++##
++## Allow conman to manage nfs files
++##
++##
++gen_tunable(conman_use_nfs, false)
++
+type conman_t;
+type conman_exec_t;
+init_daemon_domain(conman_t, conman_exec_t)
@@ -17195,18 +17213,28 @@ index 000000000..2357f3ba8
+
+corecmd_exec_bin(conman_t)
+
++dev_read_urand(conman_t)
++
+logging_send_syslog_msg(conman_t)
+
+sysnet_dns_name_resolve(conman_t)
+
+userdom_use_user_ptys(conman_t)
+
++term_use_usb_ttys(conman_t)
++term_use_ptmx(conman_t)
++
+tunable_policy(`conman_can_network',`
+ corenet_sendrecv_all_client_packets(conman_t)
+ corenet_tcp_connect_all_ports(conman_t)
+ corenet_tcp_sendrecv_all_ports(conman_t)
+')
+
++tunable_policy(`conman_use_nfs',`
++ fs_manage_nfs_files(conman_t)
++ fs_read_nfs_symlinks(conman_t)
++')
++
+optional_policy(`
+ freeipmi_stream_connect(conman_t)
+')
@@ -19633,7 +19661,7 @@ index 1303b3036..f5bd4aee8 100644
+ logging_log_filetrans($1, var_log_t, file, "redhat-access-insights.log")
')
diff --git a/cron.te b/cron.te
-index 7de385956..e4c99bdd4 100644
+index 7de385956..e48b44ff3 100644
--- a/cron.te
+++ b/cron.te
@@ -11,46 +11,54 @@ gen_require(`
@@ -20270,12 +20298,13 @@ index 7de385956..e4c99bdd4 100644
auth_use_nsswitch(system_cronjob_t)
-@@ -516,20 +520,26 @@ logging_read_generic_logs(system_cronjob_t)
+@@ -516,20 +520,28 @@ logging_read_generic_logs(system_cronjob_t)
logging_send_audit_msgs(system_cronjob_t)
logging_send_syslog_msg(system_cronjob_t)
-miscfiles_read_localization(system_cronjob_t)
--
++miscfiles_filetrans_named_content_letsencrypt(system_cronjob_t)
+
seutil_read_config(system_cronjob_t)
+userdom_manage_tmpfs_files(system_cronjob_t, file)
@@ -20300,7 +20329,7 @@ index 7de385956..e4c99bdd4 100644
selinux_validate_context(system_cronjob_t)
selinux_compute_access_vector(system_cronjob_t)
selinux_compute_create_context(system_cronjob_t)
-@@ -539,10 +549,22 @@ tunable_policy(`cron_can_relabel',`
+@@ -539,10 +551,22 @@ tunable_policy(`cron_can_relabel',`
')
optional_policy(`
@@ -20323,7 +20352,7 @@ index 7de385956..e4c99bdd4 100644
')
optional_policy(`
-@@ -551,10 +573,6 @@ optional_policy(`
+@@ -551,10 +575,6 @@ optional_policy(`
optional_policy(`
dbus_system_bus_client(system_cronjob_t)
@@ -20334,7 +20363,7 @@ index 7de385956..e4c99bdd4 100644
')
optional_policy(`
-@@ -567,6 +585,10 @@ optional_policy(`
+@@ -567,6 +587,10 @@ optional_policy(`
')
optional_policy(`
@@ -20345,7 +20374,7 @@ index 7de385956..e4c99bdd4 100644
ftp_read_log(system_cronjob_t)
')
-@@ -591,6 +613,8 @@ optional_policy(`
+@@ -591,6 +615,8 @@ optional_policy(`
optional_policy(`
mta_read_config(system_cronjob_t)
mta_send_mail(system_cronjob_t)
@@ -20354,7 +20383,7 @@ index 7de385956..e4c99bdd4 100644
')
optional_policy(`
-@@ -598,7 +622,31 @@ optional_policy(`
+@@ -598,7 +624,31 @@ optional_policy(`
')
optional_policy(`
@@ -20386,7 +20415,7 @@ index 7de385956..e4c99bdd4 100644
')
optional_policy(`
-@@ -607,7 +655,12 @@ optional_policy(`
+@@ -607,7 +657,12 @@ optional_policy(`
')
optional_policy(`
@@ -20399,7 +20428,7 @@ index 7de385956..e4c99bdd4 100644
')
optional_policy(`
-@@ -615,12 +668,27 @@ optional_policy(`
+@@ -615,12 +670,27 @@ optional_policy(`
')
optional_policy(`
@@ -20429,7 +20458,7 @@ index 7de385956..e4c99bdd4 100644
#
allow cronjob_t self:process { signal_perms setsched };
-@@ -628,12 +696,32 @@ allow cronjob_t self:fifo_file rw_fifo_file_perms;
+@@ -628,12 +698,32 @@ allow cronjob_t self:fifo_file rw_fifo_file_perms;
allow cronjob_t self:unix_stream_socket create_stream_socket_perms;
allow cronjob_t self:unix_dgram_socket create_socket_perms;
@@ -20463,7 +20492,7 @@ index 7de385956..e4c99bdd4 100644
corenet_all_recvfrom_netlabel(cronjob_t)
corenet_tcp_sendrecv_generic_if(cronjob_t)
corenet_udp_sendrecv_generic_if(cronjob_t)
-@@ -641,66 +729,141 @@ corenet_tcp_sendrecv_generic_node(cronjob_t)
+@@ -641,66 +731,141 @@ corenet_tcp_sendrecv_generic_node(cronjob_t)
corenet_udp_sendrecv_generic_node(cronjob_t)
corenet_tcp_sendrecv_all_ports(cronjob_t)
corenet_udp_sendrecv_all_ports(cronjob_t)
@@ -26768,10 +26797,10 @@ index 000000000..d22ed691a
+')
diff --git a/dnssec.te b/dnssec.te
new file mode 100644
-index 000000000..238787661
+index 000000000..b93540692
--- /dev/null
+++ b/dnssec.te
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,93 @@
+policy_module(dnssec, 1.0.0)
+
+########################################
@@ -26815,6 +26844,8 @@ index 000000000..238787661
+
+kernel_read_system_state(dnssec_trigger_t)
+
++can_exec(dnssec_trigger_t, dnssec_trigger_exec_t)
++
+corecmd_exec_bin(dnssec_trigger_t)
+corecmd_exec_shell(dnssec_trigger_t)
+corecmd_read_all_executables(dnssec_trigger_t)
@@ -31542,7 +31573,7 @@ index e5b15fb7e..220622e84 100644
diff --git a/ganesha.fc b/ganesha.fc
new file mode 100644
-index 000000000..855f58e55
+index 000000000..c723bfb97
--- /dev/null
+++ b/ganesha.fc
@@ -0,0 +1,12 @@
@@ -31554,8 +31585,8 @@ index 000000000..855f58e55
+
+/usr/lib/systemd/system/nfs-ganesha.*e -- gen_context(system_u:object_r:ganesha_unit_file_t,s0)
+
-+/var/log/ganesha.log -- gen_context(system_u:object_r:ganesha_var_log_t,s0)
-+/var/log/ganesha-gfapi.log -- gen_context(system_u:object_r:ganesha_var_log_t,s0)
++/var/log/ganesha.log.* -- gen_context(system_u:object_r:ganesha_var_log_t,s0)
++/var/log/ganesha-gfapi.log.* -- gen_context(system_u:object_r:ganesha_var_log_t,s0)
+
+/var/run/ganesha(/.*)? gen_context(system_u:object_r:ganesha_var_run_t,s0)
diff --git a/ganesha.if b/ganesha.if
@@ -39764,7 +39795,7 @@ index 000000000..61f2003c8
+userdom_use_user_terminals(iotop_t)
diff --git a/ipa.fc b/ipa.fc
new file mode 100644
-index 000000000..74206edcb
+index 000000000..61fd84f00
--- /dev/null
+++ b/ipa.fc
@@ -0,0 +1,29 @@
@@ -39793,16 +39824,16 @@ index 000000000..74206edcb
+
+/var/log/ipa(/.*)? gen_context(system_u:object_r:ipa_log_t,s0)
+
-+/var/log/ipareplica-conncheck.log -- gen_context(system_u:object_r:ipa_log_t,s0)
++/var/log/ipareplica-conncheck.log.* -- gen_context(system_u:object_r:ipa_log_t,s0)
+
+/var/run/ipa(/.*)? gen_context(system_u:object_r:ipa_var_run_t,s0)
+
diff --git a/ipa.if b/ipa.if
new file mode 100644
-index 000000000..d611c53d4
+index 000000000..72a6b78ba
--- /dev/null
+++ b/ipa.if
-@@ -0,0 +1,309 @@
+@@ -0,0 +1,310 @@
+##