From 3f98d5071cd9795c3214e6f229b5df9858e46f4c Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Fri, 6 Jan 2017 21:58:14 +0100
Subject: [PATCH] * Fri Jan 06 2017 Lukas Vrabec  <lvrabec@redhat.com> -
 3.13.1-232 - Add tlp_var_lib_t label for /var/lib/tlp directory BZ(1409977) -
 Allow tlp_t domain to read proc_net_t BZ(1403487) - Merge pull request #179
 from rhatdan/virt1 - Allow tlp_t domain to read/write cpu microcode
 BZ(1403103) - Allow virt domain to use interited virtlogd domains fifo_file -
 Fixes for containers - Allow glusterd_t to bind on glusterd_port_t udp ports.
 - Update ctdbd_t policy to reflect all changes. - Allow ctdbd_t domain
 transition to rpcd_t

---
 container-selinux.tgz        | Bin 4964 -> 5426 bytes
 policy-rawhide-base.patch    |   6 ++-
 policy-rawhide-contrib.patch |  81 ++++++++++++++++++++++-------------
 selinux-policy.spec          |  13 +++++-
 4 files changed, 68 insertions(+), 32 deletions(-)

diff --git a/container-selinux.tgz b/container-selinux.tgz
index 734bfcddf01b5255bdd26ea4661d865a63eac34b..efca37650e008069cc699157b4a6c8d0cfc98ce6 100644
GIT binary patch
literal 5426
zcmV-270v1&iwFQ~1aMdY1MOW~kK8tv_G{O#5bOZ%4(z_!iGg-z28(ze_F;E|nY?Xw
z6_v!QQd%V`qSTi){NMK+-b6_xMX6MFFVF?pT`e7cBoE2Mb0a%0@;XX$Qk|!p7f1SB
z!so{y-{a4#4?kS$KjHK4>chJqUtGPreE0tH^7`tB>lc?-@2)Q|Uj&!OYLNbEXdP8S
z@FKgbqBV)FbYt)TpMF-aUIjnVX1|ZB$G`r%BSBG;{4Fh-DkecxmRTA{bz0;>EGJ4p
z@-6&4|LH;&TLFmQr&AmJa`N{F5;rx`(9=Aqclv{**u$4|R`fzE8~jv8RkRQCXixs~
zl2g6>>!5~D>_re|S#eL2pe};CigKD_r%a$13>Chw(!3_sCW^`F@2WLn)#P=$Cn40w
za9+RpeRZ-Wd03G@o3sMj)yYZySZX~`W$HJEhXgnf)*n|Vug_MilenlzyiY<(qAK2n
z>oh<8?&@rHBC89_sD@VIQ#+XHO?|e)3XU*Pz}Y7|O305XBjh(2ag;Mk=O7%&?|-p6
zHFjs|I!K`Taa~j?p%XZL;^K4^$AmJplW8m#Oo3+kF!(O2khJA3t3UYe%0zPm{R{*?
zd<{!d?I{%8q#2>IVnNMDWZ{|p)L6|X)YoLRWrC}62Xg$MBuaYhW<&eU8C^lcSPxlq
zX0h8kM^6|ye{B}x3hOKIobIBEJSDEP2Kn=ylY4MIOKFXB+s1SOWO(E=WaFi?{B|~i
z|9}sM``_5A$Nia>Bu+Oe3=khk+*`>&<gq#vJ|VFDft&jg<=|lx#Uj~eu-w4(|A_Kv
z+uul@#v0qRrX5YT3HU>#o5UDfFh`Y=#u0o<s(?0*DAbNKj1F;mRPO%_5)-6SvHk=2
zP0_%Jw4s1nI>YgZMefsj7eqkV)WG37jRV&E)_4GMhjfu92g@qG!+MbND-LK6S+pX=
zRv7Tn6lYy2HcS$8rl9bS8JDJ1#mk0q7Ex-cioF}wwI-svWJ-Pb|I45#k^fQlmzQ<b
z*t&?My=vDa&9`3FnwN-_ao*;+ae=t3ZEX>JcMbpE!N2#*>Sw?F`==+eb1*HYOp|H*
z2H3(Dfdf!<f<nxIj1Lz#`zWdI7I8p12V&sbm}+-F(wgk!I-BHq`Z#>o<Y~>=-wqVV
zPK2T*E8?S-B6&r!0+n^(R0{Kny$Qre78b+0DL8lug5^HJmT(+{J*u_j27d%<W+;nv
zq?Bk-AT}`Zt1P`bDPf9L1+IV*2ihWLR+J~feU+LN>^<4T&h_mV^*!)tKXnG#{0WK%
z#$g|DY{~lx-0U+m2zuP?F3YlhoVtYvJ$x%WgNgpehQeg4ADMW>wa{g%Tp>NyCgiTH
zDRLHHBBSu9fxnXQCf-#cUm*7(v|<@1<A<Azt%1mQUya%LjpX$dR^w+_lY`}~z$CV}
z8#UISgrb!=3jV{OZT}VuWkce-{sPI0t)r;67g{KG#h&!%fY=nprptP0-x`tRP4H5^
zJBM;F&t~H!MSMFSghJ_X&?0;~2Mttx9p`PFr7*nnk$B%0Xvr+zaEv0J$Jt&BsK9{f
zw*`HfO+y<Bo1zjSdx$&L%jxfGf>3rXO_+%@V8mnu!*I^Tc$<N^qx#J9)c*~Rymt0)
z((O6P@0LW}6||;H12TJULClKKBD*_B4lDx8M~Z?Xur40RGTrBxsMIb9SAhMHMUTrP
zUM~n4)x|!QG5{2p3U=)<O7>~a_aY1g*_IFAtR&L8dI4w$x_*j0m;Mc<bYSO$C;&zO
zA)qy=Bzv~MkoueJ&%8CLZ(yru=K%Ox%H8T_S<A;TcC<nJ*DpV}70{<Va%Jp2dPs{p
z4gByODgKz5D<QO%ZSK71v}gV@@EhciY!9akM6>E*l3s5N0ZGqV)j+EP(Ld&bVCy}F
ziecYl{?TrN&s|y-`F@hZf1KfB?L5@eVRc%|5p}yph8jQUxaJpI<8!VGc$(0{PZ4|u
z1GfTh1T@{|QN~TZ;LFEp&J3uGNp>@#Y?wPL;6l(`|JF4zR$h4XdgYPJ9sqnWu(Z^K
zRr#$~anXH)gKfODHc!SqThd2`VqxH*lFst5EV49yWHVek)Px5uf)!B9;N_Y2e#GJS
zdTB>#7&Y}yWH}AIrR?Ps%LZfZoszJ}3Us7}*5w0J^)#fx<HKV9=7BmiPwz-_U2?&D
zI1Wn9(-4-^d3t<)x;hW*{dARexC+Xw0TH{b+S<qTeK&o<7)G-n<YCUab<yMrWeWx)
zk;}+39!yp62jsN2O`PSw*Lygmg6->YwG(#1D1S7-i#>z$0#r`e(5lC>fbMclHKl^v
zUvI_0_o~Q99F-TNoNt>uH>cR8`f)lQ0BdXFqoFm6JFL1np)HtvtkPnKC5`EJT621@
z9Z1G}tX^CEkc{a`EmHrrLUKc?3>hO5zI8Ndm`0#!jROy3KM%md_HG=#$8`15(W-9r
z*QT_Z%j!WYt*CtLs&%+`*nA-_6tn5=vds_A?q(rG)PJO1MQfI0v_S)0b6I@rJsSJY
zmmaon#3vzTxy2G>G>mWK=YQHDO-+t<#>jpC>;3x=*O$ZdUmu>&e|?P)w>QImku(`O
zRkPtuaCLrpemQC7tzHG6NSwhmM>`Ex)QU~~gwR+7-%Am8Cm6hjYJ&S6fwfubf#!&9
z{?ZG^d{tQ%{QC1RL0MF_iq4l}RdIA&Ds_`bYrPLj@dRb$O|XeFN}xYB{RpZ_Bh){b
ztb!%x+|Ikya*Jm<GD$@CMILgAacZc^b!Lc{3Td<cBZTcB-bMMAz1=ehfeB6(LOsT_
zgff#%&9k>|rHdd@D?U0E5(ir#@_@pMDZ5ls_u0wS_bwaxvjOLIcf*k0i}y~0UhkJ?
z+H|9{r=7RMd88a+-6m?u1sspD%j`chCI)ojWU_z^+u%?B5X*tqc-k*N#Fb9JE^_Om
z<n0u{v#uK*hDN7o7gIV)IbtSL15W#;OlX4!3g>D+-hJ9D<XGYRa<Izrks2BJrH9xl
z>O|g91NMe?(BW4*KGK?J6`OFwS!JH3X3uI5wQp8;!G}h^wT?dNuqw>~+O4JIVwavw
z_3+e)Foc(xQC;jdv5F^2)sLscB113{C+%XX+#k+_Jy^~)Gt5p01r3ab9c#c|_Uz*d
zJy<!Z+3%<QB2)L>cK?JG6=eb6)!`MlH%;3eCE4Z%%-(37W@-Hxd=BDWai0gbDQveJ
z_y%AbO6oKT_P2SF1lU;S3}@fgX|D1>*@G&&2h4f{kQk*HsTekE8Skn{28vaN@vf0V
zZD?dmKufNxZfpc<ud;NX)~p>=<gksmMY+x~txof!bKm?(VN(E)Ros2(iB`wu0w_%~
zK$%j!ofOx>nn`Hd(30edt7Lx$>s>(;icJ_$1Dsw-v$C=>o-P_utYoIba6dF1ayb-i
zcxY)h;%G*OC$cF;V@B8Ij&BYd&KVguB8MV%?BC-Su$Q1Vv&&p5F$Edtbk~m7Q;WR%
zD$zb;Us*a(@I@u{&Fk#e@L+CNomi6>i4D)3^XLbrF;2E8_;ThY*cif%T#WoU6>Nbu
zV2V9#Qx*GmKf|qOn6Nd{Ok=KsXnQ}e_U#|E$j{;B%(3sNx7HW)=E6km$#cUOzpLAO
z&6FOrWyT!HaMbr5uMTFqFa9Bn_wR$ysg7BRJR5P$I@Z|{ndKvbdWG2i9h&U<=yvS5
zYTxK4>eOYz`=;+n^SYzXw=grS$Un|nWv(j~=1vw5%*m6(19NG-$*bLk=`+HDc;c?<
zJBw9Qmf2>_$>B%AZZpM?34gsjzUg$sajMWxCLFH<JWQ~9)zY*zbxxGI4bv&YY3u@p
zISbztbF$F$#GNeoJaN@ovZaA1OTjT*A4%A`bZepoVLI33-{b`q*s&A&b7!v?=2Rup
z6L{V<^8lVT&0M%$KfL!e5Rj&6p!&`xgwHe{o<;7>-FqcxTDL6vYWt7B2=Bb`P<Ea4
z#=dBt`&-~9$wa~gk2kWs3A3EmsdG}_7uBsVIZM`lq;Z`YS=|!fBeEAM@Po!XlK54Q
zK5xtJBLc9Pzr#{WqPR})V4)<I`UQQ0@0x_&<{&EJZ>WnYE17Z2Vy0_zWc#d3MRz32
z9B{}nbQ7~!!WMq5(m2eE#L@)42qk#}HQlLV>1IZunRWF-HkM+nS8NC|Z(*E17TF5B
zx-LDdkVWERzb`ZL5V8RtFUtZ1Q#oiXG|s_JF;8}2nTeA^6&a~Q2vIim<2J@^q2|Qx
ziV<-qzGyIiaB?X}WoU!*c5SPoDV^;Sl-zKpkNYgmZ|$@qGdr@aMj+|5(bhm(7ZvVo
zRdgS+SlI)p$Vp0XE%YqJgYqe-^ggZQotaLY&*-xY^!22;w?K>QXk@~inTiqN`^MIz
z_RtVc9ajCGZY|UuVi5J{mIZ2?agfqjn`|sFoBnTPPs&*_uZKFQVjBa})T!7Y60(V!
ztmanAgKf&|CHR!LK|fMlN{O(3LVk|h!dpSi1bw=3;u;P&Rps7l;h*u>yoYNCg&p9v
zxz-I#;3A_VEVdL*%Np~`W|qcl)$jNs@Ctgeq}SD}AbW`U@l8ypn-a}WqBul1K$Rv0
zb+B!k;ExjH^YF95UmvN6=;OC_QPk`UC~ESnID!be+N9XLs6+g~VPaK_CNS-1aIA5x
z0+?(l<U$aQDxe*3wTnIPgt$jz+_Ds3^4(y$5z#9TAlX)J8o*~$@I64;!413Vi3Oh>
zNdZADj}4D7(_)dfF4t*Ahb~)R=bfJVCbZsm5Aafww_M}COG^+z`KB1rsQ+vTtwVN!
zSwG#?Kri|e?qOELp6Ax-C9zv$HxN4wh80*m`o?Tg>op>PLl?fy002rRRT~gr7S<}7
z?2bvOx+)y?;$2@@rIR8niqZ>ev`V2_$=;?EOkqs98r8*wMSehmQ6+IuVni!57g9dD
zNu`tr&Q*%<)KncZaaAB@C{p{-<?xS^xT#XJ6>q}r_SdcvbEU|omI6_edy!SdgUpu$
zY8-^R?wC@2QpW(i!e+v*Mnx#jMi%_~k5B&y{s|qrBf+nDa*m~H+0zDBz2hV-RgqQ0
z&zLcNe$-jT3&@{>sml8kKCpG^9D$aY883_2H|&!4T?29<TU(76=50b_M49n;=*dW{
zNXvTv;2@EL2#~CuW`v^K<AieFH92m>F<yZi*4B2ea32HRzST)#AEfZmuHdsgTW%7u
zWuVe)ZN@`eq^d*po4f$jT#w9Q^HFpaEw@o!8SREr%7ujwoDQtE1RsjFB1i9yg=8|x
z)G~GfVKNxDWjnv%J09(uVs9kthDz5ce&tu^S&S)uc7l=ZA}0}_2K+V#yp95=kEKt}
zJ1taYnA?=vlo1pCK8klhXDjjAR`Ukr-aX8eWVEBNtxQD)WtR2VD7DIF(Ao;-%(BkW
z&tg4L1lxg5*q-p7RMlNt)#FYAPUbM(*?XUbZ=wvvC2wPOOFGv&<kT|A<4Z4BZKnX6
zgqBjTf=yAOnJxg@n@U2;duZ>{8+BMp9S!f45o2yL#%?wVUf%Xmc2n#ddb4d)g%tp~
z5}_+X&|^M+%Fd*kd+9J%4GlJ=_w)3mlMZov%H3G&37e_nSf84xEoIyu@00iLnw;Y!
z4q?4m*H0bsYr95Ebz%e~wM{$A3~C;pQZ}CHVCU-4B``FohdB?ym*KqvuETnRJ8VX5
zd6ilr4gyXsuSKf`f@8w5i_=<vlhvbSI2~<XgMKv%Z;K&lUl*MaDEeOv^3}1Gi5A#*
z$M!_Gb+2dS?S`)~wU@vN6ieD$-(3eRJm!~aQTb!;AJk)rBgjJLH|wr&<nrolOoYk{
z`C6fAlP9vBec|K?nrjW8clL^312l2~OPqV1aqvhlIq}qy@~c_kG{><z<<&W>W8Kf?
zEj%O1B;!{Jx!#TDl`I7B%mi7e4p&mhp;fr^LwwN3b3`n6I*rKpLoaz6{uQ?cEA&mJ
zP;<SPPhxQ5DpFSjR1s-WLV57X2<8`2ROI8~JViQF;MIL;_bT|gsX!~LvqyfNQ_Anr
zg54R^SQN(Rc;9GX&>2Gz>1Eb2-_gy5dI>*2t5?gP@XY~KZ#D{`x0qa9S}}f?(#RIX
z->b-~l#FR-NPuUZvW(At`;1Slq2wJ3U4G8iET;{JGP|cTgW*;&h{>VN1g3j@%f9Ui
zQ&K$ALObh*AHp6!@k#{sL>j339X8`aQb9|0M~<cE8gCW-N2570z-Nb@J+T?BCobwp
zP?UN?3v%&m@9*F^XGgc>wf;9kMjI(YpRP7`qod{n#$#o{VoK6z>lJq$!@3oJ-K-&Z
z=#X+X>-C%9_x7GxJ=kbV{t)`0F7VUpPlLd(yP122prMTC$(+Sa@1=SNI%;Kk)eGCX
zLVCS@MTH(Q?%8kF1~!O-yY73}lgMTHD)>|c_auOQv4QbGHIcAuwJ7;p8>HdUjV}0D
zn8YVM!W!_OP$T|@(xMVKDd=$@L)<~R{JWW@O3=7=W_)i>L8<#WL&h{9FG0p899wDQ
zNl0QIYS+GSw{kCpQTyEZ)%~c#=bNM5ZRNiI>+-|<_k;Vtu73RC`Tno3@wvcUpNrql
z`I=&P&f%0G4`4%cGrPGF61KW&XPUTWfZ`2d7Y(g0vUH8A#RbQ?IRF0S?OSg&sltnE
zkrCAdD*iOlBGBtJZ}FA_1Xc7c!Yzdd@8Tu#6xDzI&&7X#&+VXPnJNB|&SEVVs4=%H
zmWIuXyCQ4$<n44;=+}66pz+TdEj4CT2V7=7b=T739MEc5ZjQCk!a*v2&Rf9Rg;D|?
zjBWvS3WDqGZztYZvAlYOF`&f}%itim)x}-JdktbmAo&8d{&dzb3DoK2B3J-*!CU<s
z9tQOWl>q}2q@tpTe*XP$c*TW36ZvHs<G}KKsXwxRquJ5YWq>j4K6M_s@Wj#JiIczs
z@%jMB7PIB!GSgHW7ygH@mgqQ&<Yk(NNEhlan=Qh@gCvl1u?x&2ta*uSUit^Gd^7x_
z0>ECyGIBuTFDwou?BY_P2Yk420KH)5Cfx=BR67w&5zJZ220Y%l-|#P|PSQt4;LwEy
zcyt*&@h4OlVxiaoxROVwf(~Ldnj8aQP3@T=0oe6uI?#3=j+7+d+CG2&Jb#`)&!6Yd
c^XK{V{CWO7f1W?jpQS$k2mQMq#sHuI07i<u+W-In

literal 4964
zcmV-q6PxTGiwFQTUr|^91MOYwkK8tr&)4a{La+mPCa`DxN&<|tdpIQb;XWKT*v+@i
zomMTeyA|uTqBM^){J(D%U!o+EqSR`87H9!>cS}`2l0~vuRV-@avS^~TAoX>+`{qQ~
zYq);+;XQu7`SJVL`X^lP-n@JL!#D8X+xKt3|M5N2y?OWc&D(E+*QctGezmlT>LB<g
zyQ`xuiLG=~&;L!Y&GYBMPqfYRsDAwOZwC^T6)9fPvaMqhL{*iganz(`5yWz!1f<x*
z=k-rFl5GPZepjzF_;K-H4<v3IqM@fn&>Zv|Ntwf!YsPw`@diItQ61$$5#{7h&p6ey
zKaWcIg*^zOEGzFx5;SGd)KNiGY?KM~hM~guO<FXh-bFFF{D-PdShq!!<|Ksj7|x5A
z|JYpYNfFlMpKV$L?dIa5d91V+D4yn};U)nIgw2P|#fz)W<{~a@66Z-sNmR#&aGMsF
z-@dupT*%_WDr%rsc-IbQdeU5Nuz(YE6iD{T_7citP7nEYMjRE4(%A_|%KLAuOikQb
zx(yPje%zFGO6UwpU$`V4#WA4_?P8vYg;1bcJ_5drY9#Gs%gPVFePg1zg?0u4AHIea
zsdEa9yEG$I7A&Y)kE}ehpPH!IfclbxwhVB^ccjGsN}^;SZq~J5UC=dDjJ1$eXOXzA
zWAuW7^T%c-uCTs<%;_Pj$y1U#tB}9kIk|__vy?VCwrxTeK!#gBT{g{~6(1KP_;>iI
zyZ@8TdR(7rMdEaqLI?4V#I==-R30lc;R6Esk6heOs0WW5C>G7OK;#CY|4&pz`{6?J
zH0D^&s&+EnCg6|JZW3c^!kkn~8hh|5nF3lrqEb6eH#*eiNu~cYXiU&b<@OJdH$?{{
z(z*gl>2=2=vfQW5A&7vmZ9u|J8V9WPo$~<d4(TFI4_0-0hvgvU7wpghvZzIfwJ_kL
zE6$oy?wBU#LP6ynGbzm}it~nX7Ex*`iai^bwI!msWKMbb|FfX1Q2tT&r)N#w+M0-@
zgJQQNE%si;nx}}=ao+B^ae}zKZEX^K`xgGagMaVWwa<S2?_ZwC%E7FdDoy6C8{i9D
z6b?Yq83r)}GTvO>?W3f=TO|PH?1)ilW3J!*NE?#JO*Sj?^kMw0Ez*XGzw0QDod`oq
z7Q}liMe>?tB^v7>sT9T&dlHCCGK+5Al^nbR#d4ouO*oFhAJuAdiywg+8OkG_;1U%I
z!~!OMO76`?1w*VZaRy8T&{lD?q9O_I>(pdm=Ol-f>+4VIdyr8+cLdqu35o{#ArCmV
zl>H284uu&618MfBWz{^+UBZI_zEzyT%y?r<VX!riOg-XU=nGZOkb!6ua#uAJC5sPH
zQ21$(uOz&U4|T{V$bAU4SVzcsad)wE5c%q>2^+tWqM0LVyv8LtM9vsyiM?B>vHT<y
zwZvZV?*?u8w@@e_5}yqxNLKD0tlC;=p*WN|8IA$5D2hdwwa~saBFW3(nR<2&e9x{H
z<0NJLaXAPD?r>Biyt@PqOnn{aRh*^Jy~~k!+g7NFlnr$L9;{V12y7^9fJlVwA?_6~
z2cN47!qgm8fgXor5XC}_R~e`Zs`rYg?Q95wbt7k&?ypI4w<hYLqzzpgkoh_*V%CI~
z+1)itU=>*2Q)s-c2v>rgoJEi8Bfeb`GHS{^m9q^N=o(h1FiP^Y;5rvKJZwXqD`kmv
ztsVf{ks*$<D5M{+7FTS15Cve+J_NLZr8j4Klr&%6PUN-0broy9c(2>nBkUKq$SXXB
zQLlB{-+ukMD}X-bo~vT--a}ekyWzvPr}%AVmWNPRwv6(Y(}A1Ez;97PvOb(H5Y=kR
zS@x@Ot3yVR>K1Ahi1sm8o6YwW3Wha`#R2<?EO%*L7Wpj0_B7qa>Upe3Zw=1M9(9KR
z#+EJEa^?qn<9)ttd%B9k9}hl(BUgho0-ElNDB~_o@cF|$ryUAon%zt&E9Q=VyAZSx
zw{=cT@r$U{fFGso0l+&0xuwmi`1fAyqWOkE(loa=PNpL`G8ThsVHAjwLE*3}vowBW
zBU}cKM5HK!8PLd0x-0GZL}2N~+5y2ZYMX<|<{3o=*~2H6^~CBsCozpN^t6T6<Reqk
zG^Ek(<My`A9d&Fz+KKeKl!AA69F>BmA*^Tf4CMTDZ64P8`6lal7F1aaDt2A7b%^Qv
zZ2p8X^yY9gg9V|sWm_baO&Hv9TSu4iO+y8LMDAu+#YJ&yy@g{cSiX)oJ7E=!ibn&y
zSTndRz~qDlt$wUZXfC%@Q!1qW<z@_gugi?YQFSvZ`L4Q4b7x(qAE)CRJzYt>H?(T;
z;8H*Lu>+I0Rr=?c)0kGKRcG+nfn>}(8q~!P$(V-IAq^iZBsY}G1TiAvQ%9A?+vS?o
zIEn@i_q#1(@9!56gsvVsYSrK6v>B~tUVSr0W0kjErH<DQTP(zdVs^b<zWMQ4%xtR+
z?H}n^(T3&H?9c(%LKa_pjmEa~sfYEOh)GCYZt(;e4U^l~K1K8Idv%*M4LMaA?(<*o
zU%&tU$I<z(ckj;UzrMu9{qQg^lQtulYBanI-dw-FemzSgZJr0ekT`?skNzuYnhjG3
z38Asre6Pf|JHgFsC?>c+5YSn*zR?^pqew;vSqv}Bg5Q4rHK@wEQM>b%&^8<$RY=no
z(N=GRGRVP5dl~Gaj1p*%&2EHZ(g^J`ro%z?IL(|swKRQLj!Y7fyevYlNiPj0xy}r6
zu8_9dKSEe0<3m*J+0&c_PE2r$3GF*i4&^?Ys%Nj=Mpw<ERJ?U5G%?md<N<{>a{{QO
z9*UE@HGMJidn3u~VVE(!m+YN^4!vEP%h%r@zU)06k0TWz>{n4sF5q}fT;{l<F)^SI
zCzA!_b{2l}n=wy)xE%72ab+;HkKDy>c|FB%)^uYa)fg=9W6A(BN6chuz~zw3gf^<6
z2s#gU+%E@Ajv1a;qgjr(RL{VV0b-BUiM*o*>>cf)!%sUt(wavV8*t-MWgeyGi1Pq-
z7;fl;kAol9GKQq%qO`zpzm(qAgN*R1o0mp}F}%!->SK3_RXj<mdAuC6jKReIaUV<N
z{%|4WC3G2cST9G620_D$H4-no_hEyPy@E9C_vMgf?z-EppD?4MEa0m;JmP-1X}O~$
z+ug=d6>ZZjZ61S9L3}9hi{N7l%k2)n0oaa`CQX9;V^JmnR+eoNuy5P6P<f#2MjhP)
zX0roG+`XA77#3@}4_K27466+H0VkNcEu%dF@1d#tdqz-touzr&uzFCD!!}(PwWWY*
zb=v*{-?NxtHf?OOg8Mf;(VDng0i{hwD0A4mLGd=&G7U{zT9G1gaSlhY-V}5#*?<8v
zz!|MI8!H>*>7oh4N@j43*F)1Gmt(=khn5y2PG+ijBAZfI7BpS1_~z}@B|YOt<WQuE
z{af4t4pQV6HklhGrp?zS&9$Qq%p$M0O0-YdR+c6ed{$|N%Nn~k+*sOFC)VsqV#70M
zUHXA(f|K<LK3{n$HimF3CnG;j1xsK9m|_jv)n(qTXSno?6WJ!JY0Tjebsy%{zWRff
z#Wg%!*!Mm2*7{)CSeS`Ddu;gP_icNxkurd`jF=+@j`qIe(a}Qp#Xm;y{%sI8)hP>+
zXCqEo#x^^luzXa|fQh}oL(@GU+<_fe={wy;ojXl<+w?VQS##9+7UpJ^#fL?+%=Joz
zrGv!-bN1lyz+4+|_H1`y`t-0Mp1ErJj$&1nb(UFk()>xVyA1kM!oOV~-*iIbG(~8q
zD^6Dco(I`H?`SM1%G{3W9OX3i0)-_L-xG7T((}Zft@u1~)mgH&foE&MDO?{-*n8>L
zOb^0zHp{=tD;ls<C-Rq$UN6kKMx-b3vSH={yl9xYa7`x`{UJ@mK((C>2%lj*K8rjU
zyZ1`ZbYWSH)edie7SVYTq3j3gjcw5)_a8x;Bom1we7}+9lbH3iPF;}ZzN|m`lCvcC
zM;bSoQPdsrJtBLNf;?z^Ac<e$81uHQK4JqF^O{(yO%ylj9ZZzOQof*1@L8L%w>gMH
z_!H_9%0^})vpv(Td1w2oPel(T%N%ehF$@#4y@WmdtkXCw%EVFyorRJjfs*bNTe@4o
zw6LtfmW_ptwTg8i<}FOq$0A$d&@`225t1b?^SsK)L&!RKnwM=5%$1;#X<C9kHcxRN
z&&)xgSSE@PN|X)#xZC5lP;=sL#)y3<K4~zoayFNvF!aHBz4mq4R?d0}O71w*$2?1m
zk9Jy-u^!oGBarm!XsaM?${JU;I=T<pUfBbf$Vo~+TIksp59+6a()+ZD4`w=XZe=Jg
zu-B9F-U2ONM<Wvn%~XsCpSQLab%&{N=&<5*y0=jGh(Xn3SQe;l&Ou6JZLqP8+4TP-
zds5DZMLpC39$O!fwn@bTk&s=~W)1gJ9&AHi=io!$2K`8JDkZ}E3He!ci);lkQ}pT1
ziEB9YRad#y!@uH>c?-7=3Om3HbE!KRz-2}!L~LPBs|NGS7INcj)$jNu@Y?ib$-tZE
zLG}>yW38A@H)l6LiQ*8$0Ck!Ww88dif*%#`&%<YnKOd>s(Z_GwvTWEFFx2E%aWoTb
zwOM=fq73nY-NcF(RbbZ7=(y)p0WjE5$%UXA)rNM!%`SGox5YiV$1S<|l<#kr8xg(o
z0Fr&(r2%|0ZN3MnJGf&vKe6DGBPk$=<#Fl>VOl)WF626obsVzw4c_UgZ^G*B)&MUf
zdCx8GyR-roRP4$Li~64}p-sqMU^Yy5HPDOpggK0ASo7RAy(D&9>;__|!>|F5M_-sN
zX1zuPa2Ue3IRHS(v}z0L%OYAulie{5)zqb<TzuCT7U`tO%Cho;nk-USR<gAz1y>kT
zt|o0U;gKJ~Fli)?I3}zzGn0zZ&EirKI2RXRsi``A<0?RmP^9*uE8rg`aa*TmFW!XP
zZ?D}V=0=grECr&r@FJ^;2br$~R6huF-7%zwq>c`Fj@5)!jf$-}8(Hw%Uw-*Z@K<Qi
z9SMHJ6NM~Q%bqs4862}=sfw%^e)f*p^OM0U&LBU9P*wCNd|>m^*#jLhb6!^QZ`e!T
z4=w10Y-@F1ShNY95#`3?VK5`DBCVSI!9gMw5g=I`%?L%arwQe_YYSY4V|)c}*jVei
z!F3F5`_3kXb&$eMyMfR0Y`IIsrh!VYwK)$ROWlO(mwW-Jxg43p=40q8TJEE|GTIGX
zDujhMoB^zkgLg$&kfZfRCYek!m&dLkOb)}o>c$s*$0Lt({EcMWQW+Y>ul&_{7H5i|
zonT~#$VtS90e?#czNQ0*kEKn{cYUbBFt;hS86zh8Jc<uMXXAKbD|rWc?;b`<GTG1<
zR-vMSvdH^um04wTXl;xI^Q;Suvse!l!E&Gzb|>Fw6?K=^&2*4}lQ~>>_S|RUn<zsH
zhUvDn=-jSsN#~k}oLX-3_|nT++hbsZ(8BdR*p)T9=>nj8gG)$x3++vMsSZo2BlA5T
z(dQ;->~@#nOYJ_$W{Pz~ueNQdFb2>o5r!fJJ?7)5?5wW2l@4dsP+>!QKTl7(=n;3P
z|Ba<yu#qZ`^{Ii{QO4czKKb5VQ*eADAgr_X<J1v<o!KN;Z;xQ2w0UQ|!OX+c+r~2;
z>|7m&1jY{aIOiewJbvGT>#*MF-98h(yh^PQ2Lb2uYrE9~!7<?23+1|alQp7bI5lpb
zgMKB7Xp3RfzA1ZKpcsEK=vT*5CTd_`9lMk6*0r9IcMHD4)E<H)P%UXseODdu@K{`?
zL*=)5d{Ey*oIn;jzuoqgBiC0~Qz}%xsIXI-Hhm)NIaE%LO>?c{%g$c$*CS0Fz!K+P
z7aTm&IcJ_aQgJm4oEA7%r@VS+b*$^Td^^!ZGRgESmR!#!^Ga5NcV>dDRE8@l<k%wI
z`5`{&(>WquNe60F3^Fea;Z8;B+ACB<+J2fmB4h;f+j~>w(;Hus^lQJaVf9Nj@p^Z%
zcU!pM|MB{V@868y|8f5N&tK-c!M(nl->>=UWcDr|7I=ApHIy&2?XCFxQT1&%AH*p`
zif;(HX=!}})*CuzHyr2Y`n!u)ue{OZDlA?XiKr$}@uvw^f!?M?hqo3WJc|)-Ej&f_
z_y4>3-|x7(Ubpe$<^AhbS-{3^4bIW}xJ7waW^GPh31Q5E*WXC053&C68Wpi(3F~!Z
z2Q7RC@wseFYwuVP=&-s9s7sj3SO0P0jTOt&xJ&>Yju>f2!EJ89R?!4H7p!wLS>^g*
zfOW%5`yJ0Uc!Nsc*957kD576~_dA}}^sg^J_c;wLk4pF>`&XKsl2`{ABgk{R%!MaT
zxd_M=5#JsG*<p5aoC#+crdq%7ziqKfEsvU=&Iu(jPcW|}vUz$PJ-f{Ct4=a|5$nt~
ziNErcld!ALyaDj>6A;$SBNhqn4y$@1m?B6P%w_`~uiWqWhqh*|)e~^&tpgri2T%OP
zt(8P5lq@%Z=v>fIv_jKk0DO}@#B(9V+cb2b{W2V>Nxrr_cfQWo`8r?c>wKNB^L4(?
i*ZDeM=j(i(uk&@j&e!=mU+3$5vFl%=%W=N|pa1~7s;+ea

diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 9b14adfc..a9c04b39 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -49424,10 +49424,10 @@ index 0000000..86e3d01
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..caba12b
+index 0000000..0c415d2
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,978 @@
+@@ -0,0 +1,980 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -50303,6 +50303,8 @@ index 0000000..caba12b
 +dev_write_kmsg(systemd_gpt_generator_t)
 +dev_read_nvme(systemd_gpt_generator_t)
 +
++fs_read_efivarfs_files(systemd_gpt_generator_t)
++
 +fstools_exec(systemd_gpt_generator_t)
 +
 +storage_raw_read_fixed_disk(systemd_gpt_generator_t)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index e10ed4d8..bdb3e506 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -20522,7 +20522,7 @@ index b25b01d..06895f3 100644
  ')
 +
 diff --git a/ctdb.te b/ctdb.te
-index 001b502..9892b34 100644
+index 001b502..ac0508e 100644
 --- a/ctdb.te
 +++ b/ctdb.te
 @@ -24,6 +24,9 @@ files_tmp_file(ctdbd_tmp_t)
@@ -20576,7 +20576,7 @@ index 001b502..9892b34 100644
  kernel_read_network_state(ctdbd_t)
  kernel_read_system_state(ctdbd_t)
  kernel_rw_net_sysctls(ctdbd_t)
-@@ -72,10 +89,16 @@ corenet_all_recvfrom_netlabel(ctdbd_t)
+@@ -72,27 +89,38 @@ corenet_all_recvfrom_netlabel(ctdbd_t)
  corenet_tcp_sendrecv_generic_if(ctdbd_t)
  corenet_tcp_sendrecv_generic_node(ctdbd_t)
  corenet_tcp_bind_generic_node(ctdbd_t)
@@ -20593,7 +20593,10 @@ index 001b502..9892b34 100644
  
  corecmd_exec_bin(ctdbd_t)
  corecmd_exec_shell(ctdbd_t)
-@@ -85,14 +108,18 @@ dev_read_urand(ctdbd_t)
++corecmd_getattr_all_executables(ctdbd_t)
+ 
+ dev_read_sysfs(ctdbd_t)
+ dev_read_urand(ctdbd_t)
  
  domain_dontaudit_read_all_domains_state(ctdbd_t)
  
@@ -20614,10 +20617,12 @@ index 001b502..9892b34 100644
  optional_policy(`
  	consoletype_exec(ctdbd_t)
  ')
-@@ -106,9 +133,20 @@ optional_policy(`
+@@ -106,9 +134,22 @@ optional_policy(`
  ')
  
  optional_policy(`
++    rpc_domtrans_rpcd(ctdbd_t)
++    rpc_manage_nfs_state_data_dir(ctdbd_t)
 +    rpc_read_nfs_state_data(ctdbd_t)
 +')
 +
@@ -32425,10 +32430,10 @@ index 0000000..764ae00
 +
 diff --git a/glusterd.te b/glusterd.te
 new file mode 100644
-index 0000000..40c6ade
+index 0000000..03db2af
 --- /dev/null
 +++ b/glusterd.te
-@@ -0,0 +1,307 @@
+@@ -0,0 +1,308 @@
 +policy_module(glusterd, 1.1.3)
 +
 +## <desc>
@@ -32563,6 +32568,7 @@ index 0000000..40c6ade
 +
 +corenet_tcp_connect_gluster_port(glusterd_t)
 +corenet_tcp_bind_gluster_port(glusterd_t)
++corenet_udp_bind_gluster_port(glusterd_t)
 +
 +# replacement for rpc.mountd
 +corenet_sendrecv_all_server_packets(glusterd_t)
@@ -109138,14 +109144,16 @@ index 97cd155..49321a5 100644
  fs_search_auto_mountpoints(timidity_t)
 diff --git a/tlp.fc b/tlp.fc
 new file mode 100644
-index 0000000..8b8cf4a
+index 0000000..eef708d
 --- /dev/null
 +++ b/tlp.fc
-@@ -0,0 +1,5 @@
+@@ -0,0 +1,7 @@
 +/usr/lib/systemd/system/((tlp-sleep.*)|(tlp.*))		--	gen_context(system_u:object_r:tlp_unit_file_t,s0)
 +
 +/usr/sbin/tlp		--	gen_context(system_u:object_r:tlp_exec_t,s0)
 +
++/var/lib/tlp(/.*)?		gen_context(system_u:object_r:tlp_var_lib_t,s0)
++
 +/var/run/tlp(/.*)?		gen_context(system_u:object_r:tlp_var_run_t,s0)
 diff --git a/tlp.if b/tlp.if
 new file mode 100644
@@ -109339,10 +109347,10 @@ index 0000000..46f12a4
 +')
 diff --git a/tlp.te b/tlp.te
 new file mode 100644
-index 0000000..98e708a
+index 0000000..0183c55
 --- /dev/null
 +++ b/tlp.te
-@@ -0,0 +1,55 @@
+@@ -0,0 +1,65 @@
 +policy_module(tlp, 1.0.0)
 +
 +########################################
@@ -109357,6 +109365,9 @@ index 0000000..98e708a
 +type tlp_var_run_t;
 +files_pid_file(tlp_var_run_t)
 +
++type tlp_var_lib_t;
++files_type(tlp_var_lib_t)
++
 +type tlp_unit_file_t;
 +systemd_unit_file(tlp_unit_file_t)
 +
@@ -109368,12 +109379,18 @@ index 0000000..98e708a
 +allow tlp_t self:unix_stream_socket create_stream_socket_perms;
 +allow tlp_t self:udp_socket create_socket_perms;
 +allow tlp_t self:unix_dgram_socket create_socket_perms;
++allow tlp_t self:netlink_generic_socket create_socket_perms;
 +
 +manage_dirs_pattern(tlp_t, tlp_var_run_t, tlp_var_run_t)
 +manage_files_pattern(tlp_t, tlp_var_run_t, tlp_var_run_t)
 +files_pid_filetrans(tlp_t, tlp_var_run_t, { dir file })
 +
++manage_dirs_pattern(tlp_t, tlp_var_lib_t, tlp_var_lib_t)
++manage_files_pattern(tlp_t, tlp_var_lib_t, tlp_var_lib_t)
++files_var_lib_filetrans(tlp_t, tlp_var_lib_t, dir)
++
 +kernel_read_system_state(tlp_t)
++kernel_read_network_state(tlp_t)
 +kernel_read_fs_sysctls(tlp_t)
 +kernel_rw_fs_sysctls(tlp_t)
 +kernel_rw_kernel_sysctl(tlp_t)
@@ -109385,6 +109402,7 @@ index 0000000..98e708a
 +
 +dev_list_sysfs(tlp_t)
 +dev_manage_sysfs(tlp_t)
++dev_rw_cpu_microcode(tlp_t)
 +
 +files_read_kernel_modules(tlp_t)
 +
@@ -114622,7 +114640,7 @@ index facdee8..2cff369 100644
 +	domtrans_pattern($1,container_file_t, $2)
  ')
 diff --git a/virt.te b/virt.te
-index f03dcf5..9bde200 100644
+index f03dcf5..587e30f 100644
 --- a/virt.te
 +++ b/virt.te
 @@ -1,451 +1,403 @@
@@ -115393,18 +115411,19 @@ index f03dcf5..9bde200 100644
 -manage_dirs_pattern(virtd_t, virtd_lxc_var_run_t, virtd_lxc_var_run_t)
 -manage_files_pattern(virtd_t, virtd_lxc_var_run_t, virtd_lxc_var_run_t)
 -filetrans_pattern(virtd_t, virt_var_run_t, virtd_lxc_var_run_t, dir, "lxc")
+-
+-stream_connect_pattern(virtd_t, virtd_lxc_var_run_t, virtd_lxc_var_run_t, virtd_lxc_t)
+-stream_connect_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t, virt_domain)
 +manage_dirs_pattern(virtd_t, virt_lxc_var_run_t, virt_lxc_var_run_t)
 +manage_files_pattern(virtd_t, virt_lxc_var_run_t, virt_lxc_var_run_t)
 +filetrans_pattern(virtd_t, virt_var_run_t, virt_lxc_var_run_t, dir, "lxc")
 +allow virtd_t virt_lxc_var_run_t:file { relabelfrom relabelto };
 +stream_connect_pattern(virtd_t, virt_lxc_var_run_t, virt_lxc_var_run_t, virtd_lxc_t)
  
--stream_connect_pattern(virtd_t, virtd_lxc_var_run_t, virtd_lxc_var_run_t, virtd_lxc_t)
--stream_connect_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t, virt_domain)
+-can_exec(virtd_t, virt_tmp_t)
 +# libvirtd is permitted to talk to virtlogd
 +stream_connect_pattern(virtd_t, virt_var_run_t, virtlogd_var_run_t, virtlogd_t)
- 
--can_exec(virtd_t, virt_tmp_t)
++allow virtd_t virtlogd_t:fifo_file rw_inherited_fifo_file_perms;
  
 -kernel_read_crypto_sysctls(virtd_t)
  kernel_read_system_state(virtd_t)
@@ -115576,12 +115595,11 @@ index f03dcf5..9bde200 100644
  ')
  
  optional_policy(`
--	iptables_domtrans(virtd_t)
 +	firewalld_dbus_chat(virtd_t)
 +')
 +
 +optional_policy(`
-+	iptables_domtrans(virtd_t)
+ 	iptables_domtrans(virtd_t)
  	iptables_initrc_domtrans(virtd_t)
 +	iptables_systemctl(virtd_t)
 +
@@ -115833,7 +115851,7 @@ index f03dcf5..9bde200 100644
 +storage_raw_read_removable_device(virt_domain)
 +
 +sysnet_read_config(virt_domain)
-+
+ 
 +term_use_all_inherited_terms(virt_domain)
 +term_getattr_pty_fs(virt_domain)
 +term_use_generic_ptys(virt_domain)
@@ -115846,7 +115864,7 @@ index f03dcf5..9bde200 100644
 +optional_policy(`
 +	alsa_read_rw_config(virt_domain)
 +')
- 
++
 +optional_policy(`
 +	nscd_dontaudit_write_sock_file(virt_domain)
 +')
@@ -116206,7 +116224,7 @@ index f03dcf5..9bde200 100644
  selinux_get_enforce_mode(virtd_lxc_t)
  selinux_get_fs_mount(virtd_lxc_t)
  selinux_validate_context(virtd_lxc_t)
-@@ -974,194 +1260,372 @@ selinux_compute_create_context(virtd_lxc_t)
+@@ -974,194 +1260,376 @@ selinux_compute_create_context(virtd_lxc_t)
  selinux_compute_relabel_context(virtd_lxc_t)
  selinux_compute_user_contexts(virtd_lxc_t)
  
@@ -116493,6 +116511,7 @@ index f03dcf5..9bde200 100644
 +	fs_manage_nfs_symlinks(svirt_sandbox_domain)
 +	fs_mount_nfs(svirt_sandbox_domain)
 +	fs_unmount_nfs(svirt_sandbox_domain)
++	fs_exec_nfs_files(svirt_sandbox_domain)
 +	kernel_rw_fs_sysctls(svirt_sandbox_domain)
 +')
 +
@@ -116501,6 +116520,7 @@ index f03dcf5..9bde200 100644
 +	fs_manage_cifs_dirs(svirt_sandbox_domain)
 +	fs_manage_cifs_named_sockets(svirt_sandbox_domain)
 +	fs_manage_cifs_symlinks(svirt_sandbox_domain)
++	fs_exec_cifs_files(svirt_sandbox_domain)
 +')
 +
 +tunable_policy(`virt_sandbox_use_fusefs',`
@@ -116509,6 +116529,7 @@ index f03dcf5..9bde200 100644
 +    fs_manage_fusefs_symlinks(svirt_sandbox_domain)
 +    fs_mount_fusefs(svirt_sandbox_domain)
 +    fs_unmount_fusefs(svirt_sandbox_domain)
++    fs_exec_fusefs(svirt_sandbox_domain)
  ')
  
  optional_policy(`
@@ -116536,6 +116557,7 @@ index f03dcf5..9bde200 100644
 +dontaudit container_t self:capability2  block_suspend ;
 +allow container_t self:process { execstack execmem };
 +manage_chr_files_pattern(container_t, container_file_t, container_file_t)
++manage_blk_files_pattern(container_t, container_file_t, container_file_t)
 +
 +tunable_policy(`virt_sandbox_use_sys_admin',`
 +	allow container_t self:capability sys_admin;
@@ -116723,7 +116745,7 @@ index f03dcf5..9bde200 100644
  allow virt_qmf_t self:tcp_socket create_stream_socket_perms;
  allow virt_qmf_t self:netlink_route_socket create_netlink_socket_perms;
  
-@@ -1174,12 +1638,12 @@ dev_read_sysfs(virt_qmf_t)
+@@ -1174,12 +1642,12 @@ dev_read_sysfs(virt_qmf_t)
  dev_read_rand(virt_qmf_t)
  dev_read_urand(virt_qmf_t)
  
@@ -116738,7 +116760,7 @@ index f03dcf5..9bde200 100644
  sysnet_read_config(virt_qmf_t)
  
  optional_policy(`
-@@ -1192,7 +1656,7 @@ optional_policy(`
+@@ -1192,7 +1660,7 @@ optional_policy(`
  
  ########################################
  #
@@ -116747,7 +116769,7 @@ index f03dcf5..9bde200 100644
  #
  
  allow virt_bridgehelper_t self:process { setcap getcap };
-@@ -1201,11 +1665,262 @@ allow virt_bridgehelper_t self:tcp_socket create_stream_socket_perms;
+@@ -1201,11 +1669,262 @@ allow virt_bridgehelper_t self:tcp_socket create_stream_socket_perms;
  allow virt_bridgehelper_t self:tun_socket create_socket_perms;
  allow virt_bridgehelper_t self:unix_dgram_socket create_socket_perms;
  
@@ -120367,7 +120389,7 @@ index dd63de0..38ce620 100644
 -	admin_pattern($1, zabbix_tmpfs_t)
  ')
 diff --git a/zabbix.te b/zabbix.te
-index 7f496c6..fccb7b1 100644
+index 7f496c6..aab4f86 100644
 --- a/zabbix.te
 +++ b/zabbix.te
 @@ -6,27 +6,32 @@ policy_module(zabbix, 1.6.0)
@@ -120545,7 +120567,7 @@ index 7f496c6..fccb7b1 100644
  ')
  
  ########################################
-@@ -132,18 +161,7 @@ optional_policy(`
+@@ -132,18 +161,9 @@ optional_policy(`
  # Agent local policy
  #
  
@@ -120556,7 +120578,8 @@ index 7f496c6..fccb7b1 100644
 -allow zabbix_agent_t self:shm create_shm_perms;
 -allow zabbix_agent_t self:tcp_socket { accept listen };
 -allow zabbix_agent_t self:unix_stream_socket create_stream_socket_perms;
--
++allow zabbix_agent_t self:process { setrlimit };
+ 
 -append_files_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t)
 -create_files_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t)
 -setattr_files_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t)
@@ -120565,7 +120588,7 @@ index 7f496c6..fccb7b1 100644
  
  rw_files_pattern(zabbix_agent_t, zabbix_tmpfs_t, zabbix_tmpfs_t)
  fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
-@@ -151,16 +169,13 @@ fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
+@@ -151,16 +171,13 @@ fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
  manage_files_pattern(zabbix_agent_t, zabbix_var_run_t, zabbix_var_run_t)
  files_pid_filetrans(zabbix_agent_t, zabbix_var_run_t, file)
  
@@ -120585,7 +120608,7 @@ index 7f496c6..fccb7b1 100644
  
  corenet_sendrecv_zabbix_agent_server_packets(zabbix_agent_t)
  corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
-@@ -170,6 +185,30 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
+@@ -170,6 +187,30 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
  corenet_tcp_connect_ssh_port(zabbix_agent_t)
  corenet_tcp_sendrecv_ssh_port(zabbix_agent_t)
  
@@ -120616,7 +120639,7 @@ index 7f496c6..fccb7b1 100644
  corenet_sendrecv_zabbix_client_packets(zabbix_agent_t)
  corenet_tcp_connect_zabbix_port(zabbix_agent_t)
  corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
-@@ -177,21 +216,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
+@@ -177,21 +218,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
  dev_getattr_all_blk_files(zabbix_agent_t)
  dev_getattr_all_chr_files(zabbix_agent_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index add14296..569f257d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 231%{?dist}
+Release: 232%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -675,6 +675,17 @@ exit 0
 %endif
 
 %changelog
+* Fri Jan 06 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-232
+- Add tlp_var_lib_t label for /var/lib/tlp directory BZ(1409977)
+- Allow tlp_t domain to read proc_net_t BZ(1403487)
+- Merge pull request #179 from rhatdan/virt1
+- Allow tlp_t domain to read/write cpu microcode BZ(1403103)
+- Allow virt domain to use interited virtlogd domains fifo_file
+- Fixes for containers
+- Allow glusterd_t to bind on glusterd_port_t udp ports.
+- Update ctdbd_t policy to reflect all changes.
+- Allow ctdbd_t domain transition to rpcd_t
+
 * Wed Dec 14 2016 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-231
 - Allow pptp_t to read /dev/random BZ(1404248)
 - Allow glusterd_t send signals to userdomain. Label new glusterd binaries as glusterd_exec_t