From 617ff7d328be69c583a18051bb9195433cb04bad Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Fri, 24 Nov 2017 18:20:55 +0100
Subject: [PATCH] * Fri Nov 24 2017 Lukas Vrabec <lvrabec@redhat.com> -
 3.13.1-305 - Make ganesha nfs server

---
 container-selinux.tgz        | Bin 7211 -> 7221 bytes
 policy-rawhide-base.patch    |   7 +
 policy-rawhide-contrib.patch | 453 +++++++++--------------------------
 selinux-policy.spec          |   5 +-
 4 files changed, 123 insertions(+), 342 deletions(-)

diff --git a/container-selinux.tgz b/container-selinux.tgz
index f1a0fe37e5662788b8d1a57365a8ebb79edd0962..4927c340bb1de08f946974b2bb99ab5fced66102 100644
GIT binary patch
delta 7090
zcmb7}b6edH1BYv^<xVzNt=h6}YuRpD%eC;$c5S(3+qTcCW!u)te131?xvtM&_dB@n
zPdQH`4?rG;2$P^rpbG<cW}p+d%awR%yH}0ThUWTv%0TNGrcI!pU=ih1h`|_wS_3*+
zYfx3Su#rolF(+L)d^{t@6p&D%mZaA>Go(OTT%wWmp$^hwAwZQhp9-~3m`yplE60~x
zi0^uT(|hTB+-kSI#h-pAuX5~uJ>GvkyS-o70M^#m*L~c4p>O+P<Xy;BMr9&4d>r=L
z2)$ZM;-n6VBXZn#Z|~N+oqnV*izL?q6@TAf?tQV6HB>un$HYl#M71?^h(hdj@kFWl
z<l=GoA39&I<Z3Em2AFT1gM=sEZs{Y??elVqB`4445S-Hbg_$C5<+jlLD*E^!L7yQ>
zfN-a&di9&Y$d=_V%wQc&p)XF8e?;}dB$G@F6>_wKk>3pqB{ODMSmY*vq(YsAuslWR
z541<jiHzp%$_aPb+Nz`tkTqIEd42s|tEvr!*K%`c7?O<f+B$E`wap5~U`Ev3F~ipr
z>aiWSq+quOBgg6Omy`cs8r@_YvK}44E!1df`D@0of+Yw(Ba!NxV%yAmjV9D_xn5S$
z+rn0tF{llK1@~gKRr?W?PiLLZsxA@PcWl$}+;dToJ=56bNwb{MC}e?pW>`#Y7g+5$
zPJnoYWriDkGl;H!dZ{MCIGpd&AZa3+JfY&g>;GhnHAKBp##9T1uTc$n0G|Or!x=dO
z1^8Me7nNr@aUC_QtBmJO-AK|pV{wl*N(gZu&5yo>=ccOY&09|^9Ck2M$*lj&(H08y
zLA0el`zZT}V6>5HB_tvU7YlmV*OJZR?rBl1FTf;pu{qvFss3b?USb{XrzEPkk2=~s
z;5voR&3Q)7WR*@*6RMu6v)u&TO|gHltR7bj8+bxxbG$Rj@{v_7{_qISO7NBul+VC>
zZc;oX8Mz!O9vy0}-}d7Q1cE^6&&(XhPO=VV)N;-A92mAT>RO4t$<kg!72*`{2~X1~
z6G6jnIA92u`0l6NcWLcleqYK*wjpgLN$=X$n0|8hcBJT9SZH4TZVmw7T`~`K;Qb=J
z<Um&0&x;!OqBj&$Ygg_gJ4T3)&cq7M7^)TV6)N?!wy9>be3bKeO5TfqiJIUL4siF^
z+Z`7cSw~x@6)U8tNHKH~paPpMp9f(ef*5656!ZOUHkQbYt)<(Pb)e;ZzCAwi*X&#+
zp%D4nAytCQsZ@CldZ4+$jU_iH4=W+L=*OVvf(jm249&M++z{KO%hPT8$E|lGc=M2J
zP`z-c%}G#Yq)eH4yX>^-!S711@bKH!l^$CX3MShMHpH&3koWa|V1ub0|8Z{vcoUn~
znO-dC$S$Iq3+rRsf>CETfl7-Eg+*oXq!;*U?;@H}@;46-0XM4+vSf`*>Uvpk=gI|)
z5#6?Qp`=j7kdg34&B$H1#NREf@Un%Ie-9OVl8pDq+ZYKw;jzJH(KIGJpH`w&6G0Ey
zBiWRd%vAavBCtk14}Sxn+0*H)3Bn{v1m;Vv+0$rwEA)Yv9KVl*d-WBap?~5zCegim
zYC=wFWz_I301T_?QxLe!H@htufv8I(vv*)8QXDR;(zoacb6Cu%#5C9{FD5ChjHVOc
zC@<%7fx<}ifpVE$65kxPP+MvwHPyO+J+x*{3zO^Z8~rkU-Vg_5l+xKWmHN&hcj#q@
zlbNO|5MZYRcZY~A%U@;*iPSkC7;DUnp$v9GuscD(rDOtg+jh=m9mnU<mCfHi9!Ngb
zOcpx>=B~oz1+eG0IT8=9=tLz?Unkn><a50asA}67l@oR9ObE<5zSrp@5yir;IU+o<
zxrq}ayQu`k3rcpLO5S_m27GJ(^BFQgh-k_dn9FNv+5t9hvz^V}D}5)9o;SGIC~5~6
zcxqz-Zbn@8^&Avu3wQ$+NktGcCY29SJ#~L<L@*bVzmKxbS*DiEG9ha9y-}k4O_A;}
zz+kfj3*frI&@pjVET6DU%mh|SdLCL63)$6T$)sGv=a5=I(MO3bau-Yo{08;G;Jg;+
zSc}q(TKmc_3+n?Gg`&Q2@`5W-ke1#?&sZIRYw9%-vMi%_C+at;YhB#M=7`8S0qPqg
zyNLx^T6Isv-ZvZh9gj`=jCNK>c6d`v=NWzy?s6x*OKsA(rTa!tSFs<{6heCmqN7wH
zlfu6=ZQM(!gnPy^A*}!@m-#QmLFhOv3*%WU)_&}qwYLftxasUBaWOK_=&MhdRdNEF
z{q0sN&0dx*wy=V0FQ%406SIWh+5LZdJtJn^5EWo@991E*a~TJH_n1Ltizlp9vJg{Y
zxgQNh5#{ZwiH%_Ob4ZwdP#GhGsbG!Qvw|i92ZIykjx1QQF5g~%tn$&G+VL==M%(pm
zc2|ut#AKI-q2yCEe+Xsypu1)FGq(dEXC>;=Szc^M2c2c}|3YWzy17Pi2`{`>a?+y>
zUAN0sf0XfXg}1(Z;2|e<5hpz<dl7@S#Rq!0knCkuP>^^}*eExpWp?Xlh1m!joRP%_
ze&z4MIjKbTqVMG^x@bRw8=6di62&DX;NHs(CnjR?OmBne51|LsykI)K8ejsJS)wJJ
zB&xmFZXL@=<;L0q#G8-ly+2^T(lS`xx@d^Gr4^-ff!CvS9**U-R$CXo>X(t{n}vBA
zC{=JKo3iHXZG^SMVaF8`KgZ7;l9l5~d!LE0J$<(^zY=F_!*-W>vW?gcO*9meqV_qV
zo1VlKn<7HcR9#Ey{e0KO?Ei(y^>JFI><y_&(V7!lhG36e?s+=q*5bZ+%FBcUonL9>
z7JlOjef^5LTa?Q1c9=wl$Ou15@z3ZmNg2@=(8+osf!lG4F?XU9=rqY)THKu{h<lqc
z{cCLQ&2M3i@|u59@OSz^zAnn3X;gl1EB5`e|ModU^d)R1<3#Nx>|a7^p?y{gD}&uZ
z9d`$s1M>#p?d4lL{e@_MA6#K8YVgP2OW5tnpcCCs38uKH2P?;=!s=6W(wA)}O<a#E
zKyFeJDH2=Y99tW~b}oyq;4FcMmcrKW4?OUGl#=uHMDxj5!{?Xzp?2DxaxigYm9s7S
zN@H^`7bJaG>>Cy{=E~fa*^k=-1m}OPJMUFYAdR0B<B9k_&i8ciT4RJFTIefEcx4%(
zC06m8NcCMVJ9EW&8LZbM(f!n6dufa&z(HuHKK|;X>IMndyLQkv*_o5<1)eW<=8wL;
z)g*DE28F@;l!?NXidkGW4bzr&D^)I@MkX7J;G?KiLE?r;8xFE*@5ZPZ2JhTic~<4y
z*Wd|n$1q<7GRvE&l9tx1b~ZXDD1G>pWF?4pbv_slwlwMn<I(s6sDgr=2B#DO@>YIp
z)4g3lZ7yb5Xehr@sEFs>G(7F6D*r;Of>qFmYbv%i=&`<;bM#vW5d`KzrU~^Wm-0?K
zYsAx7sK+AqBNpjf!;T}dUUeQi_o>Fdp^XsvjI!H~6}gX9S>t|g5_-LAZ0%F)4Z7T*
zSF(?%g9Jez3i+Cl`@uGN)olehfKq}nqP<UVY76kcVv8AyB_(*B`Se&}a8#7RT}{`w
z<7SKF$jSqMPZ(PM6s_<qWxxNKOm7Z7BRw}Ugc8HHzzhsCh}SH1qp!oa*#4N_C~g<5
z==kA(bdXuQHe*V-!=*XyQuk%nnu7%h*6F!n^&D(+EDGtCtvd^&tLOt1(+kgBE?L9x
z_RKI>i*sP?w~Rddn`D<c(668KqT%d__<9Nf`)RTD?i>U+L_Wo72Uslp4o<!em51u@
z9%h9wj8Z&yKD$gCFOGhyMzn-h<AjIOJH~zP*Wc+BTuXB08+QbJC0&Dm5$Crr^AMgV
zTDvBf&_%0$BR=VMU(Nt@T9r;mGr0Nrq{588qj%_2>Xx<}vko;}q~3KYC>L$O<G-yW
zjqf53)N7Le%4<|<gc+kG%TX}7_;hSvLrI#;%b}q<z@+4hu2CL{M@uwd_?oJy1dE!)
zCYO6jMiu$hLn0>5IHZ)$AaC4Q7d*Y~ht^FIjJMGE7=mSd|AGgcQhJGyC&OdpYV2^V
zS}Sj#G013@?()TSM*M+YjQHY4RB7^?<=7cN5nj4i0?!Ik$}l@_VmB*$(<6Z3#4K!B
z$19-D@%<Nl4bshY*`|e#^)t`e;V`5hKT5G^IF>-gDD|Az$C(mi?<@nJ!ncU~95)oR
zUdY+NL@%W^k2?n_`klgB0{Uh)5R<Tt1VFb8r*X<QwQEdR;+Dem{cf{IK1qASj-#9{
zdlK`l;RHkoHZ83=D|xqJ65^D^y*VGlG=gQT_chYeU==3PT*_>vXHYQ>-EghQYpYyw
zsUN7BUB}B$CoYX0G_tgl!v3KB^Vt{&DPU%Hs9cUZ7EuAgAXCJ8Wuh8~t)WqYD__&+
zn=br48P*t~^^Vi0tTB&wtFdh?!!Boy&HO1Q9u5v4qPEix^f#<wh!ZF1A}L#INhsnx
zXt=Jc`(qvOt^9}gNS$TFanQ%>>i~r}$;;G_&zG?OesCipQ&^3i`dgT8K7Cj67jTk2
z*j>RofsFy4|Fo(I{t08)PutnxW%!rF)Vt3H3sVdtXr8Jgr|5wGIE?<<2bqotR)@`>
zlT@ReELJl!>)o3SH<_WbK;6hzoP07}|Ct>wXmFL9+PnMMkKgU+bepcoVFj*m{t*?c
zU&Pm@;d>Q_*#VHY5bn{iW7c9Dvc-)Oy(SCz{GkV8A~;;kecN2f2V0#t$`BCL!jQ@{
z%9<hNvC+U(+Py_Io0jKPYt|r~i}S%{k3Ny(wUvj-Qv(Zac8Sj8ovBW;xjHL!?+U;7
z+##`>`sM8Uq395SIVl9Ib#src#~7}BfmAU?jd>g5EVriZKgbKWf$ef#a1g=owGAD}
zssdbpefXXYKm60zqR$ZKDWY9LZ58|dGjmB#tmJ9NigzbV@z;dx9%x${!excSe&3n5
zw5JCgy7lp=y7O5|pSCL&&9r$B@;!lmP+BgKU!3yxfPJ5~X-Vn3fMjOC2Oygc@Kd(j
zJ6sutd--)C<kAv$*Y{)&9v%m#=@&93;sIymUAwMEPpuKl5LFz}m+%q80*a<D%e1vd
z`<{Hlf1p;BT5EIuoR6(xDj7mOlTnPQnL<MzVX52F*Vi@NG4g(WysT@I&lSUa1%Gv0
z2ql-V$oO@s*It{TRycmqj+y<DD&u!57^ka_dF)ELwYFyNDXoWUoX^x?fy0+*eLy<X
z_-+CZUau{ymxG;ooPVs3>ps<Kqv^LLULeg^XvbJ$G3V{5)B3t>dG*H_1;2yw`tNR*
zB(`x`({;ZSLizq)q=Gv_3@PLIF4Sn9xQA~o5IX+yrrC0^`;{F_L#i9Xnw%=s?<O}H
zAtVNvJ`_5h*wx3R$ZShiT&{X9xj<ut?BCU+EVtcchy;hKC&+~3_0P}Urxqp@JhZf7
zDYk_|YcNrx;7xJP(KAvf-pu~G*msAIE#bI|(A1`>b%o)bfWtL}yBeoQtAKsV%t3fX
zc3jM@=b%EV%$$nVm!_le^(azW;m*Pyy2IZ)R)-q+#0Urib9|2Oc*kU{bO5Jk<fqvt
z-(SlTV=NR#6E}ePb4+M#uI&eR{-26rW+!yDa~lI+)i)UhV1qGONYuhKbxp7HR)vR5
zi1~&vOOH$^mrySG2vqrXCu;4DJJ^n!O-l@GAI1D=XV_X2#WS2axs{r>C~ebZ_eZ~A
z{SI;yCcbeAl2?Ez3fkh$P6KRKJglW+NAnT3;fb>x&*z`o6Ha2%YO9>fNpAu>E%KIl
z=uTn&=r^-GfGY^CiBVj1S<#%xxc$~20u-YRt2B2f(Ox;dBNx{kJF50CGG711?W&Hu
z!h^`I=Jaqpp)9)jg^fx(!EeS6tA;$g3u+uLkw42Xm!mdM{=KsLHv%D<;62bC!AqsP
zHA%SdA;nNe^*<^F*y#mUW8%$RxWZ<Hy_u%@thl)AkzMSYEB{>*(u?B>?&VXLxNm<_
z`a649p7Q%oxWXkAh7yKqQ>ok8o2@JQ+4(nSh;OBc7M8u`_gfy#hVAG<*6=gVwT#ks
zG~MKhMFvSq#TzA@lK}Lo!i9h)2hvi>8Mp|>%g1_74LtOY_0!D8XOn`ZKZzx4upv%l
zV?xy(I2m15YmzD#oNb67EUa%KJS&^>j|)*5L?UcculvqM5Y2S!-58mK;07|Sm7tfP
z;1Nh^PHXi~Oee+D16w6fBY@IR1Ljwom`El29sP|<GjViu08K+>KONI8k;0O!FEEt#
z4YFp}sKje|(8@7P)O`LM*sy<OK0VZN7hjx4`&(JP;dTiB`TsMJITP3F0d{9n($QYN
ztor%dpN)GB-CdQL_cgA47Z~xOnY`(TZ)r<b;xk1Kpl{z&;;U*KiJ5<juorj@A04R+
zCk_2m@d_Ji1~fT|{8~0eWMmxUS`%tl<T5zSoXD^)kg7`tXXHxlJ|3prm+@aD4%wV2
zsU~XLzwJ_BCL&Om??xyu!b%|xw(#JTh)7X#2EN*%bFwU!dJs!mwSOX8Za#5!%FwAQ
z=^uGs=28<GR&BO@OnGQZOQKyTQGP~LF<32Zl2lut11^`!<#gw{1uonWnM#+o;0`D?
zhkJ>tz$293sFE(zv&PK+o+n#jjVYT)<0yP-$X2|LXPDN$j2FvKBy|Hj#CWLD3pgc<
zQn{)t=l>uRRkE!a+RCP#*u~OZ{4}3d=g%8q1y5eCR18sDA}M<zPU*>D*$7S_$)D9r
zmN=dh03>)7j|bS8+_4t4(<;R_DMMul^d2@e{qU>4A$p&e6ep~z5K(ou7X^m2fp&gk
zMP~1d%6%YVZdihZ5g@mcK^l*c(ny_+tQ3M;D&4<WOt5rvKa|$lvYkGhDS_)R0P_#(
zfuvJNe&s$aiq!!eh|lT^7;du@P4>UY2rCrRfUl;OeT<sJH1p0)qwFp^3N0p*!^E>9
z6XM#U^c^m%Cpk3D26LrsmyYEDy?shxfqT?E+`mF1mh{X~&(t_@_?R<1ZD!1~>I~p?
zXgRW<Zg_+c!c<YnxX+N7a=LS@C<02xhIF|#{9=*YHKI7vT|i9(@-mzSDLF|&ZjbwC
zz|@T4v%n1f<>5S$^}gw?F3stAhT>S{(DdOI4wXyhYYpX5u6sJ&pf(v;FV<^eOlh_+
zWje+1Fk0}_@gQE+0*(W>cO;L<eQk`J<1aSiEXjfv6qI|ql!ecqbqeM2@MBXIe~&Hm
z5wP~S;%y@l6c6(V(GO-eDiquWeH0Iv18PJ%sg~-=oILuc)~eAnI2*=V>j`9tsL~#7
zRmqPs`tqfTzW7#v8ISuUknQcHIuL$WUTos<;V28T8!eQKUX`$rwXkC0qD1-(xEX7S
z4E8RVM(3Ny$Dm#d{x-TYI6#agQ`$;u?^if+Dx^ej^_qO%8+k764I%$kevA<#2x!fa
zc;ZQE!9L4Pw4ROyV5zPZ9b<SEU&tuz(I6rgOYT)(q_;B3O_TAf-=+FeRU9auNS#~!
zd3%wB7TF`Gp!h$0&gR-9-se<N@=bL0oWIxpR2~k@KS}jQHAKA~gkyhau?hD)+kuY+
zQpNbFceWtU5>U9q+6z#O#MDkMplkWjL5-I-ls>7Q3?*}$`Lp=#T4_K)g>LG@%fAuD
zj4MZi*7X>}HXX!uFGY)70ex<Z*zrDJuOS5Amk%*}W~x-+wOXT;yqN_0=9VI)iHq%!
z)01UJqM$65#5R2snuP5Qy3YuNy)QljG><LMf2p&0w;G@9?)e@f2FD@U3_3kY$-X@(
z$+(MBn*!bu<a}tTeC;nXGFn|IWY@tVJ{tAr-xu@3`M9kMJ(3jgIRUgMC%T~aw|Kde
z4K#7Niht#m2a52$#)S*RX%JDtzT6<<GX_<xSSzPaOAZ{je))3#5aQR4R%Q{Ex+Dk2
z<JQTlkwTr&rQNVILE`2d4s`7EVaU0QELGC^hn-7x>$6zC%6?Jl446s}J>7mzcFo)_
z&>hQq38h10{J`N70zhQn9!Gxi2%4jn1rGA?)+>=4kMOcaV}3gtj`)MVI=KE*c$9T;
zZYJ3$_%_kt(E%r4?V=K+j^AN&&7$*3Z!WD$%KOb2r+KH!%YI|--)6?*lfe)B$}T&p
z1zw>s{S^0PjXAq@JK9wYyVr}D#y3{Q6{K2)6{O}hg+kI?7r^j~-K*K}bg4JU<jC-#
zIoS}&-^9`>9iK%0yBC;I_77C##28+!i-Yp5!yrp>%of8eTuB&jWD8K+f9CPiSQvMm
zyau6mn5s)~DDWWQ;<v1{REyS!(YC(dH%$!NC2lQ&ULWbMB#0vAi&Yl>Yd?fSn_<<k
z!rH|@$*OqthJe1Cew(xle9qc6WRvE4FA{d$RSLeq?EAcP9Mc=WSrV>_s8N&_qlY#F
zg`dp?ZuOTxt1n&3FL9B`FPO3*v?PxN7s-c*X4=^M-Q13F0+jnJALf7!ciUMlhXDmu
z;_is!7^H7p3brxDfdVb4TodfhnB(IAvJ*=;=Gd91CIO;Ndi=cGGSp%p_ULg@VqP!)
z1p7Ulxz2Z|o!E(Ochje?VrPoJg|2g#zvoma*p?Rrx!qq=KP0D7oEoyv&jfAdqN7xU
zZCFbQklzQ7+6$qHI1hVwgI)GVZ*K?VXU!XHha2x5k8jU2_rk)`ZDMYZ#|!dzlFUTS
z9MjplZvYbbb_>pk{{*ylxNC%ORb?`1NSgliRi3*<SD!Vr9PBu;-U*e$wm^H+V3gnt
zsQYW4V*)p|#R#7&D0zY5z}w+z(qT2#$B57rf@WC%z4`2Oc;1GHZ#ACHIy##nDi+AG
z<W2;W@r&H2CY<zwr|S3Crwhl$rM0@93({;pP5{i&5jfUO(ad3|B9y#D`F&jxKjb=X
z9=(l{a>2TFmdCQw#%VEyeqTPhE_&LNzC#LL-vaN5*&^zmmL_aZ$_`;1jqk-{9l6X0
zzR}15jihLqDnUz2_FF@kOKKDI+a84Y8`cJV-e-3npEf=+^ygO<y7Ka{cqH^SGr~k>
zW#9ltcJIi4+uZ*bo6$#<oGR^GU@&KMJ*Q7&_9J~Mkwo{)zSav#EMWWJ*AxvG#k2D^
z@)lBru>*$52OZ6#ANB1}ZqvGd01d2AQSd{QV!^Izg$8|1keO2PX>BL?<S<x$)e83;
zGYN(*r!9S{rf}Cmd!5nQJ2vijmHJi}plCalnZ*R@2eiZOrolYa$n~zyvKB)9<q|&|
z{PA>KE&Y?v3*^)C%1?`o+3K|ZB8G3U6UrJ4%Ftw1z1EMtnbt$PEk?}$W%UA&*q*IN
ztW8evX6KHUOp0CHw<g8ZRijUSU1KCDJ&~q-ChmET>SZGBUOcZlvC7+zbU;I{@LjUf
U(f_&8_%{&z3|$e-B@E2}028+o*#H0l

delta 7080
zcmV;Z8&~ADIIB2+ABzY8f=Cov00Zq^>yO+vlF!%aze2DBcqXuC#$zV|?Cc&E$pLpC
z4hVJ^xDS`Rj#^T8Ye%n0>Uo^u{oAjq_z*>r6s6YKb3hYF+9Or{NETnkVzCsJMH{9?
zQeURqZ=NV!L;B%|_xStv$M3JzUr6tMyuNw=&D(c3*WX`%zkh#oee=!r+jnn&{NbD6
z`l$+}rbE+)br5`$-PPeHiL7*E@Bg2s)ytQ`Pt76E!}{^hf8QrTStZ4rraaV95`<Ni
zrBT?XWf4T8qXbE@gWt=at_0f(K>SiKH~8c1Umud_&?X9cS_JK0eGr#9{Ns{XuN2<k
zrz)(&JSf6{Jo(cLM)l&)gB*UL7eSb1<$V$dZ5gz6STreC$^?2vsPOMqTC_>M4Ws1z
zcUhWseJI*APu7qh;k<hN`|50$6ze+q<B--syE;2-A1kE>lBa!bc$k0$*6l|JS6*!!
zqIh+&TAf8@okV%OZj!K$_UlbroPYcFVs$18w64N`7RrrJ?b(^$v==MPV8N#3$V!v$
zv^T8P{G0Y{Qq!K<npVr8F0;e{|5tb{!NVv@nq~|Yk)p7=8tp#tJE`Y%tuJ1Q_GYb*
z8AH3*=?0tN+Z!_mLOjJ-1tC4#fr=e|im2sybdI(tEQr!M%8ndRe@()e<XhDxcD?{s
zDiD8vxg8F%g+`D^C$|V2in^xa&Fa+^%v!9DBeU1BBK;dRqawd7-2^cdGiu8^O_~Xv
z_h|&l`xz9=N04`6jij9*DgWTxw<ekoP|twl!#~$mQs)gYZqqDjM8=$&I{Ct@!E+Ne
zjnOYDXv>@-`IeY2`r@Xh{py0I$pLFf#hE34ZfhSsBXIWGJatH{FCg<~AJ)lpk~$U0
zU+#?DL+V-DwAi<8Lgzq+M?Ot9&Ycyvvl09oe9+u~p;3=Za#JNyx=o>hSVN+^k_@Ii
z$}?si0{M^Bm!5DQJg%cyX0{n3HwgVd!Xn)13(4~sV>uP=$>uf=f6VMAFvbSVlg^TV
zgBE;Nt>@ixOn$Q6JX(iy7#{hzj0<DgR(Vd!85a&NG4q?ou|Rz}sXjNgSDCYXr8|Af
za!CG3XPTcuJHRdS<{u#M2JI7}(iD(OuQ?u(<vwlqK?sD079`xJQ9!ltY!9%sBVDMh
z`Bk0XVLnLt1shaD=A~F;DGc~%%%!S-lv~m|m{3qriAYLQvSPgJC<~j$k`=uh=Cw(9
zcJY+_@c%D@vO@WX*`Hpt^}$v}B-OIrBx$kp%GNwY#Cq;+;57~qmo-)y1mE7kfA8SG
z_si}@e*O1fp2<2(8he$-({!ZzP*^4$fNCae{s_qUaB&kylhk*M9APYE=eF2?m>!!p
z$)h%#YOB-V9g4Ii@plcyuw%Zd5E-%7N|C%yvJy9@AgL7k6TJy|63o0=w<QCwU}CwC
zu_O$~V0%$Y@&SJW*)yc|WrT|tDBuei|5I>(K@%kn<FJT>`#LpkCi5hRmFw#d>U)q;
zKFiu`XbDLJ?T`lyTgZNbG<9Kr27xBc{;;gt$Eizrpy6A^8B9E`I5g1N+DDomaV+$O
zDn^JV+BmtZTGD&*B?=0E4e}L)AEG@|bWz4oie-e1iJ3+^V+dP)6=CDQlA@g=YD~kN
z93m%%Nn-C7YRo@g^HO3f_&0;H{97oby#(Ls10*YV4pwC?v{3BJJkk4q0ACdOqALyx
zElVSkybfN-cbCBT;$k*VTt>I^K^ov*4@!hj=b(YAuj0IkvJ{$kJ`$_j0wtLx8-`Iv
z^CYX4py3$M{dS-)Q#Z7sP!|;l*+bOJUUYv~5xBBzDZ)&gfgmO$7@Bh?#+wYLyGHF<
zp8CJRXx;VxZMwTmin}F$QTJujHcJE2er-X_I%&%6?h+-i2rO%<1{8r!`H(DAeTIoj
z?SgP6>>sl5ae2g>1tG(>%u_K3fZ|fas=W^5JT2H-gomEC;lmayfpjTf0NRnJpRy=~
zeM2f8Sot6fK+%5)nif=&oYt45{p$KND-G%!SnAncWX27y#dFMmvWf1OWY$L7vJdiu
z)=E3|m3c#`aefe1_MmrsI79n&cD%p+`g2!?<~jGiD)R1uNQ-(I{P@~s*kjsqt)Z->
zps<=Z+7_O`KcIv}c^F;5i`AA#whrt|gmth!K&b*=KQg1xoRvbxuy&J;x9{e9m)2#G
zPujFRO><E>kG0l+SPk!@Mcw9|;jRVrbn}ay@i|jxJk0>Y<?Rz}(rb`L(4@N}%-Dbp
zK7X8Mkb%r-butr*g1JvNTnNhXg>_7f@pFr$#*b3=0AP)Q+(Mg|{5vmpUVVd+aGYD|
zC*#&RVQ0f>VPIqv2LE+cW@+?DJzN+CxfL*k5zq=}gA3(<{fN=<)zZe^b$Dp^+|hGj
z@uio~%psP_JH>6C7<#jXQspDv(G{e@<KujE%nfy{tMU`g>p}|N&2f}>vVw5zIjce0
zW^#VMIuF%;y4pP)1yy!{Db`yV@=}6zOy76Y2aKUL^@A!hFmB325jQko@HBOqxr`kM
zOZX$)`nw{3&N_ooYdEBW<?DF06IQ{ncr?KCHG|0lR8CmX>c^^t>M~6=ZI-<kv+&iG
zuDElrRk&0?M#m2Ex|~>RD8*t%x4sW|2PPg%H})Z?(LGivj`rGtWb~iZ%HoG)bSLbP
z^w$!}4JEyNj7a#_QKX?OgrYSLtfaaxgGKCpUjR)m=<=nbRQ(fdo6>6LRS((}R`J-C
z>u~L`*>hYd=B>ADZ+`r34Et3g$W1X>eC?AS2rUJ{AkSavlTZk2e?^`A90TKijb(8t
zJiTF|+1TXP7?1wbVxM4Tdpl-n3;o)6(ogBjCE3L;+vKV8aL0f6@%rueH+uYso9iD>
z@gKfKVwSdbUdFJnoy*?vI=H!f_wMrgVx>(q%*~fs*Mhn%+wykm^t*Z){E`4pO@Spq
z=UCAU7$;4{U92kZe_WNIixLzkxZfwR4%VtWQApb(aZW(i{45Lp{`0RvRo1Qa!K(Q5
z%FwYg?V$)aYF*{l9JXt(gKd~K$%R%VULv-u<HyMANe|?nbI1Q(T^_37oSP*t_~h<U
z3a*qhfUX?2oh(#04N=h`trBK^=f<l~EjDB1kr{_c4$CuJf5OfUIk_&l^QFEyZ2qwZ
z#XZ{NlHM))COFB2%eg0qG-#QMXD^*gw^^wxrmDnnz0ss>aB5xD%m~vLF?%*>71d}w
zr1xqUr&;zwsh47)>iY?u_udZsm^{wt7g2F@<9B6HT;@{{ql;P}PPnZJ2Le(T=^^sL
z-v3<ZAL5Fmf15sXchbbl$^WLR8;^aAM_YYNaooiaGvTCmu5+2t1_k6tWV+|oxyIxe
z{dqN*0q~J*8Tdm(?6EqL@xXk5%^V3NI{azJ-!`^hMICO~tIWOBd_Jb3>c-JN_|Q~q
z%|j<0W~Cfs^>gVRl#25x`S9F`FoYLAx_#`<#h1D3f3}b3LzW>J_t@!UNiS3;guH|%
zBlFt%fYBgmSXBq&rDq>kcn(n{E&YA2v*22qZsTNo{(C}e-Ws-dxQBVkZv@~15FfJ)
z!CwD5coX2Rkx74_?)I?qk^!clbH;X0i)D=4ST)bdnoy_F!2A(r0n^9e72Cd<7XBv5
zwjZLfe+oBgmbQ<<ry$yw_eF4<f&#RKf8h<=CTY_+$Zv}>4zOwH0GIx?Neg-Zf*#Z%
z=rl>Y1xQ@**64gk;lDnA94iHAF~VWv6L<OMfAf?2I>|t5&OkpJ2NSlFe?noRLk(T3
z9p~vQq9fGX7~R#z$#9oUqoYJcVU$|gSP!<-f8NZ>bz)E6yxGw)I{bQa;N=R@O5FvE
zF{XXTwD)C#GW{XA@ZX+nCPyHiwffK#t&OS$P!90`WeR&YP;Y__=?KlCsgfdgaq4rZ
zS{1Z7(IEEf$82&6V3?Fq3WfI=QB=7jYJ3DMOhxGuZ3fd?mKL{b_yr-fxUS7FlmNTs
zf45){$sPKjEPx2D8mHk-gA#9NLApvM*J<ocv<$#bG^x{Q4XcDvm%ETGI0`1RKx0m2
zp>7UiqfVkb<~fLa`SFs?;h~~=(o2C&pqEw!H_J-f$7x4DW*)v+Y%)D|#EAOBbkE_F
z3xOza-z)&>Gre)IFpQY>iR%j6y37^5e*rbEyo^D8SQ#U3j1*7!n-BMrrcedPf(?Ut
z%tjpbtM^1UINA$nUTD|G+tBHz2u$p;&F+?S+S855pg?`}ms1C*T~2y2ugc5}U~<l!
zQ(ZfnW{B{rt3dmNb)~By!Do4)YhGn{h6i)2>cpBnv}}0h`)+<<is0mpg3o?4e;pxw
z5JQ-S(tvdfH%{h>?=#z{_q`}bifQ!m=4IFKRKEE~Qx=!-@`bAcpNw|Fp`qdP&}HXk
z@RvAdj;ncioAkWO_DOUb+?Vz3C6N7FStZ*;mOY|XA0&{McVzM}g8L-chj(};yGc+0
zK~rW2G!p~Ye{urkiAy>s-<DVpe`ws-%#G^4JY+G?9RJQ?c?NX}HkSziIDNpljh6iY
z;YUw~&Zr{HES*S56);*|G!+7UIyE*HTn>#GHa%j-@a@?ItuN*c=ZV<U6_1G-OrAe{
z@%t86uh~R{w#+I=w&=)Zs-s)g7ylT+``3Y+QJyjr5j){2^O&sBPszh)f0@#lNHbT~
zr;qNVI9Kjl_26LYFky95^_F?nk?}7&^WKb6<_a%5x3hR)PVO8Ym`meL9_=nnpBCoC
z6E!Q}UM!2Uj4EcnJpLru-A(eRguhuH-xU4eX|hlv7d%}C7;IqmvZLv8>P4JcPN^FU
zusCPndty$W^gMAVPkf%Zf76vtPvFV3;25sYOxO!RKXI37ihJT;<OLPjv50+hd#@Mf
zR3*|AcwRU20G`#&T)2Jj2=8vdAx+&t)}1<pPd6UMD%1Mzy_{$GAv5%E^z_mnf95_D
z{4AvJI$^9!=TAY5cqat+-Ywn>G0)GpAoL{TcNUnl7+qa3ldIH4f6}7;!<U@yOFuSI
zn^}q?i0={EixkAxMEfN6%N$SV$8sJm<f^+GuqHqEFly5~7<#dVfz!wM?hsS_NM0WH
zrg6znI47pNXrJ}Cob*!*H={^9-eX6Lq`TjC9*x3}@s)E}F{;@<3WA;cO?1X7G<I#w
z?lKpBs%D>LnFpPpf065m6U^S(qF_t6Gni)PrFlnL*ybKH?%THV%tEk4Wu8}A^01~p
zInLWVY4w$$k;(78dG@L9jAQMwQ(Cq%(opB~9dntt&@1Fo=Y8rV?&i4O?11+(Cv%Nv
z#!prKi20TF&^C^h${rfLg_)x(f)6AMZ{k(GLqR4R&4zAke=f8(G3k>#y|a#-l9`A`
z3hyC|rr#2dT<_Oq!J;Aa*huEOG;LX<wuk-{G<`py*J9e-TIk7*02i^MY3|cD+MDTk
zJP^J6z#cX(?=8?ggtNGyX{I6~e1EXih!d2Ro8LAa(R;Du<fpe37zMp@91XqdV&mX|
zr&{OD&O+TIe+H!nPtkzdwogx+NErs?%bEUfXur|WF?3D9ZU?UEaBLkVw)&e`g$lfd
zCx8$FhGXi`N=r;$l>7TQY(vL5A~jtMI(q?L219B`%Q?0Uj8{heRt(iEHebl^WLgGS
za%fYo=Eli3JY+31$voIZqH?hAXM=uhaEXbzsb|fCe_C1w4JRg5DBU`74N;PsX5Zal
zH*&o)GuBmZwS!);*Gx1U2ZbHLlIs=*f0;ESZDV0hE2bgN<HpY$-?3@Y%hie;x}m>j
z4-vcjjn~!ueY5}hiCn6guHfMVt$K?BZyrW#w6xY~oX{W4joS-{{CbLJP7!VtUV9OI
z{kcB{f3UWYbGiJ%9)rKtE{y}R4;{pK^YwXzDM0!<25bX7bfEP1pnTZYy7Tc-9+`ZC
zJ|2*qqvKuO`9_<4?s3KPa=15mTYqwR-3F0}$vDzD7L#Om<~EIWcxLB&dZXS*<63)f
z$s9L-?3gX(F0Ei%F1F=}t>lkG(zI*R>GT`5e+GJ9pLGtS1e6)KwMGzo*<w^;A5##0
z&(Y7y^F+odAZ6XrgH~-rQpSZri+DX*d&<^mwTGG(vbb~>H=|uO8t}0&syHD-mrC|Y
z27}S1ey>(>a;NS=ES4yR2n2`c@-{OUP*StQVrv;KlH}k)liksp+t#I{X!s2fER~ZY
ze=Ez%3(7A`EF7p5wbKM3WR^B*OrBw*TXeovIf7wyhd$u&*@F+5<ni4kE_paNW^Z6T
z;~DU|3#onR3iywF`ckuj--O$*udTf~&)7a*wM@9S`-umcuLPQYxByp|(n&{5Auwe(
z+)2k(7rD_|Kd_CbA2AtO7O}(7lC?j;e{jq;4oFX1456h(*{0h^x5=gpozr<Ujnqh%
za(Oe<h&=E8@?Lf4UD8->-APK)s?8r9Btr6lWR*M-3Om3kp%@p30u{(8q(-ox&7lSc
zJN0g(2yNHEL;H4}E^af+6?GVSU)yF1=veA@E&meVHgodCn*(YeA*zeJ)V65Kf4dq!
zdsRux`iAGd4#6cgJAB|g#OgR$!*v-sWMyO$Ub9nq?9-hRO+p!}jFE!Lgx0f39+E{G
z3+_^ARI;OP*{$(zDupMGGH8U33Tl+hBgknD);Qer#F<>e3fsUsQx-5M5v|~3)#;RZ
zDw{)<f8`Q*6Xu&x6M2++i;_saf0~CVr%9by#>GzJ8Y{C^2t33P31bWY+sg04bp>J1
z9rZMlJ4$1uch^*~Q1@XRPD0VsJV;4^<ApYx`4B@P*Mqq>Jt4D0?hB1+5VzIN#LO9{
z_Xa;zc1?yIzkSs5?E7Dt0F_`zbb{Y1A57D0APvGk)ip#NwX<!To<|02e^aK4*qLyP
z)p3cnoNe;VTow~<SkdtYHIVZVR!|D>9QQhC$!%A4sto+wYGAOi(=yLJgJ{L4571f4
z%i=x>#lS_xG>-1r3pEwXvgZ7%f}a**qR&CJX<;*;u@ID|oMX_z!sd_BYFYudX`S4|
zkc)jFEUkj}fLX@}2Wcp<f1QZf7>fwcbP7DWwMLq`SiMvUyZdI7vZApxdOXF*9A`gl
zNP4K9CQ31u$MTkA-nFt5weY3%r58G5kAZrzh3h4S+sz&#4$ysUW8Isc%tmJsDel6;
zJ<8>^h)7oHlEsB1W>clIwhl%NFr9^X0><evj!#N4XDt({{UE_me_%B%Q13|gtVi74
zaCG;p!)6Vwa_%e!lEz48{+iS$`lj&ck%mbh>vD^_Fp)wVn-T9pW$QaQg$@N&&&<~~
zYH~a(j0bLvM8$$4A8{Sn6;N^TwHV`Q8Dt}ad{5<9eAhXGqlZ)Y<nA!jdR%FULv9}Q
zemU}fYH;C)-l{r8e`C+pGzXrA(N(~{l5;M*a-f7%x2ZZr-sw9MQ+Wvj!f8=?>$_&I
zi;}d*4wXG--w5k@)4GwnnWaB}(Y$G!!sP-WzKEwy`G$E-lvAH19iH_)mcc6GpS8YG
z@FMM^|2g8s6O0-nUi)}~;vc4v4#{{p^FGo10DA2ELnBf2e|V_Y8G+kW&WT~l<gUj8
zr}&G=P<<cOz(7_lOnm-l<fhH|H;i2GMlang1n;~ivrrzc8#Bjd;l4cMgFb$N#_}<#
zk>&2#uS?PC$dp@L(*);t@j~`>?G}x}&L~M;uCS6w@oyB7gN$H)KAw_%-2G3I&YbXC
zeYSfU{LJEJE@qD`;7Q6p;04MGY$I@<y~Gcl1_qs7ek7zT-vtkO!a}~P*|H~WQAC}a
zw9=20N*6VM3Hos;gOB|omDYb4hLl*Jdj~9ZtfHM1O2QExtM`lsif$HZb(d|U7dAhs
zFG_X}t;Hl4x(_)V%OIHiD7<HZ7L>+L%)N}+Z7XR4(j8PBek85kjiz<D&uG(=_2x-y
zxCF*3)c24cMguiOl@^j1J()n0YWHbkJ^!I{Bk4bXx~PTksX}eK<7RR)<y#9fuY&>_
z-7-UalAD|%hdIWItLsPJfu&Els79&_-Y~RHcDq(}b*s_ZJ{V)|xZ_;gcf>Pz4z_;R
zOk1m`nbEP0k22Sl8fDEh8z0*V_xD==TV1Vx#L;#_q|tW5T{Kf^N9dea{aXJ>qNb5Q
zGjQ>LaZ!_p5y7WqYINnE<SacueDRF1#m9y#UM{lmQqJqc*-(U)S7${LUY<hDgXY2A
z_Ydr+LhpWih<QAK+he459+qC2bY%Q_CCsZUm`HC!Ar3-^E0{<45Kp9`xO5tIef`8-
z)dPMs8t`Lp3bx^jf@LgBKj@YD_D>VrZ3K3IE11V2pv6g{Bk1`S>Mk2b-$c!w!n&9|
zfpdhfQ^W*kh*2j959bFzrw3n=@bT`_$$Wx^kMT~4T|S02Vg7sdI>7T=zAaF_>uq;B
zedR{XB(?E-qTZOWV#Bo7cq+()t6JkcBiF<{^z12_`dtk35)G{Zo^l~tugY-BSHsAE
z8MKj;cL&*4PEp<apC0b$EKVV&uWu^H6@2aMKE~-jP%v@!jQsso!4y8s1Y!4SvD)^B
zM=mV*Evv<(VkrC<r>}}W*Cd<ta{FZ8wse30^X<+1@89a*|9tzy_owfFeu;F23i;J<
zm+XsPG&9gxerWk8EZ2t*e08orbmO0Ye_f!thH2sI(9~C1x<TdTis4*ces}ifjW?Pw
zobaz|A*u<K{VW3wTa*rODZuO@dV_Gw;l&H%MT-`0Ij}8kA)9@=Z5Kfl{RZlLwNUeR
zknv)Wcz8p#2a0GhQ8KWl&?MD={m<2Zf5*=5mK}d@@YJbUrr{M-{sp<EVT<yAuFMX3
z@@Bdyl+Uzw&<zQ>PRpgnIqOx6!#+(hpQ4myl*UWpH7ejTvq*n2Tf9FhIV?9~J7{h)
z;=l7&P~|JA{c>yIFx4K3yt+zSp*@_#w0-d}XWm$m_%09?vBTlh)$wrH?~g)RUEPID
zaOfV(kbHqU2S_SU2NW*@)RXytB3J-*#j5`s1_k#96|SNtNJ-To`sH`O;pcGtTZ4UA
zXB=3>8TUu_FEoW1Uj`U`NT+s47ak80Kd}>dAl@7S*<p5aT&9~U?Gm<So=zQ-#)>PT
zJPhEHVzr|mBVq}U3+FPjMWickElZ}hm$~_mn$4Xv6~}yn2}>ZG=dGiEr!6!5qO+Gh
zi)AJ;fxqxvCSVtz(lp@XXExB@hBMowe$5;<WmySuhN@zLnx~A}$|VTqOf%NP{dQTU
z@g%)-1P)KI0IyjF?+w2~x@3D?v2DWS{xb0MRpwX#Rut0-vlD%zQU%)0!|Bg*gc8q3
z`PzosQ#z$nI;B%OrBgaHrBgbkQ#z$nI;B%OrBgbkQ#z$nI;B%OrBgbkQ#z$nI;B%O
SrBga3L;61?8Oc!q@Bjc0GxwhW

diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index b1dd7bdc..0b8dd195 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -3854,6 +3854,13 @@ index 759016583..1b9a61d18 100644
 +tunable_policy(`use_fusefs_home_dirs',`
 +	fs_mounton_fusefs(seunshare_domain)
  ')
+diff --git a/policy/modules/contrib b/policy/modules/contrib
+index 298b88741..b35f071ea 160000
+--- a/policy/modules/contrib
++++ b/policy/modules/contrib
+@@ -1 +1 @@
+-Subproject commit 298b887411b663a7da40a7a465915a7352bac80d
++Subproject commit b35f071eace9e06117f78cdda3dd6692388dff6f
 diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
 index 33e0f8dad..6fd767031 100644
 --- a/policy/modules/kernel/corecommands.fc
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index de01743f..72de4e24 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -31970,294 +31970,6 @@ index e5b15fb7e..220622e84 100644
  	allow games_t self:process execmem;
  ')
  
-diff --git a/ganesha.fc b/ganesha.fc
-new file mode 100644
-index 000000000..c723bfb97
---- /dev/null
-+++ b/ganesha.fc
-@@ -0,0 +1,12 @@
-+/usr/bin/ganesha.nfsd		--	gen_context(system_u:object_r:ganesha_exec_t,s0)
-+
-+/usr/lib/systemd/system/nfs-ganesha-config.*		--	gen_context(system_u:object_r:ganesha_unit_file_t,s0)
-+
-+/usr/lib/systemd/system/nfs-ganesha-lock.*		--	gen_context(system_u:object_r:ganesha_unit_file_t,s0)
-+
-+/usr/lib/systemd/system/nfs-ganesha.*e		--	gen_context(system_u:object_r:ganesha_unit_file_t,s0)
-+
-+/var/log/ganesha.log.*	--	gen_context(system_u:object_r:ganesha_var_log_t,s0)
-+/var/log/ganesha-gfapi.log.*	--	gen_context(system_u:object_r:ganesha_var_log_t,s0)
-+
-+/var/run/ganesha(/.*)?		gen_context(system_u:object_r:ganesha_var_run_t,s0)
-diff --git a/ganesha.if b/ganesha.if
-new file mode 100644
-index 000000000..d9ba5fa27
---- /dev/null
-+++ b/ganesha.if
-@@ -0,0 +1,147 @@
-+
-+## <summary>policy for ganesha</summary>
-+
-+########################################
-+## <summary>
-+##	Execute ganesha_exec_t in the ganesha domain.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+##	Domain allowed to transition.
-+## </summary>
-+## </param>
-+#
-+interface(`ganesha_domtrans',`
-+	gen_require(`
-+		type ganesha_t, ganesha_exec_t;
-+	')
-+
-+	corecmd_search_bin($1)
-+	domtrans_pattern($1, ganesha_exec_t, ganesha_t)
-+')
-+
-+######################################
-+## <summary>
-+##	Execute ganesha in the caller domain.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`ganesha_exec',`
-+	gen_require(`
-+		type ganesha_exec_t;
-+	')
-+
-+	corecmd_search_bin($1)
-+	can_exec($1, ganesha_exec_t)
-+')
-+########################################
-+## <summary>
-+##	Read ganesha PID files.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`ganesha_read_pid_files',`
-+	gen_require(`
-+		type ganesha_var_run_t;
-+	')
-+
-+	files_search_pids($1)
-+	read_files_pattern($1, ganesha_var_run_t, ganesha_var_run_t)
-+')
-+
-+########################################
-+## <summary>
-+##	Execute ganesha server in the ganesha domain.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed to transition.
-+##	</summary>
-+## </param>
-+#
-+interface(`ganesha_systemctl',`
-+	gen_require(`
-+		type ganesha_t;
-+		type ganesha_unit_file_t;
-+	')
-+
-+	systemd_exec_systemctl($1)
-+        systemd_read_fifo_file_passwd_run($1)
-+	allow $1 ganesha_unit_file_t:file read_file_perms;
-+	allow $1 ganesha_unit_file_t:service manage_service_perms;
-+
-+	ps_process_pattern($1, ganesha_t)
-+')
-+
-+
-+########################################
-+## <summary>
-+##	Send and receive messages from
-+##	ganesha over dbus.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`ganesha_dbus_chat',`
-+	gen_require(`
-+		type ganesha_t;
-+		class dbus send_msg;
-+	')
-+
-+	allow $1 ganesha_t:dbus send_msg;
-+	allow ganesha_t $1:dbus send_msg;
-+')
-+
-+########################################
-+## <summary>
-+##	All of the rules required to administrate
-+##	an ganesha environment
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+## <param name="role">
-+##	<summary>
-+##	Role allowed access.
-+##	</summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`ganesha_admin',`
-+	gen_require(`
-+		type ganesha_t;
-+		type ganesha_var_run_t;
-+	type ganesha_unit_file_t;
-+	')
-+
-+	allow $1 ganesha_t:process { signal_perms };
-+	ps_process_pattern($1, ganesha_t)
-+
-+    tunable_policy(`deny_ptrace',`',`
-+        allow $1 ganesha_t:process ptrace;
-+    ')
-+
-+	files_search_pids($1)
-+	admin_pattern($1, ganesha_var_run_t)
-+
-+	ganesha_systemctl($1)
-+	admin_pattern($1, ganesha_unit_file_t)
-+	allow $1 ganesha_unit_file_t:service all_service_perms;
-+	optional_policy(`
-+		systemd_passwd_agent_exec($1)
-+		systemd_read_fifo_file_passwd_run($1)
-+	')
-+')
-diff --git a/ganesha.te b/ganesha.te
-new file mode 100644
-index 000000000..f25a3f34d
---- /dev/null
-+++ b/ganesha.te
-@@ -0,0 +1,111 @@
-+policy_module(ganesha, 1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+## <desc>
-+## <p>
-+## Allow ganesha to read/write fuse files
-+## </p>
-+## </desc>
-+gen_tunable(ganesha_use_fusefs, false)
-+
-+type ganesha_t;
-+type ganesha_exec_t;
-+init_daemon_domain(ganesha_t, ganesha_exec_t)
-+
-+type ganesha_var_log_t;
-+logging_log_file(ganesha_var_log_t)
-+
-+type ganesha_var_run_t;
-+files_pid_file(ganesha_var_run_t)
-+
-+type ganesha_tmp_t;
-+files_tmp_file(ganesha_tmp_t)
-+
-+type ganesha_unit_file_t;
-+systemd_unit_file(ganesha_unit_file_t)
-+
-+########################################
-+#
-+# ganesha local policy
-+#
-+dontaudit ganesha_t self:capability net_admin;
-+
-+allow ganesha_t self:capability { dac_read_search dac_override };
-+allow ganesha_t self:capability2 block_suspend;
-+allow ganesha_t self:process { setcap setrlimit };
-+allow ganesha_t self:fifo_file rw_fifo_file_perms;
-+allow ganesha_t self:unix_stream_socket create_stream_socket_perms;
-+allow ganesha_t self:tcp_socket { accept listen };
-+
-+manage_dirs_pattern(ganesha_t, ganesha_var_run_t, ganesha_var_run_t)
-+manage_files_pattern(ganesha_t, ganesha_var_run_t, ganesha_var_run_t)
-+manage_lnk_files_pattern(ganesha_t, ganesha_var_run_t, ganesha_var_run_t)
-+files_pid_filetrans(ganesha_t, ganesha_var_run_t, { dir file lnk_file })
-+
-+manage_dirs_pattern(ganesha_t, ganesha_var_log_t, ganesha_var_log_t)
-+manage_files_pattern(ganesha_t, ganesha_var_log_t, ganesha_var_log_t)
-+logging_log_filetrans(ganesha_t, ganesha_var_log_t, { file dir })
-+
-+manage_dirs_pattern(ganesha_t, ganesha_tmp_t, ganesha_tmp_t)
-+manage_files_pattern(ganesha_t, ganesha_tmp_t, ganesha_tmp_t)
-+files_tmp_filetrans(ganesha_t, ganesha_tmp_t, { file dir })
-+
-+kernel_read_system_state(ganesha_t)
-+kernel_search_network_sysctl(ganesha_t)
-+kernel_read_net_sysctls(ganesha_t)
-+
-+auth_use_nsswitch(ganesha_t)
-+
-+corenet_tcp_bind_nfs_port(ganesha_t)
-+corenet_tcp_connect_generic_port(ganesha_t)
-+corenet_tcp_connect_gluster_port(ganesha_t)
-+corenet_udp_bind_dey_keyneg_port(ganesha_t)
-+corenet_tcp_bind_dey_keyneg_port(ganesha_t)
-+corenet_udp_bind_nfs_port(ganesha_t)
-+corenet_udp_bind_all_rpc_ports(ganesha_t)
-+corenet_tcp_bind_all_rpc_ports(ganesha_t)
-+corenet_tcp_bind_mountd_port(ganesha_t)
-+corenet_udp_bind_mountd_port(ganesha_t)
-+corenet_tcp_connect_virt_migration_port(ganesha_t)
-+corenet_tcp_connect_all_rpc_ports(ganesha_t)
-+
-+dev_rw_infiniband_dev(ganesha_t)
-+dev_read_gpfs(ganesha_t)
-+dev_read_rand(ganesha_t)
-+
-+logging_send_syslog_msg(ganesha_t)
-+
-+sysnet_dns_name_resolve(ganesha_t)
-+
-+optional_policy(`
-+	dbus_system_bus_client(ganesha_t)
-+	dbus_connect_system_bus(ganesha_t)
-+    unconfined_dbus_chat(ganesha_t)
-+')
-+
-+optional_policy(`
-+    glusterd_read_conf(ganesha_t)
-+    glusterd_read_lib_files(ganesha_t)
-+    glusterd_manage_pid(ganesha_t)
-+')
-+
-+optional_policy(`
-+    kerberos_read_keytab(ganesha_t)
-+')
-+
-+optional_policy(`
-+	rpc_manage_nfs_state_data_dir(ganesha_t)
-+    rpc_read_nfs_state_data(ganesha_t)
-+	rpcbind_stream_connect(ganesha_t)
-+')
-+
-+tunable_policy(`ganesha_use_fusefs',`
-+    fs_manage_fusefs_dirs(ganesha_t)
-+    fs_manage_fusefs_files(ganesha_t)
-+    fs_read_fusefs_symlinks(ganesha_t)
-+    fs_getattr_fusefs(ganesha_t)
-+')
 diff --git a/gatekeeper.te b/gatekeeper.te
 index 28203689c..88c98f481 100644
 --- a/gatekeeper.te
@@ -33565,10 +33277,10 @@ index 5cd09096a..bd3c3d21b 100644
 +corenet_tcp_connect_glance_registry_port(glance_scrubber_t)
 diff --git a/glusterd.fc b/glusterd.fc
 new file mode 100644
-index 000000000..9806f50ae
+index 000000000..e42e81f5f
 --- /dev/null
 +++ b/glusterd.fc
-@@ -0,0 +1,25 @@
+@@ -0,0 +1,30 @@
 +/etc/rc\.d/init\.d/gluster.*	--	gen_context(system_u:object_r:glusterd_initrc_exec_t,s0)
 +
 +/etc/glusterfs(/.*)?	gen_context(system_u:object_r:glusterd_conf_t,s0)
@@ -33594,12 +33306,17 @@ index 000000000..9806f50ae
 +/var/run/glusterd(/.*)?	gen_context(system_u:object_r:glusterd_var_run_t,s0)
 +/var/run/glusterd.*	--	gen_context(system_u:object_r:glusterd_var_run_t,s0)
 +/var/run/glusterd.*	-s	gen_context(system_u:object_r:glusterd_var_run_t,s0)
++
++/var/log/ganesha(/.*)?      gen_context(system_u:object_r:glusterd_log_t,s0)
++/var/log/ganesha.log	--	gen_context(system_u:object_r:glusterd_log_t,s0)
++/var/log/ganesha-gfapi.log	--	gen_context(system_u:object_r:glusterd_log_t,s0)
++
 diff --git a/glusterd.if b/glusterd.if
 new file mode 100644
-index 000000000..450146018
+index 000000000..291191f17
 --- /dev/null
 +++ b/glusterd.if
-@@ -0,0 +1,302 @@
+@@ -0,0 +1,301 @@
 +
 +## <summary>policy for glusterd</summary>
 +
@@ -33901,13 +33618,12 @@ index 000000000..450146018
 +	admin_pattern($1, glusterd_conf_t)
 +
 +')
-+
 diff --git a/glusterd.te b/glusterd.te
 new file mode 100644
-index 000000000..7eeb7b0c0
+index 000000000..ffa5ab9b3
 --- /dev/null
 +++ b/glusterd.te
-@@ -0,0 +1,331 @@
+@@ -0,0 +1,328 @@
 +policy_module(glusterd, 1.1.3)
 +
 +## <desc>
@@ -33974,6 +33690,8 @@ index 000000000..7eeb7b0c0
 +type glusterd_brick_t;
 +files_type(glusterd_brick_t)
 +
++typealias glusterd_log_t alias ganesha_var_log_t;
++
 +########################################
 +#
 +# Local policy
@@ -34177,11 +33895,6 @@ index 000000000..7eeb7b0c0
 +')
 +
 +optional_policy(`
-+    ganesha_systemctl(glusterd_t)
-+    ganesha_dbus_chat(glusterd_t)
-+')
-+
-+optional_policy(`
 +    hostname_exec(glusterd_t)
 +')
 +
@@ -34221,8 +33934,8 @@ index 000000000..7eeb7b0c0
 +optional_policy(`
 +    rpc_systemctl_nfsd(glusterd_t)
 +    rpc_systemctl_rpcd(glusterd_t)
-+
 +    rpc_domtrans_nfsd(glusterd_t)
++    rpc_dbus_chat_nfsd(glusterd_t)
 +    rpc_domtrans_rpcd(glusterd_t)
 +    rpc_manage_nfs_state_data(glusterd_t)
 +	rpc_manage_nfs_state_data_dir(glusterd_t)
@@ -90565,7 +90278,7 @@ index c8bdea28d..96da15f8a 100644
 +	logging_log_named_filetrans($1, var_log_t, dir, "bundles")
  ')
 diff --git a/rhcs.te b/rhcs.te
-index 6cf79c449..5c0bfd05d 100644
+index 6cf79c449..63c113978 100644
 --- a/rhcs.te
 +++ b/rhcs.te
 @@ -20,6 +20,35 @@ gen_tunable(fenced_can_network_connect, false)
@@ -90804,7 +90517,7 @@ index 6cf79c449..5c0bfd05d 100644
 +')
 +
 +optional_policy(`
-+    ganesha_dbus_chat(cluster_t)
++    rpc_dbus_chat_nfsd(cluster_t)
 +')
 +
 +optional_policy(`
@@ -93361,11 +93074,18 @@ index ccb5991ed..fa10c5a2d 100644
  
  optional_policy(`
 diff --git a/rpc.fc b/rpc.fc
-index a6fb30cb3..97ef313df 100644
+index a6fb30cb3..e11f3a0f3 100644
 --- a/rpc.fc
 +++ b/rpc.fc
-@@ -1,12 +1,25 @@
+@@ -1,12 +1,31 @@
 -/etc/exports	--	gen_context(system_u:object_r:exports_t,s0)
+ 
+-/etc/rc\.d/init\.d/nfs	--	gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
+-/etc/rc\.d/init\.d/nfslock	--	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
+-/etc/rc\.d/init\.d/rpcidmapd	--	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
+ 
+-/sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
+-/sbin/sm-notify	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 +#
 +# /etc
 +#
@@ -93374,16 +93094,15 @@ index a6fb30cb3..97ef313df 100644
 +/etc/rc\.d/init\.d/nfslock --	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/rpcidmapd --	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
  
--/etc/rc\.d/init\.d/nfs	--	gen_context(system_u:object_r:nfsd_initrc_exec_t,s0)
--/etc/rc\.d/init\.d/nfslock	--	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
--/etc/rc\.d/init\.d/rpcidmapd	--	gen_context(system_u:object_r:rpcd_initrc_exec_t,s0)
 +/usr/lib/systemd/system/nfs.* 		--	gen_context(system_u:object_r:nfsd_unit_file_t,s0)
 +/usr/lib/systemd/system/rpc.* 		--	gen_context(system_u:object_r:rpcd_unit_file_t,s0)
- 
--/sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
--/sbin/sm-notify	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
++
++/usr/lib/systemd/system/nfs-ganesha-config.*		--	gen_context(system_u:object_r:nfsd_unit_file_t,s0)
++/usr/lib/systemd/system/nfs-ganesha-lock.*		--	gen_context(system_u:object_r:nfsd_unit_file_t,s0)
++/usr/lib/systemd/system/nfs-ganesha.*e		--	gen_context(system_u:object_r:nfsd_unit_file_t,s0)
++
 +/usr/lib/systemd/system-generators/nfs.* 		--	gen_context(system_u:object_r:nfsd_exec_t,s0)
- 
++
 +#
 +# /sbin
 +#
@@ -93396,24 +93115,27 @@ index a6fb30cb3..97ef313df 100644
  /usr/sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
  /usr/sbin/rpc\.idmapd	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
  /usr/sbin/rpc\.gssd	--	gen_context(system_u:object_r:gssd_exec_t,s0)
-@@ -16,7 +29,13 @@
+@@ -16,7 +35,16 @@
  /usr/sbin/rpc\.svcgssd	--	gen_context(system_u:object_r:gssd_exec_t,s0)
  /usr/sbin/sm-notify	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
  
 -/var/lib/nfs(/.*)?	gen_context(system_u:object_r:var_lib_nfs_t,s0)
++/usr/bin/ganesha\.nfsd		--	gen_context(system_u:object_r:nfsd_exec_t,s0)
++
 +#
 +# /var
 +#
 +/var/lib/nfs(/.*)?		gen_context(system_u:object_r:var_lib_nfs_t,s0)
  
 +/var/run/sm-notify.*		gen_context(system_u:object_r:rpcd_var_run_t,s0)
++/var/run/ganesha.*		gen_context(system_u:object_r:rpcd_var_run_t,s0)
  /var/run/rpc\.statd(/.*)?	gen_context(system_u:object_r:rpcd_var_run_t,s0)
 -/var/run/rpc\.statd\.pid	--	gen_context(system_u:object_r:rpcd_var_run_t,s0)
 +/var/run/rpc\.statd\.pid --	gen_context(system_u:object_r:rpcd_var_run_t,s0)
 +/var/run/rpc\.statd\.lock --	gen_context(system_u:object_r:rpcd_lock_t,s0)
 +
 diff --git a/rpc.if b/rpc.if
-index 0bf13c220..79a2a9c48 100644
+index 0bf13c220..2ee527f2a 100644
 --- a/rpc.if
 +++ b/rpc.if
 @@ -1,4 +1,4 @@
@@ -93750,11 +93472,10 @@ index 0bf13c220..79a2a9c48 100644
 +
 +	files_search_var_lib($1)
 +	allow $1 var_lib_nfs_t:dir list_dir_perms;
- ')
- 
- ########################################
- ## <summary>
--##	Read nfs lib files.
++')
++
++########################################
++## <summary>
 +##	Manage NFS state data in /var/lib/nfs.
 +## </summary>
 +## <param name="domain">
@@ -93770,10 +93491,11 @@ index 0bf13c220..79a2a9c48 100644
 +
 +	files_search_var_lib($1)
 +	allow $1 var_lib_nfs_t:dir manage_dir_perms;
-+')
-+
-+########################################
-+## <summary>
+ ')
+ 
+ ########################################
+ ## <summary>
+-##	Read nfs lib files.
 +##	Read NFS state data in /var/lib/nfs.
  ## </summary>
  ## <param name="domain">
@@ -93868,7 +93590,7 @@ index 0bf13c220..79a2a9c48 100644
  	')
  
  	allow $1 rpc_domain:process { ptrace signal_perms };
-@@ -411,10 +505,28 @@ interface(`rpc_admin',`
+@@ -411,10 +505,49 @@ interface(`rpc_admin',`
  	admin_pattern($1, rpcd_var_run_t)
  
  	files_list_all($1)
@@ -93898,8 +93620,29 @@ index 0bf13c220..79a2a9c48 100644
 +
 +    allow $1 gssd_t:process { noatsecure rlimitinh };
 +')
++
++########################################
++## <summary>
++##	Send and receive messages from
++##	ganesha over dbus.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`rpc_dbus_chat_nfsd',`
++	gen_require(`
++		type nfsd_t;
++		class dbus send_msg;
++	')
++
++	allow $1 nfsd_t:dbus send_msg;
++	allow nfsd_t $1:dbus send_msg;
++')
 diff --git a/rpc.te b/rpc.te
-index 2da9fca2f..c8afd1e50 100644
+index 2da9fca2f..f06eb2732 100644
 --- a/rpc.te
 +++ b/rpc.te
 @@ -6,22 +6,27 @@ policy_module(rpc, 1.15.1)
@@ -93942,7 +93685,7 @@ index 2da9fca2f..c8afd1e50 100644
  
  attribute rpc_domain;
  
-@@ -39,21 +44,26 @@ files_tmp_file(gssd_tmp_t)
+@@ -39,25 +44,36 @@ files_tmp_file(gssd_tmp_t)
  type rpcd_var_run_t;
  files_pid_file(rpcd_var_run_t)
  
@@ -93974,7 +93717,17 @@ index 2da9fca2f..c8afd1e50 100644
  
  type var_lib_nfs_t;
  files_mountpoint(var_lib_nfs_t)
-@@ -71,7 +81,6 @@ allow rpc_domain self:tcp_socket { accept listen };
+ 
++type nfsd_tmp_t;
++files_tmp_file(nfsd_tmp_t)
++
++typealias nfsd_exec_t alias ganesha_exec_t;
++typealias nfsd_unit_file_t alias ganesha_unit_file_t;
++
+ ########################################
+ #
+ # Common rpc domain local policy
+@@ -71,7 +87,6 @@ allow rpc_domain self:tcp_socket { accept listen };
  manage_dirs_pattern(rpc_domain, var_lib_nfs_t, var_lib_nfs_t)
  manage_files_pattern(rpc_domain, var_lib_nfs_t, var_lib_nfs_t)
  
@@ -93982,7 +93735,7 @@ index 2da9fca2f..c8afd1e50 100644
  kernel_read_kernel_sysctls(rpc_domain)
  kernel_rw_rpc_sysctls(rpc_domain)
  
-@@ -79,8 +88,6 @@ dev_read_sysfs(rpc_domain)
+@@ -79,8 +94,6 @@ dev_read_sysfs(rpc_domain)
  dev_read_urand(rpc_domain)
  dev_read_rand(rpc_domain)
  
@@ -93991,7 +93744,7 @@ index 2da9fca2f..c8afd1e50 100644
  corenet_tcp_sendrecv_generic_if(rpc_domain)
  corenet_udp_sendrecv_generic_if(rpc_domain)
  corenet_tcp_sendrecv_generic_node(rpc_domain)
-@@ -108,41 +115,48 @@ files_read_etc_runtime_files(rpc_domain)
+@@ -108,41 +121,48 @@ files_read_etc_runtime_files(rpc_domain)
  files_read_usr_files(rpc_domain)
  files_list_home(rpc_domain)
  
@@ -94049,7 +93802,7 @@ index 2da9fca2f..c8afd1e50 100644
  kernel_read_sysctl(rpcd_t)
  kernel_rw_fs_sysctls(rpcd_t)
  kernel_dontaudit_getattr_core_if(rpcd_t)
-@@ -163,13 +177,21 @@ fs_getattr_all_fs(rpcd_t)
+@@ -163,13 +183,21 @@ fs_getattr_all_fs(rpcd_t)
  
  storage_getattr_fixed_disk_dev(rpcd_t)
  
@@ -94073,7 +93826,7 @@ index 2da9fca2f..c8afd1e50 100644
  
  ifdef(`distro_debian',`
  	term_dontaudit_use_unallocated_ttys(rpcd_t)
-@@ -181,19 +203,27 @@ optional_policy(`
+@@ -181,19 +209,27 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -94104,17 +93857,26 @@ index 2da9fca2f..c8afd1e50 100644
  ')
  
  ########################################
-@@ -201,42 +231,66 @@ optional_policy(`
+@@ -201,42 +237,75 @@ optional_policy(`
  # NFSD local policy
  #
  
 -allow nfsd_t self:capability { dac_override dac_read_search sys_admin sys_resource };
-+allow nfsd_t self:capability {  dac_read_search sys_admin sys_resource };
++allow nfsd_t self:capability {  dac_read_search dac_override sys_admin sys_resource };
 +dontaudit nfsd_t self:capability sys_rawio;
++
++allow nfsd_t self:process { setcap };
  
  allow nfsd_t exports_t:file read_file_perms;
 -allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
  
++manage_dirs_pattern(nfsd_t, nfsd_tmp_t, nfsd_tmp_t)
++manage_files_pattern(nfsd_t, nfsd_tmp_t, nfsd_tmp_t)
++files_tmp_filetrans(nfsd_t, nfsd_tmp_t, { file dir })
++
++manage_files_pattern(nfsd_t, rpcd_var_run_t, rpcd_var_run_t)
++files_pid_filetrans(nfsd_t, rpcd_var_run_t, { file })
++
 +# for /proc/fs/nfs/exports - should we have a new type?
 +kernel_read_system_state(nfsd_t)
  kernel_read_network_state(nfsd_t)
@@ -94126,10 +93888,10 @@ index 2da9fca2f..c8afd1e50 100644
 +kernel_mounton_proc(nfsd_t)
 +kernel_rw_rpc_sysctls_dirs(nfsd_t)
 +kernel_create_rpc_sysctls(nfsd_t)
++
++corecmd_exec_shell(nfsd_t)
  
 -corenet_sendrecv_nfs_server_packets(nfsd_t)
-+corecmd_exec_shell(nfsd_t)
-+
 +corenet_tcp_bind_all_rpc_ports(nfsd_t)
 +corenet_udp_bind_all_rpc_ports(nfsd_t)
  corenet_tcp_bind_nfs_port(nfsd_t)
@@ -94182,7 +93944,7 @@ index 2da9fca2f..c8afd1e50 100644
  	miscfiles_manage_public_files(nfsd_t)
  ')
  
-@@ -245,7 +299,6 @@ tunable_policy(`nfs_export_all_rw',`
+@@ -245,7 +314,6 @@ tunable_policy(`nfs_export_all_rw',`
  	dev_getattr_all_chr_files(nfsd_t)
  
  	fs_read_noxattr_fs_files(nfsd_t)
@@ -94190,13 +93952,22 @@ index 2da9fca2f..c8afd1e50 100644
  ')
  
  tunable_policy(`nfs_export_all_ro',`
-@@ -257,12 +310,12 @@ tunable_policy(`nfs_export_all_ro',`
+@@ -257,12 +325,21 @@ tunable_policy(`nfs_export_all_ro',`
  
  	fs_read_noxattr_fs_files(nfsd_t)
  
 -	files_list_non_auth_dirs(nfsd_t)
 -	files_read_non_auth_files(nfsd_t)
 +	files_read_non_security_files(nfsd_t)
++')
++
++optional_policy(`
++    glusterd_manage_log(nfsd_t)
++    glusterd_manage_pid(nfsd_t)
++')
++
++optional_policy(`
++    dbus_system_bus_client(nfsd_t)
  ')
  
  optional_policy(`
@@ -94205,7 +93976,7 @@ index 2da9fca2f..c8afd1e50 100644
  ')
  
  ########################################
-@@ -270,7 +323,7 @@ optional_policy(`
+@@ -270,7 +347,7 @@ optional_policy(`
  # GSSD local policy
  #
  
@@ -94214,7 +93985,7 @@ index 2da9fca2f..c8afd1e50 100644
  allow gssd_t self:process { getsched setsched };
  allow gssd_t self:fifo_file rw_fifo_file_perms;
  
-@@ -280,6 +333,7 @@ manage_dirs_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
+@@ -280,6 +357,7 @@ manage_dirs_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
  manage_files_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
  files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
  
@@ -94222,7 +93993,7 @@ index 2da9fca2f..c8afd1e50 100644
  kernel_read_network_state(gssd_t)
  kernel_read_network_state_symlinks(gssd_t)
  kernel_request_load_module(gssd_t)
-@@ -288,25 +342,31 @@ kernel_signal(gssd_t)
+@@ -288,25 +366,31 @@ kernel_signal(gssd_t)
  
  corecmd_exec_bin(gssd_t)
  
@@ -94257,7 +94028,7 @@ index 2da9fca2f..c8afd1e50 100644
  ')
  
  optional_policy(`
-@@ -314,9 +374,12 @@ optional_policy(`
+@@ -314,9 +398,12 @@ optional_policy(`
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b26ba556..0fbaeed3 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 304%{?dist}
+Release: 305%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -717,6 +717,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Nov 24 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-305
+- Make ganesha nfs server
+
 * Tue Nov 21 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-304
 - Add interface raid_relabel_mdadm_var_run_content()
 - Fix iscsi SELinux module