diff --git a/policy-F14.patch b/policy-F14.patch
index 5df9114..11cdb34 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -9046,18 +9046,9 @@ index 252913b..a1bbe8f 100644
consoletype_exec(auditadm_t)
')
diff --git a/policy/modules/roles/dbadm.te b/policy/modules/roles/dbadm.te
-index 1875064..a3ddd43 100644
+index 1875064..20d9333 100644
--- a/policy/modules/roles/dbadm.te
+++ b/policy/modules/roles/dbadm.te
-@@ -21,7 +21,7 @@ gen_tunable(dbadm_read_user_files, false)
-
- role dbadm_r;
-
--userdom_base_user_template(dbadm)
-+userdom_unpriv_user_template(dbadm)
-
- ########################################
- #
@@ -58,3 +58,7 @@ optional_policy(`
optional_policy(`
postgresql_admin(dbadm_t, dbadm_r)
@@ -26171,7 +26162,7 @@ index 6f1e3c7..39c2bb3 100644
+/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
-index da2601a..8696a6e 100644
+index da2601a..6ff8f25 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -19,9 +19,10 @@
@@ -26229,15 +26220,13 @@ index da2601a..8696a6e 100644
# Client read xserver shm
allow $2 xserver_t:fd use;
-@@ -89,14 +99,19 @@ interface(`xserver_restricted_role',`
+@@ -89,14 +99,17 @@ interface(`xserver_restricted_role',`
dev_write_misc($2)
# open office is looking for the following
dev_getattr_agp_dev($2)
- dev_dontaudit_rw_dri($2)
+ tunable_policy(`user_direct_dri',`
+ dev_rw_dri($2)
-+ ',`
-+ dev_dontaudit_rw_dri($2)
+ ')
+
# GNOME checks for usb and other devices:
@@ -26251,7 +26240,7 @@ index da2601a..8696a6e 100644
xserver_xsession_entry_type($2)
xserver_dontaudit_write_log($2)
xserver_stream_connect_xdm($2)
-@@ -148,6 +163,7 @@ interface(`xserver_role',`
+@@ -148,6 +161,7 @@ interface(`xserver_role',`
allow $2 xauth_home_t:file manage_file_perms;
allow $2 xauth_home_t:file { relabelfrom relabelto };
@@ -26259,7 +26248,7 @@ index da2601a..8696a6e 100644
manage_dirs_pattern($2, user_fonts_t, user_fonts_t)
manage_files_pattern($2, user_fonts_t, user_fonts_t)
relabel_dirs_pattern($2, user_fonts_t, user_fonts_t)
-@@ -197,7 +213,7 @@ interface(`xserver_ro_session',`
+@@ -197,7 +211,7 @@ interface(`xserver_ro_session',`
allow $1 xserver_t:process signal;
# Read /tmp/.X0-lock
@@ -26268,7 +26257,7 @@ index da2601a..8696a6e 100644
# Client read xserver shm
allow $1 xserver_t:fd use;
-@@ -291,12 +307,12 @@ interface(`xserver_user_client',`
+@@ -291,12 +305,12 @@ interface(`xserver_user_client',`
allow $1 self:unix_stream_socket { connectto create_stream_socket_perms };
# Read .Xauthority file
@@ -26284,7 +26273,7 @@ index da2601a..8696a6e 100644
allow $1 xdm_tmp_t:dir search;
allow $1 xdm_tmp_t:sock_file { read write };
dontaudit $1 xdm_t:tcp_socket { read write };
-@@ -355,6 +371,12 @@ template(`xserver_common_x_domain_template',`
+@@ -355,6 +369,12 @@ template(`xserver_common_x_domain_template',`
class x_property all_x_property_perms;
class x_event all_x_event_perms;
class x_synthetic_event all_x_synthetic_event_perms;
@@ -26297,7 +26286,7 @@ index da2601a..8696a6e 100644
')
##############################
-@@ -386,6 +408,15 @@ template(`xserver_common_x_domain_template',`
+@@ -386,6 +406,15 @@ template(`xserver_common_x_domain_template',`
allow $2 xevent_t:{ x_event x_synthetic_event } receive;
# dont audit send failures
dontaudit $2 input_xevent_type:x_event send;
@@ -26313,7 +26302,7 @@ index da2601a..8696a6e 100644
')
#######################################
-@@ -476,6 +507,7 @@ template(`xserver_user_x_domain_template',`
+@@ -476,6 +505,7 @@ template(`xserver_user_x_domain_template',`
xserver_use_user_fonts($2)
xserver_read_xdm_tmp_files($2)
@@ -26321,7 +26310,7 @@ index da2601a..8696a6e 100644
# X object manager
xserver_object_types_template($1)
-@@ -545,6 +577,27 @@ interface(`xserver_domtrans_xauth',`
+@@ -545,6 +575,27 @@ interface(`xserver_domtrans_xauth',`
')
domtrans_pattern($1, xauth_exec_t, xauth_t)
@@ -26349,7 +26338,7 @@ index da2601a..8696a6e 100644
')
########################################
-@@ -598,6 +651,7 @@ interface(`xserver_read_user_xauth',`
+@@ -598,6 +649,7 @@ interface(`xserver_read_user_xauth',`
allow $1 xauth_home_t:file read_file_perms;
userdom_search_user_home_dirs($1)
@@ -26357,7 +26346,7 @@ index da2601a..8696a6e 100644
')
########################################
-@@ -725,10 +779,12 @@ interface(`xserver_dontaudit_rw_xdm_pipes',`
+@@ -725,10 +777,12 @@ interface(`xserver_dontaudit_rw_xdm_pipes',`
interface(`xserver_stream_connect_xdm',`
gen_require(`
type xdm_t, xdm_tmp_t;
@@ -26370,7 +26359,7 @@ index da2601a..8696a6e 100644
')
########################################
-@@ -805,7 +861,7 @@ interface(`xserver_read_xdm_pid',`
+@@ -805,7 +859,7 @@ interface(`xserver_read_xdm_pid',`
')
files_search_pids($1)
@@ -26379,7 +26368,7 @@ index da2601a..8696a6e 100644
')
########################################
-@@ -916,7 +972,7 @@ interface(`xserver_dontaudit_write_log',`
+@@ -916,7 +970,7 @@ interface(`xserver_dontaudit_write_log',`
type xserver_log_t;
')
@@ -26388,7 +26377,7 @@ index da2601a..8696a6e 100644
')
########################################
-@@ -963,6 +1019,44 @@ interface(`xserver_read_xkb_libs',`
+@@ -963,6 +1017,44 @@ interface(`xserver_read_xkb_libs',`
########################################
##
@@ -26433,7 +26422,7 @@ index da2601a..8696a6e 100644
## Read xdm temporary files.
##
##
-@@ -1224,9 +1318,20 @@ interface(`xserver_manage_core_devices',`
+@@ -1224,9 +1316,20 @@ interface(`xserver_manage_core_devices',`
class x_device all_x_device_perms;
class x_pointer all_x_pointer_perms;
class x_keyboard all_x_keyboard_perms;
@@ -26454,7 +26443,7 @@ index da2601a..8696a6e 100644
')
########################################
-@@ -1250,3 +1355,329 @@ interface(`xserver_unconfined',`
+@@ -1250,3 +1353,329 @@ interface(`xserver_unconfined',`
typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type;
')
@@ -29001,7 +28990,7 @@ index f6aafe7..7da8294 100644
+ allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index bd45076..a1b6d56 100644
+index bd45076..a100eb6 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -16,6 +16,27 @@ gen_require(`
@@ -29115,7 +29104,7 @@ index bd45076..a1b6d56 100644
corecmd_shell_domtrans(init_t, initrc_t)
',`
# Run the shell in the sysadm role for single-user mode.
-@@ -185,15 +216,80 @@ tunable_policy(`init_upstart',`
+@@ -185,23 +216,92 @@ tunable_policy(`init_upstart',`
sysadm_shell_domtrans(init_t)
')
@@ -29164,11 +29153,6 @@ index bd45076..a1b6d56 100644
+ init_read_script_state(init_t)
+
+ seutil_read_file_contexts(init_t)
-+
-+ optional_policy(`
-+ plymouthd_stream_connect(init_t)
-+ plymouthd_exec_plymouth(init_t)
-+ ')
+')
+
optional_policy(`
@@ -29196,7 +29180,13 @@ index bd45076..a1b6d56 100644
nscd_socket_use(init_t)
')
-@@ -202,6 +298,10 @@ optional_policy(`
+ optional_policy(`
++ plymouthd_stream_connect(init_t)
++ plymouthd_exec_plymouth(init_t)
++')
++
++optional_policy(`
+ sssd_stream_connect(init_t)
')
optional_policy(`