diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 203e848f..b9c19654 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
 
-policy_module(corenetwork, 1.11.4)
+policy_module(corenetwork, 1.11.5)
 
 ########################################
 #
@@ -118,6 +118,7 @@ network_port(jabber_interserver, tcp,5269,s0)
 network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
 network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
 network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
+network_port(kprop, tcp,754,s0)
 network_port(ktalkd, udp,517,s0, udp,518,s0)
 network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
 type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
diff --git a/policy/modules/services/apcupsd.fc b/policy/modules/services/apcupsd.fc
index 36c832ea..cd07b96e 100644
--- a/policy/modules/services/apcupsd.fc
+++ b/policy/modules/services/apcupsd.fc
@@ -1,8 +1,6 @@
 /etc/rc\.d/init\.d/apcupsd	--	gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
 
-ifdef(`distro_debian',`
 /sbin/apcupsd			--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
-')
 
 /usr/sbin/apcupsd		--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
 
diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te
index 3cea8fbe..ee8cf513 100644
--- a/policy/modules/services/apcupsd.te
+++ b/policy/modules/services/apcupsd.te
@@ -1,5 +1,5 @@
 
-policy_module(apcupsd, 1.5.2)
+policy_module(apcupsd, 1.5.3)
 
 ########################################
 #
diff --git a/policy/modules/services/avahi.if b/policy/modules/services/avahi.if
index 74823c8f..a8ecaf3a 100644
--- a/policy/modules/services/avahi.if
+++ b/policy/modules/services/avahi.if
@@ -55,6 +55,24 @@ interface(`avahi_kill',`
 	allow $1 avahi_t:process sigkill;
 ')
 
+########################################
+## <summary>
+##	Send avahi a signull
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`avahi_signull',`
+	gen_require(`
+		type avahi_t;
+	')
+
+	allow $1 avahi_t:process signull;
+')
+
 ########################################
 ## <summary>
 ##	Send and receive messages from
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index 12e4a8cb..d1c43f95 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
 
-policy_module(avahi, 1.10.2)
+policy_module(avahi, 1.10.3)
 
 ########################################
 #
diff --git a/policy/modules/services/bluetooth.fc b/policy/modules/services/bluetooth.fc
index caa93384..dc687e6d 100644
--- a/policy/modules/services/bluetooth.fc
+++ b/policy/modules/services/bluetooth.fc
@@ -15,6 +15,7 @@
 /usr/bin/hidd		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/bin/rfcomm		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 
+/usr/sbin/bluetoothd	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/sbin/hciattach	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/sbin/hcid		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/sbin/hid2hci	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if
index 835c5763..f6028fde 100644
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@@ -173,7 +173,7 @@ interface(`bluetooth_dontaudit_read_helper_state',`
 interface(`bluetooth_admin',`
 	gen_require(`
 		type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
-		type bluetooth_var_lib_t, bluetooth_var_run_t;
+		type bluetooth_spool_t, bluetooth_var_lib_t, bluetooth_var_run_t;
 		type bluetooth_conf_t, bluetooth_conf_rw_t;
 		type bluetooth_initrc_exec_t;
 	')
@@ -196,6 +196,9 @@ interface(`bluetooth_admin',`
 	admin_pattern($1, bluetooth_conf_t)
 	admin_pattern($1, bluetooth_conf_rw_t)
 
+	files_list_spool($1)
+	admin_pattern($1, bluetooth_spool_t)
+
 	files_list_var_lib($1)
 	admin_pattern($1, bluetooth_var_lib_t)
 
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index 227540b3..c5d67be8 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -1,5 +1,5 @@
 
-policy_module(bluetooth, 3.1.2)
+policy_module(bluetooth, 3.1.3)
 
 ########################################
 #
@@ -93,6 +93,7 @@ files_pid_filetrans(bluetooth_t, bluetooth_var_run_t, { file sock_file })
 
 kernel_read_kernel_sysctls(bluetooth_t)
 kernel_read_system_state(bluetooth_t)
+kernel_read_network_state(bluetooth_t)
 
 corenet_all_recvfrom_unlabeled(bluetooth_t)
 corenet_all_recvfrom_netlabel(bluetooth_t)
@@ -147,10 +148,10 @@ optional_policy(`
 	optional_policy(`
 		cups_dbus_chat(bluetooth_t)
 	')
-')
 
-optional_policy(`
-	nis_use_ypbind(bluetooth_t)
+	optional_policy(`
+		hal_dbus_chat(bluetooth_t)
+	')
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/cvs.if b/policy/modules/services/cvs.if
index 718d0aaa..c43ff4c1 100644
--- a/policy/modules/services/cvs.if
+++ b/policy/modules/services/cvs.if
@@ -15,7 +15,9 @@ interface(`cvs_read_data',`
 		type cvs_data_t;
 	')
 
-	allow $1 cvs_data_t:file { getattr read };
+	list_dirs_pattern($1, cvs_data_t, cvs_data_t)
+	read_files_pattern($1, cvs_data_t, cvs_data_t)
+	read_lnk_files_pattern($1, cvs_data_t, cvs_data_t)
 ')
 
 ########################################
diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te
index 09b9969d..0918b43a 100644
--- a/policy/modules/services/cvs.te
+++ b/policy/modules/services/cvs.te
@@ -1,5 +1,5 @@
 
-policy_module(cvs, 1.7.2)
+policy_module(cvs, 1.7.3)
 
 ########################################
 #
diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc
index 5b9d6c04..a328ceab 100644
--- a/policy/modules/services/dnsmasq.fc
+++ b/policy/modules/services/dnsmasq.fc
@@ -4,4 +4,6 @@
 
 /var/lib/misc/dnsmasq\.leases	--	gen_context(system_u:object_r:dnsmasq_lease_t,s0)
 /var/lib/dnsmasq(/.*)?			gen_context(system_u:object_r:dnsmasq_lease_t,s0)
+
 /var/run/dnsmasq\.pid		--	gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+/var/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if
index 6c2dd405..016d1918 100644
--- a/policy/modules/services/dnsmasq.if
+++ b/policy/modules/services/dnsmasq.if
@@ -39,6 +39,25 @@ interface(`dnsmasq_signal',`
 	allow $1 dnsmasq_t:process signal;
 ')
 
+########################################
+## <summary>
+##	Send dnsmasq a signull
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+interface(`dnsmasq_signull',`
+	gen_require(`
+		type dnsmasq_t;
+	')
+
+	allow $1 dnsmasq_t:process signull;
+')
+
 ########################################
 ## <summary>
 ##	Send dnsmasq a kill signal.
@@ -58,6 +77,44 @@ interface(`dnsmasq_kill',`
 	allow $1 dnsmasq_t:process sigkill;
 ')
 
+########################################
+## <summary>
+##	Delete dnsmasq pid files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+interface(`dnsmasq_delete_pid_files',`
+	gen_require(`
+		type dnsmasq_var_run_t;
+	')
+
+	delete_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
+')
+
+########################################
+## <summary>
+##	Read dnsmasq pid files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+interface(`dnsmasq_read_pid_files',`
+	gen_require(`
+		type dnsmasq_var_run_t;
+	')
+
+	read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to administrate 
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
index 26f8ba37..bb77a2f2 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -1,5 +1,5 @@
 
-policy_module(dnsmasq, 1.7.1)
+policy_module(dnsmasq, 1.7.2)
 
 ########################################
 #
@@ -69,23 +69,20 @@ domain_use_interactive_fds(dnsmasq_t)
 
 # allow access to dnsmasq.conf
 files_read_etc_files(dnsmasq_t)
+files_read_etc_runtime_files(dnsmasq_t)
 
 fs_getattr_all_fs(dnsmasq_t)
 fs_search_auto_mountpoints(dnsmasq_t)
 
+auth_use_nsswitch(dnsmasq_t)
+
 logging_send_syslog_msg(dnsmasq_t)
 
 miscfiles_read_localization(dnsmasq_t)
 
-sysnet_read_config(dnsmasq_t)
-
 userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
 userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
 
-optional_policy(`
-	nis_use_ypbind(dnsmasq_t)
-')
-
 optional_policy(`
 	seutil_sigchld_newrole(dnsmasq_t)
 ')
@@ -96,4 +93,5 @@ optional_policy(`
 
 optional_policy(`
 	virt_manage_lib_files(dnsmasq_t)
+	virt_read_pid_files(dnsmasq_t)
 ')
diff --git a/policy/modules/services/kerberos.fc b/policy/modules/services/kerberos.fc
index 4a5974b9..80468315 100644
--- a/policy/modules/services/kerberos.fc
+++ b/policy/modules/services/kerberos.fc
@@ -19,6 +19,7 @@
 
 /var/kerberos/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
 /var/kerberos/krb5kdc/from_master.*	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
+/var/kerberos/krb5kdc/kadm5\.keytab --	gen_context(system_u:object_r:krb5_keytab_t,s0)
 /var/kerberos/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
 /var/kerberos/krb5kdc/principal\.ok	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
 
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index f5f46e47..a66fb18b 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
 
-policy_module(kerberos, 1.9.2)
+policy_module(kerberos, 1.9.3)
 
 ########################################
 #
@@ -290,6 +290,7 @@ corenet_tcp_sendrecv_generic_if(kpropd_t)
 corenet_tcp_sendrecv_generic_node(kpropd_t)
 corenet_tcp_sendrecv_all_ports(kpropd_t)
 corenet_tcp_bind_generic_node(kpropd_t)
+corenet_tcp_bind_kprop_port(kpropd_t)
 
 dev_read_urand(kpropd_t)
 
diff --git a/policy/modules/services/openvpn.fc b/policy/modules/services/openvpn.fc
index 405b5bc7..9c186d2c 100644
--- a/policy/modules/services/openvpn.fc
+++ b/policy/modules/services/openvpn.fc
@@ -2,6 +2,7 @@
 # /etc
 #
 /etc/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_etc_t,s0)
+/etc/openvpn/ipp.txt	--	gen_context(system_u:object_r:openvpn_etc_rw_t,s0)
 /etc/rc\.d/init\.d/openvpn --	gen_context(system_u:object_r:openvpn_initrc_exec_t,s0)
 
 #
diff --git a/policy/modules/services/openvpn.if b/policy/modules/services/openvpn.if
index 18d95e6e..aab62974 100644
--- a/policy/modules/services/openvpn.if
+++ b/policy/modules/services/openvpn.if
@@ -44,6 +44,24 @@ interface(`openvpn_run',`
 	role $2 types openvpn_t;
 ')
 
+########################################
+## <summary>
+##	Send OPENVPN clients the kill signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`openvpn_kill',`
+	gen_require(`
+		type openvpn_t;
+	')
+
+	allow $1 openvpn_t:process sigkill;
+')
+
 ########################################
 ## <summary>
 ##	Send generic signals to OPENVPN clients.
@@ -62,6 +80,24 @@ interface(`openvpn_signal',`
 	allow $1 openvpn_t:process signal;
 ')
 
+########################################
+## <summary>
+##	Send signulls to OPENVPN clients.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`openvpn_signull',`
+	gen_require(`
+		type openvpn_t;
+	')
+
+	allow $1 openvpn_t:process signull;
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to read
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 7ddf99e9..fc95508f 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
 
-policy_module(openvpn, 1.7.2)
+policy_module(openvpn, 1.7.3)
 
 ########################################
 #
@@ -22,6 +22,9 @@ init_daemon_domain(openvpn_t, openvpn_exec_t)
 type openvpn_etc_t;
 files_config_file(openvpn_etc_t)
 
+type openvpn_etc_rw_t;
+files_config_file(openvpn_etc_rw_t)
+
 type openvpn_initrc_exec_t;
 init_script_file(openvpn_initrc_exec_t)
 
@@ -40,6 +43,7 @@ files_pid_file(openvpn_var_run_t)
 
 allow openvpn_t self:capability { dac_read_search dac_override net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
 allow openvpn_t self:process { signal getsched };
+allow openvpn_t self:fifo_file rw_fifo_file_perms;
 
 allow openvpn_t self:unix_dgram_socket { create_socket_perms sendto };
 allow openvpn_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -47,11 +51,13 @@ allow openvpn_t self:udp_socket create_socket_perms;
 allow openvpn_t self:tcp_socket server_stream_socket_perms;
 allow openvpn_t self:netlink_route_socket rw_netlink_socket_perms;
 
-allow openvpn_t openvpn_etc_t:dir list_dir_perms;
 can_exec(openvpn_t, openvpn_etc_t)
 read_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
 read_lnk_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
 
+manage_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t)
+filetrans_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t, file)
+
 allow openvpn_t openvpn_var_log_t:file manage_file_perms;
 logging_log_filetrans(openvpn_t, openvpn_var_log_t, file)
 
@@ -99,6 +105,8 @@ miscfiles_read_certs(openvpn_t)
 
 sysnet_dns_name_resolve(openvpn_t)
 sysnet_exec_ifconfig(openvpn_t)
+sysnet_write_config(openvpn_t)
+sysnet_etc_filetrans_config(openvpn_t)
 
 userdom_use_user_terminals(openvpn_t)
 
diff --git a/policy/modules/services/pcscd.fc b/policy/modules/services/pcscd.fc
index f2df0fc7..87f17e8d 100644
--- a/policy/modules/services/pcscd.fc
+++ b/policy/modules/services/pcscd.fc
@@ -1,5 +1,6 @@
 /var/run/pcscd\.comm	-s	gen_context(system_u:object_r:pcscd_var_run_t,s0)
 /var/run/pcscd\.pid	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
 /var/run/pcscd\.pub	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
+/var/run/pcscd\.events(/.*)?	gen_context(system_u:object_r:pcscd_var_run_t,s0)
 
 /usr/sbin/pcscd		--	gen_context(system_u:object_r:pcscd_exec_t,s0)
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index adefaaeb..ed9e17f5 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -1,5 +1,5 @@
 
-policy_module(pcscd, 1.4.2)
+policy_module(pcscd, 1.4.3)
 
 ########################################
 #
@@ -27,9 +27,10 @@ allow pcscd_t self:unix_stream_socket create_stream_socket_perms;
 allow pcscd_t self:unix_dgram_socket create_socket_perms;
 allow pcscd_t self:tcp_socket create_stream_socket_perms;
 
+manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
-files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file })
+files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
 
 corenet_all_recvfrom_unlabeled(pcscd_t)
 corenet_all_recvfrom_netlabel(pcscd_t)
@@ -56,6 +57,14 @@ miscfiles_read_localization(pcscd_t)
 
 sysnet_dns_name_resolve(pcscd_t)
 
+optional_policy(`
+	dbus_system_bus_client(pcscd_t)
+
+	optional_policy(`
+		hal_dbus_chat(pcscd_t)
+	')
+')
+
 optional_policy(`
 	openct_stream_connect(pcscd_t)
 	openct_read_pid_files(pcscd_t)
diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te
index b37971ce..4f205320 100644
--- a/policy/modules/services/radvd.te
+++ b/policy/modules/services/radvd.te
@@ -1,5 +1,5 @@
 
-policy_module(radvd, 1.10.2)
+policy_module(radvd, 1.10.3)
 
 ########################################
 #
@@ -22,7 +22,7 @@ files_config_file(radvd_etc_t)
 #
 # Local policy
 #
-allow radvd_t self:capability { setgid setuid net_raw };
+allow radvd_t self:capability { setgid setuid net_raw net_admin };
 dontaudit radvd_t self:capability sys_tty_config;
 allow radvd_t self:process signal_perms;
 allow radvd_t self:unix_dgram_socket create_socket_perms;
diff --git a/policy/modules/services/rlogin.te b/policy/modules/services/rlogin.te
index b05c1a86..2b87f325 100644
--- a/policy/modules/services/rlogin.te
+++ b/policy/modules/services/rlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(rlogin, 1.8.2)
+policy_module(rlogin, 1.8.3)
 
 ########################################
 #
@@ -90,9 +90,21 @@ userdom_read_user_home_content_files(rlogind_t)
 remotelogin_domtrans(rlogind_t)
 remotelogin_signal(rlogind_t)
 
+tunable_policy(`use_nfs_home_dirs',`
+	fs_list_nfs(rlogind_t)
+	fs_read_nfs_files(rlogind_t)
+	fs_read_nfs_symlinks(rlogind_t)
+')
+
+tunable_policy(`use_samba_home_dirs',`
+	fs_list_cifs(rlogind_t)
+	fs_read_cifs_files(rlogind_t)
+	fs_read_cifs_symlinks(rlogind_t)
+')
+
 optional_policy(`
-	kerberos_use(rlogind_t)
-	kerberos_read_keytab(rlogind_t)
+	kerberos_keytab_template(rlogind, rlogind_t)
+	kerberos_manage_host_rcache(rlogind_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te
index 9367c216..f9e9396a 100644
--- a/policy/modules/services/rsync.te
+++ b/policy/modules/services/rsync.te
@@ -1,5 +1,5 @@
 
-policy_module(rsync, 1.8.2)
+policy_module(rsync, 1.8.3)
 
 ########################################
 #
@@ -119,5 +119,9 @@ optional_policy(`
 
 tunable_policy(`rsync_export_all_ro',`
 	fs_read_noxattr_fs_files(rsync_t) 
+	auth_read_all_dirs_except_shadow(rsync_t)
 	auth_read_all_files_except_shadow(rsync_t)
+	auth_read_all_symlinks_except_shadow(rsync_t)
+	auth_tunable_read_shadow(rsync_t)
 ')
+auth_can_read_shadow_passwords(rsync_t)
diff --git a/policy/modules/services/stunnel.fc b/policy/modules/services/stunnel.fc
index 2806b91c..c3aec89f 100644
--- a/policy/modules/services/stunnel.fc
+++ b/policy/modules/services/stunnel.fc
@@ -1,6 +1,7 @@
-
 /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
 
+/usr/bin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
+
 /usr/sbin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
 
 /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
index 07929884..43523e91 100644
--- a/policy/modules/services/stunnel.te
+++ b/policy/modules/services/stunnel.te
@@ -1,5 +1,5 @@
 
-policy_module(stunnel, 1.8.2)
+policy_module(stunnel, 1.8.3)
 
 ########################################
 #
@@ -54,6 +54,8 @@ kernel_read_kernel_sysctls(stunnel_t)
 kernel_read_system_state(stunnel_t)
 kernel_read_network_state(stunnel_t)
 
+corecmd_exec_bin(stunnel_t)
+
 corenet_all_recvfrom_unlabeled(stunnel_t)
 corenet_all_recvfrom_netlabel(stunnel_t)
 corenet_tcp_sendrecv_generic_if(stunnel_t)
@@ -105,6 +107,7 @@ ifdef(`distro_gentoo', `
 	dev_read_urand(stunnel_t)
 
 	files_read_etc_files(stunnel_t)
+	files_read_etc_runtime_files(stunnel_t)
 	files_search_home(stunnel_t)
 
 	optional_policy(`
diff --git a/policy/modules/services/sysstat.fc b/policy/modules/services/sysstat.fc
index b319f6af..08d999cf 100644
--- a/policy/modules/services/sysstat.fc
+++ b/policy/modules/services/sysstat.fc
@@ -1,6 +1,6 @@
 
 /usr/lib(64)?/atsar/atsa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
-/usr/lib(64)?/sa/sadc		--	gen_context(system_u:object_r:sysstat_exec_t,s0)
+/usr/lib(64)?/sa/sa.*		--	gen_context(system_u:object_r:sysstat_exec_t,s0)
 /usr/lib(64)?/sysstat/sa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
 
 /var/log/atsar(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te
index 2a81c8e6..7d769bc4 100644
--- a/policy/modules/services/sysstat.te
+++ b/policy/modules/services/sysstat.te
@@ -1,5 +1,5 @@
 
-policy_module(sysstat, 1.4.0)
+policy_module(sysstat, 1.4.1)
 
 ########################################
 #
@@ -19,13 +19,14 @@ logging_log_file(sysstat_log_t)
 # Local policy
 #
 
-allow sysstat_t self:capability sys_resource;
+allow sysstat_t self:capability { sys_resource sys_tty_config };
 dontaudit sysstat_t self:capability sys_admin;
 allow sysstat_t self:fifo_file rw_fifo_file_perms;
 
 can_exec(sysstat_t, sysstat_exec_t)
 
 manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
+read_lnk_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
 logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
 
 # get info from /proc
diff --git a/policy/modules/services/uucp.fc b/policy/modules/services/uucp.fc
index 0ddfd096..e1c0d8d8 100644
--- a/policy/modules/services/uucp.fc
+++ b/policy/modules/services/uucp.fc
@@ -6,4 +6,6 @@
 /var/spool/uucp(/.*)?		gen_context(system_u:object_r:uucpd_spool_t,s0)
 /var/spool/uucppublic(/.*)?	gen_context(system_u:object_r:uucpd_spool_t,s0)
 
+/var/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
+
 /var/log/uucp(/.*)?		gen_context(system_u:object_r:uucpd_log_t,s0)
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
index e5999d67..63c9e594 100644
--- a/policy/modules/services/uucp.te
+++ b/policy/modules/services/uucp.te
@@ -1,5 +1,5 @@
 
-policy_module(uucp, 1.9.2)
+policy_module(uucp, 1.9.3)
 
 ########################################
 #
@@ -10,6 +10,9 @@ type uucpd_exec_t;
 inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
 role system_r types uucpd_t;
 
+type uucpd_lock_t;
+files_lock_file(uucpd_lock_t)
+
 type uucpd_tmp_t;
 files_tmp_file(uucpd_tmp_t)
 
@@ -58,6 +61,10 @@ manage_lnk_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
 
 uucp_manage_spool(uucpd_t)
 
+manage_dirs_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
+manage_files_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
+files_search_locks(uucpd_t)
+
 manage_dirs_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
 manage_files_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
 files_tmp_filetrans(uucpd_t, uucpd_tmp_t, { file dir })