diff --git a/docker-selinux.tgz b/docker-selinux.tgz
index 02bfac3..35c2662 100644
Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index b5bc472..1593fb5 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -1961,7 +1961,7 @@ index c6ca761..0c86bfd 100644
')
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
-index c44c359..5210ca5 100644
+index c44c359..ae484a0 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -7,10 +7,10 @@ policy_module(netutils, 1.12.1)
@@ -2077,7 +2077,11 @@ index c44c359..5210ca5 100644
ifdef(`hide_broken_symptoms',`
init_dontaudit_use_fds(ping_t)
-@@ -149,11 +156,25 @@ ifdef(`hide_broken_symptoms',`
+@@ -146,14 +153,29 @@ ifdef(`hide_broken_symptoms',`
+ optional_policy(`
+ nagios_dontaudit_rw_log(ping_t)
+ nagios_dontaudit_rw_pipes(ping_t)
++ nagios_dontaudit_write_pipes_nrpe(ping_t)
')
')
@@ -2103,7 +2107,7 @@ index c44c359..5210ca5 100644
pcmcia_use_cardmgr_fds(ping_t)
')
-@@ -161,6 +182,15 @@ optional_policy(`
+@@ -161,6 +183,15 @@ optional_policy(`
hotplug_use_fds(ping_t)
')
@@ -2119,7 +2123,7 @@ index c44c359..5210ca5 100644
########################################
#
# Traceroute local policy
-@@ -174,7 +204,6 @@ allow traceroute_t self:udp_socket create_socket_perms;
+@@ -174,7 +205,6 @@ allow traceroute_t self:udp_socket create_socket_perms;
kernel_read_system_state(traceroute_t)
kernel_read_network_state(traceroute_t)
@@ -2127,7 +2131,7 @@ index c44c359..5210ca5 100644
corenet_all_recvfrom_netlabel(traceroute_t)
corenet_tcp_sendrecv_generic_if(traceroute_t)
corenet_udp_sendrecv_generic_if(traceroute_t)
-@@ -198,6 +227,7 @@ fs_dontaudit_getattr_xattr_fs(traceroute_t)
+@@ -198,6 +228,7 @@ fs_dontaudit_getattr_xattr_fs(traceroute_t)
domain_use_interactive_fds(traceroute_t)
files_read_etc_files(traceroute_t)
@@ -2135,7 +2139,7 @@ index c44c359..5210ca5 100644
files_dontaudit_search_var(traceroute_t)
init_use_fds(traceroute_t)
-@@ -206,11 +236,17 @@ auth_use_nsswitch(traceroute_t)
+@@ -206,11 +237,17 @@ auth_use_nsswitch(traceroute_t)
logging_send_syslog_msg(traceroute_t)
@@ -9743,7 +9747,7 @@ index 76f285e..5cd2702 100644
+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card9")
+')
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
-index 0b1a871..8d4003a 100644
+index 0b1a871..4cef59b 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -15,11 +15,12 @@ attribute devices_unconfined_type;
@@ -9899,7 +9903,7 @@ index 0b1a871..8d4003a 100644
# Type for vmware devices.
type vmware_device_t;
-@@ -319,5 +371,6 @@ files_associate_tmp(device_node)
+@@ -319,5 +371,8 @@ files_associate_tmp(device_node)
#
allow devices_unconfined_type self:capability sys_rawio;
@@ -9908,6 +9912,8 @@ index 0b1a871..8d4003a 100644
+allow devices_unconfined_type device_node:{ blk_file lnk_file } *;
+allow devices_unconfined_type device_node:{ file chr_file } ~{ execmod entrypoint };
+allow devices_unconfined_type mtrr_device_t:file ~{ execmod entrypoint };
++dev_getattr_all(devices_unconfined_type)
++
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 6a1e4d1..26e5558 100644
--- a/policy/modules/kernel/domain.if
@@ -17882,7 +17888,7 @@ index d7c11a0..6b3331d 100644
/var/run/shm/.* <<none>>
-')
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
-index 8416beb..531dfef 100644
+index 8416beb..761fbab 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -631,6 +631,27 @@ interface(`fs_getattr_cgroup',`
@@ -19654,16 +19660,11 @@ index 8416beb..531dfef 100644
########################################
## <summary>
## Mount a NFS filesystem.
-@@ -2356,44 +3283,62 @@ interface(`fs_remount_nfs',`
- type nfs_t;
- ')
+@@ -2361,39 +3288,57 @@ interface(`fs_remount_nfs',`
-- allow $1 nfs_t:filesystem remount;
-+ allow $1 nfs_t:filesystem remount;
-+')
-+
-+########################################
-+## <summary>
+ ########################################
+ ## <summary>
+-## Unmount a NFS filesystem.
+## Unmount a NFS filesystem.
+## </summary>
+## <param name="domain">
@@ -19678,11 +19679,10 @@ index 8416beb..531dfef 100644
+ ')
+
+ allow $1 nfs_t:filesystem unmount;
- ')
-
- ########################################
- ## <summary>
--## Unmount a NFS filesystem.
++')
++
++########################################
++## <summary>
+## Get the attributes of a NFS filesystem.
## </summary>
## <param name="domain">
@@ -20153,82 +20153,48 @@ index 8416beb..531dfef 100644
## Get the attributes of a tmpfs
## filesystem.
## </summary>
-@@ -3839,39 +5047,76 @@ interface(`fs_getattr_tmpfs',`
- ## </summary>
- ## <param name="type">
- ## <summary>
--## The type of the object to be associated.
-+## The type of the object to be associated.
-+## </summary>
-+## </param>
-+#
-+interface(`fs_associate_tmpfs',`
-+ gen_require(`
-+ type tmpfs_t;
-+ ')
-+
-+ allow $1 tmpfs_t:filesystem associate;
+@@ -3866,12 +5074,49 @@ interface(`fs_relabelfrom_tmpfs',`
+ type tmpfs_t;
+ ')
+
+- allow $1 tmpfs_t:filesystem relabelfrom;
++ allow $1 tmpfs_t:filesystem relabelfrom;
+')
+
+########################################
+## <summary>
-+## Relabel from tmpfs filesystem.
++## Get the attributes of tmpfs directories.
+## </summary>
-+## <param name="type">
++## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
-+interface(`fs_relabelfrom_tmpfs',`
++interface(`fs_getattr_tmpfs_dirs',`
+ gen_require(`
+ type tmpfs_t;
+ ')
+
-+ allow $1 tmpfs_t:filesystem relabelfrom;
++ allow $1 tmpfs_t:dir getattr;
+')
+
+########################################
+## <summary>
-+## Get the attributes of tmpfs directories.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
- ## </summary>
- ## </param>
- #
--interface(`fs_associate_tmpfs',`
-+interface(`fs_getattr_tmpfs_dirs',`
- gen_require(`
- type tmpfs_t;
- ')
-
-- allow $1 tmpfs_t:filesystem associate;
-+ allow $1 tmpfs_t:dir getattr;
- ')
-
- ########################################
- ## <summary>
--## Relabel from tmpfs filesystem.
+## Do not audit attempts to get the attributes
+## of tmpfs directories.
- ## </summary>
--## <param name="type">
++## </summary>
+## <param name="domain">
- ## <summary>
--## Domain allowed access.
++## <summary>
+## Domain to not audit.
- ## </summary>
- ## </param>
- #
--interface(`fs_relabelfrom_tmpfs',`
++## </summary>
++## </param>
++#
+interface(`fs_dontaudit_getattr_tmpfs_dirs',`
- gen_require(`
- type tmpfs_t;
- ')
-
-- allow $1 tmpfs_t:filesystem relabelfrom;
++ gen_require(`
++ type tmpfs_t;
++ ')
++
+ dontaudit $1 tmpfs_t:dir getattr;
')
@@ -20658,7 +20624,7 @@ index 8416beb..531dfef 100644
## Search all directories with a filesystem type.
## </summary>
## <param name="domain">
-@@ -4912,3 +6345,63 @@ interface(`fs_unconfined',`
+@@ -4912,3 +6345,82 @@ interface(`fs_unconfined',`
typeattribute $1 filesystem_unconfined_type;
')
@@ -20722,8 +20688,27 @@ index 8416beb..531dfef 100644
+
+ read_files_pattern($1, efivarfs_t, efivarfs_t)
+')
++
++########################################
++## <summary>
++## Read and write sockets of ONLOAD file system pipes.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fs_rw_onload_sockets',`
++ gen_require(`
++ type onload_fs_t;
++ ')
++
++ rw_sock_files_pattern($1, onload_fs_t, onload_fs_t)
++')
++
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
-index e7d1738..fc52817 100644
+index e7d1738..59c1cb8 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -26,14 +26,19 @@ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
@@ -20817,7 +20802,7 @@ index e7d1738..fc52817 100644
type mvfs_t;
fs_noxattr_type(mvfs_t)
allow mvfs_t self:filesystem associate;
-@@ -118,13 +148,18 @@ genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
+@@ -118,13 +148,23 @@ genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
type nfsd_fs_t;
fs_type(nfsd_fs_t)
@@ -20828,6 +20813,11 @@ index e7d1738..fc52817 100644
+fs_type(nsfs_t)
+genfscon nsfs / gen_context(system_u:object_r:nsfs_t,s0)
+
++type onload_fs_t;
++fs_type(onload_fs_t)
++files_mountpoint(onload_fs_t)
++genfscon onloadfs / gen_context(system_u:object_r:onload_fs_t,s0)
++
type oprofilefs_t;
fs_type(oprofilefs_t)
genfscon oprofilefs / gen_context(system_u:object_r:oprofilefs_t,s0)
@@ -20837,7 +20827,7 @@ index e7d1738..fc52817 100644
fs_type(pstore_t)
files_mountpoint(pstore_t)
dev_associate_sysfs(pstore_t)
-@@ -150,17 +185,16 @@ fs_type(spufs_t)
+@@ -150,17 +190,16 @@ fs_type(spufs_t)
genfscon spufs / gen_context(system_u:object_r:spufs_t,s0)
files_mountpoint(spufs_t)
@@ -20859,7 +20849,7 @@ index e7d1738..fc52817 100644
type vmblock_t;
fs_noxattr_type(vmblock_t)
files_mountpoint(vmblock_t)
-@@ -172,6 +206,8 @@ type vxfs_t;
+@@ -172,6 +211,8 @@ type vxfs_t;
fs_noxattr_type(vxfs_t)
files_mountpoint(vxfs_t)
genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
@@ -20868,7 +20858,7 @@ index e7d1738..fc52817 100644
#
# tmpfs_t is the type for tmpfs filesystems
-@@ -182,6 +218,8 @@ fs_type(tmpfs_t)
+@@ -182,6 +223,8 @@ fs_type(tmpfs_t)
files_type(tmpfs_t)
files_mountpoint(tmpfs_t)
files_poly_parent(tmpfs_t)
@@ -20877,7 +20867,7 @@ index e7d1738..fc52817 100644
# Use a transition SID based on the allocating task SID and the
# filesystem SID to label inodes in the following filesystem types,
-@@ -261,6 +299,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
+@@ -261,6 +304,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
type removable_t;
allow removable_t noxattrfs:filesystem associate;
fs_noxattr_type(removable_t)
@@ -20886,7 +20876,7 @@ index e7d1738..fc52817 100644
files_mountpoint(removable_t)
#
-@@ -280,6 +320,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
+@@ -280,6 +325,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
@@ -20894,7 +20884,7 @@ index e7d1738..fc52817 100644
########################################
#
-@@ -301,9 +342,10 @@ fs_associate_noxattr(noxattrfs)
+@@ -301,9 +347,10 @@ fs_associate_noxattr(noxattrfs)
# Unconfined access to this module
#
@@ -22211,7 +22201,7 @@ index e100d88..1428581 100644
+')
+
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 8dbab4c..092e065 100644
+index 8dbab4c..5b93205 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -25,6 +25,9 @@ attribute kern_unconfined;
@@ -22516,7 +22506,7 @@ index 8dbab4c..092e065 100644
-allow kern_unconfined sysctl_type:{ dir file } *;
+allow kern_unconfined sysctl_type:{ file } ~entrypoint;
-+allow kern_unconfined sysctl_type:{ dir } *;
++allow kern_unconfined sysctl_type:{ dir lnk_file } *;
allow kern_unconfined kernel_t:system *;
@@ -45976,7 +45966,7 @@ index 2cea692..bf86a31 100644
+ files_pid_filetrans($1, ifconfig_var_run_t, dir, "netns")
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index a392fc4..78fa512 100644
+index a392fc4..155d5ce 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -5,6 +5,13 @@ policy_module(sysnetwork, 1.15.4)
@@ -46210,7 +46200,7 @@ index a392fc4..78fa512 100644
vmware_append_log(dhcpc_t)
')
-@@ -264,12 +313,25 @@ allow ifconfig_t self:msgq create_msgq_perms;
+@@ -264,12 +313,26 @@ allow ifconfig_t self:msgq create_msgq_perms;
allow ifconfig_t self:msg { send receive };
# Create UDP sockets, necessary when called from dhcpc
allow ifconfig_t self:udp_socket create_socket_perms;
@@ -46232,11 +46222,12 @@ index a392fc4..78fa512 100644
+create_dirs_pattern(ifconfig_t, ifconfig_var_run_t, ifconfig_var_run_t)
+files_pid_filetrans(ifconfig_t, ifconfig_var_run_t, { file dir })
+allow ifconfig_t ifconfig_var_run_t:file mounton;
++allow ifconfig_t ifconfig_var_run_t:dir mounton;
+
kernel_use_fds(ifconfig_t)
kernel_read_system_state(ifconfig_t)
kernel_read_network_state(ifconfig_t)
-@@ -279,14 +341,32 @@ kernel_rw_net_sysctls(ifconfig_t)
+@@ -279,14 +342,32 @@ kernel_rw_net_sysctls(ifconfig_t)
corenet_rw_tun_tap_dev(ifconfig_t)
@@ -46269,7 +46260,7 @@ index a392fc4..78fa512 100644
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
-@@ -299,33 +379,51 @@ term_dontaudit_use_all_ptys(ifconfig_t)
+@@ -299,33 +380,51 @@ term_dontaudit_use_all_ptys(ifconfig_t)
term_dontaudit_use_ptmx(ifconfig_t)
term_dontaudit_use_generic_ptys(ifconfig_t)
@@ -46327,7 +46318,7 @@ index a392fc4..78fa512 100644
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
')
-@@ -336,7 +434,11 @@ ifdef(`hide_broken_symptoms',`
+@@ -336,7 +435,11 @@ ifdef(`hide_broken_symptoms',`
')
optional_policy(`
@@ -46340,7 +46331,7 @@ index a392fc4..78fa512 100644
')
optional_policy(`
-@@ -350,7 +452,16 @@ optional_policy(`
+@@ -350,7 +453,16 @@ optional_policy(`
')
optional_policy(`
@@ -46358,7 +46349,7 @@ index a392fc4..78fa512 100644
')
optional_policy(`
-@@ -371,3 +482,13 @@ optional_policy(`
+@@ -371,3 +483,13 @@ optional_policy(`
xen_append_log(ifconfig_t)
xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
')
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 596ccb2..fb9b995 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -10794,7 +10794,7 @@ index 02fefaa..308616e 100644
+ ')
')
diff --git a/boinc.te b/boinc.te
-index 687d4c4..3c5a83a 100644
+index 687d4c4..f668033 100644
--- a/boinc.te
+++ b/boinc.te
@@ -12,7 +12,9 @@ policy_module(boinc, 1.1.1)
@@ -10887,7 +10887,7 @@ index 687d4c4..3c5a83a 100644
manage_dirs_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
-@@ -61,74 +101,48 @@ files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
+@@ -61,74 +101,49 @@ files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
manage_files_pattern(boinc_t, boinc_tmpfs_t, boinc_tmpfs_t)
fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t, file)
@@ -10925,6 +10925,7 @@ index 687d4c4..3c5a83a 100644
-corenet_all_recvfrom_unlabeled(boinc_t)
+dev_getattr_mouse_dev(boinc_t)
++dev_rw_dri(boinc_t)
+
+files_getattr_all_dirs(boinc_t)
+files_getattr_all_files(boinc_t)
@@ -10984,7 +10985,7 @@ index 687d4c4..3c5a83a 100644
term_getattr_all_ptys(boinc_t)
term_getattr_unallocated_ttys(boinc_t)
-@@ -137,8 +151,9 @@ init_read_utmp(boinc_t)
+@@ -137,8 +152,9 @@ init_read_utmp(boinc_t)
logging_send_syslog_msg(boinc_t)
@@ -10996,7 +10997,7 @@ index 687d4c4..3c5a83a 100644
tunable_policy(`boinc_execmem',`
allow boinc_t self:process { execstack execmem };
-@@ -148,48 +163,61 @@ optional_policy(`
+@@ -148,48 +164,61 @@ optional_policy(`
mta_send_mail(boinc_t)
')
@@ -57009,7 +57010,7 @@ index d78dfc3..40e1c77 100644
-/var/spool/nagios(/.*)? gen_context(system_u:object_r:nagios_spool_t,s0)
diff --git a/nagios.if b/nagios.if
-index 0641e97..438eeb3 100644
+index 0641e97..f3b1111 100644
--- a/nagios.if
+++ b/nagios.if
@@ -1,12 +1,13 @@
@@ -57058,12 +57059,10 @@ index 0641e97..438eeb3 100644
+
+ kernel_read_system_state(nagios_$1_plugin_t)
+
- ')
-
- ########################################
- ## <summary>
--## Do not audit attempts to read or
--## write nagios unnamed pipes.
++')
++
++########################################
++## <summary>
+## Execute the nagios unconfined plugins with
+## a domain transition.
+## </summary>
@@ -57080,10 +57079,12 @@ index 0641e97..438eeb3 100644
+ ')
+
+ domtrans_pattern($1, nagios_unconfined_plugin_exec_t, nagios_unconfined_plugin_t)
-+')
-+
-+########################################
-+## <summary>
+ ')
+
+ ########################################
+ ## <summary>
+-## Do not audit attempts to read or
+-## write nagios unnamed pipes.
+## Do not audit attempts to read or write nagios
+## unnamed pipes.
## </summary>
@@ -57160,10 +57161,11 @@ index 0641e97..438eeb3 100644
- files_search_spool($1)
allow $1 nagios_spool_t:dir search_dir_perms;
+ files_search_spool($1)
-+')
-+
-+########################################
-+## <summary>
+ ')
+
+ ########################################
+ ## <summary>
+-## Read nagios temporary files.
+## Append nagios spool files.
+## </summary>
+## <param name="domain">
@@ -57179,11 +57181,10 @@ index 0641e97..438eeb3 100644
+
+ allow $1 nagios_spool_t:file append_file_perms;
+ files_search_spool($1)
- ')
-
- ########################################
- ## <summary>
--## Read nagios temporary files.
++')
++
++########################################
++## <summary>
+## Allow the specified domain to read
+## nagios temporary files.
## </summary>
@@ -57196,11 +57197,10 @@ index 0641e97..438eeb3 100644
- files_search_tmp($1)
allow $1 nagios_tmp_t:file read_file_perms;
+ files_search_tmp($1)
- ')
-
- ########################################
- ## <summary>
--## Execute nrpe with a domain transition.
++')
++
++########################################
++## <summary>
+## Allow the specified domain to read
+## nagios temporary files.
+## </summary>
@@ -57217,16 +57217,17 @@ index 0641e97..438eeb3 100644
+
+ allow $1 nagios_tmp_t:file rw_inherited_file_perms;
+ files_search_tmp($1)
-+')
-+
-+########################################
-+## <summary>
+ ')
+
+ ########################################
+ ## <summary>
+-## Execute nrpe with a domain transition.
+## Execute the nagios NRPE with
+## a domain transition.
## </summary>
## <param name="domain">
## <summary>
-@@ -170,14 +243,13 @@ interface(`nagios_domtrans_nrpe',`
+@@ -170,14 +243,31 @@ interface(`nagios_domtrans_nrpe',`
type nrpe_t, nrpe_exec_t;
')
@@ -57234,6 +57235,24 @@ index 0641e97..438eeb3 100644
domtrans_pattern($1, nrpe_exec_t, nrpe_t)
')
++######################################
++## <summary>
++## Do not audit attempts to write nrpe daemon unnamed pipes.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`nagios_dontaudit_write_pipes_nrpe',`
++ gen_require(`
++ type nrpe_t;
++ ')
++
++ dontaudit $1 nrpe_t:fifo_file write;
++')
++
########################################
## <summary>
-## All of the rules required to
@@ -57243,7 +57262,7 @@ index 0641e97..438eeb3 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -186,44 +258,43 @@ interface(`nagios_domtrans_nrpe',`
+@@ -186,44 +276,43 @@ interface(`nagios_domtrans_nrpe',`
## </param>
## <param name="role">
## <summary>
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f12dbb0..00c614a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 193%{?dist}
+Release: 194%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -647,6 +647,15 @@ exit 0
%endif
%changelog
+* Tue Jun 07 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-194
+- Allow boinc to use dri devices. This allows use Boinc for a openCL GPU calculations. BZ(1340886)
+- Add nrpe_dontaudit_write_pipes()
+- Merge pull request #129 from rhatdan/onload
+- Add support for onloadfs
+- Merge pull request #127 from rhatdan/device-node
+- Additional access required for unconfined domains
+- Dontaudit ping attempts to write to nrpe unnamed pipes
+- Allow ifconfig_t to mounton also ifconfig_var_run_t dirs, not just files. Needed for: #ip netns add foo BZ(1340952)
* Mon May 30 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-193
- Directory Server (389-ds-base) has been updated to use systemd-ask-password. In order to function correctly we need the following added to dirsrv.te
- Update opendnssec_manage_config() interface to allow caller domain also manage opendnssec_conf_t dirs