diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index 1617852..8ea0f62 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -31412,7 +31412,7 @@ index dd3be8d..0973a7f 100644
 +    ')
 + ')
 diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
-index 662e79b..15116db 100644
+index 662e79b..042f10d 100644
 --- a/policy/modules/system/ipsec.fc
 +++ b/policy/modules/system/ipsec.fc
 @@ -1,14 +1,28 @@
@@ -31445,7 +31445,7 @@ index 662e79b..15116db 100644
  
  /sbin/setkey			--	gen_context(system_u:object_r:setkey_exec_t,s0)
  
-@@ -26,16 +40,27 @@
+@@ -26,16 +40,28 @@
  /usr/libexec/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/libexec/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/libexec/nm-openswan-service -- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
@@ -31469,6 +31469,7 @@ index 662e79b..15116db 100644
  /var/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
  
 +/var/run/charon\.ctl     -s  gen_context(system_u:object_r:ipsec_var_run_t,s0)
++/var/run/charon\.vici    -s  gen_context(system_u:object_r:ipsec_var_run_t,s0)
 +/var/run/charon.*       --  gen_context(system_u:object_r:ipsec_var_run_t,s0)
  /var/run/pluto(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
  /var/run/racoon\.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
@@ -40268,10 +40269,10 @@ index 0000000..d2a8fc7
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..a35f6c6
+index 0000000..a10f4ee
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,637 @@
+@@ -0,0 +1,639 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -40886,6 +40887,8 @@ index 0000000..a35f6c6
 +
 +dev_read_urand(systemd_domain)
 +
++fs_search_all(systemd_domain)
++
 +files_read_etc_files(systemd_domain)
 +files_read_etc_runtime_files(systemd_domain)
 +files_read_usr_files(systemd_domain)
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 3af5411..288f66f 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -10379,7 +10379,7 @@ index 0000000..de66654
 +')
 diff --git a/bumblebee.te b/bumblebee.te
 new file mode 100644
-index 0000000..cc9002e
+index 0000000..253cb77
 --- /dev/null
 +++ b/bumblebee.te
 @@ -0,0 +1,66 @@
@@ -10426,7 +10426,7 @@ index 0000000..cc9002e
 +
 +dev_read_sysfs(bumblebee_t)
 +
-+auth_read_passwd(bumblebee_t)
++auth_use_nsswitch(bumblebee_t)
 +
 +logging_send_syslog_msg(bumblebee_t)
 +
@@ -44890,15 +44890,28 @@ index 7e534cf..3652584 100644
 +		postgresql_stream_connect(httpd_mojomojo_script_t)
 +	')
 +')
+diff --git a/mongodb.fc b/mongodb.fc
+index 6fcfc31..9e6d170 100644
+--- a/mongodb.fc
++++ b/mongodb.fc
+@@ -1,6 +1,7 @@
+ /etc/rc\.d/init\.d/mongod	--	gen_context(system_u:object_r:mongod_initrc_exec_t,s0)
+ 
+ /usr/bin/mongod	--	gen_context(system_u:object_r:mongod_exec_t,s0)
++/usr/bin/mongos	--  gen_context(system_u:object_r:mongod_exec_t,s0)
+ 
+ /var/lib/mongo.*	gen_context(system_u:object_r:mongod_var_lib_t,s0)
+ 
 diff --git a/mongodb.te b/mongodb.te
-index 4de8949..7bd7e35 100644
+index 4de8949..c27b44b 100644
 --- a/mongodb.te
 +++ b/mongodb.te
-@@ -49,13 +49,11 @@ corenet_all_recvfrom_unlabeled(mongod_t)
+@@ -49,13 +49,12 @@ corenet_all_recvfrom_unlabeled(mongod_t)
  corenet_all_recvfrom_netlabel(mongod_t)
  corenet_tcp_sendrecv_generic_if(mongod_t)
  corenet_tcp_sendrecv_generic_node(mongod_t)
 +corenet_tcp_connect_mongod_port(mongod_t)
++corenet_tcp_bind_mongod_port(mongod_t)
  corenet_tcp_bind_generic_node(mongod_t)
  
  dev_read_sysfs(mongod_t)
@@ -52209,7 +52222,7 @@ index a1fb3c3..dfb99d2 100644
 +/var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
  /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --git a/networkmanager.if b/networkmanager.if
-index 0e8508c..9a7332c 100644
+index 0e8508c..cde8567 100644
 --- a/networkmanager.if
 +++ b/networkmanager.if
 @@ -2,7 +2,7 @@
@@ -52442,19 +52455,38 @@ index 0e8508c..9a7332c 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -201,25 +266,44 @@ interface(`networkmanager_append_log_files',`
+@@ -201,25 +266,63 @@ interface(`networkmanager_append_log_files',`
  ##	</summary>
  ## </param>
  #
 -interface(`networkmanager_read_pid_files',`
 +interface(`networkmanager_manage_pid_files',`
++	gen_require(`
++		type NetworkManager_var_run_t;
++	')
++
++	files_search_pids($1)
++	manage_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
++')
++
++########################################
++## <summary>
++##	Manage NetworkManager PID sock files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`networkmanager_manage_pid_sock_files',`
  	gen_require(`
  		type NetworkManager_var_run_t;
  	')
  
  	files_search_pids($1)
 -	allow $1 NetworkManager_var_run_t:file read_file_perms;
-+	manage_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
++	manage_sock_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
  ')
  
  ########################################
@@ -52491,7 +52523,7 @@ index 0e8508c..9a7332c 100644
  ## <param name="role">
  ##	<summary>
  ##	Role allowed access.
-@@ -227,33 +311,152 @@ interface(`networkmanager_read_pid_files',`
+@@ -227,33 +330,152 @@ interface(`networkmanager_read_pid_files',`
  ## </param>
  ## <rolecap/>
  #
@@ -59586,7 +59618,7 @@ index 6837e9a..21e6dae 100644
  	domain_system_change_exemption($1)
  	role_transition $2 openvpn_initrc_exec_t system_r;
 diff --git a/openvpn.te b/openvpn.te
-index 3270ff9..272a34c 100644
+index 3270ff9..e148dc4 100644
 --- a/openvpn.te
 +++ b/openvpn.te
 @@ -6,6 +6,13 @@ policy_module(openvpn, 1.11.3)
@@ -59723,7 +59755,7 @@ index 3270ff9..272a34c 100644
  ')
  
  tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
-@@ -143,6 +178,14 @@ tunable_policy(`openvpn_enable_homedirs && use_samba_home_dirs',`
+@@ -143,11 +178,25 @@ tunable_policy(`openvpn_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(openvpn_t)
  ')
  
@@ -59738,7 +59770,18 @@ index 3270ff9..272a34c 100644
  optional_policy(`
  	daemontools_service_domain(openvpn_t, openvpn_exec_t)
  ')
-@@ -155,3 +198,27 @@ optional_policy(`
+ 
+ optional_policy(`
++    networkmanager_stream_connect(openvpn_t)
++    networkmanager_manage_pid_files(openvpn_t)
++    networkmanager_manage_pid_sock_files(openvpn_t)
++')
++
++optional_policy(`
+ 	dbus_system_bus_client(openvpn_t)
+ 	dbus_connect_system_bus(openvpn_t)
+ 
+@@ -155,3 +204,27 @@ optional_policy(`
  		networkmanager_dbus_chat(openvpn_t)
  	')
  ')
@@ -90175,7 +90218,7 @@ index 88e753f..133d993 100644
 +	admin_pattern($1, mail_spool_t)
  ')
 diff --git a/sendmail.te b/sendmail.te
-index 5f35d78..50651d2 100644
+index 5f35d78..65aed74 100644
 --- a/sendmail.te
 +++ b/sendmail.te
 @@ -1,18 +1,10 @@
@@ -90343,7 +90386,7 @@ index 5f35d78..50651d2 100644
  ')
  
  optional_policy(`
-@@ -158,6 +152,10 @@ optional_policy(`
+@@ -158,14 +152,27 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -90354,7 +90397,12 @@ index 5f35d78..50651d2 100644
  	milter_stream_connect_all(sendmail_t)
  ')
  
-@@ -166,6 +164,11 @@ optional_policy(`
+ optional_policy(`
++    mta_filetrans_home_content(sendmail_t)
++')
++
++optional_policy(`
+ 	munin_dontaudit_search_lib(sendmail_t)
  ')
  
  optional_policy(`
@@ -90366,7 +90414,7 @@ index 5f35d78..50651d2 100644
  	postfix_domtrans_postdrop(sendmail_t)
  	postfix_domtrans_master(sendmail_t)
  	postfix_domtrans_postqueue(sendmail_t)
-@@ -187,21 +190,13 @@ optional_policy(`
+@@ -187,21 +194,13 @@ optional_policy(`
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5c77ecd..dc6fb95 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 194%{?dist}
+Release: 195%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -582,7 +582,16 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
-* Fri Nov 14 2014 Lukas vrabec <lvrabec@redhat.com> 3.12.1-194
+* Fri Nov 21 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-195
+- Allow all systemd domains to search file systems
+- Label sock file charon.vici as ipsec_var_run_t. BZ(1165065)
+- Allow mongodb to bind to the mongo port and mongos to run as mongod_t
+- Allow networkmanager manage also openvpn sock pid files.
+- Allow openvpn to create uuid connections in /var/run/NetworkManager with NM labeling.
+- Allow sendmail to create dead.letter. BZ(1165443)
+- Allow bumblebee to use nsswitch. BZ(1155339)
+
+* Fri Nov 14 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-194
 - New interface dev_rw_uhid_dev
 - Allow systemd-logind to mount /run/user/1000 to get gdm working
 - Remove label for /var/lib/glpi/ in cron policy. BZ(1033025)