diff --git a/docker-selinux.tgz b/docker-selinux.tgz
index cf78633..9778f1a 100644
Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ
diff --git a/policy-f24-base.patch b/policy-f24-base.patch
index a628669..b31891e 100644
--- a/policy-f24-base.patch
+++ b/policy-f24-base.patch
@@ -5782,7 +5782,7 @@ index 8e0f9cd..b9f45b9 100644
define(`create_packet_interfaces',``
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index b191055..58a4018 100644
+index b191055..90ffe79 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2)
@@ -5856,7 +5856,15 @@ index b191055..58a4018 100644
# reserved_port_t is the type of INET port numbers below 1024.
#
type reserved_port_t, port_type, reserved_port_type;
-@@ -83,56 +106,72 @@ network_port(agentx, udp,705,s0, tcp,705,s0)
+@@ -76,63 +99,79 @@ type server_packet_t, packet_type, server_packet_type;
+ network_port(afs_bos, udp,7007,s0)
+ network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
+ network_port(afs_ka, udp,7004,s0)
+-network_port(afs_pt, udp,7002,s0)
++network_port(afs_pt, tcp,7002,s0, udp,7002,s0)
+ network_port(afs_vl, udp,7003,s0)
+ network_port(afs3_callback, tcp,7001,s0, udp,7001,s0)
+ network_port(agentx, udp,705,s0, tcp,705,s0)
network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0)
@@ -5938,7 +5946,7 @@ index b191055..58a4018 100644
network_port(gopher, tcp,70,s0, udp,70,s0)
network_port(gpsd, tcp,2947,s0)
network_port(hadoop_datanode, tcp,50010,s0)
-@@ -140,45 +179,58 @@ network_port(hadoop_namenode, tcp,8020,s0)
+@@ -140,45 +179,60 @@ network_port(hadoop_namenode, tcp,8020,s0)
network_port(hddtemp, tcp,7634,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0)
@@ -5946,6 +5954,7 @@ index b191055..58a4018 100644
-network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
+network_port(http, tcp,80,s0, tcp,81,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0,tcp,9000, s0) #8443 is mod_nss default port
+network_port(http_cache, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,8123,s0, tcp,10001-10010,s0) # 8118 is for privoxy
++network_port(intermapper, tcp,8181,s0)
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
-network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
@@ -5998,6 +6007,7 @@ index b191055..58a4018 100644
+network_port(lsm_plugin, tcp,18700,s0)
+network_port(l2tp, tcp,1701,s0, udp,1701,s0)
network_port(mail, tcp,2000,s0, tcp,3905,s0)
++network_port(mailbox, tcp,2004,s0)
network_port(matahari, tcp,49000,s0, udp,49000,s0)
network_port(memcache, tcp,11211,s0, udp,11211,s0)
-network_port(milter) # no defined portcon
@@ -6012,7 +6022,7 @@ index b191055..58a4018 100644
network_port(msnp, tcp,1863,s0, udp,1863,s0)
network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
network_port(ms_streaming, tcp,1755,s0, udp,1755,s0)
-@@ -186,101 +238,127 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
+@@ -186,101 +240,129 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
network_port(mxi, tcp,8005,s0, udp,8005,s0)
network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
network_port(mysqlmanagerd, tcp,2273,s0)
@@ -6153,12 +6163,14 @@ index b191055..58a4018 100644
network_port(wsicopy, tcp,3378,s0, udp,3378,s0)
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
++network_port(xinuexpansion3, tcp,2023,s0, udp,2023,s0)
++network_port(xinuexpansion4, tcp,2024,s0, udp,2024,s0)
network_port(xfs, tcp,7100,s0)
+network_port(xodbc_connect, tcp,6632,s0)
network_port(xserver, tcp,6000-6020,s0)
network_port(zarafa, tcp,236,s0, tcp,237,s0)
network_port(zabbix, tcp,10051,s0)
-@@ -288,19 +366,23 @@ network_port(zabbix_agent, tcp,10050,s0)
+@@ -288,19 +370,23 @@ network_port(zabbix_agent, tcp,10050,s0)
network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0)
@@ -6185,7 +6197,7 @@ index b191055..58a4018 100644
########################################
#
-@@ -333,6 +415,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
+@@ -333,6 +419,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
build_option(`enable_mls',`
network_interface(lo, lo, s0 - mls_systemhigh)
@@ -6194,7 +6206,7 @@ index b191055..58a4018 100644
',`
typealias netif_t alias { lo_netif_t netif_lo_t };
')
-@@ -345,9 +429,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -345,9 +433,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *;
@@ -27689,10 +27701,10 @@ index 0306134..bb5f3dd 100644
+ ')
+')
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
-index 76d9f66..5c271ce 100644
+index 76d9f66..7528851 100644
--- a/policy/modules/services/ssh.fc
+++ b/policy/modules/services/ssh.fc
-@@ -1,16 +1,41 @@
+@@ -1,16 +1,42 @@
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.ansible/cp/.* -s gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
@@ -27726,6 +27738,7 @@ index 76d9f66..5c271ce 100644
+/usr/libexec/nm-ssh-service -- gen_context(system_u:object_r:ssh_exec_t,s0)
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
++/usr/libexec/openssh/sshd-keygen -- gen_context(system_u:object_r:sshd_keygen_exec_t,s0)
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
+/usr/sbin/sshd-keygen -- gen_context(system_u:object_r:sshd_keygen_exec_t,s0)
@@ -39511,7 +39524,7 @@ index 808ba93..57a68da 100644
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
+')
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
-index 54f8fa5..1584203 100644
+index 54f8fa5..544b8e3 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -32,14 +32,14 @@ files_tmp_file(ldconfig_tmp_t)
@@ -39605,10 +39618,14 @@ index 54f8fa5..1584203 100644
optional_policy(`
unconfined_dontaudit_rw_tcp_sockets(ldconfig_t)
')
-@@ -131,6 +150,14 @@ optional_policy(`
+@@ -131,6 +150,18 @@ optional_policy(`
')
optional_policy(`
++ glusterd_dontaudit_read_lib_dirs(ldconfig_t)
++')
++
++optional_policy(`
+ gnome_append_generic_cache_files(ldconfig_t)
+')
+
@@ -39620,7 +39637,7 @@ index 54f8fa5..1584203 100644
puppet_rw_tmp(ldconfig_t)
')
-@@ -141,6 +168,3 @@ optional_policy(`
+@@ -141,6 +172,3 @@ optional_policy(`
rpm_manage_script_tmp_files(ldconfig_t)
')
@@ -41076,7 +41093,7 @@ index 59b04c1..6810e0b 100644
+
+logging_stream_connect_syslog(syslog_client_type)
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
-index 6b91740..3af8a10 100644
+index 6b91740..7c98978 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -23,6 +23,8 @@ ifdef(`distro_gentoo',`
@@ -41117,7 +41134,7 @@ index 6b91740..3af8a10 100644
/sbin/lvreduce -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvremove -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvrename -- gen_context(system_u:object_r:lvm_exec_t,s0)
-@@ -89,8 +96,76 @@ ifdef(`distro_gentoo',`
+@@ -89,8 +96,77 @@ ifdef(`distro_gentoo',`
#
# /usr
#
@@ -41191,12 +41208,13 @@ index 6b91740..3af8a10 100644
+/usr/lib/systemd/systemd-cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
+/usr/lib/systemd/system-generators/lvm2.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
+/usr/lib/storaged/storaged -- gen_context(system_u:object_r:lvm_exec_t,s0)
++/usr/libexec/storaged/storaged -- gen_context(system_u:object_r:lvm_exec_t,s0)
+/usr/lib/storaged/storaged-lvm-helper -- gen_context(system_u:object_r:lvm_exec_t,s0)
+/usr/lib/udev/udisks-lvm-pv-export -- gen_context(system_u:object_r:lvm_exec_t,s0)
#
# /var
-@@ -98,5 +173,9 @@ ifdef(`distro_gentoo',`
+@@ -98,5 +174,9 @@ ifdef(`distro_gentoo',`
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
diff --git a/policy-f24-contrib.patch b/policy-f24-contrib.patch
index 9c0c683..c00ad2f 100644
--- a/policy-f24-contrib.patch
+++ b/policy-f24-contrib.patch
@@ -31640,10 +31640,10 @@ index 5cd0909..bd3c3d2 100644
+corenet_tcp_connect_glance_registry_port(glance_scrubber_t)
diff --git a/glusterd.fc b/glusterd.fc
new file mode 100644
-index 0000000..cbd6aa4
+index 0000000..52b4110
--- /dev/null
+++ b/glusterd.fc
-@@ -0,0 +1,20 @@
+@@ -0,0 +1,22 @@
+/etc/rc\.d/init\.d/gluster.* -- gen_context(system_u:object_r:glusterd_initrc_exec_t,s0)
+
+/etc/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_conf_t,s0)
@@ -31659,17 +31659,19 @@ index 0000000..cbd6aa4
+/var/lib/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_lib_t,s0)
+
+/var/log/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_log_t,s0)
++/var/log/ganesha.log -- gen_context(system_u:object_r:glusterd_log_t,s0)
+
+/var/run/gluster(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd.* -s gen_context(system_u:object_r:glusterd_var_run_t,s0)
++/var/run/ganesha.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
diff --git a/glusterd.if b/glusterd.if
new file mode 100644
-index 0000000..fc9bf19
+index 0000000..764ae00
--- /dev/null
+++ b/glusterd.if
-@@ -0,0 +1,243 @@
+@@ -0,0 +1,261 @@
+
+## policy for glusterd
+
@@ -31830,6 +31832,24 @@ index 0000000..fc9bf19
+
+######################################
+##
++## Dontaudit Read /var/lib/glusterd files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`glusterd_dontaudit_read_lib_dirs',`
++ gen_require(`
++ type glusterd_var_lib_t;
++ ')
++
++ dontaudit $1 glusterd_var_lib_t:dir list_dir_perms;
++')
++
++######################################
++##
+## Read and write /var/lib/glusterd files.
+##
+##
@@ -31915,10 +31935,10 @@ index 0000000..fc9bf19
+
diff --git a/glusterd.te b/glusterd.te
new file mode 100644
-index 0000000..8e0f5a7
+index 0000000..59e84ca
--- /dev/null
+++ b/glusterd.te
-@@ -0,0 +1,296 @@
+@@ -0,0 +1,295 @@
+policy_module(glusterd, 1.1.3)
+
+##
@@ -32002,10 +32022,8 @@ index 0000000..8e0f5a7
+allow glusterd_t glusterd_tmp_t:dir mounton;
+
+manage_dirs_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+append_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+create_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+setattr_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+logging_log_filetrans(glusterd_t, glusterd_log_t, dir)
++manage_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
++logging_log_filetrans(glusterd_t, glusterd_log_t, { file dir })
+
+manage_dirs_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
+manage_files_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
@@ -32024,6 +32042,7 @@ index 0000000..8e0f5a7
+manage_lnk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+manage_blk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+manage_chr_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
++manage_sock_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+relabel_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+relabel_lnk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+relabel_dirs_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
@@ -45367,7 +45386,7 @@ index dd8e01a..9cd6b0b 100644
##
##
diff --git a/logrotate.te b/logrotate.te
-index be0ab84..3c99496 100644
+index be0ab84..688605e 100644
--- a/logrotate.te
+++ b/logrotate.te
@@ -5,16 +5,22 @@ policy_module(logrotate, 1.15.0)
@@ -45492,7 +45511,7 @@ index be0ab84..3c99496 100644
files_manage_generic_spool(logrotate_t)
files_manage_generic_spool_dirs(logrotate_t)
files_getattr_generic_locks(logrotate_t)
-@@ -95,32 +126,52 @@ mls_process_write_to_clearance(logrotate_t)
+@@ -95,32 +126,54 @@ mls_process_write_to_clearance(logrotate_t)
selinux_get_fs_mount(logrotate_t)
selinux_get_enforce_mode(logrotate_t)
@@ -45523,6 +45542,8 @@ index be0ab84..3c99496 100644
+miscfiles_read_hwdata(logrotate_t)
-userdom_use_user_terminals(logrotate_t)
++term_dontaudit_use_unallocated_ttys(logrotate_t)
++
+userdom_use_inherited_user_terminals(logrotate_t)
userdom_list_user_home_dirs(logrotate_t)
userdom_use_unpriv_users_fds(logrotate_t)
@@ -45551,7 +45572,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -135,16 +186,17 @@ optional_policy(`
+@@ -135,16 +188,17 @@ optional_policy(`
optional_policy(`
apache_read_config(logrotate_t)
@@ -45571,7 +45592,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -170,6 +222,11 @@ optional_policy(`
+@@ -170,6 +224,11 @@ optional_policy(`
')
optional_policy(`
@@ -45583,7 +45604,7 @@ index be0ab84..3c99496 100644
fail2ban_stream_connect(logrotate_t)
')
-@@ -178,7 +235,7 @@ optional_policy(`
+@@ -178,7 +237,7 @@ optional_policy(`
')
optional_policy(`
@@ -45592,7 +45613,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -198,17 +255,18 @@ optional_policy(`
+@@ -198,17 +257,18 @@ optional_policy(`
')
optional_policy(`
@@ -45614,7 +45635,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -216,6 +274,14 @@ optional_policy(`
+@@ -216,6 +276,14 @@ optional_policy(`
')
optional_policy(`
@@ -45629,7 +45650,7 @@ index be0ab84..3c99496 100644
samba_exec_log(logrotate_t)
')
-@@ -228,26 +294,43 @@ optional_policy(`
+@@ -228,26 +296,43 @@ optional_policy(`
')
optional_policy(`
@@ -117618,7 +117639,7 @@ index dd63de0..38ce620 100644
- admin_pattern($1, zabbix_tmpfs_t)
')
diff --git a/zabbix.te b/zabbix.te
-index 7f496c6..b23f29d 100644
+index 7f496c6..fccb7b1 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -6,27 +6,32 @@ policy_module(zabbix, 1.6.0)
@@ -117836,7 +117857,7 @@ index 7f496c6..b23f29d 100644
corenet_sendrecv_zabbix_agent_server_packets(zabbix_agent_t)
corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
-@@ -170,6 +185,26 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
+@@ -170,6 +185,30 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
corenet_tcp_connect_ssh_port(zabbix_agent_t)
corenet_tcp_sendrecv_ssh_port(zabbix_agent_t)
@@ -117856,6 +117877,10 @@ index 7f496c6..b23f29d 100644
+corenet_tcp_connect_pop_port(zabbix_agent_t)
+corenet_tcp_sendrecv_pop_port(zabbix_agent_t)
+
++corenet_sendrecv_postgresql_client_packets(zabbix_agent_t)
++corenet_tcp_connect_postgresql_port(zabbix_agent_t)
++corenet_tcp_sendrecv_postgresql_port(zabbix_agent_t)
++
+corenet_sendrecv_smtp_client_packets(zabbix_agent_t)
+corenet_tcp_connect_smtp_port(zabbix_agent_t)
+corenet_tcp_sendrecv_smtp_port(zabbix_agent_t)
@@ -117863,7 +117888,7 @@ index 7f496c6..b23f29d 100644
corenet_sendrecv_zabbix_client_packets(zabbix_agent_t)
corenet_tcp_connect_zabbix_port(zabbix_agent_t)
corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
-@@ -177,21 +212,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
+@@ -177,21 +216,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
dev_getattr_all_blk_files(zabbix_agent_t)
dev_getattr_all_chr_files(zabbix_agent_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f24e170..679c704 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 186%{?dist}
+Release: 187%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -645,6 +645,11 @@ exit 0
%endif
%changelog
+* Mon May 16 2016 Lukas Vrabec 3.13.1-187
+- Label /var/log/ganesha.log as gluster_log_t Allow glusterd_t domain to create glusterd_log_t files. Label /var/run/ganesha.pid as gluster_var_run_t.
+- Allow zabbix to connect to postgresql port
+- Label /usr/libexec/openssh/sshd-keygen as sshd_keygen_exec_t. BZ(1335149)
+
* Tue May 10 2016 Lukas Vrabec 3.13.1-186
- Revert "Fix for Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed."