diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index e70cd11..51ae228 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -33773,7 +33773,7 @@ index 247958765..890e1e293 100644
/var/(db|adm)/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
/var/lib/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
-index 3efd5b669..190c29841 100644
+index 3efd5b669..a8cb6df3d 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -23,11 +23,17 @@ interface(`auth_role',`
@@ -34088,7 +34088,7 @@ index 3efd5b669..190c29841 100644
## Read the shadow passwords file (/etc/shadow)
##
##
-@@ -664,6 +777,10 @@ interface(`auth_manage_shadow',`
+@@ -664,6 +777,11 @@ interface(`auth_manage_shadow',`
allow $1 shadow_t:file manage_file_perms;
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
@@ -34096,10 +34096,11 @@ index 3efd5b669..190c29841 100644
+ files_var_filetrans($1, shadow_t, file, "shadow-")
+ files_etc_filetrans($1, shadow_t, file, "gshadow")
+ files_etc_filetrans($1, shadow_t, file, "nshadow")
++ files_etc_filetrans($1, shadow_t, file, "opasswd")
')
#######################################
-@@ -763,7 +880,50 @@ interface(`auth_rw_faillog',`
+@@ -763,7 +881,50 @@ interface(`auth_rw_faillog',`
')
logging_search_logs($1)
@@ -34151,7 +34152,7 @@ index 3efd5b669..190c29841 100644
')
#######################################
-@@ -824,9 +984,29 @@ interface(`auth_rw_lastlog',`
+@@ -824,9 +985,29 @@ interface(`auth_rw_lastlog',`
allow $1 lastlog_t:file { rw_file_perms lock setattr };
')
@@ -34182,7 +34183,7 @@ index 3efd5b669..190c29841 100644
##
##
##
-@@ -834,12 +1014,27 @@ interface(`auth_rw_lastlog',`
+@@ -834,12 +1015,27 @@ interface(`auth_rw_lastlog',`
##
##
#
@@ -34213,7 +34214,7 @@ index 3efd5b669..190c29841 100644
')
########################################
-@@ -854,15 +1049,15 @@ interface(`auth_domtrans_pam',`
+@@ -854,15 +1050,15 @@ interface(`auth_domtrans_pam',`
#
interface(`auth_signal_pam',`
gen_require(`
@@ -34232,7 +34233,7 @@ index 3efd5b669..190c29841 100644
##
##
##
-@@ -875,13 +1070,33 @@ interface(`auth_signal_pam',`
+@@ -875,13 +1071,33 @@ interface(`auth_signal_pam',`
##
##
#
@@ -34270,7 +34271,7 @@ index 3efd5b669..190c29841 100644
')
########################################
-@@ -959,9 +1174,30 @@ interface(`auth_manage_var_auth',`
+@@ -959,9 +1175,30 @@ interface(`auth_manage_var_auth',`
')
files_search_var($1)
@@ -34304,7 +34305,7 @@ index 3efd5b669..190c29841 100644
')
########################################
-@@ -1040,6 +1276,10 @@ interface(`auth_manage_pam_pid',`
+@@ -1040,6 +1277,10 @@ interface(`auth_manage_pam_pid',`
files_search_pids($1)
allow $1 pam_var_run_t:dir manage_dir_perms;
allow $1 pam_var_run_t:file manage_file_perms;
@@ -34315,7 +34316,7 @@ index 3efd5b669..190c29841 100644
')
########################################
-@@ -1176,6 +1416,7 @@ interface(`auth_manage_pam_console_data',`
+@@ -1176,6 +1417,7 @@ interface(`auth_manage_pam_console_data',`
files_search_pids($1)
manage_files_pattern($1, pam_var_console_t, pam_var_console_t)
manage_lnk_files_pattern($1, pam_var_console_t, pam_var_console_t)
@@ -34323,7 +34324,7 @@ index 3efd5b669..190c29841 100644
')
#######################################
-@@ -1576,6 +1817,25 @@ interface(`auth_setattr_login_records',`
+@@ -1576,6 +1818,25 @@ interface(`auth_setattr_login_records',`
########################################
##
@@ -34349,7 +34350,7 @@ index 3efd5b669..190c29841 100644
## Read login records files (/var/log/wtmp).
##
##
-@@ -1726,24 +1986,63 @@ interface(`auth_manage_login_records',`
+@@ -1726,24 +1987,63 @@ interface(`auth_manage_login_records',`
logging_rw_generic_log_dirs($1)
allow $1 wtmp_t:file manage_file_perms;
@@ -34417,7 +34418,7 @@ index 3efd5b669..190c29841 100644
')
########################################
-@@ -1767,11 +2066,13 @@ interface(`auth_relabel_login_records',`
+@@ -1767,11 +2067,13 @@ interface(`auth_relabel_login_records',`
##
#
interface(`auth_use_nsswitch',`
@@ -34434,7 +34435,7 @@ index 3efd5b669..190c29841 100644
')
########################################
-@@ -1805,3 +2106,298 @@ interface(`auth_unconfined',`
+@@ -1805,3 +2107,298 @@ interface(`auth_unconfined',`
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -34734,7 +34735,7 @@ index 3efd5b669..190c29841 100644
+ allow $1 login_pgm:key manage_key_perms;
+')
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
-index 09b791dcc..385cd6d79 100644
+index 09b791dcc..2d255df93 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -5,6 +5,19 @@ policy_module(authlogin, 2.5.1)
@@ -34949,12 +34950,11 @@ index 09b791dcc..385cd6d79 100644
allow updpwd_t self:process setfscreate;
allow updpwd_t self:fifo_file rw_fifo_file_perms;
allow updpwd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -341,6 +362,12 @@ kernel_read_system_state(updpwd_t)
+@@ -341,6 +362,11 @@ kernel_read_system_state(updpwd_t)
dev_read_urand(updpwd_t)
files_manage_etc_files(updpwd_t)
+auth_manage_passwd(updpwd_t)
-+auth_filetrans_named_content(updpwd_t)
+
+mls_file_read_all_levels(updpwd_t)
+mls_file_write_all_levels(updpwd_t)
@@ -34962,7 +34962,7 @@ index 09b791dcc..385cd6d79 100644
term_dontaudit_use_console(updpwd_t)
term_dontaudit_use_unallocated_ttys(updpwd_t)
-@@ -350,9 +377,7 @@ auth_use_nsswitch(updpwd_t)
+@@ -350,9 +376,7 @@ auth_use_nsswitch(updpwd_t)
logging_send_syslog_msg(updpwd_t)
@@ -34973,7 +34973,7 @@ index 09b791dcc..385cd6d79 100644
ifdef(`distro_ubuntu',`
optional_policy(`
-@@ -380,13 +405,15 @@ term_dontaudit_use_all_ttys(utempter_t)
+@@ -380,13 +404,15 @@ term_dontaudit_use_all_ttys(utempter_t)
term_dontaudit_use_all_ptys(utempter_t)
term_dontaudit_use_ptmx(utempter_t)
@@ -34990,7 +34990,7 @@ index 09b791dcc..385cd6d79 100644
# Allow utemper to write to /tmp/.xses-*
userdom_write_user_tmp_files(utempter_t)
-@@ -397,19 +424,29 @@ ifdef(`distro_ubuntu',`
+@@ -397,19 +423,29 @@ ifdef(`distro_ubuntu',`
')
optional_policy(`
@@ -35024,7 +35024,7 @@ index 09b791dcc..385cd6d79 100644
files_list_var_lib(nsswitch_domain)
# read /etc/nsswitch.conf
-@@ -417,15 +454,42 @@ files_read_etc_files(nsswitch_domain)
+@@ -417,15 +453,42 @@ files_read_etc_files(nsswitch_domain)
sysnet_dns_name_resolve(nsswitch_domain)
@@ -35069,7 +35069,7 @@ index 09b791dcc..385cd6d79 100644
ldap_stream_connect(nsswitch_domain)
')
')
-@@ -438,6 +502,7 @@ optional_policy(`
+@@ -438,6 +501,7 @@ optional_policy(`
likewise_stream_connect_lsassd(nsswitch_domain)
')
@@ -35077,7 +35077,7 @@ index 09b791dcc..385cd6d79 100644
optional_policy(`
kerberos_use(nsswitch_domain)
')
-@@ -456,10 +521,159 @@ optional_policy(`
+@@ -456,10 +520,159 @@ optional_policy(`
optional_policy(`
sssd_stream_connect(nsswitch_domain)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index cffbeb5..93a3a6c 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -23508,7 +23508,7 @@ index 62d22cb46..c0c2ed47d 100644
+ manage_dirs_pattern($1, session_dbusd_tmp_t, session_dbusd_tmp_t)
')
diff --git a/dbus.te b/dbus.te
-index c9998c80d..131d809ae 100644
+index c9998c80d..d7910970e 100644
--- a/dbus.te
+++ b/dbus.te
@@ -4,17 +4,15 @@ gen_require(`
@@ -23657,7 +23657,7 @@ index c9998c80d..131d809ae 100644
+init_domtrans_script(system_dbusd_t)
+init_rw_stream_sockets(system_dbusd_t)
+init_status(system_dbusd_t)
-+init_start_system(system_dbusd_t) # needed by dbus-broker
++init_start(system_dbusd_t) # needed by dbus-broker
logging_send_audit_msgs(system_dbusd_t)
logging_send_syslog_msg(system_dbusd_t)
@@ -43317,7 +43317,7 @@ index 000000000..bd7e7fa17
+')
diff --git a/keepalived.te b/keepalived.te
new file mode 100644
-index 000000000..7395ac19a
+index 000000000..e5b8b3bbf
--- /dev/null
+++ b/keepalived.te
@@ -0,0 +1,100 @@
@@ -43346,8 +43346,8 @@ index 000000000..7395ac19a
+# keepalived local policy
+#
+
-+allow keepalived_t self:capability { net_admin net_raw kill dac_read_search setpgid sys_ptrace };
-+allow keepalived_t self:process { signal_perms };
++allow keepalived_t self:capability { net_admin net_raw kill dac_read_search sys_ptrace };
++allow keepalived_t self:process { signal_perms setpgid };
+allow keepalived_t self:netlink_socket create_socket_perms;
+allow keepalived_t self:netlink_generic_socket create_socket_perms;
+allow keepalived_t self:netlink_netfilter_socket create_socket_perms;