diff --git a/Changelog b/Changelog
index 9cf3910..72baf6d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Unconditional staff and user oidentd home config access from Dominick Grift.
 - Conditional mmap_zero support from Dominick Grift.
 - Added devtmpfs support.
 - Dbadm updates from KaiGai Kohei.
diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
index 86644f0..cec5c56 100644
--- a/policy/modules/admin/certwatch.te
+++ b/policy/modules/admin/certwatch.te
@@ -1,4 +1,4 @@
-policy_module(certwatch, 1.5.1)
+policy_module(certwatch, 1.5.2)
 
 ########################################
 #
diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
index fd55ce2..bfda8e9 100644
--- a/policy/modules/admin/firstboot.te
+++ b/policy/modules/admin/firstboot.te
@@ -1,4 +1,4 @@
-policy_module(firstboot, 1.11.1)
+policy_module(firstboot, 1.11.2)
 
 gen_require(`
 	class passwd rootok;
diff --git a/policy/modules/admin/smoltclient.te b/policy/modules/admin/smoltclient.te
index 35f2bb0..f48e9dd 100644
--- a/policy/modules/admin/smoltclient.te
+++ b/policy/modules/admin/smoltclient.te
@@ -1,4 +1,4 @@
-policy_module(smoltclient,1.0.0)
+policy_module(smoltclient, 1.0.1)
 
 ########################################
 #
@@ -18,7 +18,7 @@ files_tmp_file(smoltclient_tmp_t)
 # Local policy
 #
 
-allow smoltclient_t self:process { setsched getsched }; 
+allow smoltclient_t self:process { setsched getsched };
 
 allow smoltclient_t self:fifo_file rw_fifo_file_perms;
 allow smoltclient_t self:tcp_socket create_socket_perms;
diff --git a/policy/modules/apps/awstats.te b/policy/modules/apps/awstats.te
index 31397a3..25b6f5a 100644
--- a/policy/modules/apps/awstats.te
+++ b/policy/modules/apps/awstats.te
@@ -1,4 +1,4 @@
-policy_module(awstats, 1.2.0)
+policy_module(awstats, 1.2.1)
 
 ########################################
 #
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 06b7974..b0d95d4 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -1,4 +1,4 @@
-policy_module(staff, 2.1.1)
+policy_module(staff, 2.1.2)
 
 ########################################
 #
@@ -53,27 +53,40 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mozilla_run_plugin(staff_t, staff_r)
+	auditadm_role_change(staff_r)
 ')
 
 optional_policy(`
-	auditadm_role_change(staff_r)
+	dbadm_role_change(staff_r)
 ')
 
 optional_policy(`
-	dbadm_role_change(staff_r)
+	accountsd_dbus_chat(staff_t)
+	accountsd_read_lib_files(staff_t)
 ')
 
 optional_policy(`
-	logadm_role_change(staff_r)
+	gnomeclock_dbus_chat(staff_t)
 ')
 
 optional_policy(`
-	webadm_role_change(staff_r)
+	firewallgui_dbus_chat(staff_t)
+')
+
+optional_policy(`
+	lpd_list_spool(staff_t)
 ')
 
 optional_policy(`
-	kerneloops_manage_tmp_files(staff_t)
+	kerneloops_dbus_chat(staff_t)
+')
+
+optional_policy(`
+	logadm_role_change(staff_r)
+')
+
+optional_policy(`
+	mozilla_run_plugin(staff_t, staff_r)
 ')
 
 optional_policy(`
@@ -86,15 +99,19 @@ optional_policy(`
 ')
 
 optional_policy(`
-	secadm_role_change(staff_r)
+	rtkit_scheduled(staff_t)
 ')
 
 optional_policy(`
-	unconfined_role_change(staff_r)
+	rpm_dbus_chat(staff_usertype)
 ')
 
 optional_policy(`
-	rtkit_scheduled(staff_t)
+	secadm_role_change(staff_r)
+')
+
+optional_policy(`
+	sandbox_transition(staff_t, staff_r)
 ')
 
 optional_policy(`
@@ -102,6 +119,16 @@ optional_policy(`
 ')
 
 optional_policy(`
+	sysadm_role_change(staff_r)
+	userdom_dontaudit_use_user_terminals(staff_t)
+')
+optional_policy(`
+	setroubleshoot_stream_connect(staff_t)
+	setroubleshoot_dbus_chat(staff_t)
+	setroubleshoot_dbus_chat_fixit(staff_t)
+')
+
+optional_policy(`
 	ssh_role_template(staff, staff_r, staff_t)
 ')
 
@@ -110,12 +137,23 @@ optional_policy(`
 ')
 
 optional_policy(`
-	sysadm_role_change(staff_r)
-	userdom_dontaudit_use_user_terminals(staff_t)
+	telepathy_dbus_session_role(staff_r, staff_t)
 ')
 
 optional_policy(`
-	telepathy_dbus_session_role(staff_r, staff_t)
+	userhelper_console_role_template(staff, staff_r, staff_usertype)
+')
+
+optional_policy(`
+	unconfined_role_change(staff_r)
+')
+
+optional_policy(`
+	virt_stream_connect(staff_t)
+')
+
+optional_policy(`
+	webadm_role_change(staff_r)
 ')
 
 optional_policy(`
@@ -235,46 +273,3 @@ ifndef(`distro_redhat',`
 		wireshark_role(staff_r, staff_t)
 	')
 ')
-
-optional_policy(`
-	accountsd_dbus_chat(staff_t)
-	accountsd_read_lib_files(staff_t)
-')
-
-optional_policy(`
-	gnomeclock_dbus_chat(staff_t)
-')
-
-optional_policy(`
-	firewallgui_dbus_chat(staff_t)
-')
-
-optional_policy(`
-	lpd_list_spool(staff_t)
-')
-
-optional_policy(`
-	kerneloops_dbus_chat(staff_t)
-')
-
-optional_policy(`
-	rpm_dbus_chat(staff_usertype)
-')
-
-optional_policy(`
-	sandbox_transition(staff_t, staff_r)
-')
-
-optional_policy(`
-	setroubleshoot_stream_connect(staff_t)
-	setroubleshoot_dbus_chat(staff_t)
-	setroubleshoot_dbus_chat_fixit(staff_t)
-')
-
-optional_policy(`
-	virt_stream_connect(staff_t)
-')
-
-optional_policy(`
-	userhelper_console_role_template(staff, staff_r, staff_usertype)
-')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index aac3fe1..2932c13 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -1,4 +1,4 @@
-policy_module(unprivuser, 2.1.1)
+policy_module(unprivuser, 2.1.2)
 
 # this module should be named user, but that is
 # a compile error since user is a keyword.
@@ -19,6 +19,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+	oident_manage_user_content(user_t)
+	oident_relabel_user_content(user_t)
+')
+
+optional_policy(`
 	mozilla_run_plugin(user_t, user_r)
 ')
 
@@ -39,11 +44,11 @@ optional_policy(`
 ')
 
 optional_policy(`
-	telepathy_dbus_session_role(user_r, user_t)
+	setroubleshoot_dontaudit_stream_connect(user_t)
 ')
 
 optional_policy(`
-	setroubleshoot_dontaudit_stream_connect(user_t)
+	telepathy_dbus_session_role(user_r, user_t)
 ')
 
 optional_policy(`
@@ -53,7 +58,7 @@ optional_policy(`
 ifndef(`distro_redhat',`
 	optional_policy(`
 		auth_role(user_r, user_t)
-	')		
+	')
 
 	optional_policy(`
 		bluetooth_role(user_r, user_t)
@@ -70,7 +75,7 @@ ifndef(`distro_redhat',`
 	optional_policy(`
 		dbus_role_template(user, user_r, user_t)
 	')
-		
+
 	optional_policy(`
 		evolution_role(user_r, user_t)
 	')
@@ -120,11 +125,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		oident_manage_user_content(user_t)
-		oident_relabel_user_content(user_t)
-	')
-	
-	optional_policy(`
 		postgresql_role(user_r, user_t)
 	')
 
diff --git a/policy/modules/services/amavis.if b/policy/modules/services/amavis.if
index de26af5..ceb2142 100644
--- a/policy/modules/services/amavis.if
+++ b/policy/modules/services/amavis.if
@@ -208,7 +208,7 @@ interface(`amavis_create_pid_files',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an amavis environment
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index 31f4612..c3a1903 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -95,7 +95,7 @@ logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
 manage_dirs_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
 manage_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
 manage_sock_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
-files_pid_filetrans(amavis_t, amavis_var_run_t, { file sock_file dir })
+files_pid_filetrans(amavis_t, amavis_var_run_t, { dir file sock_file })
 
 kernel_read_kernel_sysctls(amavis_t)
 # amavis tries to access /proc/self/stat, /etc/shadow and /root - perl...
diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te
index f31b5c9..3be8b9b 100644
--- a/policy/modules/services/arpwatch.te
+++ b/policy/modules/services/arpwatch.te
@@ -1,4 +1,4 @@
-policy_module(arpwatch, 1.9.0)
+policy_module(arpwatch, 1.9.1)
 
 ########################################
 #
diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te
index b819a47..a0dfd2f 100644
--- a/policy/modules/services/canna.te
+++ b/policy/modules/services/canna.te
@@ -1,4 +1,4 @@
-policy_module(canna, 1.10.0)
+policy_module(canna, 1.10.1)
 
 ########################################
 #
diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if
index f9335fb..fa62787 100644
--- a/policy/modules/services/certmaster.if
+++ b/policy/modules/services/certmaster.if
@@ -20,7 +20,7 @@ interface(`certmaster_domtrans',`
 
 ####################################
 ## <summary>
-##	Execute certmaster.
+##	Execute certmaster in the caller domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -98,7 +98,7 @@ interface(`certmaster_manage_log',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an snort environment
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/services/certmaster.te b/policy/modules/services/certmaster.te
index da60c93..4aef864 100644
--- a/policy/modules/services/certmaster.te
+++ b/policy/modules/services/certmaster.te
@@ -1,4 +1,4 @@
-policy_module(certmaster, 1.1.1)
+policy_module(certmaster, 1.1.2)
 
 ########################################
 #
diff --git a/policy/modules/services/certmonger.te b/policy/modules/services/certmonger.te
index 261a37c..1a65b5e 100644
--- a/policy/modules/services/certmonger.te
+++ b/policy/modules/services/certmonger.te
@@ -1,4 +1,4 @@
-policy_module(certmonger, 1.0.0)
+policy_module(certmonger, 1.0.1)
 
 ########################################
 #
diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if
index efbc8af..9971337 100644
--- a/policy/modules/services/courier.if
+++ b/policy/modules/services/courier.if
@@ -42,6 +42,7 @@ template(`courier_domain_template',`
 	manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
 	manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
+	files_search_pids(courier_$1_t)
 	files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)
 
 	kernel_read_system_state(courier_$1_t)
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index 72901d8..37f4810 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -1,4 +1,4 @@
-policy_module(courier, 1.9.0)
+policy_module(courier, 1.9.1)
 
 ########################################
 #
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
index 0cb9ac9..8bab059 100644
--- a/policy/modules/services/dcc.te
+++ b/policy/modules/services/dcc.te
@@ -1,4 +1,4 @@
-policy_module(dcc, 1.9.0)
+policy_module(dcc, 1.9.1)
 
 ########################################
 #
@@ -233,7 +233,7 @@ files_tmp_filetrans(dccd_t, dccd_tmp_t, { file dir })
 
 manage_dirs_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
 manage_files_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
-files_pid_filetrans(dccd_t, dccd_var_run_t, { file dir })
+files_pid_filetrans(dccd_t, dccd_var_run_t, { dir file })
 
 kernel_read_system_state(dccd_t)
 kernel_read_kernel_sysctls(dccd_t)
diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
index bd97d09..e723266 100644
--- a/policy/modules/services/djbdns.te
+++ b/policy/modules/services/djbdns.te
@@ -1,4 +1,4 @@
-policy_module(djbdns, 1.4.0)
+policy_module(djbdns, 1.4.1)
 
 ########################################
 #
@@ -7,10 +7,11 @@ policy_module(djbdns, 1.4.0)
 
 type djbdns_axfrdns_t;
 type djbdns_axfrdns_exec_t;
-type djbdns_axfrdns_conf_t;
 domain_type(djbdns_axfrdns_t)
 domain_entry_file(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
 role system_r types djbdns_axfrdns_t;
+
+type djbdns_axfrdns_conf_t;
 files_config_file(djbdns_axfrdns_conf_t)
 
 djbdns_daemontools_domain_template(dnscache)
diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
index 5f5b57b..870d101 100644
--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@@ -1,4 +1,4 @@
-policy_module(fetchmail, 1.10.0)
+policy_module(fetchmail, 1.10.1)
 
 ########################################
 #
diff --git a/policy/modules/services/icecast.te b/policy/modules/services/icecast.te
index 4992511..80befb0 100644
--- a/policy/modules/services/icecast.te
+++ b/policy/modules/services/icecast.te
@@ -1,4 +1,4 @@
-policy_module(icecast, 1.0.0)
+policy_module(icecast, 1.0.1)
 
 ########################################
 #
diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te
index b314c0d..34eee5f 100644
--- a/policy/modules/services/nslcd.te
+++ b/policy/modules/services/nslcd.te
@@ -1,4 +1,4 @@
-policy_module(nslcd, 1.1.0)
+policy_module(nslcd, 1.1.1)
 
 ########################################
 #
diff --git a/policy/modules/services/nut.te b/policy/modules/services/nut.te
index 35b9bfa..b40e1e7 100644
--- a/policy/modules/services/nut.te
+++ b/policy/modules/services/nut.te
@@ -1,4 +1,4 @@
-policy_module(nut, 1.1.0)
+policy_module(nut, 1.1.1)
 
 ########################################
 #
@@ -41,7 +41,7 @@ read_files_pattern(nut_upsd_t, nut_conf_t, nut_conf_t)
 manage_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
 manage_dirs_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
 manage_sock_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
-files_pid_filetrans(nut_upsd_t, nut_var_run_t, { file sock_file dir })
+files_pid_filetrans(nut_upsd_t, nut_var_run_t, { dir file sock_file })
 
 kernel_read_kernel_sysctls(nut_upsd_t)
 
diff --git a/policy/modules/services/openct.te b/policy/modules/services/openct.te
index 975deca..78722e7 100644
--- a/policy/modules/services/openct.te
+++ b/policy/modules/services/openct.te
@@ -1,4 +1,4 @@
-policy_module(openct, 1.4.0)
+policy_module(openct, 1.4.1)
 
 ########################################
 #
@@ -23,7 +23,7 @@ allow openct_t self:process signal_perms;
 manage_dirs_pattern(openct_t, openct_var_run_t, openct_var_run_t)
 manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
 manage_sock_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
-files_pid_filetrans(openct_t, openct_var_run_t, { file sock_file dir })
+files_pid_filetrans(openct_t, openct_var_run_t, { dir file sock_file })
 
 kernel_read_kernel_sysctls(openct_t)
 kernel_list_proc(openct_t)
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index da06e9f..3116191 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -1,4 +1,4 @@
-policy_module(pcscd, 1.6.0)
+policy_module(pcscd, 1.6.1)
 
 ########################################
 #
@@ -44,7 +44,6 @@ corenet_tcp_connect_http_port(pcscd_t)
 dev_rw_generic_usb_dev(pcscd_t)
 dev_rw_smartcard(pcscd_t)
 dev_rw_usbfs(pcscd_t)
-dev_list_sysfs(pcscd_t)
 dev_read_sysfs(pcscd_t)
 
 files_read_etc_files(pcscd_t)
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index 0ed1671..4a85c12 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -1,4 +1,4 @@
-policy_module(postgresql, 1.11.0)
+policy_module(postgresql, 1.11.1)
 
 gen_require(`
 	class db_database all_db_database_perms;
@@ -205,7 +205,7 @@ fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file
 manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
 manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
 manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
-files_pid_filetrans(postgresql_t, postgresql_var_run_t, { file dir })
+files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })
 
 kernel_read_kernel_sysctls(postgresql_t)
 kernel_read_system_state(postgresql_t)
@@ -352,7 +352,6 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
 # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
 dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
 
-
 ########################################
 #
 # Rules common to administrator clients
diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te
index afaf453..6e8c3c8 100644
--- a/policy/modules/services/postgrey.te
+++ b/policy/modules/services/postgrey.te
@@ -1,4 +1,4 @@
-policy_module(postgrey, 1.7.0)
+policy_module(postgrey, 1.7.1)
 
 ########################################
 #
@@ -50,7 +50,7 @@ files_var_lib_filetrans(postgrey_t, postgrey_var_lib_t, file)
 manage_dirs_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
 manage_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
 manage_sock_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
-files_pid_filetrans(postgrey_t, postgrey_var_run_t, { file sock_file dir })
+files_pid_filetrans(postgrey_t, postgrey_var_run_t, { dir file sock_file })
 
 kernel_read_system_state(postgrey_t)
 kernel_read_kernel_sysctls(postgrey_t)
diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te
index 3a12d03..7e84587 100644
--- a/policy/modules/services/prelude.te
+++ b/policy/modules/services/prelude.te
@@ -1,4 +1,4 @@
-policy_module(prelude, 1.2.0)
+policy_module(prelude, 1.2.1)
 
 ########################################
 #
diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te
index 2943342..54b3cd3 100644
--- a/policy/modules/services/radvd.te
+++ b/policy/modules/services/radvd.te
@@ -1,4 +1,4 @@
-policy_module(radvd, 1.12.0)
+policy_module(radvd, 1.12.1)
 
 ########################################
 #
@@ -35,7 +35,7 @@ allow radvd_t radvd_etc_t:file read_file_perms;
 
 manage_dirs_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
 manage_files_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
-files_pid_filetrans(radvd_t, radvd_var_run_t, { file dir })
+files_pid_filetrans(radvd_t, radvd_var_run_t, { dir file })
 
 kernel_read_kernel_sysctls(radvd_t)
 kernel_rw_net_sysctls(radvd_t)
diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
index 814a47a..d7f4bd4 100644
--- a/policy/modules/services/snort.te
+++ b/policy/modules/services/snort.te
@@ -1,4 +1,4 @@
-policy_module(snort, 1.9.0)
+policy_module(snort, 1.9.1)
 
 ########################################
 #
diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
index 733250d..7ecb27b 100644
--- a/policy/modules/services/stunnel.te
+++ b/policy/modules/services/stunnel.te
@@ -1,4 +1,4 @@
-policy_module(stunnel, 1.9.0)
+policy_module(stunnel, 1.9.1)
 
 ########################################
 #
@@ -48,7 +48,7 @@ files_tmp_filetrans(stunnel_t, stunnel_tmp_t, { file dir })
 
 manage_dirs_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
 manage_files_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
-files_pid_filetrans(stunnel_t, stunnel_var_run_t, { file dir })
+files_pid_filetrans(stunnel_t, stunnel_var_run_t, { dir file })
 
 kernel_read_kernel_sysctls(stunnel_t)
 kernel_read_system_state(stunnel_t)
diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te
index 2ae7a3d..b8dd21a 100644
--- a/policy/modules/services/zabbix.te
+++ b/policy/modules/services/zabbix.te
@@ -1,4 +1,4 @@
-policy_module(zabbix, 1.2.0)
+policy_module(zabbix, 1.2.1)
 
 ########################################
 #
@@ -37,7 +37,7 @@ logging_log_filetrans(zabbix_t, zabbix_log_t, file)
 # pid file
 manage_dirs_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
 manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
-files_pid_filetrans(zabbix_t, zabbix_var_run_t, { file dir })
+files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file })
 
 files_read_etc_files(zabbix_t)
 
diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te
index 9939bff..c349adc 100644
--- a/policy/modules/services/zebra.te
+++ b/policy/modules/services/zebra.te
@@ -1,4 +1,4 @@
-policy_module(zebra, 1.11.0)
+policy_module(zebra, 1.11.1)
 
 ########################################
 #
@@ -64,7 +64,7 @@ files_tmp_filetrans(zebra_t, zebra_tmp_t, sock_file)
 manage_dirs_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
 manage_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
 manage_sock_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
-files_pid_filetrans(zebra_t, zebra_var_run_t, { file sock_file dir })
+files_pid_filetrans(zebra_t, zebra_var_run_t, { dir file sock_file })
 
 kernel_read_system_state(zebra_t)
 kernel_read_network_state(zebra_t)