diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 63fd39f..da94e3a 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -3046,7 +3046,7 @@ index 7590165..19aaaed 100644
 +	fs_mounton_fusefs(seunshare_domain)
 +')
 diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 644d4d7..51181b8 100644
+index 644d4d7..f9bcd44 100644
 --- a/policy/modules/kernel/corecommands.fc
 +++ b/policy/modules/kernel/corecommands.fc
 @@ -1,9 +1,10 @@
@@ -3350,7 +3350,15 @@ index 644d4d7..51181b8 100644
  /usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/pydict/pydict\.py	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -383,11 +457,15 @@ ifdef(`distro_suse', `
+@@ -342,6 +416,7 @@ ifdef(`distro_redhat', `
+ /usr/share/ssl/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/system-config-selinux/polgengui.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
+@@ -383,11 +458,15 @@ ifdef(`distro_suse', `
  #
  # /var
  #
@@ -3367,7 +3375,7 @@ index 644d4d7..51181b8 100644
  /usr/lib/yp/.+			--	gen_context(system_u:object_r:bin_t,s0)
  
  /var/qmail/bin			-d	gen_context(system_u:object_r:bin_t,s0)
-@@ -397,3 +475,12 @@ ifdef(`distro_suse', `
+@@ -397,3 +476,12 @@ ifdef(`distro_suse', `
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -33699,7 +33707,7 @@ index 3822072..bddf002 100644
 +    userdom_admin_home_dir_filetrans($1, default_context_t, file, ".default_context")
 +')
 diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
-index ec01d0b..e2b829b 100644
+index ec01d0b..076b0a0 100644
 --- a/policy/modules/system/selinuxutil.te
 +++ b/policy/modules/system/selinuxutil.te
 @@ -11,14 +11,16 @@ gen_require(`
@@ -34135,11 +34143,11 @@ index ec01d0b..e2b829b 100644
 -auth_use_nsswitch(semanage_t)
 -
 -locallogin_use_fds(semanage_t)
--
--logging_send_syslog_msg(semanage_t)
 +# Admins are creating pp files in random locations
 +files_read_non_security_files(semanage_t)
  
+-logging_send_syslog_msg(semanage_t)
+-
 -miscfiles_read_localization(semanage_t)
 -
 -seutil_libselinux_linked(semanage_t)
@@ -34227,7 +34235,7 @@ index ec01d0b..e2b829b 100644
  ')
  
  ########################################
-@@ -522,108 +598,181 @@ ifdef(`distro_ubuntu',`
+@@ -522,108 +598,187 @@ ifdef(`distro_ubuntu',`
  # Setfiles local policy
  #
  
@@ -34309,12 +34317,12 @@ index ec01d0b..e2b829b 100644
 +	# pki is leaking
 +	pki_dontaudit_write_log(setfiles_t)
 +')
-+
+ 
+-seutil_libselinux_linked(setfiles_t)
 +optional_policy(`
 +	xserver_append_xdm_tmp_files(setfiles_t)
 +')
- 
--seutil_libselinux_linked(setfiles_t)
++
 +ifdef(`hide_broken_symptoms',`
 +
 +	optional_policy(`
@@ -34447,10 +34455,7 @@ index ec01d0b..e2b829b 100644
 -')
 +dev_read_rand(policy_manager_domain)
 +dev_read_urand(policy_manager_domain)
- 
--optional_policy(`
--	hotplug_use_fds(setfiles_t)
--')
++
 +logging_send_audit_msgs(policy_manager_domain)
 +
 +# Domains that will manage policy 
@@ -34494,6 +34499,13 @@ index ec01d0b..e2b829b 100644
 +
 +files_rw_inherited_generic_pid_files(setfiles_domain)
 +files_rw_inherited_generic_pid_files(policy_manager_domain)
++files_create_boot_flag(policy_manager_domain, ".autorelabel")
++files_delete_boot_flag(policy_manager_domain)
+ 
+ optional_policy(`
+-	hotplug_use_fds(setfiles_t)
++	policykit_dbus_chat(policy_manager_domain)
+ ')
 diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc
 index bea4629..06e2834 100644
 --- a/policy/modules/system/setrans.fc
@@ -35288,10 +35300,10 @@ index b7686d5..7a9577f 100644
 +')
 diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
 new file mode 100644
-index 0000000..2cd29ba
+index 0000000..431619e
 --- /dev/null
 +++ b/policy/modules/system/systemd.fc
-@@ -0,0 +1,43 @@
+@@ -0,0 +1,44 @@
 +/etc/hostname			--		gen_context(system_u:object_r:hostname_etc_t,s0)
 +/etc/machine-info		--		gen_context(system_u:object_r:hostname_etc_t,s0)
 +
@@ -35306,6 +35318,7 @@ index 0000000..2cd29ba
 +/usr/bin/systemd-tmpfiles			--		gen_context(system_u:object_r:systemd_tmpfiles_exec_t,s0)
 +/usr/bin/systemd-tty-ask-password-agent		--		gen_context(system_u:object_r:systemd_passwd_agent_exec_t,s0)
 +
++/usr/lib/dracut/modules.d/.*\.service	gen_context(system_u:object_r:systemd_unit_file_t,s0)
 +/usr/lib/systemd/system(/.*)?		gen_context(system_u:object_r:systemd_unit_file_t,s0)
 +/usr/lib/systemd/system/systemd-vconsole-setup\.service		gen_context(system_u:object_r:systemd_vconsole_unit_file_t,s0)
 +/usr/lib/systemd/system/.*halt.*	--	gen_context(system_u:object_r:power_unit_file_t,s0)
@@ -35337,10 +35350,10 @@ index 0000000..2cd29ba
 +/var/run/initramfs(/.*)?	<<none>>
 diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
 new file mode 100644
-index 0000000..78eb081
+index 0000000..bd5a6b7
 --- /dev/null
 +++ b/policy/modules/system/systemd.if
-@@ -0,0 +1,1287 @@
+@@ -0,0 +1,1289 @@
 +## <summary>SELinux policy for systemd components</summary>
 +
 +######################################
@@ -35385,6 +35398,8 @@ index 0000000..78eb081
 +	role system_r types $1_systemctl_t;
 +
 +	domtrans_pattern($1_t, systemd_systemctl_exec_t , $1_systemctl_t)
++
++    kernel_read_domain_state($1_t)
 +')
 +
 +########################################
diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index cc8492c..a49f171 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -23598,7 +23598,7 @@ index 79b9273..76b7ed5 100644
  logging_send_syslog_msg(fcoemon_t)
  
 diff --git a/fetchmail.fc b/fetchmail.fc
-index 2486e2a..ea07c4f 100644
+index 2486e2a..72143ee 100644
 --- a/fetchmail.fc
 +++ b/fetchmail.fc
 @@ -1,4 +1,5 @@
@@ -23607,6 +23607,12 @@ index 2486e2a..ea07c4f 100644
  
  /etc/fetchmailrc	--	gen_context(system_u:object_r:fetchmail_etc_t,s0)
  
+@@ -12,4 +13,4 @@ HOME_DIR/\.fetchmailrc	--	gen_context(system_u:object_r:fetchmail_home_t,s0)
+ 
+ /var/mail/\.fetchmail-UIDL-cache	--	gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
+ 
+-/var/run/fetchmail/.*	--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
++/var/run/fetchmail.*	--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
 diff --git a/fetchmail.if b/fetchmail.if
 index c3f7916..cab3954 100644
 --- a/fetchmail.if
@@ -23632,7 +23638,7 @@ index c3f7916..cab3954 100644
  	admin_pattern($1, fetchmail_etc_t)
  
 diff --git a/fetchmail.te b/fetchmail.te
-index f0388cb..df501ec 100644
+index f0388cb..8e7f99e 100644
 --- a/fetchmail.te
 +++ b/fetchmail.te
 @@ -32,15 +32,13 @@ files_type(fetchmail_uidl_cache_t)
@@ -23652,18 +23658,20 @@ index f0388cb..df501ec 100644
  manage_dirs_pattern(fetchmail_t, fetchmail_log_t, fetchmail_log_t)
  append_files_pattern(fetchmail_t, fetchmail_log_t, fetchmail_log_t)
  create_files_pattern(fetchmail_t, fetchmail_log_t, fetchmail_log_t)
-@@ -54,6 +52,11 @@ manage_dirs_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
- manage_files_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
- files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, dir)
+@@ -52,7 +50,12 @@ mta_spool_filetrans(fetchmail_t, fetchmail_uidl_cache_t, file)
  
+ manage_dirs_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
+ manage_files_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
+-files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, dir)
++files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, {file dir})
++
 +list_dirs_pattern(fetchmail_t, fetchmail_home_t, fetchmail_home_t)
 +read_files_pattern(fetchmail_t, fetchmail_home_t, fetchmail_home_t)
 +userdom_search_user_home_dirs(fetchmail_t)
 +userdom_search_admin_dir(fetchmail_t)
-+
+ 
  kernel_read_kernel_sysctls(fetchmail_t)
  kernel_list_proc(fetchmail_t)
- kernel_getattr_proc_files(fetchmail_t)
 @@ -63,7 +66,6 @@ kernel_dontaudit_read_system_state(fetchmail_t)
  corecmd_exec_bin(fetchmail_t)
  corecmd_exec_shell(fetchmail_t)
@@ -37776,10 +37784,10 @@ index 0000000..8d0e473
 +/var/cache/mock(/.*)?		gen_context(system_u:object_r:mock_cache_t,s0)
 diff --git a/mock.if b/mock.if
 new file mode 100644
-index 0000000..895f325
+index 0000000..6568bfe
 --- /dev/null
 +++ b/mock.if
-@@ -0,0 +1,305 @@
+@@ -0,0 +1,310 @@
 +## <summary>policy for mock</summary>
 +
 +########################################
@@ -38026,9 +38034,14 @@ index 0000000..895f325
 +
 +	ps_process_pattern($2, mock_t)
 +	allow $2 mock_t:process signal_perms;
++
 +	tunable_policy(`deny_ptrace',`',`
 +		allow $2 mock_t:process ptrace;
 +	')
++
++    optional_policy(`
++        mock_read_lib_files($2)
++    ')
 +')
 +
 +#######################################
@@ -54596,10 +54609,10 @@ index 977b972..0000000
 -miscfiles_read_localization(pkcs_slotd_t)
 diff --git a/pkcsslotd.fc b/pkcsslotd.fc
 new file mode 100644
-index 0000000..38fa01d
+index 0000000..a6d3859
 --- /dev/null
 +++ b/pkcsslotd.fc
-@@ -0,0 +1,7 @@
+@@ -0,0 +1,9 @@
 +/usr/lib/systemd/system/pkcsslotd.service		--	gen_context(system_u:object_r:pkcsslotd_unit_file_t,s0)
 +
 +/usr/sbin/pkcsslotd		--	gen_context(system_u:object_r:pkcsslotd_exec_t,s0)
@@ -54607,6 +54620,8 @@ index 0000000..38fa01d
 +/var/lib/opencryptoki(/.*)?		gen_context(system_u:object_r:pkcsslotd_var_lib_t,s0)
 +
 +/var/lock/opencryptoki(/.*)?	gen_context(system_u:object_r:pkcsslotd_lock_t,s0)
++
++/var/run/pkcsslotd.*    --  gen_context(system_u:object_r:pkcsslotd_var_run_t,s0)
 diff --git a/pkcsslotd.if b/pkcsslotd.if
 new file mode 100644
 index 0000000..848ddc9
@@ -68688,7 +68703,7 @@ index 47de2d6..98a4280 100644
 +/var/log/cluster/rgmanager\.log.*       --  gen_context(system_u:object_r:cluster_var_log_t,s0)
 +/var/log/pcsd(/.*)?     gen_context(system_u:object_r:cluster_var_log_t,s0)
 diff --git a/rhcs.if b/rhcs.if
-index 56bc01f..4699b1b 100644
+index 56bc01f..b8d154e 100644
 --- a/rhcs.if
 +++ b/rhcs.if
 @@ -1,19 +1,19 @@
@@ -68717,7 +68732,7 @@ index 56bc01f..4699b1b 100644
  	')
  
  	##############################
-@@ -43,11 +43,6 @@ template(`rhcs_domain_template',`
+@@ -43,33 +43,27 @@ template(`rhcs_domain_template',`
  	manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
  	fs_tmpfs_filetrans($1_t, $1_tmpfs_t, { dir file })
  
@@ -68729,9 +68744,11 @@ index 56bc01f..4699b1b 100644
  	logging_log_filetrans($1_t, $1_var_log_t, { dir file sock_file })
  
  	manage_dirs_pattern($1_t, $1_var_run_t, $1_var_run_t)
-@@ -56,20 +51,19 @@ template(`rhcs_domain_template',`
+ 	manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
+ 	manage_fifo_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
  	manage_sock_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
- 	files_pid_filetrans($1_t, $1_var_run_t, { dir file fifo_file })
+-	files_pid_filetrans($1_t, $1_var_run_t, { dir file fifo_file })
++	files_pid_filetrans($1_t, $1_var_run_t, { dir file sock_file fifo_file })
  
 -	optional_policy(`
 -		dbus_system_bus_client($1_t)
@@ -70619,7 +70636,7 @@ index 6dbc905..d803796 100644
 -	admin_pattern($1, rhsmcertd_lock_t)
  ')
 diff --git a/rhsmcertd.te b/rhsmcertd.te
-index 1cedd70..f8ae4cc 100644
+index 1cedd70..6508b1e 100644
 --- a/rhsmcertd.te
 +++ b/rhsmcertd.te
 @@ -30,7 +30,8 @@ files_pid_file(rhsmcertd_var_run_t)
@@ -70632,7 +70649,7 @@ index 1cedd70..f8ae4cc 100644
  allow rhsmcertd_t self:fifo_file rw_fifo_file_perms;
  allow rhsmcertd_t self:unix_stream_socket create_stream_socket_perms;
  
-@@ -52,21 +53,35 @@ files_pid_filetrans(rhsmcertd_t, rhsmcertd_var_run_t, { file dir })
+@@ -52,21 +53,37 @@ files_pid_filetrans(rhsmcertd_t, rhsmcertd_var_run_t, { file dir })
  kernel_read_network_state(rhsmcertd_t)
  kernel_read_system_state(rhsmcertd_t)
  
@@ -70655,6 +70672,8 @@ index 1cedd70..f8ae4cc 100644
  
 -miscfiles_read_localization(rhsmcertd_t)
 -miscfiles_read_generic_certs(rhsmcertd_t)
++init_read_state(rhsmcertd_t)
++
 +logging_send_syslog_msg(rhsmcertd_t)
 +
 +miscfiles_read_certs(rhsmcertd_t)
@@ -72349,7 +72368,7 @@ index 3b5e9ee..ff1163f 100644
 +	admin_pattern($1, rpcbind_var_run_t)
  ')
 diff --git a/rpcbind.te b/rpcbind.te
-index c49828c..a323332 100644
+index c49828c..56cb0c2 100644
 --- a/rpcbind.te
 +++ b/rpcbind.te
 @@ -42,7 +42,6 @@ kernel_read_system_state(rpcbind_t)
@@ -72368,7 +72387,7 @@ index c49828c..a323332 100644
  files_read_etc_runtime_files(rpcbind_t)
  
 -logging_send_syslog_msg(rpcbind_t)
-+auth_read_passwd(rpcbind_t)
++auth_use_nsswitch(rpcbind_t)
  
 -miscfiles_read_localization(rpcbind_t)
 +logging_send_syslog_msg(rpcbind_t)
@@ -83478,7 +83497,7 @@ index a240455..54c5c1f 100644
 -	admin_pattern($1, sssd_log_t)
  ')
 diff --git a/sssd.te b/sssd.te
-index 8b537aa..e9632c3 100644
+index 8b537aa..3bce4df 100644
 --- a/sssd.te
 +++ b/sssd.te
 @@ -1,4 +1,4 @@
@@ -83567,7 +83586,7 @@ index 8b537aa..e9632c3 100644
  auth_domtrans_chk_passwd(sssd_t)
  auth_domtrans_upd_passwd(sssd_t)
  auth_manage_cache(sssd_t)
-@@ -112,18 +105,31 @@ logging_send_syslog_msg(sssd_t)
+@@ -112,18 +105,32 @@ logging_send_syslog_msg(sssd_t)
  logging_send_audit_msgs(sssd_t)
  
  miscfiles_read_generic_certs(sssd_t)
@@ -83577,6 +83596,7 @@ index 8b537aa..e9632c3 100644
  sysnet_use_ldap(sssd_t)
  
 +userdom_manage_tmp_role(system_r, sssd_t)
++userdom_manage_all_users_keys(sssd_t)
 +
  optional_policy(`
  	dbus_system_bus_client(sssd_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a224dff..db685ad 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 73%{?dist}
+Release: 74%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -539,6 +539,18 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Aug 28 2013 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74
+- Label polgengui as a bin_t
+- Allow semanage to create /.autorelabel file
+- Label systemd unit files under dracut correctly
+- Allow systemd domain to read /proc
+- Allow sssd to write to user keyrings for managing kerberos
+- Allow rhsmcertd to read init state
+- Allow fetchmail to create own pid with correct labeling
+- Fix rhcs_domain_template()
+- Allow roles which can run mock to read mock lib files to view results
+- Allow rpcbind to use nsswitch
+
 * Fri Aug 23 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-73
 - Update rules for condor domains