diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index dcd7c99..e04a90c 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -39874,7 +39874,7 @@ index b50c5fe..9eacd9b 100644
 +/var/webmin(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
 +
 diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 4e94884..e82be7a 100644
+index 4e94884..7b39545 100644
 --- a/policy/modules/system/logging.if
 +++ b/policy/modules/system/logging.if
 @@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
@@ -39970,18 +39970,11 @@ index 4e94884..e82be7a 100644
  	gen_require(`
 -		type syslogd_t, devlog_t;
 +		attribute syslog_client_type;
- 	')
- 
--	allow $1 devlog_t:lnk_file read_lnk_file_perms;
--	allow $1 devlog_t:sock_file write_sock_file_perms;
++	')
++
 +	typeattribute $1 syslog_client_type;
 +')
- 
--	# the type of socket depends on the syslog daemon
--	allow $1 syslogd_t:unix_dgram_socket sendto;
--	allow $1 syslogd_t:unix_stream_socket connectto;
--	allow $1 self:unix_dgram_socket create_socket_perms;
--	allow $1 self:unix_stream_socket create_socket_perms;
++
 +########################################
 +## <summary>
 +##	Connect to the syslog control unix stream socket.
@@ -39996,11 +39989,7 @@ index 4e94884..e82be7a 100644
 +	gen_require(`
 +		type devlog_t;
 +	')
- 
--	# If syslog is down, the glibc syslog() function
--	# will write to the console.
--	term_write_console($1)
--	term_dontaudit_read_console($1)
++
 +	allow $1 devlog_t:lnk_file manage_lnk_file_perms;
 +    allow $1 devlog_t:sock_file manage_sock_file_perms;
 +	dev_filetrans($1, devlog_t, lnk_file, "log")
@@ -40021,12 +40010,19 @@ index 4e94884..e82be7a 100644
 +interface(`logging_relabel_devlog_dev',`
 +	gen_require(`
 +		type devlog_t;
-+	')
-+
+ 	')
+ 
+-	allow $1 devlog_t:lnk_file read_lnk_file_perms;
+-	allow $1 devlog_t:sock_file write_sock_file_perms;
 +	allow $1 devlog_t:sock_file relabel_sock_file_perms;
 +	allow $1 devlog_t:lnk_file relabelto_lnk_file_perms;
 +')
-+
+ 
+-	# the type of socket depends on the syslog daemon
+-	allow $1 syslogd_t:unix_dgram_socket sendto;
+-	allow $1 syslogd_t:unix_stream_socket connectto;
+-	allow $1 self:unix_dgram_socket create_socket_perms;
+-	allow $1 self:unix_stream_socket create_socket_perms;
 +########################################
 +## <summary>
 +##	Allow domain to read the syslog pid files.
@@ -40041,7 +40037,11 @@ index 4e94884..e82be7a 100644
 +	gen_require(`
 +		type syslogd_var_run_t;
 +	')
-+
+ 
+-	# If syslog is down, the glibc syslog() function
+-	# will write to the console.
+-	term_write_console($1)
+-	term_dontaudit_read_console($1)
 +    read_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
 +    list_dirs_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
 +')
@@ -40388,7 +40388,7 @@ index 4e94884..e82be7a 100644
  
  	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
  	domain_system_change_exemption($1)
-@@ -1085,3 +1443,107 @@ interface(`logging_admin',`
+@@ -1085,3 +1443,110 @@ interface(`logging_admin',`
  	logging_admin_audit($1, $2)
  	logging_admin_syslog($1, $2)
  ')
@@ -40496,7 +40496,9 @@ index 4e94884..e82be7a 100644
 +	')
 +
 +	allow $1 syslogd_var_run_t:file map;
-\ No newline at end of file
++
++')
++
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
 index 59b04c1..2ad89c5 100644
 --- a/policy/modules/system/logging.te
@@ -56368,10 +56370,10 @@ index f4ac38d..1589d60 100644
 +	ssh_signal(confined_admindomain)
 +')
 diff --git a/policy/policy_capabilities b/policy/policy_capabilities
-index db3cbca..e677b81 100644
+index db3cbca..710bd7c 100644
 --- a/policy/policy_capabilities
 +++ b/policy/policy_capabilities
-@@ -31,3 +31,12 @@ policycap network_peer_controls;
+@@ -31,3 +31,14 @@ policycap network_peer_controls;
  # blk_file: open
  #
  policycap open_perms;
@@ -56384,7 +56386,8 @@ index db3cbca..e677b81 100644
 +# process2: nnp_transition, nosuid_transition
 +#
 +#policycap nnp_nosuid_transition;
-\ No newline at end of file
++
++
 diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
 index e79d545..101086d 100644
 --- a/policy/support/misc_patterns.spt
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index c14c291..1dd75a9 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -23432,7 +23432,7 @@ index 62d22cb..01f6380 100644
 +
  ')
 diff --git a/dbus.te b/dbus.te
-index c9998c8..b3f7ab2 100644
+index c9998c8..b697f66 100644
 --- a/dbus.te
 +++ b/dbus.te
 @@ -4,17 +4,15 @@ gen_require(`
@@ -23559,7 +23559,7 @@ index c9998c8..b3f7ab2 100644
  mls_fd_use_all_levels(system_dbusd_t)
  mls_rangetrans_target(system_dbusd_t)
  mls_file_read_all_levels(system_dbusd_t)
-@@ -123,66 +124,174 @@ term_dontaudit_use_console(system_dbusd_t)
+@@ -123,66 +124,175 @@ term_dontaudit_use_console(system_dbusd_t)
  auth_use_nsswitch(system_dbusd_t)
  auth_read_pam_console_data(system_dbusd_t)
  
@@ -23743,12 +23743,13 @@ index c9998c8..b3f7ab2 100644
  manage_files_pattern(session_bus_type, session_dbusd_tmp_t, session_dbusd_tmp_t)
 -files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { dir file })
 +files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { file dir })
++userdom_user_tmp_filetrans(session_bus_type, sessions_dbusd_tmp_t, { file dir })
  
 -kernel_read_system_state(session_bus_type)
  kernel_read_kernel_sysctls(session_bus_type)
  
  corecmd_list_bin(session_bus_type)
-@@ -191,23 +300,18 @@ corecmd_read_bin_files(session_bus_type)
+@@ -191,23 +301,18 @@ corecmd_read_bin_files(session_bus_type)
  corecmd_read_bin_pipes(session_bus_type)
  corecmd_read_bin_sockets(session_bus_type)
  
@@ -23773,7 +23774,7 @@ index c9998c8..b3f7ab2 100644
  files_dontaudit_search_var(session_bus_type)
  
  fs_getattr_romfs(session_bus_type)
-@@ -215,7 +319,6 @@ fs_getattr_xattr_fs(session_bus_type)
+@@ -215,7 +320,6 @@ fs_getattr_xattr_fs(session_bus_type)
  fs_list_inotifyfs(session_bus_type)
  fs_dontaudit_list_nfs(session_bus_type)
  
@@ -23781,7 +23782,7 @@ index c9998c8..b3f7ab2 100644
  selinux_validate_context(session_bus_type)
  selinux_compute_access_vector(session_bus_type)
  selinux_compute_create_context(session_bus_type)
-@@ -225,18 +328,36 @@ selinux_compute_user_contexts(session_bus_type)
+@@ -225,18 +329,36 @@ selinux_compute_user_contexts(session_bus_type)
  auth_read_pam_console_data(session_bus_type)
  
  logging_send_audit_msgs(session_bus_type)
@@ -23823,7 +23824,7 @@ index c9998c8..b3f7ab2 100644
  ')
  
  ########################################
-@@ -244,5 +365,9 @@ optional_policy(`
+@@ -244,5 +366,9 @@ optional_policy(`
  # Unconfined access to this module
  #