diff --git a/docker-selinux.tgz b/docker-selinux.tgz
index 43d010f..6d06b4c 100644
Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index aaade96..35a266a 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -27728,10 +27728,10 @@ index 0306134..bb5f3dd 100644
+ ')
+')
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
-index 76d9f66..5c271ce 100644
+index 76d9f66..7528851 100644
--- a/policy/modules/services/ssh.fc
+++ b/policy/modules/services/ssh.fc
-@@ -1,16 +1,41 @@
+@@ -1,16 +1,42 @@
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.ansible/cp/.* -s gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
@@ -27765,6 +27765,7 @@ index 76d9f66..5c271ce 100644
+/usr/libexec/nm-ssh-service -- gen_context(system_u:object_r:ssh_exec_t,s0)
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
++/usr/libexec/openssh/sshd-keygen -- gen_context(system_u:object_r:sshd_keygen_exec_t,s0)
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
+/usr/sbin/sshd-keygen -- gen_context(system_u:object_r:sshd_keygen_exec_t,s0)
@@ -36657,7 +36658,7 @@ index 79a45f6..e69fa39 100644
+ allow $1 init_var_lib_t:dir search_dir_perms;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index 17eda24..1522b3c 100644
+index 17eda24..09abd53 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -11,10 +11,31 @@ gen_require(`
@@ -36882,9 +36883,12 @@ index 17eda24..1522b3c 100644
# file descriptors inherited from the rootfs:
files_dontaudit_rw_root_files(init_t)
files_dontaudit_rw_root_chr_files(init_t)
-@@ -156,28 +257,64 @@ fs_list_inotifyfs(init_t)
+@@ -155,29 +256,67 @@ fs_list_inotifyfs(init_t)
+ # cjp: this may be related to /dev/log
fs_write_ramfs_sockets(init_t)
++fs_read_efivarfs_files(init_t)
++
mcs_process_set_categories(init_t)
-mcs_killall(init_t)
@@ -36952,7 +36956,7 @@ index 17eda24..1522b3c 100644
ifdef(`distro_gentoo',`
allow init_t self:process { getcap setcap };
-@@ -186,29 +323,252 @@ ifdef(`distro_gentoo',`
+@@ -186,29 +325,252 @@ ifdef(`distro_gentoo',`
')
ifdef(`distro_redhat',`
@@ -37214,7 +37218,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -216,7 +576,30 @@ optional_policy(`
+@@ -216,7 +578,30 @@ optional_policy(`
')
optional_policy(`
@@ -37246,7 +37250,7 @@ index 17eda24..1522b3c 100644
')
########################################
-@@ -225,9 +608,9 @@ optional_policy(`
+@@ -225,9 +610,9 @@ optional_policy(`
#
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -37258,7 +37262,7 @@ index 17eda24..1522b3c 100644
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
-@@ -258,12 +641,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
+@@ -258,12 +643,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
allow initrc_t initrc_var_run_t:file manage_file_perms;
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
@@ -37275,7 +37279,7 @@ index 17eda24..1522b3c 100644
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
-@@ -279,23 +666,36 @@ kernel_change_ring_buffer_level(initrc_t)
+@@ -279,23 +668,36 @@ kernel_change_ring_buffer_level(initrc_t)
kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t)
kernel_read_all_sysctls(initrc_t)
@@ -37318,7 +37322,7 @@ index 17eda24..1522b3c 100644
corenet_tcp_sendrecv_all_ports(initrc_t)
corenet_udp_sendrecv_all_ports(initrc_t)
corenet_tcp_connect_all_ports(initrc_t)
-@@ -303,9 +703,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
+@@ -303,9 +705,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
dev_read_rand(initrc_t)
dev_read_urand(initrc_t)
@@ -37330,7 +37334,7 @@ index 17eda24..1522b3c 100644
dev_rw_sysfs(initrc_t)
dev_list_usbfs(initrc_t)
dev_read_framebuffer(initrc_t)
-@@ -313,8 +715,10 @@ dev_write_framebuffer(initrc_t)
+@@ -313,8 +717,10 @@ dev_write_framebuffer(initrc_t)
dev_read_realtime_clock(initrc_t)
dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t)
@@ -37341,7 +37345,7 @@ index 17eda24..1522b3c 100644
dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t)
-@@ -322,8 +726,7 @@ dev_manage_generic_files(initrc_t)
+@@ -322,8 +728,7 @@ dev_manage_generic_files(initrc_t)
dev_delete_generic_symlinks(initrc_t)
dev_getattr_all_blk_files(initrc_t)
dev_getattr_all_chr_files(initrc_t)
@@ -37351,7 +37355,7 @@ index 17eda24..1522b3c 100644
domain_kill_all_domains(initrc_t)
domain_signal_all_domains(initrc_t)
-@@ -332,7 +735,6 @@ domain_sigstop_all_domains(initrc_t)
+@@ -332,7 +737,6 @@ domain_sigstop_all_domains(initrc_t)
domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t)
@@ -37359,7 +37363,7 @@ index 17eda24..1522b3c 100644
domain_getsession_all_domains(initrc_t)
domain_use_interactive_fds(initrc_t)
# for lsof which is used by alsa shutdown:
-@@ -340,6 +742,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
+@@ -340,6 +744,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
domain_dontaudit_getattr_all_pipes(initrc_t)
@@ -37367,7 +37371,7 @@ index 17eda24..1522b3c 100644
files_getattr_all_dirs(initrc_t)
files_getattr_all_files(initrc_t)
-@@ -347,14 +750,15 @@ files_getattr_all_symlinks(initrc_t)
+@@ -347,14 +752,15 @@ files_getattr_all_symlinks(initrc_t)
files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t)
@@ -37385,7 +37389,7 @@ index 17eda24..1522b3c 100644
files_read_usr_files(initrc_t)
files_manage_urandom_seed(initrc_t)
files_manage_generic_spool(initrc_t)
-@@ -364,8 +768,12 @@ files_list_isid_type_dirs(initrc_t)
+@@ -364,8 +770,12 @@ files_list_isid_type_dirs(initrc_t)
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -37399,7 +37403,7 @@ index 17eda24..1522b3c 100644
fs_list_inotifyfs(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
-@@ -375,10 +783,11 @@ fs_mount_all_fs(initrc_t)
+@@ -375,10 +785,11 @@ fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
@@ -37413,7 +37417,7 @@ index 17eda24..1522b3c 100644
mcs_process_set_categories(initrc_t)
mls_file_read_all_levels(initrc_t)
-@@ -387,8 +796,10 @@ mls_process_read_up(initrc_t)
+@@ -387,8 +798,10 @@ mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
@@ -37424,7 +37428,7 @@ index 17eda24..1522b3c 100644
storage_getattr_fixed_disk_dev(initrc_t)
storage_setattr_fixed_disk_dev(initrc_t)
-@@ -398,6 +809,7 @@ term_use_all_terms(initrc_t)
+@@ -398,6 +811,7 @@ term_use_all_terms(initrc_t)
term_reset_tty_labels(initrc_t)
auth_rw_login_records(initrc_t)
@@ -37432,7 +37436,7 @@ index 17eda24..1522b3c 100644
auth_setattr_login_records(initrc_t)
auth_rw_lastlog(initrc_t)
auth_read_pam_pid(initrc_t)
-@@ -416,20 +828,18 @@ logging_read_all_logs(initrc_t)
+@@ -416,20 +830,18 @@ logging_read_all_logs(initrc_t)
logging_append_all_logs(initrc_t)
logging_read_audit_config(initrc_t)
@@ -37456,7 +37460,7 @@ index 17eda24..1522b3c 100644
ifdef(`distro_debian',`
dev_setattr_generic_dirs(initrc_t)
-@@ -451,7 +861,6 @@ ifdef(`distro_gentoo',`
+@@ -451,7 +863,6 @@ ifdef(`distro_gentoo',`
allow initrc_t self:process setfscreate;
dev_create_null_dev(initrc_t)
dev_create_zero_dev(initrc_t)
@@ -37464,7 +37468,7 @@ index 17eda24..1522b3c 100644
term_create_console_dev(initrc_t)
# unfortunately /sbin/rc does stupid tricks
-@@ -486,6 +895,10 @@ ifdef(`distro_gentoo',`
+@@ -486,6 +897,10 @@ ifdef(`distro_gentoo',`
sysnet_setattr_config(initrc_t)
optional_policy(`
@@ -37475,7 +37479,7 @@ index 17eda24..1522b3c 100644
alsa_read_lib(initrc_t)
')
-@@ -506,7 +919,7 @@ ifdef(`distro_redhat',`
+@@ -506,7 +921,7 @@ ifdef(`distro_redhat',`
# Red Hat systems seem to have a stray
# fd open from the initrd
@@ -37484,7 +37488,7 @@ index 17eda24..1522b3c 100644
files_dontaudit_read_root_files(initrc_t)
# These seem to be from the initrd
-@@ -521,6 +934,7 @@ ifdef(`distro_redhat',`
+@@ -521,6 +936,7 @@ ifdef(`distro_redhat',`
files_create_boot_dirs(initrc_t)
files_create_boot_flag(initrc_t)
files_rw_boot_symlinks(initrc_t)
@@ -37492,7 +37496,7 @@ index 17eda24..1522b3c 100644
# wants to read /.fonts directory
files_read_default_files(initrc_t)
files_mountpoint(initrc_tmp_t)
-@@ -541,6 +955,7 @@ ifdef(`distro_redhat',`
+@@ -541,6 +957,7 @@ ifdef(`distro_redhat',`
miscfiles_rw_localization(initrc_t)
miscfiles_setattr_localization(initrc_t)
miscfiles_relabel_localization(initrc_t)
@@ -37500,7 +37504,7 @@ index 17eda24..1522b3c 100644
miscfiles_read_fonts(initrc_t)
miscfiles_read_hwdata(initrc_t)
-@@ -550,8 +965,44 @@ ifdef(`distro_redhat',`
+@@ -550,8 +967,44 @@ ifdef(`distro_redhat',`
')
optional_policy(`
@@ -37545,7 +37549,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -559,14 +1010,31 @@ ifdef(`distro_redhat',`
+@@ -559,14 +1012,31 @@ ifdef(`distro_redhat',`
rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t)
')
@@ -37577,7 +37581,7 @@ index 17eda24..1522b3c 100644
')
')
-@@ -577,6 +1045,39 @@ ifdef(`distro_suse',`
+@@ -577,6 +1047,39 @@ ifdef(`distro_suse',`
')
')
@@ -37617,7 +37621,7 @@ index 17eda24..1522b3c 100644
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -589,6 +1090,8 @@ optional_policy(`
+@@ -589,6 +1092,8 @@ optional_policy(`
optional_policy(`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
@@ -37626,7 +37630,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -610,6 +1113,7 @@ optional_policy(`
+@@ -610,6 +1115,7 @@ optional_policy(`
optional_policy(`
cgroup_stream_connect_cgred(initrc_t)
@@ -37634,7 +37638,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -626,6 +1130,17 @@ optional_policy(`
+@@ -626,6 +1132,17 @@ optional_policy(`
')
optional_policy(`
@@ -37652,7 +37656,7 @@ index 17eda24..1522b3c 100644
dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t)
-@@ -642,9 +1157,13 @@ optional_policy(`
+@@ -642,9 +1159,13 @@ optional_policy(`
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -37666,7 +37670,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -657,15 +1176,11 @@ optional_policy(`
+@@ -657,15 +1178,11 @@ optional_policy(`
')
optional_policy(`
@@ -37684,7 +37688,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -686,6 +1201,15 @@ optional_policy(`
+@@ -686,6 +1203,15 @@ optional_policy(`
')
optional_policy(`
@@ -37700,7 +37704,7 @@ index 17eda24..1522b3c 100644
inn_exec_config(initrc_t)
')
-@@ -726,6 +1250,7 @@ optional_policy(`
+@@ -726,6 +1252,7 @@ optional_policy(`
lpd_list_spool(initrc_t)
lpd_read_config(initrc_t)
@@ -37708,7 +37712,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -743,7 +1268,13 @@ optional_policy(`
+@@ -743,7 +1270,13 @@ optional_policy(`
')
optional_policy(`
@@ -37723,7 +37727,7 @@ index 17eda24..1522b3c 100644
mta_dontaudit_read_spool_symlinks(initrc_t)
')
-@@ -766,6 +1297,10 @@ optional_policy(`
+@@ -766,6 +1299,10 @@ optional_policy(`
')
optional_policy(`
@@ -37734,7 +37738,7 @@ index 17eda24..1522b3c 100644
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-@@ -775,10 +1310,20 @@ optional_policy(`
+@@ -775,10 +1312,20 @@ optional_policy(`
')
optional_policy(`
@@ -37755,7 +37759,7 @@ index 17eda24..1522b3c 100644
quota_manage_flags(initrc_t)
')
-@@ -787,6 +1332,10 @@ optional_policy(`
+@@ -787,6 +1334,10 @@ optional_policy(`
')
optional_policy(`
@@ -37766,7 +37770,7 @@ index 17eda24..1522b3c 100644
fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t)
-@@ -808,8 +1357,6 @@ optional_policy(`
+@@ -808,8 +1359,6 @@ optional_policy(`
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -37775,7 +37779,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -818,6 +1365,10 @@ optional_policy(`
+@@ -818,6 +1367,10 @@ optional_policy(`
')
optional_policy(`
@@ -37786,7 +37790,7 @@ index 17eda24..1522b3c 100644
# shorewall-init script run /var/lib/shorewall/firewall
shorewall_lib_domtrans(initrc_t)
')
-@@ -827,10 +1378,12 @@ optional_policy(`
+@@ -827,10 +1380,12 @@ optional_policy(`
squid_manage_logs(initrc_t)
')
@@ -37799,7 +37803,7 @@ index 17eda24..1522b3c 100644
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -857,21 +1410,62 @@ optional_policy(`
+@@ -857,21 +1412,62 @@ optional_policy(`
')
optional_policy(`
@@ -37863,7 +37867,7 @@ index 17eda24..1522b3c 100644
')
optional_policy(`
-@@ -887,6 +1481,10 @@ optional_policy(`
+@@ -887,6 +1483,10 @@ optional_policy(`
')
optional_policy(`
@@ -37874,7 +37878,7 @@ index 17eda24..1522b3c 100644
# Set device ownerships/modes.
xserver_setattr_console_pipes(initrc_t)
-@@ -897,3 +1495,218 @@ optional_policy(`
+@@ -897,3 +1497,218 @@ optional_policy(`
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -39558,7 +39562,7 @@ index 808ba93..57a68da 100644
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
+')
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
-index 54f8fa5..1584203 100644
+index 54f8fa5..544b8e3 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -32,14 +32,14 @@ files_tmp_file(ldconfig_tmp_t)
@@ -39652,10 +39656,14 @@ index 54f8fa5..1584203 100644
optional_policy(`
unconfined_dontaudit_rw_tcp_sockets(ldconfig_t)
')
-@@ -131,6 +150,14 @@ optional_policy(`
+@@ -131,6 +150,18 @@ optional_policy(`
')
optional_policy(`
++ glusterd_dontaudit_read_lib_dirs(ldconfig_t)
++')
++
++optional_policy(`
+ gnome_append_generic_cache_files(ldconfig_t)
+')
+
@@ -39667,7 +39675,7 @@ index 54f8fa5..1584203 100644
puppet_rw_tmp(ldconfig_t)
')
-@@ -141,6 +168,3 @@ optional_policy(`
+@@ -141,6 +172,3 @@ optional_policy(`
rpm_manage_script_tmp_files(ldconfig_t)
')
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 58b2d15..fc313f0 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -31640,10 +31640,10 @@ index 5cd0909..bd3c3d2 100644
+corenet_tcp_connect_glance_registry_port(glance_scrubber_t)
diff --git a/glusterd.fc b/glusterd.fc
new file mode 100644
-index 0000000..cbd6aa4
+index 0000000..52b4110
--- /dev/null
+++ b/glusterd.fc
-@@ -0,0 +1,20 @@
+@@ -0,0 +1,22 @@
+/etc/rc\.d/init\.d/gluster.* -- gen_context(system_u:object_r:glusterd_initrc_exec_t,s0)
+
+/etc/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_conf_t,s0)
@@ -31659,17 +31659,19 @@ index 0000000..cbd6aa4
+/var/lib/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_lib_t,s0)
+
+/var/log/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_log_t,s0)
++/var/log/ganesha.log -- gen_context(system_u:object_r:glusterd_log_t,s0)
+
+/var/run/gluster(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/glusterd.* -s gen_context(system_u:object_r:glusterd_var_run_t,s0)
++/var/run/ganesha.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
diff --git a/glusterd.if b/glusterd.if
new file mode 100644
-index 0000000..fc9bf19
+index 0000000..764ae00
--- /dev/null
+++ b/glusterd.if
-@@ -0,0 +1,243 @@
+@@ -0,0 +1,261 @@
+
+## policy for glusterd
+
@@ -31830,6 +31832,24 @@ index 0000000..fc9bf19
+
+######################################
+##
++## Dontaudit Read /var/lib/glusterd files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`glusterd_dontaudit_read_lib_dirs',`
++ gen_require(`
++ type glusterd_var_lib_t;
++ ')
++
++ dontaudit $1 glusterd_var_lib_t:dir list_dir_perms;
++')
++
++######################################
++##
+## Read and write /var/lib/glusterd files.
+##
+##
@@ -31915,10 +31935,10 @@ index 0000000..fc9bf19
+
diff --git a/glusterd.te b/glusterd.te
new file mode 100644
-index 0000000..afabf8c
+index 0000000..59e84ca
--- /dev/null
+++ b/glusterd.te
-@@ -0,0 +1,297 @@
+@@ -0,0 +1,295 @@
+policy_module(glusterd, 1.1.3)
+
+##
@@ -32002,10 +32022,8 @@ index 0000000..afabf8c
+allow glusterd_t glusterd_tmp_t:dir mounton;
+
+manage_dirs_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+append_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+create_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+setattr_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
-+logging_log_filetrans(glusterd_t, glusterd_log_t, dir)
++manage_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
++logging_log_filetrans(glusterd_t, glusterd_log_t, { file dir })
+
+manage_dirs_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
+manage_files_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
@@ -45368,7 +45386,7 @@ index dd8e01a..9cd6b0b 100644
##
##
diff --git a/logrotate.te b/logrotate.te
-index be0ab84..3c99496 100644
+index be0ab84..688605e 100644
--- a/logrotate.te
+++ b/logrotate.te
@@ -5,16 +5,22 @@ policy_module(logrotate, 1.15.0)
@@ -45493,7 +45511,7 @@ index be0ab84..3c99496 100644
files_manage_generic_spool(logrotate_t)
files_manage_generic_spool_dirs(logrotate_t)
files_getattr_generic_locks(logrotate_t)
-@@ -95,32 +126,52 @@ mls_process_write_to_clearance(logrotate_t)
+@@ -95,32 +126,54 @@ mls_process_write_to_clearance(logrotate_t)
selinux_get_fs_mount(logrotate_t)
selinux_get_enforce_mode(logrotate_t)
@@ -45524,6 +45542,8 @@ index be0ab84..3c99496 100644
+miscfiles_read_hwdata(logrotate_t)
-userdom_use_user_terminals(logrotate_t)
++term_dontaudit_use_unallocated_ttys(logrotate_t)
++
+userdom_use_inherited_user_terminals(logrotate_t)
userdom_list_user_home_dirs(logrotate_t)
userdom_use_unpriv_users_fds(logrotate_t)
@@ -45552,7 +45572,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -135,16 +186,17 @@ optional_policy(`
+@@ -135,16 +188,17 @@ optional_policy(`
optional_policy(`
apache_read_config(logrotate_t)
@@ -45572,7 +45592,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -170,6 +222,11 @@ optional_policy(`
+@@ -170,6 +224,11 @@ optional_policy(`
')
optional_policy(`
@@ -45584,7 +45604,7 @@ index be0ab84..3c99496 100644
fail2ban_stream_connect(logrotate_t)
')
-@@ -178,7 +235,7 @@ optional_policy(`
+@@ -178,7 +237,7 @@ optional_policy(`
')
optional_policy(`
@@ -45593,7 +45613,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -198,17 +255,18 @@ optional_policy(`
+@@ -198,17 +257,18 @@ optional_policy(`
')
optional_policy(`
@@ -45615,7 +45635,7 @@ index be0ab84..3c99496 100644
')
optional_policy(`
-@@ -216,6 +274,14 @@ optional_policy(`
+@@ -216,6 +276,14 @@ optional_policy(`
')
optional_policy(`
@@ -45630,7 +45650,7 @@ index be0ab84..3c99496 100644
samba_exec_log(logrotate_t)
')
-@@ -228,26 +294,43 @@ optional_policy(`
+@@ -228,26 +296,43 @@ optional_policy(`
')
optional_policy(`
@@ -117642,7 +117662,7 @@ index dd63de0..38ce620 100644
- admin_pattern($1, zabbix_tmpfs_t)
')
diff --git a/zabbix.te b/zabbix.te
-index 7f496c6..b23f29d 100644
+index 7f496c6..fccb7b1 100644
--- a/zabbix.te
+++ b/zabbix.te
@@ -6,27 +6,32 @@ policy_module(zabbix, 1.6.0)
@@ -117860,7 +117880,7 @@ index 7f496c6..b23f29d 100644
corenet_sendrecv_zabbix_agent_server_packets(zabbix_agent_t)
corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
-@@ -170,6 +185,26 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
+@@ -170,6 +185,30 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
corenet_tcp_connect_ssh_port(zabbix_agent_t)
corenet_tcp_sendrecv_ssh_port(zabbix_agent_t)
@@ -117880,6 +117900,10 @@ index 7f496c6..b23f29d 100644
+corenet_tcp_connect_pop_port(zabbix_agent_t)
+corenet_tcp_sendrecv_pop_port(zabbix_agent_t)
+
++corenet_sendrecv_postgresql_client_packets(zabbix_agent_t)
++corenet_tcp_connect_postgresql_port(zabbix_agent_t)
++corenet_tcp_sendrecv_postgresql_port(zabbix_agent_t)
++
+corenet_sendrecv_smtp_client_packets(zabbix_agent_t)
+corenet_tcp_connect_smtp_port(zabbix_agent_t)
+corenet_tcp_sendrecv_smtp_port(zabbix_agent_t)
@@ -117887,7 +117911,7 @@ index 7f496c6..b23f29d 100644
corenet_sendrecv_zabbix_client_packets(zabbix_agent_t)
corenet_tcp_connect_zabbix_port(zabbix_agent_t)
corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
-@@ -177,21 +212,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
+@@ -177,21 +216,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
dev_getattr_all_blk_files(zabbix_agent_t)
dev_getattr_all_chr_files(zabbix_agent_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6adb153..bdb1cab 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 189%{?dist}
+Release: 190%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -647,6 +647,12 @@ exit 0
%endif
%changelog
+* Mon May 16 2016 Lukas Vrabec 3.13.1-190
+- Label /var/log/ganesha.log as gluster_log_t Allow glusterd_t domain to create glusterd_log_t files. Label /var/run/ganesha.pid as gluster_var_run_t.
+- Allow zabbix to connect to postgresql port
+- Label /usr/libexec/openssh/sshd-keygen as sshd_keygen_exec_t. BZ(1335149)
+- Allow systemd to read efivarfs. Resolve: #121
+
* Tue May 10 2016 Lukas Vrabec 3.13.1-189
- Revert temporary fix: Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed