diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index aea367d..3b13527 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -8968,7 +8968,7 @@ index 6a1e4d1..1b9b0b5 100644
 +	dontaudit $1 domain:dir_file_class_set audit_access;
  ')
 diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
-index cf04cb5..974c2ca 100644
+index cf04cb5..97237ca 100644
 --- a/policy/modules/kernel/domain.te
 +++ b/policy/modules/kernel/domain.te
 @@ -4,17 +4,41 @@ policy_module(domain, 1.11.0)
@@ -9117,7 +9117,7 @@ index cf04cb5..974c2ca 100644
  
  # Create/access any System V IPC objects.
  allow unconfined_domain_type domain:{ sem msgq shm } *;
-@@ -166,5 +238,339 @@ allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
+@@ -166,5 +238,340 @@ allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
  # act on all domains keys
  allow unconfined_domain_type domain:key *;
  
@@ -9307,6 +9307,7 @@ index cf04cb5..974c2ca 100644
 +
 +optional_policy(`
 +	sysnet_filetrans_named_content(named_filetrans_domain)
++    sysnet_filetrans_named_content_ifconfig(named_filetrans_domain)
 +')
 +
 +optional_policy(`
@@ -31568,7 +31569,7 @@ index 24e7804..2863546 100644
 +	files_etc_filetrans($1, machineid_t, file, "machine-id" )
 +')
 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index dd3be8d..d76c572 100644
+index dd3be8d..98967f5 100644
 --- a/policy/modules/system/init.te
 +++ b/policy/modules/system/init.te
 @@ -11,10 +11,31 @@ gen_require(`
@@ -31836,9 +31837,10 @@ index dd3be8d..d76c572 100644
  ifdef(`distro_redhat',`
 +	fs_manage_tmpfs_files(init_t)
 +	fs_manage_tmpfs_sockets(init_t)
++	fs_manage_tmpfs_chr_files(init_t)
 +	fs_exec_tmpfs_files(init_t)
  	fs_read_tmpfs_symlinks(init_t)
- 	fs_rw_tmpfs_chr_files(init_t)
+-	fs_rw_tmpfs_chr_files(init_t)
  	fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
 +	fs_tmpfs_filetrans_named_content(init_t)
 +
@@ -35199,7 +35201,7 @@ index 4e94884..b144ffe 100644
 +    logging_log_filetrans($1, var_log_t, dir, "anaconda")
 +')
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 39ea221..553ae21 100644
+index 39ea221..93ce51a 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
 @@ -4,6 +4,21 @@ policy_module(logging, 1.19.6)
@@ -35278,7 +35280,19 @@ index 39ea221..553ae21 100644
  
  init_dontaudit_use_fds(auditctl_t)
  
-@@ -148,6 +173,7 @@ kernel_read_kernel_sysctls(auditd_t)
+@@ -136,9 +161,10 @@ allow auditd_t self:tcp_socket create_stream_socket_perms;
+ allow auditd_t auditd_etc_t:dir list_dir_perms;
+ allow auditd_t auditd_etc_t:file read_file_perms;
+ 
++manage_dirs_pattern(auditd_t, auditd_log_t, auditd_log_t)
+ manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
+ manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
+-allow auditd_t var_log_t:dir search_dir_perms;
++logging_log_filetrans(auditd_t, auditd_log_t, dir, "audit")
+ 
+ manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
+ manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
+@@ -148,6 +174,7 @@ kernel_read_kernel_sysctls(auditd_t)
  # Needs to be able to run dispatcher.  see /etc/audit/auditd.conf
  # Probably want a transition, and a new auditd_helper app
  kernel_read_system_state(auditd_t)
@@ -35286,7 +35300,7 @@ index 39ea221..553ae21 100644
  
  dev_read_sysfs(auditd_t)
  
-@@ -155,9 +181,6 @@ fs_getattr_all_fs(auditd_t)
+@@ -155,9 +182,6 @@ fs_getattr_all_fs(auditd_t)
  fs_search_auto_mountpoints(auditd_t)
  fs_rw_anon_inodefs_files(auditd_t)
  
@@ -35296,7 +35310,7 @@ index 39ea221..553ae21 100644
  corenet_all_recvfrom_netlabel(auditd_t)
  corenet_tcp_sendrecv_generic_if(auditd_t)
  corenet_tcp_sendrecv_generic_node(auditd_t)
-@@ -183,16 +206,17 @@ logging_send_syslog_msg(auditd_t)
+@@ -183,16 +207,17 @@ logging_send_syslog_msg(auditd_t)
  logging_domtrans_dispatcher(auditd_t)
  logging_signal_dispatcher(auditd_t)
  
@@ -35318,7 +35332,7 @@ index 39ea221..553ae21 100644
  userdom_dontaudit_use_unpriv_user_fds(auditd_t)
  userdom_dontaudit_search_user_home_dirs(auditd_t)
  
-@@ -237,19 +261,29 @@ corecmd_exec_shell(audisp_t)
+@@ -237,19 +262,29 @@ corecmd_exec_shell(audisp_t)
  
  domain_use_interactive_fds(audisp_t)
  
@@ -35349,7 +35363,7 @@ index 39ea221..553ae21 100644
  ')
  
  ########################################
-@@ -268,7 +302,6 @@ files_spool_filetrans(audisp_remote_t, audit_spool_t, { dir file })
+@@ -268,7 +303,6 @@ files_spool_filetrans(audisp_remote_t, audit_spool_t, { dir file })
  
  corecmd_exec_bin(audisp_remote_t)
  
@@ -35357,7 +35371,7 @@ index 39ea221..553ae21 100644
  corenet_all_recvfrom_netlabel(audisp_remote_t)
  corenet_tcp_sendrecv_generic_if(audisp_remote_t)
  corenet_tcp_sendrecv_generic_node(audisp_remote_t)
-@@ -280,10 +313,18 @@ corenet_sendrecv_audit_client_packets(audisp_remote_t)
+@@ -280,10 +314,18 @@ corenet_sendrecv_audit_client_packets(audisp_remote_t)
  
  files_read_etc_files(audisp_remote_t)
  
@@ -35377,7 +35391,7 @@ index 39ea221..553ae21 100644
  
  sysnet_dns_name_resolve(audisp_remote_t)
  
-@@ -326,7 +367,6 @@ files_read_etc_files(klogd_t)
+@@ -326,7 +368,6 @@ files_read_etc_files(klogd_t)
  
  logging_send_syslog_msg(klogd_t)
  
@@ -35385,7 +35399,7 @@ index 39ea221..553ae21 100644
  
  mls_file_read_all_levels(klogd_t)
  
-@@ -354,12 +394,12 @@ optional_policy(`
+@@ -354,12 +395,12 @@ optional_policy(`
  # chown fsetid for syslog-ng
  # sys_admin for the integrated klog of syslog-ng and metalog
  # cjp: why net_admin!
@@ -35401,7 +35415,7 @@ index 39ea221..553ae21 100644
  # receive messages to be logged
  allow syslogd_t self:unix_dgram_socket create_socket_perms;
  allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -367,8 +407,10 @@ allow syslogd_t self:unix_dgram_socket sendto;
+@@ -367,8 +408,10 @@ allow syslogd_t self:unix_dgram_socket sendto;
  allow syslogd_t self:fifo_file rw_fifo_file_perms;
  allow syslogd_t self:udp_socket create_socket_perms;
  allow syslogd_t self:tcp_socket create_stream_socket_perms;
@@ -35412,7 +35426,7 @@ index 39ea221..553ae21 100644
  
  # Create and bind to /dev/log or /var/run/log.
  allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
-@@ -377,6 +419,7 @@ files_pid_filetrans(syslogd_t, devlog_t, sock_file)
+@@ -377,6 +420,7 @@ files_pid_filetrans(syslogd_t, devlog_t, sock_file)
  # create/append log files.
  manage_files_pattern(syslogd_t, var_log_t, var_log_t)
  rw_fifo_files_pattern(syslogd_t, var_log_t, var_log_t)
@@ -35420,7 +35434,7 @@ index 39ea221..553ae21 100644
  
  # Allow access for syslog-ng
  allow syslogd_t var_log_t:dir { create setattr };
-@@ -386,28 +429,41 @@ manage_dirs_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
+@@ -386,28 +430,41 @@ manage_dirs_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
  manage_files_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
  files_tmp_filetrans(syslogd_t, syslogd_tmp_t, { dir file })
  
@@ -35465,7 +35479,7 @@ index 39ea221..553ae21 100644
  # syslog-ng can listen and connect on tcp port 514 (rsh)
  corenet_tcp_sendrecv_generic_if(syslogd_t)
  corenet_tcp_sendrecv_generic_node(syslogd_t)
-@@ -417,6 +473,8 @@ corenet_tcp_bind_rsh_port(syslogd_t)
+@@ -417,6 +474,8 @@ corenet_tcp_bind_rsh_port(syslogd_t)
  corenet_tcp_connect_rsh_port(syslogd_t)
  # Allow users to define additional syslog ports to connect to
  corenet_tcp_bind_syslogd_port(syslogd_t)
@@ -35474,7 +35488,7 @@ index 39ea221..553ae21 100644
  corenet_tcp_connect_syslogd_port(syslogd_t)
  corenet_tcp_connect_postgresql_port(syslogd_t)
  corenet_tcp_connect_mysqld_port(syslogd_t)
-@@ -427,9 +485,26 @@ corenet_sendrecv_syslogd_server_packets(syslogd_t)
+@@ -427,9 +486,26 @@ corenet_sendrecv_syslogd_server_packets(syslogd_t)
  corenet_sendrecv_postgresql_client_packets(syslogd_t)
  corenet_sendrecv_mysqld_client_packets(syslogd_t)
  
@@ -35502,7 +35516,7 @@ index 39ea221..553ae21 100644
  domain_use_interactive_fds(syslogd_t)
  
  files_read_etc_files(syslogd_t)
-@@ -442,14 +517,19 @@ files_read_kernel_symbol_table(syslogd_t)
+@@ -442,14 +518,19 @@ files_read_kernel_symbol_table(syslogd_t)
  files_var_lib_filetrans(syslogd_t, syslogd_var_lib_t, { file dir })
  
  fs_getattr_all_fs(syslogd_t)
@@ -35522,7 +35536,7 @@ index 39ea221..553ae21 100644
  # for sending messages to logged in users
  init_read_utmp(syslogd_t)
  init_dontaudit_write_utmp(syslogd_t)
-@@ -461,11 +541,11 @@ init_use_fds(syslogd_t)
+@@ -461,11 +542,11 @@ init_use_fds(syslogd_t)
  
  # cjp: this doesnt make sense
  logging_send_syslog_msg(syslogd_t)
@@ -35537,7 +35551,7 @@ index 39ea221..553ae21 100644
  
  ifdef(`distro_gentoo',`
  	# default gentoo syslog-ng config appends kernel
-@@ -492,6 +572,8 @@ optional_policy(`
+@@ -492,6 +573,8 @@ optional_policy(`
  optional_policy(`
  	cron_manage_log_files(syslogd_t)
  	cron_generic_log_filetrans_log(syslogd_t, file, "cron.log")
@@ -35546,7 +35560,7 @@ index 39ea221..553ae21 100644
  ')
  
  optional_policy(`
-@@ -502,15 +584,40 @@ optional_policy(`
+@@ -502,15 +585,40 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -35587,7 +35601,7 @@ index 39ea221..553ae21 100644
  ')
  
  optional_policy(`
-@@ -521,3 +628,26 @@ optional_policy(`
+@@ -521,3 +629,26 @@ optional_policy(`
  	# log to the xconsole
  	xserver_rw_console(syslogd_t)
  ')
@@ -39814,7 +39828,7 @@ index 6944526..50b1c3c 100644
 +	files_pid_filetrans($1, ifconfig_var_run_t, dir, "netns")
 +')
 diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index b7686d5..3c77852 100644
+index b7686d5..f94755e 100644
 --- a/policy/modules/system/sysnetwork.te
 +++ b/policy/modules/system/sysnetwork.te
 @@ -5,6 +5,13 @@ policy_module(sysnetwork, 1.14.6)
@@ -40100,7 +40114,7 @@ index b7686d5..3c77852 100644
  
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
-@@ -294,31 +372,50 @@ term_dontaudit_use_all_ptys(ifconfig_t)
+@@ -294,31 +372,51 @@ term_dontaudit_use_all_ptys(ifconfig_t)
  term_dontaudit_use_ptmx(ifconfig_t)
  term_dontaudit_use_generic_ptys(ifconfig_t)
  
@@ -40123,6 +40137,7 @@ index b7686d5..3c77852 100644
  
 -userdom_use_user_terminals(ifconfig_t)
 +sysnet_dns_name_resolve(ifconfig_t)
++sysnet_filetrans_named_content_ifconfig(ifconfig_t)
 +
 +userdom_use_inherited_user_terminals(ifconfig_t)
  userdom_use_all_users_fds(ifconfig_t)
@@ -40156,7 +40171,7 @@ index b7686d5..3c77852 100644
  	optional_policy(`
  		dev_dontaudit_rw_cardmgr(ifconfig_t)
  	')
-@@ -329,8 +426,11 @@ ifdef(`hide_broken_symptoms',`
+@@ -329,8 +427,11 @@ ifdef(`hide_broken_symptoms',`
  ')
  
  optional_policy(`
@@ -40170,7 +40185,7 @@ index b7686d5..3c77852 100644
  ')
  
  optional_policy(`
-@@ -339,7 +439,15 @@ optional_policy(`
+@@ -339,7 +440,15 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -40187,7 +40202,7 @@ index b7686d5..3c77852 100644
  ')
  
  optional_policy(`
-@@ -360,3 +468,13 @@ optional_policy(`
+@@ -360,3 +469,13 @@ optional_policy(`
  	xen_append_log(ifconfig_t)
  	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
  ')
@@ -43755,7 +43770,7 @@ index db75976..4ca3a28 100644
 +/var/tmp/hsperfdata_root    gen_context(system_u:object_r:user_tmp_t,s0)
 +
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 3c5dba7..333f640 100644
+index 3c5dba7..a7657fa 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
 @@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -45215,13 +45230,14 @@ index 3c5dba7..333f640 100644
  
  	corenet_tcp_bind_generic_port($1_t)
  	# allow setting up tunnels
-@@ -1148,10 +1531,14 @@ template(`userdom_admin_user_template',`
+@@ -1148,10 +1531,15 @@ template(`userdom_admin_user_template',`
  	dev_rename_all_blk_files($1_t)
  	dev_rename_all_chr_files($1_t)
  	dev_create_generic_symlinks($1_t)
 +	dev_rw_generic_usb_dev($1_t)
 +	dev_rw_usbfs($1_t)
 +	dev_read_kmsg($1_t)
++	dev_read_cpuid($1_t)
  
  	domain_setpriority_all_domains($1_t)
  	domain_read_all_domains_state($1_t)
@@ -45230,7 +45246,7 @@ index 3c5dba7..333f640 100644
  	domain_dontaudit_ptrace_all_domains($1_t)
  	# signal all domains:
  	domain_kill_all_domains($1_t)
-@@ -1162,29 +1549,38 @@ template(`userdom_admin_user_template',`
+@@ -1162,29 +1550,38 @@ template(`userdom_admin_user_template',`
  	domain_sigchld_all_domains($1_t)
  	# for lsof
  	domain_getattr_all_sockets($1_t)
@@ -45273,7 +45289,7 @@ index 3c5dba7..333f640 100644
  
  	# The following rule is temporary until such time that a complete
  	# policy management infrastructure is in place so that an administrator
-@@ -1194,6 +1590,8 @@ template(`userdom_admin_user_template',`
+@@ -1194,6 +1591,8 @@ template(`userdom_admin_user_template',`
  	# But presently necessary for installing the file_contexts file.
  	seutil_manage_bin_policy($1_t)
  
@@ -45282,7 +45298,7 @@ index 3c5dba7..333f640 100644
  	userdom_manage_user_home_content_dirs($1_t)
  	userdom_manage_user_home_content_files($1_t)
  	userdom_manage_user_home_content_symlinks($1_t)
-@@ -1201,13 +1599,17 @@ template(`userdom_admin_user_template',`
+@@ -1201,13 +1600,17 @@ template(`userdom_admin_user_template',`
  	userdom_manage_user_home_content_sockets($1_t)
  	userdom_user_home_dir_filetrans_user_home_content($1_t, { dir file lnk_file fifo_file sock_file })
  
@@ -45301,7 +45317,7 @@ index 3c5dba7..333f640 100644
  	optional_policy(`
  		postgresql_unconfined($1_t)
  	')
-@@ -1243,7 +1645,7 @@ template(`userdom_admin_user_template',`
+@@ -1243,7 +1646,7 @@ template(`userdom_admin_user_template',`
  ##	</summary>
  ## </param>
  #
@@ -45310,7 +45326,7 @@ index 3c5dba7..333f640 100644
  	allow $1 self:capability { dac_read_search dac_override };
  
  	corecmd_exec_shell($1)
-@@ -1253,6 +1655,8 @@ template(`userdom_security_admin_template',`
+@@ -1253,6 +1656,8 @@ template(`userdom_security_admin_template',`
  	dev_relabel_all_dev_nodes($1)
  
  	files_create_boot_flag($1)
@@ -45319,7 +45335,7 @@ index 3c5dba7..333f640 100644
  
  	# Necessary for managing /boot/efi
  	fs_manage_dos_files($1)
-@@ -1265,8 +1669,10 @@ template(`userdom_security_admin_template',`
+@@ -1265,8 +1670,10 @@ template(`userdom_security_admin_template',`
  	selinux_set_enforce_mode($1)
  	selinux_set_all_booleans($1)
  	selinux_set_parameters($1)
@@ -45331,7 +45347,7 @@ index 3c5dba7..333f640 100644
  	auth_relabel_shadow($1)
  
  	init_exec($1)
-@@ -1277,29 +1683,31 @@ template(`userdom_security_admin_template',`
+@@ -1277,29 +1684,31 @@ template(`userdom_security_admin_template',`
  	logging_read_audit_config($1)
  
  	seutil_manage_bin_policy($1)
@@ -45374,7 +45390,7 @@ index 3c5dba7..333f640 100644
  	')
  
  	optional_policy(`
-@@ -1360,14 +1768,17 @@ interface(`userdom_user_home_content',`
+@@ -1360,14 +1769,17 @@ interface(`userdom_user_home_content',`
  	gen_require(`
  		attribute user_home_content_type;
  		type user_home_t;
@@ -45393,7 +45409,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -1408,6 +1819,51 @@ interface(`userdom_user_tmpfs_file',`
+@@ -1408,6 +1820,51 @@ interface(`userdom_user_tmpfs_file',`
  ## <summary>
  ##	Allow domain to attach to TUN devices created by administrative users.
  ## </summary>
@@ -45445,7 +45461,7 @@ index 3c5dba7..333f640 100644
  ## <param name="domain">
  ##	<summary>
  ##	Domain allowed access.
-@@ -1512,11 +1968,31 @@ interface(`userdom_search_user_home_dirs',`
+@@ -1512,11 +1969,31 @@ interface(`userdom_search_user_home_dirs',`
  	')
  
  	allow $1 user_home_dir_t:dir search_dir_perms;
@@ -45477,7 +45493,7 @@ index 3c5dba7..333f640 100644
  ##	Do not audit attempts to search user home directories.
  ## </summary>
  ## <desc>
-@@ -1558,6 +2034,14 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1558,6 +2035,14 @@ interface(`userdom_list_user_home_dirs',`
  
  	allow $1 user_home_dir_t:dir list_dir_perms;
  	files_search_home($1)
@@ -45492,7 +45508,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -1573,9 +2057,11 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1573,9 +2058,11 @@ interface(`userdom_list_user_home_dirs',`
  interface(`userdom_dontaudit_list_user_home_dirs',`
  	gen_require(`
  		type user_home_dir_t;
@@ -45504,7 +45520,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -1632,6 +2118,42 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1632,6 +2119,42 @@ interface(`userdom_relabelto_user_home_dirs',`
  	allow $1 user_home_dir_t:dir relabelto;
  ')
  
@@ -45547,7 +45563,7 @@ index 3c5dba7..333f640 100644
  ########################################
  ## <summary>
  ##	Create directories in the home dir root with
-@@ -1711,6 +2233,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
+@@ -1711,6 +2234,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
  	')
  
  	dontaudit $1 user_home_t:dir search_dir_perms;
@@ -45556,7 +45572,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -1744,10 +2268,12 @@ interface(`userdom_list_all_user_home_content',`
+@@ -1744,10 +2269,12 @@ interface(`userdom_list_all_user_home_content',`
  #
  interface(`userdom_list_user_home_content',`
  	gen_require(`
@@ -45571,7 +45587,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -1772,7 +2298,25 @@ interface(`userdom_manage_user_home_content_dirs',`
+@@ -1772,7 +2299,25 @@ interface(`userdom_manage_user_home_content_dirs',`
  
  ########################################
  ## <summary>
@@ -45598,7 +45614,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -1782,53 +2326,70 @@ interface(`userdom_manage_user_home_content_dirs',`
+@@ -1782,53 +2327,70 @@ interface(`userdom_manage_user_home_content_dirs',`
  #
  interface(`userdom_delete_all_user_home_content_dirs',`
  	gen_require(`
@@ -45681,7 +45697,7 @@ index 3c5dba7..333f640 100644
  ##	Do not audit attempts to set the
  ##	attributes of user home files.
  ## </summary>
-@@ -1848,6 +2409,25 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
+@@ -1848,6 +2410,25 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
  
  ########################################
  ## <summary>
@@ -45707,7 +45723,7 @@ index 3c5dba7..333f640 100644
  ##	Mmap user home files.
  ## </summary>
  ## <param name="domain">
-@@ -1878,14 +2458,36 @@ interface(`userdom_mmap_user_home_content_files',`
+@@ -1878,14 +2459,36 @@ interface(`userdom_mmap_user_home_content_files',`
  interface(`userdom_read_user_home_content_files',`
  	gen_require(`
  		type user_home_dir_t, user_home_t;
@@ -45745,7 +45761,7 @@ index 3c5dba7..333f640 100644
  ##	Do not audit attempts to read user home files.
  ## </summary>
  ## <param name="domain">
-@@ -1896,11 +2498,14 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1896,11 +2499,14 @@ interface(`userdom_read_user_home_content_files',`
  #
  interface(`userdom_dontaudit_read_user_home_content_files',`
  	gen_require(`
@@ -45763,7 +45779,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -1941,7 +2546,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
+@@ -1941,7 +2547,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
  
  ########################################
  ## <summary>
@@ -45772,7 +45788,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -1949,19 +2554,17 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
+@@ -1949,19 +2555,17 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
  ##	</summary>
  ## </param>
  #
@@ -45796,7 +45812,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -1969,21 +2572,75 @@ interface(`userdom_delete_all_user_home_content_files',`
+@@ -1969,21 +2573,75 @@ interface(`userdom_delete_all_user_home_content_files',`
  ##	</summary>
  ## </param>
  #
@@ -45877,7 +45893,7 @@ index 3c5dba7..333f640 100644
  ##	</summary>
  ## </param>
  #
-@@ -2010,8 +2667,7 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -2010,8 +2668,7 @@ interface(`userdom_read_user_home_content_symlinks',`
  		type user_home_dir_t, user_home_t;
  	')
  
@@ -45887,7 +45903,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -2027,20 +2683,14 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -2027,20 +2684,14 @@ interface(`userdom_read_user_home_content_symlinks',`
  #
  interface(`userdom_exec_user_home_content_files',`
  	gen_require(`
@@ -45912,7 +45928,7 @@ index 3c5dba7..333f640 100644
  
  ########################################
  ## <summary>
-@@ -2123,7 +2773,7 @@ interface(`userdom_manage_user_home_content_symlinks',`
+@@ -2123,7 +2774,7 @@ interface(`userdom_manage_user_home_content_symlinks',`
  
  ########################################
  ## <summary>
@@ -45921,7 +45937,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2131,19 +2781,17 @@ interface(`userdom_manage_user_home_content_symlinks',`
+@@ -2131,19 +2782,17 @@ interface(`userdom_manage_user_home_content_symlinks',`
  ##	</summary>
  ## </param>
  #
@@ -45945,7 +45961,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2151,12 +2799,12 @@ interface(`userdom_delete_all_user_home_content_symlinks',`
+@@ -2151,12 +2800,12 @@ interface(`userdom_delete_all_user_home_content_symlinks',`
  ##	</summary>
  ## </param>
  #
@@ -45961,7 +45977,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -2393,11 +3041,11 @@ interface(`userdom_dontaudit_manage_user_tmp_dirs',`
+@@ -2393,11 +3042,11 @@ interface(`userdom_dontaudit_manage_user_tmp_dirs',`
  #
  interface(`userdom_read_user_tmp_files',`
  	gen_require(`
@@ -45976,7 +45992,7 @@ index 3c5dba7..333f640 100644
  	files_search_tmp($1)
  ')
  
-@@ -2417,7 +3065,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
+@@ -2417,7 +3066,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
  		type user_tmp_t;
  	')
  
@@ -45985,7 +46001,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -2541,6 +3189,26 @@ interface(`userdom_manage_user_tmp_files',`
+@@ -2541,6 +3190,26 @@ interface(`userdom_manage_user_tmp_files',`
  ########################################
  ## <summary>
  ##	Create, read, write, and delete user
@@ -46012,7 +46028,7 @@ index 3c5dba7..333f640 100644
  ##	temporary symbolic links.
  ## </summary>
  ## <param name="domain">
-@@ -2664,6 +3332,25 @@ interface(`userdom_tmp_filetrans_user_tmp',`
+@@ -2664,6 +3333,25 @@ interface(`userdom_tmp_filetrans_user_tmp',`
  	files_tmp_filetrans($1, user_tmp_t, $2, $3)
  ')
  
@@ -46038,7 +46054,7 @@ index 3c5dba7..333f640 100644
  ########################################
  ## <summary>
  ##	Read user tmpfs files.
-@@ -2680,13 +3367,14 @@ interface(`userdom_read_user_tmpfs_files',`
+@@ -2680,13 +3368,14 @@ interface(`userdom_read_user_tmpfs_files',`
  	')
  
  	read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
@@ -46054,7 +46070,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2707,7 +3395,7 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2707,7 +3396,7 @@ interface(`userdom_rw_user_tmpfs_files',`
  
  ########################################
  ## <summary>
@@ -46063,7 +46079,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2715,14 +3403,30 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2715,14 +3404,30 @@ interface(`userdom_rw_user_tmpfs_files',`
  ##	</summary>
  ## </param>
  #
@@ -46098,7 +46114,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -2817,6 +3521,24 @@ interface(`userdom_use_user_ttys',`
+@@ -2817,6 +3522,24 @@ interface(`userdom_use_user_ttys',`
  
  ########################################
  ## <summary>
@@ -46123,7 +46139,7 @@ index 3c5dba7..333f640 100644
  ##	Read and write a user domain pty.
  ## </summary>
  ## <param name="domain">
-@@ -2835,22 +3557,34 @@ interface(`userdom_use_user_ptys',`
+@@ -2835,22 +3558,34 @@ interface(`userdom_use_user_ptys',`
  
  ########################################
  ## <summary>
@@ -46166,7 +46182,7 @@ index 3c5dba7..333f640 100644
  ## </desc>
  ## <param name="domain">
  ##	<summary>
-@@ -2859,14 +3593,33 @@ interface(`userdom_use_user_ptys',`
+@@ -2859,14 +3594,33 @@ interface(`userdom_use_user_ptys',`
  ## </param>
  ## <infoflow type="both" weight="10"/>
  #
@@ -46204,7 +46220,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -2885,8 +3638,27 @@ interface(`userdom_dontaudit_use_user_terminals',`
+@@ -2885,8 +3639,27 @@ interface(`userdom_dontaudit_use_user_terminals',`
  		type user_tty_device_t, user_devpts_t;
  	')
  
@@ -46234,7 +46250,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -2958,69 +3730,68 @@ interface(`userdom_spec_domtrans_unpriv_users',`
+@@ -2958,69 +3731,68 @@ interface(`userdom_spec_domtrans_unpriv_users',`
  	allow unpriv_userdomain $1:process sigchld;
  ')
  
@@ -46335,7 +46351,7 @@ index 3c5dba7..333f640 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -3028,12 +3799,12 @@ interface(`userdom_manage_unpriv_user_semaphores',`
+@@ -3028,12 +3800,12 @@ interface(`userdom_manage_unpriv_user_semaphores',`
  ##	</summary>
  ## </param>
  #
@@ -46350,7 +46366,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -3097,7 +3868,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -3097,7 +3869,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
  
  	domain_entry_file_spec_domtrans($1, unpriv_userdomain)
  	allow unpriv_userdomain $1:fd use;
@@ -46359,7 +46375,7 @@ index 3c5dba7..333f640 100644
  	allow unpriv_userdomain $1:process sigchld;
  ')
  
-@@ -3113,29 +3884,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -3113,29 +3885,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
  #
  interface(`userdom_search_user_home_content',`
  	gen_require(`
@@ -46393,7 +46409,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -3217,7 +3972,25 @@ interface(`userdom_dontaudit_use_user_ptys',`
+@@ -3217,7 +3973,25 @@ interface(`userdom_dontaudit_use_user_ptys',`
  		type user_devpts_t;
  	')
  
@@ -46420,7 +46436,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -3272,7 +4045,83 @@ interface(`userdom_write_user_tmp_files',`
+@@ -3272,7 +4046,83 @@ interface(`userdom_write_user_tmp_files',`
  		type user_tmp_t;
  	')
  
@@ -46505,7 +46521,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -3290,7 +4139,7 @@ interface(`userdom_dontaudit_use_user_ttys',`
+@@ -3290,7 +4140,7 @@ interface(`userdom_dontaudit_use_user_ttys',`
  		type user_tty_device_t;
  	')
  
@@ -46514,7 +46530,7 @@ index 3c5dba7..333f640 100644
  ')
  
  ########################################
-@@ -3309,6 +4158,7 @@ interface(`userdom_read_all_users_state',`
+@@ -3309,6 +4159,7 @@ interface(`userdom_read_all_users_state',`
  	')
  
  	read_files_pattern($1, userdomain, userdomain)
@@ -46522,7 +46538,7 @@ index 3c5dba7..333f640 100644
  	kernel_search_proc($1)
  ')
  
-@@ -3385,6 +4235,42 @@ interface(`userdom_signal_all_users',`
+@@ -3385,6 +4236,42 @@ interface(`userdom_signal_all_users',`
  	allow $1 userdomain:process signal;
  ')
  
@@ -46565,7 +46581,7 @@ index 3c5dba7..333f640 100644
  ########################################
  ## <summary>
  ##	Send a SIGCHLD signal to all user domains.
-@@ -3405,6 +4291,24 @@ interface(`userdom_sigchld_all_users',`
+@@ -3405,6 +4292,24 @@ interface(`userdom_sigchld_all_users',`
  
  ########################################
  ## <summary>
@@ -46590,7 +46606,7 @@ index 3c5dba7..333f640 100644
  ##	Create keys for all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -3423,6 +4327,24 @@ interface(`userdom_create_all_users_keys',`
+@@ -3423,6 +4328,24 @@ interface(`userdom_create_all_users_keys',`
  
  ########################################
  ## <summary>
@@ -46615,7 +46631,7 @@ index 3c5dba7..333f640 100644
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -3438,4 +4360,1661 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3438,4 +4361,1661 @@ interface(`userdom_dbus_send_all_users',`
  	')
  
  	allow $1 userdomain:dbus send_msg;
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index b04126d..0f090cc 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -59161,10 +59161,10 @@ index 0000000..42ed4ba
 +')
 diff --git a/openwsman.te b/openwsman.te
 new file mode 100644
-index 0000000..79ad541
+index 0000000..3bcd32c
 --- /dev/null
 +++ b/openwsman.te
-@@ -0,0 +1,60 @@
+@@ -0,0 +1,74 @@
 +policy_module(openwsman, 1.0.0)
 +
 +########################################
@@ -59179,6 +59179,9 @@ index 0000000..79ad541
 +type openwsman_tmp_t;
 +files_tmp_file(openwsman_tmp_t)
 +
++type openwsman_tmpfs_t;
++files_tmpfs_file(openwsman_tmpfs_t)
++
 +type openwsman_log_t;
 +logging_log_file(openwsman_log_t)
 +
@@ -59204,6 +59207,10 @@ index 0000000..79ad541
 +manage_dirs_pattern(openwsman_t, openwsman_tmp_t, openwsman_tmp_t)
 +files_tmp_filetrans(openwsman_t, openwsman_tmp_t, { dir file })
 +
++manage_files_pattern(openwsman_t, openwsman_tmpfs_t, openwsman_tmpfs_t)
++manage_dirs_pattern(openwsman_t, openwsman_tmpfs_t, openwsman_tmpfs_t)
++fs_tmpfs_filetrans(openwsman_t, openwsman_tmpfs_t, { dir file })
++
 +manage_files_pattern(openwsman_t, openwsman_log_t, openwsman_log_t)
 +logging_log_filetrans(openwsman_t, openwsman_log_t, { file })
 +
@@ -59215,6 +59222,7 @@ index 0000000..79ad541
 +
 +corenet_tcp_connect_pegasus_https_port(openwsman_t)
 +corenet_tcp_bind_vnc_port(openwsman_t)
++corenet_tcp_bind_http_port(openwsman_t)
 +
 +dev_read_urand(openwsman_t)
 +
@@ -59222,6 +59230,12 @@ index 0000000..79ad541
 +logging_send_audit_msgs(openwsman_t)
 +
 +optional_policy(`
++    sblim_stream_connect_sfcbd(openwsman_t)
++    sblim_rw_semaphores_sfcbd(openwsman_t)
++    sblim_getattr_exec_sfcbd(openwsman_t)
++')
++
++optional_policy(`
 +    unconfined_domain(openwsman_t)
 +')
 +
@@ -73809,10 +73823,10 @@ index afc0068..3105104 100644
 +	')
  ')
 diff --git a/quantum.te b/quantum.te
-index 769d1fd..1dbc6aa 100644
+index 769d1fd..a7b42e6 100644
 --- a/quantum.te
 +++ b/quantum.te
-@@ -1,96 +1,143 @@
+@@ -1,96 +1,144 @@
 -policy_module(quantum, 1.0.2)
 +policy_module(quantum, 1.0.3)
  
@@ -73881,7 +73895,8 @@ index 769d1fd..1dbc6aa 100644
 +logging_log_filetrans(neutron_t, neutron_log_t, dir)
 +
 +manage_files_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t)
-+files_tmp_filetrans(neutron_t, neutron_tmp_t, file)
++manage_dirs_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t)
++files_tmp_filetrans(neutron_t, neutron_tmp_t, { file dir })
  
 -manage_dirs_pattern(quantum_t, quantum_log_t, quantum_log_t)
 -append_files_pattern(quantum_t, quantum_log_t, quantum_log_t)
@@ -87727,7 +87742,7 @@ index 68a550d..e976fc6 100644
  
  /var/run/gather(/.*)?	gen_context(system_u:object_r:sblim_var_run_t,s0)
 diff --git a/sblim.if b/sblim.if
-index 98c9e0a..d4aa009 100644
+index 98c9e0a..562666e 100644
 --- a/sblim.if
 +++ b/sblim.if
 @@ -1,8 +1,36 @@
@@ -87778,39 +87793,116 @@ index 98c9e0a..d4aa009 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -40,34 +68,51 @@ interface(`sblim_read_pid_files',`
+@@ -40,34 +68,129 @@ interface(`sblim_read_pid_files',`
  
  ########################################
  ## <summary>
 -##	All of the rules required to
 -##	administrate an sblim environment.
 +##	Transition to sblim named content
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`sblim_filetrans_named_content',`
++	gen_require(`
++		type sblim_var_run_t;
++	')
++
++	files_pid_filetrans($1, sblim_var_run_t, dir, "gather")
++')
++
++########################################
++## <summary>
++##	Connect to sblim_sfcb over a unix stream socket.
  ## </summary>
  ## <param name="domain">
  ##	<summary>
--##	Domain allowed access.
-+##      Domain allowed access.
+ ##	Domain allowed access.
  ##	</summary>
  ## </param>
 -## <param name="role">
 +#
-+interface(`sblim_filetrans_named_content',`
++interface(`sblim_stream_connect_sfcbd',`
 +	gen_require(`
-+		type sblim_var_run_t;
++		type sblim_sfcb_t, sblim_var_lib_t;
++        type sblim_tmp_t;
 +	')
 +
-+	files_pid_filetrans($1, sblim_var_run_t, dir, "gather")
++	files_search_pids($1)
++	stream_connect_pattern($1, sblim_var_lib_t, sblim_var_lib_t, sblim_sfcb_t)
++	stream_connect_pattern($1, sblim_var_lib_t, sblim_tmp_t, sblim_tmp_t)
 +')
 +
++#######################################
++## <summary>
++##  Getattr on sblim executable.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed to transition.
++##  </summary>
++## </param>
++#
++interface(`sblim_getattr_exec_sfcbd',`
++    gen_require(`
++        type sblim_sfcbd_exec_t;
++    ')
++
++	allow $1 sblim_sfcbd_exec_t:file getattr;
++')
++
++
 +########################################
 +## <summary>
-+##	All of the rules required to administrate
-+##	an gatherd environment
++##	Connect to sblim_sfcb over a unix stream socket.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`sblim_stream_connect_sfcb',`
++	gen_require(`
++		type sblim_sfcb_t, sblim_var_lib_t;
++	')
++
++	files_search_pids($1)
++	stream_connect_pattern($1, sblim_var_lib_t, sblim_var_lib_t, sblim_sfcb_t)
++')
++
++#######################################
++## <summary>
++##	Allow read and write access to sblim semaphores.
 +## </summary>
 +## <param name="domain">
  ##	<summary>
 -##	Role allowed access.
 +##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`sblim_rw_semaphores_sfcbd',`
++	gen_require(`
++		type sblim_sfcbd_t;
++	')
++
++	allow $1 sblim_sfcbd_t:sem rw_sem_perms;
++')
++
++
++########################################
++## <summary>
++##	All of the rules required to administrate
++##	an gatherd environment
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
  ##	</summary>
  ## </param>
  ## <rolecap/>
@@ -87844,7 +87936,7 @@ index 98c9e0a..d4aa009 100644
  	files_search_pids($1)
  	admin_pattern($1, sblim_var_run_t)
 diff --git a/sblim.te b/sblim.te
-index 4a23d84..5a90acf 100644
+index 4a23d84..21c15bb 100644
 --- a/sblim.te
 +++ b/sblim.te
 @@ -7,13 +7,11 @@ policy_module(sblim, 1.0.3)
@@ -87950,7 +88042,7 @@ index 4a23d84..5a90acf 100644
  ')
  
  optional_policy(`
-@@ -117,6 +133,35 @@ optional_policy(`
+@@ -117,6 +133,43 @@ optional_policy(`
  # Reposd local policy
  #
  
@@ -87982,11 +88074,19 @@ index 4a23d84..5a90acf 100644
 +corenet_tcp_bind_pegasus_https_port(sblim_sfcbd_t)
 +corenet_tcp_connect_pegasus_https_port(sblim_sfcbd_t)
 +
++corecmd_exec_shell(sblim_sfcbd_t)
++corecmd_exec_bin(sblim_sfcbd_t)
++
 +dev_read_rand(sblim_sfcbd_t)
 +dev_read_urand(sblim_sfcbd_t)
 +
 +domain_read_all_domains_state(sblim_sfcbd_t)
 +domain_use_interactive_fds(sblim_sfcbd_t)
++
++optional_policy(`
++    rpm_exec(sblim_sfcbd_t)
++    rpm_dontaudit_manage_db(sblim_sfcbd_t)
++')
 diff --git a/screen.fc b/screen.fc
 index ac04d27..b73334e 100644
 --- a/screen.fc
@@ -94707,10 +94807,10 @@ index 0000000..df82c36
 +')
 diff --git a/swift.te b/swift.te
 new file mode 100644
-index 0000000..159ae72
+index 0000000..9ee77b2
 --- /dev/null
 +++ b/swift.te
-@@ -0,0 +1,89 @@
+@@ -0,0 +1,97 @@
 +policy_module(swift, 1.0.0)
 +
 +########################################
@@ -94722,6 +94822,9 @@ index 0000000..159ae72
 +type swift_exec_t;
 +init_daemon_domain(swift_t, swift_exec_t)
 +
++type swift_lock_t;
++files_lock_file(swift_lock_t)
++
 +type swift_tmp_t;
 +files_tmp_file(swift_tmp_t)
 +
@@ -94752,6 +94855,10 @@ index 0000000..159ae72
 +allow swift_t self:unix_stream_socket create_stream_socket_perms;
 +allow swift_t self:unix_dgram_socket create_socket_perms;
 +
++manage_dirs_pattern(swift_t, swift_lock_t, swift_lock_t)
++manage_files_pattern(swift_t, swift_lock_t, swift_lock_t)
++files_lock_filetrans(swift_t, swift_lock_t, { dir file })
++
 +manage_dirs_pattern(swift_t, swift_tmp_t, swift_tmp_t)
 +manage_files_pattern(swift_t, swift_tmp_t, swift_tmp_t)
 +files_tmp_filetrans(swift_t, swift_tmp_t, { dir file })
@@ -94799,6 +94906,7 @@ index 0000000..159ae72
 +
 +optional_policy(`
 +    rpm_exec(swift_t)
++    rpm_dontaudit_manage_db(swift_t)
 +')
 diff --git a/swift_alias.fc b/swift_alias.fc
 new file mode 100644
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d69cf88..6bf1954 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 163%{?dist}
+Release: 164%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Fri May 16 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-164
+- Add openstack fixes
+
 * Tue May 13 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-163
 - Add missing dyntransition for sandbox_x_domain