diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 5f3e71b..5a49e8c 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -9408,7 +9408,7 @@ index b876c48..27f60c6 100644
 +/nsr(/.*)?			gen_context(system_u:object_r:var_t,s0)
 +/nsr/logs(/.*)?			gen_context(system_u:object_r:var_log_t,s0)
 diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
-index f962f76..5c44da2 100644
+index f962f76..68d8f79 100644
 --- a/policy/modules/kernel/files.if
 +++ b/policy/modules/kernel/files.if
 @@ -19,6 +19,136 @@
@@ -10418,10 +10418,19 @@ index f962f76..5c44da2 100644
  ')
  
  ########################################
-@@ -3150,6 +3686,25 @@ interface(`files_getattr_isid_type_dirs',`
- 
- ########################################
- ## <summary>
+@@ -3142,10 +3678,29 @@ interface(`files_etc_filetrans_etc_runtime',`
+ #
+ interface(`files_getattr_isid_type_dirs',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
++	')
++
++	allow $1 unlabeled_t:dir getattr;
++')
++
++########################################
++## <summary>
 +##	Setattr of directories on new filesystems
 +##	that have not yet been labeled.
 +## </summary>
@@ -10433,21 +10442,63 @@ index f962f76..5c44da2 100644
 +#
 +interface(`files_setattr_isid_type_dirs',`
 +	gen_require(`
-+		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:dir getattr;
++	allow $1 unlabeled_t:dir setattr;
+ ')
+ 
+ ########################################
+@@ -3161,10 +3716,10 @@ interface(`files_getattr_isid_type_dirs',`
+ #
+ interface(`files_dontaudit_search_isid_type_dirs',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	dontaudit $1 file_t:dir search_dir_perms;
++	dontaudit $1 unlabeled_t:dir search_dir_perms;
+ ')
+ 
+ ########################################
+@@ -3180,10 +3735,10 @@ interface(`files_dontaudit_search_isid_type_dirs',`
+ #
+ interface(`files_list_isid_type_dirs',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:dir list_dir_perms;
++	allow $1 unlabeled_t:dir list_dir_perms;
+ ')
+ 
+ ########################################
+@@ -3199,10 +3754,10 @@ interface(`files_list_isid_type_dirs',`
+ #
+ interface(`files_rw_isid_type_dirs',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:dir rw_dir_perms;
++	allow $1 unlabeled_t:dir rw_dir_perms;
+ ')
+ 
+ ########################################
+@@ -3218,10 +3773,66 @@ interface(`files_rw_isid_type_dirs',`
+ #
+ interface(`files_delete_isid_type_dirs',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
 +	')
 +
-+	allow $1 file_t:dir setattr;
++	delete_dirs_pattern($1, unlabeled_t, unlabeled_t)
 +')
-+
-+########################################
-+## <summary>
- ##	Do not audit attempts to search directories on new filesystems
- ##	that have not yet been labeled.
- ## </summary>
-@@ -3223,6 +3778,62 @@ interface(`files_delete_isid_type_dirs',`
- 
- 	delete_dirs_pattern($1, file_t, file_t)
- ')
 +########################################
 +## <summary>
 +##	Execute files on new filesystems
@@ -10461,10 +10512,10 @@ index f962f76..5c44da2 100644
 +#
 +interface(`files_exec_isid_files',`
 +	gen_require(`
-+		type file_t;
++		type unlabeled_t;
 +	')
 +
-+	can_exec($1, file_t)
++	can_exec($1, unlabeled_t)
 +')
 +
 +########################################
@@ -10480,10 +10531,10 @@ index f962f76..5c44da2 100644
 +#
 +interface(`files_mounton_isid',`
 +	gen_require(`
-+		type file_t;
++		type unlabeled_t;
 +	')
 +
-+	allow $1 file_t:dir mounton;
++	allow $1 unlabeled_t:dir mounton;
 +')
 +
 +########################################
@@ -10499,18 +10550,183 @@ index f962f76..5c44da2 100644
 +#
 +interface(`files_relabelfrom_isid_type',`
 +	gen_require(`
-+		type file_t;
-+	')
-+
-+	dontaudit $1 file_t:dir_file_class_set relabelfrom;
-+')
++		type unlabeled_t;
+ 	')
+ 
+-	delete_dirs_pattern($1, file_t, file_t)
++	dontaudit $1 unlabeled_t:dir_file_class_set relabelfrom;
+ ')
  
  ########################################
- ## <summary>
-@@ -3473,6 +4084,25 @@ interface(`files_rw_isid_type_blk_files',`
+@@ -3237,10 +3848,10 @@ interface(`files_delete_isid_type_dirs',`
+ #
+ interface(`files_manage_isid_type_dirs',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:dir manage_dir_perms;
++	allow $1 unlabeled_t:dir manage_dir_perms;
+ ')
  
  ########################################
- ## <summary>
+@@ -3256,10 +3867,10 @@ interface(`files_manage_isid_type_dirs',`
+ #
+ interface(`files_mounton_isid_type_dirs',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:dir { search_dir_perms mounton };
++	allow $1 unlabeled_t:dir { search_dir_perms mounton };
+ ')
+ 
+ ########################################
+@@ -3275,10 +3886,10 @@ interface(`files_mounton_isid_type_dirs',`
+ #
+ interface(`files_read_isid_type_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:file read_file_perms;
++	allow $1 unlabeled_t:file read_file_perms;
+ ')
+ 
+ ########################################
+@@ -3294,10 +3905,10 @@ interface(`files_read_isid_type_files',`
+ #
+ interface(`files_delete_isid_type_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	delete_files_pattern($1, file_t, file_t)
++	delete_files_pattern($1, unlabeled_t, unlabeled_t)
+ ')
+ 
+ ########################################
+@@ -3313,10 +3924,10 @@ interface(`files_delete_isid_type_files',`
+ #
+ interface(`files_delete_isid_type_symlinks',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	delete_lnk_files_pattern($1, file_t, file_t)
++	delete_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
+ ')
+ 
+ ########################################
+@@ -3332,10 +3943,10 @@ interface(`files_delete_isid_type_symlinks',`
+ #
+ interface(`files_delete_isid_type_fifo_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	delete_fifo_files_pattern($1, file_t, file_t)
++	delete_fifo_files_pattern($1, unlabeled_t, unlabeled_t)
+ ')
+ 
+ ########################################
+@@ -3351,10 +3962,10 @@ interface(`files_delete_isid_type_fifo_files',`
+ #
+ interface(`files_delete_isid_type_sock_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	delete_sock_files_pattern($1, file_t, file_t)
++	delete_sock_files_pattern($1, unlabeled_t, unlabeled_t)
+ ')
+ 
+ ########################################
+@@ -3370,10 +3981,10 @@ interface(`files_delete_isid_type_sock_files',`
+ #
+ interface(`files_delete_isid_type_blk_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	delete_blk_files_pattern($1, file_t, file_t)
++	delete_blk_files_pattern($1, unlabeled_t, unlabeled_t)
+ ')
+ 
+ ########################################
+@@ -3389,10 +4000,10 @@ interface(`files_delete_isid_type_blk_files',`
+ #
+ interface(`files_dontaudit_write_isid_chr_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	dontaudit $1 file_t:chr_file write;
++	dontaudit $1 unlabeled_t:chr_file write;
+ ')
+ 
+ ########################################
+@@ -3408,10 +4019,10 @@ interface(`files_dontaudit_write_isid_chr_files',`
+ #
+ interface(`files_delete_isid_type_chr_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	delete_chr_files_pattern($1, file_t, file_t)
++	delete_chr_files_pattern($1, unlabeled_t, unlabeled_t)
+ ')
+ 
+ ########################################
+@@ -3427,10 +4038,10 @@ interface(`files_delete_isid_type_chr_files',`
+ #
+ interface(`files_manage_isid_type_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:file manage_file_perms;
++	allow $1 unlabeled_t:file manage_file_perms;
+ ')
+ 
+ ########################################
+@@ -3446,10 +4057,10 @@ interface(`files_manage_isid_type_files',`
+ #
+ interface(`files_manage_isid_type_symlinks',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:lnk_file manage_lnk_file_perms;
++	allow $1 unlabeled_t:lnk_file manage_lnk_file_perms;
+ ')
+ 
+ ########################################
+@@ -3465,10 +4076,29 @@ interface(`files_manage_isid_type_symlinks',`
+ #
+ interface(`files_rw_isid_type_blk_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
++	')
++
++	allow $1 unlabeled_t:blk_file rw_blk_file_perms;
++')
++
++########################################
++## <summary>
 +##	rw any files inherited from another process
 +##	on new filesystems that have not yet been labeled.
 +## </summary>
@@ -10522,17 +10738,40 @@ index f962f76..5c44da2 100644
 +#
 +interface(`files_rw_inherited_isid_type_files',`
 +	gen_require(`
-+		type file_t;
-+	')
-+
-+	allow $1 file_t:file rw_inherited_file_perms;
-+')
-+
-+########################################
-+## <summary>
- ##	Create, read, write, and delete block device nodes
- ##	on new filesystems that have not yet been labeled.
- ## </summary>
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:blk_file rw_blk_file_perms;
++	allow $1 unlabeled_t:file rw_inherited_file_perms;
+ ')
+ 
+ ########################################
+@@ -3484,10 +4114,10 @@ interface(`files_rw_isid_type_blk_files',`
+ #
+ interface(`files_manage_isid_type_blk_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:blk_file manage_blk_file_perms;
++	allow $1 unlabeled_t:blk_file manage_blk_file_perms;
+ ')
+ 
+ ########################################
+@@ -3503,10 +4133,10 @@ interface(`files_manage_isid_type_blk_files',`
+ #
+ interface(`files_manage_isid_type_chr_files',`
+ 	gen_require(`
+-		type file_t;
++		type unlabeled_t;
+ 	')
+ 
+-	allow $1 file_t:chr_file manage_chr_file_perms;
++	allow $1 unlabeled_t:chr_file manage_chr_file_perms;
+ ')
+ 
+ ########################################
 @@ -3814,20 +4444,38 @@ interface(`files_list_mnt',`
  
  ######################################
@@ -10939,7 +11178,7 @@ index f962f76..5c44da2 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -4482,44 +5384,134 @@ interface(`files_setattr_all_tmp_dirs',`
+@@ -4482,59 +5384,149 @@ interface(`files_setattr_all_tmp_dirs',`
  ##	</summary>
  ## </param>
  #
@@ -10989,19 +11228,23 @@ index f962f76..5c44da2 100644
  ##	<summary>
 -##	Domain not to audit.
 +##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
+ ##	</summary>
+ ## </param>
+ #
+-interface(`files_dontaudit_getattr_all_tmp_files',`
 +interface(`files_read_inherited_tmp_files',`
-+	gen_require(`
-+		attribute tmpfile;
-+	')
-+
+ 	gen_require(`
+ 		attribute tmpfile;
+ 	')
+ 
+-	dontaudit $1 tmpfile:file getattr;
 +	allow $1 tmpfile:file { append read_inherited_file_perms };
-+')
-+
-+########################################
-+## <summary>
+ ')
+ 
+ ########################################
+ ## <summary>
+-##	Allow attempts to get the attributes
+-##	of all tmp files.
 +##	Allow caller to append inherited tmp files.
 +## </summary>
 +## <param name="domain">
@@ -11084,9 +11327,24 @@ index f962f76..5c44da2 100644
 +## <param name="domain">
 +##	<summary>
 +##	Domain to not audit.
- ##	</summary>
- ## </param>
- #
++##	</summary>
++## </param>
++#
++interface(`files_dontaudit_getattr_all_tmp_files',`
++	gen_require(`
++		attribute tmpfile;
++	')
++
++	dontaudit $1 tmpfile:file getattr;
++')
++
++########################################
++## <summary>
++##	Allow attempts to get the attributes
++##	of all tmp files.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
 @@ -4579,7 +5571,7 @@ interface(`files_relabel_all_tmp_files',`
  ## </summary>
  ## <param name="domain">
@@ -11491,7 +11749,7 @@ index f962f76..5c44da2 100644
  ########################################
  ## <summary>
  ##	Do not audit attempts to search
-@@ -6025,27 +7192,46 @@ interface(`files_dontaudit_search_pids',`
+@@ -6025,21 +7192,40 @@ interface(`files_dontaudit_search_pids',`
  
  ########################################
  ## <summary>
@@ -11515,13 +11773,11 @@ index f962f76..5c44da2 100644
  	')
  
 -	allow $1 var_run_t:lnk_file read_lnk_file_perms;
--	list_dirs_pattern($1, var_t, var_run_t)
 +	dontaudit $1 pidfile:dir search_dir_perms;
- ')
- 
- ########################################
- ## <summary>
--##	Read generic process ID files.
++')
++
++########################################
++## <summary>
 +##	List the contents of the runtime process
 +##	ID directories (/var/run).
 +## </summary>
@@ -11537,15 +11793,9 @@ index f962f76..5c44da2 100644
 +	')
 +
 +	files_search_pids($1)
-+	list_dirs_pattern($1, var_t, var_run_t)
-+')
-+
-+########################################
-+## <summary>
-+##	Read generic process ID files.
- ## </summary>
- ## <param name="domain">
- ##	<summary>
+ 	list_dirs_pattern($1, var_t, var_run_t)
+ ')
+ 
 @@ -6058,7 +7244,7 @@ interface(`files_read_generic_pids',`
  		type var_t, var_run_t;
  	')
@@ -12829,7 +13079,7 @@ index f962f76..5c44da2 100644
 +	allow $1 etc_t:service status;
  ')
 diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
-index 1a03abd..0335af9 100644
+index 1a03abd..dfcd2ad 100644
 --- a/policy/modules/kernel/files.te
 +++ b/policy/modules/kernel/files.te
 @@ -5,12 +5,16 @@ policy_module(files, 1.18.1)
@@ -12849,7 +13099,7 @@ index 1a03abd..0335af9 100644
  
  # For labeling types that are to be polyinstantiated
  attribute polydir;
-@@ -48,28 +52,45 @@ attribute usercanread;
+@@ -48,47 +52,55 @@ attribute usercanread;
  #
  type boot_t;
  files_mountpoint(boot_t)
@@ -12897,15 +13147,19 @@ index 1a03abd..0335af9 100644
  files_type(etc_runtime_t)
  #Temporarily in policy until FC5 dissappears
  typealias etc_runtime_t alias firstboot_rw_t;
-@@ -81,6 +102,7 @@ typealias etc_runtime_t alias firstboot_rw_t;
- #
- type file_t;
- files_mountpoint(file_t)
-+files_base_file(file_t)
- kernel_rootfs_mountpoint(file_t)
- sid file gen_context(system_u:object_r:file_t,s0)
  
-@@ -89,6 +111,7 @@ sid file gen_context(system_u:object_r:file_t,s0)
+ #
+-# file_t is the default type of a file that has not yet been
+-# assigned an extended attribute (EA) value (when using a filesystem
+-# that supports EAs).
+-#
+-type file_t;
+-files_mountpoint(file_t)
+-kernel_rootfs_mountpoint(file_t)
+-sid file gen_context(system_u:object_r:file_t,s0)
+-
+-#
+ # home_root_t is the type for the directory where user home directories
  # are created
  #
  type home_root_t;
@@ -12913,7 +13167,7 @@ index 1a03abd..0335af9 100644
  files_mountpoint(home_root_t)
  files_poly_parent(home_root_t)
  
-@@ -96,12 +119,13 @@ files_poly_parent(home_root_t)
+@@ -96,12 +108,13 @@ files_poly_parent(home_root_t)
  # lost_found_t is the type for the lost+found directories.
  #
  type lost_found_t;
@@ -12928,7 +13182,7 @@ index 1a03abd..0335af9 100644
  files_mountpoint(mnt_t)
  
  #
-@@ -123,6 +147,7 @@ files_type(readable_t)
+@@ -123,6 +136,7 @@ files_type(readable_t)
  # root_t is the type for rootfs and the root directory.
  #
  type root_t;
@@ -12936,7 +13190,7 @@ index 1a03abd..0335af9 100644
  files_mountpoint(root_t)
  files_poly_parent(root_t)
  kernel_rootfs_mountpoint(root_t)
-@@ -133,45 +158,54 @@ genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
+@@ -133,45 +147,54 @@ genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
  #
  type src_t;
  files_mountpoint(src_t)
@@ -12991,7 +13245,7 @@ index 1a03abd..0335af9 100644
  files_lock_file(var_lock_t)
  files_mountpoint(var_lock_t)
  
-@@ -180,6 +214,7 @@ files_mountpoint(var_lock_t)
+@@ -180,6 +203,7 @@ files_mountpoint(var_lock_t)
  # used for pid and other runtime files.
  #
  type var_run_t;
@@ -12999,7 +13253,7 @@ index 1a03abd..0335af9 100644
  files_pid_file(var_run_t)
  files_mountpoint(var_run_t)
  
-@@ -187,7 +222,9 @@ files_mountpoint(var_run_t)
+@@ -187,7 +211,9 @@ files_mountpoint(var_run_t)
  # var_spool_t is the type of /var/spool
  #
  type var_spool_t;
@@ -13009,7 +13263,7 @@ index 1a03abd..0335af9 100644
  
  ########################################
  #
-@@ -224,12 +261,13 @@ fs_associate_tmpfs(tmpfsfile)
+@@ -224,12 +250,13 @@ fs_associate_tmpfs(tmpfsfile)
  #
  
  # Create/access any file in a labeled filesystem;
@@ -15284,7 +15538,7 @@ index e100d88..2b0a5b3 100644
 +	list_dirs_pattern($1, sysctl_vm_overcommit_t, sysctl_vm_overcommit_t)
  ')
 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 8dbab4c..88cbe95 100644
+index 8dbab4c..b33d885 100644
 --- a/policy/modules/kernel/kernel.te
 +++ b/policy/modules/kernel/kernel.te
 @@ -25,6 +25,9 @@ attribute kern_unconfined;
@@ -15335,15 +15589,22 @@ index 8dbab4c..88cbe95 100644
  # /proc/sys/dev directory and files
  type sysctl_dev_t, sysctl_type;
  genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
-@@ -165,6 +178,7 @@ genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
+@@ -165,6 +178,14 @@ genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
  type unlabeled_t;
  fs_associate(unlabeled_t)
  sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
 +allow unlabeled_t self:filesystem associate;
++
++# Need the following because we are type alias of file_t.
++files_mountpoint(unlabeled_t)
++files_base_file(unlabeled_t)
++kernel_rootfs_mountpoint(unlabeled_t)
++sid file gen_context(system_u:object_r:unlabeled_t,s0)
++typealias unlabeled_t alias file_t;
  
  # These initial sids are no longer used, and can be removed:
  sid any_socket		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-@@ -189,6 +203,7 @@ sid tcp_socket		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
+@@ -189,6 +210,7 @@ sid tcp_socket		gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
  # kernel local policy
  #
  
@@ -15351,7 +15612,7 @@ index 8dbab4c..88cbe95 100644
  allow kernel_t self:capability ~sys_module;
  allow kernel_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow kernel_t self:shm create_shm_perms;
-@@ -233,7 +248,6 @@ allow unlabeled_t unlabeled_t:packet { forward_in forward_out };
+@@ -233,7 +255,6 @@ allow unlabeled_t unlabeled_t:packet { forward_in forward_out };
  corenet_in_generic_if(unlabeled_t)
  corenet_in_generic_node(unlabeled_t)
  
@@ -15359,7 +15620,7 @@ index 8dbab4c..88cbe95 100644
  corenet_all_recvfrom_netlabel(kernel_t)
  # Kernel-generated traffic e.g., ICMP replies:
  corenet_raw_sendrecv_all_if(kernel_t)
-@@ -244,17 +258,21 @@ corenet_tcp_sendrecv_all_if(kernel_t)
+@@ -244,17 +265,21 @@ corenet_tcp_sendrecv_all_if(kernel_t)
  corenet_tcp_sendrecv_all_nodes(kernel_t)
  corenet_raw_send_generic_node(kernel_t)
  corenet_send_all_packets(kernel_t)
@@ -15385,7 +15646,7 @@ index 8dbab4c..88cbe95 100644
  
  # Mount root file system. Used when loading a policy
  # from initrd, then mounting the root filesystem
-@@ -263,7 +281,8 @@ fs_unmount_all_fs(kernel_t)
+@@ -263,7 +288,8 @@ fs_unmount_all_fs(kernel_t)
  
  selinux_load_policy(kernel_t)
  
@@ -15395,7 +15656,7 @@ index 8dbab4c..88cbe95 100644
  
  corecmd_exec_shell(kernel_t)
  corecmd_list_bin(kernel_t)
-@@ -277,25 +296,49 @@ files_list_root(kernel_t)
+@@ -277,25 +303,49 @@ files_list_root(kernel_t)
  files_list_etc(kernel_t)
  files_list_home(kernel_t)
  files_read_usr_files(kernel_t)
@@ -15445,7 +15706,7 @@ index 8dbab4c..88cbe95 100644
  ')
  
  optional_policy(`
-@@ -305,6 +348,19 @@ optional_policy(`
+@@ -305,6 +355,19 @@ optional_policy(`
  
  optional_policy(`
  	logging_send_syslog_msg(kernel_t)
@@ -15465,7 +15726,7 @@ index 8dbab4c..88cbe95 100644
  ')
  
  optional_policy(`
-@@ -312,6 +368,10 @@ optional_policy(`
+@@ -312,6 +375,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -15476,7 +15737,7 @@ index 8dbab4c..88cbe95 100644
  	# nfs kernel server needs kernel UDP access. It is less risky and painful
  	# to just give it everything.
  	allow kernel_t self:tcp_socket create_stream_socket_perms;
-@@ -332,9 +392,6 @@ optional_policy(`
+@@ -332,9 +399,6 @@ optional_policy(`
  
  	sysnet_read_config(kernel_t)
  
@@ -15486,7 +15747,7 @@ index 8dbab4c..88cbe95 100644
  	rpc_udp_rw_nfs_sockets(kernel_t)
  
  	tunable_policy(`nfs_export_all_ro',`
-@@ -343,9 +400,7 @@ optional_policy(`
+@@ -343,9 +407,7 @@ optional_policy(`
  		fs_read_noxattr_fs_files(kernel_t)
  		fs_read_noxattr_fs_symlinks(kernel_t)
  
@@ -15497,7 +15758,7 @@ index 8dbab4c..88cbe95 100644
  	')
  
  	tunable_policy(`nfs_export_all_rw',`
-@@ -354,7 +409,7 @@ optional_policy(`
+@@ -354,7 +416,7 @@ optional_policy(`
  		fs_read_noxattr_fs_files(kernel_t)
  		fs_read_noxattr_fs_symlinks(kernel_t)
  
@@ -15506,7 +15767,7 @@ index 8dbab4c..88cbe95 100644
  	')
  ')
  
-@@ -367,6 +422,15 @@ optional_policy(`
+@@ -367,6 +429,15 @@ optional_policy(`
  	unconfined_domain_noaudit(kernel_t)
  ')
  
@@ -15522,7 +15783,7 @@ index 8dbab4c..88cbe95 100644
  ########################################
  #
  # Unlabeled process local policy
-@@ -409,4 +473,26 @@ allow kern_unconfined unlabeled_t:dir_file_class_set *;
+@@ -409,4 +480,26 @@ allow kern_unconfined unlabeled_t:dir_file_class_set *;
  allow kern_unconfined unlabeled_t:filesystem *;
  allow kern_unconfined unlabeled_t:association *;
  allow kern_unconfined unlabeled_t:packet *;
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index cf9c3c2..107f50a 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -71040,7 +71040,7 @@ index 951db7f..c0cabe8 100644
 +    files_etc_filetrans($1, mdadm_conf_t, file, "mdadm.conf")
  ')
 diff --git a/raid.te b/raid.te
-index c99753f..5e27523 100644
+index c99753f..2eb5455 100644
 --- a/raid.te
 +++ b/raid.te
 @@ -15,6 +15,15 @@ role mdadm_roles types mdadm_t;
@@ -71059,7 +71059,7 @@ index c99753f..5e27523 100644
  type mdadm_var_run_t alias mdadm_map_t;
  files_pid_file(mdadm_var_run_t)
  dev_associate(mdadm_var_run_t)
-@@ -25,23 +34,34 @@ dev_associate(mdadm_var_run_t)
+@@ -25,44 +34,64 @@ dev_associate(mdadm_var_run_t)
  #
  
  allow mdadm_t self:capability { dac_override sys_admin ipc_lock };
@@ -71098,10 +71098,12 @@ index c99753f..5e27523 100644
  
  corecmd_exec_bin(mdadm_t)
  corecmd_exec_shell(mdadm_t)
-@@ -49,20 +69,29 @@ corecmd_exec_shell(mdadm_t)
+ 
  dev_rw_sysfs(mdadm_t)
- dev_dontaudit_getattr_all_blk_files(mdadm_t)
- dev_dontaudit_getattr_all_chr_files(mdadm_t)
+-dev_dontaudit_getattr_all_blk_files(mdadm_t)
+-dev_dontaudit_getattr_all_chr_files(mdadm_t)
++dev_dontaudit_read_all_blk_files(mdadm_t)
++dev_dontaudit_read_all_chr_files(mdadm_t)
 +dev_read_crash(mdadm_t)
 +dev_read_framebuffer(mdadm_t)
  dev_read_realtime_clock(mdadm_t)
@@ -76722,7 +76724,7 @@ index 0bf13c2..d59aef7 100644
  		type nfsd_initrc_exec_t, rpcd_initrc_exec_t, exports_t;
  		type var_lib_nfs_t, rpcd_var_run_t, gssd_tmp_t;
 diff --git a/rpc.te b/rpc.te
-index 2da9fca..11e7bfe 100644
+index 2da9fca..2497a03 100644
 --- a/rpc.te
 +++ b/rpc.te
 @@ -6,22 +6,20 @@ policy_module(rpc, 1.15.1)
@@ -77028,7 +77030,7 @@ index 2da9fca..11e7bfe 100644
  miscfiles_read_generic_certs(gssd_t)
  
  userdom_signal_all_users(gssd_t)
-+userdom_read_all_users_keys(gssd_t)
++userdom_manage_all_users_keys(gssd_t)
  
 -tunable_policy(`allow_gssd_read_tmp',`
 +tunable_policy(`gssd_read_tmp',`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index bc8d8e5..bc5e146 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -576,7 +576,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
-* Mon Jan 9 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-12
+* Mon Jan 13 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-13
+- Remove file_t from the system and realias it with unlabeled_t
+
+* Thu Jan 9 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-12
 - Add gluster fixes
 - Remove ability to transition to unconfined_t from confined domains
 - Additional allow rules to get libvirt-lxc containers working with docker