diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf
index 30e127c..de78b47 100644
--- a/modules-targeted-contrib.conf
+++ b/modules-targeted-contrib.conf
@@ -2505,5 +2505,11 @@ bacula = module
#
# rhnsd policy
#
-
rhnsd = module
+
+# Layer: contrib
+# Module: gear
+#
+# gear policy
+#
+gear = module
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index f15a12c..3600861 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -26099,7 +26099,7 @@ index c6fdab7..af71c62 100644
sudo_sigchld(application_domain_type)
')
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
-index 2479587..39239cf 100644
+index 2479587..00d2700 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -1,14 +1,28 @@
@@ -26135,7 +26135,7 @@ index 2479587..39239cf 100644
/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
/sbin/unix_update -- gen_context(system_u:object_r:updpwd_exec_t,s0)
/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
-@@ -16,13 +30,24 @@ ifdef(`distro_suse', `
+@@ -16,13 +30,25 @@ ifdef(`distro_suse', `
/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
')
@@ -26147,6 +26147,7 @@ index 2479587..39239cf 100644
-/usr/sbin/validate -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
+/usr/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
+/usr/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_timestamp_exec_t,s0)
++/usr/sbin/pwhistory_helper -- gen_context(system_u:object_r:updpwd_exec_t,s0)
+/usr/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
+/usr/sbin/unix_update -- gen_context(system_u:object_r:updpwd_exec_t,s0)
+/usr/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
@@ -26162,7 +26163,7 @@ index 2479587..39239cf 100644
/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
-@@ -30,21 +55,25 @@ ifdef(`distro_gentoo', `
+@@ -30,21 +56,25 @@ ifdef(`distro_gentoo', `
/var/lib/abl(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
/var/lib/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index c33f667..8e54661 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -2311,14 +2311,17 @@ index 16d0d66..60abfd0 100644
optional_policy(`
nscd_dontaudit_search_pid(amtu_t)
diff --git a/anaconda.fc b/anaconda.fc
-index b098089..b2c4d10 100644
+index b098089..258407b 100644
--- a/anaconda.fc
+++ b/anaconda.fc
-@@ -1 +1,4 @@
+@@ -1 +1,7 @@
# No file context specifications.
+
+/usr/libexec/anaconda/anaconda-yum -- gen_context(system_u:object_r:install_exec_t,s0)
+/usr/sbin/anaconda -- gen_context(system_u:object_r:install_exec_t,s0)
++
++/usr/bin/ostree -- gen_context(system_u:object_r:install_exec_t,s0)
++/usr/bin/rpm-ostree -- gen_context(system_u:object_r:install_exec_t,s0)
diff --git a/anaconda.if b/anaconda.if
index 14a61b7..21bbf36 100644
--- a/anaconda.if
@@ -23286,10 +23289,10 @@ index 0000000..fd679a1
+/var/lib/docker/.*/config\.env gen_context(system_u:object_r:docker_share_t,s0)
diff --git a/docker.if b/docker.if
new file mode 100644
-index 0000000..4ca46bc
+index 0000000..1048292
--- /dev/null
+++ b/docker.if
-@@ -0,0 +1,325 @@
+@@ -0,0 +1,345 @@
+
+## <summary>The open-source application container engine.</summary>
+
@@ -23573,6 +23576,26 @@ index 0000000..4ca46bc
+
+########################################
+## <summary>
++## Connect to docker over a unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`docker_stream_connect',`
++ gen_require(`
++ type docker_t, docker_var_run_t;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
++')
++
++
++########################################
++## <summary>
+## All of the rules required to administrate
+## an docker environment
+## </summary>
@@ -27441,6 +27464,413 @@ index 2820368..88c98f4 100644
sysnet_read_config(gatekeeper_t)
userdom_dontaudit_use_unpriv_user_fds(gatekeeper_t)
+diff --git a/gear.fc b/gear.fc
+new file mode 100644
+index 0000000..5eabf35
+--- /dev/null
++++ b/gear.fc
+@@ -0,0 +1,7 @@
++/usr/bin/gear -- gen_context(system_u:object_r:gear_exec_t,s0)
++
++/usr/lib/systemd/system/gear.service -- gen_context(system_u:object_r:gear_unit_file_t,s0)
++
++/var/lib/containers/bin/gear -- gen_context(system_u:object_r:gear_exec_t,s0)
++
++/var/lib/gear(/.*)? gen_context(system_u:object_r:gear_var_lib_t,s0)
+diff --git a/gear.if b/gear.if
+new file mode 100644
+index 0000000..04e159f
+--- /dev/null
++++ b/gear.if
+@@ -0,0 +1,288 @@
++
++## <summary>The open-source application container engine.</summary>
++
++########################################
++## <summary>
++## Execute gear in the gear domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`gear_domtrans',`
++ gen_require(`
++ type gear_t, gear_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domtrans_pattern($1, gear_exec_t, gear_t)
++')
++
++########################################
++## <summary>
++## Search gear lib directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_search_lib',`
++ gen_require(`
++ type gear_var_lib_t;
++ ')
++
++ allow $1 gear_var_lib_t:dir search_dir_perms;
++ files_search_var_lib($1)
++')
++
++########################################
++## <summary>
++## Execute gear lib directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_exec_lib',`
++ gen_require(`
++ type gear_var_lib_t;
++ ')
++
++ allow $1 gear_var_lib_t:dir search_dir_perms;
++ can_exec($1, gear_var_lib_t)
++')
++
++########################################
++## <summary>
++## Read gear lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_read_lib_files',`
++ gen_require(`
++ type gear_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ read_files_pattern($1, gear_var_lib_t, gear_var_lib_t)
++')
++
++########################################
++## <summary>
++## Manage gear lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_manage_lib_files',`
++ gen_require(`
++ type gear_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ manage_files_pattern($1, gear_var_lib_t, gear_var_lib_t)
++ manage_lnk_files_pattern($1, gear_var_lib_t, gear_var_lib_t)
++')
++
++########################################
++## <summary>
++## Manage gear lib directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_manage_lib_dirs',`
++ gen_require(`
++ type gear_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ manage_dirs_pattern($1, gear_var_lib_t, gear_var_lib_t)
++')
++
++########################################
++## <summary>
++## Create objects in a gear var lib directory
++## with an automatic type transition to
++## a specified private type.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="private_type">
++## <summary>
++## The type of the object to create.
++## </summary>
++## </param>
++## <param name="object_class">
++## <summary>
++## The class of the object to be created.
++## </summary>
++## </param>
++## <param name="name" optional="true">
++## <summary>
++## The name of the object being created.
++## </summary>
++## </param>
++#
++interface(`gear_lib_filetrans',`
++ gen_require(`
++ type gear_var_lib_t;
++ ')
++
++ filetrans_pattern($1, gear_var_lib_t, $2, $3, $4)
++')
++
++########################################
++## <summary>
++## Read gear PID files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_read_pid_files',`
++ gen_require(`
++ type gear_var_run_t;
++ ')
++
++ files_search_pids($1)
++ read_files_pattern($1, gear_var_run_t, gear_var_run_t)
++')
++
++########################################
++## <summary>
++## Execute gear server in the gear domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`gear_systemctl',`
++ gen_require(`
++ type gear_t;
++ type gear_unit_file_t;
++ ')
++
++ systemd_exec_systemctl($1)
++ systemd_read_fifo_file_passwd_run($1)
++ allow $1 gear_unit_file_t:file read_file_perms;
++ allow $1 gear_unit_file_t:service manage_service_perms;
++
++ ps_process_pattern($1, gear_t)
++')
++
++########################################
++## <summary>
++## Read and write gear shared memory.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_rw_sem',`
++ gen_require(`
++ type gear_t;
++ ')
++
++ allow $1 gear_t:sem rw_sem_perms;
++')
++
++#######################################
++## <summary>
++## Read and write the gear pty type.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_use_ptys',`
++ gen_require(`
++ type gear_devpts_t;
++ ')
++
++ allow $1 gear_devpts_t:chr_file rw_term_perms;
++')
++
++#######################################
++## <summary>
++## Allow domain to create gear content
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_filetrans_named_content',`
++ gen_require(`
++ type gear_var_lib_t;
++ type gear_var_run_t;
++ ')
++
++ files_pid_filetrans($1, gear_var_run_t, file, "gear.pid")
++ files_var_lib_filetrans($1, gear_var_lib_t, dir, "gear")
++')
++
++########################################
++## <summary>
++## All of the rules required to administrate
++## an gear environment
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gear_admin',`
++ gen_require(`
++ type gear_t;
++ type gear_var_lib_t, gear_var_run_t;
++ type gear_unit_file_t;
++ type gear_lock_t;
++ type gear_log_t;
++ ')
++
++ allow $1 gear_t:process { ptrace signal_perms };
++ ps_process_pattern($1, gear_t)
++
++ files_search_var_lib($1)
++ admin_pattern($1, gear_var_lib_t)
++
++ files_search_pids($1)
++ admin_pattern($1, gear_var_run_t)
++
++ logging_search_logs($1)
++ admin_pattern($1, gear_log_t)
++
++ gear_systemctl($1)
++ admin_pattern($1, gear_unit_file_t)
++ allow $1 gear_unit_file_t:service all_service_perms;
++')
+diff --git a/gear.te b/gear.te
+new file mode 100644
+index 0000000..6c32f79
+--- /dev/null
++++ b/gear.te
+@@ -0,0 +1,94 @@
++policy_module(gear, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type gear_t;
++type gear_exec_t;
++init_daemon_domain(gear_t, gear_exec_t)
++
++type gear_var_lib_t;
++files_type(gear_var_lib_t)
++
++type gear_log_t;
++logging_log_file(gear_log_t)
++
++type gear_var_run_t;
++files_pid_file(gear_var_run_t)
++
++type gear_unit_file_t;
++systemd_unit_file(gear_unit_file_t)
++
++########################################
++#
++# gear local policy
++#
++allow gear_t self:process { getattr signal_perms };
++allow gear_t self:fifo_file rw_fifo_file_perms;
++allow gear_t self:unix_stream_socket create_stream_socket_perms;
++allow gear_t self:tcp_socket create_stream_socket_perms;
++
++manage_dirs_pattern(gear_t, gear_log_t, gear_log_t)
++manage_files_pattern(gear_t, gear_log_t, gear_log_t)
++manage_lnk_files_pattern(gear_t, gear_log_t, gear_log_t)
++logging_log_filetrans(gear_t, gear_log_t, { dir file lnk_file })
++
++gear_filetrans_named_content(gear_t)
++
++manage_dirs_pattern(gear_t, gear_var_lib_t, gear_var_lib_t)
++manage_chr_files_pattern(gear_t, gear_var_lib_t, gear_var_lib_t)
++manage_blk_files_pattern(gear_t, gear_var_lib_t, gear_var_lib_t)
++manage_files_pattern(gear_t, gear_var_lib_t, gear_var_lib_t)
++manage_lnk_files_pattern(gear_t, gear_var_lib_t, gear_var_lib_t)
++files_var_lib_filetrans(gear_t, gear_var_lib_t, { dir file lnk_file })
++
++manage_dirs_pattern(gear_t, gear_var_run_t, gear_var_run_t)
++manage_files_pattern(gear_t, gear_var_run_t, gear_var_run_t)
++manage_sock_files_pattern(gear_t, gear_var_run_t, gear_var_run_t)
++manage_lnk_files_pattern(gear_t, gear_var_run_t, gear_var_run_t)
++files_pid_filetrans(gear_t, gear_var_run_t, { dir file lnk_file sock_file })
++
++kernel_read_system_state(gear_t)
++kernel_read_network_state(gear_t)
++kernel_read_all_sysctls(gear_t)
++kernel_rw_net_sysctls(gear_t)
++
++domain_use_interactive_fds(gear_t)
++
++corecmd_exec_bin(gear_t)
++corecmd_exec_shell(gear_t)
++
++corenet_tcp_bind_generic_node(gear_t)
++corenet_tcp_sendrecv_generic_if(gear_t)
++corenet_tcp_sendrecv_generic_node(gear_t)
++corenet_tcp_sendrecv_generic_port(gear_t)
++corenet_tcp_bind_gear_port(gear_t)
++
++files_read_etc_files(gear_t)
++
++fs_read_cgroup_files(gear_t)
++fs_read_tmpfs_symlinks(gear_t)
++
++auth_use_nsswitch(gear_t)
++
++init_read_state(gear_t)
++init_dbus_chat(gear_t)
++
++logging_send_audit_msgs(gear_t)
++logging_send_syslog_msg(gear_t)
++
++miscfiles_read_localization(gear_t)
++
++mount_domtrans(gear_t)
++
++seutil_read_default_contexts(gear_t)
++
++sysnet_dns_name_resolve(gear_t)
++
++systemd_manage_all_unit_files(gear_t)
++
++optional_policy(`
++ docker_stream_connect(gear_t)
++')
diff --git a/geoclue.fc b/geoclue.fc
new file mode 100644
index 0000000..a97f14f
@@ -41276,10 +41706,10 @@ index 0000000..3f433f1
+')
diff --git a/mcollective.te b/mcollective.te
new file mode 100644
-index 0000000..a04dd6b
+index 0000000..8bc27f4
--- /dev/null
+++ b/mcollective.te
-@@ -0,0 +1,29 @@
+@@ -0,0 +1,27 @@
+policy_module(mcollective, 1.0.0)
+
+########################################
@@ -41292,8 +41722,6 @@ index 0000000..a04dd6b
+init_daemon_domain(mcollective_t, mcollective_exec_t)
+cron_system_entry(mcollective_t, mcollective_exec_t)
+
-+permissive mcollective_t;
-+
+type mcollective_etc_rw_t;
+files_type(mcollective_etc_rw_t)
+
@@ -50610,7 +51038,7 @@ index 86dc29d..1cd0d0e 100644
+ logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
')
diff --git a/networkmanager.te b/networkmanager.te
-index 55f2009..ed9adbc 100644
+index 55f2009..63b8998 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -9,15 +9,18 @@ type NetworkManager_t;
@@ -50635,7 +51063,7 @@ index 55f2009..ed9adbc 100644
type NetworkManager_log_t;
logging_log_file(NetworkManager_log_t)
-@@ -39,25 +42,50 @@ init_system_domain(wpa_cli_t, wpa_cli_exec_t)
+@@ -39,25 +42,53 @@ init_system_domain(wpa_cli_t, wpa_cli_exec_t)
# Local policy
#
@@ -50654,6 +51082,9 @@ index 55f2009..ed9adbc 100644
+
+allow NetworkManager_t self:process { getcap setcap setpgid getsched setsched signal_perms };
+
++allow NetworkManager_t self:process setfscreate;
++selinux_validate_context(NetworkManager_t)
++
+tunable_policy(`deny_ptrace',`',`
+ allow NetworkManager_t self:capability sys_ptrace;
+ allow NetworkManager_t self:process ptrace;
@@ -50683,10 +51114,10 @@ index 55f2009..ed9adbc 100644
+can_exec(NetworkManager_t, NetworkManager_exec_t)
+#wicd
+can_exec(NetworkManager_t, wpa_cli_exec_t)
-+
+
+list_dirs_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
+read_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
-
++
+list_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+read_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+read_lnk_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
@@ -50695,7 +51126,7 @@ index 55f2009..ed9adbc 100644
manage_dirs_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
manage_files_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
filetrans_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_rw_t, { dir file })
-@@ -68,6 +96,7 @@ create_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_
+@@ -68,6 +99,7 @@ create_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_
setattr_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
@@ -50703,7 +51134,7 @@ index 55f2009..ed9adbc 100644
manage_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
-@@ -81,17 +110,14 @@ manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_
+@@ -81,17 +113,14 @@ manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_
manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
@@ -50722,7 +51153,7 @@ index 55f2009..ed9adbc 100644
corenet_all_recvfrom_netlabel(NetworkManager_t)
corenet_tcp_sendrecv_generic_if(NetworkManager_t)
corenet_udp_sendrecv_generic_if(NetworkManager_t)
-@@ -102,22 +128,15 @@ corenet_raw_sendrecv_generic_node(NetworkManager_t)
+@@ -102,22 +131,15 @@ corenet_raw_sendrecv_generic_node(NetworkManager_t)
corenet_tcp_sendrecv_all_ports(NetworkManager_t)
corenet_udp_sendrecv_all_ports(NetworkManager_t)
corenet_udp_bind_generic_node(NetworkManager_t)
@@ -50748,7 +51179,7 @@ index 55f2009..ed9adbc 100644
dev_rw_sysfs(NetworkManager_t)
dev_read_rand(NetworkManager_t)
dev_read_urand(NetworkManager_t)
-@@ -125,13 +144,6 @@ dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
+@@ -125,13 +147,6 @@ dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
dev_getattr_all_chr_files(NetworkManager_t)
dev_rw_wireless(NetworkManager_t)
@@ -50762,7 +51193,7 @@ index 55f2009..ed9adbc 100644
fs_getattr_all_fs(NetworkManager_t)
fs_search_auto_mountpoints(NetworkManager_t)
fs_list_inotifyfs(NetworkManager_t)
-@@ -140,18 +152,33 @@ mls_file_read_all_levels(NetworkManager_t)
+@@ -140,18 +155,33 @@ mls_file_read_all_levels(NetworkManager_t)
selinux_dontaudit_search_fs(NetworkManager_t)
@@ -50797,7 +51228,7 @@ index 55f2009..ed9adbc 100644
seutil_read_config(NetworkManager_t)
-@@ -166,21 +193,32 @@ sysnet_kill_dhcpc(NetworkManager_t)
+@@ -166,21 +196,32 @@ sysnet_kill_dhcpc(NetworkManager_t)
sysnet_read_dhcpc_state(NetworkManager_t)
sysnet_delete_dhcpc_state(NetworkManager_t)
sysnet_search_dhcp_state(NetworkManager_t)
@@ -50834,7 +51265,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -196,10 +234,6 @@ optional_policy(`
+@@ -196,10 +237,6 @@ optional_policy(`
')
optional_policy(`
@@ -50845,7 +51276,7 @@ index 55f2009..ed9adbc 100644
consoletype_exec(NetworkManager_t)
')
-@@ -210,16 +244,11 @@ optional_policy(`
+@@ -210,16 +247,11 @@ optional_policy(`
optional_policy(`
dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
@@ -50864,7 +51295,7 @@ index 55f2009..ed9adbc 100644
')
')
-@@ -231,18 +260,27 @@ optional_policy(`
+@@ -231,18 +263,27 @@ optional_policy(`
dnsmasq_kill(NetworkManager_t)
dnsmasq_signal(NetworkManager_t)
dnsmasq_signull(NetworkManager_t)
@@ -50895,7 +51326,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -250,6 +288,10 @@ optional_policy(`
+@@ -250,6 +291,10 @@ optional_policy(`
ipsec_kill_mgmt(NetworkManager_t)
ipsec_signal_mgmt(NetworkManager_t)
ipsec_signull_mgmt(NetworkManager_t)
@@ -50906,7 +51337,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -257,15 +299,19 @@ optional_policy(`
+@@ -257,15 +302,19 @@ optional_policy(`
')
optional_policy(`
@@ -50928,7 +51359,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -274,10 +320,17 @@ optional_policy(`
+@@ -274,10 +323,17 @@ optional_policy(`
nscd_signull(NetworkManager_t)
nscd_kill(NetworkManager_t)
nscd_initrc_domtrans(NetworkManager_t)
@@ -50946,7 +51377,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -289,6 +342,7 @@ optional_policy(`
+@@ -289,6 +345,7 @@ optional_policy(`
')
optional_policy(`
@@ -50954,7 +51385,7 @@ index 55f2009..ed9adbc 100644
policykit_domtrans_auth(NetworkManager_t)
policykit_read_lib(NetworkManager_t)
policykit_read_reload(NetworkManager_t)
-@@ -296,7 +350,7 @@ optional_policy(`
+@@ -296,7 +353,7 @@ optional_policy(`
')
optional_policy(`
@@ -50963,7 +51394,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -307,6 +361,7 @@ optional_policy(`
+@@ -307,6 +364,7 @@ optional_policy(`
ppp_signal(NetworkManager_t)
ppp_signull(NetworkManager_t)
ppp_read_config(NetworkManager_t)
@@ -50971,7 +51402,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -320,14 +375,20 @@ optional_policy(`
+@@ -320,14 +378,20 @@ optional_policy(`
')
optional_policy(`
@@ -50997,7 +51428,7 @@ index 55f2009..ed9adbc 100644
')
optional_policy(`
-@@ -357,6 +418,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
+@@ -357,6 +421,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
init_dontaudit_use_fds(wpa_cli_t)
init_use_script_ptys(wpa_cli_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 57bb4e8..3cd932e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 40%{?dist}
+Release: 41%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -584,6 +584,13 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Thu Mar 27 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-41
+- Turn on gear_port_t
+- Add gear policy and remove permissive domains.
+- Add labels for ostree
+- Add SELinux awareness for NM
+- Label /usr/sbin/pwhistory_helper as updpwd_exec_t
+
* Wed Mar 26 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-40
- update storage_filetrans_all_named_dev for sg* devices
- Allow auditctl_t to getattr on all removeable devices