diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 7415fc7..b6a118f 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -232022,7 +232022,7 @@ index 4584457..300c3f7 100644
 +        domtrans_pattern($1, mount_ecryptfs_exec_t, mount_ecryptfs_t)
  ')
 diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
-index 6a50270..1e98d92 100644
+index 6a50270..b78f6a9 100644
 --- a/policy/modules/system/mount.te
 +++ b/policy/modules/system/mount.te
 @@ -10,35 +10,60 @@ policy_module(mount, 1.15.1)
@@ -232290,7 +232290,7 @@ index 6a50270..1e98d92 100644
  ')
  
  optional_policy(`
-@@ -186,6 +259,28 @@ optional_policy(`
+@@ -186,6 +259,32 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -232302,6 +232302,10 @@ index 6a50270..1e98d92 100644
 +')
 +
 +optional_policy(`
++	glusterd_domtrans(mount_t)
++')
++
++optional_policy(`
 +	dbus_system_bus_client(mount_t)
 +
 +	optional_policy(`
@@ -232319,7 +232323,7 @@ index 6a50270..1e98d92 100644
  	ifdef(`hide_broken_symptoms',`
  		# for a bug in the X server
  		rhgb_dontaudit_rw_stream_sockets(mount_t)
-@@ -194,24 +289,124 @@ optional_policy(`
+@@ -194,24 +293,124 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -232375,12 +232379,10 @@ index 6a50270..1e98d92 100644
 +optional_policy(`
 +	ssh_exec(mount_t)
 +')
- 
- optional_policy(`
--	files_etc_filetrans_etc_runtime(unconfined_mount_t, file)
--	unconfined_domain(unconfined_mount_t)
++
++optional_policy(`
 +	usbmuxd_stream_connect(mount_t)
- ')
++')
 +
 +optional_policy(`
 +	userhelper_exec_console(mount_t)
@@ -232389,10 +232391,12 @@ index 6a50270..1e98d92 100644
 +optional_policy(`
 +	virt_read_blk_images(mount_t)
 +')
-+
-+optional_policy(`
+ 
+ optional_policy(`
+-	files_etc_filetrans_etc_runtime(unconfined_mount_t, file)
+-	unconfined_domain(unconfined_mount_t)
 +	vmware_exec_host(mount_t)
-+')
+ ')
 +
 +######################################
 +#
@@ -235682,10 +235686,10 @@ index 0000000..a4b0917
 +
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..42af592
+index 0000000..26a2c8a
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,589 @@
+@@ -0,0 +1,590 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -236186,6 +236190,7 @@ index 0000000..42af592
 +
 +init_status(systemd_hostnamed_t)
 +init_read_state(systemd_hostnamed_t)
++init_stream_connect(systemd_hostnamed_t)
 +
 +logging_stream_connect_syslog(systemd_hostnamed_t)
 +
@@ -237646,7 +237651,7 @@ index db75976..65191bd 100644
 +
 +/var/run/user(/.*)?	gen_context(system_u:object_r:user_tmp_t,s0)
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 3c5dba7..f3ab128 100644
+index 3c5dba7..0bb7b4d 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
 @@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -237759,7 +237764,7 @@ index 3c5dba7..f3ab128 100644
 +	files_list_mnt($1_usertype)
 +	files_list_var($1_usertype)
 +	files_read_mnt_files($1_usertype)
-+	files_dontaudit_access_check_mnt($1_usertype)
++	files_dontaudit_all_access_check($1_usertype)
 +	files_read_etc_runtime_files($1_usertype)
 +	files_read_usr_files($1_usertype)
 +	files_read_usr_src_files($1_usertype)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 928c934..42a08f2 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -2055,18 +2055,60 @@ index 6f1384c..e9c715d 100644
  
 diff --git a/antivirus.fc b/antivirus.fc
 new file mode 100644
-index 0000000..e9a09f0
+index 0000000..e44bff0
 --- /dev/null
 +++ b/antivirus.fc
-@@ -0,0 +1 @@
-+/var/opt/f-secure(/.*)?			gen_context(system_u:object_r:antivirus_db_t,s0)
+@@ -0,0 +1,43 @@
++/etc/amavis(d)?\.conf			--	gen_context(system_u:object_r:antivirus_conf_t,s0)
++/etc/amavisd(/.*)?					gen_context(system_u:object_r:antivirus_conf_t,s0)
++
++/etc/rc\.d/init\.d/amavis		--	gen_context(system_u:object_r:antivirus_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/amavisd-snmp	--	gen_context(system_u:object_r:antivirus_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/clamd.*		--	gen_context(system_u:object_r:antivirus_initrc_exec_t,s0)
++
++/usr/lib/systemd/system/clamd.*	--	gen_context(system_u:object_r:antivirus_unit_file_t,s0)
++
++/usr/lib/AntiVir/antivir		--	gen_context(system_u:object_r:antivirus_exec_t,s0)
++
++/usr/sbin/amavisd.*				--	gen_context(system_u:object_r:antivirus_exec_t,s0)
++/usr/bin/clamscan				--	gen_context(system_u:object_r:antivirus_exec_t,s0)
++/usr/bin/clamdscan				--	gen_context(system_u:object_r:antivirus_exec_t,s0)
++/usr/bin/freshclam				--	gen_context(system_u:object_r:antivirus_exec_t,s0)
++
++/usr/sbin/clamd					--	gen_context(system_u:object_r:antivirus_exec_t,s0)
++/usr/sbin/clamav-milter			--	gen_context(system_u:object_r:antivirus_exec_t,s0)
++
++/var/clamav(/.*)?					gen_context(system_u:object_r:antivirus_db_t,s0)
++
++
++/var/amavis(/.*)?					gen_context(system_u:object_r:antivirus_db_t,s0)
++/var/lib/amavis(/.*)?				gen_context(system_u:object_r:antivirus_db_t,s0)
++/var/lib/clamav(/.*)?				gen_context(system_u:object_r:antivirus_db_t,s0)
++/var/lib/clamd.*					gen_context(system_u:object_r:antivirus_db_t,s0)
++/var/opt/f-secure(/.*)?				gen_context(system_u:object_r:antivirus_db_t,s0)
++/var/spool/amavisd(/.*)?			gen_context(system_u:object_r:antivirus_db_t,s0)
++/var/virusmails(/.*)?				gen_context(system_u:object_r:antivirus_db_t,s0)
++
++/var/log/amavisd\.log.* 		--  gen_context(system_u:object_r:antivirus_log_t,s0)
++/var/log/clamav.*   				gen_context(system_u:object_r:antivirus_log_t,s0)
++/var/log/freshclam.*    		--  gen_context(system_u:object_r:antivirus_log_t,s0)
++/var/log/clamav/freshclam.* 	--  gen_context(system_u:object_r:antivirus_log_t,s0)
++/var/log/clamd.*    				gen_context(system_u:object_r:antivirus_log_t,s0)
++
++/var/run/amavis(d)?(/.*)?			gen_context(system_u:object_r:antivirus_var_run_t,s0)
++/var/run/amavisd-snmp-subagent\.pid	--	gen_context(system_u:object_r:antivirus_var_run_t,s0)
++
++/var/run/amavis(d)?/clamd\.pid	--	gen_context(system_u:object_r:antivirus_var_run_t,s0)
++/var/run/clamav.*					gen_context(system_u:object_r:antivirus_var_run_t,s0)
++/var/run/clamd.*					gen_context(system_u:object_r:antivirus_var_run_t,s0)
++
 diff --git a/antivirus.if b/antivirus.if
 new file mode 100644
-index 0000000..fe0cdf0
+index 0000000..3929b7e
 --- /dev/null
 +++ b/antivirus.if
-@@ -0,0 +1,20 @@
-+## <summary>SELinux policy for antivirus programs.</summary>
+@@ -0,0 +1,322 @@
++## <summary>SELinux policy for antivirus programs - amavis, clamd, freshclam and clamscan</summary>
 +
 +######################################
 +## <summary>
@@ -2086,12 +2128,314 @@ index 0000000..fe0cdf0
 +
 +        typeattribute $1 antivirus_domain;
 +')
++
++#######################################
++## <summary>
++##  Execute a domain transition to run antivirus program.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed to transition.
++##  </summary>
++## </param>
++#
++interface(`antivirus_domtrans',`
++    gen_require(`
++        type antivirus_t, antivirus_exec_t;
++    ')
++
++    domtrans_pattern($1, antivirus_exec_t, antivirus_t)
++')
++
++#######################################
++## <summary>
++##  Execute antivirus program without a transition.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_exec',`
++    gen_require(`
++        type antivirus_exec_t;
++    ')
++
++    can_exec($1, antivirus_exec_t)
++')
++
++#######################################
++## <summary>
++##  Connect to run antivirus program.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_stream_connect',`
++    gen_require(`
++        type antivirus_t, antivirus_db_t, antivirus_var_run_t;
++    ')
++
++    files_search_pids($1)
++    stream_connect_pattern($1, antivirus_var_run_t, antivirus_var_run_t, antivirus_t)
++	stream_connect_pattern($1, antivirus_db_t, antivirus_db_t, antivirus_t)
++')
++
++#######################################
++## <summary>
++##  Allow the specified domain to append
++##  to antivirus log files.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_append_log',`
++    gen_require(`
++        type antivirus_log_t;
++    ')
++
++    logging_search_logs($1)
++    allow $1 antivirus_log_t:dir list_dir_perms;
++    append_files_pattern($1, antivirus_log_t, antivirus_log_t)
++')
++
++#######################################
++## <summary>
++##  Read antivirus configuration files.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_read_config',`
++    gen_require(`
++        type antivirus_conf_t;
++    ')
++
++    files_search_etc($1)
++    allow $1 antivirus_conf_t:file read_file_perms;
++')
++
++#######################################
++## <summary>
++##  Search antivirus db content directories.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_search_db',`
++    gen_require(`
++        type antivirus_db_t;
++    ')
++
++    files_search_var_lib($1)
++	files_search_spool($1)
++    allow $1 antivirus_db_t:dir search_dir_perms;
++')
++
++######################################
++## <summary>
++##  Read antivirus db content directories.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_read_db',`
++    gen_require(`
++        type antivirus_db_t;
++    ')
++
++    files_search_var_lib($1)
++    files_search_spool($1)
++	read_files_pattern($1, antivirus_db_t, antivirus_db_t)
++	read_lnk_files_pattern($1, antivirus_db_t, antivirus_db_t)
++')
++
++#####################################
++## <summary>
++##  Read and write antivirus db content directories.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_rw_db',`
++    gen_require(`
++        type antivirus_db_t;
++    ')
++
++    files_search_var_lib($1)
++    files_search_spool($1)
++    write_files_pattern($1, antivirus_db_t, antivirus_db_t)
++')
++
++####################################
++## <summary>
++##  Manage antivirus db content directories.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_manage_db',`
++    gen_require(`
++        type antivirus_db_t;
++    ')
++
++    files_search_var_lib($1)
++    files_search_spool($1)
++    manage_files_pattern($1, antivirus_db_t, antivirus_db_t)
++	manage_dirs_pattern($1, antivirus_db_t, antivirus_db_t)
++')
++
++#######################################
++## <summary>
++##  Manage antivirus pid content.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`antivirus_manage_pid',`
++    gen_require(`
++        type antivirus_var_run_t;
++    ')
++
++    manage_dirs_pattern($1, antivirus_var_run_t, antivirus_var_run_t)
++    manage_files_pattern($1, antivirus_var_run_t, antivirus_var_run_t)
++')
++
++######################################
++## <summary>
++##      Read antivirus state files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`antivirus_read_state_clamd',`
++        gen_require(`
++                type antivirus_t;
++        ')
++
++        kernel_search_proc($1)
++        ps_process_pattern($1, antivirus_t)
++')
++
++######################################
++## <summary>
++##      Execute antivirus server in the antivirus domain.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed to transition.
++##      </summary>
++## </param>
++#
++interface(`antivirus_systemctl',`
++        gen_require(`
++                type antivirus_t;
++                type antivirus_unit_file_t;
++        ')
++
++        systemd_exec_systemctl($1)
++        systemd_read_fifo_file_passwd_run($1)
++        allow $1 antivirus_unit_file_t:file read_file_perms;
++        allow $1 antivirus_unit_file_t:service manage_service_perms;
++
++        ps_process_pattern($1, antivirus_t)
++')
++
++#######################################
++## <summary>
++##  All of the rules required to administrate
++##  an antivirus programs environment
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++## <param name="role">
++##  <summary>
++##  The role to be allowed to manage the clamav domain.
++##  </summary>
++## </param>
++## <rolecap/>
++#
++interface(`antivirus_admin',`
++    gen_require(`
++		attribute antivirus_domain;
++        type antivirus_t, antivirus_conf_t, antivirus_tmp_t;
++        type antivirus_log_t, antivirus_db_t, antivirus_var_run_t;
++        type antivirus_initrc_exec_t, antivirus_unit_file_t;
++    ')
++
++	allow $1 antivirus_t:process signal_perms;
++    ps_process_pattern($1, antivirus_t)
++
++    tunable_policy(`deny_ptrace',`',`
++        allow $1 antivirus_t:process ptrace;
++    ')
++
++    init_labeled_script_domtrans($1, antivirus_initrc_exec_t)
++    domain_system_change_exemption($1)
++    role_transition $2 antivirus_initrc_exec_t system_r;
++    allow $2 system_r;
++
++	antivirus_systemctl($1)
++    admin_pattern($1, antivirus_unit_file_t)
++    allow $1 antivirus_unit_file_t:service all_service_perms;
++
++    files_list_etc($1)
++    admin_pattern($1, antivirus_conf_t)
++
++    files_list_var_lib($1)
++	admin_pattern($1, antivirus_db_t)
++
++    logging_list_logs($1)
++    admin_pattern($1, antivirus_log_t)
++
++    files_list_pids($1)
++    admin_pattern($1, antivirus_var_run_t)
++
++    files_list_tmp($1)
++    admin_pattern($1, antivirus_tmp_t)
++
++    optional_policy(`
++        systemd_passwd_agent_exec($1)
++        systemd_read_fifo_file_passwd_run($1)
++    ')
++')
 diff --git a/antivirus.te b/antivirus.te
 new file mode 100644
-index 0000000..feabdf3
+index 0000000..fa4edf1
 --- /dev/null
 +++ b/antivirus.te
-@@ -0,0 +1,36 @@
+@@ -0,0 +1,243 @@
 +policy_module(antivirus, 1.0.0)
 +
 +########################################
@@ -2106,27 +2450,234 @@ index 0000000..feabdf3
 +## </desc>
 +gen_tunable(antivirus_can_scan_system, false)
 +
++## <desc>
++##  <p>
++##  Determine whether can antivirus programs use JIT compiler.
++##  </p>
++## </desc>
++gen_tunable(antivirus_use_jit, false)
++
 +attribute antivirus_domain;
 +
++type antivirus_t;
++type antivirus_exec_t;
++typeattribute antivirus_t antivirus_domain;
++typealias antivirus_t alias { amavis_t clamd_t clamscan_t freshclam_t } ;
++typealias antivirus_exec_t alias { amavis_exec_t clamd_exec_t clamscan_exec_t freshclam_exec_t };
++init_daemon_domain(antivirus_t, antivirus_exec_t)
++
++type antivirus_initrc_exec_t;
++typealias antivirus_initrc_exec_t alias { clamd_initrc_exec_t amavis_initrc_exec_t };
++init_script_file(antivirus_initrc_exec_t)
++
++type antivirus_unit_file_t;
++typealias antivirus_unit_file_t alias { clamd_unit_file_t };
++systemd_unit_file(antivirus_unit_file_t)
++
++type antivirus_conf_t;
++typealias antivirus_conf_t alias { clamd_etc_t };
++files_config_file(antivirus_conf_t)
++
++type antivirus_var_run_t;
++typealias antivirus_var_run_t alias { amavis_var_run_t clamd_var_run_t clamd_sock_t };
++files_pid_file(antivirus_var_run_t)
++
++type antivirus_log_t;
++typealias antivirus_log_t alias { amavis_var_log_t clamd_var_log_t freshclam_var_log_t };
++logging_log_file(antivirus_log_t)
++
 +type antivirus_db_t;
++typealias antivirus_db_t alias { amavis_var_lib_t amavis_quarantine_t amavis_spool_t clamd_var_lib_t };
 +files_type(antivirus_db_t)
 +
++type antivirus_tmp_t;
++typealias antivirus_tmp_t alias { amavis_tmp_t clamd_tmp_t clamscan_tmp_t };
++files_tmp_file(antivirus_tmp_t)
++
 +########################################
 +#
 +# antivirus domain local policy
 +#
 +
++allow antivirus_domain self:capability { dac_override chown kill setgid setuid };
++dontaudit antivirus_domain self:capability sys_tty_config;
++allow antivirus_domain self:process signal_perms;
++
++allow antivirus_domain self:fifo_file rw_fifo_file_perms;
++allow antivirus_domain self:unix_stream_socket { accept connectto listen };
++allow antivirus_domain self:tcp_socket { listen accept };
++
++allow antivirus_domain antivirus_conf_t:dir list_dir_perms;
++read_files_pattern(antivirus_domain, antivirus_conf_t, antivirus_conf_t)
++read_lnk_files_pattern(antivirus_domain, antivirus_conf_t, antivirus_conf_t)
++
 +manage_files_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
 +manage_dirs_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
++manage_sock_files_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
++
++manage_dirs_pattern(antivirus_domain, antivirus_tmp_t, antivirus_tmp_t)
++manage_files_pattern(antivirus_domain, antivirus_tmp_t, antivirus_tmp_t)
++manage_sock_files_pattern(antivirus_domain, antivirus_tmp_t, antivirus_tmp_t)
++files_tmp_filetrans(antivirus_domain, antivirus_tmp_t, { file dir sock_file } )
++
++allow antivirus_domain antivirus_log_t:dir setattr_dir_perms;
++manage_files_pattern(antivirus_domain, antivirus_log_t, antivirus_log_t)
++manage_sock_files_pattern(antivirus_domain, antivirus_log_t, antivirus_log_t)
++logging_log_filetrans(antivirus_domain, antivirus_log_t, { sock_file file dir })
++
++manage_dirs_pattern(antivirus_domain, antivirus_var_run_t, antivirus_var_run_t)
++manage_files_pattern(antivirus_domain, antivirus_var_run_t, antivirus_var_run_t)
++manage_sock_files_pattern(antivirus_domain, antivirus_var_run_t, antivirus_var_run_t)
++
++can_exec(antivirus_domain, antivirus_exec_t)
++
++kernel_read_kernel_sysctls(antivirus_domain)
++kernel_read_sysctl(antivirus_domain)
++kernel_read_system_state(antivirus_t)
++
++kernel_dontaudit_list_proc(antivirus_domain)
++kernel_dontaudit_read_proc_symlinks(antivirus_domain)
++
++corecmd_exec_bin(antivirus_domain)
++corecmd_exec_shell(antivirus_domain)
++
++corenet_all_recvfrom_netlabel(antivirus_t)
++corenet_tcp_sendrecv_generic_if(antivirus_t)
++corenet_udp_sendrecv_generic_if(antivirus_t)
++corenet_tcp_sendrecv_generic_node(antivirus_domain)
++corenet_udp_sendrecv_generic_node(antivirus_domain)
++corenet_tcp_sendrecv_all_ports(antivirus_domain)
++corenet_udp_sendrecv_all_ports(antivirus_domain)
++corenet_tcp_bind_generic_node(antivirus_domain)
++corenet_udp_bind_generic_node(antivirus_domain)
++
++corenet_sendrecv_amavisd_send_client_packets(antivirus_domain)
++corenet_tcp_connect_amavisd_send_port(antivirus_domain)
++
++corenet_sendrecv_amavisd_recv_server_packets(antivirus_domain)
++corenet_tcp_bind_amavisd_recv_port(antivirus_domain)
++
++corenet_sendrecv_generic_server_packets(antivirus_domain)
++corenet_udp_bind_generic_port(antivirus_domain)
++corenet_dontaudit_udp_bind_all_ports(antivirus_domain)
++
++corenet_sendrecv_razor_client_packets(antivirus_domain)
++corenet_tcp_connect_razor_port(antivirus_domain)
++corenet_tcp_connect_agentx_port(antivirus_domain)
++
++corenet_tcp_connect_clamd_port(antivirus_domain)
++
++corenet_sendrecv_clamd_server_packets(antivirus_domain)
++corenet_tcp_bind_clamd_port(antivirus_domain)
++
++corenet_sendrecv_http_client_packets(antivirus_domain)
++corenet_tcp_connect_http_port(antivirus_domain)
++corenet_tcp_sendrecv_http_port(antivirus_domain)
++
++corenet_sendrecv_squid_client_packets(antivirus_domain)
++corenet_tcp_connect_squid_port(antivirus_domain)
++corenet_tcp_sendrecv_squid_port(antivirus_domain)
++
++dev_read_rand(antivirus_domain)
++dev_read_sysfs(antivirus_domain)
++dev_read_urand(antivirus_domain)
++
++domain_dontaudit_read_all_domains_state(antivirus_domain)
++
++files_read_etc_runtime_files(antivirus_domain)
++files_search_spool(antivirus_domain)
++
++fs_getattr_xattr_fs(antivirus_domain)
++
++auth_use_nsswitch(antivirus_t)
++auth_dontaudit_read_shadow(antivirus_domain)
++
++init_read_state(antivirus_domain)
++init_read_utmp(antivirus_domain)
++init_stream_connect_script(antivirus_domain)
++
++logging_send_syslog_msg(antivirus_t)
++
++miscfiles_read_generic_certs(antivirus_domain)
++
++sysnet_use_ldap(antivirus_domain)
++
++userdom_dontaudit_search_user_home_dirs(antivirus_domain)
++
++tunable_policy(`antivirus_can_scan_system',`
++	files_read_non_security_files(antivirus_domain)
++	files_getattr_all_pipes(antivirus_domain)
++	files_getattr_all_sockets(antivirus_domain)
++')
++
++tunable_policy(`antivirus_use_jit',`
++    allow antivirus_domain self:process execmem;
++    allow antivirus_domain self:process execmem;
++',`
++    dontaudit antivirus_domain self:process execmem;
++    dontaudit antivirus_domain self:process execmem;
++')
 +
 +optional_policy(`
-+	amavis_manage_spool_files(antivirus_domain)
++	apache_read_sys_content(antivirus_domain)
 +')
 +
-+tunable_policy(`antivirus_can_scan_system',`
-+        files_read_non_security_files(antivirus_domain)
-+        files_getattr_all_pipes(antivirus_domain)
-+        files_getattr_all_sockets(antivirus_domain)
++optional_policy(`
++	antivirus_systemctl(antivirus_domain)
++')
++
++optional_policy(`
++	cron_system_entry(antivirus_t, antivirus_exec_t)
++    cron_use_fds(antivirus_domain)
++    cron_use_system_job_fds(antivirus_domain)
++    cron_rw_pipes(antivirus_domain)
++')
++
++optional_policy(`
++    dcc_domtrans_client(antivirus_domain)
++    dcc_stream_connect_dccifd(antivirus_domain)
++')
++
++optional_policy(`
++    exim_read_spool_files(antivirus_domain)
++')
++
++optional_policy(`
++    mta_read_config(antivirus_domain)
++	mta_read_queue(antivirus_domain)
++	mta_send_mail(antivirus_domain)
++')
++
++optional_policy(`
++    nslcd_stream_connect(antivirus_domain)
++')
++
++optional_policy(`
++    postfix_read_config(antivirus_domain)
++    postfix_list_spool(antivirus_domain)
++')
++
++optional_policy(`
++    pyzor_domtrans(antivirus_domain)
++    pyzor_signal(antivirus_domain)
++')
++
++optional_policy(`
++    razor_domtrans(antivirus_domain)
++')
++
++optional_policy(`
++    snmp_manage_var_lib_dirs(antivirus_domain)
++    snmp_manage_var_lib_files(antivirus_domain)
++    snmp_stream_connect(antivirus_domain)
++')
++
++optional_policy(`
++	spamd_stream_connect(clamd_t)
++    spamassassin_exec(antivirus_domain)
++    spamassassin_exec_client(antivirus_domain)
++    spamassassin_read_lib_files(antivirus_domain)
++	spamassassin_read_pid_files(antivirus_domain)
 +')
 diff --git a/apache.fc b/apache.fc
 index 550a69e..d2af19f 100644
@@ -7094,7 +7645,7 @@ index 536ec3c..271b976 100644
 -
 -miscfiles_read_localization(bcfg2_t)
 diff --git a/bind.fc b/bind.fc
-index 2b9a3a1..b5dadee 100644
+index 2b9a3a1..1742ebf 100644
 --- a/bind.fc
 +++ b/bind.fc
 @@ -1,54 +1,71 @@
@@ -7133,7 +7684,7 @@ index 2b9a3a1..b5dadee 100644
 +/usr/sbin/r?ndc		--	gen_context(system_u:object_r:ndc_exec_t,s0)
  /usr/sbin/unbound	--	gen_context(system_u:object_r:named_exec_t,s0)
 +/usr/sbin/unbound-anchor --	gen_context(system_u:object_r:named_exec_t,s0)
-+/usr/sbin/unbound-chkconf --	gen_context(system_u:object_r:named_exec_t,s0)
++/usr/sbin/unbound-checkconf --	gen_context(system_u:object_r:named_exec_t,s0)
  
 -/var/bind(/.*)?	gen_context(system_u:object_r:named_cache_t,s0)
 -/var/bind/pri(/.*)?	gen_context(system_u:object_r:named_zone_t,s0)
@@ -13750,7 +14301,7 @@ index 1303b30..058864e 100644
 +    logging_log_filetrans($1, cron_log_t, $2, $3)
  ')
 diff --git a/cron.te b/cron.te
-index 28e1b86..cb96ffb 100644
+index 28e1b86..69722fa 100644
 --- a/cron.te
 +++ b/cron.te
 @@ -1,4 +1,4 @@
@@ -14192,7 +14743,7 @@ index 28e1b86..cb96ffb 100644
  
  optional_policy(`
 -	hal_write_log(crond_t)
-+	amavis_search_lib(crond_t)
++	antivirus_search_db(crond_t)
  ')
  
  optional_policy(`
@@ -17003,7 +17554,7 @@ index a5c21e0..4639421 100644
  	stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
  ')
 diff --git a/dcc.te b/dcc.te
-index 15d908f..27463a3 100644
+index 15d908f..147dd14 100644
 --- a/dcc.te
 +++ b/dcc.te
 @@ -45,7 +45,7 @@ type dcc_var_t;
@@ -17050,7 +17601,7 @@ index 15d908f..27463a3 100644
  files_read_etc_runtime_files(dcc_client_t)
  
  fs_getattr_all_fs(dcc_client_t)
-@@ -131,9 +140,7 @@ auth_use_nsswitch(dcc_client_t)
+@@ -131,12 +140,10 @@ auth_use_nsswitch(dcc_client_t)
  
  logging_send_syslog_msg(dcc_client_t)
  
@@ -17060,7 +17611,11 @@ index 15d908f..27463a3 100644
 +userdom_use_inherited_user_terminals(dcc_client_t)
  
  optional_policy(`
- 	amavis_read_spool_files(dcc_client_t)
+-	amavis_read_spool_files(dcc_client_t)
++	antivirus_read_db(dcc_client_t)
+ ')
+ 
+ optional_policy(`
 @@ -160,15 +167,18 @@ manage_lnk_files_pattern(dcc_dbclean_t, dcc_var_t, dcc_var_t)
  
  kernel_read_system_state(dcc_dbclean_t)
@@ -20720,7 +21275,7 @@ index 6041113..ef3b449 100644
  	role_transition $2 exim_initrc_exec_t system_r;
  	allow $2 system_r;
 diff --git a/exim.te b/exim.te
-index 19325ce..c41cedc 100644
+index 19325ce..5957aad 100644
 --- a/exim.te
 +++ b/exim.te
 @@ -49,7 +49,7 @@ type exim_log_t;
@@ -20766,6 +21321,17 @@ index 19325ce..c41cedc 100644
  ')
  
  tunable_policy(`exim_read_user_files',`
+@@ -170,8 +168,8 @@ tunable_policy(`exim_manage_user_files',`
+ ')
+ 
+ optional_policy(`
+-	clamav_domtrans_clamscan(exim_t)
+-	clamav_stream_connect(exim_t)
++	antivirus_domtrans(exim_t)
++	antivirus_stream_connect(exim_t)
+ ')
+ 
+ optional_policy(`
 @@ -218,6 +216,7 @@ optional_policy(`
  
  optional_policy(`
@@ -24940,7 +25506,7 @@ index d03fd43..f73c152 100644
 +    type_transition $1 gkeyringd_exec_t:process $2;
  ')
 diff --git a/gnome.te b/gnome.te
-index 20f726b..dde0180 100644
+index 20f726b..ac1375b 100644
 --- a/gnome.te
 +++ b/gnome.te
 @@ -1,18 +1,36 @@
@@ -25134,7 +25700,7 @@ index 20f726b..dde0180 100644
 +# gnome-system-monitor-mechanisms local policy
 +#
 +
-+allow gnomesystemmm_t self:capability sys_nice;
++allow gnomesystemmm_t self:capability { sys_admin sys_nice };
 +allow gnomesystemmm_t self:fifo_file rw_fifo_file_perms;
 +
 +rw_files_pattern(gnomesystemmm_t, config_usr_t, config_usr_t)
@@ -25782,7 +26348,7 @@ index 180f1b7..951b790 100644
 +	userdom_user_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg")
 +')
 diff --git a/gpg.te b/gpg.te
-index 44cf341..74366a2 100644
+index 44cf341..c47fa5f 100644
 --- a/gpg.te
 +++ b/gpg.te
 @@ -1,47 +1,47 @@
@@ -26081,7 +26647,7 @@ index 44cf341..74366a2 100644
  
  tunable_policy(`use_nfs_home_dirs',`
  	fs_dontaudit_rw_nfs_files(gpg_helper_t)
-@@ -207,29 +224,33 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -207,29 +224,35 @@ tunable_policy(`use_samba_home_dirs',`
  
  ########################################
  #
@@ -26112,17 +26678,18 @@ index 44cf341..74366a2 100644
 -filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "log-socket")
 -
 -domtrans_pattern(gpg_agent_t, pinentry_exec_t, gpg_pinentry_t)
--
--kernel_dontaudit_search_sysctl(gpg_agent_t)
 +# allow gpg to connect to the gpg agent
 +stream_connect_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
  
+-kernel_dontaudit_search_sysctl(gpg_agent_t)
++kernel_read_system_state(gpg_agent_t)
+ 
 +corecmd_read_bin_symlinks(gpg_agent_t)
 +corecmd_search_bin(gpg_agent_t)
  corecmd_exec_shell(gpg_agent_t)
  
  dev_read_rand(gpg_agent_t)
-@@ -239,32 +260,27 @@ domain_use_interactive_fds(gpg_agent_t)
+@@ -239,31 +262,30 @@ domain_use_interactive_fds(gpg_agent_t)
  
  fs_dontaudit_list_inotifyfs(gpg_agent_t)
  
@@ -26147,24 +26714,25 @@ index 44cf341..74366a2 100644
  	userdom_manage_user_home_content_dirs(gpg_agent_t)
  	userdom_manage_user_home_content_files(gpg_agent_t)
 -	userdom_user_home_dir_filetrans_user_home_content(gpg_agent_t, file)
--')
--
+ ')
+ 
 -tunable_policy(`use_nfs_home_dirs',`
 -	fs_manage_nfs_dirs(gpg_agent_t)
 -	fs_manage_nfs_files(gpg_agent_t)
 -	fs_manage_nfs_symlinks(gpg_agent_t)
- ')
+-')
++userdom_home_manager(gpg_agent_t)
  
 -tunable_policy(`use_samba_home_dirs',`
 -	fs_manage_cifs_dirs(gpg_agent_t)
 -	fs_manage_cifs_files(gpg_agent_t)
 -	fs_manage_cifs_symlinks(gpg_agent_t)
--')
-+userdom_home_manager(gpg_agent_t)
++optional_policy(`
++	gnome_manage_config(gpg_agent_t)
+ ')
  
  optional_policy(`
- 	mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
-@@ -277,8 +293,17 @@ optional_policy(`
+@@ -277,8 +299,17 @@ optional_policy(`
  
  allow gpg_pinentry_t self:process { getcap getsched setsched signal };
  allow gpg_pinentry_t self:fifo_file rw_fifo_file_perms;
@@ -26183,7 +26751,7 @@ index 44cf341..74366a2 100644
  
  manage_sock_files_pattern(gpg_pinentry_t, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
  userdom_user_tmp_filetrans(gpg_pinentry_t, gpg_pinentry_tmp_t, sock_file)
-@@ -287,53 +312,89 @@ manage_dirs_pattern(gpg_pinentry_t, gpg_pinentry_tmpfs_t, gpg_pinentry_tmpfs_t)
+@@ -287,53 +318,89 @@ manage_dirs_pattern(gpg_pinentry_t, gpg_pinentry_tmpfs_t, gpg_pinentry_tmpfs_t)
  manage_files_pattern(gpg_pinentry_t, gpg_pinentry_tmpfs_t, gpg_pinentry_tmpfs_t)
  fs_tmpfs_filetrans(gpg_pinentry_t, gpg_pinentry_tmpfs_t, { file dir })
  
@@ -32514,7 +33082,7 @@ index 0293f34..bd1d48e 100644
 +	files_list_pids($1)
  ')
 diff --git a/mailscanner.te b/mailscanner.te
-index 725ba32..f0ceff1 100644
+index 725ba32..cec64d0 100644
 --- a/mailscanner.te
 +++ b/mailscanner.te
 @@ -34,6 +34,7 @@ allow mscan_t self:process signal;
@@ -32540,8 +33108,9 @@ index 725ba32..f0ceff1 100644
 -miscfiles_read_localization(mscan_t)
 -
  optional_policy(`
- 	clamav_domtrans_clamscan(mscan_t)
-+	clamav_manage_clamd_pid(mscan_t)
+-	clamav_domtrans_clamscan(mscan_t)
++	antivirus_domtrans(mscan_t)
++	antivirus_manage_pid(mscan_t)
  ')
  
  optional_policy(`
@@ -35319,7 +35888,7 @@ index 6194b80..84438b1 100644
  ')
 +
 diff --git a/mozilla.te b/mozilla.te
-index 6a306ee..b745274 100644
+index 6a306ee..01a5114 100644
 --- a/mozilla.te
 +++ b/mozilla.te
 @@ -1,4 +1,4 @@
@@ -36127,7 +36696,7 @@ index 6a306ee..b745274 100644
  ')
  
  optional_policy(`
-@@ -568,108 +536,100 @@ optional_policy(`
+@@ -568,108 +536,103 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -36159,12 +36728,12 @@ index 6a306ee..b745274 100644
 -allow mozilla_plugin_config_t mozilla_plugin_rw_t:dir manage_dir_perms;
 -allow mozilla_plugin_config_t mozilla_plugin_rw_t:file manage_file_perms;
 -allow mozilla_plugin_config_t mozilla_plugin_rw_t:lnk_file manage_lnk_file_perms;
--
++allow mozilla_plugin_config_t self:process { setsched signal_perms getsched execmem execstack };
+ 
 -manage_dirs_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
 -manage_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
 -manage_lnk_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
-+allow mozilla_plugin_config_t self:process { setsched signal_perms getsched execmem execstack };
- 
+-
 -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".galeon")
 -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".mozilla")
 -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".netscape")
@@ -36242,10 +36811,10 @@ index 6a306ee..b745274 100644
 +userdom_dontaudit_write_all_user_tmp_content_files(mozilla_plugin_config_t)
  
 -userdom_use_user_ptys(mozilla_plugin_config_t)
--
--mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
 +domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_t)
  
+-mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
+-
 -tunable_policy(`allow_execmem',`
 -	allow mozilla_plugin_config_t self:process execmem;
 -')
@@ -36277,11 +36846,15 @@ index 6a306ee..b745274 100644
 +	typealias mozilla_plugin_config_t  alias nsplugin_config_t;
 +	typealias mozilla_plugin_config_exec_t  alias nsplugin_config_exec_t;
  ')
- 
+-
 -optional_policy(`
 -	automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
++userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, { dir file })
++userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, file)
 +tunable_policy(`mozilla_plugin_enable_homedirs',`
 +	userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, { dir file })
++', `
++   userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, dir)
  ')
  
 -optional_policy(`
@@ -37650,7 +38223,7 @@ index ed81cac..7d1522c 100644
 +	mta_filetrans_admin_home_content($1)
 +')
 diff --git a/mta.te b/mta.te
-index afd2fad..b2abfca 100644
+index afd2fad..af79d2b 100644
 --- a/mta.te
 +++ b/mta.te
 @@ -1,4 +1,4 @@
@@ -38237,8 +38810,8 @@ index afd2fad..b2abfca 100644
 +')
 +
 +optional_policy(`
-+	clamav_stream_connect(user_mail_domain)
-+	clamav_stream_connect(mta_user_agent)
++	antivirus_stream_connect(user_mail_domain)
++	antivirus_stream_connect(mta_user_agent)
 +')
 diff --git a/munin.fc b/munin.fc
 index eb4b72a..4968324 100644
@@ -40984,7 +41557,7 @@ index 0e8508c..96dbf6f 100644
 +	files_etc_filetrans($1, NetworkManager_var_lib_t, file, "wireed-settings.conf")
  ')
 diff --git a/networkmanager.te b/networkmanager.te
-index 0b48a30..1dc0c55 100644
+index 0b48a30..da4eebb 100644
 --- a/networkmanager.te
 +++ b/networkmanager.te
 @@ -1,4 +1,4 @@
@@ -41015,7 +41588,7 @@ index 0b48a30..1dc0c55 100644
  type NetworkManager_log_t;
  logging_log_file(NetworkManager_log_t)
  
-@@ -39,24 +42,40 @@ init_system_domain(wpa_cli_t, wpa_cli_exec_t)
+@@ -39,24 +42,41 @@ init_system_domain(wpa_cli_t, wpa_cli_exec_t)
  # Local policy
  #
  
@@ -41049,6 +41622,7 @@ index 0b48a30..1dc0c55 100644
  allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom relabelto };
 +allow NetworkManager_t self:udp_socket create_socket_perms;
  allow NetworkManager_t self:packet_socket create_socket_perms;
++allow NetworkManager_t self:rawip_socket create_socket_perms;
  
  allow NetworkManager_t wpa_cli_t:unix_dgram_socket sendto;
  
@@ -41065,7 +41639,7 @@ index 0b48a30..1dc0c55 100644
  
  manage_dirs_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
  manage_files_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
-@@ -68,6 +87,7 @@ create_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_
+@@ -68,6 +88,7 @@ create_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_
  setattr_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
  logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
  
@@ -41073,7 +41647,7 @@ index 0b48a30..1dc0c55 100644
  manage_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
  manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
  files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
-@@ -81,9 +101,6 @@ manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_
+@@ -81,9 +102,6 @@ manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_
  manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
  files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
  
@@ -41083,7 +41657,7 @@ index 0b48a30..1dc0c55 100644
  kernel_read_system_state(NetworkManager_t)
  kernel_read_network_state(NetworkManager_t)
  kernel_read_kernel_sysctls(NetworkManager_t)
-@@ -91,7 +108,6 @@ kernel_request_load_module(NetworkManager_t)
+@@ -91,7 +109,6 @@ kernel_request_load_module(NetworkManager_t)
  kernel_read_debugfs(NetworkManager_t)
  kernel_rw_net_sysctls(NetworkManager_t)
  
@@ -41091,7 +41665,7 @@ index 0b48a30..1dc0c55 100644
  corenet_all_recvfrom_netlabel(NetworkManager_t)
  corenet_tcp_sendrecv_generic_if(NetworkManager_t)
  corenet_udp_sendrecv_generic_if(NetworkManager_t)
-@@ -102,22 +118,15 @@ corenet_raw_sendrecv_generic_node(NetworkManager_t)
+@@ -102,22 +119,15 @@ corenet_raw_sendrecv_generic_node(NetworkManager_t)
  corenet_tcp_sendrecv_all_ports(NetworkManager_t)
  corenet_udp_sendrecv_all_ports(NetworkManager_t)
  corenet_udp_bind_generic_node(NetworkManager_t)
@@ -41117,7 +41691,7 @@ index 0b48a30..1dc0c55 100644
  dev_rw_sysfs(NetworkManager_t)
  dev_read_rand(NetworkManager_t)
  dev_read_urand(NetworkManager_t)
-@@ -125,13 +134,6 @@ dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
+@@ -125,13 +135,6 @@ dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
  dev_getattr_all_chr_files(NetworkManager_t)
  dev_rw_wireless(NetworkManager_t)
  
@@ -41131,7 +41705,7 @@ index 0b48a30..1dc0c55 100644
  fs_getattr_all_fs(NetworkManager_t)
  fs_search_auto_mountpoints(NetworkManager_t)
  fs_list_inotifyfs(NetworkManager_t)
-@@ -140,6 +142,16 @@ mls_file_read_all_levels(NetworkManager_t)
+@@ -140,6 +143,16 @@ mls_file_read_all_levels(NetworkManager_t)
  
  selinux_dontaudit_search_fs(NetworkManager_t)
  
@@ -41148,7 +41722,7 @@ index 0b48a30..1dc0c55 100644
  storage_getattr_fixed_disk_dev(NetworkManager_t)
  
  init_read_utmp(NetworkManager_t)
-@@ -148,10 +160,11 @@ init_domtrans_script(NetworkManager_t)
+@@ -148,10 +161,11 @@ init_domtrans_script(NetworkManager_t)
  
  auth_use_nsswitch(NetworkManager_t)
  
@@ -41161,7 +41735,7 @@ index 0b48a30..1dc0c55 100644
  
  seutil_read_config(NetworkManager_t)
  
-@@ -166,21 +179,32 @@ sysnet_kill_dhcpc(NetworkManager_t)
+@@ -166,21 +180,32 @@ sysnet_kill_dhcpc(NetworkManager_t)
  sysnet_read_dhcpc_state(NetworkManager_t)
  sysnet_delete_dhcpc_state(NetworkManager_t)
  sysnet_search_dhcp_state(NetworkManager_t)
@@ -41198,7 +41772,7 @@ index 0b48a30..1dc0c55 100644
  ')
  
  optional_policy(`
-@@ -196,10 +220,6 @@ optional_policy(`
+@@ -196,10 +221,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -41209,7 +41783,7 @@ index 0b48a30..1dc0c55 100644
  	consoletype_exec(NetworkManager_t)
  ')
  
-@@ -210,16 +230,11 @@ optional_policy(`
+@@ -210,16 +231,11 @@ optional_policy(`
  optional_policy(`
  	dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
  
@@ -41228,7 +41802,7 @@ index 0b48a30..1dc0c55 100644
  	')
  ')
  
-@@ -231,18 +246,19 @@ optional_policy(`
+@@ -231,18 +247,19 @@ optional_policy(`
  	dnsmasq_kill(NetworkManager_t)
  	dnsmasq_signal(NetworkManager_t)
  	dnsmasq_signull(NetworkManager_t)
@@ -41251,7 +41825,7 @@ index 0b48a30..1dc0c55 100644
  ')
  
  optional_policy(`
-@@ -257,11 +273,7 @@ optional_policy(`
+@@ -257,11 +274,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -41264,7 +41838,7 @@ index 0b48a30..1dc0c55 100644
  ')
  
  optional_policy(`
-@@ -274,10 +286,17 @@ optional_policy(`
+@@ -274,10 +287,17 @@ optional_policy(`
  	nscd_signull(NetworkManager_t)
  	nscd_kill(NetworkManager_t)
  	nscd_initrc_domtrans(NetworkManager_t)
@@ -41282,7 +41856,7 @@ index 0b48a30..1dc0c55 100644
  ')
  
  optional_policy(`
-@@ -289,6 +308,7 @@ optional_policy(`
+@@ -289,6 +309,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -41290,7 +41864,7 @@ index 0b48a30..1dc0c55 100644
  	policykit_domtrans_auth(NetworkManager_t)
  	policykit_read_lib(NetworkManager_t)
  	policykit_read_reload(NetworkManager_t)
-@@ -296,7 +316,7 @@ optional_policy(`
+@@ -296,7 +317,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -41299,7 +41873,7 @@ index 0b48a30..1dc0c55 100644
  ')
  
  optional_policy(`
-@@ -307,6 +327,7 @@ optional_policy(`
+@@ -307,6 +328,7 @@ optional_policy(`
  	ppp_signal(NetworkManager_t)
  	ppp_signull(NetworkManager_t)
  	ppp_read_config(NetworkManager_t)
@@ -41307,7 +41881,7 @@ index 0b48a30..1dc0c55 100644
  ')
  
  optional_policy(`
-@@ -320,13 +341,14 @@ optional_policy(`
+@@ -320,13 +342,14 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -41326,7 +41900,7 @@ index 0b48a30..1dc0c55 100644
  ')
  
  optional_policy(`
-@@ -356,6 +378,5 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
+@@ -356,6 +379,5 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
  init_dontaudit_use_fds(wpa_cli_t)
  init_use_script_ptys(wpa_cli_t)
  
@@ -45151,7 +45725,7 @@ index 8635ea2..6012235 100644
 +	obex_dbus_chat($2)
  ')
 diff --git a/obex.te b/obex.te
-index cd29ea8..1a7e853 100644
+index cd29ea8..efbf8f8 100644
 --- a/obex.te
 +++ b/obex.te
 @@ -1,4 +1,4 @@
@@ -45160,7 +45734,7 @@ index cd29ea8..1a7e853 100644
  
  ########################################
  #
-@@ -14,7 +14,7 @@ role obex_roles types obex_t;
+@@ -14,30 +14,25 @@ role obex_roles types obex_t;
  
  ########################################
  #
@@ -45169,12 +45743,14 @@ index cd29ea8..1a7e853 100644
  #
  
  allow obex_t self:fifo_file rw_fifo_file_perms;
-@@ -22,22 +22,15 @@ allow obex_t self:socket create_stream_socket_perms;
+ allow obex_t self:socket create_stream_socket_perms;
  
- dev_read_urand(obex_t)
+-dev_read_urand(obex_t)
++kernel_request_load_module(obex_t)
  
 -files_read_etc_files(obex_t)
--
++dev_read_urand(obex_t)
+ 
  logging_send_syslog_msg(obex_t)
  
 -miscfiles_read_localization(obex_t)
@@ -52510,7 +53086,7 @@ index 2e23946..41da729 100644
 +	postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch")
  ')
 diff --git a/postfix.te b/postfix.te
-index 191a66f..0a90ce1 100644
+index 191a66f..2178086 100644
 --- a/postfix.te
 +++ b/postfix.te
 @@ -1,4 +1,4 @@
@@ -52931,7 +53507,7 @@ index 191a66f..0a90ce1 100644
  
  mta_read_aliases(postfix_cleanup_t)
  
-@@ -393,29 +288,45 @@ optional_policy(`
+@@ -393,36 +288,53 @@ optional_policy(`
  
  ########################################
  #
@@ -52983,11 +53559,13 @@ index 191a66f..0a90ce1 100644
  tunable_policy(`postfix_local_write_mail_spool',`
  	mta_manage_spool(postfix_local_t)
  ')
-@@ -423,6 +334,7 @@ tunable_policy(`postfix_local_write_mail_spool',`
+ 
  optional_policy(`
- 	clamav_search_lib(postfix_local_t)
- 	clamav_exec_clamscan(postfix_local_t)
-+	clamav_stream_connect(postfix_domain)
+-	clamav_search_lib(postfix_local_t)
+-	clamav_exec_clamscan(postfix_local_t)
++	antivirus_search_db(postfix_local_t)
++	antivirus_exec(postfix_local_t)
++	antivirus_stream_connect(postfix_domain)
  ')
  
  optional_policy(`
@@ -55288,7 +55866,7 @@ index 00edeab..166e9c3 100644
 +	read_files_pattern($1, procmail_home_t, procmail_home_t)
  ')
 diff --git a/procmail.te b/procmail.te
-index d447152..543fa5c 100644
+index d447152..c166238 100644
 --- a/procmail.te
 +++ b/procmail.te
 @@ -1,4 +1,4 @@
@@ -55323,7 +55901,7 @@ index d447152..543fa5c 100644
  allow procmail_t procmail_log_t:dir setattr_dir_perms;
  create_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
  append_files_pattern(procmail_t, procmail_log_t, procmail_log_t)
-@@ -40,56 +44,68 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
+@@ -40,59 +44,71 @@ logging_log_filetrans(procmail_t, procmail_log_t, { file dir })
  allow procmail_t procmail_tmp_t:file manage_file_perms;
  files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
  
@@ -55415,8 +55993,13 @@ index d447152..543fa5c 100644
 +userdom_home_manager(procmail_t)
 +
  optional_policy(`
- 	clamav_domtrans_clamscan(procmail_t)
- 	clamav_search_lib(procmail_t)
+-	clamav_domtrans_clamscan(procmail_t)
+-	clamav_search_lib(procmail_t)
++	antivirus_domtrans(procmail_t)
++	antivirus_search_db(procmail_t)
+ ')
+ 
+ optional_policy(`
 @@ -100,12 +116,7 @@ optional_policy(`
  ')
  
@@ -57651,7 +58234,7 @@ index 593c03d..2c411af 100644
 +	admin_pattern($1, pyzor_var_lib_t)
  ')
 diff --git a/pyzor.te b/pyzor.te
-index 6c456d2..f7bf36e 100644
+index 6c456d2..86daaba 100644
 --- a/pyzor.te
 +++ b/pyzor.te
 @@ -1,61 +1,82 @@
@@ -57778,7 +58361,7 @@ index 6c456d2..f7bf36e 100644
  
  manage_files_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
  manage_dirs_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
-@@ -67,37 +88,25 @@ kernel_read_system_state(pyzor_t)
+@@ -67,41 +88,28 @@ kernel_read_system_state(pyzor_t)
  corecmd_list_bin(pyzor_t)
  corecmd_getattr_bin_files(pyzor_t)
  
@@ -57822,8 +58405,13 @@ index 6c456d2..f7bf36e 100644
 +userdom_dontaudit_search_user_home_dirs(pyzor_t)
  
  optional_policy(`
- 	amavis_manage_lib_files(pyzor_t)
-@@ -111,25 +120,24 @@ optional_policy(`
+-	amavis_manage_lib_files(pyzor_t)
+-	amavis_manage_spool_files(pyzor_t)
++	antivirus_manage_db(pyzor_t)
+ ')
+ 
+ optional_policy(`
+@@ -111,25 +119,24 @@ optional_policy(`
  
  ########################################
  #
@@ -57857,7 +58445,7 @@ index 6c456d2..f7bf36e 100644
  kernel_read_kernel_sysctls(pyzord_t)
  kernel_read_system_state(pyzord_t)
  
-@@ -137,24 +145,25 @@ dev_read_urand(pyzord_t)
+@@ -137,24 +144,25 @@ dev_read_urand(pyzord_t)
  
  corecmd_exec_bin(pyzord_t)
  
@@ -64933,10 +65521,10 @@ index c49828c..a323332 100644
  sysnet_dns_name_resolve(rpcbind_t)
  
 diff --git a/rpm.fc b/rpm.fc
-index ebe91fc..3916381 100644
+index ebe91fc..9e96a5c 100644
 --- a/rpm.fc
 +++ b/rpm.fc
-@@ -1,61 +1,65 @@
+@@ -1,61 +1,66 @@
 -/bin/rpm	--	gen_context(system_u:object_r:rpm_exec_t,s0)
  
 -/etc/rc\.d/init\.d/bcfg2	--	gen_context(system_u:object_r:rpm_initrc_exec_t,s0)
@@ -65014,6 +65602,7 @@ index ebe91fc..3916381 100644
 +
 +/var/cache/PackageKit(/.*)?		gen_context(system_u:object_r:rpm_var_cache_t,s0)
 +/var/cache/yum(/.*)?			gen_context(system_u:object_r:rpm_var_cache_t,s0)
++/var/cache/dnf(/.*)?			gen_context(system_u:object_r:rpm_var_cache_t,s0)
  
 -/var/lock/bcfg2\.run	--	gen_context(system_u:object_r:rpm_lock_t,s0)
 +/var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
@@ -71324,7 +71913,7 @@ index 88e753f..ca74cd9 100644
 +	admin_pattern($1, mail_spool_t)
  ')
 diff --git a/sendmail.te b/sendmail.te
-index 5f35d78..c2eb07e 100644
+index 5f35d78..7bffa0b 100644
 --- a/sendmail.te
 +++ b/sendmail.te
 @@ -1,18 +1,10 @@
@@ -71480,6 +72069,17 @@ index 5f35d78..c2eb07e 100644
  ')
  
  optional_policy(`
+@@ -129,8 +122,8 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
+-	clamav_search_lib(sendmail_t)
+-	clamav_stream_connect(sendmail_t)
++	antivirus_search_db(sendmail_t)
++	antivirus_stream_connect(sendmail_t)
+ ')
+ 
+ optional_policy(`
 @@ -166,6 +159,11 @@ optional_policy(`
  ')
  
@@ -74081,7 +74681,7 @@ index 1499b0b..82fc7f6 100644
 -	spamassassin_role($2, $1)
  ')
 diff --git a/spamassassin.te b/spamassassin.te
-index 4faa7e0..c7f47b3 100644
+index 4faa7e0..258b449 100644
 --- a/spamassassin.te
 +++ b/spamassassin.te
 @@ -1,4 +1,4 @@
@@ -74492,14 +75092,14 @@ index 4faa7e0..c7f47b3 100644
  logging_send_syslog_msg(spamc_t)
  
 -miscfiles_read_localization(spamc_t)
-+auth_use_nsswitch(spamc_t)
- 
+-
 -tunable_policy(`use_nfs_home_dirs',`
 -	fs_manage_nfs_dirs(spamc_t)
 -	fs_manage_nfs_files(spamc_t)
 -	fs_manage_nfs_symlinks(spamc_t)
 -')
--
++auth_use_nsswitch(spamc_t)
+ 
 -tunable_policy(`use_samba_home_dirs',`
 -	fs_manage_cifs_dirs(spamc_t)
 -	fs_manage_cifs_files(spamc_t)
@@ -74622,7 +75222,7 @@ index 4faa7e0..c7f47b3 100644
  corenet_all_recvfrom_netlabel(spamd_t)
  corenet_tcp_sendrecv_generic_if(spamd_t)
  corenet_udp_sendrecv_generic_if(spamd_t)
-@@ -331,78 +432,61 @@ corenet_udp_sendrecv_generic_node(spamd_t)
+@@ -331,78 +432,58 @@ corenet_udp_sendrecv_generic_node(spamd_t)
  corenet_tcp_sendrecv_all_ports(spamd_t)
  corenet_udp_sendrecv_all_ports(spamd_t)
  corenet_tcp_bind_generic_node(spamd_t)
@@ -74691,9 +75291,7 @@ index 4faa7e0..c7f47b3 100644
 -sysnet_use_ldap(spamd_t)
 -
  userdom_use_unpriv_users_fds(spamd_t)
-+userdom_search_user_home_dirs(spamd_t)
-+userdom_home_manager(spamd_t)
- 
+-
 -tunable_policy(`spamd_enable_home_dirs',`
 -	userdom_manage_user_home_content_dirs(spamd_t)
 -	userdom_manage_user_home_content_files(spamd_t)
@@ -74710,23 +75308,24 @@ index 4faa7e0..c7f47b3 100644
 -	fs_manage_cifs_dirs(spamd_t)
 -	fs_manage_cifs_files(spamd_t)
 -	fs_manage_cifs_symlinks(spamd_t)
-+optional_policy(`
-+	clamav_stream_connect(spamd_t)
- ')
+-')
++userdom_search_user_home_dirs(spamd_t)
++userdom_home_manager(spamd_t)
  
  optional_policy(`
 -	amavis_manage_lib_files(spamd_t)
-+	exim_manage_spool_dirs(spamd_t)
-+	exim_manage_spool_files(spamd_t)
++	antivirus_stream_connect(spamd_t)
++	antivirus_manage_db(spamd_t)
  ')
  
  optional_policy(`
 -	clamav_stream_connect(spamd_t)
-+	amavis_manage_lib_files(spamd_t)
++	exim_manage_spool_dirs(spamd_t)
++	exim_manage_spool_files(spamd_t)
  ')
  
  optional_policy(`
-@@ -421,21 +505,13 @@ optional_policy(`
+@@ -421,21 +502,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -74750,7 +75349,7 @@ index 4faa7e0..c7f47b3 100644
  ')
  
  optional_policy(`
-@@ -443,8 +519,8 @@ optional_policy(`
+@@ -443,8 +516,8 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -74760,7 +75359,7 @@ index 4faa7e0..c7f47b3 100644
  ')
  
  optional_policy(`
-@@ -455,7 +531,12 @@ optional_policy(`
+@@ -455,7 +528,12 @@ optional_policy(`
  optional_policy(`
  	razor_domtrans(spamd_t)
  	razor_read_lib_files(spamd_t)
@@ -74774,7 +75373,7 @@ index 4faa7e0..c7f47b3 100644
  ')
  
  optional_policy(`
-@@ -463,9 +544,9 @@ optional_policy(`
+@@ -463,9 +541,9 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -74785,7 +75384,7 @@ index 4faa7e0..c7f47b3 100644
  ')
  
  optional_policy(`
-@@ -474,32 +555,29 @@ optional_policy(`
+@@ -474,32 +552,29 @@ optional_policy(`
  
  ########################################
  #
@@ -74825,7 +75424,7 @@ index 4faa7e0..c7f47b3 100644
  
  corecmd_exec_bin(spamd_update_t)
  corecmd_exec_shell(spamd_update_t)
-@@ -508,25 +586,20 @@ dev_read_urand(spamd_update_t)
+@@ -508,25 +583,20 @@ dev_read_urand(spamd_update_t)
  
  domain_use_interactive_fds(spamd_update_t)
  
@@ -82481,7 +83080,7 @@ index 9dec06c..d8a2b54 100644
 +	allow svirt_lxc_domain $1:process sigchld;
  ')
 diff --git a/virt.te b/virt.te
-index 1f22fba..ff76d37 100644
+index 1f22fba..f704c9a 100644
 --- a/virt.te
 +++ b/virt.te
 @@ -1,94 +1,98 @@
@@ -83730,7 +84329,7 @@ index 1f22fba..ff76d37 100644
  	xen_stream_connect(virsh_t)
  	xen_stream_connect_xenstore(virsh_t)
  ')
-@@ -879,34 +908,39 @@ optional_policy(`
+@@ -879,34 +908,40 @@ optional_policy(`
  	kernel_read_xen_state(virsh_ssh_t)
  	kernel_write_xen_state(virsh_ssh_t)
  
@@ -83759,9 +84358,10 @@ index 1f22fba..ff76d37 100644
 +allow virtd_lxc_t self:netlink_route_socket rw_netlink_socket_perms;
 +allow virtd_lxc_t self:unix_stream_socket create_stream_socket_perms;
  allow virtd_lxc_t self:packet_socket create_socket_perms;
- 
--allow virtd_lxc_t svirt_lxc_domain:process { getattr getsched setsched transition signal signull sigkill };
 -
+-allow virtd_lxc_t svirt_lxc_domain:process { getattr getsched setsched transition signal signull sigkill };
++ps_process_pattern(virtd_lxc_t, svirt_lxc_domain)
+ 
  allow virtd_lxc_t virt_image_type:dir mounton;
  manage_files_pattern(virtd_lxc_t, virt_image_t, virt_image_t)
  
@@ -83780,7 +84380,7 @@ index 1f22fba..ff76d37 100644
  
  manage_dirs_pattern(virtd_lxc_t, svirt_lxc_file_t, svirt_lxc_file_t)
  manage_files_pattern(virtd_lxc_t, svirt_lxc_file_t, svirt_lxc_file_t)
-@@ -916,12 +950,15 @@ manage_sock_files_pattern(virtd_lxc_t, svirt_lxc_file_t, svirt_lxc_file_t)
+@@ -916,12 +951,15 @@ manage_sock_files_pattern(virtd_lxc_t, svirt_lxc_file_t, svirt_lxc_file_t)
  manage_fifo_files_pattern(virtd_lxc_t, svirt_lxc_file_t, svirt_lxc_file_t)
  allow virtd_lxc_t svirt_lxc_file_t:dir_file_class_set { relabelto relabelfrom };
  allow virtd_lxc_t svirt_lxc_file_t:filesystem { relabelto relabelfrom };
@@ -83796,7 +84396,7 @@ index 1f22fba..ff76d37 100644
  
  corecmd_exec_bin(virtd_lxc_t)
  corecmd_exec_shell(virtd_lxc_t)
-@@ -933,10 +970,8 @@ dev_read_urand(virtd_lxc_t)
+@@ -933,10 +971,8 @@ dev_read_urand(virtd_lxc_t)
  
  domain_use_interactive_fds(virtd_lxc_t)
  
@@ -83807,7 +84407,15 @@ index 1f22fba..ff76d37 100644
  files_relabel_rootfs(virtd_lxc_t)
  files_mounton_non_security(virtd_lxc_t)
  files_mount_all_file_type_fs(virtd_lxc_t)
-@@ -955,15 +990,11 @@ fs_rw_cgroup_files(virtd_lxc_t)
+@@ -944,6 +980,7 @@ files_unmount_all_file_type_fs(virtd_lxc_t)
+ files_list_isid_type_dirs(virtd_lxc_t)
+ files_root_filetrans(virtd_lxc_t, svirt_lxc_file_t, dir_file_class_set)
+ 
++fs_read_fusefs_files(virtd_lxc_t)
+ fs_getattr_all_fs(virtd_lxc_t)
+ fs_manage_tmpfs_dirs(virtd_lxc_t)
+ fs_manage_tmpfs_chr_files(virtd_lxc_t)
+@@ -955,15 +992,11 @@ fs_rw_cgroup_files(virtd_lxc_t)
  fs_unmount_all_fs(virtd_lxc_t)
  fs_relabelfrom_tmpfs(virtd_lxc_t)
  
@@ -83826,7 +84434,7 @@ index 1f22fba..ff76d37 100644
  
  term_use_generic_ptys(virtd_lxc_t)
  term_use_ptmx(virtd_lxc_t)
-@@ -973,20 +1004,38 @@ auth_use_nsswitch(virtd_lxc_t)
+@@ -973,20 +1006,38 @@ auth_use_nsswitch(virtd_lxc_t)
  
  logging_send_syslog_msg(virtd_lxc_t)
  
@@ -83859,7 +84467,7 @@ index 1f22fba..ff76d37 100644
 +allow svirt_lxc_domain self:capability { kill setuid setgid dac_override sys_boot ipc_lock };
 +
 +allow virtd_t svirt_lxc_domain:unix_stream_socket { create_stream_socket_perms connectto };
-+allow virtd_t svirt_lxc_domain:process { signal_perms };
++allow virtd_t svirt_lxc_domain:process { signal_perms getattr };
 +allow virtd_lxc_t svirt_lxc_domain:process { getattr getsched setsched transition signal signull sigkill };
 +allow svirt_lxc_domain virtd_lxc_t:process sigchld;
 +allow svirt_lxc_domain virtd_lxc_t:fd use;
@@ -83871,7 +84479,7 @@ index 1f22fba..ff76d37 100644
  allow svirt_lxc_domain self:process { execstack execmem getattr signal_perms getsched setsched setcap setpgid };
  allow svirt_lxc_domain self:fifo_file manage_file_perms;
  allow svirt_lxc_domain self:sem create_sem_perms;
-@@ -995,19 +1044,6 @@ allow svirt_lxc_domain self:msgq create_msgq_perms;
+@@ -995,19 +1046,6 @@ allow svirt_lxc_domain self:msgq create_msgq_perms;
  allow svirt_lxc_domain self:unix_stream_socket { create_stream_socket_perms connectto };
  allow svirt_lxc_domain self:unix_dgram_socket { sendto create_socket_perms };
  
@@ -83891,7 +84499,7 @@ index 1f22fba..ff76d37 100644
  manage_dirs_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
  manage_files_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
  manage_lnk_files_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
-@@ -1015,17 +1051,14 @@ manage_sock_files_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
+@@ -1015,17 +1053,14 @@ manage_sock_files_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
  manage_fifo_files_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
  rw_chr_files_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
  rw_blk_files_pattern(svirt_lxc_domain, svirt_lxc_file_t, svirt_lxc_file_t)
@@ -83910,7 +84518,7 @@ index 1f22fba..ff76d37 100644
  kernel_dontaudit_search_kernel_sysctl(svirt_lxc_domain)
  
  corecmd_exec_all_executables(svirt_lxc_domain)
-@@ -1037,21 +1070,20 @@ files_dontaudit_getattr_all_pipes(svirt_lxc_domain)
+@@ -1037,21 +1072,20 @@ files_dontaudit_getattr_all_pipes(svirt_lxc_domain)
  files_dontaudit_getattr_all_sockets(svirt_lxc_domain)
  files_dontaudit_list_all_mountpoints(svirt_lxc_domain)
  files_dontaudit_write_etc_runtime_files(svirt_lxc_domain)
@@ -83937,7 +84545,7 @@ index 1f22fba..ff76d37 100644
  auth_dontaudit_read_login_records(svirt_lxc_domain)
  auth_dontaudit_write_login_records(svirt_lxc_domain)
  auth_search_pam_console_data(svirt_lxc_domain)
-@@ -1063,11 +1095,14 @@ init_dontaudit_write_utmp(svirt_lxc_domain)
+@@ -1063,11 +1097,14 @@ init_dontaudit_write_utmp(svirt_lxc_domain)
  
  libs_dontaudit_setattr_lib_files(svirt_lxc_domain)
  
@@ -83954,7 +84562,7 @@ index 1f22fba..ff76d37 100644
  
  optional_policy(`
  	udev_read_pid_files(svirt_lxc_domain)
-@@ -1078,81 +1113,63 @@ optional_policy(`
+@@ -1078,81 +1115,63 @@ optional_policy(`
  	apache_read_sys_content(svirt_lxc_domain)
  ')
  
@@ -84059,7 +84667,7 @@ index 1f22fba..ff76d37 100644
  allow virt_qmf_t self:tcp_socket create_stream_socket_perms;
  allow virt_qmf_t self:netlink_route_socket create_netlink_socket_perms;
  
-@@ -1165,12 +1182,12 @@ dev_read_sysfs(virt_qmf_t)
+@@ -1165,12 +1184,12 @@ dev_read_sysfs(virt_qmf_t)
  dev_read_rand(virt_qmf_t)
  dev_read_urand(virt_qmf_t)
  
@@ -84074,7 +84682,7 @@ index 1f22fba..ff76d37 100644
  sysnet_read_config(virt_qmf_t)
  
  optional_policy(`
-@@ -1183,9 +1200,8 @@ optional_policy(`
+@@ -1183,9 +1202,8 @@ optional_policy(`
  
  ########################################
  #
@@ -84085,7 +84693,7 @@ index 1f22fba..ff76d37 100644
  allow virt_bridgehelper_t self:process { setcap getcap };
  allow virt_bridgehelper_t self:capability { setpcap setgid setuid net_admin };
  allow virt_bridgehelper_t self:tcp_socket create_stream_socket_perms;
-@@ -1198,5 +1214,65 @@ kernel_read_network_state(virt_bridgehelper_t)
+@@ -1198,5 +1216,65 @@ kernel_read_network_state(virt_bridgehelper_t)
  
  corenet_rw_tun_tap_dev(virt_bridgehelper_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index dc836cf..e73d261 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -524,6 +524,23 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Fri Jan 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-7
+- mount.glusterfs executes glusterfsd binary
+- Allow systemd_hostnamed_t to stream connect to systemd
+- Dontaudit any user doing a access check
+- Allow obex-data-server to request the kernel to load a module
+- Allow gpg-agent to manage gnome content (~/.cache/gpg-agent-info)
+- Allow gpg-agent to read /proc/sys/crypto/fips_enabled
+- Add new types for antivirus.pp policy module
+- Allow gnomesystemmm_t caps because of ioprio_set
+- Make sure if mozilla_plugin creates files while in permissive mode, they get created with the correct label, user_home_t
+- Allow gnomesystemmm_t caps because of ioprio_set
+- Allow NM rawip socket
+- files_relabel_non_security_files can not be used with boolean
+- Add interface to thumb_t dbus_chat to allow it to read remote process state
+- ALlow logrotate to domtrans to mdadm_t
+- kde gnomeclock wants to write content to /tmp
+
 * Wed Jan 23 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-6
 - kde gnomeclock wants to write content to /tmp
 - /usr/libexec/kde4/kcmdatetimehelper attempts to create /root/.kde