diff --git a/policy-f23-base.patch b/policy-f23-base.patch
index be2faef..e5ab29f 100644
--- a/policy-f23-base.patch
+++ b/policy-f23-base.patch
@@ -5689,7 +5689,7 @@ index 8e0f9cd..b9f45b9 100644
define(`create_packet_interfaces',``
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index b191055..698e4fd 100644
+index b191055..e3122b4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2)
@@ -5763,7 +5763,15 @@ index b191055..698e4fd 100644
# reserved_port_t is the type of INET port numbers below 1024.
#
type reserved_port_t, port_type, reserved_port_type;
-@@ -83,56 +106,72 @@ network_port(agentx, udp,705,s0, tcp,705,s0)
+@@ -76,63 +99,79 @@ type server_packet_t, packet_type, server_packet_type;
+ network_port(afs_bos, udp,7007,s0)
+ network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
+ network_port(afs_ka, udp,7004,s0)
+-network_port(afs_pt, udp,7002,s0)
++network_port(afs_pt, tcp,7002,s0, udp,7002,s0)
+ network_port(afs_vl, udp,7003,s0)
+ network_port(afs3_callback, tcp,7001,s0, udp,7001,s0)
+ network_port(agentx, udp,705,s0, tcp,705,s0)
network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0)
@@ -5845,7 +5853,7 @@ index b191055..698e4fd 100644
network_port(gopher, tcp,70,s0, udp,70,s0)
network_port(gpsd, tcp,2947,s0)
network_port(hadoop_datanode, tcp,50010,s0)
-@@ -140,45 +179,56 @@ network_port(hadoop_namenode, tcp,8020,s0)
+@@ -140,45 +179,58 @@ network_port(hadoop_namenode, tcp,8020,s0)
network_port(hddtemp, tcp,7634,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0)
@@ -5853,6 +5861,7 @@ index b191055..698e4fd 100644
-network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
+network_port(http, tcp,80,s0, tcp,81,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0,tcp,9000, s0) #8443 is mod_nss default port
+network_port(http_cache, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,8123,s0, tcp,10001-10010,s0) # 8118 is for privoxy
++network_port(intermapper, tcp,8181,s0)
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
-network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
@@ -5903,6 +5912,7 @@ index b191055..698e4fd 100644
+network_port(lsm_plugin, tcp,18700,s0)
+network_port(l2tp, tcp,1701,s0, udp,1701,s0)
network_port(mail, tcp,2000,s0, tcp,3905,s0)
++network_port(mailbox, tcp,2004,s0)
network_port(matahari, tcp,49000,s0, udp,49000,s0)
network_port(memcache, tcp,11211,s0, udp,11211,s0)
-network_port(milter) # no defined portcon
@@ -5917,7 +5927,7 @@ index b191055..698e4fd 100644
network_port(msnp, tcp,1863,s0, udp,1863,s0)
network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
network_port(ms_streaming, tcp,1755,s0, udp,1755,s0)
-@@ -186,101 +236,126 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
+@@ -186,101 +238,128 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
network_port(mxi, tcp,8005,s0, udp,8005,s0)
network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
network_port(mysqlmanagerd, tcp,2273,s0)
@@ -6057,12 +6067,14 @@ index b191055..698e4fd 100644
network_port(wsicopy, tcp,3378,s0, udp,3378,s0)
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
++network_port(xinuexpansion3, tcp,2023,s0, udp,2023,s0)
++network_port(xinuexpansion4, tcp,2024,s0, udp,2024,s0)
network_port(xfs, tcp,7100,s0)
+network_port(xodbc_connect, tcp,6632,s0)
network_port(xserver, tcp,6000-6020,s0)
network_port(zarafa, tcp,236,s0, tcp,237,s0)
network_port(zabbix, tcp,10051,s0)
-@@ -288,19 +363,23 @@ network_port(zabbix_agent, tcp,10050,s0)
+@@ -288,19 +367,23 @@ network_port(zabbix_agent, tcp,10050,s0)
network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0)
@@ -6089,7 +6101,7 @@ index b191055..698e4fd 100644
########################################
#
-@@ -333,6 +412,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
+@@ -333,6 +416,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
build_option(`enable_mls',`
network_interface(lo, lo, s0 - mls_systemhigh)
@@ -6098,7 +6110,7 @@ index b191055..698e4fd 100644
',`
typealias netif_t alias { lo_netif_t netif_lo_t };
')
-@@ -345,9 +426,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -345,9 +430,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *;
diff --git a/policy-f23-contrib.patch b/policy-f23-contrib.patch
index 22d4d9e..1cc5fb9 100644
--- a/policy-f23-contrib.patch
+++ b/policy-f23-contrib.patch
@@ -31231,10 +31231,10 @@ index 5cd0909..bd3c3d2 100644
+corenet_tcp_connect_glance_registry_port(glance_scrubber_t)
diff --git a/glusterd.fc b/glusterd.fc
new file mode 100644
-index 0000000..cbd6aa4
+index 0000000..52b4110
--- /dev/null
+++ b/glusterd.fc
-@@ -0,0 +1,20 @@
+@@ -0,0 +1,22 @@
+/etc/rc\.d/init\.d/gluster.* -- gen_context(system_u:object_r:glusterd_initrc_exec_t,s0)
+
+/etc/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_conf_t,s0)
@@ -31250,11 +31250,13 @@ index 0000000..cbd6aa4
+/var/lib/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_lib_t,s0)
+
+/var/log/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_log_t,s0)
++/var/log/ganesha.log -- gen_context(system_u:object_r:glusterd_log_t,s0)
+
+/var/run/gluster(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd.* -s gen_context(system_u:object_r:glusterd_var_run_t,s0)
++/var/run/ganesha.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
diff --git a/glusterd.if b/glusterd.if
new file mode 100644
index 0000000..fc9bf19
@@ -31506,7 +31508,7 @@ index 0000000..fc9bf19
+
diff --git a/glusterd.te b/glusterd.te
new file mode 100644
-index 0000000..8e0f5a7
+index 0000000..8188e4f
--- /dev/null
+++ b/glusterd.te
@@ -0,0 +1,296 @@
@@ -31593,10 +31595,8 @@ index 0000000..8e0f5a7
+allow glusterd_t glusterd_tmp_t:dir mounton;
+
+manage_dirs_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+append_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+create_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+setattr_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+logging_log_filetrans(glusterd_t, glusterd_log_t, dir)
++manage_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
++logging_log_filetrans(glusterd_t, glusterd_log_t, { file dir })
+
+manage_dirs_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
+manage_files_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
@@ -31748,6 +31748,7 @@ index 0000000..8e0f5a7
+optional_policy(`
+ dbus_system_bus_client(glusterd_t)
+ dbus_connect_system_bus(glusterd_t)
++ unconfined_dbus_chat(glusterd_t)
+
+ optional_policy(`
+ policykit_dbus_chat(glusterd_t)
@@ -31793,6 +31794,7 @@ index 0000000..8e0f5a7
+ rpc_domtrans_nfsd(glusterd_t)
+ rpc_domtrans_rpcd(glusterd_t)
+ rpc_manage_nfs_state_data(glusterd_t)
++ rpc_manage_nfs_state_data_dir(glusterd_t)
+ rpcbind_stream_connect(glusterd_t)
+')
+
@@ -87939,7 +87941,7 @@ index a6fb30c..38a2f09 100644
+/var/run/rpc\.statd\.pid -- gen_context(system_u:object_r:rpcd_var_run_t,s0)
+
diff --git a/rpc.if b/rpc.if
-index 0bf13c2..4f3c2b9 100644
+index 0bf13c2..ed393a0 100644
--- a/rpc.if
+++ b/rpc.if
@@ -1,4 +1,4 @@
@@ -88251,7 +88253,7 @@ index 0bf13c2..4f3c2b9 100644
##
##
##
-@@ -326,12 +345,31 @@ interface(`rpc_search_nfs_state_data',`
+@@ -326,12 +345,50 @@ interface(`rpc_search_nfs_state_data',`
')
files_search_var_lib($1)
@@ -88281,11 +88283,30 @@ index 0bf13c2..4f3c2b9 100644
+
+########################################
+##
++## Manage NFS state data in /var/lib/nfs.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`rpc_manage_nfs_state_data_dir',`
++ gen_require(`
++ type var_lib_nfs_t;
++ ')
++
++ files_search_var_lib($1)
++ allow $1 var_lib_nfs_t:dir manage_dir_perms;
++')
++
++########################################
++##
+## Read NFS state data in /var/lib/nfs.
##
##
##
-@@ -350,8 +388,7 @@ interface(`rpc_read_nfs_state_data',`
+@@ -350,8 +407,7 @@ interface(`rpc_read_nfs_state_data',`
########################################
##
@@ -88295,7 +88316,7 @@ index 0bf13c2..4f3c2b9 100644
##
##
##
-@@ -366,31 +403,68 @@ interface(`rpc_manage_nfs_state_data',`
+@@ -366,31 +422,68 @@ interface(`rpc_manage_nfs_state_data',`
files_search_var_lib($1)
manage_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
@@ -88370,7 +88391,7 @@ index 0bf13c2..4f3c2b9 100644
')
allow $1 rpc_domain:process { ptrace signal_perms };
-@@ -411,7 +485,7 @@ interface(`rpc_admin',`
+@@ -411,7 +504,7 @@ interface(`rpc_admin',`
admin_pattern($1, rpcd_var_run_t)
files_list_all($1)
@@ -116377,7 +116398,7 @@ index dd63de0..38ce620 100644
- admin_pattern($1, zabbix_tmpfs_t)
')
diff --git a/zabbix.te b/zabbix.te
-index 7f496c6..b23f29d 100644
+index 7f496c6..fccb7b1 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -6,27 +6,32 @@ policy_module(zabbix, 1.6.0)
@@ -116595,7 +116616,7 @@ index 7f496c6..b23f29d 100644
corenet_sendrecv_zabbix_agent_server_packets(zabbix_agent_t)
corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
-@@ -170,6 +185,26 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
+@@ -170,6 +185,30 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
corenet_tcp_connect_ssh_port(zabbix_agent_t)
corenet_tcp_sendrecv_ssh_port(zabbix_agent_t)
@@ -116615,6 +116636,10 @@ index 7f496c6..b23f29d 100644
+corenet_tcp_connect_pop_port(zabbix_agent_t)
+corenet_tcp_sendrecv_pop_port(zabbix_agent_t)
+
++corenet_sendrecv_postgresql_client_packets(zabbix_agent_t)
++corenet_tcp_connect_postgresql_port(zabbix_agent_t)
++corenet_tcp_sendrecv_postgresql_port(zabbix_agent_t)
++
+corenet_sendrecv_smtp_client_packets(zabbix_agent_t)
+corenet_tcp_connect_smtp_port(zabbix_agent_t)
+corenet_tcp_sendrecv_smtp_port(zabbix_agent_t)
@@ -116622,7 +116647,7 @@ index 7f496c6..b23f29d 100644
corenet_sendrecv_zabbix_client_packets(zabbix_agent_t)
corenet_tcp_connect_zabbix_port(zabbix_agent_t)
corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
-@@ -177,21 +212,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
+@@ -177,21 +216,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
dev_getattr_all_blk_files(zabbix_agent_t)
dev_getattr_all_chr_files(zabbix_agent_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index fef8cc7..1275ff1 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 158.17%{?dist}
+Release: 158.18%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -653,6 +653,16 @@ exit 0
%endif
%changelog
+* Wed May 18 2016 Lukas Vrabec 3.13.1-158.18
+- Allow ganesha-ha.sh script running under unconfined_t domain communicate with glusterd_t domains via dbus.
+- Allow ganesha daemon labeled as glusterd_t create /var/lib/nfs/ganesha dir labeled as var_lib_nfs_t.
+- Label /var/log/ganesha.log as gluster_log_t Allow glusterd_t domain to create glusterd_log_t files. Label /var/run/ganesha.pid as gluster_var_run_t.
+- Allow zabbix to connect to postgresql port
+- Label tcp port 8181 as intermapper_port_t.
+- Label tcp/udp port 2024 as xinuexpansion4_port_t
+- Label tcp port 7002 as afs_pt_port_t Label tcp/udp port 2023 as xinuexpansion3_port_t
+- Label tcp port 2004 as mailbox_port_t.
+
* Tue May 10 2016 Lukas Vrabec 3.13.1-158.17
- Revert "Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed."