From 67dffb1bc15786f22443e03ae9c1314f9f1a8462 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Thu, 9 Feb 2017 23:34:30 +0100
Subject: [PATCH] * Thu Feb 09 2017 Lukas Vrabec  <lvrabec@redhat.com> -
 3.13.1-238 - Allow shiftfs to use xattr SELinux labels - Fix
 ssh_server_template by add sshd_t to require section.

---
 container-selinux.tgz        | Bin 5812 -> 5805 bytes
 policy-rawhide-base.patch    |  67 +++++++++++++++++++----------------
 policy-rawhide-contrib.patch |   9 ++---
 selinux-policy.spec          |   6 +++-
 4 files changed, 46 insertions(+), 36 deletions(-)

diff --git a/container-selinux.tgz b/container-selinux.tgz
index 60a2978c8593835615f8a2e9d95b0807d6544602..16c13eb8340ad469d4ebb7a7bead58e2735f518e 100644
GIT binary patch
delta 5311
zcmV;w6hP~=Ev+qoABzY8?(Ljd00Zq^ZI9eIa`xBhUm<uF@XW%VvBzE;81G#W>>iMO
z2(Y+2ARn@cRxPo+wWGHcrFn_r`|Vf77m1Qcic+g>ClCR<r=_ZgWRWZui$!*rXH^hq
zq`ZoE&rXzHLwf)I9e%#~@WX5M6VltaH}8IU_U7&DcOTw=ynp}UhxgB3zj=Fe^ZuFl
z`cwr{Q%$R&^t@-ueHm;?Xrvo^|9>=X&d<FcX`QA)`Sj<%ABdM1Bzr~kx(taI6h#t;
zK^5nj7s`&}k!%m2S3h1$whe%|rA}_}<?JtyB&;i<pvRe49n=R=p28njjP+XK^?odZ
zGDy8FNXegno^z__e;(xUGkf6$Ns>R1$g6U%Duay1SScOoHA98JH*r>xau<Z;;<u(W
zepzQ#oDv`MV>mBf{<b;Wlguy4A9Y*;?dI&PdMcC}G(6Qy%|ikb@T-p&uC&-uM)Bfu
zvpEa%l7wmGQxcTn!QaN&#dmKmH)payei2kqZhUHg&QABHy4+v}3pS-dR+@C*d&67J
zy=l)THSL+HX?q!zc|tVse}%^lco2q!(lJy-3WMT$wEMv4q@L5ZzI-Lyo3}n@4DDXV
zTWo^wZuA%kaf-1DLi%P0Dt7oOqHe~cb+m;+#we|$?8pK2H<qU&?j+uN5fneH@-ilL
zf~2i~<Hn(D>qRVt0>yF>@O@AsX)9ZnzxUl69nCG&(-Zjcr(cjVrNFq06GCOif||9+
z!m8_A6E*8lUsBM94&Lw`De=FOAnJ*mHSJdybO{AxHDtw^C2nIMJ!9bfwSJavu)cuI
z=^-e|w<L8|Aa}WQatEm=F|Dv~n}jZaG>=?=nrxgq$?j$&xHtHqx&M`odYqqWLBe<!
zLj&=K#JQCWR36JS;vE9{kDT03s0WYhC<e_oL*yEv|3{Do`~F1oZH%#$742lYO~4<c
z-6Y1?fH|p_)VAQaWC|$lh)V4=&1g}VCzbwBpfN!!<=fvu-V_%YfzlL^OQ$)WkmVs7
zt`1%RgmncHuHw*RwQm;>pze?^Q1oC?#`lvD12qZm<ps(=NdEM^lTHI354(YXZ{gp&
zW$m+H{{81~lY0Xl3%`gDav?{RVcq>ilcNJO3_L_w5{{!;k18d(#gpO#B4GDW#ySH#
zB`M5YUw=?PfQ-^vPDo8lG&Il-smHOU>?cUGFHFztNwYgFi|T3W6z=u#jpFns`WtHs
zovnIe>Ji66SEzD?^h6tx`=VmbeSC?6!cUESCE;y&D1AOa9(<Ez1X2y>&ATh$dww|^
zC(6USlfwiy0Wp*M1So%3B)eY{^^ntwE)B@mYYSqQgyzZp6-r<cSl&_;41sO_NS3KS
z$3&xcLAV^&4@vN}JmSrQkU^EFvD5)zxRfw!`$3e(8J~-ABgiy-_+%xKu9_EscBJbk
z&ob%XXp9c5ycc+2=s$Y20+S?V^9!lIy8X;cgZ2iNdUhCyc7ZNy2>mcDqPr!TwU9Qf
zgWRBdrJedpzaZ>!-b$aa*V$5;Vf|V=-rs)tsVxKjmXpr~9|5A1?*%3SK9d#(et)qZ
zE}eqH3mCu%sN@FhrSg8nY4~DkXRjaB)j>pR4LrW=<u?}5#>zV-?vycfw1raTBjZUG
zq`~9k;uiD`b!@ERiS)XZf^%~m6<(+y9J|k|F}As!zg?S$)qc9!Jsbr^QiF<hHin#x
z;6A47yXgZ))0+K_D&}C^=5-cPHh*AnH+30Z#y5l;_#@(S+ak`|gHUTYq=M<|c(W5`
z!619mz>7J9%K}VJn9$0nB8Td7OEsp;2DUF8d)^jzZd|m@^y74V6R*vQw}w(I?sV(M
zwYFgLaTD4*<kW@?D#hu&wjgO^%6esSL(+y=wMhNf4U!$IiSp4R;af|QhJT?Diq$yq
zlJ;X63}Wxb0`!F5ytI_6yMt{qTJ^l@Mw`MaAKP*r&K)Lyjtxb>^tP?dkB?Ai+n{Lw
z$aNL1Se(=j7vPG^;%m>*Sa&}3uzVvv38~8sD?vuX<o2}>$^Ac0?G9Z<PL+rK{O7w5
zAKtwlod10H!+QSnOC-Kf_kYtosuOb2^oEz-o2%DXuP3Rj&AIn82@}u{xWENfv|$<}
zA~Y0{7lnwqAQ-s-*?12J0!pn^qYMIOHA(j&bMhsL_xGQE@rt~xn$V0ws3VS!I;N_#
zV5`=lvDm?id+F_hgp$i%kwl5Ou_tzyR0lBRo{D(jeVNyVcOkqLmw!STI+Q}p)f}KL
zhsnT&>c#;YkZiI69ci`4y42D}V}V*xK+-((xyrxL<YYUz#<_f2Z-4h;J`WE;wr6is
z=Hb!7HB4xTI&w7YTwU?ZrQ4`;h{zQmU5F_IOCW;L{F1F!sHE<Tldr$JV&u;Tl2`pj
zLwYCKTRk#ry_B_SH-ALnqVsmxj~Y*Aw}?uF3&&&P(mO!4(J5Ux8L=Yw4)K#eL_RS4
zFZ%pLT<Nv#BDYRvUQY3yRbA`x)q1tNn9|eD5fd4oa?$6~p$!TsyyN|#i;EtUWrU~2
zV3gydre)wu53$2)MaI3d0XE-5Y|!DW86Ro&y^3|XVXxBnQh&W`yocKNi*&(<UK(Q_
zebQl8iU+%!OJ|Qnx}uwh7g~fNybRClVz<$KJW{WEx)`zy!Ng{L7pn<C<3dPtXfn34
zz8ElS1PwFiK)meP#|^q5Gg7hd7k!qg^M5;!!-xtJk6Rb;iaQK+(;X$r?lugHU>hfK
z_2hl>!bAR$d4G2?O#3_d3&3`iRB_~`cUc~JSXj23!T#FDSrd%R9+Uyh<fPgGByKZ}
zWDL`_+^{T30tQ}!8<rzX?cUa&RCwyXySW9qmr0z)6)Oi7ft0A@Q<AbzFge3Jhtf5>
zAsFqcY>n{kmJw#%o-8X$_n{+N6&4Gi)X@NC3VYj4ZhyQj)7iA91<4{CXTMLYRl!v;
z>p~7q0mF`|2QQ$&9Yf*4ny`AO^)}B&ds1%1K9f;5!)aA_VCz`0;Q_qah@;U(j>x)j
zqZw6~hJ$|lcuvdM5jhm8LiZZCfW2VLnN{Ytjc&7fPIb*_J?qM;t`hAN)|G{}d7qmA
z)p?cOYkwZht*RAk@*pwc>En0Zz!bqX5mKKoowOlCxRryE9}R?=v;s^q74FJBZKp+?
zuZF>gBgNFltcbGrW5i$mPV?*vUOu-~;FET-Gqj#Q54Rv-p&vzjBR&o8NN1PqKww6G
z$jiGcAp5txAiFwAp3ofu5=irV=BvoO2jU$9_<s_3TY>`cXr9!#z6GxT6a>f<<;+{V
z%dsBNxG(v(&_iA)k;ojsr(k@+{1VnB0RZcsmRNZ54<P*L$k1Af(spb`!eYC$rlh(?
z7kkt_HhzHs`Z~0Ib>8spEOd-7<_+hG*pr91D}HyC=QP-R(1t;Oq`*gFH;)#&EB-Np
zcYm*gu%%C#i9D)x$~?Bo35De{i}d4kv1cmN$49%1&zAd6byiFrCcJK{Suw9V&2c-X
zCG+g#tWjpW;bm@TaloA1IUF#T#+y9aZI~`CEQlu>KCZpEDataIlK!m9NwC|4E2o6N
zSsq_^*y=P{C<moZmjRw_+MKsEZBCs7u7AtfTx0jS%o+HOn3I*BBkp9y=ZM=JZCx68
zvKAb}b<u>KI{+sx0(HkM-HW`S0Xud<$lTuRggMoSbOfH)%^ZMdbu$}ocSpv#8wf~U
zH)!h4I)qC%9$t;m>$?w)o@pKQ=(X=Z{w(%sglD?DU8AjwvWIgA(j<w9ed0UMEPn(_
zucuY&j8y1%a3yEwE}m#uC5CmkBz{0-CsL3H4G$!8%N%z<46~2eipNkq79AFZReTQv
zB{JkM=p%erN9=MLkqLi8Z9-`s6X@vJ>SG)(yHxZ*lEeas62t8QwyU&<uVoziSsodR
zpt4YsMUc~d!xrymFwM-Xw|Qq^V}G?`O^A^+<Mg43pE*=j;h2SF3G*~967uM?1|H{S
z8$(kisAU?LV29079LO`VQ#33iSqLS{x_;P3I~b@raXVtf4kRBm7z#X@Ycw;qbD2kD
z#JFJRm0*!hR$M{JSK0I_P2%j%Oe;=g1g4=2B%KPG3P`KG#A&b$9(=Z;`hN)abQIG&
z13lZ)LuHmx`Vd#)K~E>nW%XqX#(k7O7@);fS~5^pPsNDveQl~ydsq<r8OuJUdjoZc
z80H0Z!vnQxB@xq5>6vUlKmOmq9Lu#~E|T_MdP5tKx{AeY5|Ld{Clz1PJetOb%E8Bn
z3HpiRxQoP6$>(=a7-TDm*?+7M@2t3*LycvT8r=bx{57xP)<R(hc%jdA2OT(1=!l37
z%yGe;_4By#S3&OiAaL5`X2I^8b1!)e`LS(`2AvWF5(S};K7%rjaEGMY#}R%M7}f!w
zHGX}fA`k@s+U9x1{s5~^{wa<ggJCx*q(kH(KCqcs)}jc^R2m#-9)HUKIvXlEA5>!#
z_26+EjXm$gL5xNtNG?9)yAc&yM5kbpXkWImBA;{-8XoEnz6zWkee%f?IpT%#x_}X3
z8kVoEe|8${(7)^I=~E*ng^AqG0Ztb6o}1_QaRDkQ+vOwX_a8N(mCr6;>_=;B=tX_}
z6nZtxdG-Z>B(|IP8h>Kz>S6=SBXwdntN|1vfJ1-3X|({9Osm$Qz6_#mXp(!Tp{g>s
z<cs$dVwP5lB+m;csL?EiJtb=!Q&>0S7VfCwCYJ9<FpL^`1C9}^OwZIf^d@mN?z%B6
zl=F;dAbKcLyU=Cuk8Q%o`X#>(w_9JcMa+#Nn^_7(b>>8dfqw|2WUdmR-Gd3XF4ZR;
zvFu?|qhj06R+q*@<3F<DV6Avd%+?HxEGyXWLL6!sj>*=zW?&v6Tmv*qZ9HSBrEN%y
zDt)w&$ng(I#!53nQSEU;+1z!8vtNj}X8V<~oEw}zz@%<XL709hJT%+YEGn9>L|E@@
zf}u?|d&^Q*et+{#-WjaVM}`Wz*q040UmDuZA85E5HxoXvI+<Dy-V|*{mfCBXWWdK%
z9`m@=+3EYD?O*UWo}`^(=11F_O7|uH$#2^<tYP>`7e;mntVFyU@XJr|_806vhB{fV
zkZCf*5VF{01L)|}AUpt_iQ|PS=UrTq2k0r$XhmNbg@1~6!K_7B-B>fGb)<<gV+-00
z-5bW^UzeM6m9UK^o0QdkTvp?2b53SiF|+qB17An!i<5g}c}qImIONoFBgU0pj@k|b
z>x2fbb8nZIxH=X9?ZrSo<ux={>1A`Yt+|Pz!z0>Uw+6c1MR?!iM_ElVZ>YsKbrr?{
zdL=*)fPbLJ(-Sc}0<N#6WsRsQu;wrZ4<S115VvuN+FZ|APZh^7n~vI2hV7wHc~!U0
zfj#21RoS|}<bdCjH_FxV<B#Mv?dpKdIlB}<djf}@f;=XM)^@aVaAnlU61oY05XUyB
z@+&*a0>RSZ*gb`<o5$$L(OgELAA@c=3MYqVV}HHMJKL1#_R#28%Ty*xV4fY@3lxlV
zJtJ=?{038b36emyq`Y;Vbzot|+#xM0f6U!->OS8Hve5bUwyPYuzPcP!q4NIAR%x2_
zi7aPdIaxNgm4eSZDaUW!8aXZ}PAShg6sB@cJQ3EovkY*GzqUD(*EtepoX_Q@S0e!*
z<9|1I+1`!Dek=rUjn-Hw4_n~Iv02z-I9$-j<2VdgsEz3NWA9WO{_x|18M=l$G=04n
z^P%ybHl((V$A(DRoRjCvv|w%<c@6paE?Pr6Q{h#8ZFlbdRF_~CRml@S78CPp>tJ>U
zGZvNc6<+V_X>3LxRC<wgmhYG1U<^O)tbb<9pYX{6OmEf-V7K%xDC(V^=2w^X)#_l|
zs6Eyz5BlPS&a!H@Ii<dgI}OD`1_s?yw;JPpZm5)p`j{V>)~j&MS=#PlT5mXu%sjq(
z+}UB<&e^2BF4<VjG@ny}87yV+5HC^dJMqhXHMvL6iLE3KLA4!?#xFA%K5+`8b$>+a
zs=c`UL!<VpZj6~`$EtFRn5!m4aaHcIJqjsCjyRHzuJ5V|5lOnzj?h^HzAAmxmVvb0
zRqOATsXK09C6|U*z5P1dUS4lzYxW#*!?Rzk@qiY^v5M0vbE@_n_y{zzzUVw-lVjhh
zCN_JroNs0HF4vKR;T-g`-`pM`c7Ibk@|2X?DT!~sh^sXFYJ+n&M27ncH209mEc+gl
zPNh+JO}GWS)z6@|lsTxO|ETrI4Di|Q9*)?I))5ywHLy}g=zn}-CFebkT~t5HbAwE&
z8nA+2cxcLJ$5IM?Z!2VXveVB2W4tihqd3?*O`~I26Q-sYFTLN|tL@b|34c@Enpjht
z{dk=%NhY?jElph6kM3m}@*VanEHuk@JO<C~*r1d~=4G;lZ+t^UFpu5;*Dze|PIkAU
z{r<<-AKtxvKe+$#=Iwg_<CjR+7%X@F>lMEhie1)<U4lGT;;KWxz7^xVyls1zxR!<D
z4UyM1Ew7V!iwmD?j&ptW{eRi3SI%g1)gyjS08w?I;&%xbfd<p4#ajvx7L~6MZYex?
z7cPg^Q2p2cT>tm?+@G<mD8+B+EmmTI8glQz(y&>6pC@%nUQHK;`s)`RX#7RPrFsBW
z0hbv~-I27o1e6?>>tijnnDxZxyy2@{<0sHbB^AsCsIAL?IdjGe<$q00OaLv87zRhd
zZLaSFUTaV)0?8Gq-4|m8lR%wHE`kM6*Syrf;=yZYP`UA^gKVfMqF;UgE8Ym?E<}E}
z&^WL>%k7TrUTAiVdl_I1pPAZ^Y<S`r{=`n;fOvBRWQ*C#ahYzav<v^u%Oxs~DtVdW
zA<}j8qo#{U@F)#r9e?Zs^8{mFBI}3#(Ia0Ezo-H*XR(YPkoXI$0|~phR_FmAuN=TG
zm^n$en|Vz+5v(DYGn6%Wyl}tbkETzuM@Hb#jRJUd89edp=?jTaOaR=-qf<c#d##Ed
z17OAMnV<pKZIUX`ejbk0Bwu@VzNR&;X-#Wd)0)<_rZuf;O_QG%36q@`3zMA|3zMA|
R3Ji7AKLPE|M_vHP002jWRayW5

delta 5326
zcmV;<6fx_qEwn9vABzY8m_eIZ00Zq^>yO+vlF!%aze2DBcqXuC#*ejuadr=fWP!U6
zhYhj;?!)CyQA_M@W%P<D&EpL3-@a9RNR&iUlv-`i9YnzHX{qW*vPc$-#UeY*vnq%)
zQeMWpZ%&l1A-#Y94nJRi_|vue3F+<IH}C%R&Fi<<?||li`u$sY{`&2k*RQ|vu1{4U
zHPy5VO3(WyxhsP$35|4P@Bfdc&GYBp_q0yapnUwxF9+h~1<78~ye>oH1x1m>VNk_+
z=7qAOcqH4y=jHcTl5GPZZmE+Sd^!8;0}1PjDClwKRR{G!l&A2=C1br(c)jn7pbSzk
z3sUmuXPoMP*<S`Z{K#H-L6YS6B=V}<tI8mwF;+?kdc{!T?@gRlq}&A|IsdIGjbGMT
z6{p09{20!Qm%nY!_9XL5@<$z)K)X3Rs~!ub1`SX3QuC021pMlwg)1#~lu^96*lf<i
zyd+^7`IH1@c<{GzcK+?_i_MuVkY5B9lpCL#v(vqQsV+8{!GcXGkd-Fg_ulYUb8p(S
zNlklZYT8}~Wu6cX{Lk>X0T05EP&$T+NMTT1jdmaSoYZsL)|anjd-K-EjG^7jc#BQ&
z?HfG?LY!i(f{>o<K*bI}MbyoBw2rng$QY${lpQ&s{?77L#GS-jFM{HSRbIw~PLQ;9
z+&FZ9ZM}$vP@q^Y0=^4MByDBO^7p=dt)sbtdU^sM{`3n{rW6==aYCrfSWvSTSy**F
zHBqw;^(6&u=->_CkrMxz1W`}itZBcxpi3wit061SEO8tA=otg&ul2KZgY^YuP7gsz
zo|4pAf!yWJ$sMGg#I(Y`Z4$Zw(mZl$vT^QzB)grB;NIYa=KfbU>T!Oi1qtI_3=PB^
z66aPjP<brRh<6C&KXP(Ep&mT0qZl;X43TSu{vSaW?E4eR(->nZE859)n}9z?yGe|(
z0drC<scpfhWC|$lh)V4=&1g}VCzbvWpfN!!<=fvu-V_%YfzlL^OQ$&=k>x(F4qgBj
zgmncHuHw*RwQm;>pze?^Q1oC?#&?qx12s10<ps(=NdEk+Dr-{}k+hfXmc-fKDO>#z
zkvh)VL!%uaHg}3L2)=y-|K7sCcgxymKmGfUPm_NG9SgUJ4{{+#m0{ieNRy`nGYs5E
zSQ3t-S&u3uxxtg>10oN1U&cBEJ0&U1Twi}s--DAE1RXSS>J;wv@Qvd1Ci)v|3Z1Qb
zWa<&eLRYAAg!Dukk-MT|&V77|g2GRYd?n#ccqn~7K<<5$XarIXXU)4y;Cps48z;)c
z+mpuxHUS}%{sbt0mn6Ge67`VNiY^Vv)@uu5mW1ZX-6cw35m??*6bylF{y>(gKF36(
zc0srt)(=VWxIE&U1tEhfPh+VAz;G#H*7k!ajWa$M;YN^Y`0&X}B3(8w0PRTEPo8Dc
zztI>SSa~n-z|ep2Xay!o%H|hReRcbpmj>+(EcNU#5bXj^*AV()SVVVAGHW4iSO>X5
z_ewkUm3~3k<GhhRVXw2LGQ;|{cD%p;^g~+)`jmTL5jyukq(!?7K3x4W{4rZ{`A}A7
zpzxa0-V&aH-=LH81ttM5lNttof3hAfor1y(7{Caq<Ob}8@_xi=_+n{iuOHOaK}2c|
zJihGZ6N_kL<((3D${0G@LaFkR@uUjU;PG*B3;KpSHrDV&dR<DvxjBvsFH{hY-DlMp
z+g#31*XCihpKf*!M?sO)pkkekAtxiakLmhu`hd~2W`CoKIT*Kjokf%le;C|NT}GGj
z4dDj<h`8Lgh_m(})EW+{VEQ`V?1Wh`$R0KDV$R^Q0Fx6YwDPgYp}O2sjp?$1?F+}A
zx5b?s7i}~BI33@_YjfhQp%jZd-MVqDEtq`Vg!T?OwIPE_aeA*UNZOdPURm6bv>{e4
zQvY>>WQS^^e6&dT)>5Qle<*}vH4eO_{a6Nr*t@X+J)t)*Ev4%2V4I9qJ+Hdarm)J#
zwp@pEhsmE~L(wn2ZEN%6Bh=Y8DB3@AT}3MvC$+-`xZ<+-+H*A4oew=M--u5_>T<(M
zkkK%?eeFYX|Bq9<LsyYg<zYYn`R>DqcOM4lKi_^>&wqZ2#24y*f0{>iLe87s@X~vI
zd3||3No8%Gdq0ve0sVjrTu?<DrZFNyLlJpVh?on4kqeNGcYh$D)JiqVAYfLLbRRM&
zUy^vg{P2@k<Ym=_W)wmladgx%Rh<P}wGNHN4p!VtZx<w#T=a@0O2mylvAd)?fFbu(
z!~^fkye_<R;jOq3f6CCI6k@LC0Bt!;1};=L4$y#PlMU!dt3B4GmNps-)QSR<=9$k`
z{<$V6+rc%?<<olmyAShucnGpRdz&&3j}ES3LPOM%qgm(bif1m}Mx8@MuK4I&Oc_`L
z5sc=SY_&oqbzhu({nZsCe>RZ3>Mt77JIUVakx}cVtWCQie*)*7x5Iwacrv?1R3cnB
z9ut?|0jiBo>B7l~6}fkapZp>6f!TlF=O5xquWc8(bu#mEitnuIT92>RtKG$vo^Fnq
z$oQ1=K9>${P(a}w?+0C+_n0grJS_&J93M3;17CWG9abwc?v)L&`5t0}4qwgqNUQHv
ztiug^mA;qie_i7})V^P&3qJJH81v|p4zp4`*xg(@dnD2o-8?+kA`IbWcwQH~jqc--
zde!6kkYxxaHtV}sO#m7fLYhO9v6c1tfKel8m^laHWzRlt&;^;1ihV!tvrL`;+j$&D
zRFHVwx`0>QVW6AtC`ooVVNe9yIEkxA?~@lE^83uYe~n?<-@#u1wxgtqBQL$p^2o!&
zvfT{!*EY_YU}W~73}7ZF)eazWn`tCtn6Bl9Wl0h+@Dkjx9ARqrw)UjLQ}^A?Ey%r0
z;xw*UIj9JvL>-@!lzoE98QwaSuGtO2XisHpgm1TuFzfbYSy8$V9nq?=SOBGt1}Ib5
z+ivp4f7>#hO>0_^EV6O-`?OjWTotn}<j@o_?3jA+0t(zQ6dtSzt9M#&^K7&y<woo?
z8Fe$9R&@uqjs+VYz?+RY8eQawtP3}qQFUoJ=(msOw2U2*Ly;<UuW<|53$~nDWp3N(
zHk;>E*NoP)uAJ&B(LP~aS!kR0xd~96SJ}Phf5F_UTCpY%5)+<2e%B355nK}?_4&d{
z8#06&IT-oTK$uA@z!X#AuFTVRTEzKk7<@QVOl{1HD0@Ff{MGL?&o1HRGg}2dX%{;~
z>*@1w3j!AUQN%am)8LkLcF7I|X5{<4yuAdnf6EK9tCQpr-4P&xG{0lMip;ww-XVZ5
ze}T6pC;*S<Nsa4U;QCKNfILyoytTU=>j91Xl5Y#$=XDZ^%<+2)#uv;lVO<gcu<mJz
zg(v?2!jFy&t)(b!$5tdPwo7YDs%vzyN8MxN7YLxQL)%y94d2c}$M|C2aGr=gd3d|x
zcUO5%gS`iB81zR9d?a@BXra5}A0v48e>w<T`jnZ-qgtoTW1E~%ST3_jKTa2WrZRne
zw7d9hx$jhG#nfTK>!z9&^QzMvw_{o|&pyr?Wwsk$=5`hb%*ma@0dr}*$)nwd>C(c2
zc%tFs+KZc_EMqC@&#IgRyFIvaO87U+<LeGvohA$Apw#Iyz_U%8=PgZ}Q|Ex|e{we0
z*nKW@2EHTaWToebJ6Z8L;x<QHmj<4!1;=n*G-2lsz=?}M-7!n|A}?sbj$IHkxA!_>
zPBkJOf#-EI2jE%V%!b?Dk#X(@0#ervn!2+N;nIzVS0nWL?tP<YS_eIP?fZ{Ei+vj5
zneJ}aXzQZv;oO2WNg`sO_|7v6e}U5LX_Y!775W`q$=SJ!M;ca%Vcji>?-ALF6y!m}
z1Bu)+$K4OZ>?5|~F%*wQhXr93-@!nM4EYQC2;bEayIe+O!rxGvP+G?XIy$!c7>A24
z6+Mt7vB06kaC?C5D(&HG8HawBM}{J(ER<vs<aF1t#k(0yGxO?g-Wk|ff2~*(VkFHt
zeJJ8*4pmh+W+7R^JWY#)Jov1E$9dVt&{PR(nZ_m9VRIA*@=WX$4a-OtLW#1jAGXmB
z25L^+ju^26$p;OF0#D`|&5Z3_=Fu22F4%b`SfrB`S5Wd*HhoN!IJ-5|iW3=uY3Kq;
zr$VLz(kd@;8Z3i*pKYi<e}Fw5#q`!d&$jeXnPrsT$5nXH(}{Cgec6I>ALaK3XmOR6
z43yPVF(Q0ln`+b^7Q}wWvQO#WK;0pRc>&$<Ky6w{#57cTCfm=C|2Htla&4H4q`jBk
z&<3QgVlkUUWEa#)#g{Y>rtzV2@bO`Sexx|=BC%BR`5hDn*$QGde=Ed0E3W2HV_Bp|
zcfbXI&1<-|P?!N;=yTmc2hI~ZB4Pt`TySUoJZ}6|kUKsIoHn^xu>0n@mpp|0*fvIk
zP6+~ug3w2wK^aH5LsISI2tNu8>wwQ1zdlkC2!elY^SokzfK?~|6i1K2u$vUpA@UF(
z*i0;IQ3Pfx4URL9e`Nrj4V9b^s<DZB@VJe}o_FFPMxzlV7a#K7hzc#DQ?N+1FWXp=
zPr3*V4|NA$1x}AX`DBS4@j`iBz=$vn%h%RFJB@Yd-*xr$sS%UHL~iE*CyRQ|&GWms
z02P$&@)7g<kDAcRXO}PbqqQ~kqCS2Ky&C2``vO1`+s%6of3bCSv4Q20Ix!p8016Sn
zp}*g>S^!F>RclaR2GKS&$sN;BRhe7z#d``dODjc^=Y<p0XqLjBlC_N~tebHQchqnb
z%l9J~Mvc4y$B0#?XKEaJleijp-Ix{1dB!skJrt>3=rZ`nHsNFal3$10t*_Z4=0=gt
zECr%Eb0Wh)e}qvoR|(MW!30~E>XTX;;5il(W;H7I?M!6eFMs>-Z{E*5vf>vEg<$b~
z=4jJR?-&`2aAn!>v!%?QAN6c;2Kgz3+PI4R2R1IPEzlCP#mge=8}<VghZ^)kvNbMV
zm}?3bBh8v04?AjU8`7dmA1owN5do61(u`14dz?`Af4e%vX*k5|yZy>o&JE6EVB5Dg
zDa?Zu9-0k&7M{(QL~Ix|QQ4-&L(5WDe)COUUaZeY#w@xRx(zK~quLHaXt)}G7e26h
zyIKz36m3S9+H09)<jGVXvx3kq81_Zmzu<2?(mQ3n5p8QK{iygSzxLCxnBqrn7}+7P
z67g=pe{W&IYiO|h80uub%cjW;W7%SpF`}bSgYW=!CXN@ToOhu2?xCkdqZNH&6e=1h
zvsQm~V^*0Kv?j)kt*kTjvl!2z!E~S!wn1%^vbu}QYTQY{$t+8E_TFXS>nMG3gm5fx
zNoN~}oLcS(xzfu~+hJgx(7^TF+vO!L(*;0#e?yT^c@51~dfA+@Yp#Uo@Q60oEyiwk
z5nep`QC3sT8)~slU4=1#UJ1|@A?WcKN6gNm>uYIQtZE9ZITgZVna(=IZ9t?p*E7~r
z#d*-CqqdY`dpcF#8LsoBk9dz&wysk<;Metya&<NoMsk~WhXI&*csqgiC=ff2c}y^`
zf9;It;O?rCwR{tYA<mCZ<yW@01%jo+u?rJhf0NOpq`4JAKL*`$6y6ri4u6$*_Dj+K
zqS3FGsZ5l>JUg~GIT+`9M&3^N4W{xEB!Oy4dFwjszzUD~Wm;7JnEMCS4aX5=q4Vo)
zS2=Qhbup$w<wcyW(lqH4S<b$4vh1)ce+8d+WRG9}HF9oG9G9MPI!)!Acr>l?s~O-F
z$8mEwuyZ!cIG@Ygw?-mQ#;*{wy&DZeSqR=5HnLD2wg{4Av#<w~xS)>*lo;-E8`1B_
zUhX#h1<D08bd9@c`g$+;MB~J5NNqcy4Uw`-C=a@6!Q6Hf8}jk(yoPk9!mIk)f9|>W
zLtTPZR3(r6d``^o&x6?+%ve;$mw3;xr?DA*Q0Ya|S-xM06FU6ZwVEw|!Y2nXy;&=O
z-J)}GDQwKo)mN*7{j2tTu{?2%6FSSP*>9ElGVU}Ki(MFWOWkUW_qm}`9_nL$a$B#$
zHHUh;r+U5NEHd*P@o|TkZCiMge>UA@V=>cwP6cMLl)-(xM6GYdPYBlJ4m~Hfk~l>7
zb~GBlRblwVDW2C6sjK$l@(+#LtGdB%nys_SEp)G%5KdOP2N@}(7{cO6I=a5ACWJ=m
zN;^VljXbOL;bR8Uc6+bCZKrPift6euUiCH(ZJUa{nXTFU#GTiEvBo27e-y_mPN&SN
z+H>F|(8&6t^NdZ7eW#k(b;@$SmC?K9M-B$fbtKKJp1-1#B^JGjx?q?48I*=H12ps>
zwf>L+KD*?@5u4FE;$oKqR_X}-k58=RyuI0d^`ks*kSSH;R`3gtQ2FdwN}+9Sh3rl>
zdJR0r3u7&cgT2!vHik7}e`0v?()+Ew;a&}wFomy)6|LEe*4de4VjJ7p#C7%PmZl-!
zVXwkMvuwvh@yu=oN@-+Xq+0mKw<83z@&3Pt@^W{wyAAF4KVE-$_xAnZ{>SV0>-~>k
zB3)sy+|{p_{8lJ-Su1u4@=%GZ4*mK@4Dj-%?N;Ji7K%4SUe&a`e@fylt~ahY&ei32
zXRls4qshgF_&otc)q#rNC0qm=ERq&)DL`1uy+XL9@Zepz99l#5U;lIU-`{aJ!m^?i
zzoEBSi3MuN7v)RCX8B#7)G2v2T@>oCUv!}H7Y&!{0aOKCW;At2(&7?Oa#*g9wa{X^
z6QA>juX2r_Kqr+{e=z5uwl4nV%o!_`H#IQ<v^ZiI90j+zx(j%%L8%BNSD<z~iWN)(
zbt<_C7C>F`QvZqvubn~Vewz-mp`wU>`Q5L0Bapig`Q1X}!164&JF<JB*)i^AfH7)i
zYCp2!iDUQ^JAnh@n<F4w%vO%ebW^2W_-|e=QE^ns%M=fhf3BJzHC;r4M`<AIU>BGt
z81oWYKlG0t`Fi+86@WR5W%Pi=UsxST*u}L%5BPZH0CvI5NxI!bYs!gW4Z)nDtij`j
z`xSpQeUd#g0*C$+z@y9HiC<4&NQ7bn;6@&u3Od;0RP-1CD`w9G4Zv=bRDt&MaHJ;r
g+N<+5t!YhblY|x>lYkZ%45^#`3Dck;`vAxQ0D)^_Bme*a

diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 6732fd33..c7e4f311 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -21474,10 +21474,10 @@ index 8416beb..b38387e 100644
 +	allow $1 tracefs_t:filesystem unmount;
 +')
 diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
-index e7d1738..59c1cb8 100644
+index e7d1738..b3e6523 100644
 --- a/policy/modules/kernel/filesystem.te
 +++ b/policy/modules/kernel/filesystem.te
-@@ -26,14 +26,19 @@ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
+@@ -26,14 +26,20 @@ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr ext4 gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr ext4dev gen_context(system_u:object_r:fs_t,s0);
@@ -21494,10 +21494,11 @@ index e7d1738..59c1cb8 100644
 +fs_use_xattr squashfs gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0);
 +fs_use_xattr fuse.glusterfs gen_context(system_u:object_r:fs_t,s0);
++fs_use_xattr shiftfs gen_context(system_u:object_r:fs_t,s0);
  
  # Use the allocating task SID to label inodes in the following filesystem
  # types, and label the filesystem itself with the specified context.
-@@ -53,6 +58,7 @@ type anon_inodefs_t;
+@@ -53,6 +59,7 @@ type anon_inodefs_t;
  fs_type(anon_inodefs_t)
  files_mountpoint(anon_inodefs_t)
  genfscon anon_inodefs / gen_context(system_u:object_r:anon_inodefs_t,s0)
@@ -21505,7 +21506,7 @@ index e7d1738..59c1cb8 100644
  
  type bdev_t;
  fs_type(bdev_t)
-@@ -63,16 +69,28 @@ fs_type(binfmt_misc_fs_t)
+@@ -63,16 +70,28 @@ fs_type(binfmt_misc_fs_t)
  files_mountpoint(binfmt_misc_fs_t)
  genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
  
@@ -21535,7 +21536,7 @@ index e7d1738..59c1cb8 100644
  
  type configfs_t;
  fs_type(configfs_t)
-@@ -88,6 +106,11 @@ fs_noxattr_type(ecryptfs_t)
+@@ -88,6 +107,11 @@ fs_noxattr_type(ecryptfs_t)
  files_mountpoint(ecryptfs_t)
  genfscon ecryptfs / gen_context(system_u:object_r:ecryptfs_t,s0)
  
@@ -21547,7 +21548,7 @@ index e7d1738..59c1cb8 100644
  type futexfs_t;
  fs_type(futexfs_t)
  genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
-@@ -96,6 +119,7 @@ type hugetlbfs_t;
+@@ -96,6 +120,7 @@ type hugetlbfs_t;
  fs_type(hugetlbfs_t)
  files_mountpoint(hugetlbfs_t)
  fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
@@ -21555,7 +21556,7 @@ index e7d1738..59c1cb8 100644
  
  type ibmasmfs_t;
  fs_type(ibmasmfs_t)
-@@ -111,6 +135,12 @@ type inotifyfs_t;
+@@ -111,6 +136,12 @@ type inotifyfs_t;
  fs_type(inotifyfs_t)
  genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
  
@@ -21568,7 +21569,7 @@ index e7d1738..59c1cb8 100644
  type mvfs_t;
  fs_noxattr_type(mvfs_t)
  allow mvfs_t self:filesystem associate;
-@@ -118,13 +148,23 @@ genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
+@@ -118,13 +149,23 @@ genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
  
  type nfsd_fs_t;
  fs_type(nfsd_fs_t)
@@ -21593,7 +21594,7 @@ index e7d1738..59c1cb8 100644
  fs_type(pstore_t)
  files_mountpoint(pstore_t)
  dev_associate_sysfs(pstore_t)
-@@ -150,17 +190,16 @@ fs_type(spufs_t)
+@@ -150,17 +191,16 @@ fs_type(spufs_t)
  genfscon spufs / gen_context(system_u:object_r:spufs_t,s0)
  files_mountpoint(spufs_t)
  
@@ -21615,7 +21616,7 @@ index e7d1738..59c1cb8 100644
  type vmblock_t;
  fs_noxattr_type(vmblock_t)
  files_mountpoint(vmblock_t)
-@@ -172,6 +211,8 @@ type vxfs_t;
+@@ -172,6 +212,8 @@ type vxfs_t;
  fs_noxattr_type(vxfs_t)
  files_mountpoint(vxfs_t)
  genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
@@ -21624,7 +21625,7 @@ index e7d1738..59c1cb8 100644
  
  #
  # tmpfs_t is the type for tmpfs filesystems
-@@ -182,6 +223,8 @@ fs_type(tmpfs_t)
+@@ -182,6 +224,8 @@ fs_type(tmpfs_t)
  files_type(tmpfs_t)
  files_mountpoint(tmpfs_t)
  files_poly_parent(tmpfs_t)
@@ -21633,7 +21634,7 @@ index e7d1738..59c1cb8 100644
  
  # Use a transition SID based on the allocating task SID and the
  # filesystem SID to label inodes in the following filesystem types,
-@@ -261,6 +304,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
+@@ -261,6 +305,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
  type removable_t;
  allow removable_t noxattrfs:filesystem associate;
  fs_noxattr_type(removable_t)
@@ -21642,7 +21643,7 @@ index e7d1738..59c1cb8 100644
  files_mountpoint(removable_t)
  
  #
-@@ -280,6 +325,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
+@@ -280,6 +326,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
  genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
  genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
  genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
@@ -21650,7 +21651,7 @@ index e7d1738..59c1cb8 100644
  
  ########################################
  #
-@@ -301,9 +347,10 @@ fs_associate_noxattr(noxattrfs)
+@@ -301,9 +348,10 @@ fs_associate_noxattr(noxattrfs)
  # Unconfined access to this module
  #
  
@@ -28793,7 +28794,7 @@ index 76d9f66..7528851 100644
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
 +/root/\.shosts				gen_context(system_u:object_r:ssh_home_t,s0)
 diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index fe0c682..d55811f 100644
+index fe0c682..5f4da9d 100644
 --- a/policy/modules/services/ssh.if
 +++ b/policy/modules/services/ssh.if
 @@ -32,10 +32,11 @@
@@ -28906,16 +28907,20 @@ index fe0c682..d55811f 100644
  #######################################
  ## <summary>
  ##	The template to define a ssh server.
-@@ -168,7 +192,7 @@ template(`ssh_basic_client_template',`
+@@ -168,7 +192,11 @@ template(`ssh_basic_client_template',`
  ##	</summary>
  ## </param>
  #
 -template(`ssh_server_template', `
 +template(`ssh_server_template',`
++    gen_require(`
++        type sshd_t;
++    ')
++
  	type $1_t, ssh_server;
  	auth_login_pgm_domain($1_t)
  
-@@ -181,20 +205,22 @@ template(`ssh_server_template', `
+@@ -181,20 +209,22 @@ template(`ssh_server_template', `
  	type $1_var_run_t;
  	files_pid_file($1_var_run_t)
  
@@ -28943,7 +28948,7 @@ index fe0c682..d55811f 100644
  
  	allow $1_t $1_var_run_t:file manage_file_perms;
  	files_pid_filetrans($1_t, $1_var_run_t, file)
-@@ -206,6 +232,7 @@ template(`ssh_server_template', `
+@@ -206,6 +236,7 @@ template(`ssh_server_template', `
  
  	kernel_read_kernel_sysctls($1_t)
  	kernel_read_network_state($1_t)
@@ -28951,7 +28956,7 @@ index fe0c682..d55811f 100644
  
  	corenet_all_recvfrom_unlabeled($1_t)
  	corenet_all_recvfrom_netlabel($1_t)
-@@ -220,10 +247,13 @@ template(`ssh_server_template', `
+@@ -220,10 +251,13 @@ template(`ssh_server_template', `
  	corenet_tcp_bind_generic_node($1_t)
  	corenet_udp_bind_generic_node($1_t)
  	corenet_tcp_bind_ssh_port($1_t)
@@ -28967,7 +28972,7 @@ index fe0c682..d55811f 100644
  
  	auth_rw_login_records($1_t)
  	auth_rw_faillog($1_t)
-@@ -233,7 +263,10 @@ template(`ssh_server_template', `
+@@ -233,7 +267,10 @@ template(`ssh_server_template', `
  	# for sshd subsystems, such as sftp-server.
  	corecmd_getattr_bin_files($1_t)
  
@@ -28978,7 +28983,7 @@ index fe0c682..d55811f 100644
  
  	files_read_etc_files($1_t)
  	files_read_etc_runtime_files($1_t)
-@@ -241,35 +274,33 @@ template(`ssh_server_template', `
+@@ -241,35 +278,33 @@ template(`ssh_server_template', `
  
  	logging_search_logs($1_t)
  
@@ -29025,7 +29030,7 @@ index fe0c682..d55811f 100644
  ')
  
  ########################################
-@@ -292,14 +323,15 @@ template(`ssh_server_template', `
+@@ -292,14 +327,15 @@ template(`ssh_server_template', `
  ##	User domain for the role
  ##	</summary>
  ## </param>
@@ -29042,7 +29047,7 @@ index fe0c682..d55811f 100644
  	')
  
  	##############################
-@@ -328,103 +360,56 @@ template(`ssh_role_template',`
+@@ -328,103 +364,56 @@ template(`ssh_role_template',`
  
  	# allow ps to show ssh
  	ps_process_pattern($3, ssh_t)
@@ -29156,7 +29161,7 @@ index fe0c682..d55811f 100644
  ')
  
  ########################################
-@@ -496,8 +481,27 @@ interface(`ssh_read_pipes',`
+@@ -496,8 +485,27 @@ interface(`ssh_read_pipes',`
  		type sshd_t;
  	')
  
@@ -29185,7 +29190,7 @@ index fe0c682..d55811f 100644
  ########################################
  ## <summary>
  ##	Read and write a ssh server unnamed pipe.
-@@ -513,7 +517,7 @@ interface(`ssh_rw_pipes',`
+@@ -513,7 +521,7 @@ interface(`ssh_rw_pipes',`
  		type sshd_t;
  	')
  
@@ -29194,7 +29199,7 @@ index fe0c682..d55811f 100644
  ')
  
  ########################################
-@@ -605,6 +609,24 @@ interface(`ssh_domtrans',`
+@@ -605,6 +613,24 @@ interface(`ssh_domtrans',`
  
  ########################################
  ## <summary>
@@ -29219,7 +29224,7 @@ index fe0c682..d55811f 100644
  ##	Execute the ssh client in the caller domain.
  ## </summary>
  ## <param name="domain">
-@@ -637,7 +659,7 @@ interface(`ssh_setattr_key_files',`
+@@ -637,7 +663,7 @@ interface(`ssh_setattr_key_files',`
  		type sshd_key_t;
  	')
  
@@ -29228,7 +29233,7 @@ index fe0c682..d55811f 100644
  	files_search_pids($1)
  ')
  
-@@ -662,6 +684,42 @@ interface(`ssh_agent_exec',`
+@@ -662,6 +688,42 @@ interface(`ssh_agent_exec',`
  
  ########################################
  ## <summary>
@@ -29271,7 +29276,7 @@ index fe0c682..d55811f 100644
  ##	Read ssh home directory content
  ## </summary>
  ## <param name="domain">
-@@ -701,6 +759,68 @@ interface(`ssh_domtrans_keygen',`
+@@ -701,6 +763,68 @@ interface(`ssh_domtrans_keygen',`
  
  ########################################
  ## <summary>
@@ -29340,7 +29345,7 @@ index fe0c682..d55811f 100644
  ##	Read ssh server keys
  ## </summary>
  ## <param name="domain">
-@@ -714,7 +834,26 @@ interface(`ssh_dontaudit_read_server_keys',`
+@@ -714,7 +838,26 @@ interface(`ssh_dontaudit_read_server_keys',`
  		type sshd_key_t;
  	')
  
@@ -29368,7 +29373,7 @@ index fe0c682..d55811f 100644
  ')
  
  ######################################
-@@ -754,3 +893,151 @@ interface(`ssh_delete_tmp',`
+@@ -754,3 +897,151 @@ interface(`ssh_delete_tmp',`
  	files_search_tmp($1)
  	delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
  ')
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 326f2f1b..2396b2bb 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -589,7 +589,7 @@ index 058d908..ee0c559 100644
 +')
 +
 diff --git a/abrt.te b/abrt.te
-index eb50f07..d53d1e0 100644
+index eb50f07..def23ab 100644
 --- a/abrt.te
 +++ b/abrt.te
 @@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1)
@@ -1048,7 +1048,7 @@ index eb50f07..d53d1e0 100644
  allow abrt_retrace_worker_t self:fifo_file rw_fifo_file_perms;
  
  domtrans_pattern(abrt_retrace_worker_t, abrt_retrace_coredump_exec_t, abrt_retrace_coredump_t)
-@@ -365,38 +470,79 @@ corecmd_exec_shell(abrt_retrace_worker_t)
+@@ -365,38 +470,80 @@ corecmd_exec_shell(abrt_retrace_worker_t)
  
  dev_read_urand(abrt_retrace_worker_t)
  
@@ -1100,6 +1100,7 @@ index eb50f07..d53d1e0 100644
 +auth_read_passwd(abrt_dump_oops_t)
 +
 +corecmd_getattr_all_executables(abrt_dump_oops_t)
++corecmd_exec_bin(abrt_dump_oops_t)
 +
 +dev_read_urand(abrt_dump_oops_t)
 +dev_read_rand(abrt_dump_oops_t)
@@ -1132,7 +1133,7 @@ index eb50f07..d53d1e0 100644
  
  #######################################
  #
-@@ -404,25 +550,60 @@ logging_read_generic_logs(abrt_dump_oops_t)
+@@ -404,25 +551,60 @@ logging_read_generic_logs(abrt_dump_oops_t)
  #
  
  allow abrt_watch_log_t self:fifo_file rw_fifo_file_perms;
@@ -1195,7 +1196,7 @@ index eb50f07..d53d1e0 100644
  ')
  
  #######################################
-@@ -430,10 +611,7 @@ tunable_policy(`abrt_upload_watch_anon_write',`
+@@ -430,10 +612,7 @@ tunable_policy(`abrt_upload_watch_anon_write',`
  # Global local policy
  #
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ad19431f..217c523b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 237%{?dist}
+Release: 238%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -675,6 +675,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 09 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-238
+- Allow shiftfs to use xattr SELinux labels
+- Fix ssh_server_template by add sshd_t to require section.
+
 * Wed Feb 08 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-237
 - Merge pull request #187 from rhatdan/container-selinux
 - Allow rhsmcertd domain signull kernel.