diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index fc86af6..20d4414 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -23290,16 +23290,25 @@ index 0000000..cc6846a
 +')
 diff --git a/docker.te b/docker.te
 new file mode 100644
-index 0000000..78644fe
+index 0000000..5171c33
 --- /dev/null
 +++ b/docker.te
-@@ -0,0 +1,245 @@
+@@ -0,0 +1,260 @@
 +policy_module(docker, 1.0.0)
 +
 +########################################
 +#
 +# Declarations
 +#
++
++## <desc>
++##  <p>
++##  Determine whether docker can
++##  connect to all TCP ports.
++##  </p>
++## </desc>
++gen_tunable(docker_connect_any, false)
++
 +## <desc>
 +## <p>
 +## Allow docker to transition to unconfined containers.
@@ -23528,6 +23537,12 @@ index 0000000..78644fe
 +	virt_mounton_sandbox_file(docker_t)
 +')
 +
++tunable_policy(`docker_connect_any',`
++    corenet_tcp_connect_all_ports(docker_t)
++    corenet_sendrecv_all_packets(docker_t)
++    corenet_tcp_sendrecv_all_ports(docker_t)
++')
++
 +optional_policy(`
 +    tunable_policy(`docker_transition_unconfined',`
 +	    unconfined_transition(docker_t, docker_share_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c55cd06..e6ab3c0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 134%{?dist}
+Release: 135%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Tue Mar 11 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-135
+- Add docker_connect_any boolean
+
 * Tue Mar 11 2014 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-134
 - Allow unpriv SELinux users to dbus chat with firewalld
 - Add lvm_write_metadata()