diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 8364df0..d471202 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -5565,7 +5565,7 @@ index 8e0f9cd..b9f45b9 100644
define(`create_packet_interfaces',``
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index b191055..a60bc60 100644
+index b191055..3812e33 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2)
@@ -5791,7 +5791,7 @@ index b191055..a60bc60 100644
network_port(msnp, tcp,1863,s0, udp,1863,s0)
network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
network_port(ms_streaming, tcp,1755,s0, udp,1755,s0)
-@@ -186,95 +234,116 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
+@@ -186,101 +234,124 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
network_port(mxi, tcp,8005,s0, udp,8005,s0)
network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
network_port(mysqlmanagerd, tcp,2273,s0)
@@ -5815,6 +5815,7 @@ index b191055..a60bc60 100644
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
+network_port(openvswitch, tcp,6634,s0)
+network_port(osapi_compute, tcp, 8774, s0)
++network_port(ovsdb, tcp, 6640, s0)
network_port(pdps, tcp,1314,s0, udp,1314,s0)
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
@@ -5926,7 +5927,14 @@ index b191055..a60bc60 100644
network_port(winshadow, tcp,3161,s0, udp,3261,s0)
network_port(wsdapi, tcp,5357,s0, udp,5357,s0)
network_port(wsicopy, tcp,3378,s0, udp,3378,s0)
-@@ -288,19 +357,23 @@ network_port(zabbix_agent, tcp,10050,s0)
+ network_port(xdmcp, udp,177,s0, tcp,177,s0)
+ network_port(xen, tcp,8002,s0)
+ network_port(xfs, tcp,7100,s0)
++network_port(xodbc_connect, tcp,6632,s0)
+ network_port(xserver, tcp,6000-6020,s0)
+ network_port(zarafa, tcp,236,s0, tcp,237,s0)
+ network_port(zabbix, tcp,10051,s0)
+@@ -288,19 +359,23 @@ network_port(zabbix_agent, tcp,10050,s0)
network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0)
@@ -5953,7 +5961,7 @@ index b191055..a60bc60 100644
########################################
#
-@@ -333,6 +406,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
+@@ -333,6 +408,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
build_option(`enable_mls',`
network_interface(lo, lo, s0 - mls_systemhigh)
@@ -5962,7 +5970,7 @@ index b191055..a60bc60 100644
',`
typealias netif_t alias { lo_netif_t netif_lo_t };
')
-@@ -345,9 +420,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -345,9 +422,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *;
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index bb990ce..20b84a9 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -5173,7 +5173,7 @@ index f6eb485..164501c 100644
+ filetrans_pattern($1, { httpd_user_content_t httpd_user_script_exec_t }, httpd_user_htaccess_t, file, ".htaccess")
')
diff --git a/apache.te b/apache.te
-index 6649962..d888ffb 100644
+index 6649962..44258d7 100644
--- a/apache.te
+++ b/apache.te
@@ -5,280 +5,339 @@ policy_module(apache, 2.7.2)
@@ -6549,7 +6549,7 @@ index 6649962..d888ffb 100644
')
optional_policy(`
-@@ -863,19 +1082,35 @@ optional_policy(`
+@@ -863,16 +1082,31 @@ optional_policy(`
')
optional_policy(`
@@ -6572,20 +6572,18 @@ index 6649962..d888ffb 100644
')
optional_policy(`
+- snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
+- snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
+ files_dontaudit_rw_usr_dirs(httpd_t)
- snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
- snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
- ')
-
- optional_policy(`
-+ thin_stream_connect(httpd_t)
++ snmp_dontaudit_manage_snmp_var_lib_files(httpd_t)
+')
+
+optional_policy(`
- udev_read_db(httpd_t)
++ thin_stream_connect(httpd_t)
')
-@@ -883,65 +1118,189 @@ optional_policy(`
+ optional_policy(`
+@@ -883,65 +1117,189 @@ optional_policy(`
yam_read_content(httpd_t)
')
@@ -6797,7 +6795,7 @@ index 6649962..d888ffb 100644
files_dontaudit_search_pids(httpd_suexec_t)
files_search_home(httpd_suexec_t)
-@@ -950,123 +1309,74 @@ auth_use_nsswitch(httpd_suexec_t)
+@@ -950,123 +1308,74 @@ auth_use_nsswitch(httpd_suexec_t)
logging_search_logs(httpd_suexec_t)
logging_send_syslog_msg(httpd_suexec_t)
@@ -6952,7 +6950,7 @@ index 6649962..d888ffb 100644
mysql_read_config(httpd_suexec_t)
tunable_policy(`httpd_can_network_connect_db',`
-@@ -1083,172 +1393,107 @@ optional_policy(`
+@@ -1083,172 +1392,107 @@ optional_policy(`
')
')
@@ -7190,7 +7188,7 @@ index 6649962..d888ffb 100644
')
tunable_policy(`httpd_read_user_content',`
-@@ -1256,64 +1501,74 @@ tunable_policy(`httpd_read_user_content',`
+@@ -1256,64 +1500,74 @@ tunable_policy(`httpd_read_user_content',`
')
tunable_policy(`httpd_use_cifs',`
@@ -7287,7 +7285,7 @@ index 6649962..d888ffb 100644
########################################
#
-@@ -1321,8 +1576,15 @@ miscfiles_read_localization(httpd_rotatelogs_t)
+@@ -1321,8 +1575,15 @@ miscfiles_read_localization(httpd_rotatelogs_t)
#
optional_policy(`
@@ -7304,7 +7302,7 @@ index 6649962..d888ffb 100644
')
########################################
-@@ -1330,49 +1592,38 @@ optional_policy(`
+@@ -1330,49 +1591,38 @@ optional_policy(`
# User content local policy
#
@@ -7369,7 +7367,7 @@ index 6649962..d888ffb 100644
kernel_read_system_state(httpd_passwd_t)
corecmd_exec_bin(httpd_passwd_t)
-@@ -1382,38 +1633,109 @@ dev_read_urand(httpd_passwd_t)
+@@ -1382,38 +1632,109 @@ dev_read_urand(httpd_passwd_t)
domain_use_interactive_fds(httpd_passwd_t)
@@ -12419,10 +12417,10 @@ index 0000000..aa308eb
+')
diff --git a/chrome.te b/chrome.te
new file mode 100644
-index 0000000..41effe4
+index 0000000..5955ff0
--- /dev/null
+++ b/chrome.te
-@@ -0,0 +1,254 @@
+@@ -0,0 +1,256 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -12485,6 +12483,8 @@ index 0000000..41effe4
+kernel_read_system_state(chrome_sandbox_t)
+kernel_read_kernel_sysctls(chrome_sandbox_t)
+
++auth_dontaudit_read_passwd(chrome_sandbox_t)
++
+fs_manage_cgroup_dirs(chrome_sandbox_t)
+fs_manage_cgroup_files(chrome_sandbox_t)
+fs_read_dos_files(chrome_sandbox_t)
@@ -25117,10 +25117,10 @@ index 0000000..457d4dd
+')
diff --git a/dnssec.te b/dnssec.te
new file mode 100644
-index 0000000..dd2545b
+index 0000000..1e0a31f
--- /dev/null
+++ b/dnssec.te
-@@ -0,0 +1,73 @@
+@@ -0,0 +1,74 @@
+policy_module(dnssec, 1.0.0)
+
+########################################
@@ -25193,6 +25193,7 @@ index 0000000..dd2545b
+ networkmanager_sigchld(dnssec_trigger_t)
+ networkmanager_sigkill(dnssec_trigger_t)
+ networkmanager_signull(dnssec_trigger_t)
++ networkmanager_read_conf(dnssec_trigger_t)
+')
diff --git a/dnssectrigger.te b/dnssectrigger.te
index c7bb4e7..e6fe2f40 100644
@@ -27828,7 +27829,7 @@ index c62c567..6460877 100644
+ allow $1 firewalld_unit_file_t:service all_service_perms;
')
diff --git a/firewalld.te b/firewalld.te
-index 98072a3..e91b89f 100644
+index 98072a3..a0c36b3 100644
--- a/firewalld.te
+++ b/firewalld.te
@@ -21,9 +21,15 @@ logging_log_file(firewalld_var_log_t)
@@ -27870,7 +27871,7 @@ index 98072a3..e91b89f 100644
kernel_read_network_state(firewalld_t)
kernel_read_system_state(firewalld_t)
-@@ -63,20 +76,17 @@ dev_search_sysfs(firewalld_t)
+@@ -63,20 +76,19 @@ dev_search_sysfs(firewalld_t)
domain_use_interactive_fds(firewalld_t)
@@ -27883,10 +27884,11 @@ index 98072a3..e91b89f 100644
+fs_dontaudit_all_access_check(firewalld_t)
-logging_send_syslog_msg(firewalld_t)
--
--miscfiles_read_localization(firewalld_t)
+auth_use_nsswitch(firewalld_t)
+-miscfiles_read_localization(firewalld_t)
++libs_exec_ldconfig(firewalld_t)
+
-seutil_exec_setfiles(firewalld_t)
-seutil_read_file_contexts(firewalld_t)
+logging_send_syslog_msg(firewalld_t)
@@ -27896,7 +27898,7 @@ index 98072a3..e91b89f 100644
optional_policy(`
dbus_system_domain(firewalld_t, firewalld_exec_t)
-@@ -95,6 +105,10 @@ optional_policy(`
+@@ -95,6 +107,10 @@ optional_policy(`
')
optional_policy(`
@@ -36856,7 +36858,7 @@ index 1a35420..8101022 100644
logging_search_logs($1)
admin_pattern($1, iscsi_log_t)
diff --git a/iscsi.te b/iscsi.te
-index ca020fa..e20fb2f 100644
+index ca020fa..d4ed777 100644
--- a/iscsi.te
+++ b/iscsi.te
@@ -5,12 +5,15 @@ policy_module(iscsi, 1.9.0)
@@ -36915,7 +36917,7 @@ index ca020fa..e20fb2f 100644
corenet_all_recvfrom_netlabel(iscsid_t)
corenet_tcp_sendrecv_generic_if(iscsid_t)
corenet_tcp_sendrecv_generic_node(iscsid_t)
-@@ -85,21 +89,33 @@ corenet_sendrecv_isns_client_packets(iscsid_t)
+@@ -85,22 +89,38 @@ corenet_sendrecv_isns_client_packets(iscsid_t)
corenet_tcp_connect_isns_port(iscsid_t)
corenet_tcp_sendrecv_isns_port(iscsid_t)
@@ -36952,6 +36954,11 @@ index ca020fa..e20fb2f 100644
optional_policy(`
tgtd_manage_semaphores(iscsid_t)
+ ')
++
++optional_policy(`
++ kdump_rw_inherited_kdumpctl_tmp_pipes(iscsid_t)
++')
diff --git a/isns.te b/isns.te
index bc11034..07e6310 100644
--- a/isns.te
@@ -48754,7 +48761,7 @@ index 6194b80..e27c53d 100644
')
+
diff --git a/mozilla.te b/mozilla.te
-index 11ac8e4..01cc431 100644
+index 11ac8e4..cee5091 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -6,17 +6,56 @@ policy_module(mozilla, 2.8.0)
@@ -49218,7 +49225,7 @@ index 11ac8e4..01cc431 100644
-dontaudit mozilla_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
-allow mozilla_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
-allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
-+dontaudit mozilla_plugin_t self:capability { sys_admin ipc_lock sys_nice sys_tty_config };
++dontaudit mozilla_plugin_t self:capability { sys_ptrace sys_admin ipc_lock sys_nice sys_tty_config };
+dontaudit mozilla_plugin_t self:capability2 block_suspend;
+
+allow mozilla_plugin_t self:process { getsession setcap setpgid getsched setsched signal_perms execmem execstack setrlimit transition };
@@ -55194,7 +55201,7 @@ index 94b9734..448a7e8 100644
+/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --git a/networkmanager.if b/networkmanager.if
-index 86dc29d..68f7cb1 100644
+index 86dc29d..7380935 100644
--- a/networkmanager.if
+++ b/networkmanager.if
@@ -2,7 +2,7 @@
@@ -55364,7 +55371,7 @@ index 86dc29d..68f7cb1 100644
##
##
##
-@@ -211,9 +259,28 @@ interface(`networkmanager_read_lib_files',`
+@@ -211,9 +259,30 @@ interface(`networkmanager_read_lib_files',`
read_files_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
')
@@ -55381,10 +55388,12 @@ index 86dc29d..68f7cb1 100644
+interface(`networkmanager_read_conf',`
+ gen_require(`
+ type NetworkManager_etc_t;
++ type NetworkManager_etc_rw_t;
+ ')
+
+ allow $1 NetworkManager_etc_t:dir list_dir_perms;
+ read_files_pattern($1,NetworkManager_etc_t,NetworkManager_etc_t)
++ read_files_pattern($1,NetworkManager_etc_rw_t,NetworkManager_etc_rw_t)
+')
+
########################################
@@ -55394,7 +55403,7 @@ index 86dc29d..68f7cb1 100644
##
##
##
-@@ -221,19 +288,18 @@ interface(`networkmanager_read_lib_files',`
+@@ -221,19 +290,18 @@ interface(`networkmanager_read_lib_files',`
##
##
#
@@ -55419,7 +55428,7 @@ index 86dc29d..68f7cb1 100644
##
##
##
-@@ -241,13 +307,66 @@ interface(`networkmanager_append_log_files',`
+@@ -241,13 +309,66 @@ interface(`networkmanager_append_log_files',`
##
##
#
@@ -55488,7 +55497,7 @@ index 86dc29d..68f7cb1 100644
')
####################################
-@@ -272,14 +391,33 @@ interface(`networkmanager_stream_connect',`
+@@ -272,14 +393,33 @@ interface(`networkmanager_stream_connect',`
########################################
##
@@ -55524,7 +55533,7 @@ index 86dc29d..68f7cb1 100644
##
##
## Role allowed access.
-@@ -287,33 +425,189 @@ interface(`networkmanager_stream_connect',`
+@@ -287,33 +427,189 @@ interface(`networkmanager_stream_connect',`
##
##
#
@@ -63325,7 +63334,7 @@ index 9b15730..cb00f20 100644
+ ')
')
diff --git a/openvswitch.te b/openvswitch.te
-index 44dbc99..c343cd3 100644
+index 44dbc99..ac08330 100644
--- a/openvswitch.te
+++ b/openvswitch.te
@@ -9,11 +9,8 @@ type openvswitch_t;
@@ -63390,7 +63399,7 @@ index 44dbc99..c343cd3 100644
manage_lnk_files_pattern(openvswitch_t, openvswitch_log_t, openvswitch_log_t)
logging_log_filetrans(openvswitch_t, openvswitch_log_t, { dir file lnk_file })
-@@ -65,33 +68,43 @@ manage_sock_files_pattern(openvswitch_t, openvswitch_var_run_t, openvswitch_var_
+@@ -65,33 +68,45 @@ manage_sock_files_pattern(openvswitch_t, openvswitch_var_run_t, openvswitch_var_
manage_lnk_files_pattern(openvswitch_t, openvswitch_var_run_t, openvswitch_var_run_t)
files_pid_filetrans(openvswitch_t, openvswitch_var_run_t, { dir file lnk_file })
@@ -63405,6 +63414,8 @@ index 44dbc99..c343cd3 100644
-corenet_all_recvfrom_netlabel(openvswitch_t)
-corenet_raw_sendrecv_generic_if(openvswitch_t)
-corenet_raw_sendrecv_generic_node(openvswitch_t)
++corenet_tcp_connect_xodbc_connect_port(openvswitch_t)
++corenet_tcp_connect_ovsdb_port(openvswitch_t)
+corenet_tcp_connect_openflow_port(openvswitch_t)
+corenet_tcp_bind_generic_node(openvswitch_t)
+corenet_tcp_bind_openvswitch_port(openvswitch_t)
@@ -95922,7 +95933,7 @@ index 2f0a2f2..1569e33 100644
+/var/run/snmpd(/.*)? gen_context(system_u:object_r:snmpd_var_run_t,s0)
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
diff --git a/snmp.if b/snmp.if
-index 7a9cc9d..d55da32 100644
+index 7a9cc9d..2b9cae3 100644
--- a/snmp.if
+++ b/snmp.if
@@ -57,8 +57,7 @@ interface(`snmp_udp_chat',`
@@ -96006,7 +96017,7 @@ index 7a9cc9d..d55da32 100644
##
##
##
-@@ -106,14 +144,14 @@ interface(`snmp_manage_var_lib_files',`
+@@ -106,14 +144,35 @@ interface(`snmp_manage_var_lib_files',`
##
##
#
@@ -96021,10 +96032,31 @@ index 7a9cc9d..d55da32 100644
- read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
- read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
+ manage_sock_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
++')
++
++########################################
++##
++## Do not audit attempts to manage
++## snmpd lib content.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`snmp_dontaudit_manage_snmp_var_lib_files',`
++ gen_require(`
++ type snmpd_var_lib_t;
++ ')
++
++ dontaudit $1 snmpd_var_lib_t:dir manage_dir_perms;
++ dontaudit $1 snmpd_var_lib_t:file manage_file_perms;
++ dontaudit $1 snmpd_var_lib_t:lnk_file manage_lnk_file_perms;
')
########################################
-@@ -179,8 +217,12 @@ interface(`snmp_admin',`
+@@ -179,8 +238,12 @@ interface(`snmp_admin',`
type snmpd_var_lib_t, snmpd_var_run_t;
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 50042c7..1d4db34 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 131%{?dist}
+Release: 132%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -602,6 +602,24 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Jun 29 2015 Lukas Vrabec 3.13.1-132
+- Rename xodbc-connect port to xodbc_connect
+- Dontaudit apache to manage snmpd_var_lib_t files/dirs. BZ(1189214)
+- Add interface snmp_dontaudit_manage_snmp_var_lib_files().
+- Allow ovsdb-server to connect on xodbc-connect and ovsdb tcp ports. BZ(1179809)
+- Dontaudit mozilla_plugin_t cap. sys_ptrace. BZ(1202043)
+- Allow iscsid write to fifo file kdumpctl_tmp_t. Appears when kdump generates the initramfs during the kernel boot. BZ(1181476)
+- Dontaudit chrome to read passwd file. BZ(1204307)
+- Allow firewalld exec ldconfig. BZ(1232748)
+- Allow dnssec_trigger_t read networkmanager conf files. BZ(1231798)
+- Allow in networkmanager_read_conf() also read NetworkManager_etc_rw_t files. BZ(1231798)
+- Allow NetworkManager write to sysfs. BZ(1234086)
+- Fix bogus line in logrotate.fc.
+- Add dontaudit interface for kdumpctl_tmp_t
+- Rename xodbc-connect port to xodbc_connect
+- Label tcp port 6632 as xodbc-connect port. BZ (1179809)
+- Label tcp port 6640 as ovsdb port. BZ (1179809)
+
* Tue Jun 23 2015 Lukas Vrabec 3.13.1-131
- Allow NetworkManager write to sysfs. BZ(1234086)
- Fix bogus line in logrotate.fc.