diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
index 8ceb526..bfa8bbf 100644
--- a/policy/modules/system/iscsi.te
+++ b/policy/modules/system/iscsi.te
@@ -1,5 +1,5 @@
-policy_module(iscsi, 1.5.2)
+policy_module(iscsi, 1.5.3)
########################################
#
@@ -28,7 +28,7 @@ files_pid_file(iscsi_var_run_t)
# iscsid local policy
#
-allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
+allow iscsid_t self:capability { dac_override ipc_lock net_admin net_raw sys_admin sys_nice sys_resource };
allow iscsid_t self:process { setrlimit setsched signal };
allow iscsid_t self:fifo_file rw_fifo_file_perms;
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -39,8 +39,8 @@ allow iscsid_t self:netlink_socket create_socket_perms;
allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
allow iscsid_t self:tcp_socket create_stream_socket_perms;
-allow iscsid_t iscsi_lock_t:file manage_file_perms;
-files_lock_filetrans(iscsid_t,iscsi_lock_t,file)
+manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
+files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
allow iscsid_t iscsi_tmp_t:file manage_file_perms;
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index aa9bb80..6557a8e 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -35,6 +35,7 @@ ifdef(`distro_redhat',`
/usr/lib(64)?/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0)
+/usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/usr/local/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 6b178bb..5ef7e51 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -23,6 +23,45 @@ interface(`miscfiles_read_certs',`
########################################
##
+## manange system SSL certificates.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`miscfiles_manage_cert_dirs',`
+ gen_require(`
+ type cert_t;
+ ')
+
+ manage_dirs_pattern($1, cert_t, cert_t)
+')
+
+########################################
+##
+## manange system SSL certificates.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`miscfiles_manage_cert_files',`
+ gen_require(`
+ type cert_t;
+ ')
+
+ manage_files_pattern($1, cert_t, cert_t)
+ read_lnk_files_pattern($1, cert_t, cert_t)
+')
+
+########################################
+##
## Read fonts.
##
##
@@ -62,7 +101,7 @@ interface(`miscfiles_dontaudit_write_fonts',`
type fonts_t;
')
- dontaudit $1 fonts_t:dir write;
+ dontaudit $1 fonts_t:dir { write setattr };
dontaudit $1 fonts_t:file write;
')
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
index de23088..659ca3f 100644
--- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te
@@ -1,5 +1,5 @@
-policy_module(miscfiles, 1.6.0)
+policy_module(miscfiles, 1.6.1)
########################################
#
diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
index f93ce4b..3937837 100644
--- a/policy/modules/system/raid.te
+++ b/policy/modules/system/raid.te
@@ -1,5 +1,5 @@
-policy_module(raid, 1.8.0)
+policy_module(raid, 1.8.1)
########################################
#
@@ -39,6 +39,7 @@ dev_dontaudit_getattr_all_chr_files(mdadm_t)
dev_dontaudit_getattr_generic_files(mdadm_t)
dev_dontaudit_getattr_generic_chr_files(mdadm_t)
dev_dontaudit_getattr_generic_blk_files(mdadm_t)
+dev_read_realtime_clock(mdadm_t)
fs_search_auto_mountpoints(mdadm_t)
fs_dontaudit_list_tmpfs(mdadm_t)