ee96f 100644
--- a/rlogin.te
+++ b/rlogin.te
@@ -31,10 +31,12 @@ files_pid_file(rlogind_var_run_t)
@@ -91084,7 +91084,7 @@ index ee27948..34d2ee9 100644
kerberos_use(rlogind_t)
')
diff --git a/rngd.fc b/rngd.fc
-index fa19aa8..90eb481 100644
+index fa19aa8de..90eb481c1 100644
--- a/rngd.fc
+++ b/rngd.fc
@@ -1,5 +1,7 @@
@@ -91096,7 +91096,7 @@ index fa19aa8..90eb481 100644
/var/run/rngd\.pid -- gen_context(system_u:object_r:rngd_var_run_t,s0)
diff --git a/rngd.if b/rngd.if
-index 13f788f..10e2033 100644
+index 13f788fd5..10e203301 100644
--- a/rngd.if
+++ b/rngd.if
@@ -2,6 +2,29 @@
@@ -91161,7 +91161,7 @@ index 13f788f..10e2033 100644
+ allow $1 rngd_unit_file_t:service all_service_perms;
')
diff --git a/rngd.te b/rngd.te
-index a7b7717..861aa31 100644
+index a7b7717b7..861aa3180 100644
--- a/rngd.te
+++ b/rngd.te
@@ -12,6 +12,9 @@ init_daemon_domain(rngd_t, rngd_exec_t)
@@ -91185,7 +91185,7 @@ index a7b7717..861aa31 100644
-miscfiles_read_localization(rngd_t)
diff --git a/rolekit.fc b/rolekit.fc
new file mode 100644
-index 0000000..504b6e1
+index 000000000..504b6e13e
--- /dev/null
+++ b/rolekit.fc
@@ -0,0 +1,3 @@
@@ -91194,7 +91194,7 @@ index 0000000..504b6e1
+/usr/sbin/roled -- gen_context(system_u:object_r:rolekit_exec_t,s0)
diff --git a/rolekit.if b/rolekit.if
new file mode 100644
-index 0000000..b11fb8f
+index 000000000..b11fb8f6d
--- /dev/null
+++ b/rolekit.if
@@ -0,0 +1,120 @@
@@ -91320,7 +91320,7 @@ index 0000000..b11fb8f
+')
diff --git a/rolekit.te b/rolekit.te
new file mode 100644
-index 0000000..da94453
+index 000000000..da944537b
--- /dev/null
+++ b/rolekit.te
@@ -0,0 +1,47 @@
@@ -91372,7 +91372,7 @@ index 0000000..da94453
+ domain_named_filetrans(rolekit_t)
+')
diff --git a/roundup.fc b/roundup.fc
-index 6f05cd0..dc2a9aa 100644
+index 6f05cd06a..dc2a9aaee 100644
--- a/roundup.fc
+++ b/roundup.fc
@@ -2,4 +2,4 @@
@@ -91382,7 +91382,7 @@ index 6f05cd0..dc2a9aa 100644
-/var/lib/roundup(/.*)? -- gen_context(system_u:object_r:roundup_var_lib_t,s0)
+/var/lib/roundup(/.*)? gen_context(system_u:object_r:roundup_var_lib_t,s0)
diff --git a/roundup.if b/roundup.if
-index 975bb6a..ce4f5ea 100644
+index 975bb6a45..ce4f5ead8 100644
--- a/roundup.if
+++ b/roundup.if
@@ -23,8 +23,11 @@ interface(`roundup_admin',`
@@ -91399,7 +91399,7 @@ index 975bb6a..ce4f5ea 100644
init_labeled_script_domtrans($1, roundup_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/roundup.te b/roundup.te
-index ccb5991..fa10c5a 100644
+index ccb5991ed..fa10c5a2d 100644
--- a/roundup.te
+++ b/roundup.te
@@ -38,10 +38,10 @@ files_pid_filetrans(roundup_t, roundup_var_run_t, file)
@@ -91440,7 +91440,7 @@ index ccb5991..fa10c5a 100644
optional_policy(`
diff --git a/rpc.fc b/rpc.fc
-index a6fb30c..97ef313 100644
+index a6fb30cb3..97ef313df 100644
--- a/rpc.fc
+++ b/rpc.fc
@@ -1,12 +1,25 @@
@@ -91492,7 +91492,7 @@ index a6fb30c..97ef313 100644
+/var/run/rpc\.statd\.lock -- gen_context(system_u:object_r:rpcd_lock_t,s0)
+
diff --git a/rpc.if b/rpc.if
-index 0bf13c2..9572351 100644
+index 0bf13c220..95723515e 100644
--- a/rpc.if
+++ b/rpc.if
@@ -1,4 +1,4 @@
@@ -91973,7 +91973,7 @@ index 0bf13c2..9572351 100644
+ allow $1 gssd_t:process { noatsecure rlimitinh };
+')
diff --git a/rpc.te b/rpc.te
-index 2da9fca..49c37e8 100644
+index 2da9fca2f..49c37e8ea 100644
--- a/rpc.te
+++ b/rpc.te
@@ -6,22 +6,27 @@ policy_module(rpc, 1.15.1)
@@ -92342,7 +92342,7 @@ index 2da9fca..49c37e8 100644
')
diff --git a/rpcbind.fc b/rpcbind.fc
-index d31220e..0b6894a 100644
+index d31220e08..0b6894a67 100644
--- a/rpcbind.fc
+++ b/rpcbind.fc
@@ -1,8 +1,12 @@
@@ -92359,7 +92359,7 @@ index d31220e..0b6894a 100644
/var/cache/rpcbind(/.*)? gen_context(system_u:object_r:rpcbind_var_lib_t,s0)
diff --git a/rpcbind.if b/rpcbind.if
-index 3b5e9ee..ff1163f 100644
+index 3b5e9eed6..ff1163ff6 100644
--- a/rpcbind.if
+++ b/rpcbind.if
@@ -1,4 +1,4 @@
@@ -92513,7 +92513,7 @@ index 3b5e9ee..ff1163f 100644
+ admin_pattern($1, rpcbind_var_run_t)
')
diff --git a/rpcbind.te b/rpcbind.te
-index 54de77c..db13fcf 100644
+index 54de77ccd..db13fcff8 100644
--- a/rpcbind.te
+++ b/rpcbind.te
@@ -12,6 +12,9 @@ init_daemon_domain(rpcbind_t, rpcbind_exec_t)
@@ -92577,7 +92577,7 @@ index 54de77c..db13fcf 100644
ifdef(`distro_debian',`
term_dontaudit_use_unallocated_ttys(rpcbind_t)
diff --git a/rpm.fc b/rpm.fc
-index ebe91fc..6ba4338 100644
+index ebe91fc70..6ba4338cb 100644
--- a/rpm.fc
+++ b/rpm.fc
@@ -1,61 +1,80 @@
@@ -92705,7 +92705,7 @@ index ebe91fc..6ba4338 100644
+/sbin/cpio -- gen_context(system_u:object_r:rpm_exec_t,s0)
')
diff --git a/rpm.if b/rpm.if
-index ef3b225..b15d901 100644
+index ef3b22507..b15d901a4 100644
--- a/rpm.if
+++ b/rpm.if
@@ -1,8 +1,8 @@
@@ -93345,7 +93345,7 @@ index ef3b225..b15d901 100644
admin_pattern($1, { rpm_tmp_t rpm_script_tmp_t })
diff --git a/rpm.te b/rpm.te
-index 6fc360e..2f24b1e 100644
+index 6fc360e60..2f24b1e0c 100644
--- a/rpm.te
+++ b/rpm.te
@@ -1,15 +1,13 @@
@@ -93848,7 +93848,7 @@ index 6fc360e..2f24b1e 100644
+ usermanage_run_useradd(rpm_script_t, rpm_script_roles)
')
diff --git a/rshd.fc b/rshd.fc
-index 9ad0d58..6a4db03 100644
+index 9ad0d58dc..6a4db031f 100644
--- a/rshd.fc
+++ b/rshd.fc
@@ -1,3 +1,4 @@
@@ -93857,7 +93857,7 @@ index 9ad0d58..6a4db03 100644
/usr/sbin/in\.rexecd -- gen_context(system_u:object_r:rshd_exec_t,s0)
diff --git a/rshd.if b/rshd.if
-index 7ad29c0..2e87d76 100644
+index 7ad29c046..2e87d76b4 100644
--- a/rshd.if
+++ b/rshd.if
@@ -2,7 +2,7 @@
@@ -93878,7 +93878,7 @@ index 7ad29c0..2e87d76 100644
domtrans_pattern($1, rshd_exec_t, rshd_t)
')
diff --git a/rshd.te b/rshd.te
-index 864e089..a28dccd 100644
+index 864e089a0..a28dccd64 100644
--- a/rshd.te
+++ b/rshd.te
@@ -4,11 +4,12 @@ policy_module(rshd, 1.8.1)
@@ -93979,7 +93979,7 @@ index 864e089..a28dccd 100644
')
diff --git a/rssh.te b/rssh.te
-index 5c5465f..6005932 100644
+index 5c5465feb..60059323f 100644
--- a/rssh.te
+++ b/rssh.te
@@ -60,18 +60,14 @@ manage_files_pattern(rssh_t, rssh_rw_t, rssh_rw_t)
@@ -94008,7 +94008,7 @@ index 5c5465f..6005932 100644
-
-miscfiles_read_localization(rssh_chroot_helper_t)
diff --git a/rsync.fc b/rsync.fc
-index d25301b..f3eeec7 100644
+index d25301b85..f3eeec7b6 100644
--- a/rsync.fc
+++ b/rsync.fc
@@ -1,7 +1,8 @@
@@ -94023,7 +94023,7 @@ index d25301b..f3eeec7 100644
/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
+/var/run/swift_server\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
diff --git a/rsync.if b/rsync.if
-index f1140ef..642e062 100644
+index f1140efe4..642e062f4 100644
--- a/rsync.if
+++ b/rsync.if
@@ -1,16 +1,32 @@
@@ -94301,7 +94301,7 @@ index f1140ef..642e062 100644
+ files_pid_filetrans($1, rsync_var_run_t, file, "rsyncd.lock")
')
diff --git a/rsync.te b/rsync.te
-index abeb302..b27a479 100644
+index abeb302a7..b27a47979 100644
--- a/rsync.te
+++ b/rsync.te
@@ -6,67 +6,46 @@ policy_module(rsync, 1.13.0)
@@ -94548,7 +94548,7 @@ index abeb302..b27a479 100644
')
diff --git a/rtas.fc b/rtas.fc
new file mode 100644
-index 0000000..8d12521
+index 000000000..8d12521d2
--- /dev/null
+++ b/rtas.fc
@@ -0,0 +1,14 @@
@@ -94568,7 +94568,7 @@ index 0000000..8d12521
+
diff --git a/rtas.if b/rtas.if
new file mode 100644
-index 0000000..92cc49d
+index 000000000..92cc49d7f
--- /dev/null
+++ b/rtas.if
@@ -0,0 +1,163 @@
@@ -94737,7 +94737,7 @@ index 0000000..92cc49d
+')
diff --git a/rtas.te b/rtas.te
new file mode 100644
-index 0000000..9a5164c
+index 000000000..9a5164c7e
--- /dev/null
+++ b/rtas.te
@@ -0,0 +1,95 @@
@@ -94837,7 +94837,7 @@ index 0000000..9a5164c
+ unconfined_domain(rtas_errd_t)
+')
diff --git a/rtkit.if b/rtkit.if
-index e904ec4..e0dd20e 100644
+index e904ec472..e0dd20eeb 100644
--- a/rtkit.if
+++ b/rtkit.if
@@ -15,7 +15,6 @@ interface(`rtkit_daemon_domtrans',`
@@ -94924,7 +94924,7 @@ index e904ec4..e0dd20e 100644
+ ')
')
diff --git a/rtkit.te b/rtkit.te
-index 7eea21f..7140646 100644
+index 7eea21f3f..714064633 100644
--- a/rtkit.te
+++ b/rtkit.te
@@ -31,8 +31,6 @@ auth_use_nsswitch(rtkit_daemon_t)
@@ -94937,7 +94937,7 @@ index 7eea21f..7140646 100644
dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)
diff --git a/rwho.if b/rwho.if
-index 0360ff0..e6cb34f 100644
+index 0360ff013..e6cb34f71 100644
--- a/rwho.if
+++ b/rwho.if
@@ -139,8 +139,11 @@ interface(`rwho_admin',`
@@ -94954,7 +94954,7 @@ index 0360ff0..e6cb34f 100644
init_labeled_script_domtrans($1, rwho_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/rwho.te b/rwho.te
-index 7fb75f4..9ccbd95 100644
+index 7fb75f457..9ccbd95c2 100644
--- a/rwho.te
+++ b/rwho.te
@@ -16,7 +16,7 @@ type rwho_log_t;
@@ -94996,7 +94996,7 @@ index 7fb75f4..9ccbd95 100644
+userdom_getattr_user_terminals(rwho_t)
+
diff --git a/samba.fc b/samba.fc
-index b8b66ff..a93346e 100644
+index b8b66ff4d..a93346efe 100644
--- a/samba.fc
+++ b/samba.fc
@@ -1,42 +1,55 @@
@@ -95097,7 +95097,7 @@ index b8b66ff..a93346e 100644
+/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
+')
diff --git a/samba.if b/samba.if
-index 50d07fb..a34db48 100644
+index 50d07fb2e..a34db489c 100644
--- a/samba.if
+++ b/samba.if
@@ -1,8 +1,12 @@
@@ -95957,7 +95957,7 @@ index 50d07fb..a34db48 100644
+ allow $1 samba_unit_file_t:service all_service_perms;
')
diff --git a/samba.te b/samba.te
-index 2b7c441..d79c136 100644
+index 2b7c441e7..d79c13644 100644
--- a/samba.te
+++ b/samba.te
@@ -6,99 +6,86 @@ policy_module(samba, 1.16.3)
@@ -97301,7 +97301,7 @@ index 2b7c441..d79c136 100644
+ can_exec(smbd_t, samba_unconfined_script_exec_t)
')
diff --git a/sambagui.te b/sambagui.te
-index e18b0a2..1b1db01 100644
+index e18b0a284..1b1db014d 100644
--- a/sambagui.te
+++ b/sambagui.te
@@ -18,7 +18,7 @@ role sambagui_roles types sambagui_t;
@@ -97343,7 +97343,7 @@ index e18b0a2..1b1db01 100644
samba_domtrans_nmbd(sambagui_t)
')
diff --git a/samhain.if b/samhain.if
-index f0236d6..37665a1 100644
+index f0236d67d..37665a1b6 100644
--- a/samhain.if
+++ b/samhain.if
@@ -23,6 +23,8 @@ template(`samhain_service_template',`
@@ -97356,7 +97356,7 @@ index f0236d6..37665a1 100644
########################################
diff --git a/samhain.te b/samhain.te
-index c41ce4b..8837e4c 100644
+index c41ce4bff..8837e4c41 100644
--- a/samhain.te
+++ b/samhain.te
@@ -88,8 +88,6 @@ auth_read_login_records(samhain_domain)
@@ -97379,14 +97379,14 @@ index c41ce4b..8837e4c 100644
#
diff --git a/sandbox.fc b/sandbox.fc
new file mode 100644
-index 0000000..b7db254
+index 000000000..b7db25411
--- /dev/null
+++ b/sandbox.fc
@@ -0,0 +1 @@
+# Empty
diff --git a/sandbox.if b/sandbox.if
new file mode 100644
-index 0000000..cc29a06
+index 000000000..cc29a063b
--- /dev/null
+++ b/sandbox.if
@@ -0,0 +1,96 @@
@@ -97488,7 +97488,7 @@ index 0000000..cc29a06
+')
diff --git a/sandbox.te b/sandbox.te
new file mode 100644
-index 0000000..402257c
+index 000000000..402257c49
--- /dev/null
+++ b/sandbox.te
@@ -0,0 +1,66 @@
@@ -97560,7 +97560,7 @@ index 0000000..402257c
+
diff --git a/sandboxX.fc b/sandboxX.fc
new file mode 100644
-index 0000000..6caef63
+index 000000000..6caef6326
--- /dev/null
+++ b/sandboxX.fc
@@ -0,0 +1,2 @@
@@ -97568,7 +97568,7 @@ index 0000000..6caef63
+/usr/share/sandbox/start -- gen_context(system_u:object_r:sandbox_exec_t,s0)
diff --git a/sandboxX.if b/sandboxX.if
new file mode 100644
-index 0000000..98dc14e
+index 000000000..98dc14ef6
--- /dev/null
+++ b/sandboxX.if
@@ -0,0 +1,401 @@
@@ -97975,7 +97975,7 @@ index 0000000..98dc14e
+')
diff --git a/sandboxX.te b/sandboxX.te
new file mode 100644
-index 0000000..22e956f
+index 000000000..22e956fe3
--- /dev/null
+++ b/sandboxX.te
@@ -0,0 +1,512 @@
@@ -98492,7 +98492,7 @@ index 0000000..22e956f
+userdom_dontaudit_open_user_ptys(sandbox_x_domain)
+
diff --git a/sanlock.fc b/sanlock.fc
-index 3df2a0f..7264d8a 100644
+index 3df2a0f14..7264d8ae1 100644
--- a/sanlock.fc
+++ b/sanlock.fc
@@ -1,7 +1,18 @@
@@ -98518,7 +98518,7 @@ index 3df2a0f..7264d8a 100644
-/var/log/sanlock\.log.* -- gen_context(system_u:object_r:sanlock_log_t,s0)
+/usr/lib/systemd/system/sanlk-resetd\.service -- gen_context(system_u:object_r:sanlk_resetd_unit_file_t,s0)
diff --git a/sanlock.if b/sanlock.if
-index cd6c213..6d3cdc4 100644
+index cd6c213d2..6d3cdc4d9 100644
--- a/sanlock.if
+++ b/sanlock.if
@@ -1,4 +1,6 @@
@@ -98751,7 +98751,7 @@ index cd6c213..6d3cdc4 100644
+ ')
')
diff --git a/sanlock.te b/sanlock.te
-index 0045465..ee3b993 100644
+index 0045465a0..ee3b9930a 100644
--- a/sanlock.te
+++ b/sanlock.te
@@ -6,25 +6,44 @@ policy_module(sanlock, 1.1.0)
@@ -98950,7 +98950,7 @@ index 0045465..ee3b993 100644
+ wdmd_stream_connect(sanlk_resetd_t)
')
diff --git a/sasl.fc b/sasl.fc
-index 54f41c2..7e58679 100644
+index 54f41c2b7..7e5867968 100644
--- a/sasl.fc
+++ b/sasl.fc
@@ -1,7 +1,12 @@
@@ -98969,7 +98969,7 @@ index 54f41c2..7e58679 100644
+/var/lib/sasl2(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0)
/var/run/saslauthd(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0)
diff --git a/sasl.if b/sasl.if
-index 8c3c151..93b7227 100644
+index 8c3c151cb..93b722789 100644
--- a/sasl.if
+++ b/sasl.if
@@ -1,4 +1,4 @@
@@ -99005,7 +99005,7 @@ index 8c3c151..93b7227 100644
domain_system_change_exemption($1)
role_transition $2 saslauthd_initrc_exec_t system_r;
diff --git a/sasl.te b/sasl.te
-index 6c3bc20..eb05a49 100644
+index 6c3bc2059..eb05a4920 100644
--- a/sasl.te
+++ b/sasl.te
@@ -6,12 +6,11 @@ policy_module(sasl, 1.15.1)
@@ -99121,7 +99121,7 @@ index 6c3bc20..eb05a49 100644
optional_policy(`
diff --git a/sbd.fc b/sbd.fc
new file mode 100644
-index 0000000..41768ee
+index 000000000..41768eed0
--- /dev/null
+++ b/sbd.fc
@@ -0,0 +1,7 @@
@@ -99134,7 +99134,7 @@ index 0000000..41768ee
+/var/run/sbd.* -- gen_context(system_u:object_r:sbd_var_run_t,s0)
diff --git a/sbd.if b/sbd.if
new file mode 100644
-index 0000000..7a058a8
+index 000000000..7a058a82a
--- /dev/null
+++ b/sbd.if
@@ -0,0 +1,126 @@
@@ -99266,7 +99266,7 @@ index 0000000..7a058a8
+')
diff --git a/sbd.te b/sbd.te
new file mode 100644
-index 0000000..b86f200
+index 000000000..b86f200a7
--- /dev/null
+++ b/sbd.te
@@ -0,0 +1,54 @@
@@ -99325,7 +99325,7 @@ index 0000000..b86f200
+
+')
diff --git a/sblim.fc b/sblim.fc
-index 68a550d..e976fc6 100644
+index 68a550d54..e976fc62e 100644
--- a/sblim.fc
+++ b/sblim.fc
@@ -1,6 +1,10 @@
@@ -99340,7 +99340,7 @@ index 68a550d..e976fc6 100644
/var/run/gather(/.*)? gen_context(system_u:object_r:sblim_var_run_t,s0)
diff --git a/sblim.if b/sblim.if
-index 98c9e0a..562666e 100644
+index 98c9e0a88..562666e06 100644
--- a/sblim.if
+++ b/sblim.if
@@ -1,8 +1,36 @@
@@ -99534,7 +99534,7 @@ index 98c9e0a..562666e 100644
files_search_pids($1)
admin_pattern($1, sblim_var_run_t)
diff --git a/sblim.te b/sblim.te
-index 299756b..5719ae9 100644
+index 299756bc8..5719ae912 100644
--- a/sblim.te
+++ b/sblim.te
@@ -7,13 +7,11 @@ policy_module(sblim, 1.1.0)
@@ -99709,7 +99709,7 @@ index 299756b..5719ae9 100644
+ virt_getattr_images(sblim_sfcbd_t)
+')
diff --git a/screen.fc b/screen.fc
-index e7c2cf7..435aaa6 100644
+index e7c2cf74f..435aaa61c 100644
--- a/screen.fc
+++ b/screen.fc
@@ -2,8 +2,10 @@ HOME_DIR/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0)
@@ -99728,7 +99728,7 @@ index e7c2cf7..435aaa6 100644
+/var/run/screen(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0)
+/var/run/tmux(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0)
diff --git a/screen.if b/screen.if
-index be5cce2..b81f5df 100644
+index be5cce2d3..b81f5dfef 100644
--- a/screen.if
+++ b/screen.if
@@ -1,4 +1,4 @@
@@ -99868,7 +99868,7 @@ index be5cce2..b81f5df 100644
+')
+
diff --git a/screen.te b/screen.te
-index 5466a73..33598f3 100644
+index 5466a7327..33598f3b3 100644
--- a/screen.te
+++ b/screen.te
@@ -5,9 +5,7 @@ policy_module(screen, 2.6.0)
@@ -100010,7 +100010,7 @@ index 5466a73..33598f3 100644
- fs_read_nfs_symlinks(screen_domain)
-')
diff --git a/sectoolm.fc b/sectoolm.fc
-index 64a2394..3f1dac5 100644
+index 64a239453..3f1dac59a 100644
--- a/sectoolm.fc
+++ b/sectoolm.fc
@@ -1,5 +1,4 @@
@@ -100022,7 +100022,7 @@ index 64a2394..3f1dac5 100644
+/var/lib/sectool(/.*)? gen_context(system_u:object_r:sectool_var_lib_t,s0)
+/var/log/sectool\.log.* -- gen_context(system_u:object_r:sectool_var_log_t,s0)
diff --git a/sectoolm.if b/sectoolm.if
-index c78a569..9007451 100644
+index c78a569c3..900745118 100644
--- a/sectoolm.if
+++ b/sectoolm.if
@@ -1,24 +1,2 @@
@@ -100052,7 +100052,7 @@ index c78a569..9007451 100644
- allow sectoolm_t $2:unix_dgram_socket sendto;
-')
diff --git a/sectoolm.te b/sectoolm.te
-index 4bc8c13..e05d74d 100644
+index 4bc8c13ea..e05d74d48 100644
--- a/sectoolm.te
+++ b/sectoolm.te
@@ -7,7 +7,7 @@ policy_module(sectoolm, 1.1.0)
@@ -100145,7 +100145,7 @@ index 4bc8c13..e05d74d 100644
prelink_domtrans(sectoolm_t)
')
diff --git a/sendmail.fc b/sendmail.fc
-index d14b6bf..da5d41d 100644
+index d14b6bfc7..da5d41d5c 100644
--- a/sendmail.fc
+++ b/sendmail.fc
@@ -1,7 +1,8 @@
@@ -100163,7 +100163,7 @@ index d14b6bf..da5d41d 100644
+/var/run/sendmail\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
+/var/run/sm-client\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
diff --git a/sendmail.if b/sendmail.if
-index 35ad2a7..afdc7da 100644
+index 35ad2a733..afdc7da29 100644
--- a/sendmail.if
+++ b/sendmail.if
@@ -1,4 +1,4 @@
@@ -100456,7 +100456,7 @@ index 35ad2a7..afdc7da 100644
+ admin_pattern($1, mail_spool_t)
')
diff --git a/sendmail.te b/sendmail.te
-index 12700b4..86f608e 100644
+index 12700b413..86f608e88 100644
--- a/sendmail.te
+++ b/sendmail.te
@@ -37,21 +37,23 @@ role sendmail_unconfined_roles types unconfined_sendmail_t;
@@ -100643,7 +100643,7 @@ index 12700b4..86f608e 100644
unconfined_domain(unconfined_sendmail_t)
')
diff --git a/sensord.fc b/sensord.fc
-index 8185d5a..9be989a 100644
+index 8185d5a6b..9be989a08 100644
--- a/sensord.fc
+++ b/sensord.fc
@@ -1,5 +1,9 @@
@@ -100657,7 +100657,7 @@ index 8185d5a..9be989a 100644
+
/var/run/sensord\.pid -- gen_context(system_u:object_r:sensord_var_run_t,s0)
diff --git a/sensord.if b/sensord.if
-index d204752..85631b3 100644
+index d204752b3..85631b346 100644
--- a/sensord.if
+++ b/sensord.if
@@ -1,35 +1,81 @@
@@ -100755,7 +100755,7 @@ index d204752..85631b3 100644
+ ')
')
diff --git a/sensord.te b/sensord.te
-index 5e82fd6..ddb249d 100644
+index 5e82fd616..ddb249dfb 100644
--- a/sensord.te
+++ b/sensord.te
@@ -9,27 +9,38 @@ type sensord_t;
@@ -100801,7 +100801,7 @@ index 5e82fd6..ddb249d 100644
-miscfiles_read_localization(sensord_t)
diff --git a/setroubleshoot.fc b/setroubleshoot.fc
-index 0b3a971..397a522 100644
+index 0b3a971f4..397a5225b 100644
--- a/setroubleshoot.fc
+++ b/setroubleshoot.fc
@@ -1,9 +1,9 @@
@@ -100819,7 +100819,7 @@ index 0b3a971..397a522 100644
-/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
+/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
diff --git a/setroubleshoot.if b/setroubleshoot.if
-index 3a9a70b..903109c 100644
+index 3a9a70bef..903109c98 100644
--- a/setroubleshoot.if
+++ b/setroubleshoot.if
@@ -1,9 +1,8 @@
@@ -100922,7 +100922,7 @@ index 3a9a70b..903109c 100644
logging_list_logs($1)
admin_pattern($1, setroubleshoot_var_log_t)
diff --git a/setroubleshoot.te b/setroubleshoot.te
-index ce67935..4985c02 100644
+index ce6793506..4985c026f 100644
--- a/setroubleshoot.te
+++ b/setroubleshoot.te
@@ -7,68 +7,111 @@ policy_module(setroubleshoot, 1.12.1)
@@ -101192,7 +101192,7 @@ index ce67935..4985c02 100644
+')
diff --git a/sge.fc b/sge.fc
new file mode 100644
-index 0000000..160ddc2
+index 000000000..160ddc2b8
--- /dev/null
+++ b/sge.fc
@@ -0,0 +1,6 @@
@@ -101204,7 +101204,7 @@ index 0000000..160ddc2
+
diff --git a/sge.if b/sge.if
new file mode 100644
-index 0000000..c9d2d9c
+index 000000000..c9d2d9c42
--- /dev/null
+++ b/sge.if
@@ -0,0 +1,24 @@
@@ -101234,7 +101234,7 @@ index 0000000..c9d2d9c
+
diff --git a/sge.te b/sge.te
new file mode 100644
-index 0000000..1c1ec06
+index 000000000..1c1ec06e5
--- /dev/null
+++ b/sge.te
@@ -0,0 +1,196 @@
@@ -101435,7 +101435,7 @@ index 0000000..1c1ec06
+ nslcd_stream_connect(sge_domain)
+')
diff --git a/shorewall.if b/shorewall.if
-index 1aeef8a..d5ce40a 100644
+index 1aeef8ac3..d5ce40a96 100644
--- a/shorewall.if
+++ b/shorewall.if
@@ -1,4 +1,4 @@
@@ -101618,7 +101618,7 @@ index 1aeef8a..d5ce40a 100644
admin_pattern($1, shorewall_etc_t)
diff --git a/shorewall.te b/shorewall.te
-index 7710b9f..04af4ec 100644
+index 7710b9f76..04af4ec4d 100644
--- a/shorewall.te
+++ b/shorewall.te
@@ -32,8 +32,9 @@ logging_log_file(shorewall_log_t)
@@ -101688,7 +101688,7 @@ index 7710b9f..04af4ec 100644
ulogd_search_log(shorewall_t)
')
diff --git a/shutdown.fc b/shutdown.fc
-index a91f33b..631dbc1 100644
+index a91f33b0f..631dbc1dc 100644
--- a/shutdown.fc
+++ b/shutdown.fc
@@ -8,4 +8,4 @@
@@ -101698,7 +101698,7 @@ index a91f33b..631dbc1 100644
-/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0)
+/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0)
diff --git a/shutdown.if b/shutdown.if
-index d1706bf..3aa7c9f 100644
+index d1706bf87..3aa7c9fd1 100644
--- a/shutdown.if
+++ b/shutdown.if
@@ -1,30 +1,4 @@
@@ -101854,7 +101854,7 @@ index d1706bf..3aa7c9f 100644
##
##
diff --git a/shutdown.te b/shutdown.te
-index e2544e1..2196974 100644
+index e2544e147..2196974f5 100644
--- a/shutdown.te
+++ b/shutdown.te
@@ -24,7 +24,7 @@ files_pid_file(shutdown_var_run_t)
@@ -101903,7 +101903,7 @@ index e2544e1..2196974 100644
+ xserver_xdm_append_log(shutdown_t)
')
diff --git a/slocate.te b/slocate.te
-index 7292dc0..26fc8f4 100644
+index 7292dc064..26fc8f4bc 100644
--- a/slocate.te
+++ b/slocate.te
@@ -44,8 +44,12 @@ dev_getattr_all_blk_files(locate_t)
@@ -101937,7 +101937,7 @@ index 7292dc0..26fc8f4 100644
+')
+
diff --git a/slpd.if b/slpd.if
-index ca32e89..98278dd 100644
+index ca32e8946..98278dd2c 100644
--- a/slpd.if
+++ b/slpd.if
@@ -2,6 +2,43 @@
@@ -102005,7 +102005,7 @@ index ca32e89..98278dd 100644
+
')
diff --git a/slpd.te b/slpd.te
-index 731512a..4ce76cd 100644
+index 731512a66..4ce76cd9c 100644
--- a/slpd.te
+++ b/slpd.te
@@ -23,7 +23,7 @@ files_pid_file(slpd_var_run_t)
@@ -102042,7 +102042,7 @@ index 731512a..4ce76cd 100644
+
+sysnet_dns_name_resolve(slpd_t)
diff --git a/slrnpull.te b/slrnpull.te
-index 59eb07f..4626942 100644
+index 59eb07fa9..4626942ae 100644
--- a/slrnpull.te
+++ b/slrnpull.te
@@ -13,7 +13,7 @@ type slrnpull_var_run_t;
@@ -102072,7 +102072,7 @@ index 59eb07f..4626942 100644
userdom_dontaudit_search_user_home_dirs(slrnpull_t)
diff --git a/smartmon.if b/smartmon.if
-index e0644b5..ea347cc 100644
+index e0644b5cf..ea347ccd5 100644
--- a/smartmon.if
+++ b/smartmon.if
@@ -42,9 +42,13 @@ interface(`smartmon_admin',`
@@ -102091,7 +102091,7 @@ index e0644b5..ea347cc 100644
domain_system_change_exemption($1)
role_transition $2 fsdaemon_initrc_exec_t system_r;
diff --git a/smartmon.te b/smartmon.te
-index 9cf6582..052179c 100644
+index 9cf6582d2..052179c3f 100644
--- a/smartmon.te
+++ b/smartmon.te
@@ -38,7 +38,7 @@ ifdef(`enable_mls',`
@@ -102172,7 +102172,7 @@ index 9cf6582..052179c 100644
+ virt_read_images(fsdaemon_t)
')
diff --git a/smokeping.fc b/smokeping.fc
-index 3359819..a231ecb 100644
+index 335981945..a231ecb56 100644
--- a/smokeping.fc
+++ b/smokeping.fc
@@ -2,7 +2,7 @@
@@ -102185,7 +102185,7 @@ index 3359819..a231ecb 100644
/var/lib/smokeping(/.*)? gen_context(system_u:object_r:smokeping_var_lib_t,s0)
diff --git a/smokeping.if b/smokeping.if
-index 1fa51c1..82e111c 100644
+index 1fa51c11f..82e111c80 100644
--- a/smokeping.if
+++ b/smokeping.if
@@ -158,8 +158,11 @@ interface(`smokeping_admin',`
@@ -102202,7 +102202,7 @@ index 1fa51c1..82e111c 100644
smokeping_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/smokeping.te b/smokeping.te
-index ec031a0..61a9f8c 100644
+index ec031a031..61a9f8c08 100644
--- a/smokeping.te
+++ b/smokeping.te
@@ -24,6 +24,7 @@ files_type(smokeping_var_lib_t)
@@ -102262,7 +102262,7 @@ index ec031a0..61a9f8c 100644
+ netutils_domtrans_ping(smokeping_cgi_script_t)
')
diff --git a/smoltclient.te b/smoltclient.te
-index b3f2c6f..4e629a1 100644
+index b3f2c6f26..4e629a10b 100644
--- a/smoltclient.te
+++ b/smoltclient.te
@@ -40,6 +40,7 @@ corenet_tcp_sendrecv_generic_node(smoltclient_t)
@@ -102301,7 +102301,7 @@ index b3f2c6f..4e629a1 100644
')
diff --git a/smsd.fc b/smsd.fc
new file mode 100644
-index 0000000..4c3fcec
+index 000000000..4c3fcec7d
--- /dev/null
+++ b/smsd.fc
@@ -0,0 +1,11 @@
@@ -102318,7 +102318,7 @@ index 0000000..4c3fcec
+/var/spool/sms(/.*)? gen_context(system_u:object_r:smsd_spool_t,s0)
diff --git a/smsd.if b/smsd.if
new file mode 100644
-index 0000000..52450c7
+index 000000000..52450c700
--- /dev/null
+++ b/smsd.if
@@ -0,0 +1,240 @@
@@ -102564,7 +102564,7 @@ index 0000000..52450c7
+')
diff --git a/smsd.te b/smsd.te
new file mode 100644
-index 0000000..d971935
+index 000000000..d971935b4
--- /dev/null
+++ b/smsd.te
@@ -0,0 +1,75 @@
@@ -102644,7 +102644,7 @@ index 0000000..d971935
+
+term_use_usb_ttys(smsd_t)
diff --git a/smstools.if b/smstools.if
-index cbfe369..6594af3 100644
+index cbfe369a6..6594af373 100644
--- a/smstools.if
+++ b/smstools.if
@@ -1,5 +1,81 @@
@@ -102740,7 +102740,7 @@ index cbfe369..6594af3 100644
files_search_var_lib($1)
diff --git a/snapper.fc b/snapper.fc
new file mode 100644
-index 0000000..34f7846
+index 000000000..34f7846b3
--- /dev/null
+++ b/snapper.fc
@@ -0,0 +1,16 @@
@@ -102762,7 +102762,7 @@ index 0000000..34f7846
+/home/(.*/)?\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0)
diff --git a/snapper.if b/snapper.if
new file mode 100644
-index 0000000..88490d5
+index 000000000..88490d5c6
--- /dev/null
+++ b/snapper.if
@@ -0,0 +1,99 @@
@@ -102867,7 +102867,7 @@ index 0000000..88490d5
+
diff --git a/snapper.te b/snapper.te
new file mode 100644
-index 0000000..5c2cbe0
+index 000000000..5c2cbe02d
--- /dev/null
+++ b/snapper.te
@@ -0,0 +1,83 @@
@@ -102955,7 +102955,7 @@ index 0000000..5c2cbe0
+ snapper_relabel_snapshots(snapperd_t)
+')
diff --git a/snmp.fc b/snmp.fc
-index 2f0a2f2..1569e33 100644
+index 2f0a2f205..1569e3369 100644
--- a/snmp.fc
+++ b/snmp.fc
@@ -1,6 +1,6 @@
@@ -102982,7 +102982,7 @@ index 2f0a2f2..1569e33 100644
+/var/run/snmpd(/.*)? gen_context(system_u:object_r:snmpd_var_run_t,s0)
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
diff --git a/snmp.if b/snmp.if
-index 7a9cc9d..23cb658 100644
+index 7a9cc9df7..23cb6589e 100644
--- a/snmp.if
+++ b/snmp.if
@@ -57,8 +57,7 @@ interface(`snmp_udp_chat',`
@@ -103119,7 +103119,7 @@ index 7a9cc9d..23cb658 100644
init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/snmp.te b/snmp.te
-index 9dcaeb8..e8446db 100644
+index 9dcaeb875..e8446db05 100644
--- a/snmp.te
+++ b/snmp.te
@@ -26,15 +26,17 @@ files_type(snmpd_var_lib_t)
@@ -103220,7 +103220,7 @@ index 9dcaeb8..e8446db 100644
')
diff --git a/snort.if b/snort.if
-index 7d86b34..5f58180 100644
+index 7d86b3485..5f581804e 100644
--- a/snort.if
+++ b/snort.if
@@ -42,8 +42,11 @@ interface(`snort_admin',`
@@ -103252,7 +103252,7 @@ index 7d86b34..5f58180 100644
+ files_list_pids($1)
')
diff --git a/snort.te b/snort.te
-index 1af72df..d545f2a 100644
+index 1af72df55..d545f2aea 100644
--- a/snort.te
+++ b/snort.te
@@ -29,13 +29,16 @@ files_pid_file(snort_var_run_t)
@@ -103317,7 +103317,7 @@ index 1af72df..d545f2a 100644
userdom_dontaudit_use_unpriv_user_fds(snort_t)
diff --git a/sosreport.if b/sosreport.if
-index 634c6b4..f6db7a7 100644
+index 634c6b4fa..f6db7a796 100644
--- a/sosreport.if
+++ b/sosreport.if
@@ -42,7 +42,7 @@ interface(`sosreport_run',`
@@ -103353,7 +103353,7 @@ index 634c6b4..f6db7a7 100644
+')
+
diff --git a/sosreport.te b/sosreport.te
-index f2f507d..0ac6752 100644
+index f2f507dae..0ac6752b4 100644
--- a/sosreport.te
+++ b/sosreport.te
@@ -13,15 +13,15 @@ type sosreport_exec_t;
@@ -103572,7 +103572,7 @@ index f2f507d..0ac6752 100644
optional_policy(`
diff --git a/soundserver.if b/soundserver.if
-index a5abc5a..b9eff74 100644
+index a5abc5a8d..b9eff74cb 100644
--- a/soundserver.if
+++ b/soundserver.if
@@ -38,9 +38,13 @@ interface(`soundserver_admin',`
@@ -103591,7 +103591,7 @@ index a5abc5a..b9eff74 100644
domain_system_change_exemption($1)
role_transition $2 soundd_initrc_exec_t system_r;
diff --git a/soundserver.te b/soundserver.te
-index 0919e0c..df28aad 100644
+index 0919e0c86..df28aadba 100644
--- a/soundserver.te
+++ b/soundserver.te
@@ -32,7 +32,7 @@ files_pid_file(soundd_var_run_t)
@@ -103629,7 +103629,7 @@ index 0919e0c..df28aad 100644
userdom_dontaudit_use_unpriv_user_fds(soundd_t)
diff --git a/spamassassin.fc b/spamassassin.fc
-index e9bd097..5724bcf 100644
+index e9bd097b7..5724bcf0f 100644
--- a/spamassassin.fc
+++ b/spamassassin.fc
@@ -1,20 +1,27 @@
@@ -103694,7 +103694,7 @@ index e9bd097..5724bcf 100644
+/usr/bin/pyzor -- gen_context(system_u:object_r:spamc_exec_t,s0)
+/usr/bin/pyzord -- gen_context(system_u:object_r:spamd_exec_t,s0)
diff --git a/spamassassin.if b/spamassassin.if
-index 1499b0b..e695a62 100644
+index 1499b0bbf..e695a62f3 100644
--- a/spamassassin.if
+++ b/spamassassin.if
@@ -2,39 +2,45 @@
@@ -104149,7 +104149,7 @@ index 1499b0b..e695a62 100644
- spamassassin_role($2, $1)
')
diff --git a/spamassassin.te b/spamassassin.te
-index cc58e35..85e9f59 100644
+index cc58e3578..85e9f5961 100644
--- a/spamassassin.te
+++ b/spamassassin.te
@@ -7,50 +7,30 @@ policy_module(spamassassin, 2.6.1)
@@ -104957,7 +104957,7 @@ index cc58e35..85e9f59 100644
')
diff --git a/speech-dispatcher.fc b/speech-dispatcher.fc
new file mode 100644
-index 0000000..545f682
+index 000000000..545f68233
--- /dev/null
+++ b/speech-dispatcher.fc
@@ -0,0 +1,5 @@
@@ -104968,7 +104968,7 @@ index 0000000..545f682
+/var/log/speech-dispatcher(/.*)? gen_context(system_u:object_r:speech-dispatcher_log_t,s0)
diff --git a/speech-dispatcher.if b/speech-dispatcher.if
new file mode 100644
-index 0000000..4cb9104
+index 000000000..4cb910462
--- /dev/null
+++ b/speech-dispatcher.if
@@ -0,0 +1,143 @@
@@ -105117,7 +105117,7 @@ index 0000000..4cb9104
+')
diff --git a/speech-dispatcher.te b/speech-dispatcher.te
new file mode 100644
-index 0000000..4739473
+index 000000000..473947312
--- /dev/null
+++ b/speech-dispatcher.te
@@ -0,0 +1,61 @@
@@ -105183,7 +105183,7 @@ index 0000000..4739473
+dev_read_urand(speech-dispatcher_t)
+
diff --git a/speedtouch.te b/speedtouch.te
-index b38b8b1..eb36653 100644
+index b38b8b180..eb36653b8 100644
--- a/speedtouch.te
+++ b/speedtouch.te
@@ -39,16 +39,12 @@ dev_read_usbfs(speedmgmt_t)
@@ -105204,7 +105204,7 @@ index b38b8b1..eb36653 100644
userdom_dontaudit_search_user_home_dirs(speedmgmt_t)
diff --git a/squid.fc b/squid.fc
-index 0a8b0f7..80c1d57 100644
+index 0a8b0f7c0..80c1d5756 100644
--- a/squid.fc
+++ b/squid.fc
@@ -1,20 +1,31 @@
@@ -105246,7 +105246,7 @@ index 0a8b0f7..80c1d57 100644
-/var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
+/var/lightsquid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
diff --git a/squid.if b/squid.if
-index 5e1f053..e7820bc 100644
+index 5e1f0534c..e7820bce3 100644
--- a/squid.if
+++ b/squid.if
@@ -72,7 +72,7 @@ interface(`squid_rw_stream_sockets',`
@@ -105282,7 +105282,7 @@ index 5e1f053..e7820bc 100644
domain_system_change_exemption($1)
role_transition $2 squid_initrc_exec_t system_r;
diff --git a/squid.te b/squid.te
-index 03472ed..9148ef5 100644
+index 03472ed9b..9148ef5ae 100644
--- a/squid.te
+++ b/squid.te
@@ -29,7 +29,7 @@ type squid_cache_t;
@@ -105462,7 +105462,7 @@ index 03472ed..9148ef5 100644
+')
diff --git a/sslh.fc b/sslh.fc
new file mode 100644
-index 0000000..1a217f5
+index 000000000..1a217f5ed
--- /dev/null
+++ b/sslh.fc
@@ -0,0 +1,9 @@
@@ -105477,7 +105477,7 @@ index 0000000..1a217f5
+/var/run/sslh.* gen_context(system_u:object_r:sslh_var_run_t,s0)
diff --git a/sslh.if b/sslh.if
new file mode 100644
-index 0000000..218360d
+index 000000000..218360da8
--- /dev/null
+++ b/sslh.if
@@ -0,0 +1,127 @@
@@ -105610,7 +105610,7 @@ index 0000000..218360d
+')
diff --git a/sslh.te b/sslh.te
new file mode 100644
-index 0000000..821e158
+index 000000000..821e158a5
--- /dev/null
+++ b/sslh.te
@@ -0,0 +1,100 @@
@@ -105715,7 +105715,7 @@ index 0000000..821e158
+')
+
diff --git a/sssd.fc b/sssd.fc
-index dbb005a..e760512 100644
+index dbb005aca..e76051244 100644
--- a/sssd.fc
+++ b/sssd.fc
@@ -1,15 +1,28 @@
@@ -105754,7 +105754,7 @@ index dbb005a..e760512 100644
+/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)
+/var/run/secrets.socket gen_context(system_u:object_r:sssd_var_run_t,s0)
diff --git a/sssd.if b/sssd.if
-index a240455..277f8f2 100644
+index a24045518..277f8f278 100644
--- a/sssd.if
+++ b/sssd.if
@@ -1,21 +1,21 @@
@@ -106213,7 +106213,7 @@ index a240455..277f8f2 100644
- admin_pattern($1, sssd_log_t)
')
diff --git a/sssd.te b/sssd.te
-index 2d8db1f..dea44e9 100644
+index 2d8db1fa3..dea44e94d 100644
--- a/sssd.te
+++ b/sssd.te
@@ -28,19 +28,31 @@ logging_log_file(sssd_var_log_t)
@@ -106406,7 +106406,7 @@ index 2d8db1f..dea44e9 100644
+
diff --git a/stapserver.fc b/stapserver.fc
new file mode 100644
-index 0000000..0ccce59
+index 000000000..0ccce5918
--- /dev/null
+++ b/stapserver.fc
@@ -0,0 +1,7 @@
@@ -106419,7 +106419,7 @@ index 0000000..0ccce59
+/var/run/stap-server(/.*)? gen_context(system_u:object_r:stapserver_var_run_t,s0)
diff --git a/stapserver.if b/stapserver.if
new file mode 100644
-index 0000000..80c6480
+index 000000000..80c648055
--- /dev/null
+++ b/stapserver.if
@@ -0,0 +1,151 @@
@@ -106578,7 +106578,7 @@ diff --git a/systemtap.te b/stapserver.te
similarity index 64%
rename from systemtap.te
rename to stapserver.te
-index ffde368..20b924b 100644
+index ffde36864..20b924bbc 100644
--- a/systemtap.te
+++ b/stapserver.te
@@ -1,4 +1,4 @@
@@ -106702,7 +106702,7 @@ index ffde368..20b924b 100644
')
+
diff --git a/stunnel.fc b/stunnel.fc
-index 49dd63c..ae2e798 100644
+index 49dd63ca1..ae2e798f5 100644
--- a/stunnel.fc
+++ b/stunnel.fc
@@ -5,3 +5,5 @@
@@ -106712,7 +106712,7 @@ index 49dd63c..ae2e798 100644
+
+/var/log/stunnel.* -- gen_context(system_u:object_r:stunnel_log_t,s0)
diff --git a/stunnel.te b/stunnel.te
-index 27a8480..5482c75 100644
+index 27a8480bc..5482c7549 100644
--- a/stunnel.te
+++ b/stunnel.te
@@ -12,6 +12,9 @@ init_daemon_domain(stunnel_t, stunnel_exec_t)
@@ -106767,7 +106767,7 @@ index 27a8480..5482c75 100644
+
allow stunnel_t stunnel_port_t:tcp_socket name_bind;
diff --git a/svnserve.fc b/svnserve.fc
-index effffd0..12ca090 100644
+index effffd028..12ca090e1 100644
--- a/svnserve.fc
+++ b/svnserve.fc
@@ -1,8 +1,13 @@
@@ -106790,7 +106790,7 @@ index effffd0..12ca090 100644
+/var/subversion/repo(/.*)? gen_context(system_u:object_r:svnserve_content_t,s0)
+/var/lib/subversion/repo(/.*)? gen_context(system_u:object_r:svnserve_content_t,s0)
diff --git a/svnserve.if b/svnserve.if
-index 2ac91b6..a97033d 100644
+index 2ac91b6e0..a97033d2b 100644
--- a/svnserve.if
+++ b/svnserve.if
@@ -1,35 +1,119 @@
@@ -106927,7 +106927,7 @@ index 2ac91b6..a97033d 100644
')
+
diff --git a/svnserve.te b/svnserve.te
-index 49d688d..451a647 100644
+index 49d688d66..451a64768 100644
--- a/svnserve.te
+++ b/svnserve.te
@@ -12,12 +12,18 @@ init_daemon_domain(svnserve_t, svnserve_exec_t)
@@ -106985,7 +106985,7 @@ index 49d688d..451a647 100644
sysnet_dns_name_resolve(svnserve_t)
diff --git a/swift.fc b/swift.fc
new file mode 100644
-index 0000000..6d897bc
+index 000000000..6d897bc25
--- /dev/null
+++ b/swift.fc
@@ -0,0 +1,36 @@
@@ -107027,7 +107027,7 @@ index 0000000..6d897bc
+')
diff --git a/swift.if b/swift.if
new file mode 100644
-index 0000000..af26807
+index 000000000..af26807a7
--- /dev/null
+++ b/swift.if
@@ -0,0 +1,156 @@
@@ -107189,7 +107189,7 @@ index 0000000..af26807
+')
diff --git a/swift.te b/swift.te
new file mode 100644
-index 0000000..c2f086f
+index 000000000..c2f086fe7
--- /dev/null
+++ b/swift.te
@@ -0,0 +1,129 @@
@@ -107324,14 +107324,14 @@ index 0000000..c2f086f
+')
diff --git a/swift_alias.fc b/swift_alias.fc
new file mode 100644
-index 0000000..b7db254
+index 000000000..b7db25411
--- /dev/null
+++ b/swift_alias.fc
@@ -0,0 +1 @@
+# Empty
diff --git a/swift_alias.if b/swift_alias.if
new file mode 100644
-index 0000000..3fed1a3
+index 000000000..3fed1a374
--- /dev/null
+++ b/swift_alias.if
@@ -0,0 +1,2 @@
@@ -107339,7 +107339,7 @@ index 0000000..3fed1a3
+## swift_alias policy module
diff --git a/swift_alias.te b/swift_alias.te
new file mode 100644
-index 0000000..6e39c4f
+index 000000000..6e39c4fff
--- /dev/null
+++ b/swift_alias.te
@@ -0,0 +1,26 @@
@@ -107370,7 +107370,7 @@ index 0000000..6e39c4f
+
+
diff --git a/sxid.te b/sxid.te
-index 01a9d0a..154872e 100644
+index 01a9d0acd..154872e4b 100644
--- a/sxid.te
+++ b/sxid.te
@@ -40,7 +40,6 @@ kernel_read_kernel_sysctls(sxid_t)
@@ -107400,7 +107400,7 @@ index 01a9d0a..154872e 100644
userdom_dontaudit_use_unpriv_user_fds(sxid_t)
diff --git a/sysstat.te b/sysstat.te
-index b92f677..a2690e3 100644
+index b92f6775a..a2690e315 100644
--- a/sysstat.te
+++ b/sysstat.te
@@ -20,13 +20,11 @@ logging_log_file(sysstat_log_t)
@@ -107457,7 +107457,7 @@ index b92f677..a2690e3 100644
+
diff --git a/systemtap.fc b/systemtap.fc
deleted file mode 100644
-index 1710cbb..0000000
+index 1710cbbe8..000000000
--- a/systemtap.fc
+++ /dev/null
@@ -1,11 +0,0 @@
@@ -107474,7 +107474,7 @@ index 1710cbb..0000000
-/var/run/stap-server(/.*)? gen_context(system_u:object_r:stapserver_var_run_t,s0)
diff --git a/systemtap.if b/systemtap.if
deleted file mode 100644
-index c755e2d..0000000
+index c755e2d93..000000000
--- a/systemtap.if
+++ /dev/null
@@ -1,45 +0,0 @@
@@ -107525,7 +107525,7 @@ index c755e2d..0000000
-')
diff --git a/targetd.fc b/targetd.fc
new file mode 100644
-index 0000000..c1ef053
+index 000000000..c1ef0535f
--- /dev/null
+++ b/targetd.fc
@@ -0,0 +1,5 @@
@@ -107536,7 +107536,7 @@ index 0000000..c1ef053
+/usr/lib/systemd/system/targetd.* -- gen_context(system_u:object_r:targetd_unit_file_t,s0)
diff --git a/targetd.if b/targetd.if
new file mode 100644
-index 0000000..a6e216c
+index 000000000..a6e216c73
--- /dev/null
+++ b/targetd.if
@@ -0,0 +1,167 @@
@@ -107709,7 +107709,7 @@ index 0000000..a6e216c
+
diff --git a/targetd.te b/targetd.te
new file mode 100644
-index 0000000..0315421
+index 000000000..0315421e5
--- /dev/null
+++ b/targetd.te
@@ -0,0 +1,81 @@
@@ -107795,7 +107795,7 @@ index 0000000..0315421
+')
+
diff --git a/tcpd.te b/tcpd.te
-index 2d6d2c2..db18a80 100644
+index 2d6d2c23d..db18a804b 100644
--- a/tcpd.te
+++ b/tcpd.te
@@ -23,7 +23,6 @@ manage_dirs_pattern(tcpd_t, tcpd_tmp_t, tcpd_tmp_t)
@@ -107824,7 +107824,7 @@ index 2d6d2c2..db18a80 100644
inetd_domtrans_child(tcpd_t)
diff --git a/tcsd.if b/tcsd.if
-index b42ec1d..91b8f71 100644
+index b42ec1d83..91b8f71dc 100644
--- a/tcsd.if
+++ b/tcsd.if
@@ -138,8 +138,11 @@ interface(`tcsd_admin',`
@@ -107841,7 +107841,7 @@ index b42ec1d..91b8f71 100644
tcsd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/tcsd.te b/tcsd.te
-index b26d44a..5a79afd 100644
+index b26d44a8c..5a79afdb5 100644
--- a/tcsd.te
+++ b/tcsd.te
@@ -20,7 +20,7 @@ files_type(tcsd_var_lib_t)
@@ -107867,7 +107867,7 @@ index b26d44a..5a79afd 100644
-
-miscfiles_read_localization(tcsd_t)
diff --git a/telepathy.fc b/telepathy.fc
-index 6c7f8f8..03fc880 100644
+index 6c7f8f8a3..03fc88079 100644
--- a/telepathy.fc
+++ b/telepathy.fc
@@ -1,35 +1,23 @@
@@ -107926,7 +107926,7 @@ index 6c7f8f8..03fc880 100644
+/usr/libexec/telepathy-stream-engine -- gen_context(system_u:object_r:telepathy_stream_engine_exec_t, s0)
+/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0)
diff --git a/telepathy.if b/telepathy.if
-index 42946bc..9f70e4c 100644
+index 42946bc10..9f70e4cf1 100644
--- a/telepathy.if
+++ b/telepathy.if
@@ -2,45 +2,39 @@
@@ -108343,7 +108343,7 @@ index 42946bc..9f70e4c 100644
+ can_exec($1, telepathy_executable)
')
diff --git a/telepathy.te b/telepathy.te
-index 9afcbc9..7b8ddb4 100644
+index 9afcbc95c..7b8ddb489 100644
--- a/telepathy.te
+++ b/telepathy.te
@@ -2,28 +2,27 @@ policy_module(telepathy, 1.4.2)
@@ -108914,7 +108914,7 @@ index 9afcbc9..7b8ddb4 100644
xserver_rw_xdm_pipes(telepathy_domain)
')
diff --git a/telnet.te b/telnet.te
-index d7c8633..0d3d439 100644
+index d7c863369..0d3d4392a 100644
--- a/telnet.te
+++ b/telnet.te
@@ -27,19 +27,22 @@ files_pid_file(telnetd_var_run_t)
@@ -108984,7 +108984,7 @@ index d7c8633..0d3d439 100644
kerberos_use(telnetd_t)
')
diff --git a/tftp.fc b/tftp.fc
-index 3dd87da..0d13384 100644
+index 3dd87daf5..0d13384b0 100644
--- a/tftp.fc
+++ b/tftp.fc
@@ -1,9 +1,9 @@
@@ -109002,7 +109002,7 @@ index 3dd87da..0d13384 100644
-/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_rw_t,s0)
+/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_rw_t,s0)
diff --git a/tftp.if b/tftp.if
-index 9957e30..51af586 100644
+index 9957e300d..51af58690 100644
--- a/tftp.if
+++ b/tftp.if
@@ -1,8 +1,8 @@
@@ -109288,7 +109288,7 @@ index 9957e30..51af586 100644
+ tftp_manage_config($1)
')
diff --git a/tftp.te b/tftp.te
-index cfaa2a1..a9bc6f1 100644
+index cfaa2a19c..a9bc6f1ff 100644
--- a/tftp.te
+++ b/tftp.te
@@ -6,30 +6,24 @@ policy_module(tftp, 1.13.0)
@@ -109456,7 +109456,7 @@ index cfaa2a1..a9bc6f1 100644
optional_policy(`
diff --git a/tgtd.fc b/tgtd.fc
-index 38389e6..ae0f9ab 100644
+index 38389e675..ae0f9ab51 100644
--- a/tgtd.fc
+++ b/tgtd.fc
@@ -1,7 +1,4 @@
@@ -109472,7 +109472,7 @@ index 38389e6..ae0f9ab 100644
+/var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t,s0)
+/var/run/tgtd.* gen_context(system_u:object_r:tgtd_var_run_t,s0)
diff --git a/tgtd.if b/tgtd.if
-index 5406b6e..dc5b46e 100644
+index 5406b6ee8..dc5b46e28 100644
--- a/tgtd.if
+++ b/tgtd.if
@@ -97,6 +97,6 @@ interface(`tgtd_admin',`
@@ -109484,7 +109484,7 @@ index 5406b6e..dc5b46e 100644
admin_pattern($1, tgtd_tmpfs_t)
')
diff --git a/tgtd.te b/tgtd.te
-index d010963..7308fa9 100644
+index d01096386..7308fa94b 100644
--- a/tgtd.te
+++ b/tgtd.te
@@ -29,8 +29,8 @@ files_pid_file(tgtd_var_run_t)
@@ -109538,7 +109538,7 @@ index d010963..7308fa9 100644
')
diff --git a/thin.fc b/thin.fc
new file mode 100644
-index 0000000..1f8a908
+index 000000000..1f8a9086c
--- /dev/null
+++ b/thin.fc
@@ -0,0 +1,12 @@
@@ -109556,7 +109556,7 @@ index 0000000..1f8a908
+/var/run/thin(/.*)? gen_context(system_u:object_r:thin_var_run_t,s0)
diff --git a/thin.if b/thin.if
new file mode 100644
-index 0000000..5e3637e
+index 000000000..5e3637e63
--- /dev/null
+++ b/thin.if
@@ -0,0 +1,64 @@
@@ -109626,7 +109626,7 @@ index 0000000..5e3637e
+')
diff --git a/thin.te b/thin.te
new file mode 100644
-index 0000000..e66fc8c
+index 000000000..e66fc8c34
--- /dev/null
+++ b/thin.te
@@ -0,0 +1,115 @@
@@ -109747,7 +109747,7 @@ index 0000000..e66fc8c
+files_pid_filetrans(thin_aeolus_configserver_t, thin_aeolus_configserver_var_run_t, { dir file })
diff --git a/thumb.fc b/thumb.fc
new file mode 100644
-index 0000000..115bf6c
+index 000000000..115bf6c42
--- /dev/null
+++ b/thumb.fc
@@ -0,0 +1,17 @@
@@ -109770,7 +109770,7 @@ index 0000000..115bf6c
+/usr/lib/tumbler-?[^/]*/tumblerd -- gen_context(system_u:object_r:thumb_exec_t,s0)
diff --git a/thumb.if b/thumb.if
new file mode 100644
-index 0000000..9524b50
+index 000000000..9524b50aa
--- /dev/null
+++ b/thumb.if
@@ -0,0 +1,134 @@
@@ -109910,7 +109910,7 @@ index 0000000..9524b50
+')
diff --git a/thumb.te b/thumb.te
new file mode 100644
-index 0000000..d366c8b
+index 000000000..d366c8b37
--- /dev/null
+++ b/thumb.te
@@ -0,0 +1,168 @@
@@ -110083,7 +110083,7 @@ index 0000000..d366c8b
+ corenet_dontaudit_udp_bind_generic_node(thumb_t)
+')
diff --git a/thunderbird.te b/thunderbird.te
-index 5e867da..b25ea6e 100644
+index 5e867da56..b25ea6e08 100644
--- a/thunderbird.te
+++ b/thunderbird.te
@@ -53,7 +53,6 @@ kernel_read_system_state(thunderbird_t)
@@ -110138,7 +110138,7 @@ index 5e867da..b25ea6e 100644
ifndef(`enable_mls',`
fs_search_removable(thunderbird_t)
diff --git a/timidity.te b/timidity.te
-index 97cd155..49321a5 100644
+index 97cd15589..49321a5bf 100644
--- a/timidity.te
+++ b/timidity.te
@@ -36,7 +36,6 @@ fs_tmpfs_filetrans(timidity_t, timidity_tmpfs_t, { dir file lnk_file sock_file f
@@ -110160,7 +110160,7 @@ index 97cd155..49321a5 100644
fs_search_auto_mountpoints(timidity_t)
diff --git a/tlp.fc b/tlp.fc
new file mode 100644
-index 0000000..eef708d
+index 000000000..eef708d92
--- /dev/null
+++ b/tlp.fc
@@ -0,0 +1,7 @@
@@ -110173,7 +110173,7 @@ index 0000000..eef708d
+/var/run/tlp(/.*)? gen_context(system_u:object_r:tlp_var_run_t,s0)
diff --git a/tlp.if b/tlp.if
new file mode 100644
-index 0000000..368e188
+index 000000000..368e18842
--- /dev/null
+++ b/tlp.if
@@ -0,0 +1,184 @@
@@ -110363,7 +110363,7 @@ index 0000000..368e188
+')
diff --git a/tlp.te b/tlp.te
new file mode 100644
-index 0000000..f31ed95
+index 000000000..f31ed95d7
--- /dev/null
+++ b/tlp.te
@@ -0,0 +1,74 @@
@@ -110442,7 +110442,7 @@ index 0000000..f31ed95
+ mount_domtrans(tlp_t)
+')
diff --git a/tmpreaper.te b/tmpreaper.te
-index 585a77f..a7cb326 100644
+index 585a77f95..a7cb3263d 100644
--- a/tmpreaper.te
+++ b/tmpreaper.te
@@ -5,9 +5,34 @@ policy_module(tmpreaper, 1.7.1)
@@ -110593,7 +110593,7 @@ index 585a77f..a7cb326 100644
+
diff --git a/tomcat.fc b/tomcat.fc
new file mode 100644
-index 0000000..ae28ea3
+index 000000000..ae28ea326
--- /dev/null
+++ b/tomcat.fc
@@ -0,0 +1,12 @@
@@ -110611,7 +110611,7 @@ index 0000000..ae28ea3
+/var/run/tomcat6?\.pid -- gen_context(system_u:object_r:tomcat_var_run_t,s0)
diff --git a/tomcat.if b/tomcat.if
new file mode 100644
-index 0000000..e5cec8f
+index 000000000..e5cec8fda
--- /dev/null
+++ b/tomcat.if
@@ -0,0 +1,396 @@
@@ -111013,7 +111013,7 @@ index 0000000..e5cec8f
+')
diff --git a/tomcat.te b/tomcat.te
new file mode 100644
-index 0000000..be57360
+index 000000000..be573608d
--- /dev/null
+++ b/tomcat.te
@@ -0,0 +1,68 @@
@@ -111086,7 +111086,7 @@ index 0000000..be57360
+ tomcat_search_lib(tomcat_domain)
+')
diff --git a/tor.fc b/tor.fc
-index dce42ec..b6b67bf 100644
+index dce42ecc5..b6b67bffe 100644
--- a/tor.fc
+++ b/tor.fc
@@ -5,6 +5,8 @@
@@ -111099,7 +111099,7 @@ index dce42ec..b6b67bf 100644
/var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
diff --git a/tor.if b/tor.if
-index 61c2e07..3b86095 100644
+index 61c2e07d6..3b860953c 100644
--- a/tor.if
+++ b/tor.if
@@ -19,6 +19,30 @@ interface(`tor_domtrans',`
@@ -111169,7 +111169,7 @@ index 61c2e07..3b86095 100644
+ ')
')
diff --git a/tor.te b/tor.te
-index 5ceacde..a395940 100644
+index 5ceacde8c..a3959403d 100644
--- a/tor.te
+++ b/tor.te
@@ -13,6 +13,20 @@ policy_module(tor, 1.9.0)
@@ -111269,7 +111269,7 @@ index 5ceacde..a395940 100644
seutil_sigchld_newrole(tor_t)
')
diff --git a/transproxy.te b/transproxy.te
-index 34973ee..1c9a4c6 100644
+index 34973ee4c..1c9a4c613 100644
--- a/transproxy.te
+++ b/transproxy.te
@@ -32,7 +32,6 @@ kernel_read_kernel_sysctls(transproxy_t)
@@ -111297,7 +111297,7 @@ index 34973ee..1c9a4c6 100644
userdom_dontaudit_use_unpriv_user_fds(transproxy_t)
diff --git a/tripwire.te b/tripwire.te
-index 03aa6b7..53c0c73 100644
+index 03aa6b7f0..53c0c7366 100644
--- a/tripwire.te
+++ b/tripwire.te
@@ -47,7 +47,7 @@ role twprint_roles types twprint_t;
@@ -111349,7 +111349,7 @@ index 03aa6b7..53c0c73 100644
-userdom_use_user_terminals(siggen_t)
+userdom_use_inherited_user_terminals(siggen_t)
diff --git a/tuned.if b/tuned.if
-index e29db63..061fb98 100644
+index e29db63a2..061fb983c 100644
--- a/tuned.if
+++ b/tuned.if
@@ -119,9 +119,13 @@ interface(`tuned_admin',`
@@ -111368,7 +111368,7 @@ index e29db63..061fb98 100644
domain_system_change_exemption($1)
role_transition $2 tuned_initrc_exec_t system_r;
diff --git a/tuned.te b/tuned.te
-index 393a330..76390e2 100644
+index 393a33073..76390e2f6 100644
--- a/tuned.te
+++ b/tuned.te
@@ -21,6 +21,9 @@ files_config_file(tuned_rw_etc_t)
@@ -111512,7 +111512,7 @@ index 393a330..76390e2 100644
+ unconfined_domain(tuned_t)
+')
diff --git a/tvtime.if b/tvtime.if
-index 1bb0f7c..372be2f 100644
+index 1bb0f7c78..372be2f21 100644
--- a/tvtime.if
+++ b/tvtime.if
@@ -1,5 +1,23 @@
@@ -111540,7 +111540,7 @@ index 1bb0f7c..372be2f 100644
##
## Role access for tvtime
diff --git a/tvtime.te b/tvtime.te
-index afd2d6c..3ce900e 100644
+index afd2d6c3f..3ce900e99 100644
--- a/tvtime.te
+++ b/tvtime.te
@@ -42,7 +42,6 @@ allow tvtime_t self:unix_stream_socket rw_stream_socket_perms;
@@ -111586,7 +111586,7 @@ index afd2d6c..3ce900e 100644
optional_policy(`
xserver_user_x_domain_template(tvtime, tvtime_t, tvtime_tmpfs_t)
diff --git a/tzdata.te b/tzdata.te
-index 221c43b..2b9c49a 100644
+index 221c43b84..2b9c49ac1 100644
--- a/tzdata.te
+++ b/tzdata.te
@@ -27,11 +27,10 @@ term_dontaudit_list_ptys(tzdata_t)
@@ -111603,7 +111603,7 @@ index 221c43b..2b9c49a 100644
optional_policy(`
postfix_search_spool(tzdata_t)
diff --git a/ucspitcp.te b/ucspitcp.te
-index 7745b72..329c3d8 100644
+index 7745b72e6..329c3d899 100644
--- a/ucspitcp.te
+++ b/ucspitcp.te
@@ -33,7 +33,6 @@ corenet_udp_sendrecv_all_ports(rblsmtpd_t)
@@ -111624,7 +111624,7 @@ index 7745b72..329c3d8 100644
sysnet_read_config(ucspitcp_t)
diff --git a/udisks2.fc b/udisks2.fc
new file mode 100644
-index 0000000..c8aa54d
+index 000000000..c8aa54dab
--- /dev/null
+++ b/udisks2.fc
@@ -0,0 +1,8 @@
@@ -111638,7 +111638,7 @@ index 0000000..c8aa54d
+/var/run/udisks2(/.*)? gen_context(system_u:object_r:udisks2_var_run_t,s0)
diff --git a/udisks2.if b/udisks2.if
new file mode 100644
-index 0000000..45304ea
+index 000000000..45304ea1a
--- /dev/null
+++ b/udisks2.if
@@ -0,0 +1,206 @@
@@ -111850,7 +111850,7 @@ index 0000000..45304ea
+')
diff --git a/udisks2.te b/udisks2.te
new file mode 100644
-index 0000000..5312470
+index 000000000..531247064
--- /dev/null
+++ b/udisks2.te
@@ -0,0 +1,57 @@
@@ -111912,7 +111912,7 @@ index 0000000..5312470
+ policykit_dbus_chat(udisks2_t)
+')
diff --git a/ulogd.if b/ulogd.if
-index 9b95c3e..a892845 100644
+index 9b95c3ef7..a892845bb 100644
--- a/ulogd.if
+++ b/ulogd.if
@@ -123,8 +123,11 @@ interface(`ulogd_admin',`
@@ -111929,7 +111929,7 @@ index 9b95c3e..a892845 100644
init_labeled_script_domtrans($1, ulogd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/ulogd.te b/ulogd.te
-index de35e5f..91cac11 100644
+index de35e5f4c..91cac1110 100644
--- a/ulogd.te
+++ b/ulogd.te
@@ -29,8 +29,11 @@ logging_log_file(ulogd_var_log_t)
@@ -111958,7 +111958,7 @@ index de35e5f..91cac11 100644
sysnet_dns_name_resolve(ulogd_t)
diff --git a/uml.if b/uml.if
-index ab5c1d0..d13105e 100644
+index ab5c1d0da..d13105ea7 100644
--- a/uml.if
+++ b/uml.if
@@ -32,7 +32,7 @@ interface(`uml_role',`
@@ -111971,7 +111971,7 @@ index ab5c1d0..d13105e 100644
allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_exec_t }:dir { manage_dir_perms relabel_dir_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_tmpfs_t uml_exec_t }:file { manage_file_perms relabel_file_perms };
diff --git a/uml.te b/uml.te
-index b68bd49..da0c691 100644
+index b68bd49ff..da0c6912f 100644
--- a/uml.te
+++ b/uml.te
@@ -90,7 +90,6 @@ kernel_write_proc_files(uml_t)
@@ -112018,7 +112018,7 @@ index b68bd49..da0c691 100644
userdom_dontaudit_search_user_home_dirs(uml_switch_t)
diff --git a/updfstab.te b/updfstab.te
-index 5ceb912..232e9ac 100644
+index 5ceb91249..232e9ac93 100644
--- a/updfstab.te
+++ b/updfstab.te
@@ -14,7 +14,7 @@ init_system_domain(updfstab_t, updfstab_exec_t)
@@ -112052,7 +112052,7 @@ index 5ceb912..232e9ac 100644
optional_policy(`
dbus_system_bus_client(updfstab_t)
diff --git a/uptime.if b/uptime.if
-index 01a3234..19f4724 100644
+index 01a3234b6..19f472475 100644
--- a/uptime.if
+++ b/uptime.if
@@ -19,7 +19,7 @@
@@ -112065,7 +112065,7 @@ index 01a3234..19f4724 100644
')
diff --git a/uptime.te b/uptime.te
-index 58397dc..e6b6a34 100644
+index 58397dc31..e6b6a3472 100644
--- a/uptime.te
+++ b/uptime.te
@@ -16,7 +16,7 @@ type uptimed_initrc_exec_t;
@@ -112087,7 +112087,7 @@ index 58397dc..e6b6a34 100644
userdom_dontaudit_search_user_home_dirs(uptimed_t)
diff --git a/usbmodules.te b/usbmodules.te
-index 279e511..4f79ad6 100644
+index 279e511df..4f79ad697 100644
--- a/usbmodules.te
+++ b/usbmodules.te
@@ -24,8 +24,6 @@ files_list_kernel_modules(usbmodules_t)
@@ -112116,7 +112116,7 @@ index 279e511..4f79ad6 100644
+ modutils_read_module_deps(usbmodules_t)
+')
diff --git a/usbmuxd.fc b/usbmuxd.fc
-index 220f6ad..ccbb5da 100644
+index 220f6add1..ccbb5dabc 100644
--- a/usbmuxd.fc
+++ b/usbmuxd.fc
@@ -1,3 +1,6 @@
@@ -112128,7 +112128,7 @@ index 220f6ad..ccbb5da 100644
+
+/var/lib/lockdown(/.*)? gen_context(system_u:object_r:usbmuxd_var_lib_t,s0)
diff --git a/usbmuxd.if b/usbmuxd.if
-index 1ec5e99..5b6c80b 100644
+index 1ec5e996b..5b6c80bba 100644
--- a/usbmuxd.if
+++ b/usbmuxd.if
@@ -38,3 +38,67 @@ interface(`usbmuxd_stream_connect',`
@@ -112200,7 +112200,7 @@ index 1ec5e99..5b6c80b 100644
+ allow $1 usbmuxd_unit_file_t:service all_service_perms;
+')
diff --git a/usbmuxd.te b/usbmuxd.te
-index 34a8917..933baa4 100644
+index 34a891755..933baa42d 100644
--- a/usbmuxd.te
+++ b/usbmuxd.te
@@ -10,34 +10,58 @@ roleattribute system_r usbmuxd_roles;
@@ -112267,7 +112267,7 @@ index 34a8917..933baa4 100644
+ virt_dontaudit_read_chr_dev(usbmuxd_t)
+')
diff --git a/userhelper.fc b/userhelper.fc
-index c416a83..cd83b89 100644
+index c416a833e..cd83b89ee 100644
--- a/userhelper.fc
+++ b/userhelper.fc
@@ -1,5 +1,10 @@
@@ -112287,7 +112287,7 @@ index c416a83..cd83b89 100644
+/usr/sbin/userhelper -- gen_context(system_u:object_r:userhelper_exec_t,s0)
+/usr/bin/consolehelper -- gen_context(system_u:object_r:consolehelper_exec_t,s0)
diff --git a/userhelper.if b/userhelper.if
-index 98b51fd..c7e44ca 100644
+index 98b51fd0b..c7e44cada 100644
--- a/userhelper.if
+++ b/userhelper.if
@@ -1,4 +1,4 @@
@@ -112613,7 +112613,7 @@ index 98b51fd..c7e44ca 100644
##
## Execute the consolehelper program
diff --git a/userhelper.te b/userhelper.te
-index 42cfce0..b7e3e25 100644
+index 42cfce06e..b7e3e2532 100644
--- a/userhelper.te
+++ b/userhelper.te
@@ -5,11 +5,8 @@ policy_module(userhelper, 1.8.1)
@@ -112820,7 +112820,7 @@ index 42cfce0..b7e3e25 100644
+ fs_search_cifs(consolehelper_domain)
')
diff --git a/usernetctl.if b/usernetctl.if
-index 7deec55..c542887 100644
+index 7deec55cf..c542887da 100644
--- a/usernetctl.if
+++ b/usernetctl.if
@@ -39,6 +39,7 @@ interface(`usernetctl_domtrans',`
@@ -112832,7 +112832,7 @@ index 7deec55..c542887 100644
')
diff --git a/usernetctl.te b/usernetctl.te
-index f973af8..8606439 100644
+index f973af82b..860643991 100644
--- a/usernetctl.te
+++ b/usernetctl.te
@@ -6,19 +6,19 @@ policy_module(usernetctl, 1.7.0)
@@ -112898,7 +112898,7 @@ index f973af8..8606439 100644
ppp_run(usernetctl_t, usernetctl_roles)
')
diff --git a/uucp.if b/uucp.if
-index af9acc0..cdaf82e 100644
+index af9acc0d3..cdaf82e21 100644
--- a/uucp.if
+++ b/uucp.if
@@ -90,11 +90,6 @@ interface(`uucp_domtrans_uux',`
@@ -112934,7 +112934,7 @@ index af9acc0..cdaf82e 100644
admin_pattern($1, uucpd_log_t)
diff --git a/uucp.te b/uucp.te
-index 849f607..e01ec6d 100644
+index 849f607b1..e01ec6d2e 100644
--- a/uucp.te
+++ b/uucp.te
@@ -31,7 +31,7 @@ type uucpd_ro_t;
@@ -113007,7 +113007,7 @@ index 849f607..e01ec6d 100644
+ postfix_rw_inherited_master_pipes(uux_t)
+')
diff --git a/uuidd.if b/uuidd.if
-index 6e48653..6abf74a 100644
+index 6e4865333..6abf74a90 100644
--- a/uuidd.if
+++ b/uuidd.if
@@ -148,11 +148,12 @@ interface(`uuidd_read_pid_files',`
@@ -113035,7 +113035,7 @@ index 6e48653..6abf74a 100644
uuidd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/uuidd.te b/uuidd.te
-index f8e52fc..b283c25 100644
+index f8e52fc97..b283c25f7 100644
--- a/uuidd.te
+++ b/uuidd.te
@@ -42,6 +42,4 @@ dev_read_urand(uuidd_t)
@@ -113046,7 +113046,7 @@ index f8e52fc..b283c25 100644
-miscfiles_read_localization(uuidd_t)
diff --git a/uwimap.te b/uwimap.te
-index acdc78a..9e5ee47 100644
+index acdc78ae7..9e5ee472d 100644
--- a/uwimap.te
+++ b/uwimap.te
@@ -20,7 +20,7 @@ files_pid_file(imapd_var_run_t)
@@ -113085,7 +113085,7 @@ index acdc78a..9e5ee47 100644
userdom_dontaudit_use_unpriv_user_fds(imapd_t)
diff --git a/varnishd.if b/varnishd.if
-index 1c35171..2cba4df 100644
+index 1c35171d8..2cba4dfea 100644
--- a/varnishd.if
+++ b/varnishd.if
@@ -153,12 +153,16 @@ interface(`varnishd_manage_log',`
@@ -113122,7 +113122,7 @@ index 1c35171..2cba4df 100644
domain_system_change_exemption($1)
role_transition $2 varnishd_initrc_exec_t system_r;
diff --git a/varnishd.te b/varnishd.te
-index 9d4d8cb..e73bd98 100644
+index 9d4d8cbb0..e73bd982c 100644
--- a/varnishd.te
+++ b/varnishd.te
@@ -21,7 +21,7 @@ type varnishd_initrc_exec_t;
@@ -113172,7 +113172,7 @@ index 9d4d8cb..e73bd98 100644
tunable_policy(`varnishd_connect_any',`
corenet_sendrecv_all_client_packets(varnishd_t)
diff --git a/vbetool.te b/vbetool.te
-index 2a61f75..fa84e40 100644
+index 2a61f7526..fa84e40b9 100644
--- a/vbetool.te
+++ b/vbetool.te
@@ -26,7 +26,8 @@ role vbetool_roles types vbetool_t;
@@ -113194,7 +113194,7 @@ index 2a61f75..fa84e40 100644
tunable_policy(`vbetool_mmap_zero_ignore',`
dontaudit vbetool_t self:memprotect mmap_zero;
diff --git a/vdagent.if b/vdagent.if
-index 31c752e..ef52235 100644
+index 31c752ea6..ef522355b 100644
--- a/vdagent.if
+++ b/vdagent.if
@@ -24,15 +24,15 @@ interface(`vdagent_domtrans',`
@@ -113291,7 +113291,7 @@ index 31c752e..ef52235 100644
init_labeled_script_domtrans($1, vdagentd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/vdagent.te b/vdagent.te
-index 87da8a2..4be1fcb 100644
+index 87da8a24d..4be1fcbda 100644
--- a/vdagent.te
+++ b/vdagent.te
@@ -25,6 +25,7 @@ logging_log_file(vdagent_log_t)
@@ -113336,7 +113336,7 @@ index 87da8a2..4be1fcb 100644
dbus_system_bus_client(vdagent_t)
diff --git a/vhostmd.if b/vhostmd.if
-index 22edd58..c3a5364 100644
+index 22edd58f8..c3a536427 100644
--- a/vhostmd.if
+++ b/vhostmd.if
@@ -216,9 +216,13 @@ interface(`vhostmd_admin',`
@@ -113355,7 +113355,7 @@ index 22edd58..c3a5364 100644
domain_system_change_exemption($1)
role_transition $2 vhostmd_initrc_exec_t system_r;
diff --git a/vhostmd.te b/vhostmd.te
-index 3d11c6a..c5d8428 100644
+index 3d11c6a3d..c5d84287e 100644
--- a/vhostmd.te
+++ b/vhostmd.te
@@ -23,7 +23,7 @@ files_pid_file(vhostmd_var_run_t)
@@ -113391,7 +113391,7 @@ index 3d11c6a..c5d8428 100644
optional_policy(`
diff --git a/virt.fc b/virt.fc
-index a4f20bc..9777de2 100644
+index a4f20bcfc..9777de289 100644
--- a/virt.fc
+++ b/virt.fc
@@ -1,51 +1,109 @@
@@ -113543,7 +113543,7 @@ index a4f20bc..9777de2 100644
+/var/log/qemu-ga\.log.* -- gen_context(system_u:object_r:virt_qemu_ga_log_t,s0)
+/var/log/qemu-ga(/.*)? gen_context(system_u:object_r:virt_qemu_ga_log_t,s0)
diff --git a/virt.if b/virt.if
-index facdee8..43a3fb0 100644
+index facdee8b3..43a3fb03f 100644
--- a/virt.if
+++ b/virt.if
@@ -1,120 +1,111 @@
@@ -115768,7 +115768,7 @@ index facdee8..43a3fb0 100644
+ dgram_send_pattern($1, virt_var_run_t, virt_var_run_t, virtd_t)
')
diff --git a/virt.te b/virt.te
-index f03dcf5..bb06f38 100644
+index f03dcf567..bb06f38a1 100644
--- a/virt.te
+++ b/virt.te
@@ -1,451 +1,414 @@
@@ -118171,7 +118171,7 @@ index f03dcf5..bb06f38 100644
+allow svirt_sandbox_domain container_ro_file_t:file execmod;
+can_exec(svirt_sandbox_domain, container_ro_file_t)
diff --git a/vlock.te b/vlock.te
-index 6b72968..de409cc 100644
+index 6b72968ea..de409cc61 100644
--- a/vlock.te
+++ b/vlock.te
@@ -38,7 +38,7 @@ auth_use_pam(vlock_t)
@@ -118186,7 +118186,7 @@ index 6b72968..de409cc 100644
+userdom_use_inherited_user_terminals(vlock_t)
diff --git a/vmtools.fc b/vmtools.fc
new file mode 100644
-index 0000000..c5deffb
+index 000000000..c5deffb77
--- /dev/null
+++ b/vmtools.fc
@@ -0,0 +1,5 @@
@@ -118197,7 +118197,7 @@ index 0000000..c5deffb
+/usr/lib/systemd/system/vmtoolsd.* -- gen_context(system_u:object_r:vmtools_unit_file_t,s0)
diff --git a/vmtools.if b/vmtools.if
new file mode 100644
-index 0000000..afd0c97
+index 000000000..afd0c9791
--- /dev/null
+++ b/vmtools.if
@@ -0,0 +1,123 @@
@@ -118326,7 +118326,7 @@ index 0000000..afd0c97
+')
diff --git a/vmtools.te b/vmtools.te
new file mode 100644
-index 0000000..f98f288
+index 000000000..f98f2885b
--- /dev/null
+++ b/vmtools.te
@@ -0,0 +1,100 @@
@@ -118431,7 +118431,7 @@ index 0000000..f98f288
+')
+
diff --git a/vmware.if b/vmware.if
-index 20a1fb2..470ea95 100644
+index 20a1fb296..470ea9528 100644
--- a/vmware.if
+++ b/vmware.if
@@ -26,7 +26,11 @@ interface(`vmware_role',`
@@ -118448,7 +118448,7 @@ index 20a1fb2..470ea95 100644
allow $2 { vmware_tmp_t vmware_file_t }:dir { manage_dir_perms relabel_dir_perms };
allow $2 { vmware_conf_t vmware_file_t vmware_tmp_t vmware_tmpfs_t }:file { manage_file_perms relabel_file_perms };
diff --git a/vmware.te b/vmware.te
-index 4ad1894..b589158 100644
+index 4ad18944a..b5891580a 100644
--- a/vmware.te
+++ b/vmware.te
@@ -65,7 +65,8 @@ ifdef(`enable_mcs',`
@@ -118554,7 +118554,7 @@ index 4ad1894..b589158 100644
sysnet_dns_name_resolve(vmware_t)
diff --git a/vnstatd.if b/vnstatd.if
-index 137ac44..b644854 100644
+index 137ac4458..b644854c9 100644
--- a/vnstatd.if
+++ b/vnstatd.if
@@ -157,7 +157,6 @@ interface(`vnstatd_manage_lib_files',`
@@ -118581,7 +118581,7 @@ index 137ac44..b644854 100644
domain_system_change_exemption($1)
role_transition $2 vnstatd_initrc_exec_t system_r;
diff --git a/vnstatd.te b/vnstatd.te
-index e2220ae..85f393b 100644
+index e2220ae7f..85f393b41 100644
--- a/vnstatd.te
+++ b/vnstatd.te
@@ -36,7 +36,7 @@ allow vnstatd_t self:unix_stream_socket { accept listen };
@@ -118638,7 +118638,7 @@ index e2220ae..85f393b 100644
cron_system_entry(vnstat_t, vnstat_exec_t)
')
diff --git a/vpn.fc b/vpn.fc
-index 524ac2f..076dcc3 100644
+index 524ac2f76..076dcc3e6 100644
--- a/vpn.fc
+++ b/vpn.fc
@@ -1,7 +1,13 @@
@@ -118659,7 +118659,7 @@ index 524ac2f..076dcc3 100644
-/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
+/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
diff --git a/vpn.if b/vpn.if
-index 7a7f342..afedcba 100644
+index 7a7f34297..afedcba80 100644
--- a/vpn.if
+++ b/vpn.if
@@ -1,8 +1,8 @@
@@ -118736,7 +118736,7 @@ index 7a7f342..afedcba 100644
##
##
diff --git a/vpn.te b/vpn.te
-index 95b26d1..3d74e70 100644
+index 95b26d126..3d74e70cc 100644
--- a/vpn.te
+++ b/vpn.te
@@ -6,6 +6,7 @@ policy_module(vpn, 1.16.0)
@@ -118851,7 +118851,7 @@ index 95b26d1..3d74e70 100644
+ networkmanager_manage_pid_files(vpnc_t)
')
diff --git a/w3c.fc b/w3c.fc
-index 463c799..227feaf 100644
+index 463c799f4..227feaf34 100644
--- a/w3c.fc
+++ b/w3c.fc
@@ -1,4 +1,4 @@
@@ -118863,7 +118863,7 @@ index 463c799..227feaf 100644
+/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:w3c_validator_content_t,s0)
+/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:w3c_validator_script_exec_t,s0)
diff --git a/w3c.te b/w3c.te
-index b14d6a9..d7c7938 100644
+index b14d6a948..d7c79382d 100644
--- a/w3c.te
+++ b/w3c.te
@@ -6,29 +6,37 @@ policy_module(w3c, 1.1.0)
@@ -118920,7 +118920,7 @@ index b14d6a9..d7c7938 100644
-sysnet_dns_name_resolve(httpd_w3c_validator_script_t)
+sysnet_dns_name_resolve(w3c_validator_script_t)
diff --git a/watchdog.fc b/watchdog.fc
-index eecd0e0..8df2e8c 100644
+index eecd0e03b..8df2e8ce7 100644
--- a/watchdog.fc
+++ b/watchdog.fc
@@ -1,7 +1,12 @@
@@ -118937,7 +118937,7 @@ index eecd0e0..8df2e8c 100644
/var/run/watchdog\.pid -- gen_context(system_u:object_r:watchdog_var_run_t,s0)
diff --git a/watchdog.if b/watchdog.if
-index 6461a77..8fda2dd 100644
+index 6461a7746..8fda2dd71 100644
--- a/watchdog.if
+++ b/watchdog.if
@@ -37,3 +37,21 @@ interface(`watchdog_admin',`
@@ -118963,7 +118963,7 @@ index 6461a77..8fda2dd 100644
+ read_lnk_files_pattern($1,watchdog_unconfined_exec_t, watchdog_unconfined_exec_t)
+')
diff --git a/watchdog.te b/watchdog.te
-index 3548317..fc3da17 100644
+index 3548317cf..fc3da17d6 100644
--- a/watchdog.te
+++ b/watchdog.te
@@ -12,34 +12,47 @@ init_daemon_domain(watchdog_t, watchdog_exec_t)
@@ -119092,7 +119092,7 @@ index 3548317..fc3da17 100644
+ ')
+')
diff --git a/wdmd.fc b/wdmd.fc
-index 66f11f7..e051997 100644
+index 66f11f724..e051997a6 100644
--- a/wdmd.fc
+++ b/wdmd.fc
@@ -1,5 +1,7 @@
@@ -119106,7 +119106,7 @@ index 66f11f7..e051997 100644
-/var/run/wdmd(/.*)? gen_context(system_u:object_r:wdmd_var_run_t,s0)
diff --git a/wdmd.if b/wdmd.if
-index 1e3aec0..d17ff39 100644
+index 1e3aec07f..d17ff392f 100644
--- a/wdmd.if
+++ b/wdmd.if
@@ -1,29 +1,47 @@
@@ -119250,7 +119250,7 @@ index 1e3aec0..d17ff39 100644
+
')
diff --git a/wdmd.te b/wdmd.te
-index 4815a93..24dcf51 100644
+index 4815a93f4..24dcf5174 100644
--- a/wdmd.te
+++ b/wdmd.te
@@ -45,16 +45,15 @@ corecmd_exec_shell(wdmd_t)
@@ -119275,7 +119275,7 @@ index 4815a93..24dcf51 100644
+ rhcs_rw_cluster_tmpfs(wdmd_t)
')
diff --git a/webadm.te b/webadm.te
-index 2a6cae7..6d0a2a1 100644
+index 2a6cae773..6d0a2a1c5 100644
--- a/webadm.te
+++ b/webadm.te
@@ -25,6 +25,9 @@ role webadm_r;
@@ -119313,7 +119313,7 @@ index 2a6cae7..6d0a2a1 100644
tunable_policy(`webadm_manage_user_files',`
userdom_manage_user_home_content_files(webadm_t)
diff --git a/webalizer.fc b/webalizer.fc
-index 64baf67..76c753b 100644
+index 64baf679e..76c753b1a 100644
--- a/webalizer.fc
+++ b/webalizer.fc
@@ -6,4 +6,4 @@
@@ -119323,7 +119323,7 @@ index 64baf67..76c753b 100644
-/var/www/usage(/.*)? gen_context(system_u:object_r:httpd_webalizer_content_t,s0)
+/var/www/usage(/.*)? gen_context(system_u:object_r:webalizer_rw_content_t,s0)
diff --git a/webalizer.te b/webalizer.te
-index ae919b9..cdd9359 100644
+index ae919b9a5..cdd9359d1 100644
--- a/webalizer.te
+++ b/webalizer.te
@@ -33,7 +33,7 @@ files_type(webalizer_write_t)
@@ -119379,7 +119379,7 @@ index ae919b9..cdd9359 100644
optional_policy(`
diff --git a/wine.if b/wine.if
-index fd2b6cc..9c4f14b 100644
+index fd2b6cc1e..9c4f14b88 100644
--- a/wine.if
+++ b/wine.if
@@ -1,46 +1,58 @@
@@ -119554,7 +119554,7 @@ index fd2b6cc..9c4f14b 100644
+')
+
diff --git a/wine.te b/wine.te
-index 491b87b..2a79df4 100644
+index 491b87b44..2a79df407 100644
--- a/wine.te
+++ b/wine.te
@@ -14,10 +14,11 @@ policy_module(wine, 1.11.0)
@@ -119656,7 +119656,7 @@ index 491b87b..2a79df4 100644
')
+
diff --git a/wireshark.te b/wireshark.te
-index ff6ef38..436d3bf 100644
+index ff6ef3859..436d3bf5a 100644
--- a/wireshark.te
+++ b/wireshark.te
@@ -34,7 +34,7 @@ userdom_user_tmpfs_file(wireshark_tmpfs_t)
@@ -119711,7 +119711,7 @@ index ff6ef38..436d3bf 100644
optional_policy(`
userhelper_use_fd(wireshark_t)
diff --git a/wm.fc b/wm.fc
-index 304ae09..c1d10a1 100644
+index 304ae09d3..c1d10a11b 100644
--- a/wm.fc
+++ b/wm.fc
@@ -1,4 +1,4 @@
@@ -119721,7 +119721,7 @@ index 304ae09..c1d10a1 100644
-/usr/bin/twm -- gen_context(system_u:object_r:wm_exec_t,s0)
+/usr/bin/twm -- gen_context(system_u:object_r:wm_exec_t,s0)
diff --git a/wm.if b/wm.if
-index 95f888d..48fe249 100644
+index 95f888d16..48fe249e1 100644
--- a/wm.if
+++ b/wm.if
@@ -1,4 +1,4 @@
@@ -119856,7 +119856,7 @@ index 95f888d..48fe249 100644
- allow $1_wm_t $2:dbus send_msg;
-')
diff --git a/wm.te b/wm.te
-index 638d10f..5fb9960 100644
+index 638d10fc6..5fb996008 100644
--- a/wm.te
+++ b/wm.te
@@ -1,12 +1,12 @@
@@ -119970,7 +119970,7 @@ index 638d10f..5fb9960 100644
+ xserver_manage_core_devices(wm_domain)
+')
diff --git a/xen.fc b/xen.fc
-index 42d83b0..651d1cb 100644
+index 42d83b02f..651d1cb61 100644
--- a/xen.fc
+++ b/xen.fc
@@ -1,38 +1,42 @@
@@ -120033,7 +120033,7 @@ index 42d83b0..651d1cb 100644
-/xen(/.*)? gen_context(system_u:object_r:xen_image_t,s0)
+/xen(/.*)? gen_context(system_u:object_r:xen_image_t,s0)
diff --git a/xen.if b/xen.if
-index f93558c..16e29c1 100644
+index f93558c5a..16e29c141 100644
--- a/xen.if
+++ b/xen.if
@@ -1,13 +1,13 @@
@@ -120300,7 +120300,7 @@ index f93558c..16e29c1 100644
files_search_pids($1)
diff --git a/xen.te b/xen.te
-index 6f736a9..c1ba3ba 100644
+index 6f736a993..c1ba3ba4b 100644
--- a/xen.te
+++ b/xen.te
@@ -4,39 +4,31 @@ policy_module(xen, 1.13.0)
@@ -121000,7 +121000,7 @@ index 6f736a9..c1ba3ba 100644
- fs_manage_xenfs_files(xm_ssh_t)
-')
diff --git a/xfs.te b/xfs.te
-index 0928c5d..b9bcf88 100644
+index 0928c5d6a..b9bcf8824 100644
--- a/xfs.te
+++ b/xfs.te
@@ -23,7 +23,7 @@ files_pid_file(xfs_var_run_t)
@@ -121037,7 +121037,7 @@ index 0928c5d..b9bcf88 100644
userdom_dontaudit_use_unpriv_user_fds(xfs_t)
diff --git a/xguest.te b/xguest.te
-index a64aad3..d923154 100644
+index a64aad347..d923154b4 100644
--- a/xguest.te
+++ b/xguest.te
@@ -6,46 +6,47 @@ policy_module(xguest, 1.2.0)
@@ -121296,7 +121296,7 @@ index a64aad3..d923154 100644
-#gen_user(xguest_u,, xguest_r, s0, s0)
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff --git a/xprint.te b/xprint.te
-index 3c44d84..ce5e69d 100644
+index 3c44d8493..ce5e69d69 100644
--- a/xprint.te
+++ b/xprint.te
@@ -32,7 +32,6 @@ kernel_read_kernel_sysctls(xprint_t)
@@ -121326,7 +121326,7 @@ index 3c44d84..ce5e69d 100644
sysnet_read_config(xprint_t)
diff --git a/xscreensaver.te b/xscreensaver.te
-index 04096a0..98a8205 100644
+index 04096a050..98a8205a7 100644
--- a/xscreensaver.te
+++ b/xscreensaver.te
@@ -25,7 +25,6 @@ allow xscreensaver_t self:fifo_file rw_fifo_file_perms;
@@ -121350,7 +121350,7 @@ index 04096a0..98a8205 100644
xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)
diff --git a/yam.te b/yam.te
-index 2695db2..c1ec893 100644
+index 2695db25c..c1ec89384 100644
--- a/yam.te
+++ b/yam.te
@@ -26,7 +26,7 @@ files_tmp_file(yam_tmp_t)
@@ -121378,7 +121378,7 @@ index 2695db2..c1ec893 100644
userdom_search_user_home_dirs(yam_t)
diff --git a/zabbix.fc b/zabbix.fc
-index c3b5a81..c384947 100644
+index c3b5a819e..c384947f3 100644
--- a/zabbix.fc
+++ b/zabbix.fc
@@ -4,12 +4,22 @@
@@ -121407,7 +121407,7 @@ index c3b5a81..c384947 100644
/var/run/zabbix(/.*)? gen_context(system_u:object_r:zabbix_var_run_t,s0)
diff --git a/zabbix.if b/zabbix.if
-index dd63de0..38ce620 100644
+index dd63de028..38ce6208e 100644
--- a/zabbix.if
+++ b/zabbix.if
@@ -1,4 +1,4 @@
@@ -121569,7 +121569,7 @@ index dd63de0..38ce620 100644
- admin_pattern($1, zabbix_tmpfs_t)
')
diff --git a/zabbix.te b/zabbix.te
-index 7f496c6..bf2ae51 100644
+index 7f496c617..bf2ae51d0 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -6,27 +6,32 @@ policy_module(zabbix, 1.6.0)
@@ -121875,7 +121875,7 @@ index 7f496c6..bf2ae51 100644
+ unconfined_domain(zabbix_script_t)
+')
diff --git a/zarafa.fc b/zarafa.fc
-index faf99ed..44e94fa 100644
+index faf99ed51..44e94fad9 100644
--- a/zarafa.fc
+++ b/zarafa.fc
@@ -1,33 +1,34 @@
@@ -121930,7 +121930,7 @@ index faf99ed..44e94fa 100644
+/var/run/zarafa-search\.pid -- gen_context(system_u:object_r:zarafa_indexer_var_run_t,s0)
/var/run/zarafa-spooler\.pid -- gen_context(system_u:object_r:zarafa_spooler_var_run_t,s0)
diff --git a/zarafa.if b/zarafa.if
-index 36e32df..3d08962 100644
+index 36e32df6d..3d089626e 100644
--- a/zarafa.if
+++ b/zarafa.if
@@ -1,55 +1,59 @@
@@ -122117,7 +122117,7 @@ index 36e32df..3d08962 100644
+ manage_dirs_pattern($1, zarafa_var_lib_t, zarafa_var_lib_t)
')
diff --git a/zarafa.te b/zarafa.te
-index 3fded1c..8bea5e8 100644
+index 3fded1c4d..8bea5e820 100644
--- a/zarafa.te
+++ b/zarafa.te
@@ -5,9 +5,14 @@ policy_module(zarafa, 1.2.0)
@@ -122355,7 +122355,7 @@ index 3fded1c..8bea5e8 100644
-miscfiles_read_localization(zarafa_domain)
+dev_read_sysfs(zarafa_domain)
diff --git a/zebra.fc b/zebra.fc
-index 28ee4ca..bc37f76 100644
+index 28ee4cac9..bc37f7691 100644
--- a/zebra.fc
+++ b/zebra.fc
@@ -1,21 +1,34 @@
@@ -122407,7 +122407,7 @@ index 28ee4ca..bc37f76 100644
-/var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0)
+/var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0)
diff --git a/zebra.if b/zebra.if
-index 3416401..e364caf 100644
+index 34164017b..e364caf4b 100644
--- a/zebra.if
+++ b/zebra.if
@@ -1,8 +1,8 @@
@@ -122515,7 +122515,7 @@ index 3416401..e364caf 100644
+ allow $1 zebra_unit_file_t:service all_service_perms;
')
diff --git a/zebra.te b/zebra.te
-index 2e80d04..5bf04b2 100644
+index 2e80d04fc..5bf04b2d0 100644
--- a/zebra.te
+++ b/zebra.te
@@ -6,23 +6,26 @@ policy_module(zebra, 1.13.0)
@@ -122669,7 +122669,7 @@ index 2e80d04..5bf04b2 100644
+')
diff --git a/zoneminder.fc b/zoneminder.fc
new file mode 100644
-index 0000000..ceaa219
+index 000000000..ceaa219dc
--- /dev/null
+++ b/zoneminder.fc
@@ -0,0 +1,13 @@
@@ -122688,7 +122688,7 @@ index 0000000..ceaa219
+/var/spool/zoneminder-upload(/.*)? gen_context(system_u:object_r:zoneminder_spool_t,s0)
diff --git a/zoneminder.if b/zoneminder.if
new file mode 100644
-index 0000000..fb0519e
+index 000000000..fb0519ebf
--- /dev/null
+++ b/zoneminder.if
@@ -0,0 +1,374 @@
@@ -123068,7 +123068,7 @@ index 0000000..fb0519e
+
diff --git a/zoneminder.te b/zoneminder.te
new file mode 100644
-index 0000000..c9ad1b3
+index 000000000..c9ad1b330
--- /dev/null
+++ b/zoneminder.te
@@ -0,0 +1,187 @@
@@ -123260,7 +123260,7 @@ index 0000000..c9ad1b3
+ ')
+')
diff --git a/zosremote.if b/zosremote.if
-index b14698c..16e1581 100644
+index b14698c4f..16e1581a0 100644
--- a/zosremote.if
+++ b/zosremote.if
@@ -35,6 +35,7 @@ interface(`zosremote_domtrans',`
@@ -123272,7 +123272,7 @@ index b14698c..16e1581 100644
interface(`zosremote_run',`
gen_require(`
diff --git a/zosremote.te b/zosremote.te
-index bc6a5db..0abdceb 100644
+index bc6a5db70..0abdcebcb 100644
--- a/zosremote.te
+++ b/zosremote.te
@@ -24,6 +24,4 @@ allow zos_remote_t self:unix_stream_socket { accept listen };
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c8b07a6..bfef8c2 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 225.20%{?dist}
+Release: 225.21%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -683,6 +683,10 @@ exit 0
%endif
%changelog
+* Mon Aug 14 2017 Lukas Vrabec - 3.13.1-225.21
+- Allow osad make executable an anonymous mapping or private file mapping that is writable BZ(1425524)
+- Fix ntp SELinux module
+
* Mon Aug 07 2017 Lukas Vrabec - 3.13.1-225.20
- After fix in kernel where LSM hooks for dac_override and dac_search_read capability was swaped we need to fix it also in policy