diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 35366d1..a1ab260 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -765,7 +765,7 @@ index 66e85ea..d02654d 100644
  ## user domains.
  ## </p>
 diff --git a/policy/global_tunables b/policy/global_tunables
-index 4705ab6..629fe1b 100644
+index 4705ab6..b7e7ea5 100644
 --- a/policy/global_tunables
 +++ b/policy/global_tunables
 @@ -6,52 +6,59 @@
@@ -854,7 +854,7 @@ index 4705ab6..629fe1b 100644
  ## Allow any files/directories to be exported read/write via NFS.
  ## </p>
  ## </desc>
-@@ -105,9 +103,24 @@ gen_tunable(use_samba_home_dirs,false)
+@@ -105,9 +103,30 @@ gen_tunable(use_samba_home_dirs,false)
  
  ## <desc>
  ## <p>
@@ -880,6 +880,12 @@ index 4705ab6..629fe1b 100644
 -gen_tunable(user_tcp_server,false)
 +gen_tunable(selinuxuser_tcp_server,false)
 +
++## <desc>
++## <p>
++## Allow the mount commands to mount any directory or file.
++## </p>
++## </desc>
++gen_tunable(mount_anyfile, false)
 diff --git a/policy/mcs b/policy/mcs
 index 216b3d1..81bc8c4 100644
 --- a/policy/mcs
@@ -29540,7 +29546,7 @@ index 0e3c2a9..ea9bd57 100644
 +	userdom_admin_home_dir_filetrans($1, local_login_home_t, file, ".hushlogin")
 +')
 diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
-index c04ac46..e06286c 100644
+index c04ac46..799d194 100644
 --- a/policy/modules/system/locallogin.te
 +++ b/policy/modules/system/locallogin.te
 @@ -13,9 +13,8 @@ auth_login_entry_type(local_login_t)
@@ -29664,15 +29670,19 @@ index c04ac46..e06286c 100644
  	unconfined_shell_domtrans(local_login_t)
  ')
  
-@@ -215,6 +211,7 @@ allow sulogin_t self:sem create_sem_perms;
+@@ -215,37 +211,55 @@ allow sulogin_t self:sem create_sem_perms;
  allow sulogin_t self:msgq create_msgq_perms;
  allow sulogin_t self:msg { send receive };
  
 +kernel_read_crypto_sysctls(sulogin_t)
  kernel_read_system_state(sulogin_t)
  
++dev_getattr_all_chr_files(sulogin_t)
++dev_getattr_all_blk_files(sulogin_t)
++
  fs_search_auto_mountpoints(sulogin_t)
-@@ -223,13 +220,16 @@ fs_rw_tmpfs_chr_files(sulogin_t)
+ fs_rw_tmpfs_chr_files(sulogin_t)
+ 
  files_read_etc_files(sulogin_t)
  # because file systems are not mounted:
  files_dontaudit_search_isid_type_dirs(sulogin_t)
@@ -29689,7 +29699,9 @@ index c04ac46..e06286c 100644
  seutil_read_config(sulogin_t)
  seutil_read_default_contexts(sulogin_t)
  
-@@ -238,14 +238,24 @@ userdom_use_unpriv_users_fds(sulogin_t)
+ userdom_use_unpriv_users_fds(sulogin_t)
+ 
++userdom_search_admin_dir(sulogin_t)
  userdom_search_user_home_dirs(sulogin_t)
  userdom_use_user_ptys(sulogin_t)
  
@@ -29716,7 +29728,7 @@ index c04ac46..e06286c 100644
  	init_getpgid(sulogin_t)
  ', `
  	allow sulogin_t self:process setexec;
-@@ -256,11 +266,3 @@ ifdef(`sulogin_no_pam', `
+@@ -256,11 +270,3 @@ ifdef(`sulogin_no_pam', `
  	selinux_compute_relabel_context(sulogin_t)
  	selinux_compute_user_contexts(sulogin_t)
  ')
@@ -31339,7 +31351,7 @@ index fc28bc3..2960ed7 100644
 +	files_var_filetrans($1, public_content_t, dir, "ftp")
 +')
 diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
-index d6293de..1c5e447 100644
+index d6293de..8f8d80d 100644
 --- a/policy/modules/system/miscfiles.te
 +++ b/policy/modules/system/miscfiles.te
 @@ -4,7 +4,6 @@ policy_module(miscfiles, 1.10.2)
@@ -31350,14 +31362,15 @@ index d6293de..1c5e447 100644
  attribute cert_type;
  
  #
-@@ -49,9 +48,11 @@ files_type(man_cache_t)
+@@ -48,10 +47,10 @@ files_type(man_cache_t)
+ # Types for public content
  #
  type public_content_t; #, customizable;
- files_type(public_content_t)
+-files_type(public_content_t)
 +files_mountpoint(public_content_t)
  
  type public_content_rw_t; #, customizable;
- files_type(public_content_rw_t)
+-files_type(public_content_rw_t)
 +files_mountpoint(public_content_rw_t)
  
  #
@@ -32080,16 +32093,20 @@ index 4584457..e432df3 100644
 +        domtrans_pattern($1, mount_ecryptfs_exec_t, mount_ecryptfs_t)
  ')
 diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
-index 6a50270..8288fd0 100644
+index 6a50270..fa545e7 100644
 --- a/policy/modules/system/mount.te
 +++ b/policy/modules/system/mount.te
-@@ -10,35 +10,60 @@ policy_module(mount, 1.15.1)
- ## Allow the mount command to mount any directory or file.
- ## </p>
- ## </desc>
--gen_tunable(allow_mount_anyfile, false)
-+gen_tunable(mount_anyfile, false)
+@@ -5,40 +5,58 @@ policy_module(mount, 1.15.1)
+ # Declarations
+ #
  
+-## <desc>
+-## <p>
+-## Allow the mount command to mount any directory or file.
+-## </p>
+-## </desc>
+-gen_tunable(allow_mount_anyfile, false)
+-
 -attribute_role mount_roles;
 -roleattribute system_r mount_roles;
 +#attribute_role mount_roles;
@@ -32155,7 +32172,7 @@ index 6a50270..8288fd0 100644
  
  allow mount_t mount_loopback_t:file read_file_perms;
  
-@@ -49,9 +74,24 @@ can_exec(mount_t, mount_exec_t)
+@@ -49,9 +67,24 @@ can_exec(mount_t, mount_exec_t)
  
  files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
  
@@ -32181,7 +32198,7 @@ index 6a50270..8288fd0 100644
  kernel_dontaudit_write_debugfs_dirs(mount_t)
  kernel_dontaudit_write_proc_dirs(mount_t)
  # To load binfmt_misc kernel module
-@@ -60,31 +100,47 @@ kernel_request_load_module(mount_t)
+@@ -60,31 +93,47 @@ kernel_request_load_module(mount_t)
  # required for mount.smbfs
  corecmd_exec_bin(mount_t)
  
@@ -32232,7 +32249,7 @@ index 6a50270..8288fd0 100644
  files_read_isid_type_files(mount_t)
  # For reading cert files
  files_read_usr_files(mount_t)
-@@ -92,28 +148,39 @@ files_list_mnt(mount_t)
+@@ -92,28 +141,39 @@ files_list_mnt(mount_t)
  files_dontaudit_write_all_mountpoints(mount_t)
  files_dontaudit_setattr_all_mountpoints(mount_t)
  
@@ -32278,7 +32295,7 @@ index 6a50270..8288fd0 100644
  term_dontaudit_manage_pty_dirs(mount_t)
  
  auth_use_nsswitch(mount_t)
-@@ -121,16 +188,21 @@ auth_use_nsswitch(mount_t)
+@@ -121,16 +181,21 @@ auth_use_nsswitch(mount_t)
  init_use_fds(mount_t)
  init_use_script_ptys(mount_t)
  init_dontaudit_getattr_initctl(mount_t)
@@ -32302,7 +32319,7 @@ index 6a50270..8288fd0 100644
  
  ifdef(`distro_redhat',`
  	optional_policy(`
-@@ -146,26 +218,27 @@ ifdef(`distro_ubuntu',`
+@@ -146,26 +211,27 @@ ifdef(`distro_ubuntu',`
  	')
  ')
  
@@ -32342,7 +32359,7 @@ index 6a50270..8288fd0 100644
  	corenet_tcp_bind_generic_port(mount_t)
  	corenet_udp_bind_generic_port(mount_t)
  	corenet_tcp_bind_reserved_port(mount_t)
-@@ -179,6 +252,9 @@ optional_policy(`
+@@ -179,6 +245,9 @@ optional_policy(`
  	fs_search_rpc(mount_t)
  
  	rpc_stub(mount_t)
@@ -32352,7 +32369,7 @@ index 6a50270..8288fd0 100644
  ')
  
  optional_policy(`
-@@ -186,6 +262,40 @@ optional_policy(`
+@@ -186,6 +255,40 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -32393,7 +32410,7 @@ index 6a50270..8288fd0 100644
  	ifdef(`hide_broken_symptoms',`
  		# for a bug in the X server
  		rhgb_dontaudit_rw_stream_sockets(mount_t)
-@@ -194,24 +304,128 @@ optional_policy(`
+@@ -194,24 +297,128 @@ optional_policy(`
  ')
  
  optional_policy(`
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index b897fb6..0763094 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -1898,16 +1898,16 @@ index 7f4dfbc..4d750fa 100644
  /usr/sbin/amrecover	--	gen_context(system_u:object_r:amanda_recover_exec_t,s0)
  
 diff --git a/amanda.te b/amanda.te
-index ed45974..dec2fc7 100644
+index ed45974..95b56a6 100644
 --- a/amanda.te
 +++ b/amanda.te
-@@ -9,11 +9,14 @@ attribute_role amanda_recover_roles;
+@@ -9,11 +9,13 @@ attribute_role amanda_recover_roles;
  roleattribute system_r amanda_recover_roles;
  
  type amanda_t;
 +type amanda_exec_t;
  type amanda_inetd_exec_t;
- inetd_service_domain(amanda_t, amanda_inetd_exec_t)
+-inetd_service_domain(amanda_t, amanda_inetd_exec_t)
 +init_daemon_domain(amanda_t, amanda_exec_t)
 +role system_r types amanda_t;
  
@@ -1918,7 +1918,7 @@ index ed45974..dec2fc7 100644
  
  type amanda_log_t;
  logging_log_file(amanda_log_t)
-@@ -60,7 +63,7 @@ optional_policy(`
+@@ -60,7 +62,7 @@ optional_policy(`
  #
  
  allow amanda_t self:capability { chown dac_override setuid kill };
@@ -1927,7 +1927,7 @@ index ed45974..dec2fc7 100644
  allow amanda_t self:fifo_file rw_fifo_file_perms;
  allow amanda_t self:unix_stream_socket { accept listen };
  allow amanda_t self:tcp_socket { accept listen };
-@@ -71,6 +74,7 @@ allow amanda_t amanda_config_t:file read_file_perms;
+@@ -71,6 +73,7 @@ allow amanda_t amanda_config_t:file read_file_perms;
  
  manage_dirs_pattern(amanda_t, amanda_data_t, amanda_data_t)
  manage_files_pattern(amanda_t, amanda_data_t, amanda_data_t)
@@ -1935,7 +1935,7 @@ index ed45974..dec2fc7 100644
  filetrans_pattern(amanda_t, amanda_config_t, amanda_data_t, { file dir })
  
  allow amanda_t amanda_dumpdates_t:file rw_file_perms;
-@@ -100,7 +104,6 @@ kernel_dontaudit_read_proc_symlinks(amanda_t)
+@@ -100,13 +103,14 @@ kernel_dontaudit_read_proc_symlinks(amanda_t)
  corecmd_exec_shell(amanda_t)
  corecmd_exec_bin(amanda_t)
  
@@ -1943,7 +1943,15 @@ index ed45974..dec2fc7 100644
  corenet_all_recvfrom_netlabel(amanda_t)
  corenet_tcp_sendrecv_generic_if(amanda_t)
  corenet_tcp_sendrecv_generic_node(amanda_t)
-@@ -170,7 +173,6 @@ kernel_read_system_state(amanda_recover_t)
+ corenet_tcp_sendrecv_all_ports(amanda_t)
+ corenet_tcp_bind_generic_node(amanda_t)
+ 
++corenet_tcp_bind_amanda_port(amanda_t)
++
+ corenet_sendrecv_all_server_packets(amanda_t)
+ corenet_tcp_bind_all_rpc_ports(amanda_t)
+ corenet_tcp_bind_generic_port(amanda_t)
+@@ -170,7 +174,6 @@ kernel_read_system_state(amanda_recover_t)
  corecmd_exec_shell(amanda_recover_t)
  corecmd_exec_bin(amanda_recover_t)
  
@@ -1951,7 +1959,7 @@ index ed45974..dec2fc7 100644
  corenet_all_recvfrom_netlabel(amanda_recover_t)
  corenet_tcp_sendrecv_generic_if(amanda_recover_t)
  corenet_udp_sendrecv_generic_if(amanda_recover_t)
-@@ -195,12 +197,12 @@ files_search_tmp(amanda_recover_t)
+@@ -195,12 +198,16 @@ files_search_tmp(amanda_recover_t)
  
  auth_use_nsswitch(amanda_recover_t)
  
@@ -1967,6 +1975,10 @@ index ed45974..dec2fc7 100644
  userdom_search_user_home_content(amanda_recover_t)
 +
 +optional_policy(`
++    inetd_service_domain(amanda_t, amanda_inetd_exec_t)
++')
++
++optional_policy(`
 +	fstools_domtrans(amanda_t)
 +	fstools_signal(amanda_t)
 +')
@@ -2545,10 +2557,10 @@ index 0000000..df5b3be
 +')
 diff --git a/antivirus.te b/antivirus.te
 new file mode 100644
-index 0000000..1a35e88
+index 0000000..36cb011
 --- /dev/null
 +++ b/antivirus.te
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,252 @@
 +policy_module(antivirus, 1.0.0)
 +
 +########################################
@@ -2771,6 +2783,10 @@ index 0000000..1a35e88
 +')
 +
 +optional_policy(`
++	mysql_stream_connect(antivirus_domain)
++')
++
++optional_policy(`
 +    postfix_read_config(antivirus_domain)
 +    postfix_list_spool(antivirus_domain)
 +')
@@ -7531,7 +7547,7 @@ index 089430a..7cd037b 100644
 +	allow $1 automount_unit_file_t:service all_service_perms;
  ')
 diff --git a/automount.te b/automount.te
-index a579c3b..512d6b1 100644
+index a579c3b..294b5f4 100644
 --- a/automount.te
 +++ b/automount.te
 @@ -22,12 +22,16 @@ type automount_tmp_t;
@@ -7591,6 +7607,15 @@ index a579c3b..512d6b1 100644
  	fstools_domtrans(automount_t)
  ')
  
+@@ -160,3 +165,8 @@ optional_policy(`
+ optional_policy(`
+ 	udev_read_db(automount_t)
+ ')
++
++tunable_policy(`mount_anyfile',`
++	files_mounton_non_security(automount_t)
++')
++
 diff --git a/avahi.fc b/avahi.fc
 index e9fe2ca..4c2d076 100644
 --- a/avahi.fc
@@ -13795,7 +13820,7 @@ index 10f820f..acdb179 100644
  	allow $1 courier_spool_t:fifo_file rw_fifo_file_perms;
  ')
 diff --git a/courier.te b/courier.te
-index 77bb077..5d39ee5 100644
+index 77bb077..1499c3f 100644
 --- a/courier.te
 +++ b/courier.te
 @@ -18,7 +18,7 @@ type courier_etc_t;
@@ -13831,7 +13856,18 @@ index 77bb077..5d39ee5 100644
  sysnet_read_config(courier_domain)
  
  userdom_dontaudit_use_unpriv_user_fds(courier_domain)
-@@ -91,6 +86,7 @@ allow courier_authdaemon_t self:unix_stream_socket { accept connectto listen };
+@@ -77,6 +72,10 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
++	mysql_stream_connect(courier_domain)
++')
++
++optional_policy(`
+ 	udev_read_db(courier_domain)
+ ')
+ 
+@@ -91,6 +90,7 @@ allow courier_authdaemon_t self:unix_stream_socket { accept connectto listen };
  create_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
  manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
  
@@ -13839,7 +13875,7 @@ index 77bb077..5d39ee5 100644
  manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
  
  allow courier_authdaemon_t courier_tcpd_t:process sigchld;
-@@ -112,7 +108,6 @@ auth_domtrans_chk_passwd(courier_authdaemon_t)
+@@ -112,7 +112,6 @@ auth_domtrans_chk_passwd(courier_authdaemon_t)
  
  libs_read_lib_files(courier_authdaemon_t)
  
@@ -13847,7 +13883,7 @@ index 77bb077..5d39ee5 100644
  
  userdom_dontaudit_search_user_home_dirs(courier_authdaemon_t)
  
-@@ -135,7 +130,7 @@ allow courier_pop_t courier_authdaemon_t:process sigchld;
+@@ -135,7 +134,7 @@ allow courier_pop_t courier_authdaemon_t:process sigchld;
  
  allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_socket_perms;
  
@@ -13856,7 +13892,7 @@ index 77bb077..5d39ee5 100644
  
  domtrans_pattern(courier_pop_t, courier_authdaemon_exec_t, courier_authdaemon_t)
  
-@@ -172,7 +167,6 @@ corenet_tcp_sendrecv_pop_port(courier_tcpd_t)
+@@ -172,7 +171,6 @@ corenet_tcp_sendrecv_pop_port(courier_tcpd_t)
  dev_read_rand(courier_tcpd_t)
  dev_read_urand(courier_tcpd_t)
  
@@ -20821,7 +20857,7 @@ index 19aa0b8..531cf03 100644
 +	allow $1 dnsmasq_unit_file_t:service all_service_perms;
  ')
 diff --git a/dnsmasq.te b/dnsmasq.te
-index ba14bcf..b27976c 100644
+index ba14bcf..0a3179c 100644
 --- a/dnsmasq.te
 +++ b/dnsmasq.te
 @@ -24,6 +24,9 @@ logging_log_file(dnsmasq_var_log_t)
@@ -20834,7 +20870,12 @@ index ba14bcf..b27976c 100644
  ########################################
  #
  # Local policy
-@@ -56,7 +59,9 @@ kernel_read_network_state(dnsmasq_t)
+@@ -52,11 +55,14 @@ manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
+ files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, { dir file })
+ 
+ kernel_read_kernel_sysctls(dnsmasq_t)
++kernel_read_net_sysctls(dnsmasq_t)
+ kernel_read_network_state(dnsmasq_t)
  kernel_read_system_state(dnsmasq_t)
  kernel_request_load_module(dnsmasq_t)
  
@@ -20845,7 +20886,7 @@ index ba14bcf..b27976c 100644
  corenet_all_recvfrom_netlabel(dnsmasq_t)
  corenet_tcp_sendrecv_generic_if(dnsmasq_t)
  corenet_udp_sendrecv_generic_if(dnsmasq_t)
-@@ -86,9 +91,9 @@ fs_search_auto_mountpoints(dnsmasq_t)
+@@ -86,9 +92,9 @@ fs_search_auto_mountpoints(dnsmasq_t)
  
  auth_use_nsswitch(dnsmasq_t)
  
@@ -20857,7 +20898,7 @@ index ba14bcf..b27976c 100644
  
  userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
  userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
-@@ -98,12 +103,21 @@ optional_policy(`
+@@ -98,12 +104,21 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -20880,7 +20921,7 @@ index ba14bcf..b27976c 100644
  ')
  
  optional_policy(`
-@@ -124,6 +138,14 @@ optional_policy(`
+@@ -124,6 +139,14 @@ optional_policy(`
  
  optional_policy(`
  	virt_manage_lib_files(dnsmasq_t)
@@ -28377,17 +28418,18 @@ index 25f09ae..3085534 100644
  	chronyd_stream_connect(gpsd_t)
 diff --git a/gssproxy.fc b/gssproxy.fc
 new file mode 100644
-index 0000000..404ae4f
+index 0000000..f4659d1
 --- /dev/null
 +++ b/gssproxy.fc
-@@ -0,0 +1,7 @@
+@@ -0,0 +1,8 @@
 +/usr/lib/systemd/system/gssproxy.service		--	gen_context(system_u:object_r:gssproxy_unit_file_t,s0)
 +
 +/usr/sbin/gssproxy		--	gen_context(system_u:object_r:gssproxy_exec_t,s0)
 +
 +/var/lib/gssproxy(/.*)?		gen_context(system_u:object_r:gssproxy_var_lib_t,s0)
 +
-+/var/run/gssproxy.pid		--	gen_context(system_u:object_r:gssproxy_var_run_t,s0)
++/var/run/gssproxy\.pid		--	gen_context(system_u:object_r:gssproxy_var_run_t,s0)
++/var/run/gssproxy\.sock		-s	gen_context(system_u:object_r:gssproxy_var_run_t,s0)
 diff --git a/gssproxy.if b/gssproxy.if
 new file mode 100644
 index 0000000..072ddb0
@@ -28599,10 +28641,10 @@ index 0000000..072ddb0
 +')
 diff --git a/gssproxy.te b/gssproxy.te
 new file mode 100644
-index 0000000..6f0253c
+index 0000000..80179fe
 --- /dev/null
 +++ b/gssproxy.te
-@@ -0,0 +1,64 @@
+@@ -0,0 +1,65 @@
 +policy_module(gssproxy, 1.0.0)
 +
 +########################################
@@ -28639,8 +28681,9 @@ index 0000000..6f0253c
 +
 +manage_dirs_pattern(gssproxy_t, gssproxy_var_run_t, gssproxy_var_run_t)
 +manage_files_pattern(gssproxy_t, gssproxy_var_run_t, gssproxy_var_run_t)
++manage_sock_files_pattern(gssproxy_t, gssproxy_var_run_t, gssproxy_var_run_t)
 +manage_lnk_files_pattern(gssproxy_t, gssproxy_var_run_t, gssproxy_var_run_t)
-+files_pid_filetrans(gssproxy_t, gssproxy_var_run_t, { dir file lnk_file })
++files_pid_filetrans(gssproxy_t, gssproxy_var_run_t, { dir file lnk_file sock_file })
 +
 +kernel_rw_rpc_sysctls(gssproxy_t)
 +
@@ -29465,10 +29508,10 @@ index c5a8112..947efe0 100644
  userdom_dontaudit_search_user_home_dirs(irqbalance_t)
  
 diff --git a/iscsi.fc b/iscsi.fc
-index 08b7560..9d1930b 100644
+index 08b7560..417e630 100644
 --- a/iscsi.fc
 +++ b/iscsi.fc
-@@ -1,19 +1,17 @@
+@@ -1,19 +1,18 @@
 -/etc/rc\.d/init\.d/((iscsi)|(iscsid))	--	gen_context(system_u:object_r:iscsi_initrc_exec_t,s0)
 -
  /sbin/iscsid	--	gen_context(system_u:object_r:iscsid_exec_t,s0)
@@ -29478,6 +29521,7 @@ index 08b7560..9d1930b 100644
  /usr/sbin/iscsid	--	gen_context(system_u:object_r:iscsid_exec_t,s0)
 -/usr/sbin/brcm_iscsiuio	--	gen_context(system_u:object_r:iscsid_exec_t,s0)
  /usr/sbin/iscsiuio	--	gen_context(system_u:object_r:iscsid_exec_t,s0)
++/usr/sbin/iscsiadm  --  gen_context(system_u:object_r:iscsid_exec_t,s0)
  
  /var/lib/iscsi(/.*)?	gen_context(system_u:object_r:iscsi_var_lib_t,s0)
  
@@ -34763,6 +34807,24 @@ index b9270f7..15f3748 100644
 +optional_policy(`
 +	mozilla_plugin_dontaudit_rw_tmp_files(lpr_t)
  ')
+diff --git a/mailman.fc b/mailman.fc
+index 7fa381b..bbe6b01 100644
+--- a/mailman.fc
++++ b/mailman.fc
+@@ -3,10 +3,12 @@
+ 
+ /etc/mailman.*	gen_context(system_u:object_r:mailman_data_t,s0)
+ 
++/usr/lib/mailman/bin/mailmanctl	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+ /usr/lib/mailman.*/bin/mailmanctl	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
++/usr/lib/mailman/bin/mm-handler.*	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+ /usr/lib/mailman.*/bin/mm-handler.*	--	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+ /usr/lib/mailman.*/cron/.*	--	gen_context(system_u:object_r:mailman_queue_exec_t,s0)
+-/var/lib/mailman.*	gen_context(system_u:object_r:mailman_data_t,s0)
++/var/lib/mailman(/.*)?	gen_context(system_u:object_r:mailman_data_t,s0)
+ /var/lib/mailman.*/archives(/.*)?	gen_context(system_u:object_r:mailman_archive_t,s0)
+ 
+ /var/lock/mailman.*	gen_context(system_u:object_r:mailman_lock_t,s0)
 diff --git a/mailman.if b/mailman.if
 index 108c0f1..a248501 100644
 --- a/mailman.if
@@ -49005,10 +49067,10 @@ index 0000000..f2d6119
 +/var/run/openshift(/.*)?               gen_context(system_u:object_r:openshift_var_run_t,s0)
 diff --git a/openshift.if b/openshift.if
 new file mode 100644
-index 0000000..6c841fa
+index 0000000..bddd4b3
 --- /dev/null
 +++ b/openshift.if
-@@ -0,0 +1,676 @@
+@@ -0,0 +1,677 @@
 +
 +## <summary> policy for openshift </summary>
 +
@@ -49497,6 +49559,7 @@ index 0000000..6c841fa
 +	domain_user_exemption_target($1_app_t)
 +	domain_obj_id_change_exemption($1_app_t)
 +	domain_dyntrans_type($1_app_t)
++	auth_use_nsswitch($1_app_t)
 +
 +	kernel_read_system_state($1_app_t)
 +
@@ -90765,18 +90828,21 @@ index fd2b6cc..4b83bb0 100644
  
  ########################################
 diff --git a/wine.te b/wine.te
-index b51923c..bdbac3a 100644
+index b51923c..2641d0b 100644
 --- a/wine.te
 +++ b/wine.te
-@@ -39,6 +39,7 @@ allow wine_t self:fifo_file manage_fifo_file_perms;
+@@ -38,7 +38,10 @@ allow wine_t self:fifo_file manage_fifo_file_perms;
+ 
  can_exec(wine_t, wine_exec_t)
  
++manage_files_pattern(wine_t, wine_home_t, wine_home_t)
++manage_dirs_pattern(wine_t, wine_home_t, wine_home_t)
  userdom_user_home_dir_filetrans(wine_t, wine_home_t, dir, ".wine")
 +userdom_tmpfs_filetrans(wine_t, file)
  
  manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
  manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
-@@ -48,7 +49,7 @@ domain_mmap_low(wine_t)
+@@ -48,7 +51,7 @@ domain_mmap_low(wine_t)
  
  files_execmod_all_files(wine_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c504796..c58f618 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 49%{?dist}
+Release: 50%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -530,6 +530,13 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Tue Jun 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-50
+- Allow wine to manage wine home content
+- Make amanda working with socket actiovation
+- Add labeling for /usr/sbin/iscsiadm
+- Add support for /var/run/gssproxy.sock
+- dnsmasq_t needs to read sysctl_net_t
+
 * Fri Jun 7 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-49
 - Fix courier_domain_template() interface
 - Allow blueman to write ip_forward