diff --git a/abrt.te b/abrt.te
index 4ca892f..cb6f88a 100644
--- a/abrt.te
+++ b/abrt.te
@@ -226,6 +226,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	mozilla_plugin_dontaudit_rw_tmp_files(abrt_t)
+')
+
+optional_policy(`
 	policykit_dbus_chat(abrt_t)
 	policykit_domtrans_auth(abrt_t)
 	policykit_read_lib(abrt_t)
diff --git a/collectd.te b/collectd.te
index 199d175..3dbef2a 100644
--- a/collectd.te
+++ b/collectd.te
@@ -34,7 +34,7 @@ systemd_unit_file(collectd_unit_file_t)
 # collectd local policy
 #
 
-allow collectd_t self:capability ipc_lock;
+allow collectd_t self:capability { ipc_lock setsched sys_nice };
 allow collectd_t self:process { signal fork };
 
 allow collectd_t self:fifo_file rw_fifo_file_perms;
diff --git a/glance.te b/glance.te
index 2e451b7..842165a 100644
--- a/glance.te
+++ b/glance.te
@@ -66,6 +66,8 @@ files_read_usr_files(glance_domain)
 
 auth_read_passwd(glance_domain)
 
+libs_exec_ldconfig(glance_domain)
+
 miscfiles_read_localization(glance_domain)
 
 optional_policy(`
@@ -113,5 +115,3 @@ corenet_tcp_connect_all_ephemeral_ports(glance_api_t)
 dev_read_urand(glance_api_t)
 
 fs_getattr_xattr_fs(glance_api_t)
-
-libs_exec_ldconfig(glance_api_t)
diff --git a/mozilla.fc b/mozilla.fc
index f1f3e51..60e7237 100644
--- a/mozilla.fc
+++ b/mozilla.fc
@@ -12,6 +12,7 @@ HOME_DIR/\.gcjwebplugin(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 HOME_DIR/\.icedteaplugin(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 HOME_DIR/\.spicec(/.*)?			gen_context(system_u:object_r:mozilla_home_t,s0)
 HOME_DIR/\.ICAClient(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
+HOME_DIR/zimbrauserdata(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 
 #
 # /bin
diff --git a/mozilla.te b/mozilla.te
index 7bf56bf..04172bb 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -338,7 +338,6 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin
 manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
 files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
 userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
-xserver_xdm_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
 can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t)
 
 manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
@@ -369,6 +368,7 @@ corenet_tcp_connect_ftp_port(mozilla_plugin_t)
 corenet_tcp_connect_http_port(mozilla_plugin_t)
 corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
 corenet_tcp_connect_ipp_port(mozilla_plugin_t)
+corenet_tcp_connect_ircd_port(mozilla_plugin_t)
 corenet_tcp_connect_jabber_client_port(mozilla_plugin_t)
 corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
 corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
@@ -416,6 +416,8 @@ auth_use_nsswitch(mozilla_plugin_t)
 
 init_dontaudit_getattr_initctl(mozilla_plugin_t)
 
+libs_exec_lib_files(mozilla_plugin_t)
+
 logging_send_syslog_msg(mozilla_plugin_t)
 
 miscfiles_read_localization(mozilla_plugin_t)
@@ -506,6 +508,8 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xserver_xdm_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
+	xserver_dontaudit_read_xdm_tmp_files(mozilla_plugin_t)
 	xserver_read_xdm_pid(mozilla_plugin_t)
 	xserver_stream_connect(mozilla_plugin_t)
 	xserver_use_user_fonts(mozilla_plugin_t)
diff --git a/nova.te b/nova.te
index b0d25bb..415b098 100644
--- a/nova.te
+++ b/nova.te
@@ -141,7 +141,7 @@ allow nova_cert_t self:process setfscreate;
 
 allow nova_cert_t self:udp_socket create_socket_perms;
 
-auth_read_passwd(nova_cert_t)
+auth_use_nsswitch(nova_cert_t)
 
 miscfiles_read_certs(nova_cert_t)
 
diff --git a/samba.fc b/samba.fc
index 5c02dec..3d65472 100644
--- a/samba.fc
+++ b/samba.fc
@@ -39,6 +39,7 @@
 /var/log/samba(/.*)?			gen_context(system_u:object_r:samba_log_t,s0)
 
 /var/run/nmbd(/.*)?			gen_context(system_u:object_r:nmbd_var_run_t,s0)
+/var/run/samba/nmbd(/.*)?			gen_context(system_u:object_r:nmbd_var_run_t,s0)
 
 /var/run/samba(/.*)?			gen_context(system_u:object_r:smbd_var_run_t,s0)
 /var/run/samba/brlock\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
@@ -53,6 +54,7 @@
 /var/run/samba/smbd\.pid	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
 /var/run/samba/unexpected\.tdb	--	gen_context(system_u:object_r:nmbd_var_run_t,s0)
 
+/var/run/samba/winbindd(/.*)?		gen_context(system_u:object_r:winbind_var_run_t,s0)
 /var/run/winbindd(/.*)?			gen_context(system_u:object_r:winbind_var_run_t,s0)
 
 /var/spool/samba(/.*)?			gen_context(system_u:object_r:samba_var_t,s0)
diff --git a/samba.if b/samba.if
index f9a546d..9642fe3 100644
--- a/samba.if
+++ b/samba.if
@@ -42,6 +42,25 @@ interface(`samba_signal_nmbd',`
 
 ########################################
 ## <summary>
+##	Search the samba pid directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`samba_search_pid',`
+	gen_require(`
+		type smbd_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 smbd_var_run_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Connect to nmbd.
 ## </summary>
 ## <param name="domain">
@@ -55,7 +74,7 @@ interface(`samba_stream_connect_nmbd',`
 		type nmbd_t, nmbd_var_run_t;
 	')
 
-	files_search_pids($1)
+	samba_search_pid($1)
 	stream_connect_pattern($1, nmbd_var_run_t, nmbd_var_run_t, nmbd_t)
 ')
 
@@ -715,7 +734,7 @@ interface(`samba_read_winbind_pid',`
 		type winbind_var_run_t;
 	')
 
-	files_search_pids($1)
+	samba_search_pid($1)
 	allow $1 winbind_var_run_t:file read_file_perms;
 ')
 
@@ -734,7 +753,7 @@ interface(`samba_stream_connect_winbind',`
 		type samba_var_t, winbind_t, winbind_var_run_t;
 	')
 
-	files_search_pids($1)
+	samba_search_pid($1)
 	allow $1 samba_var_t:dir search_dir_perms;
 	stream_connect_pattern($1, winbind_var_run_t, winbind_var_run_t, winbind_t)
 	samba_read_config($1)
diff --git a/samba.te b/samba.te
index 627d070..110ed47 100644
--- a/samba.te
+++ b/samba.te
@@ -265,7 +265,6 @@ allow smbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 
 allow smbd_t nmbd_t:process { signal signull };
 
-allow winbind_t smbd_var_run_t:dir search_dir_perms;
 allow smbd_t nmbd_var_run_t:file rw_file_perms;
 stream_connect_pattern(smbd_t, nmbd_var_run_t, nmbd_var_run_t, nmbd_t)
 
@@ -520,10 +519,11 @@ allow nmbd_t self:udp_socket create_socket_perms;
 allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
 allow nmbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 
-manage_dirs_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
+manage_dirs_pattern(nmbd_t, { smbd_var_run_t nmbd_var_run_t }, nmbd_var_run_t)
 manage_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
 manage_sock_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
 files_pid_filetrans(nmbd_t, nmbd_var_run_t, { dir file sock_file })
+filetrans_pattern(nmbd_t, smbd_var_run_t, nmbd_var_run_t, dir)
 
 read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
 read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
@@ -535,8 +535,6 @@ manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
 
 allow nmbd_t smbcontrol_t:process signal;
 
-allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
-
 kernel_getattr_core_if(nmbd_t)
 kernel_getattr_message_if(nmbd_t)
 kernel_read_kernel_sysctls(nmbd_t)
@@ -844,7 +842,6 @@ allow winbind_t self:udp_socket create_socket_perms;
 
 allow winbind_t nmbd_t:process { signal signull };
 
-allow winbind_t smbd_var_run_t:dir search_dir_perms;
 read_files_pattern(winbind_t, nmbd_var_run_t, nmbd_var_run_t)
 
 allow winbind_t samba_etc_t:dir list_dir_perms;
@@ -872,10 +869,13 @@ userdom_manage_user_tmp_dirs(winbind_t)
 userdom_manage_user_tmp_files(winbind_t)
 userdom_tmp_filetrans_user_tmp(winbind_t, { file dir })
 
-manage_dirs_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
+manage_dirs_pattern(winbind_t, { smbd_var_run_t winbind_var_run_t }, winbind_var_run_t)
 manage_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
 manage_sock_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
-files_pid_filetrans(winbind_t, winbind_var_run_t, { file dir })
+files_pid_filetrans(winbind_t, winbind_var_run_t, { sock_file file dir })
+filetrans_pattern(winbind_t, smbd_var_run_t, winbind_var_run_t, dir)
+# /run/samba/krb5cc_samba
+manage_files_pattern(winbind_t, smbd_var_run_t, smbd_var_run_t)
 
 kernel_read_network_state(winbind_t)
 kernel_read_kernel_sysctls(winbind_t)
diff --git a/setroubleshoot.te b/setroubleshoot.te
index e010142..4e69f51 100644
--- a/setroubleshoot.te
+++ b/setroubleshoot.te
@@ -178,6 +178,7 @@ dev_read_urand(setroubleshoot_fixit_t)
 
 seutil_domtrans_setfiles(setroubleshoot_fixit_t)
 seutil_domtrans_setsebool(setroubleshoot_fixit_t)
+seutil_read_module_store(setroubleshoot_fixit_t)
 
 files_read_usr_files(setroubleshoot_fixit_t)
 files_read_etc_files(setroubleshoot_fixit_t)
diff --git a/uucp.te b/uucp.te
index fef39c0..2f0887d 100644
--- a/uucp.te
+++ b/uucp.te
@@ -136,6 +136,8 @@ files_read_etc_files(uux_t)
 
 fs_rw_anon_inodefs_files(uux_t)
 
+auth_use_nsswitch(uux_t)
+
 logging_send_syslog_msg(uux_t)
 
 miscfiles_read_localization(uux_t)
@@ -147,10 +149,5 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(uux_t)
-')
-
-optional_policy(`
 	postfix_rw_master_pipes(uux_t)
 ')
-