diff --git a/container-selinux.tgz b/container-selinux.tgz
index 94eaa5e..1edbc64 100644
Binary files a/container-selinux.tgz and b/container-selinux.tgz differ
diff --git a/policy-f26-base.patch b/policy-f26-base.patch
index a73b9f6..119e44d 100644
--- a/policy-f26-base.patch
+++ b/policy-f26-base.patch
@@ -6050,7 +6050,7 @@ index 8e0f9cd14..b9f45b996 100644
define(`create_packet_interfaces',``
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index b191055f9..0582f6d26 100644
+index b191055f9..37d51775f 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2)
@@ -6269,7 +6269,7 @@ index b191055f9..0582f6d26 100644
network_port(ktalkd, udp,517,s0, udp,518,s0)
-network_port(l2tp, tcp,1701,s0, udp,1701,s0)
-network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
-+network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0, tcp, 7389,s0)
++network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0, tcp,3269,s0, tcp, 7389,s0)
network_port(lirc, tcp,8765,s0)
-network_port(lmtp, tcp,24,s0, udp,24,s0)
+network_port(luci, tcp,8084,s0)
@@ -36320,7 +36320,7 @@ index 79a45f62e..2dad86533 100644
+ allow $1 init_var_lib_t:dir search_dir_perms;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index 17eda2480..c9e91f8e1 100644
+index 17eda2480..e0e67bbdb 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -11,10 +11,31 @@ gen_require(`
@@ -36681,24 +36681,24 @@ index 17eda2480..c9e91f8e1 100644
+optional_policy(`
+ kdump_read_crash(init_t)
+ kdump_read_config(init_t)
- ')
-
- optional_policy(`
-- auth_rw_login_records(init_t)
++')
++
++optional_policy(`
+ gnome_filetrans_home_content(init_t)
+ gnome_manage_data(init_t)
+ gnome_manage_config(init_t)
- ')
-
- optional_policy(`
-+ gssproxy_noatsecure(init_t)
+')
+
+optional_policy(`
++ gssproxy_noatsecure(init_t)
+ ')
+
+ optional_policy(`
+- auth_rw_login_records(init_t)
+ rpc_gssd_noatsecure(init_t)
-+')
-+
-+optional_policy(`
+ ')
+
+ optional_policy(`
+ anaconda_domtrans_install(init_t)
+')
+
@@ -36933,7 +36933,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -216,7 +629,30 @@ optional_policy(`
+@@ -216,7 +629,34 @@ optional_policy(`
')
optional_policy(`
@@ -36947,6 +36947,10 @@ index 17eda2480..c9e91f8e1 100644
+')
+
+optional_policy(`
++ sysnet_filetrans_cloud_net_conf(init_t)
++')
++
++optional_policy(`
+ udev_read_db(init_t)
+ udev_relabelto_db(init_t)
+ udev_create_kobject_uevent_socket(init_t)
@@ -36965,7 +36969,7 @@ index 17eda2480..c9e91f8e1 100644
')
########################################
-@@ -225,9 +661,9 @@ optional_policy(`
+@@ -225,9 +665,9 @@ optional_policy(`
#
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -36977,7 +36981,7 @@ index 17eda2480..c9e91f8e1 100644
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
-@@ -258,12 +694,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
+@@ -258,12 +698,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
allow initrc_t initrc_var_run_t:file manage_file_perms;
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
@@ -36994,7 +36998,7 @@ index 17eda2480..c9e91f8e1 100644
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
-@@ -279,23 +719,36 @@ kernel_change_ring_buffer_level(initrc_t)
+@@ -279,23 +723,36 @@ kernel_change_ring_buffer_level(initrc_t)
kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t)
kernel_read_all_sysctls(initrc_t)
@@ -37037,7 +37041,7 @@ index 17eda2480..c9e91f8e1 100644
corenet_tcp_sendrecv_all_ports(initrc_t)
corenet_udp_sendrecv_all_ports(initrc_t)
corenet_tcp_connect_all_ports(initrc_t)
-@@ -303,9 +756,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
+@@ -303,9 +760,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
dev_read_rand(initrc_t)
dev_read_urand(initrc_t)
@@ -37049,7 +37053,7 @@ index 17eda2480..c9e91f8e1 100644
dev_rw_sysfs(initrc_t)
dev_list_usbfs(initrc_t)
dev_read_framebuffer(initrc_t)
-@@ -313,8 +768,10 @@ dev_write_framebuffer(initrc_t)
+@@ -313,8 +772,10 @@ dev_write_framebuffer(initrc_t)
dev_read_realtime_clock(initrc_t)
dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t)
@@ -37060,7 +37064,7 @@ index 17eda2480..c9e91f8e1 100644
dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t)
-@@ -322,8 +779,7 @@ dev_manage_generic_files(initrc_t)
+@@ -322,8 +783,7 @@ dev_manage_generic_files(initrc_t)
dev_delete_generic_symlinks(initrc_t)
dev_getattr_all_blk_files(initrc_t)
dev_getattr_all_chr_files(initrc_t)
@@ -37070,7 +37074,7 @@ index 17eda2480..c9e91f8e1 100644
domain_kill_all_domains(initrc_t)
domain_signal_all_domains(initrc_t)
-@@ -332,7 +788,6 @@ domain_sigstop_all_domains(initrc_t)
+@@ -332,7 +792,6 @@ domain_sigstop_all_domains(initrc_t)
domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t)
@@ -37078,7 +37082,7 @@ index 17eda2480..c9e91f8e1 100644
domain_getsession_all_domains(initrc_t)
domain_use_interactive_fds(initrc_t)
# for lsof which is used by alsa shutdown:
-@@ -340,6 +795,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
+@@ -340,6 +799,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
domain_dontaudit_getattr_all_pipes(initrc_t)
@@ -37086,7 +37090,7 @@ index 17eda2480..c9e91f8e1 100644
files_getattr_all_dirs(initrc_t)
files_getattr_all_files(initrc_t)
-@@ -347,14 +803,15 @@ files_getattr_all_symlinks(initrc_t)
+@@ -347,14 +807,15 @@ files_getattr_all_symlinks(initrc_t)
files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t)
@@ -37104,7 +37108,7 @@ index 17eda2480..c9e91f8e1 100644
files_read_usr_files(initrc_t)
files_manage_urandom_seed(initrc_t)
files_manage_generic_spool(initrc_t)
-@@ -364,8 +821,12 @@ files_list_isid_type_dirs(initrc_t)
+@@ -364,8 +825,12 @@ files_list_isid_type_dirs(initrc_t)
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -37118,7 +37122,7 @@ index 17eda2480..c9e91f8e1 100644
fs_list_inotifyfs(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
-@@ -375,10 +836,11 @@ fs_mount_all_fs(initrc_t)
+@@ -375,10 +840,11 @@ fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
@@ -37132,7 +37136,7 @@ index 17eda2480..c9e91f8e1 100644
mcs_process_set_categories(initrc_t)
mls_file_read_all_levels(initrc_t)
-@@ -387,8 +849,10 @@ mls_process_read_up(initrc_t)
+@@ -387,8 +853,10 @@ mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
@@ -37143,7 +37147,7 @@ index 17eda2480..c9e91f8e1 100644
storage_getattr_fixed_disk_dev(initrc_t)
storage_setattr_fixed_disk_dev(initrc_t)
-@@ -398,6 +862,7 @@ term_use_all_terms(initrc_t)
+@@ -398,6 +866,7 @@ term_use_all_terms(initrc_t)
term_reset_tty_labels(initrc_t)
auth_rw_login_records(initrc_t)
@@ -37151,7 +37155,7 @@ index 17eda2480..c9e91f8e1 100644
auth_setattr_login_records(initrc_t)
auth_rw_lastlog(initrc_t)
auth_read_pam_pid(initrc_t)
-@@ -416,20 +881,18 @@ logging_read_all_logs(initrc_t)
+@@ -416,20 +885,18 @@ logging_read_all_logs(initrc_t)
logging_append_all_logs(initrc_t)
logging_read_audit_config(initrc_t)
@@ -37175,7 +37179,7 @@ index 17eda2480..c9e91f8e1 100644
ifdef(`distro_debian',`
dev_setattr_generic_dirs(initrc_t)
-@@ -451,7 +914,6 @@ ifdef(`distro_gentoo',`
+@@ -451,7 +918,6 @@ ifdef(`distro_gentoo',`
allow initrc_t self:process setfscreate;
dev_create_null_dev(initrc_t)
dev_create_zero_dev(initrc_t)
@@ -37183,7 +37187,7 @@ index 17eda2480..c9e91f8e1 100644
term_create_console_dev(initrc_t)
# unfortunately /sbin/rc does stupid tricks
-@@ -486,6 +948,10 @@ ifdef(`distro_gentoo',`
+@@ -486,6 +952,10 @@ ifdef(`distro_gentoo',`
sysnet_setattr_config(initrc_t)
optional_policy(`
@@ -37194,7 +37198,7 @@ index 17eda2480..c9e91f8e1 100644
alsa_read_lib(initrc_t)
')
-@@ -506,7 +972,7 @@ ifdef(`distro_redhat',`
+@@ -506,7 +976,7 @@ ifdef(`distro_redhat',`
# Red Hat systems seem to have a stray
# fd open from the initrd
@@ -37203,7 +37207,7 @@ index 17eda2480..c9e91f8e1 100644
files_dontaudit_read_root_files(initrc_t)
# These seem to be from the initrd
-@@ -521,6 +987,7 @@ ifdef(`distro_redhat',`
+@@ -521,6 +991,7 @@ ifdef(`distro_redhat',`
files_create_boot_dirs(initrc_t)
files_create_boot_flag(initrc_t)
files_rw_boot_symlinks(initrc_t)
@@ -37211,7 +37215,7 @@ index 17eda2480..c9e91f8e1 100644
# wants to read /.fonts directory
files_read_default_files(initrc_t)
files_mountpoint(initrc_tmp_t)
-@@ -541,6 +1008,7 @@ ifdef(`distro_redhat',`
+@@ -541,6 +1012,7 @@ ifdef(`distro_redhat',`
miscfiles_rw_localization(initrc_t)
miscfiles_setattr_localization(initrc_t)
miscfiles_relabel_localization(initrc_t)
@@ -37219,7 +37223,7 @@ index 17eda2480..c9e91f8e1 100644
miscfiles_read_fonts(initrc_t)
miscfiles_read_hwdata(initrc_t)
-@@ -550,8 +1018,44 @@ ifdef(`distro_redhat',`
+@@ -550,8 +1022,44 @@ ifdef(`distro_redhat',`
')
optional_policy(`
@@ -37264,7 +37268,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -559,14 +1063,31 @@ ifdef(`distro_redhat',`
+@@ -559,14 +1067,31 @@ ifdef(`distro_redhat',`
rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t)
')
@@ -37296,7 +37300,7 @@ index 17eda2480..c9e91f8e1 100644
')
')
-@@ -577,6 +1098,39 @@ ifdef(`distro_suse',`
+@@ -577,6 +1102,39 @@ ifdef(`distro_suse',`
')
')
@@ -37336,7 +37340,7 @@ index 17eda2480..c9e91f8e1 100644
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -589,6 +1143,8 @@ optional_policy(`
+@@ -589,6 +1147,8 @@ optional_policy(`
optional_policy(`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
@@ -37345,7 +37349,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -610,6 +1166,7 @@ optional_policy(`
+@@ -610,6 +1170,7 @@ optional_policy(`
optional_policy(`
cgroup_stream_connect_cgred(initrc_t)
@@ -37353,7 +37357,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -626,6 +1183,17 @@ optional_policy(`
+@@ -626,6 +1187,17 @@ optional_policy(`
')
optional_policy(`
@@ -37371,7 +37375,7 @@ index 17eda2480..c9e91f8e1 100644
dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t)
-@@ -642,9 +1210,13 @@ optional_policy(`
+@@ -642,9 +1214,13 @@ optional_policy(`
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -37385,7 +37389,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -657,15 +1229,11 @@ optional_policy(`
+@@ -657,15 +1233,11 @@ optional_policy(`
')
optional_policy(`
@@ -37403,7 +37407,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -686,6 +1254,15 @@ optional_policy(`
+@@ -686,6 +1258,15 @@ optional_policy(`
')
optional_policy(`
@@ -37419,7 +37423,7 @@ index 17eda2480..c9e91f8e1 100644
inn_exec_config(initrc_t)
')
-@@ -726,6 +1303,7 @@ optional_policy(`
+@@ -726,6 +1307,7 @@ optional_policy(`
lpd_list_spool(initrc_t)
lpd_read_config(initrc_t)
@@ -37427,7 +37431,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -743,7 +1321,13 @@ optional_policy(`
+@@ -743,7 +1325,13 @@ optional_policy(`
')
optional_policy(`
@@ -37442,7 +37446,7 @@ index 17eda2480..c9e91f8e1 100644
mta_dontaudit_read_spool_symlinks(initrc_t)
')
-@@ -766,6 +1350,10 @@ optional_policy(`
+@@ -766,6 +1354,10 @@ optional_policy(`
')
optional_policy(`
@@ -37453,7 +37457,7 @@ index 17eda2480..c9e91f8e1 100644
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-@@ -775,10 +1363,20 @@ optional_policy(`
+@@ -775,10 +1367,20 @@ optional_policy(`
')
optional_policy(`
@@ -37474,7 +37478,7 @@ index 17eda2480..c9e91f8e1 100644
quota_manage_flags(initrc_t)
')
-@@ -787,6 +1385,10 @@ optional_policy(`
+@@ -787,6 +1389,10 @@ optional_policy(`
')
optional_policy(`
@@ -37485,7 +37489,7 @@ index 17eda2480..c9e91f8e1 100644
fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t)
-@@ -808,8 +1410,6 @@ optional_policy(`
+@@ -808,8 +1414,6 @@ optional_policy(`
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -37494,7 +37498,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -818,6 +1418,10 @@ optional_policy(`
+@@ -818,6 +1422,10 @@ optional_policy(`
')
optional_policy(`
@@ -37505,7 +37509,7 @@ index 17eda2480..c9e91f8e1 100644
# shorewall-init script run /var/lib/shorewall/firewall
shorewall_lib_domtrans(initrc_t)
')
-@@ -827,10 +1431,12 @@ optional_policy(`
+@@ -827,10 +1435,12 @@ optional_policy(`
squid_manage_logs(initrc_t)
')
@@ -37518,7 +37522,7 @@ index 17eda2480..c9e91f8e1 100644
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -857,21 +1463,62 @@ optional_policy(`
+@@ -857,21 +1467,62 @@ optional_policy(`
')
optional_policy(`
@@ -37582,7 +37586,7 @@ index 17eda2480..c9e91f8e1 100644
')
optional_policy(`
-@@ -887,6 +1534,10 @@ optional_policy(`
+@@ -887,6 +1538,10 @@ optional_policy(`
')
optional_policy(`
@@ -37593,7 +37597,7 @@ index 17eda2480..c9e91f8e1 100644
# Set device ownerships/modes.
xserver_setattr_console_pipes(initrc_t)
-@@ -897,3 +1548,218 @@ optional_policy(`
+@@ -897,3 +1552,218 @@ optional_policy(`
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -45247,10 +45251,10 @@ index 1447687d5..0b1da4d3e 100644
seutil_read_config(setrans_t)
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
-index 40edc18ab..95f4458d2 100644
+index 40edc18ab..be7317733 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
-@@ -17,23 +17,29 @@ ifdef(`distro_debian',`
+@@ -17,23 +17,31 @@ ifdef(`distro_debian',`
/etc/dhclient.*conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -45282,10 +45286,12 @@ index 40edc18ab..95f4458d2 100644
+/var/run/systemd/resolve/resolv\.conf -- gen_context(system_u:object_r:net_conf_t,s0)
')
+/var/run/NetworkManager/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
++
++/var/run/cloud-init(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
#
# /sbin
-@@ -44,6 +50,7 @@ ifdef(`distro_redhat',`
+@@ -44,6 +52,7 @@ ifdef(`distro_redhat',`
/sbin/ethtool -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
@@ -45293,7 +45299,7 @@ index 40edc18ab..95f4458d2 100644
/sbin/ipx_configure -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ipx_interface -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ipx_internal_net -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
-@@ -55,6 +62,21 @@ ifdef(`distro_redhat',`
+@@ -55,6 +64,21 @@ ifdef(`distro_redhat',`
#
# /usr
#
@@ -45315,7 +45321,7 @@ index 40edc18ab..95f4458d2 100644
/usr/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
#
-@@ -77,3 +99,6 @@ ifdef(`distro_debian',`
+@@ -77,3 +101,6 @@ ifdef(`distro_debian',`
/var/run/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
')
@@ -45323,7 +45329,7 @@ index 40edc18ab..95f4458d2 100644
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
+
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 2cea692c0..e3cb4f2ef 100644
+index 2cea692c0..853ddefe4 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -45750,7 +45756,7 @@ index 2cea692c0..e3cb4f2ef 100644
corenet_tcp_sendrecv_generic_if($1)
corenet_udp_sendrecv_generic_if($1)
corenet_tcp_sendrecv_generic_node($1)
-@@ -796,3 +1057,144 @@ interface(`sysnet_use_portmap',`
+@@ -796,3 +1057,162 @@ interface(`sysnet_use_portmap',`
sysnet_read_config($1)
')
@@ -45895,6 +45901,24 @@ index 2cea692c0..e3cb4f2ef 100644
+
+ files_etc_filetrans($1, net_conf_t, file)
+')
++
++########################################
++##
++## Transition to cloud-init named content
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`sysnet_filetrans_cloud_net_conf',`
++ gen_require(`
++ type net_conf_t;
++ ')
++
++ files_pid_filetrans($1, net_conf_t, dir, "cloud-init")
++')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index a392fc4bc..95c64150b 100644
--- a/policy/modules/system/sysnetwork.te
@@ -48259,10 +48283,10 @@ index 000000000..d1356af89
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644
-index 000000000..e7c2cc70b
+index 000000000..1927b4fc0
--- /dev/null
+++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,1021 @@
+@@ -0,0 +1,1025 @@
+policy_module(systemd, 1.0.0)
+
+#######################################
@@ -48571,6 +48595,10 @@ index 000000000..e7c2cc70b
+')
+
+optional_policy(`
++ nis_use_ypbind(systemd_logind_t)
++')
++
++optional_policy(`
+ rpm_dbus_chat(systemd_logind_t)
+')
+
diff --git a/policy-f26-contrib.patch b/policy-f26-contrib.patch
index b56963d..e9d0945 100644
--- a/policy-f26-contrib.patch
+++ b/policy-f26-contrib.patch
@@ -111177,10 +111177,10 @@ index 000000000..368e18842
+')
diff --git a/tlp.te b/tlp.te
new file mode 100644
-index 000000000..761cc35b0
+index 000000000..1ef713150
--- /dev/null
+++ b/tlp.te
-@@ -0,0 +1,80 @@
+@@ -0,0 +1,84 @@
+policy_module(tlp, 1.0.0)
+
+########################################
@@ -111261,6 +111261,10 @@ index 000000000..761cc35b0
+optional_policy(`
+ mount_domtrans(tlp_t)
+')
++
++optional_policy(`
++ sssd_stream_connect(tlp_t)
++')
diff --git a/tmpreaper.te b/tmpreaper.te
index 585a77f95..a7cb3263d 100644
--- a/tmpreaper.te
@@ -111833,10 +111837,10 @@ index 000000000..e5cec8fda
+')
diff --git a/tomcat.te b/tomcat.te
new file mode 100644
-index 000000000..c4a59211f
+index 000000000..95e882f21
--- /dev/null
+++ b/tomcat.te
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,72 @@
+policy_module(tomcat, 1.0.0)
+
+########################################
@@ -111893,6 +111897,7 @@ index 000000000..c4a59211f
+corenet_tcp_connect_mxi_port(tomcat_domain)
+corenet_tcp_connect_http_cache_port(tomcat_domain)
+corenet_tcp_connect_mssql_port(tomcat_domain)
++corenet_tcp_connect_mysqld_port(tomcat_domain)
+
+dev_read_rand(tomcat_domain)
+dev_read_urand(tomcat_domain)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ad08eae..800f79e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 260.9%{?dist}
+Release: 260.10%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -682,6 +682,14 @@ exit 0
%endif
%changelog
+* Fri Sep 29 2017 Lukas Vrabec - 3.13.1-260.10
+- Allow tlp_t domain stream connect to sssd_t domain
+- Allow tomcat to connect on mysqld tcp ports
+- Add ctdbd_t domain sys_source capability and allow setrlimit
+- Allow cloud-init to create /var/run/cloud-init dir with net_conf_t SELinux label.BZ(1489166)
+- Label tcp port 3269 as ldap_port_t
+- Allow systemd-logind to use ypbind
+
* Thu Sep 14 2017 Lukas Vrabec - 3.13.1-260.9
- Allow svirt_t read userdomain state
- Fix keepalived SELinux module