diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 12f8a66..6ea32b6 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -2725,7 +2725,7 @@ index 99e3903..fa68362 100644
##
##
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
-index 1d732f1..4aef39e 100644
+index 1d732f1..0dbda7d 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -26,6 +26,7 @@ type chfn_exec_t;
@@ -2883,7 +2883,7 @@ index 1d732f1..4aef39e 100644
#
-allow passwd_t self:capability { chown dac_override fsetid setuid setgid sys_nice sys_resource };
-+allow passwd_t self:capability { chown dac_override ipc_lock fsetid setuid setgid sys_nice sys_resource };
++allow passwd_t self:capability { chown dac_override ipc_lock fsetid setuid setgid sys_nice sys_resource sys_admin };
dontaudit passwd_t self:capability sys_tty_config;
allow passwd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow passwd_t self:process { setrlimit setfscreate };
@@ -17087,7 +17087,7 @@ index e100d88..f45a698 100644
+ allow $1 kernel_t:netlink_audit_socket r_netlink_socket_perms;
')
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 8dbab4c..15230be 100644
+index 8dbab4c..96d9a91 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -25,6 +25,9 @@ attribute kern_unconfined;
@@ -17242,7 +17242,7 @@ index 8dbab4c..15230be 100644
corecmd_exec_shell(kernel_t)
corecmd_list_bin(kernel_t)
-@@ -277,25 +314,49 @@ files_list_root(kernel_t)
+@@ -277,25 +314,53 @@ files_list_root(kernel_t)
files_list_etc(kernel_t)
files_list_home(kernel_t)
files_read_usr_files(kernel_t)
@@ -17271,6 +17271,10 @@ index 8dbab4c..15230be 100644
+
+optional_policy(`
++ abrt_filetrans_named_content(kernel_t)
++')
++
++optional_policy(`
+ apache_filetrans_home_content(kernel_t)
+')
+
@@ -17292,7 +17296,7 @@ index 8dbab4c..15230be 100644
')
optional_policy(`
-@@ -305,6 +366,19 @@ optional_policy(`
+@@ -305,6 +370,19 @@ optional_policy(`
optional_policy(`
logging_send_syslog_msg(kernel_t)
@@ -17312,7 +17316,7 @@ index 8dbab4c..15230be 100644
')
optional_policy(`
-@@ -312,6 +386,11 @@ optional_policy(`
+@@ -312,6 +390,11 @@ optional_policy(`
')
optional_policy(`
@@ -17324,7 +17328,7 @@ index 8dbab4c..15230be 100644
# nfs kernel server needs kernel UDP access. It is less risky and painful
# to just give it everything.
allow kernel_t self:tcp_socket create_stream_socket_perms;
-@@ -332,9 +411,6 @@ optional_policy(`
+@@ -332,9 +415,6 @@ optional_policy(`
sysnet_read_config(kernel_t)
@@ -17334,7 +17338,7 @@ index 8dbab4c..15230be 100644
rpc_udp_rw_nfs_sockets(kernel_t)
tunable_policy(`nfs_export_all_ro',`
-@@ -343,9 +419,7 @@ optional_policy(`
+@@ -343,9 +423,7 @@ optional_policy(`
fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t)
@@ -17345,7 +17349,7 @@ index 8dbab4c..15230be 100644
')
tunable_policy(`nfs_export_all_rw',`
-@@ -354,7 +428,7 @@ optional_policy(`
+@@ -354,7 +432,7 @@ optional_policy(`
fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t)
@@ -17354,7 +17358,7 @@ index 8dbab4c..15230be 100644
')
')
-@@ -367,6 +441,15 @@ optional_policy(`
+@@ -367,6 +445,15 @@ optional_policy(`
unconfined_domain_noaudit(kernel_t)
')
@@ -17370,7 +17374,7 @@ index 8dbab4c..15230be 100644
########################################
#
# Unlabeled process local policy
-@@ -409,4 +492,26 @@ allow kern_unconfined unlabeled_t:dir_file_class_set *;
+@@ -409,4 +496,26 @@ allow kern_unconfined unlabeled_t:dir_file_class_set *;
allow kern_unconfined unlabeled_t:filesystem *;
allow kern_unconfined unlabeled_t:association *;
allow kern_unconfined unlabeled_t:packet *;
@@ -34876,7 +34880,7 @@ index 4e94884..8c67cd0 100644
+ filetrans_pattern($1, syslogd_var_run_t, $2, $3, $4)
+')
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 59b04c1..df37453 100644
+index 59b04c1..9d8e11d 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -4,6 +4,21 @@ policy_module(logging, 1.20.1)
@@ -35218,13 +35222,14 @@ index 59b04c1..df37453 100644
# for sending messages to logged in users
init_read_utmp(syslogd_t)
init_dontaudit_write_utmp(syslogd_t)
-@@ -466,11 +551,11 @@ init_use_fds(syslogd_t)
+@@ -466,11 +551,12 @@ init_use_fds(syslogd_t)
# cjp: this doesnt make sense
logging_send_syslog_msg(syslogd_t)
-
-miscfiles_read_localization(syslogd_t)
+logging_manage_all_logs(syslogd_t)
++logging_set_loginuid(syslogd_t)
userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
-userdom_dontaudit_search_user_home_dirs(syslogd_t)
@@ -35233,7 +35238,7 @@ index 59b04c1..df37453 100644
ifdef(`distro_gentoo',`
# default gentoo syslog-ng config appends kernel
-@@ -497,6 +582,7 @@ optional_policy(`
+@@ -497,6 +583,7 @@ optional_policy(`
optional_policy(`
cron_manage_log_files(syslogd_t)
cron_generic_log_filetrans_log(syslogd_t, file, "cron.log")
@@ -35241,7 +35246,7 @@ index 59b04c1..df37453 100644
')
optional_policy(`
-@@ -507,15 +593,40 @@ optional_policy(`
+@@ -507,15 +594,40 @@ optional_policy(`
')
optional_policy(`
@@ -35282,7 +35287,7 @@ index 59b04c1..df37453 100644
')
optional_policy(`
-@@ -526,3 +637,26 @@ optional_policy(`
+@@ -526,3 +638,26 @@ optional_policy(`
# log to the xconsole
xserver_rw_console(syslogd_t)
')
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 07f13fa..9e4b237 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -80,7 +80,7 @@ index 1a93dc5..f2b26f5 100644
-/var/spool/abrt-retrace(/.*)? gen_context(system_u:object_r:abrt_retrace_spool_t,s0)
-/var/spool/retrace-server(/.*)? gen_context(system_u:object_r:abrt_retrace_spool_t,s0)
diff --git a/abrt.if b/abrt.if
-index 058d908..1e92177 100644
+index 058d908..158acba 100644
--- a/abrt.if
+++ b/abrt.if
@@ -1,4 +1,26 @@
@@ -537,7 +537,7 @@ index 058d908..1e92177 100644
+ type abrt_var_run_t;
+ ')
+
-+ files_tmp_filetrans($1, abrt_tmp_t, dir, "abrt")
++ files_tmp_filetrans($1, abrt_var_cache_t, dir, "abrt")
+ files_etc_filetrans($1, abrt_etc_t, dir, "abrt")
+ files_var_filetrans($1, abrt_var_cache_t, dir, "abrt")
+ files_var_filetrans($1, abrt_var_cache_t, dir, "abrt-dix")
@@ -3036,7 +3036,7 @@ index 0000000..36251b9
+')
diff --git a/antivirus.te b/antivirus.te
new file mode 100644
-index 0000000..cb58319
+index 0000000..253a684
--- /dev/null
+++ b/antivirus.te
@@ -0,0 +1,270 @@
@@ -3305,9 +3305,9 @@ index 0000000..cb58319
+
+optional_policy(`
+ spamd_stream_connect(clamd_t)
-+ spamassassin_exec(antivirus_domain)
-+ spamassassin_exec_client(antivirus_domain)
-+ spamassassin_read_lib_files(antivirus_domain)
++ spamassassin_exec(antivirus_domain)
++ spamassassin_exec_client(antivirus_domain)
++ spamassassin_read_lib_files(antivirus_domain)
+ spamassassin_read_pid_files(antivirus_domain)
+')
diff --git a/apache.fc b/apache.fc
@@ -25334,10 +25334,10 @@ index 0000000..1542da8
+
diff --git a/docker.te b/docker.te
new file mode 100644
-index 0000000..df9e6ce
+index 0000000..0a03a30
--- /dev/null
+++ b/docker.te
-@@ -0,0 +1,318 @@
+@@ -0,0 +1,325 @@
+policy_module(docker, 1.0.0)
+
+########################################
@@ -25425,6 +25425,7 @@ index 0000000..df9e6ce
+manage_files_pattern(docker_t, docker_log_t, docker_log_t)
+manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
+logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
++allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
+
+manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
+manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
@@ -25492,7 +25493,7 @@ index 0000000..df9e6ce
+corenet_udp_bind_generic_node(docker_t)
+corenet_udp_bind_all_ports(docker_t)
+
-+files_read_etc_files(docker_t)
++files_read_config_files(docker_t)
+
+fs_read_cgroup_files(docker_t)
+fs_read_tmpfs_symlinks(docker_t)
@@ -25502,6 +25503,7 @@ index 0000000..df9e6ce
+storage_raw_rw_fixed_disk(docker_t)
+
+auth_use_nsswitch(docker_t)
++auth_dontaudit_getattr_shadow(docker_t)
+
+init_read_state(docker_t)
+init_status(docker_t)
@@ -25527,6 +25529,10 @@ index 0000000..df9e6ce
+ iptables_domtrans(docker_t)
+')
+
++optional_policy(`
++ openvswitch_stream_connect(docker_t)
++')
++
+#
+# lxc rules
+#
@@ -25648,6 +25654,7 @@ index 0000000..df9e6ce
+domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
+allow docker_t spc_t:process { setsched signal_perms };
+ps_process_pattern(docker_t, spc_t)
++allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
+
+optional_policy(`
+ unconfined_domain_noaudit(spc_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1e2acc2..8c9a926 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 117%{?dist}
+Release: 118%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -602,6 +602,17 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Mar 16 2015 Lukas Vrabec 3.13.1-118
+- docker watches for content in the /etc directory
+- Merge branch 'rawhide-contrib' of github.com:selinux-policy/selinux-policy into rawhide-contrib
+- Fix abrt_filetrans_named_content() to create /var/tmp/abrt with the correct abrt_var_cache_t labeling.
+- Allow docker to communicate with openvswitch
+- Merge branch 'rawhide-contrib' of github.com:selinux-policy/selinux-policy into rawhide-contrib
+- Allow docker to relablefrom/to sockets and docker_log_t
+- Allow journald to set loginuid. BZ(1190498)
+- Add cap. sys_admin for passwd_t. BZ(1185191)
+- Allow abrt-hook-ccpp running as kernel_t to allow create /var/tmp/abrt with correct labeling.
+
* Fri Mar 09 2015 Lukas Vrabec 3.13.1-117
- Allow spamc read spamd_etc_t files. BZ(1199339).
- Allow collectd to write to smnpd_var_lib_t dirs. BZ(1199278)