diff --git a/policy-systemd.patch b/policy-systemd.patch
index 19d4f4d..dc83305 100644
--- a/policy-systemd.patch
+++ b/policy-systemd.patch
@@ -1,7 +1,6 @@
-diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
-index d5892cc..68b0a8a 100644
---- a/policy/modules/kernel/devices.if
-+++ b/policy/modules/kernel/devices.if
+diff -up serefpolicy-3.10.0/policy/modules/kernel/devices.if.systemd serefpolicy-3.10.0/policy/modules/kernel/devices.if
+--- serefpolicy-3.10.0/policy/modules/kernel/devices.if.systemd	2012-01-13 11:49:49.140435334 -0500
++++ serefpolicy-3.10.0/policy/modules/kernel/devices.if	2012-01-13 11:49:49.236428320 -0500
 @@ -143,13 +143,13 @@ interface(`dev_relabel_all_dev_nodes',`
  		type device_t;
  	')
@@ -23,24 +22,19 @@ index d5892cc..68b0a8a 100644
  ')
  
  ########################################
-@@ -4201,6 +4201,32 @@ interface(`dev_read_cpu_online',`
+@@ -4201,6 +4201,27 @@ interface(`dev_read_cpu_online',`
  
  ########################################
  ## <summary>
 +##	Relabel cpu online hardware state information.
 +## </summary>
-+## <desc>
-+##	<p>
-+##	Allow the specified domain to read /sys/devices/system/cpu/online file.
-+##	</p>
-+## </desc>
 +## <param name="domain">
 +##	<summary>
 +##	Domain allowed access.
 +##	</summary>
 +## </param>
 +#
-+interface(`dev_read_cpu_online',`
++interface(`dev_relabel_cpu_online',`
 +	gen_require(`
 +		type cpu_online_t;
 +		type sysfs_t;
@@ -56,10 +50,11 @@ index d5892cc..68b0a8a 100644
  ##	Read hardware state information.
  ## </summary>
  ## <desc>
-@@ -4270,6 +4296,26 @@ interface(`dev_relabel_sysfs_dirs',`
+@@ -4269,6 +4290,26 @@ interface(`dev_relabel_sysfs_dirs',`
+ ')
  
  ########################################
- ## <summary>
++## <summary>
 +##	Relabel hardware state files
 +## </summary>
 +## <param name="domain">
@@ -79,14 +74,12 @@ index d5892cc..68b0a8a 100644
 +')
 +
 +########################################
-+## <summary>
+ ## <summary>
  ##	Allow caller to modify hardware state information.
  ## </summary>
- ## <param name="domain">
-diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index 8ea3385..cdcc621 100644
---- a/policy/modules/roles/staff.te
-+++ b/policy/modules/roles/staff.te
+diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.systemd serefpolicy-3.10.0/policy/modules/roles/staff.te
+--- serefpolicy-3.10.0/policy/modules/roles/staff.te.systemd	2012-01-13 11:49:49.147434822 -0500
++++ serefpolicy-3.10.0/policy/modules/roles/staff.te	2012-01-13 11:49:49.236428320 -0500
 @@ -70,6 +70,10 @@ optional_policy(`
  ')
  
@@ -109,10 +102,9 @@ index 8ea3385..cdcc621 100644
  		cdrecord_role(staff_r, staff_t)
  	')
  
-diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
-index 77967bd..7e0ea58 100644
---- a/policy/modules/roles/unprivuser.te
-+++ b/policy/modules/roles/unprivuser.te
+diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.systemd serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
+--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.systemd	2012-01-13 11:49:49.148434749 -0500
++++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te	2012-01-13 11:49:49.236428320 -0500
 @@ -35,6 +35,10 @@ optional_policy(`
  ')
  
@@ -124,10 +116,9 @@ index 77967bd..7e0ea58 100644
  	colord_dbus_chat(user_t)
  ')
  
-diff --git a/policy/modules/services/blueman.te b/policy/modules/services/blueman.te
-index 12ef44c..bccefc9 100644
---- a/policy/modules/services/blueman.te
-+++ b/policy/modules/services/blueman.te
+diff -up serefpolicy-3.10.0/policy/modules/services/blueman.te.systemd serefpolicy-3.10.0/policy/modules/services/blueman.te
+--- serefpolicy-3.10.0/policy/modules/services/blueman.te.systemd	2012-01-13 11:49:49.155434238 -0500
++++ serefpolicy-3.10.0/policy/modules/services/blueman.te	2012-01-13 11:49:49.236428320 -0500
 @@ -36,3 +36,7 @@ miscfiles_read_localization(blueman_t)
  optional_policy(`
  	avahi_domtrans(blueman_t)
@@ -136,10 +127,9 @@ index 12ef44c..bccefc9 100644
 +optional_policy(`
 +	gnome_search_gconf(blueman_t)
 +')
-diff --git a/policy/modules/services/entropyd.te b/policy/modules/services/entropyd.te
-index b6ac808..053caed 100644
---- a/policy/modules/services/entropyd.te
-+++ b/policy/modules/services/entropyd.te
+diff -up serefpolicy-3.10.0/policy/modules/services/entropyd.te.systemd serefpolicy-3.10.0/policy/modules/services/entropyd.te
+--- serefpolicy-3.10.0/policy/modules/services/entropyd.te.systemd	2012-01-13 11:49:49.169433214 -0500
++++ serefpolicy-3.10.0/policy/modules/services/entropyd.te	2012-01-13 11:49:49.237428247 -0500
 @@ -52,6 +52,8 @@ domain_use_interactive_fds(entropyd_t)
  
  logging_send_syslog_msg(entropyd_t)
@@ -149,11 +139,10 @@ index b6ac808..053caed 100644
  miscfiles_read_localization(entropyd_t)
  
  userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
-diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc
-index 49c15d1..246df1a 100644
---- a/policy/modules/services/virt.fc
-+++ b/policy/modules/services/virt.fc
-@@ -49,3 +49,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
+diff -up serefpolicy-3.10.0/policy/modules/services/virt.fc.systemd serefpolicy-3.10.0/policy/modules/services/virt.fc
+--- serefpolicy-3.10.0/policy/modules/services/virt.fc.systemd	2012-01-13 11:49:49.212430073 -0500
++++ serefpolicy-3.10.0/policy/modules/services/virt.fc	2012-01-13 11:49:49.237428247 -0500
+@@ -49,3 +49,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_
  
  # support for nova-stack
  /usr/bin/nova-compute       --  gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -161,10 +150,10 @@ index 49c15d1..246df1a 100644
 +/usr/bin/qemu-system-.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/bin/qemu-kvm	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/libexec/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
-diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index 170e2e0..3bdf89f 100644
---- a/policy/modules/system/logging.fc
-+++ b/policy/modules/system/logging.fc
+diff -up serefpolicy-3.10.0/policy/modules/system/init.te.systemd serefpolicy-3.10.0/policy/modules/system/init.te
+diff -up serefpolicy-3.10.0/policy/modules/system/logging.fc.systemd serefpolicy-3.10.0/policy/modules/system/logging.fc
+--- serefpolicy-3.10.0/policy/modules/system/logging.fc.systemd	2012-01-13 11:49:49.222429343 -0500
++++ serefpolicy-3.10.0/policy/modules/system/logging.fc	2012-01-13 11:49:53.281133673 -0500
 @@ -61,6 +61,7 @@ ifdef(`distro_suse', `
  /var/log/spooler[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
  /var/log/audit(/.*)?		gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
@@ -173,10 +162,9 @@ index 170e2e0..3bdf89f 100644
  
  ifndef(`distro_gentoo',`
  /var/log/audit\.log	--	gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
-diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 5684c8a..688f59a 100644
---- a/policy/modules/system/logging.te
-+++ b/policy/modules/system/logging.te
+diff -up serefpolicy-3.10.0/policy/modules/system/logging.te.systemd serefpolicy-3.10.0/policy/modules/system/logging.te
+--- serefpolicy-3.10.0/policy/modules/system/logging.te.systemd	2012-01-13 11:49:49.223429270 -0500
++++ serefpolicy-3.10.0/policy/modules/system/logging.te	2012-01-13 11:49:53.281133673 -0500
 @@ -386,7 +386,7 @@ optional_policy(`
  # chown fsetid for syslog-ng
  # sys_admin for the integrated klog of syslog-ng and metalog
@@ -186,7 +174,7 @@ index 5684c8a..688f59a 100644
  dontaudit syslogd_t self:capability sys_tty_config;
  allow syslogd_t self:capability2 syslog;
  # setpgid for metalog
-@@ -474,6 +474,7 @@ tunable_policy(`logging_syslogd_can_sendmail',`
+@@ -474,6 +474,7 @@ tunable_policy(`logging_syslogd_can_send
  dev_filetrans(syslogd_t, devlog_t, sock_file)
  dev_read_sysfs(syslogd_t)
  dev_read_rand(syslogd_t)
@@ -194,7 +182,7 @@ index 5684c8a..688f59a 100644
  # relating to systemd-kmsg-syslogd
  dev_write_kmsg(syslogd_t)
  
-@@ -497,6 +498,7 @@ mls_file_write_all_levels(syslogd_t) # Need to be able to write to /var/run/ and
+@@ -497,6 +498,7 @@ mls_file_write_all_levels(syslogd_t) # N
  term_write_console(syslogd_t)
  # Allow syslog to a terminal
  term_write_unallocated_ttys(syslogd_t)
@@ -202,10 +190,9 @@ index 5684c8a..688f59a 100644
  
  init_stream_connect(syslogd_t)
  # for sending messages to logged in users
-diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
-index 9e08125..903d3d8 100644
---- a/policy/modules/system/systemd.te
-+++ b/policy/modules/system/systemd.te
+diff -up serefpolicy-3.10.0/policy/modules/system/systemd.te.systemd serefpolicy-3.10.0/policy/modules/system/systemd.te
+--- serefpolicy-3.10.0/policy/modules/system/systemd.te.systemd	2012-01-13 11:49:49.228428904 -0500
++++ serefpolicy-3.10.0/policy/modules/system/systemd.te	2012-01-13 11:49:53.282133606 -0500
 @@ -111,6 +111,7 @@ init_dbus_chat(systemd_logind_t)
  init_dbus_chat_script(systemd_logind_t)
  init_read_script_state(systemd_logind_t)
@@ -214,7 +201,7 @@ index 9e08125..903d3d8 100644
  
  logging_send_syslog_msg(systemd_logind_t)
  
-@@ -198,6 +199,8 @@ kernel_read_network_state(systemd_tmpfiles_t)
+@@ -198,6 +199,8 @@ kernel_read_network_state(systemd_tmpfil
  files_delete_kernel_modules(systemd_tmpfiles_t)
  
  dev_write_kmsg(systemd_tmpfiles_t)
@@ -223,7 +210,7 @@ index 9e08125..903d3d8 100644
  
  domain_obj_id_change_exemption(systemd_tmpfiles_t)
  
-@@ -322,6 +325,8 @@ fs_getattr_cgroup_files(systemd_notify_t)
+@@ -322,6 +325,8 @@ fs_getattr_cgroup_files(systemd_notify_t
  
  auth_use_nsswitch(systemd_notify_t)
  
@@ -232,10 +219,9 @@ index 9e08125..903d3d8 100644
  miscfiles_read_localization(systemd_notify_t)
  
  optional_policy(`
-diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
-index 6a93c64..5ff6beb 100644
---- a/policy/modules/system/udev.te
-+++ b/policy/modules/system/udev.te
+diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.systemd serefpolicy-3.10.0/policy/modules/system/udev.te
+--- serefpolicy-3.10.0/policy/modules/system/udev.te.systemd	2012-01-13 11:49:49.228428904 -0500
++++ serefpolicy-3.10.0/policy/modules/system/udev.te	2012-01-13 11:49:53.282133606 -0500
 @@ -333,6 +333,7 @@ optional_policy(`
  	kernel_read_xen_state(udev_t)
  	xen_manage_log(udev_t)
@@ -244,10 +230,9 @@ index 6a93c64..5ff6beb 100644
  ')
  
  optional_policy(`
-diff --git a/policy/modules/system/xen.fc b/policy/modules/system/xen.fc
-index a5ed06e..f22f770 100644
---- a/policy/modules/system/xen.fc
-+++ b/policy/modules/system/xen.fc
+diff -up serefpolicy-3.10.0/policy/modules/system/xen.fc.systemd serefpolicy-3.10.0/policy/modules/system/xen.fc
+--- serefpolicy-3.10.0/policy/modules/system/xen.fc.systemd	2012-01-13 11:49:49.231428683 -0500
++++ serefpolicy-3.10.0/policy/modules/system/xen.fc	2012-01-13 11:49:53.282133606 -0500
 @@ -4,7 +4,7 @@
  /usr/sbin/evtchnd	--	gen_context(system_u:object_r:evtchnd_exec_t,s0)
  /usr/sbin/tapdisk	--	gen_context(system_u:object_r:blktap_exec_t,s0)
@@ -257,11 +242,10 @@ index a5ed06e..f22f770 100644
  
  ifdef(`distro_debian',`
  /usr/lib/xen-[^/]*/bin/xenconsoled -- gen_context(system_u:object_r:xenconsoled_exec_t,s0)
-diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
-index 5d6dbad..9ab107b 100644
---- a/policy/modules/system/xen.te
-+++ b/policy/modules/system/xen.te
-@@ -167,6 +167,10 @@ files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir })
+diff -up serefpolicy-3.10.0/policy/modules/system/xen.te.systemd serefpolicy-3.10.0/policy/modules/system/xen.te
+--- serefpolicy-3.10.0/policy/modules/system/xen.te.systemd	2012-01-13 11:49:49.231428683 -0500
++++ serefpolicy-3.10.0/policy/modules/system/xen.te	2012-01-13 11:49:53.282133606 -0500
+@@ -167,6 +167,10 @@ files_pid_filetrans(evtchnd_t, evtchnd_v
  #
  # qemu-dm local policy
  #