* Tue May 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-127

- Add missing typealiases in apache_content_template() for script domain/executable. - Don't use deprecated userdom_manage_tmpfs_role() interface calliing and use userdom_manage_tmp_role() instead. - Add support for new cobbler dir locations: - Add support for iprdbg logging files in /var/log. - Add relabel_user_home_dirs for use by docker_t
2015-05-05 15:54:12 +02:00 · 2015-05-05 15:54:12 +02:00 · 6a726d4793
commit 6a726d4793
parent 229bf3d017
3 changed files with 241 additions and 213 deletions
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@ -44485,7 +44485,7 @@ index db75976..1ee08ec 100644
 +/var/tmp/hsperfdata_root    gen_context(system_u:object_r:user_tmp_t,s0)
 +
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 9dc60c6..41ef467 100644
+index 9dc60c6..f0e4b9c 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@ -46288,13 +46288,10 @@ index 9dc60c6..41ef467 100644
 ##	Relabel to user home directories.
 ## </summary>
 ## <param name="domain">
-@@ -1629,6 +2157,42 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1631,6 +2159,59 @@ interface(`userdom_relabelto_user_home_dirs',`
 	allow $1 user_home_dir_t:dir relabelto;
 ')
-+
+ ########################################
-+########################################
+ ## <summary>
 +## <summary>
 +##	Relabel to user home files.
 +## </summary>
 +## <param name="domain">
@ -46328,10 +46325,30 @@ index 9dc60c6..41ef467 100644
 +	allow $1 user_home_t:file relabel_file_perms;
 +')
 +
- ########################################
+########################################
- ## <summary>
+## <summary>
 +##	Relabel user home directories.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
 +##	Domain allowed access.
 +##	</summary>
 +## </param>
 +#
 +interface(`userdom_relabel_user_home_dirs',`
 +	gen_require(`
 +		type user_home_dir_t;
 +	')
 +
 +	allow $1 user_home_t:dir relabel_file_perms;
 +')
 +
 +########################################
 +## <summary>
 ##	Create directories in the home dir root with
-@@ -1704,10 +2268,12 @@ interface(`userdom_user_home_domtrans',`
+ ##	the user home directory type.
 ## </summary>
@@ -1704,10 +2285,12 @@ interface(`userdom_user_home_domtrans',`
 #
 interface(`userdom_dontaudit_search_user_home_content',`
 	gen_require(`
@ -46346,7 +46363,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -1741,10 +2307,12 @@ interface(`userdom_list_all_user_home_content',`
+@@ -1741,10 +2324,12 @@ interface(`userdom_list_all_user_home_content',`
 #
 interface(`userdom_list_user_home_content',`
 	gen_require(`
@ -46361,7 +46378,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -1769,7 +2337,7 @@ interface(`userdom_manage_user_home_content_dirs',`
+@@ -1769,7 +2354,7 @@ interface(`userdom_manage_user_home_content_dirs',`
 ########################################
 ## <summary>
@ -46370,7 +46387,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1777,19 +2345,17 @@ interface(`userdom_manage_user_home_content_dirs',`
+@@ -1777,19 +2362,17 @@ interface(`userdom_manage_user_home_content_dirs',`
 ##	</summary>
 ## </param>
 #
@ -46394,7 +46411,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1797,55 +2363,55 @@ interface(`userdom_delete_all_user_home_content_dirs',`
+@@ -1797,55 +2380,55 @@ interface(`userdom_delete_all_user_home_content_dirs',`
 ##	</summary>
 ## </param>
 #
@ -46465,7 +46482,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1853,18 +2419,19 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
+@@ -1853,18 +2436,19 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
 ##	</summary>
 ## </param>
 #
@ -46493,57 +46510,45 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1872,41 +2439,178 @@ interface(`userdom_mmap_user_home_content_files',`
+@@ -1872,17 +2456,151 @@ interface(`userdom_mmap_user_home_content_files',`
 ##	</summary>
 ## </param>
 #
 -interface(`userdom_read_user_home_content_files',`
 -	gen_require(`
 -		type user_home_dir_t, user_home_t;
 -	')
 -
 -	read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
 -	files_search_home($1)
 +interface(`usedom_dontaudit_user_getattr_tmp_sockets',`
 +    gen_require(`
 +        type user_tmp_t;
 +    ')
 +    dontaudit $1 user_tmp_t:sock_file getattr_sock_file_perms;
- ')
+')
- 
+
- ########################################
+########################################
- ## <summary>
+## <summary>
 -##	Do not audit attempts to read user home files.
 +##	Relabel user tmp files.
- ## </summary>
+## </summary>
- ## <param name="domain">
+## <param name="domain">
- ##	<summary>
+##	<summary>
 -##	Domain to not audit.
 +##	Domain allowed access.
- ##	</summary>
+##	</summary>
- ## </param>
+## </param>
 +## <rolecap/>
- #
+#
 -interface(`userdom_dontaudit_read_user_home_content_files',`
 +interface(`userdom_relabel_user_tmp_files',`
- 	gen_require(`
+	gen_require(`
 -		type user_home_t;
 +		type user_tmp_t;
- 	')
+	')
- 
+
 -	dontaudit $1 user_home_t:dir list_dir_perms;
 -	dontaudit $1 user_home_t:file read_file_perms;
 +	allow $1 user_tmp_t:file relabel_file_perms;
- ')
+')
- 
+
- ########################################
+########################################
- ## <summary>
+## <summary>
 -##	Do not audit attempts to append user home files.
 +##	Relabel user tmp files.
- ## </summary>
+## </summary>
- ## <param name="domain">
+## <param name="domain">
- ##	<summary>
+##	<summary>
 -##	Domain to not audit.
 +##	Domain allowed access.
 +##	</summary>
 +## </param>
@ -46628,16 +46633,17 @@ index 9dc60c6..41ef467 100644
 +	gen_require(`
 +		type user_home_dir_t, user_home_t;
 +		attribute user_home_type;
-+	')
+ 	')
-+
+ 
 -	read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
 +	allow $1 user_home_dir_t:lnk_file read_lnk_file_perms;
 +	list_dirs_pattern($1, { user_home_dir_t user_home_type }, { user_home_dir_t user_home_type })
 +	read_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
-+	files_search_home($1)
+ 	files_search_home($1)
-+')
+ ')
-+
+ 
-+########################################
+ ########################################
-+## <summary>
+ ## <summary>
 +##	Do not audit attempts to getattr user home files.
 +## </summary>
 +## <param name="domain">
@ -46657,37 +46663,28 @@ index 9dc60c6..41ef467 100644
 +
 +########################################
 +## <summary>
-+##	Do not audit attempts to read user home files.
+ ##	Do not audit attempts to read user home files.
-+## </summary>
+ ## </summary>
-+## <param name="domain">
+ ## <param name="domain">
-+##	<summary>
+@@ -1893,11 +2611,14 @@ interface(`userdom_read_user_home_content_files',`
-+##	Domain to not audit.
+ #
-+##	</summary>
+ interface(`userdom_dontaudit_read_user_home_content_files',`
-+## </param>
+ 	gen_require(`
-+#
+-		type user_home_t;
 +interface(`userdom_dontaudit_read_user_home_content_files',`
 +	gen_require(`
 +		attribute user_home_type;
 +		type user_home_dir_t;
-+	')
+ 	')
-+
+ 
 -	dontaudit $1 user_home_t:dir list_dir_perms;
 -	dontaudit $1 user_home_t:file read_file_perms;
 +	dontaudit $1 user_home_dir_t:dir list_dir_perms;
 +	dontaudit $1 user_home_type:dir list_dir_perms;
 +	dontaudit $1 user_home_type:file read_file_perms;
 +	dontaudit $1 user_home_type:lnk_file read_lnk_file_perms;
-+')
+ ')
-+
+ 
-+########################################
+ ########################################
-+## <summary>
+@@ -1938,7 +2659,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
 +##	Do not audit attempts to append user home files.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
 +##	Domain to not audit.
 ##	</summary>
 ## </param>
 #
@@ -1938,7 +2642,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
 ########################################
 ## <summary>
@ -46696,7 +46693,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1946,10 +2650,9 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
+@@ -1946,10 +2667,9 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
 ##	</summary>
 ## </param>
 #
@ -46709,7 +46706,7 @@ index 9dc60c6..41ef467 100644
 	')
 	userdom_search_user_home_content($1)
-@@ -1958,7 +2661,7 @@ interface(`userdom_delete_all_user_home_content_files',`
+@@ -1958,7 +2678,7 @@ interface(`userdom_delete_all_user_home_content_files',`
 ########################################
 ## <summary>
@ -46718,7 +46715,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1966,12 +2669,66 @@ interface(`userdom_delete_all_user_home_content_files',`
+@@ -1966,12 +2686,66 @@ interface(`userdom_delete_all_user_home_content_files',`
 ##	</summary>
 ## </param>
 #
@ -46787,7 +46784,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -2007,8 +2764,7 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -2007,8 +2781,7 @@ interface(`userdom_read_user_home_content_symlinks',`
 		type user_home_dir_t, user_home_t;
 	')
@ -46797,7 +46794,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -2024,20 +2780,14 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -2024,20 +2797,14 @@ interface(`userdom_read_user_home_content_symlinks',`
 #
 interface(`userdom_exec_user_home_content_files',`
 	gen_require(`
@ -46822,7 +46819,7 @@ index 9dc60c6..41ef467 100644
 ########################################
 ## <summary>
-@@ -2120,7 +2870,7 @@ interface(`userdom_manage_user_home_content_symlinks',`
+@@ -2120,7 +2887,7 @@ interface(`userdom_manage_user_home_content_symlinks',`
 ########################################
 ## <summary>
@ -46831,7 +46828,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -2128,19 +2878,17 @@ interface(`userdom_manage_user_home_content_symlinks',`
+@@ -2128,19 +2895,17 @@ interface(`userdom_manage_user_home_content_symlinks',`
 ##	</summary>
 ## </param>
 #
@ -46855,7 +46852,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -2148,12 +2896,12 @@ interface(`userdom_delete_all_user_home_content_symlinks',`
+@@ -2148,12 +2913,12 @@ interface(`userdom_delete_all_user_home_content_symlinks',`
 ##	</summary>
 ## </param>
 #
@ -46871,7 +46868,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -2388,18 +3136,54 @@ interface(`userdom_dontaudit_manage_user_tmp_dirs',`
+@@ -2388,18 +3153,54 @@ interface(`userdom_dontaudit_manage_user_tmp_dirs',`
 ##	</summary>
 ## </param>
 #
@ -46929,7 +46926,7 @@ index 9dc60c6..41ef467 100644
 ##	Do not audit attempts to read users
 ##	temporary files.
 ## </summary>
-@@ -2414,7 +3198,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
+@@ -2414,7 +3215,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
 		type user_tmp_t;
 	')
@ -46938,7 +46935,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -2455,6 +3239,25 @@ interface(`userdom_rw_user_tmp_files',`
+@@ -2455,6 +3256,25 @@ interface(`userdom_rw_user_tmp_files',`
 	rw_files_pattern($1, user_tmp_t, user_tmp_t)
 	files_search_tmp($1)
 ')
@ -46964,7 +46961,7 @@ index 9dc60c6..41ef467 100644
 ########################################
 ## <summary>
-@@ -2538,7 +3341,7 @@ interface(`userdom_manage_user_tmp_files',`
+@@ -2538,7 +3358,7 @@ interface(`userdom_manage_user_tmp_files',`
 ########################################
 ## <summary>
 ##	Create, read, write, and delete user
@ -46973,7 +46970,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -2546,19 +3349,19 @@ interface(`userdom_manage_user_tmp_files',`
+@@ -2546,19 +3366,19 @@ interface(`userdom_manage_user_tmp_files',`
 ##	</summary>
 ## </param>
 #
@ -46996,7 +46993,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -2566,19 +3369,19 @@ interface(`userdom_manage_user_tmp_symlinks',`
+@@ -2566,19 +3386,19 @@ interface(`userdom_manage_user_tmp_symlinks',`
 ##	</summary>
 ## </param>
 #
@ -47019,7 +47016,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -2586,12 +3389,53 @@ interface(`userdom_manage_user_tmp_pipes',`
+@@ -2586,19 +3406,60 @@ interface(`userdom_manage_user_tmp_pipes',`
 ##	</summary>
 ## </param>
 #
@ -47031,12 +47028,14 @@ index 9dc60c6..41ef467 100644
 -	manage_sock_files_pattern($1, user_tmp_t, user_tmp_t)
 +    allow $1 user_tmp_t:fifo_file rw_inherited_fifo_file_perms;
-+	files_search_tmp($1)
+ 	files_search_tmp($1)
-+')
+ ')
 +
-+
+ ########################################
-+########################################
+ ## <summary>
-+## <summary>
+-##	Create objects in a user temporary directory
 -##	with an automatic type transition to
 +##	Create, read, write, and delete user
 +##	temporary named pipes.
 +## </summary>
@ -47072,10 +47071,17 @@ index 9dc60c6..41ef467 100644
 +	')
 +
 +	manage_sock_files_pattern($1, user_tmp_t, user_tmp_t)
- 	files_search_tmp($1)
+	files_search_tmp($1)
- ')
+')
- 
+
-@@ -2661,6 +3505,21 @@ interface(`userdom_tmp_filetrans_user_tmp',`
+########################################
 +## <summary>
 +##	Create objects in a user temporary directory
 +##	with an automatic type transition to
 ##	a specified private type.
 ## </summary>
 ## <param name="domain">
@@ -2661,6 +3522,21 @@ interface(`userdom_tmp_filetrans_user_tmp',`
 	files_tmp_filetrans($1, user_tmp_t, $2, $3)
 ')
@ -47097,7 +47103,7 @@ index 9dc60c6..41ef467 100644
 ########################################
 ## <summary>
 ##	Read user tmpfs files.
-@@ -2672,18 +3531,13 @@ interface(`userdom_tmp_filetrans_user_tmp',`
+@@ -2672,18 +3548,13 @@ interface(`userdom_tmp_filetrans_user_tmp',`
 ## </param>
 #
 interface(`userdom_read_user_tmpfs_files',`
@ -47119,7 +47125,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -2692,19 +3546,13 @@ interface(`userdom_read_user_tmpfs_files',`
+@@ -2692,19 +3563,13 @@ interface(`userdom_read_user_tmpfs_files',`
 ## </param>
 #
 interface(`userdom_rw_user_tmpfs_files',`
@ -47142,7 +47148,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -2713,13 +3561,56 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2713,13 +3578,56 @@ interface(`userdom_rw_user_tmpfs_files',`
 ## </param>
 #
 interface(`userdom_manage_user_tmpfs_files',`
@ -47203,7 +47209,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -2814,6 +3705,24 @@ interface(`userdom_use_user_ttys',`
+@@ -2814,6 +3722,24 @@ interface(`userdom_use_user_ttys',`
 ########################################
 ## <summary>
@ -47228,7 +47234,7 @@ index 9dc60c6..41ef467 100644
 ##	Read and write a user domain pty.
 ## </summary>
 ## <param name="domain">
-@@ -2832,22 +3741,34 @@ interface(`userdom_use_user_ptys',`
+@@ -2832,22 +3758,34 @@ interface(`userdom_use_user_ptys',`
 ########################################
 ## <summary>
@ -47271,7 +47277,7 @@ index 9dc60c6..41ef467 100644
 ## </desc>
 ## <param name="domain">
 ##	<summary>
-@@ -2856,14 +3777,33 @@ interface(`userdom_use_user_ptys',`
+@@ -2856,14 +3794,33 @@ interface(`userdom_use_user_ptys',`
 ## </param>
 ## <infoflow type="both" weight="10"/>
 #
@ -47309,7 +47315,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -2882,8 +3822,27 @@ interface(`userdom_dontaudit_use_user_terminals',`
+@@ -2882,8 +3839,27 @@ interface(`userdom_dontaudit_use_user_terminals',`
 		type user_tty_device_t, user_devpts_t;
 	')
@ -47339,7 +47345,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -2955,69 +3914,68 @@ interface(`userdom_spec_domtrans_unpriv_users',`
+@@ -2955,69 +3931,68 @@ interface(`userdom_spec_domtrans_unpriv_users',`
 	allow unpriv_userdomain $1:process sigchld;
 ')
@ -47440,7 +47446,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -3025,12 +3983,12 @@ interface(`userdom_manage_unpriv_user_semaphores',`
+@@ -3025,12 +4000,12 @@ interface(`userdom_manage_unpriv_user_semaphores',`
 ##	</summary>
 ## </param>
 #
@ -47455,7 +47461,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -3094,7 +4052,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -3094,7 +4069,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
 	domain_entry_file_spec_domtrans($1, unpriv_userdomain)
 	allow unpriv_userdomain $1:fd use;
@ -47464,7 +47470,7 @@ index 9dc60c6..41ef467 100644
 	allow unpriv_userdomain $1:process sigchld;
 ')
-@@ -3110,29 +4068,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -3110,29 +4085,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
 #
 interface(`userdom_search_user_home_content',`
 	gen_require(`
@ -47498,7 +47504,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -3214,7 +4156,25 @@ interface(`userdom_dontaudit_use_user_ptys',`
+@@ -3214,7 +4173,25 @@ interface(`userdom_dontaudit_use_user_ptys',`
 		type user_devpts_t;
 	')
@ -47525,7 +47531,7 @@ index 9dc60c6..41ef467 100644
 ')
 ########################################
-@@ -3269,12 +4229,13 @@ interface(`userdom_write_user_tmp_files',`
+@@ -3269,12 +4246,13 @@ interface(`userdom_write_user_tmp_files',`
 		type user_tmp_t;
 	')
@ -47541,7 +47547,7 @@ index 9dc60c6..41ef467 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -3282,49 +4243,125 @@ interface(`userdom_write_user_tmp_files',`
+@@ -3282,46 +4260,122 @@ interface(`userdom_write_user_tmp_files',`
 ##	</summary>
 ## </param>
 #
@ -47599,9 +47605,8 @@ index 9dc60c6..41ef467 100644
 	gen_require(`
 -		attribute userdomain;
 +		type user_tmp_t;
- 	')
+	')
- 
+
 -	allow $1 userdomain:process getattr;
 +	dontaudit $1 user_tmp_t:fifo_file rw_inherited_fifo_file_perms;
 +')
 +
@ -47675,13 +47680,10 @@ index 9dc60c6..41ef467 100644
 +interface(`userdom_getattr_all_users',`
 +	gen_require(`
 +		attribute userdomain;
 +	')
 +
 +	allow $1 userdomain:process getattr;
 	')
- ########################################
+ 	allow $1 userdomain:process getattr;
-@@ -3382,6 +4419,42 @@ interface(`userdom_signal_all_users',`
+@@ -3382,6 +4436,42 @@ interface(`userdom_signal_all_users',`
 	allow $1 userdomain:process signal;
 ')
@ -47724,7 +47726,7 @@ index 9dc60c6..41ef467 100644
 ########################################
 ## <summary>
 ##	Send a SIGCHLD signal to all user domains.
-@@ -3402,6 +4475,60 @@ interface(`userdom_sigchld_all_users',`
+@@ -3402,6 +4492,60 @@ interface(`userdom_sigchld_all_users',`
 ########################################
 ## <summary>
@ -47785,7 +47787,7 @@ index 9dc60c6..41ef467 100644
 ##	Create keys for all user domains.
 ## </summary>
 ## <param name="domain">
-@@ -3435,4 +4562,1687 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3435,4 +4579,1687 @@ interface(`userdom_dbus_send_all_users',`
 	')
 	allow $1 userdomain:dbus send_msg;
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@ -3663,7 +3663,7 @@ index 7caefc3..3009a35 100644
 +/var/run/dirsrv/admin-serv.*	gen_context(system_u:object_r:httpd_var_run_t,s0)
 +/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?       gen_context(system_u:object_r:httpd_var_run_t,s0)
 diff --git a/apache.if b/apache.if
-index f6eb485..164501c 100644
+index f6eb485..a9a5ae2 100644
 --- a/apache.if
 +++ b/apache.if
@@ -1,9 +1,9 @@
@ -3679,7 +3679,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="prefix">
 ##	<summary>
-@@ -13,118 +13,126 @@
+@@ -13,118 +13,128 @@
 #
 template(`apache_content_template',`
 	gen_require(`
@ -3771,6 +3771,7 @@ index f6eb485..164501c 100644
 +
 +	# Type that CGI scripts run as
 +	type $1_script_t,	httpd_script_type;
 +	typealias $1_script_t alias httpd_$1_script_t;
 +	domain_type($1_script_t)
 +	role system_r types $1_script_t;
 +
@ -3779,6 +3780,7 @@ index f6eb485..164501c 100644
 +	# This type is used for executable scripts files
 +	type $1_script_exec_t, httpd_script_exec_type; # customizable;
 +	typeattribute $1_script_exec_t httpd_content_type;
 +	typealias $1_script_exec_t alias httpd_$1_script_exec_t;
 +	domain_entry_file($1_script_t, $1_script_exec_t)
 +
 +	type $1_rw_content_t; # customizable
@ -3901,7 +3903,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="role">
 ##	<summary>
-@@ -133,47 +141,61 @@ template(`apache_content_template',`
+@@ -133,47 +143,61 @@ template(`apache_content_template',`
 ## </param>
 ## <param name="domain">
 ##	<summary>
@ -3992,7 +3994,7 @@ index f6eb485..164501c 100644
 		domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t)
 	')
-@@ -184,7 +206,7 @@ interface(`apache_role',`
+@@ -184,7 +208,7 @@ interface(`apache_role',`
 ########################################
 ## <summary>
@ -4001,7 +4003,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -204,7 +226,7 @@ interface(`apache_read_user_scripts',`
+@@ -204,7 +228,7 @@ interface(`apache_read_user_scripts',`
 ########################################
 ## <summary>
@ -4010,7 +4012,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -224,7 +246,7 @@ interface(`apache_read_user_content',`
+@@ -224,7 +248,7 @@ interface(`apache_read_user_content',`
 ########################################
 ## <summary>
@ -4019,7 +4021,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -241,27 +263,47 @@ interface(`apache_domtrans',`
+@@ -241,27 +265,47 @@ interface(`apache_domtrans',`
 	domtrans_pattern($1, httpd_exec_t, httpd_t)
 ')
@ -4074,7 +4076,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -279,7 +321,7 @@ interface(`apache_signal',`
+@@ -279,7 +323,7 @@ interface(`apache_signal',`
 ########################################
 ## <summary>
@ -4083,7 +4085,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -297,7 +339,7 @@ interface(`apache_signull',`
+@@ -297,7 +341,7 @@ interface(`apache_signull',`
 ########################################
 ## <summary>
@ -4092,7 +4094,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -315,8 +357,7 @@ interface(`apache_sigchld',`
+@@ -315,8 +359,7 @@ interface(`apache_sigchld',`
 ########################################
 ## <summary>
@ -4102,7 +4104,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -334,8 +375,8 @@ interface(`apache_use_fds',`
+@@ -334,8 +377,8 @@ interface(`apache_use_fds',`
 ########################################
 ## <summary>
@ -4113,7 +4115,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -348,13 +389,32 @@ interface(`apache_dontaudit_rw_fifo_file',`
+@@ -348,13 +391,32 @@ interface(`apache_dontaudit_rw_fifo_file',`
 		type httpd_t;
 	')
@ -4149,7 +4151,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -367,13 +427,13 @@ interface(`apache_dontaudit_rw_stream_sockets',`
+@@ -367,13 +429,13 @@ interface(`apache_dontaudit_rw_stream_sockets',`
 		type httpd_t;
 	')
@ -4166,7 +4168,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -391,8 +451,7 @@ interface(`apache_dontaudit_rw_tcp_sockets',`
+@@ -391,8 +453,7 @@ interface(`apache_dontaudit_rw_tcp_sockets',`
 ########################################
 ## <summary>
@ -4176,7 +4178,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -417,7 +476,8 @@ interface(`apache_manage_all_content',`
+@@ -417,7 +478,8 @@ interface(`apache_manage_all_content',`
 ########################################
 ## <summary>
@ -4186,7 +4188,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -435,7 +495,8 @@ interface(`apache_setattr_cache_dirs',`
+@@ -435,7 +497,8 @@ interface(`apache_setattr_cache_dirs',`
 ########################################
 ## <summary>
@ -4196,7 +4198,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -453,7 +514,8 @@ interface(`apache_list_cache',`
+@@ -453,7 +516,8 @@ interface(`apache_list_cache',`
 ########################################
 ## <summary>
@ -4206,7 +4208,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -471,7 +533,8 @@ interface(`apache_rw_cache_files',`
+@@ -471,7 +535,8 @@ interface(`apache_rw_cache_files',`
 ########################################
 ## <summary>
@ -4216,7 +4218,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -489,7 +552,8 @@ interface(`apache_delete_cache_dirs',`
+@@ -489,7 +554,8 @@ interface(`apache_delete_cache_dirs',`
 ########################################
 ## <summary>
@ -4226,7 +4228,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -507,49 +571,51 @@ interface(`apache_delete_cache_files',`
+@@ -507,49 +573,51 @@ interface(`apache_delete_cache_files',`
 ########################################
 ## <summary>
@ -4289,7 +4291,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -570,8 +636,8 @@ interface(`apache_manage_config',`
+@@ -570,8 +638,8 @@ interface(`apache_manage_config',`
 ########################################
 ## <summary>
@ -4300,7 +4302,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -608,16 +674,38 @@ interface(`apache_domtrans_helper',`
+@@ -608,16 +676,38 @@ interface(`apache_domtrans_helper',`
 #
 interface(`apache_run_helper',`
 	gen_require(`
@ -4342,7 +4344,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -639,7 +727,8 @@ interface(`apache_read_log',`
+@@ -639,7 +729,8 @@ interface(`apache_read_log',`
 ########################################
 ## <summary>
@ -4352,7 +4354,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -657,10 +746,29 @@ interface(`apache_append_log',`
+@@ -657,10 +748,29 @@ interface(`apache_append_log',`
 	append_files_pattern($1, httpd_log_t, httpd_log_t)
 ')
@ -4384,7 +4386,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -678,8 +786,8 @@ interface(`apache_dontaudit_append_log',`
+@@ -678,8 +788,8 @@ interface(`apache_dontaudit_append_log',`
 ########################################
 ## <summary>
@ -4395,7 +4397,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -687,20 +795,21 @@ interface(`apache_dontaudit_append_log',`
+@@ -687,20 +797,21 @@ interface(`apache_dontaudit_append_log',`
 ##	</summary>
 ## </param>
 #
@ -4425,7 +4427,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -708,19 +817,21 @@ interface(`apache_manage_log',`
+@@ -708,19 +819,21 @@ interface(`apache_manage_log',`
 ##	</summary>
 ## </param>
 #
@ -4451,7 +4453,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -738,7 +849,8 @@ interface(`apache_dontaudit_search_modules',`
+@@ -738,7 +851,8 @@ interface(`apache_dontaudit_search_modules',`
 ########################################
 ## <summary>
@ -4461,7 +4463,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -746,17 +858,19 @@ interface(`apache_dontaudit_search_modules',`
+@@ -746,17 +860,19 @@ interface(`apache_dontaudit_search_modules',`
 ##	</summary>
 ## </param>
 #
@ -4484,7 +4486,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -764,19 +878,19 @@ interface(`apache_list_modules',`
+@@ -764,19 +880,19 @@ interface(`apache_list_modules',`
 ##	</summary>
 ## </param>
 #
@ -4508,7 +4510,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -784,19 +898,19 @@ interface(`apache_exec_modules',`
+@@ -784,19 +900,19 @@ interface(`apache_exec_modules',`
 ##	</summary>
 ## </param>
 #
@ -4533,7 +4535,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -809,13 +923,50 @@ interface(`apache_domtrans_rotatelogs',`
+@@ -809,13 +925,50 @@ interface(`apache_domtrans_rotatelogs',`
 		type httpd_rotatelogs_t, httpd_rotatelogs_exec_t;
 	')
@ -4586,7 +4588,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -829,13 +980,14 @@ interface(`apache_list_sys_content',`
+@@ -829,13 +982,14 @@ interface(`apache_list_sys_content',`
 	')
 	list_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
@ -4603,7 +4605,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -844,6 +996,7 @@ interface(`apache_list_sys_content',`
+@@ -844,6 +998,7 @@ interface(`apache_list_sys_content',`
 ## </param>
 ## <rolecap/>
 #
@ -4611,7 +4613,7 @@ index f6eb485..164501c 100644
 interface(`apache_manage_sys_content',`
 	gen_require(`
 		type httpd_sys_content_t;
-@@ -855,32 +1008,98 @@ interface(`apache_manage_sys_content',`
+@@ -855,32 +1010,98 @@ interface(`apache_manage_sys_content',`
 	manage_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
 ')
@ -4718,7 +4720,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -888,10 +1107,17 @@ interface(`apache_manage_sys_rw_content',`
+@@ -888,10 +1109,17 @@ interface(`apache_manage_sys_rw_content',`
 ##	</summary>
 ## </param>
 #
@ -4737,7 +4739,7 @@ index f6eb485..164501c 100644
 	')
 	tunable_policy(`httpd_enable_cgi && httpd_unified',`
-@@ -901,9 +1127,8 @@ interface(`apache_domtrans_sys_script',`
+@@ -901,9 +1129,8 @@ interface(`apache_domtrans_sys_script',`
 ########################################
 ## <summary>
@ -4749,7 +4751,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -916,7 +1141,7 @@ interface(`apache_dontaudit_rw_sys_script_stream_sockets',`
+@@ -916,7 +1143,7 @@ interface(`apache_dontaudit_rw_sys_script_stream_sockets',`
 		type httpd_sys_script_t;
 	')
@ -4758,7 +4760,7 @@ index f6eb485..164501c 100644
 ')
 ########################################
-@@ -941,7 +1166,7 @@ interface(`apache_domtrans_all_scripts',`
+@@ -941,7 +1168,7 @@ interface(`apache_domtrans_all_scripts',`
 ########################################
 ## <summary>
 ##	Execute all user scripts in the user
@ -4767,7 +4769,7 @@ index f6eb485..164501c 100644
 ##	to the specified role.
 ## </summary>
 ## <param name="domain">
-@@ -954,6 +1179,7 @@ interface(`apache_domtrans_all_scripts',`
+@@ -954,6 +1181,7 @@ interface(`apache_domtrans_all_scripts',`
 ##	Role allowed access.
 ##	</summary>
 ## </param>
@ -4775,7 +4777,7 @@ index f6eb485..164501c 100644
 #
 interface(`apache_run_all_scripts',`
 	gen_require(`
-@@ -966,7 +1192,8 @@ interface(`apache_run_all_scripts',`
+@@ -966,7 +1194,8 @@ interface(`apache_run_all_scripts',`
 ########################################
 ## <summary>
@ -4785,7 +4787,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -979,12 +1206,13 @@ interface(`apache_read_squirrelmail_data',`
+@@ -979,12 +1208,13 @@ interface(`apache_read_squirrelmail_data',`
 		type httpd_squirrelmail_t;
 	')
@ -4801,7 +4803,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1002,7 +1230,7 @@ interface(`apache_append_squirrelmail_data',`
+@@ -1002,7 +1232,7 @@ interface(`apache_append_squirrelmail_data',`
 ########################################
 ## <summary>
@ -4810,7 +4812,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1015,13 +1243,12 @@ interface(`apache_search_sys_content',`
+@@ -1015,13 +1245,12 @@ interface(`apache_search_sys_content',`
 		type httpd_sys_content_t;
 	')
@ -4825,7 +4827,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1041,7 +1268,7 @@ interface(`apache_read_sys_content',`
+@@ -1041,7 +1270,7 @@ interface(`apache_read_sys_content',`
 ########################################
 ## <summary>
@ -4834,7 +4836,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1059,8 +1286,7 @@ interface(`apache_search_sys_scripts',`
+@@ -1059,8 +1288,7 @@ interface(`apache_search_sys_scripts',`
 ########################################
 ## <summary>
@ -4844,7 +4846,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1071,18 +1297,21 @@ interface(`apache_search_sys_scripts',`
+@@ -1071,18 +1299,21 @@ interface(`apache_search_sys_scripts',`
 #
 interface(`apache_manage_all_user_content',`
 	gen_require(`
@ -4872,7 +4874,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1100,7 +1329,8 @@ interface(`apache_search_sys_script_state',`
+@@ -1100,7 +1331,8 @@ interface(`apache_search_sys_script_state',`
 ########################################
 ## <summary>
@ -4882,7 +4884,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1117,10 +1347,29 @@ interface(`apache_read_tmp_files',`
+@@ -1117,10 +1349,29 @@ interface(`apache_read_tmp_files',`
 	read_files_pattern($1, httpd_tmp_t, httpd_tmp_t)
 ')
@ -4914,7 +4916,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1133,7 +1382,7 @@ interface(`apache_dontaudit_write_tmp_files',`
+@@ -1133,7 +1384,7 @@ interface(`apache_dontaudit_write_tmp_files',`
 		type httpd_tmp_t;
 	')
@ -4923,7 +4925,7 @@ index f6eb485..164501c 100644
 ')
 ########################################
-@@ -1142,6 +1391,9 @@ interface(`apache_dontaudit_write_tmp_files',`
+@@ -1142,6 +1393,9 @@ interface(`apache_dontaudit_write_tmp_files',`
 ## </summary>
 ##	<desc>
 ##	<p>
@ -4933,7 +4935,7 @@ index f6eb485..164501c 100644
 ##	This is an interface to support third party modules
 ##	and its use is not allowed in upstream reference
 ##	policy.
-@@ -1171,8 +1423,31 @@ interface(`apache_cgi_domain',`
+@@ -1171,8 +1425,31 @@ interface(`apache_cgi_domain',`
 ########################################
 ## <summary>
@ -4967,7 +4969,7 @@ index f6eb485..164501c 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1189,18 +1464,19 @@ interface(`apache_cgi_domain',`
+@@ -1189,18 +1466,19 @@ interface(`apache_cgi_domain',`
 interface(`apache_admin',`
 	gen_require(`
 		attribute httpdcontent, httpd_script_exec_type;
@ -4996,7 +4998,7 @@ index f6eb485..164501c 100644
 	init_labeled_script_domtrans($1, httpd_initrc_exec_t)
 	domain_system_change_exemption($1)
-@@ -1210,10 +1486,10 @@ interface(`apache_admin',`
+@@ -1210,10 +1488,10 @@ interface(`apache_admin',`
 	apache_manage_all_content($1)
 	miscfiles_manage_public_files($1)
@ -5010,7 +5012,7 @@ index f6eb485..164501c 100644
 	admin_pattern($1, httpd_log_t)
 	admin_pattern($1, httpd_modules_t)
-@@ -1224,9 +1500,141 @@ interface(`apache_admin',`
+@@ -1224,9 +1502,141 @@ interface(`apache_admin',`
 	admin_pattern($1, httpd_var_run_t)
 	files_pid_filetrans($1, httpd_var_run_t, file)
@ -13851,17 +13853,24 @@ index bbdd396..8328b95 100644
 +    rhcs_rw_cluster_tmpfs(cmirrord_t)
 +')
 diff --git a/cobbler.fc b/cobbler.fc
-index 973d208..2b650a7 100644
+index 973d208..3d2a715 100644
 --- a/cobbler.fc
 +++ b/cobbler.fc
-@@ -4,6 +4,7 @@
+@@ -4,11 +4,14 @@
 /usr/bin/cobblerd	--	gen_context(system_u:object_r:cobblerd_exec_t,s0)
 +/var/cache/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 /var/lib/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 +/var/lib/tftpboot/aarch64(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 /var/lib/tftpboot/etc(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 /var/lib/tftpboot/grub(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 /var/lib/tftpboot/images(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 +/var/lib/tftpboot/images2(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 /var/lib/tftpboot/memdisk	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 /var/lib/tftpboot/menu\.c32	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 /var/lib/tftpboot/ppc(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
 diff --git a/cobbler.if b/cobbler.if
 index c223f81..8b567c1 100644
 --- a/cobbler.if
@ -57709,7 +57718,7 @@ index 0000000..22e6c96
 +/usr/lib/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff --git a/nsplugin.if b/nsplugin.if
 new file mode 100644
-index 0000000..16f4789
+index 0000000..bceb527
 --- /dev/null
 +++ b/nsplugin.if
@@ -0,0 +1,474 @@
@ -57820,7 +57829,7 @@ index 0000000..16f4789
 +	userdom_use_inherited_user_terminals(nsplugin_t)
 +	userdom_use_inherited_user_terminals(nsplugin_config_t)
 +	userdom_dontaudit_setattr_user_home_content_files(nsplugin_t)
-+	userdom_manage_tmpfs_role($1, nsplugin_t)
+	userdom_manage_tmp_role($1, nsplugin_t)
 +
 +	optional_policy(`
 +		pulseaudio_role($1, nsplugin_t)
@ -73112,10 +73121,10 @@ index 6864479..0e7d875 100644
 +/var/lib/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
 +/var/run/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
 diff --git a/pulseaudio.if b/pulseaudio.if
-index 45843b5..116be8a 100644
+index 45843b5..4d1adac 100644
 --- a/pulseaudio.if
 +++ b/pulseaudio.if
-@@ -2,43 +2,48 @@
+@@ -2,43 +2,47 @@
 ########################################
 ## <summary>
@ -73171,7 +73180,6 @@ index 45843b5..116be8a 100644
 -	allow $2 pulseaudio_tmp_t:file { manage_file_perms relabel_file_perms };
 -	allow $2 pulseaudio_tmp_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
 +	userdom_manage_tmp_role($1, pulseaudio_t)
 +	userdom_manage_tmpfs_role($1, pulseaudio_t)
 -	allow pulseaudio_t $2:unix_stream_socket connectto;
 +	allow $2 pulseaudio_t:dbus send_msg;
@ -73179,7 +73187,7 @@ index 45843b5..116be8a 100644
 ')
 ########################################
-@@ -65,9 +70,8 @@ interface(`pulseaudio_domtrans',`
+@@ -65,9 +69,8 @@ interface(`pulseaudio_domtrans',`
 ########################################
 ## <summary>
@ -73191,7 +73199,7 @@ index 45843b5..116be8a 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -82,16 +86,16 @@ interface(`pulseaudio_domtrans',`
+@@ -82,16 +85,16 @@ interface(`pulseaudio_domtrans',`
 #
 interface(`pulseaudio_run',`
 	gen_require(`
@ -73211,7 +73219,7 @@ index 45843b5..116be8a 100644
 ## </summary>
 ## <param name="domain">
 ## <summary>
-@@ -104,13 +108,12 @@ interface(`pulseaudio_exec',`
+@@ -104,13 +107,12 @@ interface(`pulseaudio_exec',`
 		type pulseaudio_exec_t;
 	')
@ -73226,7 +73234,7 @@ index 45843b5..116be8a 100644
 ## </summary>
 ## <param name="domain">
 ## <summary>
-@@ -128,7 +131,7 @@ interface(`pulseaudio_dontaudit_exec',`
+@@ -128,7 +130,7 @@ interface(`pulseaudio_dontaudit_exec',`
 ########################################
 ## <summary>
@ -73235,7 +73243,7 @@ index 45843b5..116be8a 100644
 ##	processes.
 ## </summary>
 ## <param name="domain">
-@@ -147,8 +150,8 @@ interface(`pulseaudio_signull',`
+@@ -147,8 +149,8 @@ interface(`pulseaudio_signull',`
 #####################################
 ## <summary>
@ -73246,7 +73254,7 @@ index 45843b5..116be8a 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -158,11 +161,15 @@ interface(`pulseaudio_signull',`
+@@ -158,11 +160,15 @@ interface(`pulseaudio_signull',`
 #
 interface(`pulseaudio_stream_connect',`
 	gen_require(`
@ -73264,7 +73272,7 @@ index 45843b5..116be8a 100644
 ')
 ########################################
-@@ -188,9 +195,9 @@ interface(`pulseaudio_dbus_chat',`
+@@ -188,9 +194,9 @@ interface(`pulseaudio_dbus_chat',`
 ########################################
 ## <summary>
@ -73276,7 +73284,7 @@ index 45843b5..116be8a 100644
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
-@@ -201,148 +208,190 @@ interface(`pulseaudio_setattr_home_dir',`
+@@ -201,148 +207,190 @@ interface(`pulseaudio_setattr_home_dir',`
 		type pulseaudio_home_t;
 	')
@ -78413,7 +78421,7 @@ index 6d162e4..889c0ed 100644
 userdom_dontaudit_search_user_home_dirs(radvd_t)
 diff --git a/raid.fc b/raid.fc
-index 5806046..d83ec27 100644
+index 5806046..8bce88f 100644
 --- a/raid.fc
 +++ b/raid.fc
@@ -3,6 +3,11 @@
@ -78428,13 +78436,16 @@ index 5806046..d83ec27 100644
 /sbin/iprdump	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 /sbin/iprinit	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 /sbin/iprupdate	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
-@@ -16,6 +21,7 @@
+@@ -16,6 +21,10 @@
 /usr/sbin/iprupdate	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 /usr/sbin/mdadm	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 /usr/sbin/mdmpd	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 +/usr/sbin/mdmon	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 /usr/sbin/raid-check	--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 +/var/log/iprdbg             --  gen_context(system_u:object_r:mdadm_log_t,s0)
 +/var/log/iprdump.*          --  gen_context(system_u:object_r:mdadm_log_t,s0)
 +
 /var/run/mdadm(/.*)?	gen_context(system_u:object_r:mdadm_var_run_t,s0)
 diff --git a/raid.if b/raid.if
 index 951db7f..04b6dde 100644
@ -78652,10 +78663,10 @@ index 951db7f..04b6dde 100644
 +    files_etc_filetrans($1, mdadm_conf_t, file, "mdadm.conf")
 ')
 diff --git a/raid.te b/raid.te
-index c99753f..26d52dc 100644
+index c99753f..0d4e845 100644
 --- a/raid.te
 +++ b/raid.te
-@@ -15,6 +15,15 @@ role mdadm_roles types mdadm_t;
+@@ -15,54 +15,92 @@ role mdadm_roles types mdadm_t;
 type mdadm_initrc_exec_t;
 init_script_file(mdadm_initrc_exec_t)
@ -78671,7 +78682,13 @@ index c99753f..26d52dc 100644
 type mdadm_var_run_t alias mdadm_map_t;
 files_pid_file(mdadm_var_run_t)
 dev_associate(mdadm_var_run_t)
-@@ -25,44 +34,67 @@ dev_associate(mdadm_var_run_t)
+ 
 +type mdadm_log_t;
 +logging_log_file(mdadm_log_t)
 +
 ########################################
 #
 # Local policy
 #
 allow mdadm_t self:capability { dac_override sys_admin ipc_lock };
@ -78699,6 +78716,9 @@ index c99753f..26d52dc 100644
 +files_pid_filetrans(mdadm_t, mdadm_var_run_t, { file dir })
 +dev_filetrans(mdadm_t, mdadm_var_run_t, { file dir sock_file })
 +
 +manage_files_pattern(mdadm_t, mdadm_log_t, mdadm_log_t)
 +logging_log_filetrans(mdadm_t, mdadm_log_t, file)
 +
 +can_exec(mdadm_t, mdadm_exec_t)
 kernel_getattr_core_if(mdadm_t)
@ -78748,7 +78768,7 @@ index c99753f..26d52dc 100644
 mls_file_read_all_levels(mdadm_t)
 mls_file_write_all_levels(mdadm_t)
-@@ -71,15 +103,22 @@ storage_dev_filetrans_fixed_disk(mdadm_t)
+@@ -71,15 +109,22 @@ storage_dev_filetrans_fixed_disk(mdadm_t)
 storage_manage_fixed_disk(mdadm_t)
 storage_read_scsi_generic(mdadm_t)
 storage_write_scsi_generic(mdadm_t)
@ -78772,7 +78792,7 @@ index c99753f..26d52dc 100644
 userdom_dontaudit_use_unpriv_user_fds(mdadm_t)
 userdom_dontaudit_search_user_home_content(mdadm_t)
-@@ -90,17 +129,38 @@ optional_policy(`
+@@ -90,17 +135,38 @@ optional_policy(`
 ')
 optional_policy(`
@ -109583,7 +109603,7 @@ index ae919b9..32cbf8c 100644
 optional_policy(`
 diff --git a/wine.if b/wine.if
-index fd2b6cc..c5ea35d 100644
+index fd2b6cc..9c4f14b 100644
 --- a/wine.if
 +++ b/wine.if
@@ -1,46 +1,58 @@
@ -109696,7 +109716,7 @@ index fd2b6cc..c5ea35d 100644
 	userdom_unpriv_usertype($1, $1_wine_t)
 -	userdom_manage_user_tmpfs_files($1_wine_t)
-+	userdom_manage_tmpfs_role($2, $1_wine_t)
+	userdom_manage_tmp_role($2, $1_wine_t)
 +	userdom_manage_home_role($2 ,$1_wine_t)
 	domain_mmap_low($1_wine_t)
@ -109925,7 +109945,7 @@ index 304ae09..c1d10a1 100644
 -/usr/bin/twm	--	gen_context(system_u:object_r:wm_exec_t,s0)
 +/usr/bin/twm		--	gen_context(system_u:object_r:wm_exec_t,s0)
 diff --git a/wm.if b/wm.if
-index 95f888d..36b2f81 100644
+index 95f888d..48fe249 100644
 --- a/wm.if
 +++ b/wm.if
@@ -1,4 +1,4 @@
@ -109934,7 +109954,7 @@ index 95f888d..36b2f81 100644
 #######################################
 ## <summary>
-@@ -29,69 +29,59 @@
+@@ -29,69 +29,58 @@
 #
 template(`wm_role_template',`
 	gen_require(`
@ -109972,7 +109992,6 @@ index 95f888d..36b2f81 100644
 -	allow $1_wm_t $3:process { signull sigkill };
 +	userdom_manage_home_role($2, $1_wm_t)
 +	userdom_manage_tmpfs_role($2, $1_wm_t)
 +	userdom_manage_tmp_role($2, $1_wm_t)
 +	userdom_exec_user_tmp_files($1_wm_t)
@ -110026,7 +110045,7 @@ index 95f888d..36b2f81 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -104,33 +94,5 @@ interface(`wm_exec',`
+@@ -104,33 +93,5 @@ interface(`wm_exec',`
 		type wm_exec_t;
 	')
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 126%{?dist}
+Release: 127%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -602,6 +602,13 @@ SELinux Reference policy mls base module.
 %endif
 %changelog
 * Tue May 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-127
 - Add missing typealiases in apache_content_template() for script domain/executable.
 - Don't use deprecated userdom_manage_tmpfs_role() interface calliing and use userdom_manage_tmp_role() instead.
 - Add support for new cobbler dir locations:
 - Add support for iprdbg logging files in /var/log.
 - Add relabel_user_home_dirs for use by docker_t
 * Mon Apr 30 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-126
 - allow httpd_t to read nagios lib_var_lib_t to allow rddtool generate graphs which will be shown by httpd .
 - Add nagios_read_lib() interface.