diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 57f66de..4a2865b 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1192,6 +1192,26 @@ interface(`files_relabel_config_dirs',`
 	relabel_dirs_pattern($1, configfile, configfile)
 ')
 
+########################################
+## <summary>
+##	Read config files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_read_config_files',`
+	gen_require(`
+		attribute configfile;
+	')
+
+	allow $1 configfile:dir list_dir_perms;
+	read_files_pattern($1, configfile, configfile)
+	read_lnk_files_pattern($1, configfile, configfile)
+')
+
 ###########################################
 ## <summary>
 ## 	Manage all configuration files on filesystem 
@@ -1567,6 +1587,25 @@ interface(`files_boot_filetrans',`
 
 ########################################
 ## <summary>
+##	read files in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_read_boot_files',`
+	gen_require(`
+		type boot_t;
+	')
+
+	manage_files_pattern($1, boot_t, boot_t)
+')
+
+########################################
+## <summary>
 ##	Create, read, write, and delete files
 ##	in the /boot directory.
 ## </summary>
@@ -1795,6 +1834,25 @@ interface(`files_dontaudit_list_default',`
 
 ########################################
 ## <summary>
+##	Create, read, write, and delete directories with
+##	the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_manage_default_dirs',`
+	gen_require(`
+		type default_t;
+	')
+
+	manage_dirs_pattern($1, default_t, default_t)
+')
+
+########################################
+## <summary>
 ##	Mount a filesystem on a directory with the default file type.
 ## </summary>
 ## <param name="domain">
@@ -1869,6 +1927,25 @@ interface(`files_dontaudit_read_default_files',`
 
 ########################################
 ## <summary>
+##	Create, read, write, and delete files with
+##	the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_manage_default_files',`
+	gen_require(`
+		type default_t;
+	')
+
+	manage_files_pattern($1, default_t, default_t)
+')
+
+########################################
+## <summary>
 ##	Read symbolic links with the default file type.
 ## </summary>
 ## <param name="domain">
@@ -3491,6 +3568,24 @@ interface(`files_setattr_all_tmp_dirs',`
 
 ########################################
 ## <summary>
+##	List all tmp directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_list_all_tmp',`
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	allow $1 tmpfile:dir list_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts to get the attributes
 ##	of all tmp files. 
 ## </summary>
@@ -5072,7 +5167,7 @@ interface(`files_polyinstantiate_all',`
 	selinux_compute_member($1)
 
 	# Need sys_admin capability for mounting
-	allow $1 self:capability { chown fsetid sys_admin };
+	allow $1 self:capability { chown fsetid sys_admin fowner };
 
 	# Need to give access to the directories to be polyinstantiated
 	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index e970d85..d6e85d3 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
 
-policy_module(files, 1.12.0)
+policy_module(files, 1.12.1)
 
 ########################################
 #
@@ -53,7 +53,7 @@ files_mountpoint(default_t)
 #
 # etc_t is the type of the system etc directories.
 #
-type etc_t;
+type etc_t, configfile;
 files_type(etc_t)
 # compatibility aliases for removed types:
 typealias etc_t alias automount_etc_t;