diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 4bd124c..2360fe0 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -8862,7 +8862,7 @@ index 0b1a871..f260e6f 100644
 +allow devices_unconfined_type device_node:{ file chr_file } ~{ execmod entrypoint };
 +allow devices_unconfined_type mtrr_device_t:file ~{ execmod entrypoint };
 diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
-index 6a1e4d1..549967a 100644
+index 6a1e4d1..26e5558 100644
 --- a/policy/modules/kernel/domain.if
 +++ b/policy/modules/kernel/domain.if
 @@ -76,33 +76,8 @@ interface(`domain_type',`
@@ -8963,7 +8963,50 @@ index 6a1e4d1..549967a 100644
  ##	Search the process state directory (/proc/pid) of all domains.
  ## </summary>
  ## <param name="domain">
-@@ -631,7 +645,7 @@ interface(`domain_read_all_domains_state',`
+@@ -590,6 +604,42 @@ interface(`domain_search_all_domains_state',`
+ 
+ ########################################
+ ## <summary>
++##	Dontaudit search of process kernel keyrings
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to dontaudit.
++##	</summary>
++## </param>
++#
++interface(`domain_dontaudit_search_all_domains_keyrings',`
++	gen_require(`
++		attribute domain;
++	')
++
++	dontaudit $1 domain:key search;
++')
++
++########################################
++## <summary>
++##	Dontaudit link of process kernel keyrings
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to dontaudit.
++##	</summary>
++## </param>
++#
++interface(`domain_dontaudit_link_all_domains_keyrings',`
++	gen_require(`
++		attribute domain;
++	')
++
++	dontaudit $1 domain:key link;
++')
++
++########################################
++## <summary>
+ ##	Do not audit attempts to search the process
+ ##	state directory (/proc/pid) of all domains.
+ ## </summary>
+@@ -631,7 +681,7 @@ interface(`domain_read_all_domains_state',`
  
  ########################################
  ## <summary>
@@ -8972,7 +9015,7 @@ index 6a1e4d1..549967a 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -655,7 +669,7 @@ interface(`domain_getattr_all_domains',`
+@@ -655,7 +705,7 @@ interface(`domain_getattr_all_domains',`
  ## </summary>
  ## <param name="domain">
  ##	<summary>
@@ -8981,7 +9024,7 @@ index 6a1e4d1..549967a 100644
  ##	</summary>
  ## </param>
  #
-@@ -1356,6 +1370,24 @@ interface(`domain_manage_all_entry_files',`
+@@ -1356,6 +1406,24 @@ interface(`domain_manage_all_entry_files',`
  
  ########################################
  ## <summary>
@@ -9006,7 +9049,7 @@ index 6a1e4d1..549967a 100644
  ##	Relabel to and from all entry point
  ##	file types.
  ## </summary>
-@@ -1421,7 +1453,7 @@ interface(`domain_entry_file_spec_domtrans',`
+@@ -1421,7 +1489,7 @@ interface(`domain_entry_file_spec_domtrans',`
  ## <summary>
  ##	Ability to mmap a low area of the address
  ##	space conditionally, as configured by
@@ -9015,7 +9058,7 @@ index 6a1e4d1..549967a 100644
  ##	Preventing such mappings helps protect against
  ##	exploiting null deref bugs in the kernel.
  ## </summary>
-@@ -1448,7 +1480,7 @@ interface(`domain_mmap_low',`
+@@ -1448,7 +1516,7 @@ interface(`domain_mmap_low',`
  ## <summary>
  ##	Ability to mmap a low area of the address
  ##	space unconditionally, as configured
@@ -9024,7 +9067,7 @@ index 6a1e4d1..549967a 100644
  ##	Preventing such mappings helps protect against
  ##	exploiting null deref bugs in the kernel.
  ## </summary>
-@@ -1508,6 +1540,40 @@ interface(`domain_unconfined_signal',`
+@@ -1508,6 +1576,40 @@ interface(`domain_unconfined_signal',`
  
  ########################################
  ## <summary>
@@ -9065,7 +9108,7 @@ index 6a1e4d1..549967a 100644
  ##	Unconfined access to domains.
  ## </summary>
  ## <param name="domain">
-@@ -1530,4 +1596,63 @@ interface(`domain_unconfined',`
+@@ -1530,4 +1632,63 @@ interface(`domain_unconfined',`
  	typeattribute $1 can_change_object_identity;
  	typeattribute $1 set_curr_context;
  	typeattribute $1 process_uncond_exempt;
@@ -30058,7 +30101,7 @@ index 187f04f..cf0af09 100644
  interface(`hostname_exec',`
  	gen_require(`
 diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
-index 24a7889..d97f6d5 100644
+index 24a7889..a3d8f1a 100644
 --- a/policy/modules/system/hostname.te
 +++ b/policy/modules/system/hostname.te
 @@ -23,33 +23,36 @@ dontaudit hostname_t self:capability sys_tty_config;
@@ -30101,10 +30144,14 @@ index 24a7889..d97f6d5 100644
  
  sysnet_dontaudit_rw_dhcpc_udp_sockets(hostname_t)
  sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
-@@ -57,6 +60,10 @@ sysnet_read_config(hostname_t)
+@@ -57,6 +60,14 @@ sysnet_read_config(hostname_t)
  sysnet_dns_name_resolve(hostname_t)
  
  optional_policy(`
++	kdump_dontaudit_inherited_kdumpctl_tmp_pipes(hostname_t)
++')
++
++optional_policy(`
 +	mock_dontaudit_write_lib_chr_files(hostname_t)
 +')
 +
@@ -37021,10 +37068,10 @@ index 1361961..be6b7fc 100644
  #
  # Base type for the tests directory.
 diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc
-index 9933677..ca14c17 100644
+index 9933677..0b9c20a 100644
 --- a/policy/modules/system/modutils.fc
 +++ b/policy/modules/system/modutils.fc
-@@ -23,3 +23,15 @@ ifdef(`distro_gentoo',`
+@@ -23,3 +23,17 @@ ifdef(`distro_gentoo',`
  /sbin/update-modules	--	gen_context(system_u:object_r:update_modules_exec_t,s0)
  
  /usr/bin/kmod		--	gen_context(system_u:object_r:insmod_exec_t,s0)
@@ -37037,6 +37084,8 @@ index 9933677..ca14c17 100644
 +/usr/sbin/rmmod.*	--	gen_context(system_u:object_r:insmod_exec_t,s0)
 +/usr/sbin/update-modules	--	gen_context(system_u:object_r:update_modules_exec_t,s0)
 +
++/usr/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
++
 +/usr/lib/modules/modprobe\.conf -- 	gen_context(system_u:object_r:modules_conf_t,s0)
 +
 +/var/run/tmpfiles.d/kmod.conf --	gen_context(system_u:object_r:insmod_var_run_t,s0)
@@ -44727,7 +44776,7 @@ index db75976..c54480a 100644
 +/var/tmp/hsperfdata_root    gen_context(system_u:object_r:user_tmp_t,s0)
 +
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 9dc60c6..f01932f 100644
+index 9dc60c6..769ce74 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
 @@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -49209,8 +49258,8 @@ index 9dc60c6..f01932f 100644
 +## </param>
 +#
 +interface(`userdom_delete_user_tmpfs_files',`
-+    refpolicywarn(`$0($*) has been deprecated, use userdom_delete_user_tmpfs_files instead.')
-+    userdom_delete_user_tmpfs_files($1)
++    refpolicywarn(`$0($*) has been deprecated, use userdom_delete_user_tmp_files instead.')
++    userdom_delete_user_tmp_files($1)
 +')
 +
 +########################################
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 6873ee8..d3881d2 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -38243,7 +38243,7 @@ index a49ae4e..0c0e987 100644
 +
 +/var/lock/kdump(/.*)?   gen_context(system_u:object_r:kdump_lock_t,s0)
 diff --git a/kdump.if b/kdump.if
-index 3a00b3a..160c575 100644
+index 3a00b3a..92f125f 100644
 --- a/kdump.if
 +++ b/kdump.if
 @@ -1,4 +1,4 @@
@@ -38506,7 +38506,7 @@ index 3a00b3a..160c575 100644
  
  	init_labeled_script_domtrans($1, kdump_initrc_exec_t)
  	domain_system_change_exemption($1)
-@@ -110,6 +295,10 @@ interface(`kdump_admin',`
+@@ -110,6 +295,29 @@ interface(`kdump_admin',`
  	files_search_etc($1)
  	admin_pattern($1, kdump_etc_t)
  
@@ -38519,6 +38519,25 @@ index 3a00b3a..160c575 100644
 +	admin_pattern($1, kdump_unit_file_t)
 +	allow $1 kdump_unit_file_t:service all_service_perms;
  ')
++
++###################################
++## <summary>
++##     Dontaudit Read/write inherited kdump /var/tmp named pipes.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain to not audit
++##      </summary>
++## </param>
++#
++interface(`kdump_dontaudit_inherited_kdumpctl_tmp_pipes',`
++        gen_require(`
++                type kdumpctl_tmp_t;
++        ')
++
++        dontaudit $1 kdumpctl_tmp_t:fifo_file rw_inherited_fifo_file_perms;
++')
++
 diff --git a/kdump.te b/kdump.te
 index 715fc21..8bcd248 100644
 --- a/kdump.te
@@ -42926,10 +42945,10 @@ index 61db5a0..9d5d255 100644
 +userdom_use_inherited_user_terminals(lockdev_t)
 +
 diff --git a/logrotate.fc b/logrotate.fc
-index a11d5be..5fc9001 100644
+index a11d5be..60f83c5 100644
 --- a/logrotate.fc
 +++ b/logrotate.fc
-@@ -1,6 +1,7 @@
+@@ -1,6 +1,6 @@
 -/etc/cron\.(daily|weekly)/sysklogd	--	gen_context(system_u:object_r:logrotate_exec_t,s0)
 +/etc/cron\.(daily|weekly)/sysklogd -- gen_context(system_u:object_r:logrotate_exec_t,s0)
  
@@ -42938,7 +42957,6 @@ index a11d5be..5fc9001 100644
  /var/lib/logrotate(/.*)?	gen_context(system_u:object_r:logrotate_var_lib_t,s0)
 -/var/lib/logrotate\.status	--	gen_context(system_u:object_r:logrotate_var_lib_t,s0)
 +/var/lib/logrotate\.status.* --	gen_context(system_u:object_r:logrotate_var_lib_t,s0)
-+')
 diff --git a/logrotate.if b/logrotate.if
 index dd8e01a..9cd6b0b 100644
 --- a/logrotate.if