diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 43b463e..4d71687 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
-policy_module(init,1.9.2)
+policy_module(init,1.9.3)
gen_require(`
class passwd rootok;
@@ -427,6 +427,11 @@ ifdef(`distro_gentoo',`
# happens during boot (/sbin/rc execs init scripts)
seutil_read_default_contexts(initrc_t)
+ # /lib/rcscripts/net/system.sh rewrites resolv.conf :(
+ sysnet_create_config(initrc_t)
+ sysnet_write_config(initrc_t)
+ sysnet_setattr_config(initrc_t)
+
optional_policy(`
arpwatch_manage_data_files(initrc_t)
')
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
index 244c3a8..f5737fd 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -20,6 +20,8 @@
/usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
+/var/lib/syslog-ng.persist -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
+
ifdef(`distro_suse', `
/var/lib/stunnel/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
')
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 4e42f83..9cca786 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
-policy_module(logging,1.9.1)
+policy_module(logging,1.9.2)
########################################
#
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 970e2cf..2e36272 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -203,11 +203,30 @@ interface(`sysnet_read_dhcpc_state',`
#######################################
##
-## Allow network init to read network config files.
+## Set the attributes of network config files.
##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
+##
+##
+#
+interface(`sysnet_setattr_config',`
+ gen_require(`
+ type net_conf_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 net_conf_t:file setattr;
+')
+
+#######################################
+##
+## Read network config files.
+##
+##
+##
+## Domain allowed access.
##
##
#
@@ -240,6 +259,44 @@ interface(`sysnet_dontaudit_read_config',`
#######################################
##
+## Write network config files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sysnet_write_config',`
+ gen_require(`
+ type net_conf_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 net_conf_t:file write_file_perms;
+')
+
+#######################################
+##
+## Create network config files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sysnet_create_config',`
+ gen_require(`
+ type net_conf_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 net_conf_t:file create_file_perms;
+')
+
+#######################################
+##
## Create files in /etc with the type used for
## the network config files.
##
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index bb35555..592b280 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
-policy_module(sysnetwork,1.5.0)
+policy_module(sysnetwork,1.5.1)
########################################
#
@@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_file_perms;
allow dhcpc_t self:tcp_socket create_stream_socket_perms;
allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
+allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t)