diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 756c54a..9e6f2d3 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -32416,7 +32416,7 @@ index 9933677..ca14c17 100644
 +
 +/var/run/tmpfiles.d/kmod.conf --	gen_context(system_u:object_r:insmod_var_run_t,s0)
 diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
-index 7449974..4f4ac3a 100644
+index 7449974..23bbbf2 100644
 --- a/policy/modules/system/modutils.if
 +++ b/policy/modules/system/modutils.if
 @@ -12,7 +12,7 @@
@@ -32498,7 +32498,32 @@ index 7449974..4f4ac3a 100644
  ##	Execute insmod in the insmod domain, and
  ##	allow the specified role the insmod domain,
  ##	and use the caller's terminal.  Has a sigchld
-@@ -308,11 +364,18 @@ interface(`modutils_domtrans_update_mods',`
+@@ -208,6 +264,24 @@ interface(`modutils_exec_insmod',`
+ 	can_exec($1, insmod_exec_t)
+ ')
+ 
++#######################################
++## <summary>
++## Don't audit execute insmod in the caller domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`modutils_dontaudit_exec_insmod',`
++    gen_require(`
++        type insmod_exec_t;
++    ')
++
++    dontaudit $1 insmod_exec_t:file exec_file_perms;
++')
++
+ ########################################
+ ## <summary>
+ ##	Execute depmod in the depmod domain.
+@@ -308,11 +382,18 @@ interface(`modutils_domtrans_update_mods',`
  #
  interface(`modutils_run_update_mods',`
  	gen_require(`
@@ -32519,7 +32544,7 @@ index 7449974..4f4ac3a 100644
  ')
  
  ########################################
-@@ -333,3 +396,25 @@ interface(`modutils_exec_update_mods',`
+@@ -333,3 +414,25 @@ interface(`modutils_exec_update_mods',`
  	corecmd_search_bin($1)
  	can_exec($1, update_modules_exec_t)
  ')
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index 7dca49b..ef54c62 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -9258,7 +9258,7 @@ index 02fefaa..fbcef10 100644
 +	')
  ')
 diff --git a/boinc.te b/boinc.te
-index 7c92aa1..e27b377 100644
+index 7c92aa1..ae20918 100644
 --- a/boinc.te
 +++ b/boinc.te
 @@ -1,11 +1,20 @@
@@ -9460,13 +9460,14 @@ index 7c92aa1..e27b377 100644
  
  term_getattr_all_ptys(boinc_t)
  term_getattr_unallocated_ttys(boinc_t)
-@@ -130,55 +151,69 @@ init_read_utmp(boinc_t)
+@@ -130,55 +151,71 @@ init_read_utmp(boinc_t)
  
  logging_send_syslog_msg(boinc_t)
  
 -miscfiles_read_fonts(boinc_t)
 -miscfiles_read_localization(boinc_t)
--
++modutils_dontaudit_exec_insmod(boinc_t)
+ 
  optional_policy(`
  	mta_send_mail(boinc_t)
  ')
@@ -23627,7 +23628,7 @@ index 6041113..ef3b449 100644
  	role_transition $2 exim_initrc_exec_t system_r;
  	allow $2 system_r;
 diff --git a/exim.te b/exim.te
-index 19325ce..3e86b12 100644
+index 19325ce..37e31a4 100644
 --- a/exim.te
 +++ b/exim.te
 @@ -49,7 +49,7 @@ type exim_log_t;
@@ -23652,7 +23653,11 @@ index 19325ce..3e86b12 100644
  corenet_all_recvfrom_netlabel(exim_t)
  corenet_tcp_sendrecv_generic_if(exim_t)
  corenet_udp_sendrecv_generic_if(exim_t)
-@@ -138,7 +137,6 @@ auth_use_nsswitch(exim_t)
+@@ -135,10 +134,10 @@ fs_getattr_xattr_fs(exim_t)
+ fs_list_inotifyfs(exim_t)
+ 
+ auth_use_nsswitch(exim_t)
++auth_domtrans_chk_passwd(exim_t)
  
  logging_send_syslog_msg(exim_t)
  
@@ -23660,7 +23665,7 @@ index 19325ce..3e86b12 100644
  miscfiles_read_generic_certs(exim_t)
  
  userdom_dontaudit_search_user_home_dirs(exim_t)
-@@ -154,9 +152,9 @@ tunable_policy(`exim_can_connect_db',`
+@@ -154,9 +153,9 @@ tunable_policy(`exim_can_connect_db',`
  	corenet_sendrecv_mssql_client_packets(exim_t)
  	corenet_tcp_connect_mssql_port(exim_t)
  	corenet_tcp_sendrecv_mssql_port(exim_t)
@@ -23673,7 +23678,7 @@ index 19325ce..3e86b12 100644
  ')
  
  tunable_policy(`exim_read_user_files',`
-@@ -170,8 +168,8 @@ tunable_policy(`exim_manage_user_files',`
+@@ -170,8 +169,8 @@ tunable_policy(`exim_manage_user_files',`
  ')
  
  optional_policy(`
@@ -23684,7 +23689,7 @@ index 19325ce..3e86b12 100644
  ')
  
  optional_policy(`
-@@ -192,11 +190,6 @@ optional_policy(`
+@@ -192,11 +191,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -23696,7 +23701,7 @@ index 19325ce..3e86b12 100644
  	nagios_search_spool(exim_t)
  ')
  
-@@ -218,6 +211,7 @@ optional_policy(`
+@@ -218,6 +212,7 @@ optional_policy(`
  
  optional_policy(`
  	procmail_domtrans(exim_t)
@@ -67770,7 +67775,7 @@ index 2c3d338..cf3e5ad 100644
  
  ########################################
 diff --git a/rabbitmq.te b/rabbitmq.te
-index 3698b51..4e0be2d 100644
+index 3698b51..e306360 100644
 --- a/rabbitmq.te
 +++ b/rabbitmq.te
 @@ -19,6 +19,9 @@ init_script_file(rabbitmq_initrc_exec_t)
@@ -67831,7 +67836,7 @@ index 3698b51..4e0be2d 100644
  
  corenet_sendrecv_amqp_server_packets(rabbitmq_beam_t)
  corenet_tcp_bind_amqp_port(rabbitmq_beam_t)
-@@ -68,20 +81,47 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
+@@ -68,20 +81,49 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
  corenet_tcp_connect_epmd_port(rabbitmq_beam_t)
  corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t)
  
@@ -67841,6 +67846,8 @@ index 3698b51..4e0be2d 100644
 +corenet_tcp_bind_jabber_client_port(rabbitmq_beam_t)
 +corenet_tcp_bind_jabber_interserver_port(rabbitmq_beam_t)
 +
++corenet_tcp_bind_amanda_port(rabbitmq_beam_t)
++
 +domain_read_all_domains_state(rabbitmq_beam_t)
 +
 +auth_read_passwd(rabbitmq_beam_t)
@@ -67883,7 +67890,7 @@ index 3698b51..4e0be2d 100644
  allow rabbitmq_epmd_t self:process signal;
  allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms;
  allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms;
-@@ -99,8 +139,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
+@@ -99,8 +141,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
  corenet_tcp_bind_epmd_port(rabbitmq_epmd_t)
  corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t)
  
@@ -76777,7 +76784,7 @@ index aee75af..a6bab06 100644
 +	allow $1 samba_unit_file_t:service all_service_perms;
  ')
 diff --git a/samba.te b/samba.te
-index 57c034b..f177430 100644
+index 57c034b..9c81334 100644
 --- a/samba.te
 +++ b/samba.te
 @@ -1,4 +1,4 @@
@@ -77761,10 +77768,12 @@ index 57c034b..f177430 100644
  optional_policy(`
  	cups_read_rw_config(swat_t)
  	cups_stream_connect(swat_t)
-@@ -834,16 +841,19 @@ optional_policy(`
+@@ -833,17 +840,20 @@ optional_policy(`
+ # Winbind local policy
  #
  
- allow winbind_t self:capability { dac_override ipc_lock setuid sys_nice };
+-allow winbind_t self:capability { dac_override ipc_lock setuid sys_nice };
++allow winbind_t self:capability { kill dac_override ipc_lock setuid sys_nice };
 +allow winbind_t self:capability2 block_suspend;
  dontaudit winbind_t self:capability sys_tty_config;
  allow winbind_t self:process { signal_perms getsched setsched };
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6480312..31c6914 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 74.23%{?dist}
+Release: 74.24%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -542,6 +542,13 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Mon  Apr 14 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.24
+- Add modutils_dontaudit_exec_insmod interface
+- Allow rabbitmq to bind to amanda port
+- Allow kill capability to winbind_t
+- Dontaudit exec insmod in boinc policy
+- Allow exim to use pam stack to check passwords
+
 * Fri Mar 21 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.23
 - Add bumblebee to unconfined_domain