diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 39e1baa..dc3f83c 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -9812,7 +9812,7 @@ index b876c48..6bfb954 100644
 +/nsr(/.*)?			gen_context(system_u:object_r:var_t,s0)
 +/nsr/logs(/.*)?			gen_context(system_u:object_r:var_log_t,s0)
 diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
-index f962f76..f39d066 100644
+index f962f76..6fab9e7 100644
 --- a/policy/modules/kernel/files.if
 +++ b/policy/modules/kernel/files.if
 @@ -19,6 +19,136 @@
@@ -12594,7 +12594,7 @@ index f962f76..f39d066 100644
  ########################################
  ## <summary>
  ##	Do not audit attempts to search
-@@ -6025,6 +7381,25 @@ interface(`files_dontaudit_search_pids',`
+@@ -6025,6 +7381,43 @@ interface(`files_dontaudit_search_pids',`
  
  ########################################
  ## <summary>
@@ -12617,10 +12617,28 @@ index f962f76..f39d066 100644
 +
 +########################################
 +## <summary>
++##	Allow search the all /var/run directory.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`files_search_all_pids',`
++	gen_require(`
++		attribute pidfile;
++	')
++
++	allow $1 pidfile:dir search_dir_perms;
++')
++
++########################################
++## <summary>
  ##	List the contents of the runtime process
  ##	ID directories (/var/run).
  ## </summary>
-@@ -6039,7 +7414,7 @@ interface(`files_list_pids',`
+@@ -6039,7 +7432,7 @@ interface(`files_list_pids',`
  		type var_t, var_run_t;
  	')
  
@@ -12629,7 +12647,7 @@ index f962f76..f39d066 100644
  	list_dirs_pattern($1, var_t, var_run_t)
  ')
  
-@@ -6058,7 +7433,7 @@ interface(`files_read_generic_pids',`
+@@ -6058,7 +7451,7 @@ interface(`files_read_generic_pids',`
  		type var_t, var_run_t;
  	')
  
@@ -12638,7 +12656,7 @@ index f962f76..f39d066 100644
  	list_dirs_pattern($1, var_t, var_run_t)
  	read_files_pattern($1, var_run_t, var_run_t)
  ')
-@@ -6078,7 +7453,7 @@ interface(`files_write_generic_pid_pipes',`
+@@ -6078,7 +7471,7 @@ interface(`files_write_generic_pid_pipes',`
  		type var_run_t;
  	')
  
@@ -12647,7 +12665,7 @@ index f962f76..f39d066 100644
  	allow $1 var_run_t:fifo_file write;
  ')
  
-@@ -6140,7 +7515,6 @@ interface(`files_pid_filetrans',`
+@@ -6140,7 +7533,6 @@ interface(`files_pid_filetrans',`
  	')
  
  	allow $1 var_t:dir search_dir_perms;
@@ -12655,7 +12673,7 @@ index f962f76..f39d066 100644
  	filetrans_pattern($1, var_run_t, $2, $3, $4)
  ')
  
-@@ -6169,6 +7543,24 @@ interface(`files_pid_filetrans_lock_dir',`
+@@ -6169,6 +7561,24 @@ interface(`files_pid_filetrans_lock_dir',`
  
  ########################################
  ## <summary>
@@ -12680,7 +12698,7 @@ index f962f76..f39d066 100644
  ##	Read and write generic process ID files.
  ## </summary>
  ## <param name="domain">
-@@ -6182,7 +7574,7 @@ interface(`files_rw_generic_pids',`
+@@ -6182,7 +7592,7 @@ interface(`files_rw_generic_pids',`
  		type var_t, var_run_t;
  	')
  
@@ -12689,7 +12707,7 @@ index f962f76..f39d066 100644
  	list_dirs_pattern($1, var_t, var_run_t)
  	rw_files_pattern($1, var_run_t, var_run_t)
  ')
-@@ -6249,55 +7641,43 @@ interface(`files_dontaudit_ioctl_all_pids',`
+@@ -6249,55 +7659,43 @@ interface(`files_dontaudit_ioctl_all_pids',`
  
  ########################################
  ## <summary>
@@ -12752,7 +12770,7 @@ index f962f76..f39d066 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -6305,42 +7685,35 @@ interface(`files_delete_all_pids',`
+@@ -6305,42 +7703,35 @@ interface(`files_delete_all_pids',`
  ##	</summary>
  ## </param>
  #
@@ -12802,7 +12820,7 @@ index f962f76..f39d066 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -6348,18 +7721,18 @@ interface(`files_manage_all_pids',`
+@@ -6348,18 +7739,18 @@ interface(`files_manage_all_pids',`
  ##	</summary>
  ## </param>
  #
@@ -12826,7 +12844,7 @@ index f962f76..f39d066 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -6367,37 +7740,40 @@ interface(`files_mounton_all_poly_members',`
+@@ -6367,37 +7758,40 @@ interface(`files_mounton_all_poly_members',`
  ##	</summary>
  ## </param>
  #
@@ -12878,7 +12896,7 @@ index f962f76..f39d066 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -6405,18 +7781,17 @@ interface(`files_dontaudit_search_spool',`
+@@ -6405,18 +7799,17 @@ interface(`files_dontaudit_search_spool',`
  ##	</summary>
  ## </param>
  #
@@ -12901,7 +12919,7 @@ index f962f76..f39d066 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -6424,18 +7799,18 @@ interface(`files_list_spool',`
+@@ -6424,18 +7817,18 @@ interface(`files_list_spool',`
  ##	</summary>
  ## </param>
  #
@@ -12925,7 +12943,7 @@ index f962f76..f39d066 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -6443,19 +7818,18 @@ interface(`files_manage_generic_spool_dirs',`
+@@ -6443,19 +7836,18 @@ interface(`files_manage_generic_spool_dirs',`
  ##	</summary>
  ## </param>
  #
@@ -12950,7 +12968,7 @@ index f962f76..f39d066 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -6463,55 +7837,43 @@ interface(`files_read_generic_spool',`
+@@ -6463,55 +7855,130 @@ interface(`files_read_generic_spool',`
  ##	</summary>
  ## </param>
  #
@@ -12978,101 +12996,46 @@ index f962f76..f39d066 100644
  ##	</summary>
  ## </param>
 -## <param name="file">
--##	<summary>
--##	Type to which the created node will be transitioned.
--##	</summary>
--## </param>
--## <param name="class">
--##	<summary>
--##	Object class(es) (single or set including {}) for which this
--##	the transition will occur.
--##	</summary>
--## </param>
--## <param name="name" optional="true">
--##	<summary>
--##	The name of the object being created.
--##	</summary>
--## </param>
 +## <rolecap/>
- #
--interface(`files_spool_filetrans',`
++#
 +interface(`files_delete_all_pids',`
- 	gen_require(`
--		type var_t, var_spool_t;
++	gen_require(`
 +		attribute pidfile;
 +		type var_t, var_run_t;
- 	')
- 
++	')
++
 +	files_search_pids($1)
- 	allow $1 var_t:dir search_dir_perms;
--	filetrans_pattern($1, var_spool_t, $2, $3, $4)
++	allow $1 var_t:dir search_dir_perms;
 +	allow $1 var_run_t:dir rmdir;
 +	allow $1 var_run_t:lnk_file delete_lnk_file_perms;
 +	delete_files_pattern($1, pidfile, pidfile)
 +	delete_fifo_files_pattern($1, pidfile, pidfile)
 +	delete_sock_files_pattern($1, pidfile, { pidfile var_run_t })
- ')
- 
- ########################################
- ## <summary>
--##	Allow access to manage all polyinstantiated
--##	directories on the system.
++')
++
++########################################
++## <summary>
 +##	Delete all process ID directories.
- ## </summary>
- ## <param name="domain">
++## </summary>
++## <param name="domain">
  ##	<summary>
-@@ -6519,53 +7881,68 @@ interface(`files_spool_filetrans',`
+-##	Type to which the created node will be transitioned.
++##	Domain allowed access.
  ##	</summary>
  ## </param>
- #
--interface(`files_polyinstantiate_all',`
+-## <param name="class">
++#
 +interface(`files_delete_all_pid_dirs',`
- 	gen_require(`
--		attribute polydir, polymember, polyparent;
--		type poly_t;
++	gen_require(`
 +		attribute pidfile;
 +		type var_t, var_run_t;
- 	')
- 
--	# Need to give access to /selinux/member
--	selinux_compute_member($1)
--
--	# Need sys_admin capability for mounting
--	allow $1 self:capability { chown fsetid sys_admin fowner };
--
--	# Need to give access to the directories to be polyinstantiated
--	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
--
--	# Need to give access to the polyinstantiated subdirectories
--	allow $1 polymember:dir search_dir_perms;
--
--	# Need to give access to parent directories where original
--	# is remounted for polyinstantiation aware programs (like gdm)
--	allow $1 polyparent:dir { getattr mounton };
--
--	# Need to give permission to create directories where applicable
--	allow $1 self:process setfscreate;
--	allow $1 polymember: dir { create setattr relabelto };
--	allow $1 polydir: dir { write add_name open };
--	allow $1 polyparent:dir { open read write remove_name add_name relabelfrom relabelto };
--
--	# Default type for mountpoints
--	allow $1 poly_t:dir { create mounton };
--	fs_unmount_xattr_fs($1)
--
--	fs_mount_tmpfs($1)
--	fs_unmount_tmpfs($1)
++	')
++
 +	files_search_pids($1)
 +	allow $1 var_t:dir search_dir_perms;
 +	delete_dirs_pattern($1, pidfile, pidfile)
 +')
- 
--	ifdef(`distro_redhat',`
--		# namespace.init
--		files_search_tmp($1)
--		files_search_home($1)
--		corecmd_exec_bin($1)
--		seutil_domtrans_setfiles($1)
++
 +########################################
 +## <summary>
 +##	Make the specified type a file
@@ -13105,59 +13068,76 @@ index f962f76..f39d066 100644
 +##	</p>
 +## </desc>
 +## <param name="file_type">
-+##	<summary>
+ ##	<summary>
+-##	Object class(es) (single or set including {}) for which this
+-##	the transition will occur.
 +##	Type of the file to be used as a
 +##	spool file.
-+##	</summary>
-+## </param>
+ ##	</summary>
+ ## </param>
+-## <param name="name" optional="true">
 +## <infoflow type="none"/>
 +#
 +interface(`files_spool_file',`
 +	gen_require(`
 +		attribute spoolfile;
- 	')
++	')
 +
 +	files_type($1)
 +	typeattribute $1 spoolfile;
- ')
- 
- ########################################
- ## <summary>
--##	Unconfined access to files.
++')
++
++########################################
++## <summary>
 +##	Create all spool sockets
- ## </summary>
- ## <param name="domain">
++## </summary>
++## <param name="domain">
  ##	<summary>
-@@ -6573,10 +7950,875 @@ interface(`files_polyinstantiate_all',`
+-##	The name of the object being created.
++##	Domain allowed access.
  ##	</summary>
  ## </param>
  #
--interface(`files_unconfined',`
+-interface(`files_spool_filetrans',`
 +interface(`files_create_all_spool_sockets',`
  	gen_require(`
--		attribute files_unconfined_type;
+-		type var_t, var_spool_t;
 +		attribute spoolfile;
  	')
  
--	typeattribute $1 files_unconfined_type;
+-	allow $1 var_t:dir search_dir_perms;
+-	filetrans_pattern($1, var_spool_t, $2, $3, $4)
 +	allow $1 spoolfile:sock_file create_sock_file_perms;
-+')
-+
-+########################################
-+## <summary>
+ ')
+ 
+ ########################################
+ ## <summary>
+-##	Allow access to manage all polyinstantiated
+-##	directories on the system.
 +##	Delete all spool sockets
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+@@ -6519,20 +7986,212 @@ interface(`files_spool_filetrans',`
+ ##	</summary>
+ ## </param>
+ #
+-interface(`files_polyinstantiate_all',`
 +interface(`files_delete_all_spool_sockets',`
-+	gen_require(`
+ 	gen_require(`
+-		attribute polydir, polymember, polyparent;
+-		type poly_t;
 +		attribute spoolfile;
-+	')
-+
+ 	')
+ 
+-	# Need to give access to /selinux/member
+-	selinux_compute_member($1)
+-
+-	# Need sys_admin capability for mounting
+-	allow $1 self:capability { chown fsetid sys_admin fowner };
+-
+-	# Need to give access to the directories to be polyinstantiated
+-	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
 +	allow $1 spoolfile:sock_file delete_sock_file_perms;
 +')
 +
@@ -13359,53 +13339,13 @@ index f962f76..f39d066 100644
 +
 +	# Need to give access to the directories to be polyinstantiated
 +	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
-+
-+	# Need to give access to the polyinstantiated subdirectories
-+	allow $1 polymember:dir search_dir_perms;
-+
-+	# Need to give access to parent directories where original
-+	# is remounted for polyinstantiation aware programs (like gdm)
-+	allow $1 polyparent:dir { getattr mounton };
-+
-+	# Need to give permission to create directories where applicable
-+	allow $1 self:process setfscreate;
-+	allow $1 polymember: dir { create setattr relabelto };
-+	allow $1 polydir: dir { write add_name open };
-+	allow $1 polyparent:dir { open read write remove_name add_name relabelfrom relabelto };
-+
-+	# Default type for mountpoints
-+	allow $1 poly_t:dir { create mounton };
-+	fs_unmount_xattr_fs($1)
-+
-+	fs_mount_tmpfs($1)
-+	fs_unmount_tmpfs($1)
-+
-+	ifdef(`distro_redhat',`
-+		# namespace.init
-+		files_search_tmp($1)
-+		files_search_home($1)
-+		corecmd_exec_bin($1)
-+		seutil_domtrans_setfiles($1)
-+	')
-+')
-+
-+########################################
-+## <summary>
-+##	Unconfined access to files.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`files_unconfined',`
-+	gen_require(`
-+		attribute files_unconfined_type;
-+	')
-+
-+	typeattribute $1 files_unconfined_type;
-+')
+ 
+ 	# Need to give access to the polyinstantiated subdirectories
+ 	allow $1 polymember:dir search_dir_perms;
+@@ -6580,3 +8239,604 @@ interface(`files_unconfined',`
+ 
+ 	typeattribute $1 files_unconfined_type;
+ ')
 +
 +########################################
 +## <summary>
@@ -14006,7 +13946,7 @@ index f962f76..f39d066 100644
 +	')
 +
 +	allow $1 etc_t:service status;
- ')
++')
 diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
 index 1a03abd..32a40f8 100644
 --- a/policy/modules/kernel/files.te
@@ -39216,7 +39156,7 @@ index 40edc18..963b974 100644
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 +
 diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 2cea692..fcd75c1 100644
+index 2cea692..07185cb 100644
 --- a/policy/modules/system/sysnetwork.if
 +++ b/policy/modules/system/sysnetwork.if
 @@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -39360,7 +39300,7 @@ index 2cea692..fcd75c1 100644
  	')
  
  	ifdef(`distro_redhat',`
-+        files_search_pids($1)
++        files_search_all_pids($1)
 +        init_search_pid_dirs($1)
  		allow $1 net_conf_t:dir list_dir_perms;
 +		allow $1 net_conf_t:lnk_file read_lnk_file_perms;
@@ -39423,13 +39363,13 @@ index 2cea692..fcd75c1 100644
  	')
  
  	ifdef(`distro_redhat',`
-+        files_search_pids($1)
++        files_search_all_pids($1)
 +        init_search_pid_dirs($1)
 +		allow $1 net_conf_t:dir list_dir_perms;
  		manage_files_pattern($1, net_conf_t, net_conf_t)
 +		manage_lnk_files_pattern($1, net_conf_t, net_conf_t)
++        sysnet_filetrans_named_content($1)
 +	')
-+    sysnet_filetrans_named_content($1)
 +')
 +
 +#######################################
@@ -39455,7 +39395,7 @@ index 2cea692..fcd75c1 100644
 +	')
 +
 +	ifdef(`distro_redhat',`
-+        files_search_pids($1)
++        files_search_all_pids($1)
 +        init_search_pid_dirs($1)
 +		allow $1 net_conf_t:dir list_dir_perms;
 +		manage_dirs_pattern($1, net_conf_t, net_conf_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0643b43..fa8c807 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 108%{?dist}
+Release: 109%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -605,6 +605,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Feb 04 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-109
+- Allow search all pid dirs when managing net_conf_t files.
+
 * Wed Feb 04 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-108
 - Fix labels, improve sysnet_manage_config interface.
 - Label /var/run/NetworkManager/resolv.conf.tmp as net_conf_t.