diff --git a/policy/modules/apps/firewallgui.if b/policy/modules/apps/firewallgui.if
index d90b327..7fe26f3 100644
--- a/policy/modules/apps/firewallgui.if
+++ b/policy/modules/apps/firewallgui.if
@@ -21,3 +21,21 @@ interface(`firewallgui_dbus_chat',`
allow $1 firewallgui_t:dbus send_msg;
allow firewallgui_t $1:dbus send_msg;
')
+
+########################################
+##
+## Read and write firewallgui unnamed pipes.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`firewallgui_dontaudit_rw_pipes',`
+ gen_require(`
+ type firewallgui_t;
+ ')
+
+ dontaudit $1 firewallgui_t:fifo_file rw_inherited_fifo_file_perms;
+')
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 6596284..a71e2d5 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -10,6 +10,7 @@
/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0)
+/bin/mountpoint -- gen_context(system_u:object_r:bin_t,s0)
/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/yash -- gen_context(system_u:object_r:shell_exec_t,s0)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 8779f43..73e4119 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1444,6 +1444,24 @@ interface(`files_dontaudit_search_all_mountpoints',`
########################################
##
+## Do not audit listing of all mount points.
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+interface(`files_dontaudit_list_all_mountpoints',`
+ gen_require(`
+ attribute mountpoint;
+ ')
+
+ dontaudit $1 mountpoint:dir list_dir_perms;
+')
+
+########################################
+##
## Write all mount points.
##
##
@@ -3840,6 +3858,24 @@ interface(`files_relabelto_system_conf_files',`
relabelto_files_pattern($1, system_conf_t, system_conf_t)
')
+######################################
+##
+## Relabel manageable system configuration files in /etc.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`files_relabelfrom_system_conf_files',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ relabelfrom_files_pattern($1, system_conf_t, system_conf_t)
+')
+
###################################
##
## Create files in /etc with the type used for
diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
index 4260708..62a48ac 100644
--- a/policy/modules/services/boinc.te
+++ b/policy/modules/services/boinc.te
@@ -144,6 +144,7 @@ corecmd_exec_shell(boinc_project_t)
corenet_tcp_connect_boinc_port(boinc_project_t)
+dev_read_urand(boinc_project_t)
dev_rw_xserver_misc(boinc_project_t)
files_read_etc_files(boinc_project_t)
diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te
index d417be0..df6769b 100644
--- a/policy/modules/services/radius.te
+++ b/policy/modules/services/radius.te
@@ -130,6 +130,7 @@ optional_policy(`
')
optional_policy(`
+ samba_domtrans_winbind_helper(radiusd_t)
samba_read_var_files(radiusd_t)
')
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index 50d256d..2a5981d 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -341,6 +341,7 @@ files_read_usr_files(smbd_t)
files_search_spool(smbd_t)
# smbd seems to getattr all mountpoints
files_dontaudit_getattr_all_dirs(smbd_t)
+files_dontaudit_list_all_mountpoints(smbd_t)
# Allow samba to list mnt_t for potential mounted dirs
files_list_mnt(smbd_t)
diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
index 5659a31..1a0701b 100644
--- a/policy/modules/services/virt.if
+++ b/policy/modules/services/virt.if
@@ -452,6 +452,24 @@ interface(`virt_read_images',`
########################################
##
+## Allow domain to read virt blk image files
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`virt_read_blk_images',`
+ gen_require(`
+ attribute virt_image_type;
+ ')
+
+ read_blk_files_pattern($1, virt_image_type, virt_image_type)
+')
+
+########################################
+##
## Create, read, write, and delete
## svirt cache files.
##
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index aae7ece..cf002d3 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -288,6 +288,8 @@ files_read_etc_runtime_files(virtd_t)
files_search_all(virtd_t)
files_read_kernel_modules(virtd_t)
files_read_usr_src_files(virtd_t)
+files_relabelto_system_conf_files(virtd_t)
+files_relabelfrom_system_conf_files(virtd_t)
# Manages /etc/sysconfig/system-config-firewall
files_manage_system_conf_files(virtd_t)
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 18cdacc..f7828f1 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -190,6 +190,10 @@ optional_policy(`
')
optional_policy(`
+ virt_read_blk_images(fsadm_t)
+')
+
+optional_policy(`
xen_append_log(fsadm_t)
xen_rw_image_files(fsadm_t)
')
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 4f68d6c..a3b7b0d 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -204,6 +204,10 @@ optional_policy(`
')
optional_policy(`
+ firewallgui_dontaudit_rw_pipes(insmod_t)
+')
+
+optional_policy(`
hal_write_log(insmod_t)
')