diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 6e11684..b560742 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -3265,7 +3265,7 @@ index 7590165..85186a9 100644
 +	fs_mounton_fusefs(seunshare_domain)
  ')
 diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 33e0f8d..baf1082 100644
+index 33e0f8d..885da9a 100644
 --- a/policy/modules/kernel/corecommands.fc
 +++ b/policy/modules/kernel/corecommands.fc
 @@ -1,9 +1,10 @@
@@ -3347,7 +3347,12 @@ index 33e0f8d..baf1082 100644
  
  ifdef(`distro_gentoo',`
  /lib/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:bin_t,s0)
-@@ -152,7 +166,7 @@ ifdef(`distro_gentoo',`
+@@ -149,10 +163,12 @@ ifdef(`distro_gentoo',`
+ /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
+ ')
+ 
++/usr/lib/erlang/erts.*/bin(/.*)?        gen_context(system_u:object_r:bin_t,s0)
++
  #
  # /sbin
  #
@@ -3356,7 +3361,7 @@ index 33e0f8d..baf1082 100644
  /sbin/.*				gen_context(system_u:object_r:bin_t,s0)
  /sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:bin_t,s0)
  /sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:bin_t,s0)
-@@ -168,6 +182,7 @@ ifdef(`distro_gentoo',`
+@@ -168,6 +184,7 @@ ifdef(`distro_gentoo',`
  /opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  
  /opt/google/talkplugin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -3364,7 +3369,7 @@ index 33e0f8d..baf1082 100644
  
  /opt/gutenprint/cups/lib/filter(/.*)?	gen_context(system_u:object_r:bin_t,s0)
  
-@@ -179,34 +194,50 @@ ifdef(`distro_gentoo',`
+@@ -179,34 +196,50 @@ ifdef(`distro_gentoo',`
  /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
  ')
  
@@ -3424,7 +3429,7 @@ index 33e0f8d..baf1082 100644
  /usr/lib/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/gimp/.*/plug-ins(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-@@ -218,19 +249,32 @@ ifdef(`distro_gentoo',`
+@@ -218,19 +251,32 @@ ifdef(`distro_gentoo',`
  /usr/lib/mailman/mail(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/mediawiki/math/texvc.*		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/misc/sftp-server	--	gen_context(system_u:object_r:bin_t,s0)
@@ -3464,7 +3469,7 @@ index 33e0f8d..baf1082 100644
  /usr/lib/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/xfce4/exo-1/exo-helper-1 --	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/xfce4/panel/migrate	--	gen_context(system_u:object_r:bin_t,s0)
-@@ -245,26 +289,39 @@ ifdef(`distro_gentoo',`
+@@ -245,26 +291,39 @@ ifdef(`distro_gentoo',`
  /usr/lib/debug/sbin(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/debug/usr/bin(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/debug/usr/sbin(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
@@ -3509,7 +3514,7 @@ index 33e0f8d..baf1082 100644
  /usr/sbin/scponlyc		--	gen_context(system_u:object_r:shell_exec_t,s0)
  /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
  /usr/sbin/smrsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -280,10 +337,15 @@ ifdef(`distro_gentoo',`
+@@ -280,10 +339,15 @@ ifdef(`distro_gentoo',`
  /usr/share/cluster/.*\.sh		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/cluster/ocf-shellfuncs --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/cluster/svclib_nfslock --	gen_context(system_u:object_r:bin_t,s0)
@@ -3525,7 +3530,7 @@ index 33e0f8d..baf1082 100644
  /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -298,16 +360,22 @@ ifdef(`distro_gentoo',`
+@@ -298,16 +362,22 @@ ifdef(`distro_gentoo',`
  /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/smolt/client(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/shorewall/compiler\.pl --	gen_context(system_u:object_r:bin_t,s0)
@@ -3550,7 +3555,7 @@ index 33e0f8d..baf1082 100644
  
  ifdef(`distro_debian',`
  /usr/lib/ConsoleKit/.*		--	gen_context(system_u:object_r:bin_t,s0)
-@@ -325,20 +393,27 @@ ifdef(`distro_redhat', `
+@@ -325,20 +395,27 @@ ifdef(`distro_redhat', `
  /etc/gdm/[^/]+			-d	gen_context(system_u:object_r:bin_t,s0)
  /etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
  
@@ -3579,7 +3584,7 @@ index 33e0f8d..baf1082 100644
  /usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/pydict/pydict\.py	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -346,6 +421,7 @@ ifdef(`distro_redhat', `
+@@ -346,6 +423,7 @@ ifdef(`distro_redhat', `
  /usr/share/ssl/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
@@ -3587,7 +3592,7 @@ index 33e0f8d..baf1082 100644
  /usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
-@@ -387,11 +463,16 @@ ifdef(`distro_suse', `
+@@ -387,11 +465,16 @@ ifdef(`distro_suse', `
  #
  # /var
  #
@@ -3605,7 +3610,7 @@ index 33e0f8d..baf1082 100644
  /usr/lib/yp/.+			--	gen_context(system_u:object_r:bin_t,s0)
  
  /var/qmail/bin			-d	gen_context(system_u:object_r:bin_t,s0)
-@@ -401,3 +482,12 @@ ifdef(`distro_suse', `
+@@ -401,3 +484,12 @@ ifdef(`distro_suse', `
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 0a7fd15..8a3e7db 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -15788,16 +15788,23 @@ index d5aa1e4..837e0a8 100644
 +    wdmd_rw_tmpfs(corosync_t)
 +')
 diff --git a/couchdb.fc b/couchdb.fc
-index c086302..4f33119 100644
+index c086302..5380ab6 100644
 --- a/couchdb.fc
 +++ b/couchdb.fc
-@@ -1,3 +1,6 @@
-+
+@@ -1,8 +1,10 @@
+-/etc/couchdb(/.*)?	gen_context(system_u:object_r:couchdb_conf_t,s0)
+-
+ /etc/rc\.d/init\.d/couchdb	--	gen_context(system_u:object_r:couchdb_initrc_exec_t,s0)
+ 
+-/usr/bin/couchdb	--	gen_context(system_u:object_r:couchdb_exec_t,s0)
 +/usr/lib/systemd/system/couchdb.*		--	gen_context(system_u:object_r:couchdb_unit_file_t,s0)
 +
- /etc/couchdb(/.*)?	gen_context(system_u:object_r:couchdb_conf_t,s0)
++/etc/couchdb(/.*)?	gen_context(system_u:object_r:couchdb_conf_t,s0)
++
++/usr/libexec/couchdb    --  gen_context(system_u:object_r:couchdb_exec_t,s0)
+ 
+ /var/lib/couchdb(/.*)?	gen_context(system_u:object_r:couchdb_var_lib_t,s0)
  
- /etc/rc\.d/init\.d/couchdb	--	gen_context(system_u:object_r:couchdb_initrc_exec_t,s0)
 diff --git a/couchdb.if b/couchdb.if
 index 715a826..3f0c0dc 100644
 --- a/couchdb.if
@@ -16028,7 +16035,7 @@ index 715a826..3f0c0dc 100644
 +	')
  ')
 diff --git a/couchdb.te b/couchdb.te
-index ae1c1b1..89e5702 100644
+index ae1c1b1..d461e44 100644
 --- a/couchdb.te
 +++ b/couchdb.te
 @@ -27,6 +27,9 @@ files_type(couchdb_var_lib_t)
@@ -16041,7 +16048,37 @@ index ae1c1b1..89e5702 100644
  ########################################
  #
  # Local policy
-@@ -79,10 +82,7 @@ dev_list_sysfs(couchdb_t)
+@@ -35,10 +38,10 @@ files_pid_file(couchdb_var_run_t)
+ allow couchdb_t self:process { setsched signal signull sigkill };
+ allow couchdb_t self:fifo_file rw_fifo_file_perms;
+ allow couchdb_t self:unix_stream_socket create_stream_socket_perms;
++allow couchdb_t self:unix_dgram_socket create_socket_perms;
+ allow couchdb_t self:tcp_socket { accept listen };
+ 
+-allow couchdb_t couchdb_conf_t:dir list_dir_perms;
+-allow couchdb_t couchdb_conf_t:file read_file_perms;
++manage_files_pattern(couchdb_t, couchdb_conf_t, couchdb_conf_t)
+ 
+ manage_dirs_pattern(couchdb_t, couchdb_log_t, couchdb_log_t)
+ append_files_pattern(couchdb_t, couchdb_log_t, couchdb_log_t)
+@@ -56,7 +59,7 @@ files_var_lib_filetrans(couchdb_t, couchdb_var_lib_t, dir)
+ 
+ manage_dirs_pattern(couchdb_t, couchdb_var_run_t, couchdb_var_run_t)
+ manage_files_pattern(couchdb_t, couchdb_var_run_t, couchdb_var_run_t)
+-files_pid_filetrans(couchdb_t, couchdb_var_run_t, dir)
++files_pid_filetrans(couchdb_t, couchdb_var_run_t, {file dir })
+ 
+ can_exec(couchdb_t, couchdb_exec_t)
+ 
+@@ -75,14 +78,15 @@ corenet_sendrecv_couchdb_server_packets(couchdb_t)
+ corenet_tcp_bind_couchdb_port(couchdb_t)
+ corenet_tcp_sendrecv_couchdb_port(couchdb_t)
+ 
++fs_getattr_all_files(couchdb_t)
++fs_getattr_all_dirs(couchdb_t)
++fs_getattr_all_fs(couchdb_t)
++
+ dev_list_sysfs(couchdb_t)
  dev_read_sysfs(couchdb_t)
  dev_read_urand(couchdb_t)
  
@@ -41598,7 +41635,7 @@ index dd8e01a..9cd6b0b 100644
  ## <param name="domain">
  ##	<summary>
 diff --git a/logrotate.te b/logrotate.te
-index be0ab84..83c6834 100644
+index be0ab84..3ebbcc0 100644
 --- a/logrotate.te
 +++ b/logrotate.te
 @@ -5,16 +5,22 @@ policy_module(logrotate, 1.15.0)
@@ -41840,7 +41877,7 @@ index be0ab84..83c6834 100644
  
  optional_policy(`
 -	psad_domtrans(logrotate_t)
-+    rabbitmq_domtrans_beam(logrotate_t)
++    rabbitmq_domtrans(logrotate_t)
 +')
 +
 +optional_policy(`
@@ -76450,11 +76487,21 @@ index f47c8e8..3710974 100644
 +    dbus_connect_system_bus(quota_nld_t)
  ')
 diff --git a/rabbitmq.fc b/rabbitmq.fc
-index c5ad6de..a48c318 100644
+index c5ad6de..2bf7656 100644
 --- a/rabbitmq.fc
 +++ b/rabbitmq.fc
-@@ -4,7 +4,11 @@
- /usr/lib/erlang/erts.*/bin/epmd	--	gen_context(system_u:object_r:rabbitmq_epmd_exec_t,s0)
+@@ -1,10 +1,19 @@
+ /etc/rc\.d/init\.d/rabbitmq-server	--	gen_context(system_u:object_r:rabbitmq_initrc_exec_t,s0)
+ 
+-/usr/lib/erlang/erts.*/bin/beam.*	--	gen_context(system_u:object_r:rabbitmq_beam_exec_t,s0)
+-/usr/lib/erlang/erts.*/bin/epmd	--	gen_context(system_u:object_r:rabbitmq_epmd_exec_t,s0)
++/usr/lib/systemd/system/rabbitmq-server.*   --  gen_context(system_u:object_r:rabbitmq_unit_file_t,s0)
++/usr/lib/systemd/system/ejabberd.*          --  gen_context(system_u:object_r:rabbitmq_unit_file_t,s0)
++
++/usr/lib/rabbitmq/lib/rabbitmq_server-.*/sbin/rabbitmq-server   --  gen_context(system_u:object_r:rabbitmq_exec_t,s0)
++/usr/lib/rabbitmq/lib/rabbitmq_server-.*/sbin/rabbitmqctl   --  gen_context(system_u:object_r:rabbitmq_exec_t,s0)
++
++/usr/bin/ejabberdctl    --      gen_context(system_u:object_r:rabbitmq_exec_t,s0)
  
  /var/lib/rabbitmq(/.*)?	gen_context(system_u:object_r:rabbitmq_var_lib_t,s0)
 +/var/lib/ejabberd(/.*)?	gen_context(system_u:object_r:rabbitmq_var_lib_t,s0)
@@ -76466,31 +76513,51 @@ index c5ad6de..a48c318 100644
  
  /var/run/rabbitmq(/.*)?	gen_context(system_u:object_r:rabbitmq_var_run_t,s0)
 diff --git a/rabbitmq.if b/rabbitmq.if
-index 2c3d338..cf3e5ad 100644
+index 2c3d338..7d49554 100644
 --- a/rabbitmq.if
 +++ b/rabbitmq.if
-@@ -10,13 +10,13 @@
- ## </summary>
- ## </param>
+@@ -38,12 +38,12 @@ interface(`rabbitmq_domtrans',`
  #
--interface(`rabbitmq_domtrans',`
-+interface(`rabbitmq_domtrans_beam',`
+ interface(`rabbitmq_admin',`
  	gen_require(`
--		type rabbitmq_t, rabbitmq_exec_t;
-+		type rabbitmq_beam_t, rabbitmq_beam_exec_t;
+-		type rabbitmq_epmd_t, rabbitmq_beam_t, rabbitmq_initrc_exec_t;
++		type rabbitmq_t, rabbitmq_initrc_exec_t;
+ 		type rabbitmq_var_lib_t, rabbitmq_var_log_t, rabbitmq_var_run_t;
  	')
  
- 	corecmd_search_bin($1)
--	domtrans_pattern($1, rabbitmq_exec_t, rabbitmq_t)
-+	domtrans_pattern($1, rabbitmq_beam_exec_t, rabbitmq_beam_t)
- ')
+-	allow $1 { rabbitmq_epmd_t rabbitmq_beam_t }:process { ptrace signal_perms };
+-	ps_process_pattern($1, { rabbitmq_epmd_t rabbitmq_beam_t })
++	allow $1 { rabbitmq_t }:process { ptrace signal_perms };
++	ps_process_pattern($1, rabbitmq_t)
  
- ########################################
+ 	init_labeled_script_domtrans($1, rabbitmq_initrc_exec_t)
+ 	domain_system_change_exemption($1)
 diff --git a/rabbitmq.te b/rabbitmq.te
-index dc3b0ed..7302746 100644
+index dc3b0ed..8c4255e 100644
 --- a/rabbitmq.te
 +++ b/rabbitmq.te
-@@ -19,6 +19,9 @@ init_script_file(rabbitmq_initrc_exec_t)
+@@ -5,13 +5,14 @@ policy_module(rabbitmq, 1.0.2)
+ # Declarations
+ #
+ 
+-type rabbitmq_epmd_t;
+-type rabbitmq_epmd_exec_t;
+-init_daemon_domain(rabbitmq_epmd_t, rabbitmq_epmd_exec_t)
++type rabbitmq_t;
++type rabbitmq_exec_t;
++init_daemon_domain(rabbitmq_t, rabbitmq_exec_t)
+ 
+-type rabbitmq_beam_t;
+-type rabbitmq_beam_exec_t;
+-init_daemon_domain(rabbitmq_beam_t, rabbitmq_beam_exec_t)
++typealias rabbitmq_t alias {rabbitmq_beam_t rabbitmq_epmd_t};
++
++type rabbitmq_unit_file_t;
++systemd_unit_file(rabbitmq_unit_file_t)
+ 
+ type rabbitmq_initrc_exec_t;
+ init_script_file(rabbitmq_initrc_exec_t)
+@@ -19,6 +20,9 @@ init_script_file(rabbitmq_initrc_exec_t)
  type rabbitmq_var_lib_t;
  files_type(rabbitmq_var_lib_t)
  
@@ -76500,139 +76567,178 @@ index dc3b0ed..7302746 100644
  type rabbitmq_var_log_t;
  logging_log_file(rabbitmq_var_log_t)
  
-@@ -30,20 +33,29 @@ files_pid_file(rabbitmq_var_run_t)
- # Beam local policy
- #
+@@ -27,98 +31,81 @@ files_pid_file(rabbitmq_var_run_t)
  
-+allow rabbitmq_beam_t self:capability setuid;
-+
- allow rabbitmq_beam_t self:process { setsched signal signull };
- allow rabbitmq_beam_t self:fifo_file rw_fifo_file_perms;
- allow rabbitmq_beam_t self:tcp_socket { accept listen };
- 
- manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
- manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
-+files_var_lib_filetrans(rabbitmq_beam_t, rabbitmq_var_lib_t, { dir file })
+ ######################################
+ #
+-# Beam local policy
++# Rabbitmq local policy
+ #
  
- manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
+-allow rabbitmq_beam_t self:process { setsched signal signull };
+-allow rabbitmq_beam_t self:fifo_file rw_fifo_file_perms;
+-allow rabbitmq_beam_t self:tcp_socket { accept listen };
+-
+-manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
+-manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
+-
+-manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
 -append_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
 -create_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
 -setattr_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
-+manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
-+logging_log_filetrans(rabbitmq_beam_t, rabbitmq_var_log_t, { dir file })
-+
-+manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_lock_t, rabbitmq_var_lock_t)
-+manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_lock_t, rabbitmq_var_lock_t)
-+files_lock_filetrans(rabbitmq_beam_t, rabbitmq_var_lock_t, file)
- 
- manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_run_t, rabbitmq_var_run_t)
- manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_run_t, rabbitmq_var_run_t)
-+files_pid_filetrans(rabbitmq_beam_t, rabbitmq_var_run_t, { dir file })
-+
-+ps_process_pattern(rabbitmq_beam_t, rabbitmq_epmd_t)
- 
- can_exec(rabbitmq_beam_t, rabbitmq_beam_exec_t)
- 
-@@ -55,57 +67,75 @@ kernel_read_fs_sysctls(rabbitmq_beam_t)
- corecmd_exec_bin(rabbitmq_beam_t)
- corecmd_exec_shell(rabbitmq_beam_t)
- 
-+corenet_tcp_bind_generic_node(rabbitmq_beam_t)
-+corenet_udp_bind_generic_node(rabbitmq_beam_t)
- corenet_all_recvfrom_unlabeled(rabbitmq_beam_t)
- corenet_all_recvfrom_netlabel(rabbitmq_beam_t)
- corenet_tcp_sendrecv_generic_if(rabbitmq_beam_t)
- corenet_tcp_sendrecv_generic_node(rabbitmq_beam_t)
- corenet_tcp_bind_generic_node(rabbitmq_beam_t)
-+corenet_tcp_connect_all_ephemeral_ports(rabbitmq_beam_t)
-+corenet_tcp_bind_all_ephemeral_ports(rabbitmq_beam_t)
- 
- corenet_sendrecv_amqp_server_packets(rabbitmq_beam_t)
+-
+-manage_dirs_pattern(rabbitmq_beam_t, rabbitmq_var_run_t, rabbitmq_var_run_t)
+-manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_run_t, rabbitmq_var_run_t)
+-
+-can_exec(rabbitmq_beam_t, rabbitmq_beam_exec_t)
+-
+-domtrans_pattern(rabbitmq_beam_t, rabbitmq_epmd_exec_t, rabbitmq_epmd_t)
+-
+-kernel_read_system_state(rabbitmq_beam_t)
+-kernel_read_fs_sysctls(rabbitmq_beam_t)
+-
+-corecmd_exec_bin(rabbitmq_beam_t)
+-corecmd_exec_shell(rabbitmq_beam_t)
+-
+-corenet_all_recvfrom_unlabeled(rabbitmq_beam_t)
+-corenet_all_recvfrom_netlabel(rabbitmq_beam_t)
+-corenet_tcp_sendrecv_generic_if(rabbitmq_beam_t)
+-corenet_tcp_sendrecv_generic_node(rabbitmq_beam_t)
+-corenet_tcp_bind_generic_node(rabbitmq_beam_t)
+-
+-corenet_sendrecv_amqp_server_packets(rabbitmq_beam_t)
 -corenet_tcp_bind_amqp_port(rabbitmq_beam_t)
 -corenet_tcp_sendrecv_amqp_port(rabbitmq_beam_t)
- 
- corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
-+corenet_tcp_sendrecv_amqp_port(rabbitmq_beam_t)
-+corenet_tcp_bind_amqp_port(rabbitmq_beam_t)
-+corenet_tcp_bind_couchdb_port(rabbitmq_beam_t)
-+corenet_tcp_bind_jabber_client_port(rabbitmq_beam_t)
-+corenet_tcp_bind_jabber_interserver_port(rabbitmq_beam_t)
-+corenet_tcp_bind_rabbitmq_port(rabbitmq_beam_t)
-+corenet_tcp_connect_amqp_port(rabbitmq_beam_t)
-+corenet_tcp_connect_couchdb_port(rabbitmq_beam_t)
- corenet_tcp_connect_epmd_port(rabbitmq_beam_t)
-+corenet_tcp_connect_jabber_interserver_port(rabbitmq_beam_t)
- corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t)
-+corenet_tcp_connect_http_port(rabbitmq_beam_t)
-+corenet_tcp_connect_rabbitmq_port(rabbitmq_beam_t)
- 
+-
+-corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
+-corenet_tcp_connect_epmd_port(rabbitmq_beam_t)
+-corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t)
+-
 -corenet_sendrecv_couchdb_server_packets(rabbitmq_beam_t)
 -corenet_tcp_bind_couchdb_port(rabbitmq_beam_t)
 -corenet_tcp_sendrecv_couchdb_port(rabbitmq_beam_t)
-+domain_read_all_domains_state(rabbitmq_beam_t)
- 
+-
 -dev_read_sysfs(rabbitmq_beam_t)
 -dev_read_urand(rabbitmq_beam_t)
-+files_getattr_all_mountpoints(rabbitmq_beam_t)
- 
- fs_getattr_all_fs(rabbitmq_beam_t)
-+fs_getattr_all_dirs(rabbitmq_beam_t)
-+fs_getattr_cgroup(rabbitmq_beam_t)
- fs_search_cgroup_dirs(rabbitmq_beam_t)
- 
+-
+-fs_getattr_all_fs(rabbitmq_beam_t)
+-fs_search_cgroup_dirs(rabbitmq_beam_t)
+-
 -files_read_etc_files(rabbitmq_beam_t)
-+dev_read_sysfs(rabbitmq_beam_t)
-+dev_read_urand(rabbitmq_beam_t)
- 
- storage_getattr_fixed_disk_dev(rabbitmq_beam_t)
- 
+-
+-storage_getattr_fixed_disk_dev(rabbitmq_beam_t)
+-
 -miscfiles_read_localization(rabbitmq_beam_t)
-+auth_read_passwd(rabbitmq_beam_t)
-+auth_use_pam(rabbitmq_beam_t)
- 
- sysnet_dns_name_resolve(rabbitmq_beam_t)
- 
+-
+-sysnet_dns_name_resolve(rabbitmq_beam_t)
+-
 - optional_policy(`
 -	couchdb_manage_lib_files(rabbitmq_beam_t)
 -	couchdb_read_conf_files(rabbitmq_beam_t)
 -	couchdb_read_log_files(rabbitmq_beam_t)
 -	couchdb_read_pid_files(rabbitmq_beam_t)
 - ')
-+logging_send_syslog_msg(rabbitmq_beam_t)
-+
-+optional_policy(`
-+    couchdb_manage_files(rabbitmq_beam_t)
-+')
-+
-+optional_policy(`
-+    dbus_system_bus_client(rabbitmq_beam_t)
-+')
- 
- ########################################
- #
- # Epmd local policy
- #
- 
 -
- allow rabbitmq_epmd_t self:process signal;
- allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms;
- allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms;
- allow rabbitmq_epmd_t self:unix_stream_socket { accept listen };
- 
+-########################################
+-#
+-# Epmd local policy
+-#
+-
+-
+-allow rabbitmq_epmd_t self:process signal;
+-allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms;
+-allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms;
+-allow rabbitmq_epmd_t self:unix_stream_socket { accept listen };
+-
 -allow rabbitmq_epmd_t rabbitmq_var_log_t:file append_file_perms;
-+allow rabbitmq_epmd_t rabbitmq_var_log_t:file manage_file_perms;
-+
-+manage_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
- 
- corenet_all_recvfrom_unlabeled(rabbitmq_epmd_t)
- corenet_all_recvfrom_netlabel(rabbitmq_epmd_t)
-@@ -117,8 +147,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
- corenet_tcp_bind_epmd_port(rabbitmq_epmd_t)
- corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t)
- 
+-
+-corenet_all_recvfrom_unlabeled(rabbitmq_epmd_t)
+-corenet_all_recvfrom_netlabel(rabbitmq_epmd_t)
+-corenet_tcp_sendrecv_generic_if(rabbitmq_epmd_t)
+-corenet_tcp_sendrecv_generic_node(rabbitmq_epmd_t)
+-corenet_tcp_bind_generic_node(rabbitmq_epmd_t)
+-
+-corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
+-corenet_tcp_bind_epmd_port(rabbitmq_epmd_t)
+-corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t)
+-
 -files_read_etc_files(rabbitmq_epmd_t)
 -
- logging_send_syslog_msg(rabbitmq_epmd_t)
+-logging_send_syslog_msg(rabbitmq_epmd_t)
++allow rabbitmq_t self:capability setuid;
++
++allow rabbitmq_t self:process { setsched signal signull };
++allow rabbitmq_t self:fifo_file rw_fifo_file_perms;
++allow rabbitmq_t self:tcp_socket { accept listen };
++
++manage_dirs_pattern(rabbitmq_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
++manage_files_pattern(rabbitmq_t, rabbitmq_var_lib_t, rabbitmq_var_lib_t)
++files_var_lib_filetrans(rabbitmq_t, rabbitmq_var_lib_t, { dir file })
++
++manage_dirs_pattern(rabbitmq_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
++manage_files_pattern(rabbitmq_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
++logging_log_filetrans(rabbitmq_t, rabbitmq_var_log_t, { dir file })
++
++manage_dirs_pattern(rabbitmq_t, rabbitmq_var_lock_t, rabbitmq_var_lock_t)
++manage_files_pattern(rabbitmq_t, rabbitmq_var_lock_t, rabbitmq_var_lock_t)
++files_lock_filetrans(rabbitmq_t, rabbitmq_var_lock_t, file)
++
++manage_dirs_pattern(rabbitmq_t, rabbitmq_var_run_t, rabbitmq_var_run_t)
++manage_files_pattern(rabbitmq_t, rabbitmq_var_run_t, rabbitmq_var_run_t)
++files_pid_filetrans(rabbitmq_t, rabbitmq_var_run_t, { dir file })
++
++kernel_read_system_state(rabbitmq_t)
++kernel_read_fs_sysctls(rabbitmq_t)
++
++corecmd_exec_bin(rabbitmq_t)
++corecmd_exec_shell(rabbitmq_t)
++
++corenet_tcp_bind_generic_node(rabbitmq_t)
++corenet_udp_bind_generic_node(rabbitmq_t)
++corenet_all_recvfrom_unlabeled(rabbitmq_t)
++corenet_all_recvfrom_netlabel(rabbitmq_t)
++corenet_tcp_sendrecv_generic_if(rabbitmq_t)
++corenet_tcp_sendrecv_generic_node(rabbitmq_t)
++corenet_tcp_bind_generic_node(rabbitmq_t)
++corenet_tcp_connect_all_ephemeral_ports(rabbitmq_t)
++corenet_tcp_bind_all_ephemeral_ports(rabbitmq_t)
++corenet_sendrecv_amqp_server_packets(rabbitmq_t)
++corenet_sendrecv_epmd_client_packets(rabbitmq_t)
++corenet_tcp_sendrecv_amqp_port(rabbitmq_t)
++corenet_tcp_bind_amqp_port(rabbitmq_t)
++corenet_tcp_bind_epmd_port(rabbitmq_t)
++corenet_tcp_bind_jabber_client_port(rabbitmq_t)
++corenet_tcp_bind_jabber_interserver_port(rabbitmq_t)
++corenet_tcp_bind_rabbitmq_port(rabbitmq_t)
++corenet_tcp_connect_epmd_port(rabbitmq_t)
++corenet_tcp_connect_jabber_interserver_port(rabbitmq_t)
++corenet_tcp_sendrecv_epmd_port(rabbitmq_t)
++corenet_tcp_connect_http_port(rabbitmq_t)
++corenet_tcp_connect_rabbitmq_port(rabbitmq_t)
++
++domain_read_all_domains_state(rabbitmq_t)
++
++auth_read_passwd(rabbitmq_t)
++auth_use_pam(rabbitmq_t)
++files_getattr_all_mountpoints(rabbitmq_t)
++
++fs_getattr_all_fs(rabbitmq_t)
++fs_getattr_all_dirs(rabbitmq_t)
++fs_getattr_cgroup(rabbitmq_t)
++fs_search_cgroup_dirs(rabbitmq_t)
++
++dev_read_sysfs(rabbitmq_t)
++dev_read_urand(rabbitmq_t)
++
++storage_getattr_fixed_disk_dev(rabbitmq_t)
++
++sysnet_dns_name_resolve(rabbitmq_t)
++
++logging_send_syslog_msg(rabbitmq_t)
++
++optional_policy(`
++    dbus_system_bus_client(rabbitmq_t)
++')
  
 -miscfiles_read_localization(rabbitmq_epmd_t)
 diff --git a/radius.fc b/radius.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1cfcaed..ee0b298 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 80%{?dist}
+Release: 81%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -602,6 +602,19 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Thu Sep 11 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-81
+- Label /usr/lib/erlang/erts.*/bin files as bin_t
+- Added changes related to rabbitmq daemon.
+- Fix labeling in couchdb policy
+- Allow rabbitmq bind on epmd port
+- Clean up rabbitmq policy
+- fix domtrans_rabbitmq interface
+- Added rabbitmq_beam_t and rabbitmq_epmd_t alias
+- Allow couchdb to getattr
+- Allow couchdb write to couchdb_conf files
+- Allow couchdb to create dgram_sockets
+- Added support for ejabberd
+
 * Wed Sep 10 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-80
 - Back port workaround for #1134389 from F20. It needs to be removed from rawhide once we ship F21.
 - Since docker will now label volumes we can tighten the security of docker