diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index 30cfa49..3517db2 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -48,11 +48,13 @@ ifdef(`distro_suse',`
 /etc/.*				gen_context(system_u:object_r:etc_t,s0)
 /etc/\.fstab\.hal\..+	--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/blkid(/.*)?		gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/cmtab		--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/fstab\.REVOKE	--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/HOSTNAME		--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/ioctl\.save	--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/issue		--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/issue\.net		--	gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/killpower		--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/localtime		-l	gen_context(system_u:object_r:etc_t,s0)
 /etc/mtab		--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/mtab\.fuselock	--	gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -205,19 +207,21 @@ HOME_ROOT/lost\+found/.*		<<none>>
 /usr/local/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
 /usr/local/lost\+found/.*	<<none>>
 
-/usr/local/src(/.*)?		gen_context(system_u:object_r:src_t,s0)
-
 /usr/lost\+found		-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
 /usr/lost\+found/.*		<<none>>
 
 /usr/share/doc(/.*)?/README.*	gen_context(system_u:object_r:usr_t,s0)
 
-/usr/src(/.*)?			gen_context(system_u:object_r:src_t,s0)
-/usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
-
 /usr/tmp			-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
 /usr/tmp/.*			<<none>>
 
+ifndef(`distro_redhat',`
+/usr/local/src(/.*)?		gen_context(system_u:object_r:src_t,s0)
+
+/usr/src(/.*)?			gen_context(system_u:object_r:src_t,s0)
+/usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
+')
+
 #
 # /var
 #
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 9adeea4..425d176 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -174,7 +174,7 @@ interface(`files_security_mountpoint',`
 ##	<p>
 ##	Make the specified type usable for runtime process ID files,
 ##	typically found in /var/run.
-##	This will also make the type usable for files, making 
+##	This will also make the type usable for files, making
 ##	calls to files_type() redundant.  Failure to use this interface
 ##	for a PID file type may result in problems with starting
 ##	or stopping services.
@@ -221,7 +221,7 @@ interface(`files_pid_file',`
 ## <desc>
 ##	<p>
 ##	Make the specified type usable for configuration files.
-##	This will also make the type usable for files, making 
+##	This will also make the type usable for files, making
 ##	calls to files_type() redundant.  Failure to use this interface
 ##	for a temporary file may result in problems with
 ##	configuration management tools.
@@ -349,7 +349,7 @@ interface(`files_poly_member_tmp',`
 ## <desc>
 ##	<p>
 ##	Make the specified type usable for temporary files.
-##	This will also make the type usable for files, making 
+##	This will also make the type usable for files, making
 ##	calls to files_type() redundant.  Failure to use this interface
 ##	for a temporary file may result in problems with
 ##	purging temporary files.
@@ -1428,6 +1428,24 @@ interface(`files_search_all_mountpoints',`
 
 ########################################
 ## <summary>
+##	Do not audit searching of all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`files_dontaudit_search_all_mountpoints',`
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	dontaudit $1 mountpoint:dir search_dir_perms;
+')
+
+########################################
+## <summary>
 ##	List the contents of the root directory.
 ## </summary>
 ## <param name="domain">
@@ -1552,6 +1570,24 @@ interface(`files_dontaudit_rw_root_chr_files',`
 
 ########################################
 ## <summary>
+##	Delete files in the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_delete_root_files',`
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:file unlink;
+')
+
+########################################
+## <summary>
 ##	Remove entries from the root directory.
 ## </summary>
 ## <param name="domain">
@@ -1697,6 +1733,25 @@ interface(`files_create_boot_dirs',`
 
 ########################################
 ## <summary>
+##	Create, read, write, and delete
+##	directories in /boot.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_manage_boot_dirs',`
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir manage_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Create a private type object in boot
 ##	with an automatic type transition
 ## </summary>
@@ -1740,7 +1795,7 @@ interface(`files_read_boot_files',`
 		type boot_t;
 	')
 
-	manage_files_pattern($1, boot_t, boot_t)
+	read_files_pattern($1, boot_t, boot_t)
 ')
 
 ########################################
@@ -2193,6 +2248,24 @@ interface(`files_list_etc',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to write to /etc dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`files_dontaudit_write_etc_dirs',`
+	gen_require(`
+		type etc_t;
+	')
+
+	dontaudit $1 etc_t:dir write;
+')
+
+########################################
+## <summary>
 ##	Add and remove entries from /etc directories.
 ## </summary>
 ## <param name="domain">
@@ -2789,6 +2862,120 @@ interface(`files_delete_isid_type_files',`
 
 ########################################
 ## <summary>
+##	Delete symbolic links on new filesystems
+##	that have not yet been labeled.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_delete_isid_type_symlinks',`
+	gen_require(`
+		type file_t;
+	')
+
+	delete_lnk_files_pattern($1, file_t, file_t)
+')
+
+########################################
+## <summary>
+##	Delete named pipes on new filesystems
+##	that have not yet been labeled.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_delete_isid_type_fifo_files',`
+	gen_require(`
+		type file_t;
+	')
+
+	delete_fifo_files_pattern($1, file_t, file_t)
+')
+
+########################################
+## <summary>
+##	Delete named sockets on new filesystems
+##	that have not yet been labeled.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_delete_isid_type_sock_files',`
+	gen_require(`
+		type file_t;
+	')
+
+	delete_sock_files_pattern($1, file_t, file_t)
+')
+
+########################################
+## <summary>
+##	Delete block files on new filesystems
+##	that have not yet been labeled.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_delete_isid_type_blk_files',`
+	gen_require(`
+		type file_t;
+	')
+
+	delete_blk_files_pattern($1, file_t, file_t)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to write to character
+##	files that have not yet been labeled.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_dontaudit_write_isid_chr_files',`
+	gen_require(`
+		type file_t;
+	')
+
+	dontaudit $1 file_t:chr_file write;
+')
+
+########################################
+## <summary>
+##	Delete chr files on new filesystems
+##	that have not yet been labeled.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_delete_isid_type_chr_files',`
+	gen_require(`
+		type file_t;
+	')
+
+	delete_chr_files_pattern($1, file_t, file_t)
+')
+
+########################################
+## <summary>
 ##	Create, read, write, and delete files
 ##	on new filesystems that have not yet been labeled.
 ## </summary>
@@ -2937,6 +3124,7 @@ interface(`files_search_home',`
 	')
 
 	allow $1 home_root_t:dir search_dir_perms;
+	allow $1 home_root_t:lnk_file read_lnk_file_perms;
 ')
 
 ########################################
@@ -2956,6 +3144,7 @@ interface(`files_dontaudit_search_home',`
 	')
 
 	dontaudit $1 home_root_t:dir search_dir_perms;
+	dontaudit $1 home_root_t:lnk_file read_lnk_file_perms;
 ')
 
 ########################################
@@ -2975,6 +3164,7 @@ interface(`files_dontaudit_list_home',`
 	')
 
 	dontaudit $1 home_root_t:dir list_dir_perms;
+	dontaudit $1 home_root_t:lnk_file read_lnk_file_perms;
 ')
 
 ########################################
@@ -2993,6 +3183,7 @@ interface(`files_list_home',`
 	')
 
 	allow $1 home_root_t:dir list_dir_perms;
+	allow $1 home_root_t:lnk_file read_lnk_file_perms;
 ')
 
 ########################################
@@ -3922,6 +4113,24 @@ interface(`files_purge_tmp',`
 
 ########################################
 ## <summary>
+##	Set the attributes of the /usr directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_setattr_usr_dirs',`
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir setattr;
+')
+
+########################################
+## <summary>
 ##	Search the content of /etc.
 ## </summary>
 ## <param name="domain">
@@ -3959,6 +4168,24 @@ interface(`files_list_usr',`
 
 ########################################
 ## <summary>
+##	Do not audit write of /usr dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`files_dontaudit_write_usr_dirs',`
+	gen_require(`
+		type usr_t;
+	')
+
+	dontaudit $1 usr_t:dir write;
+')
+
+########################################
+## <summary>
 ##	Add and remove entries from /usr directories.
 ## </summary>
 ## <param name="domain">
@@ -3977,7 +4204,8 @@ interface(`files_rw_usr_dirs',`
 
 ########################################
 ## <summary>
-##	dontaudit Add and remove entries from /usr directories.
+##	Do not audit attempts to add and remove
+##	entries from /usr directories.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -4026,7 +4254,7 @@ interface(`files_delete_usr_files',`
 		type usr_t;
 	')
 
-	allow $1 usr_t:file delete_file_perms;
+	delete_files_pattern($1, usr_t, usr_t)
 ')
 
 ########################################
@@ -5035,6 +5263,24 @@ interface(`files_dontaudit_getattr_pid_dirs',`
 
 ########################################
 ## <summary>
+##	Set the attributes of the /var/run directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_setattr_pid_dirs',`
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:dir setattr;
+')
+
+########################################
+## <summary>
 ##	Search the contents of runtime process
 ##	ID directories (/var/run).
 ## </summary>
@@ -5111,6 +5357,24 @@ interface(`files_read_generic_pids',`
 
 ########################################
 ## <summary>
+##	Write named generic process ID pipes
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_write_generic_pid_pipes',`
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:fifo_file write;
+')
+
+########################################
+## <summary>
 ##	Create an object in the process ID directory, with a private type.
 ## </summary>
 ## <desc>
@@ -5514,12 +5778,15 @@ interface(`files_polyinstantiate_all',`
 	allow $1 poly_t:dir { create mounton };
 	fs_unmount_xattr_fs($1)
 
+	fs_mount_tmpfs($1)
+	fs_unmount_tmpfs($1)
+
 	ifdef(`distro_redhat',`
 		# namespace.init
+		files_search_tmp($1)
 		files_search_home($1)
 		corecmd_exec_bin($1)
 		seutil_domtrans_setfiles($1)
-		mount_domtrans($1)
 	')
 ')
 
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 313493d..fbc22fb 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
 
-policy_module(files, 1.13.0)
+policy_module(files, 1.13.1)
 
 ########################################
 #
@@ -194,6 +194,7 @@ fs_associate(file_type)
 fs_associate_noxattr(file_type)
 fs_associate_tmpfs(file_type)
 fs_associate_ramfs(file_type)
+fs_associate_hugetlbfs(file_type)
 
 ########################################
 #