diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index e70cd11b..51ae2285 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -33773,7 +33773,7 @@ index 247958765..890e1e293 100644
  /var/(db|adm)/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
  /var/lib/sudo(/.*)?	gen_context(system_u:object_r:pam_var_run_t,s0)
 diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
-index 3efd5b669..190c29841 100644
+index 3efd5b669..a8cb6df3d 100644
 --- a/policy/modules/system/authlogin.if
 +++ b/policy/modules/system/authlogin.if
 @@ -23,11 +23,17 @@ interface(`auth_role',`
@@ -34088,7 +34088,7 @@ index 3efd5b669..190c29841 100644
  ##	Read the shadow passwords file (/etc/shadow)
  ## </summary>
  ## <param name="domain">
-@@ -664,6 +777,10 @@ interface(`auth_manage_shadow',`
+@@ -664,6 +777,11 @@ interface(`auth_manage_shadow',`
  
  	allow $1 shadow_t:file manage_file_perms;
  	typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
@@ -34096,10 +34096,11 @@ index 3efd5b669..190c29841 100644
 +	files_var_filetrans($1, shadow_t, file, "shadow-")
 +	files_etc_filetrans($1, shadow_t, file, "gshadow")
 +	files_etc_filetrans($1, shadow_t, file, "nshadow")
++	files_etc_filetrans($1, shadow_t, file, "opasswd")
  ')
  
  #######################################
-@@ -763,7 +880,50 @@ interface(`auth_rw_faillog',`
+@@ -763,7 +881,50 @@ interface(`auth_rw_faillog',`
  	')
  
  	logging_search_logs($1)
@@ -34151,7 +34152,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  #######################################
-@@ -824,9 +984,29 @@ interface(`auth_rw_lastlog',`
+@@ -824,9 +985,29 @@ interface(`auth_rw_lastlog',`
  	allow $1 lastlog_t:file { rw_file_perms lock setattr };
  ')
  
@@ -34182,7 +34183,7 @@ index 3efd5b669..190c29841 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -834,12 +1014,27 @@ interface(`auth_rw_lastlog',`
+@@ -834,12 +1015,27 @@ interface(`auth_rw_lastlog',`
  ##	</summary>
  ## </param>
  #
@@ -34213,7 +34214,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  ########################################
-@@ -854,15 +1049,15 @@ interface(`auth_domtrans_pam',`
+@@ -854,15 +1050,15 @@ interface(`auth_domtrans_pam',`
  #
  interface(`auth_signal_pam',`
  	gen_require(`
@@ -34232,7 +34233,7 @@ index 3efd5b669..190c29841 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -875,13 +1070,33 @@ interface(`auth_signal_pam',`
+@@ -875,13 +1071,33 @@ interface(`auth_signal_pam',`
  ##	</summary>
  ## </param>
  #
@@ -34270,7 +34271,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  ########################################
-@@ -959,9 +1174,30 @@ interface(`auth_manage_var_auth',`
+@@ -959,9 +1175,30 @@ interface(`auth_manage_var_auth',`
  	')
  
  	files_search_var($1)
@@ -34304,7 +34305,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  ########################################
-@@ -1040,6 +1276,10 @@ interface(`auth_manage_pam_pid',`
+@@ -1040,6 +1277,10 @@ interface(`auth_manage_pam_pid',`
  	files_search_pids($1)
  	allow $1 pam_var_run_t:dir manage_dir_perms;
  	allow $1 pam_var_run_t:file manage_file_perms;
@@ -34315,7 +34316,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  ########################################
-@@ -1176,6 +1416,7 @@ interface(`auth_manage_pam_console_data',`
+@@ -1176,6 +1417,7 @@ interface(`auth_manage_pam_console_data',`
  	files_search_pids($1)
  	manage_files_pattern($1, pam_var_console_t, pam_var_console_t)
  	manage_lnk_files_pattern($1, pam_var_console_t, pam_var_console_t)
@@ -34323,7 +34324,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  #######################################
-@@ -1576,6 +1817,25 @@ interface(`auth_setattr_login_records',`
+@@ -1576,6 +1818,25 @@ interface(`auth_setattr_login_records',`
  
  ########################################
  ## <summary>
@@ -34349,7 +34350,7 @@ index 3efd5b669..190c29841 100644
  ##	Read login records files (/var/log/wtmp).
  ## </summary>
  ## <param name="domain">
-@@ -1726,24 +1986,63 @@ interface(`auth_manage_login_records',`
+@@ -1726,24 +1987,63 @@ interface(`auth_manage_login_records',`
  
  	logging_rw_generic_log_dirs($1)
  	allow $1 wtmp_t:file manage_file_perms;
@@ -34417,7 +34418,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  ########################################
-@@ -1767,11 +2066,13 @@ interface(`auth_relabel_login_records',`
+@@ -1767,11 +2067,13 @@ interface(`auth_relabel_login_records',`
  ## <infoflow type="both" weight="10"/>
  #
  interface(`auth_use_nsswitch',`
@@ -34434,7 +34435,7 @@ index 3efd5b669..190c29841 100644
  ')
  
  ########################################
-@@ -1805,3 +2106,298 @@ interface(`auth_unconfined',`
+@@ -1805,3 +2107,298 @@ interface(`auth_unconfined',`
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -34734,7 +34735,7 @@ index 3efd5b669..190c29841 100644
 +	allow $1 login_pgm:key manage_key_perms;
 +')
 diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
-index 09b791dcc..385cd6d79 100644
+index 09b791dcc..2d255df93 100644
 --- a/policy/modules/system/authlogin.te
 +++ b/policy/modules/system/authlogin.te
 @@ -5,6 +5,19 @@ policy_module(authlogin, 2.5.1)
@@ -34949,12 +34950,11 @@ index 09b791dcc..385cd6d79 100644
  allow updpwd_t self:process setfscreate;
  allow updpwd_t self:fifo_file rw_fifo_file_perms;
  allow updpwd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -341,6 +362,12 @@ kernel_read_system_state(updpwd_t)
+@@ -341,6 +362,11 @@ kernel_read_system_state(updpwd_t)
  dev_read_urand(updpwd_t)
  
  files_manage_etc_files(updpwd_t)
 +auth_manage_passwd(updpwd_t)
-+auth_filetrans_named_content(updpwd_t)
 +
 +mls_file_read_all_levels(updpwd_t)
 +mls_file_write_all_levels(updpwd_t)
@@ -34962,7 +34962,7 @@ index 09b791dcc..385cd6d79 100644
  
  term_dontaudit_use_console(updpwd_t)
  term_dontaudit_use_unallocated_ttys(updpwd_t)
-@@ -350,9 +377,7 @@ auth_use_nsswitch(updpwd_t)
+@@ -350,9 +376,7 @@ auth_use_nsswitch(updpwd_t)
  
  logging_send_syslog_msg(updpwd_t)
  
@@ -34973,7 +34973,7 @@ index 09b791dcc..385cd6d79 100644
  
  ifdef(`distro_ubuntu',`
  	optional_policy(`
-@@ -380,13 +405,15 @@ term_dontaudit_use_all_ttys(utempter_t)
+@@ -380,13 +404,15 @@ term_dontaudit_use_all_ttys(utempter_t)
  term_dontaudit_use_all_ptys(utempter_t)
  term_dontaudit_use_ptmx(utempter_t)
  
@@ -34990,7 +34990,7 @@ index 09b791dcc..385cd6d79 100644
  # Allow utemper to write to /tmp/.xses-*
  userdom_write_user_tmp_files(utempter_t)
  
-@@ -397,19 +424,29 @@ ifdef(`distro_ubuntu',`
+@@ -397,19 +423,29 @@ ifdef(`distro_ubuntu',`
  ')
  
  optional_policy(`
@@ -35024,7 +35024,7 @@ index 09b791dcc..385cd6d79 100644
  files_list_var_lib(nsswitch_domain)
  
  # read /etc/nsswitch.conf
-@@ -417,15 +454,42 @@ files_read_etc_files(nsswitch_domain)
+@@ -417,15 +453,42 @@ files_read_etc_files(nsswitch_domain)
  
  sysnet_dns_name_resolve(nsswitch_domain)
  
@@ -35069,7 +35069,7 @@ index 09b791dcc..385cd6d79 100644
  		ldap_stream_connect(nsswitch_domain)
  	')
  ')
-@@ -438,6 +502,7 @@ optional_policy(`
+@@ -438,6 +501,7 @@ optional_policy(`
  	likewise_stream_connect_lsassd(nsswitch_domain)
  ')
  
@@ -35077,7 +35077,7 @@ index 09b791dcc..385cd6d79 100644
  optional_policy(`
  	kerberos_use(nsswitch_domain)
  ')
-@@ -456,10 +521,159 @@ optional_policy(`
+@@ -456,10 +520,159 @@ optional_policy(`
  
  optional_policy(`
  	sssd_stream_connect(nsswitch_domain)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index cffbeb56..93a3a6c4 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -23508,7 +23508,7 @@ index 62d22cb46..c0c2ed47d 100644
 +	manage_dirs_pattern($1, session_dbusd_tmp_t, session_dbusd_tmp_t)
  ')
 diff --git a/dbus.te b/dbus.te
-index c9998c80d..131d809ae 100644
+index c9998c80d..d7910970e 100644
 --- a/dbus.te
 +++ b/dbus.te
 @@ -4,17 +4,15 @@ gen_require(`
@@ -23657,7 +23657,7 @@ index c9998c80d..131d809ae 100644
 +init_domtrans_script(system_dbusd_t)
 +init_rw_stream_sockets(system_dbusd_t)
 +init_status(system_dbusd_t)
-+init_start_system(system_dbusd_t) # needed by dbus-broker
++init_start(system_dbusd_t) # needed by dbus-broker
  
  logging_send_audit_msgs(system_dbusd_t)
  logging_send_syslog_msg(system_dbusd_t)
@@ -43317,7 +43317,7 @@ index 000000000..bd7e7fa17
 +')
 diff --git a/keepalived.te b/keepalived.te
 new file mode 100644
-index 000000000..7395ac19a
+index 000000000..e5b8b3bbf
 --- /dev/null
 +++ b/keepalived.te
 @@ -0,0 +1,100 @@
@@ -43346,8 +43346,8 @@ index 000000000..7395ac19a
 +# keepalived local policy
 +#
 +
-+allow keepalived_t self:capability { net_admin net_raw kill dac_read_search setpgid sys_ptrace };
-+allow keepalived_t self:process { signal_perms };
++allow keepalived_t self:capability { net_admin net_raw kill dac_read_search sys_ptrace };
++allow keepalived_t self:process { signal_perms setpgid };
 +allow keepalived_t self:netlink_socket create_socket_perms;
 +allow keepalived_t self:netlink_generic_socket create_socket_perms;
 +allow keepalived_t self:netlink_netfilter_socket create_socket_perms;