diff --git a/policy/modules/admin/readahead.fc b/policy/modules/admin/readahead.fc
index 26c1128e..09cc902d 100644
--- a/policy/modules/admin/readahead.fc
+++ b/policy/modules/admin/readahead.fc
@@ -1,4 +1,3 @@
-#
-# /usr
-#
+/etc/readahead.d(/.*)?		gen_context(system_u:object_r:readahead_etc_rw_t,s0)
+
 /usr/sbin/readahead	--	gen_context(system_u:object_r:readahead_exec_t,s0)
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 849d2d54..4f90974c 100644
--- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te
@@ -1,5 +1,5 @@
 
-policy_module(readahead,1.3.1)
+policy_module(readahead,1.3.2)
 
 ########################################
 #
@@ -11,6 +11,9 @@ type readahead_exec_t;
 init_daemon_domain(readahead_t,readahead_exec_t)
 application_domain(readahead_t,readahead_exec_t)
 
+type readahead_etc_rw_t;
+files_pid_file(readahead_etc_rw_t)
+
 type readahead_var_run_t;
 files_pid_file(readahead_var_run_t)
 
@@ -19,9 +22,12 @@ files_pid_file(readahead_var_run_t)
 # Local policy
 #
 
-dontaudit readahead_t self:capability { dac_override dac_read_search sys_tty_config };
+allow readahead_t self:capability { dac_override dac_read_search };
+dontaudit readahead_t self:capability sys_tty_config;
 allow readahead_t self:process signal_perms;
 
+manage_files_pattern(readahead_t,readahead_etc_rw_t,readahead_etc_rw_t)
+
 manage_files_pattern(readahead_t,readahead_var_run_t,readahead_var_run_t)
 files_pid_filetrans(readahead_t,readahead_var_run_t,file)
 
@@ -37,7 +43,7 @@ dev_getattr_all_blk_files(readahead_t)
 dev_dontaudit_read_all_blk_files(readahead_t)
 dev_dontaudit_getattr_memory_dev(readahead_t)
 dev_dontaudit_getattr_nvram_dev(readahead_t)
-storage_dontaudit_getattr_fixed_disk_dev(readahead_t)
+storage_raw_read_fixed_disk(readahead_t)
 
 domain_use_interactive_fds(readahead_t)
 
@@ -68,6 +74,7 @@ libs_use_ld_so(readahead_t)
 libs_use_shared_libs(readahead_t)
 
 logging_send_syslog_msg(readahead_t)
+logging_dontaudit_search_audit_config(readahead_t)
 
 miscfiles_read_localization(readahead_t)
 
@@ -80,6 +87,10 @@ ifdef(`targeted_policy',`
 	term_dontaudit_use_generic_ptys(readahead_t)
 ')
 
+optional_policy(`
+	cron_system_entry(readahead_t, readahead_exec_t)
+')
+
 optional_policy(`
 	seutil_sigchld_newrole(readahead_t)
 ')
diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if
index df6cfed7..e3300d83 100644
--- a/policy/modules/admin/usermanage.if
+++ b/policy/modules/admin/usermanage.if
@@ -278,5 +278,5 @@ interface(`usermanage_read_crack_db',`
 		type crack_db_t;
 	')
 
-	allow $1 crack_db_t:file read_file_perms;
+	read_files_pattern($1,crack_db_t,crack_db_t)
 ')
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index a3934428..7c5a96ac 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -1,5 +1,5 @@
 
-policy_module(usermanage,1.7.1)
+policy_module(usermanage,1.7.2)
 
 ########################################
 #
@@ -191,7 +191,6 @@ allow groupadd_t self:unix_dgram_socket create_socket_perms;
 allow groupadd_t self:unix_stream_socket create_stream_socket_perms;
 allow groupadd_t self:unix_dgram_socket sendto;
 allow groupadd_t self:unix_stream_socket connectto;
-allow groupadd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
 
 fs_getattr_xattr_fs(groupadd_t)
 fs_search_auto_mountpoints(groupadd_t)
@@ -223,6 +222,7 @@ libs_use_shared_libs(groupadd_t)
 # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
 corecmd_exec_bin(groupadd_t)
 
+logging_send_audit_msgs(groupadd_t)
 logging_send_syslog_msg(groupadd_t)
 
 miscfiles_read_localization(groupadd_t)
@@ -244,6 +244,10 @@ optional_policy(`
 	dpkg_rw_pipes(groupadd_t)
 ')
 
+optional_policy(`
+	nscd_domtrans(groupadd_t)
+')
+
 optional_policy(`
 	rpm_use_fds(groupadd_t)
 	rpm_rw_pipes(groupadd_t)
@@ -254,7 +258,7 @@ optional_policy(`
 # Passwd local policy
 #
 
-allow passwd_t self:capability { chown dac_override fsetid setuid setgid sys_resource audit_control audit_write };
+allow passwd_t self:capability { chown dac_override fsetid setuid setgid sys_resource };
 allow passwd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
 allow passwd_t self:process { setrlimit setfscreate };
 allow passwd_t self:fd use;
@@ -264,7 +268,6 @@ allow passwd_t self:unix_dgram_socket create_socket_perms;
 allow passwd_t self:unix_stream_socket create_stream_socket_perms;
 allow passwd_t self:unix_dgram_socket sendto;
 allow passwd_t self:unix_stream_socket connectto;
-allow passwd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
 allow passwd_t self:shm create_shm_perms;
 allow passwd_t self:sem create_sem_perms;
 allow passwd_t self:msgq create_msgq_perms;
@@ -316,6 +319,7 @@ init_dontaudit_rw_utmp(passwd_t)
 libs_use_ld_so(passwd_t)
 libs_use_shared_libs(passwd_t)
 
+logging_send_audit_msgs(passwd_t)
 logging_send_syslog_msg(passwd_t)
 
 miscfiles_read_localization(passwd_t)
@@ -336,6 +340,7 @@ optional_policy(`
 
 optional_policy(`
 	nscd_socket_use(passwd_t)
+	nscd_domtrans(passwd_t)
 ')
 
 ########################################
@@ -426,6 +431,7 @@ optional_policy(`
 
 optional_policy(`
 	nscd_socket_use(sysadm_passwd_t)
+	nscd_domtrans(sysadm_passwd_t)
 ')
 
 ########################################
@@ -433,7 +439,7 @@ optional_policy(`
 # Useradd local policy
 #
 
-allow useradd_t self:capability { dac_override chown kill fowner fsetid setuid sys_resource audit_write };
+allow useradd_t self:capability { dac_override chown kill fowner fsetid setuid sys_resource };
 dontaudit useradd_t self:capability sys_tty_config;
 allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
 allow useradd_t self:process setfscreate;
@@ -447,7 +453,6 @@ allow useradd_t self:unix_dgram_socket create_socket_perms;
 allow useradd_t self:unix_stream_socket create_stream_socket_perms;
 allow useradd_t self:unix_dgram_socket sendto;
 allow useradd_t self:unix_stream_socket connectto;
-allow useradd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
 
 # for getting the number of groups
 kernel_read_kernel_sysctls(useradd_t)
@@ -492,6 +497,7 @@ init_rw_utmp(useradd_t)
 libs_use_ld_so(useradd_t)
 libs_use_shared_libs(useradd_t)
 
+logging_send_audit_msgs(useradd_t)
 logging_send_syslog_msg(useradd_t)
 
 miscfiles_read_localization(useradd_t)
@@ -518,6 +524,10 @@ optional_policy(`
 	dpkg_rw_pipes(useradd_t)
 ')
 
+optional_policy(`
+	nscd_domtrans(useradd_t)
+')
+
 optional_policy(`
 	rpm_use_fds(useradd_t)
 	rpm_rw_pipes(useradd_t)
diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
index ff890837..67987561 100644
--- a/policy/modules/apps/loadkeys.te
+++ b/policy/modules/apps/loadkeys.te
@@ -1,5 +1,5 @@
 
-policy_module(loadkeys,1.1.0)
+policy_module(loadkeys,1.1.1)
 
 ########################################
 #
@@ -39,7 +39,7 @@ ifdef(`targeted_policy',`
 	files_read_etc_runtime_files(loadkeys_t)
 
 	term_dontaudit_use_console(loadkeys_t)
-	term_dontaudit_use_unallocated_ttys(loadkeys_t)
+	term_use_unallocated_ttys(loadkeys_t)
 
 	init_dontaudit_use_script_ptys(loadkeys_t)
 
@@ -49,4 +49,8 @@ ifdef(`targeted_policy',`
 	locallogin_use_fds(loadkeys_t)
 
 	miscfiles_read_localization(loadkeys_t)
+
+	optional_policy(`
+		nscd_dontaudit_search_pid(loadkeys_t)
+	')
 ')
diff --git a/policy/modules/services/setroubleshoot.if b/policy/modules/services/setroubleshoot.if
index 50c71351..ec02d93c 100644
--- a/policy/modules/services/setroubleshoot.if
+++ b/policy/modules/services/setroubleshoot.if
@@ -19,3 +19,23 @@ interface(`setroubleshoot_stream_connect',`
 	allow $1 setroubleshoot_var_run_t:sock_file write;
 	allow $1 setroubleshootd_t:unix_stream_socket connectto;
 ')
+
+########################################
+## <summary>
+##	Dontaudit attempts to connect to setroubleshootd
+##	over an unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`setroubleshoot_dontaudit_stream_connect',`
+	gen_require(`
+		type setroubleshootd_t, setroubleshoot_var_run_t;
+	')
+
+	dontaudit $1 setroubleshoot_var_run_t:sock_file write;
+	dontaudit $1 setroubleshootd_t:unix_stream_socket connectto;
+')
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index b292f9ec..d6e6bb92 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -1,5 +1,5 @@
 
-policy_module(setroubleshoot,1.4.0)
+policy_module(setroubleshoot,1.4.1)
 
 ########################################
 #
@@ -33,7 +33,6 @@ allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
 allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
 allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow setroubleshootd_t self:unix_dgram_socket create_socket_perms;
-allow setroubleshootd_t self:netlink_route_socket r_netlink_socket_perms;
 
 # database files
 allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr;
@@ -76,12 +75,17 @@ files_read_etc_files(setroubleshootd_t)
 files_getattr_all_dirs(setroubleshootd_t)
 files_getattr_all_files(setroubleshootd_t)
 
+fs_getattr_all_dirs(setroubleshootd_t)
+fs_getattr_all_files(setroubleshootd_t)
+
 selinux_get_enforce_mode(setroubleshootd_t)
 selinux_validate_context(setroubleshootd_t)
 
 term_dontaudit_use_all_user_ptys(setroubleshootd_t)
 term_dontaudit_use_all_user_ttys(setroubleshootd_t)
 
+auth_use_nsswitch(setroubleshootd_t)
+
 init_read_utmp(setroubleshootd_t)
 init_dontaudit_write_utmp(setroubleshootd_t)
 
@@ -112,7 +116,3 @@ optional_policy(`
 	rpm_dontaudit_manage_db(setroubleshootd_t)
         rpm_use_script_fds(setroubleshootd_t)
 ')
-
-optional_policy(`
-	nis_use_ypbind(setroubleshootd_t)
-')
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 6ee2f5b1..7841e713 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -315,6 +315,25 @@ interface(`logging_read_audit_config',`
 	allow $1 auditd_etc_t:dir list_dir_perms;
 ')
 
+########################################
+## <summary>
+##	dontaudit search of auditd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`logging_dontaudit_search_audit_config',`
+	gen_require(`
+		type auditd_etc_t;
+	')
+
+	dontaudit $1 auditd_etc_t:dir search_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	Allows the domain to open a file in the
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index a649c07c..12332f03 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
 
-policy_module(logging,1.7.2)
+policy_module(logging,1.7.3)
 
 ########################################
 #
diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te
index 232d2039..4237f55f 100644
--- a/policy/modules/system/netlabel.te
+++ b/policy/modules/system/netlabel.te
@@ -1,5 +1,5 @@
 
-policy_module(netlabel,1.0.1)
+policy_module(netlabel,1.0.2)
 
 ########################################
 #
@@ -21,6 +21,8 @@ allow netlabel_mgmt_t self:netlink_socket create_socket_perms;
 
 kernel_read_network_state(netlabel_mgmt_t)
 
+files_read_etc_files(netlabel_mgmt_t)
+
 libs_use_ld_so(netlabel_mgmt_t)
 libs_use_shared_libs(netlabel_mgmt_t)