diff --git a/docker-selinux.tgz b/docker-selinux.tgz
index 251805a4..3a4a2721 100644
Binary files a/docker-selinux.tgz and b/docker-selinux.tgz differ
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 337540a5..23edb1df 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -10226,7 +10226,7 @@ index 6a1e4d1..26e5558 100644
 +	dontaudit $1 domain:dir_file_class_set audit_access;
  ')
 diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
-index cf04cb5..7b76b77 100644
+index cf04cb5..b5fe8e5 100644
 --- a/policy/modules/kernel/domain.te
 +++ b/policy/modules/kernel/domain.te
 @@ -4,17 +4,41 @@ policy_module(domain, 1.11.0)
@@ -10379,7 +10379,14 @@ index cf04cb5..7b76b77 100644
  
  # Create/access any System V IPC objects.
  allow unconfined_domain_type domain:{ sem msgq shm } *;
-@@ -166,5 +242,373 @@ allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
+@@ -160,11 +236,379 @@ allow unconfined_domain_type domain:msg { send receive };
+ 
+ # For /proc/pid
+ allow unconfined_domain_type domain:dir list_dir_perms;
+-allow unconfined_domain_type domain:file rw_file_perms;
++allow unconfined_domain_type domain:file manage_file_perms;
+ allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
+ 
  # act on all domains keys
  allow unconfined_domain_type domain:key *;
  
@@ -35025,7 +35032,7 @@ index bc0ffc8..37b8ea5 100644
  ')
 +/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 79a45f6..e69fa39 100644
+index 79a45f6..cf6add7 100644
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
 @@ -1,5 +1,21 @@
@@ -35740,7 +35747,7 @@ index 79a45f6..e69fa39 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -1133,7 +1382,83 @@ interface(`init_getattr_all_script_files',`
+@@ -1133,7 +1382,102 @@ interface(`init_getattr_all_script_files',`
  ##	</summary>
  ## </param>
  #
@@ -35813,6 +35820,25 @@ index 79a45f6..e69fa39 100644
 +
 +########################################
 +## <summary>
++##	Allow the specified domain to modify the systemd configuration of 
++##	transient scripts.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_config_transient_files',`
++	gen_require(`
++		attribute init_var_run_t;
++	')
++
++	allow $1 init_var_run_t:service all_service_perms;
++')
++
++########################################
++## <summary>
 +##	Read all init script files.
 +## </summary>
 +## <param name="domain">
@@ -35825,7 +35851,7 @@ index 79a45f6..e69fa39 100644
  	gen_require(`
  		attribute init_script_file_type;
  	')
-@@ -1144,6 +1469,24 @@ interface(`init_read_all_script_files',`
+@@ -1144,6 +1488,24 @@ interface(`init_read_all_script_files',`
  
  #######################################
  ## <summary>
@@ -35850,7 +35876,7 @@ index 79a45f6..e69fa39 100644
  ##	Dontaudit read all init script files.
  ## </summary>
  ## <param name="domain">
-@@ -1195,12 +1538,7 @@ interface(`init_read_script_state',`
+@@ -1195,12 +1557,7 @@ interface(`init_read_script_state',`
  	')
  
  	kernel_search_proc($1)
@@ -35864,7 +35890,7 @@ index 79a45f6..e69fa39 100644
  ')
  
  ########################################
-@@ -1314,6 +1652,24 @@ interface(`init_signal_script',`
+@@ -1314,6 +1671,24 @@ interface(`init_signal_script',`
  
  ########################################
  ## <summary>
@@ -35889,7 +35915,7 @@ index 79a45f6..e69fa39 100644
  ##	Send null signals to init scripts.
  ## </summary>
  ## <param name="domain">
-@@ -1440,6 +1796,27 @@ interface(`init_dbus_send_script',`
+@@ -1440,6 +1815,27 @@ interface(`init_dbus_send_script',`
  ########################################
  ## <summary>
  ##	Send and receive messages from
@@ -35917,7 +35943,7 @@ index 79a45f6..e69fa39 100644
  ##	init scripts over dbus.
  ## </summary>
  ## <param name="domain">
-@@ -1547,6 +1924,25 @@ interface(`init_getattr_script_status_files',`
+@@ -1547,6 +1943,25 @@ interface(`init_getattr_script_status_files',`
  
  ########################################
  ## <summary>
@@ -35943,7 +35969,7 @@ index 79a45f6..e69fa39 100644
  ##	Do not audit attempts to read init script
  ##	status files.
  ## </summary>
-@@ -1605,6 +2001,24 @@ interface(`init_rw_script_tmp_files',`
+@@ -1605,6 +2020,24 @@ interface(`init_rw_script_tmp_files',`
  
  ########################################
  ## <summary>
@@ -35968,7 +35994,7 @@ index 79a45f6..e69fa39 100644
  ##	Create files in a init script
  ##	temporary data directory.
  ## </summary>
-@@ -1677,6 +2091,43 @@ interface(`init_read_utmp',`
+@@ -1677,6 +2110,43 @@ interface(`init_read_utmp',`
  
  ########################################
  ## <summary>
@@ -36012,7 +36038,7 @@ index 79a45f6..e69fa39 100644
  ##	Do not audit attempts to write utmp.
  ## </summary>
  ## <param name="domain">
-@@ -1765,7 +2216,7 @@ interface(`init_dontaudit_rw_utmp',`
+@@ -1765,7 +2235,7 @@ interface(`init_dontaudit_rw_utmp',`
  		type initrc_var_run_t;
  	')
  
@@ -36021,12 +36047,14 @@ index 79a45f6..e69fa39 100644
  ')
  
  ########################################
-@@ -1806,6 +2257,133 @@ interface(`init_pid_filetrans_utmp',`
+@@ -1806,37 +2276,672 @@ interface(`init_pid_filetrans_utmp',`
  	files_pid_filetrans($1, initrc_var_run_t, file, "utmp")
  ')
  
+-########################################
 +######################################
-+## <summary>
+ ## <summary>
+-##	Allow the specified domain to connect to daemon with a tcp socket
 +##  Allow search  directory in the /run/systemd directory.
 +## </summary>
 +## <param name="domain">
@@ -36085,8 +36113,8 @@ index 79a45f6..e69fa39 100644
 +##  Create objects in /run/systemd directory
 +##  with an automatic type transition to
 +##  a specified private type.
-+## </summary>
-+## <param name="domain">
+ ## </summary>
+ ## <param name="domain">
 +##  <summary>
 +##  Domain allowed access.
 +##  </summary>
@@ -36102,31 +36130,39 @@ index 79a45f6..e69fa39 100644
 +##  </summary>
 +## </param>
 +## <param name="name" optional="true">
-+##	<summary>
+ ##	<summary>
+-##	Domain allowed access.
 +##	The name of the object being created.
-+##	</summary>
-+## </param>
-+#
+ ##	</summary>
+ ## </param>
+ #
+-interface(`init_tcp_recvfrom_all_daemons',`
+-	gen_require(`
+-		attribute daemon;
+-	')
 +interface(`init_pid_filetrans',`
 +    gen_require(`
 +        type init_var_run_t;
 +    ')
-+
+ 
+-	corenet_tcp_recvfrom_labeled($1, daemon)
 +	files_search_pids($1)
 +	filetrans_pattern($1, init_var_run_t, $2, $3, $4)
-+')
-+
+ ')
+ 
+-########################################
 +#######################################
-+## <summary>
+ ## <summary>
+-##	Allow the specified domain to connect to daemon with a udp socket
 +##	Create objects in /run/systemd directory
 +##	with an automatic type transition to
 +##	a specified private type.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+ ##	Domain allowed access.
+ ##	</summary>
+ ## </param>
 +## <param name="private_type">
 +##	<summary>
 +##	The type of the object to create.
@@ -36142,23 +36178,53 @@ index 79a45f6..e69fa39 100644
 +##	The name of the object being created.
 +##	</summary>
 +## </param>
-+#
+ #
+-interface(`init_udp_recvfrom_all_daemons',`
 +interface(`init_named_pid_filetrans',`
-+	gen_require(`
+ 	gen_require(`
+-		attribute daemon;
 +		type init_var_run_t;
-+	')
+ 	')
+-	corenet_udp_recvfrom_labeled($1, daemon)
 +
 +	files_search_pids($1)
 +	filetrans_pattern($1, init_var_run_t, $2, $3, $4)
 +')
 +
- ########################################
- ## <summary>
- ##	Allow the specified domain to connect to daemon with a tcp socket
-@@ -1840,3 +2418,511 @@ interface(`init_udp_recvfrom_all_daemons',`
- 	')
- 	corenet_udp_recvfrom_labeled($1, daemon)
- ')
++########################################
++## <summary>
++##	Allow the specified domain to connect to daemon with a tcp socket
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_tcp_recvfrom_all_daemons',`
++	gen_require(`
++		attribute daemon;
++	')
++
++	corenet_tcp_recvfrom_labeled($1, daemon)
++')
++
++########################################
++## <summary>
++##	Allow the specified domain to connect to daemon with a udp socket
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_udp_recvfrom_all_daemons',`
++	gen_require(`
++		attribute daemon;
++	')
++	corenet_udp_recvfrom_labeled($1, daemon)
++')
 +
 +########################################
 +## <summary>
@@ -36666,7 +36732,7 @@ index 79a45f6..e69fa39 100644
 +
 +	files_search_var_lib($1)
 +    allow $1 init_var_lib_t:dir search_dir_perms;
-+')
+ ')
 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
 index 17eda24..f09c5ae 100644
 --- a/policy/modules/system/init.te
@@ -45402,7 +45468,7 @@ index 40edc18..95f4458 100644
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 +
 diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 2cea692..bf86a31 100644
+index 2cea692..8edb742 100644
 --- a/policy/modules/system/sysnetwork.if
 +++ b/policy/modules/system/sysnetwork.if
 @@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -45819,7 +45885,7 @@ index 2cea692..bf86a31 100644
  	corenet_tcp_sendrecv_generic_if($1)
  	corenet_udp_sendrecv_generic_if($1)
  	corenet_tcp_sendrecv_generic_node($1)
-@@ -796,3 +1053,125 @@ interface(`sysnet_use_portmap',`
+@@ -796,3 +1053,143 @@ interface(`sysnet_use_portmap',`
  
  	sysnet_read_config($1)
  ')
@@ -45945,6 +46011,24 @@ index 2cea692..bf86a31 100644
 +
 +	files_pid_filetrans($1, ifconfig_var_run_t, dir, "netns")
 +')
++
++########################################
++## <summary>
++##	Transition to sysnet ifconfig named content
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`sysnet_filetrans_net_conf',`
++	gen_require(`
++		type net_conf_t;
++	')
++
++	files_etc_filetrans($1, net_conf_t, file)
++')
 diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
 index a392fc4..155d5ce 100644
 --- a/policy/modules/system/sysnetwork.te
@@ -48142,10 +48226,10 @@ index 0000000..ebd6cc8
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..0be65c0
+index 0000000..8c07053
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,930 @@
+@@ -0,0 +1,931 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -48375,6 +48459,7 @@ index 0000000..0be65c0
 +init_signal_script(systemd_logind_t)
 +init_getattr_script_status_files(systemd_logind_t)
 +init_read_utmp(systemd_logind_t)
++init_config_transient_files(systemd_logind_t)
 +
 +getty_systemctl(systemd_logind_t)
 +
@@ -49674,7 +49759,7 @@ index 0abaf84..8b34dbc 100644
 -/usr/lib/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 -')
 diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
-index 5ca20a9..99a38b0 100644
+index 5ca20a9..5454d16 100644
 --- a/policy/modules/system/unconfined.if
 +++ b/policy/modules/system/unconfined.if
 @@ -12,53 +12,57 @@
@@ -49701,7 +49786,8 @@ index 5ca20a9..99a38b0 100644
 +	allow $1 self:process { dyntransition transition };
  
  	# Write access is for setting attributes under /proc/self/attr.
- 	allow $1 self:file rw_file_perms;
+-	allow $1 self:file rw_file_perms;
++	allow $1 self:file manage_file_perms;
 +	allow $1 self:dir rw_dir_perms;
  
  	# Userland object managers
@@ -55573,7 +55659,7 @@ index 9dc60c6..595ad40 100644
 +	')
  ')
 diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
-index f4ac38d..d7cbcec 100644
+index f4ac38d..1589d60 100644
 --- a/policy/modules/system/userdomain.te
 +++ b/policy/modules/system/userdomain.te
 @@ -7,48 +7,43 @@ policy_module(userdomain, 4.9.1)
@@ -55662,7 +55748,7 @@ index f4ac38d..d7cbcec 100644
  type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
  fs_associate_tmpfs(user_home_dir_t)
  files_type(user_home_dir_t)
-@@ -70,26 +83,395 @@ ubac_constrained(user_home_dir_t)
+@@ -70,26 +83,396 @@ ubac_constrained(user_home_dir_t)
  
  type user_home_t alias { staff_home_t sysadm_home_t secadm_home_t auditadm_home_t unconfined_home_t };
  typealias user_home_t alias { staff_untrusted_content_t sysadm_untrusted_content_t secadm_untrusted_content_t auditadm_untrusted_content_t unconfined_untrusted_content_t };
@@ -55729,6 +55815,7 @@ index f4ac38d..d7cbcec 100644
 +# Nautilus causes this avc
 +domain_dontaudit_access_check(unpriv_userdomain)
 +dontaudit unpriv_userdomain self:dir setattr;
++allow unpriv_userdomain self:file manage_file_perms;
 +allow unpriv_userdomain self:key manage_key_perms;
 +
 +mount_dontaudit_write_mount_pid(unpriv_userdomain)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 0203074c..ff0837a3 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -58759,7 +58759,7 @@ index 86dc29d..7380935 100644
 +	logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
  ')
 diff --git a/networkmanager.te b/networkmanager.te
-index 55f2009..ab2d757 100644
+index 55f2009..debb78b 100644
 --- a/networkmanager.te
 +++ b/networkmanager.te
 @@ -9,15 +9,18 @@ type NetworkManager_t;
@@ -58965,7 +58965,7 @@ index 55f2009..ab2d757 100644
  
  seutil_read_config(NetworkManager_t)
  
-@@ -166,21 +205,36 @@ sysnet_kill_dhcpc(NetworkManager_t)
+@@ -166,21 +205,37 @@ sysnet_kill_dhcpc(NetworkManager_t)
  sysnet_read_dhcpc_state(NetworkManager_t)
  sysnet_delete_dhcpc_state(NetworkManager_t)
  sysnet_search_dhcp_state(NetworkManager_t)
@@ -58973,6 +58973,7 @@ index 55f2009..ab2d757 100644
  sysnet_manage_config(NetworkManager_t)
 -sysnet_etc_filetrans_config(NetworkManager_t)
 +sysnet_filetrans_named_content(NetworkManager_t)
++sysnet_filetrans_net_conf(NetworkManager_t)
  
 -# certificates in user home directories (cert_home_t in ~/\.pki)
 -userdom_read_user_home_content_files(NetworkManager_t)
@@ -59006,7 +59007,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -196,10 +250,6 @@ optional_policy(`
+@@ -196,10 +251,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -59017,7 +59018,7 @@ index 55f2009..ab2d757 100644
  	consoletype_exec(NetworkManager_t)
  ')
  
-@@ -210,31 +260,34 @@ optional_policy(`
+@@ -210,31 +261,34 @@ optional_policy(`
  optional_policy(`
  	dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
  
@@ -59060,7 +59061,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -246,10 +299,26 @@ optional_policy(`
+@@ -246,10 +300,26 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -59087,7 +59088,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -257,15 +326,19 @@ optional_policy(`
+@@ -257,15 +327,19 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -59109,7 +59110,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -274,10 +347,17 @@ optional_policy(`
+@@ -274,10 +348,17 @@ optional_policy(`
  	nscd_signull(NetworkManager_t)
  	nscd_kill(NetworkManager_t)
  	nscd_initrc_domtrans(NetworkManager_t)
@@ -59127,7 +59128,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -286,9 +366,12 @@ optional_policy(`
+@@ -286,9 +367,12 @@ optional_policy(`
  	openvpn_kill(NetworkManager_t)
  	openvpn_signal(NetworkManager_t)
  	openvpn_signull(NetworkManager_t)
@@ -59140,7 +59141,7 @@ index 55f2009..ab2d757 100644
  	policykit_domtrans_auth(NetworkManager_t)
  	policykit_read_lib(NetworkManager_t)
  	policykit_read_reload(NetworkManager_t)
-@@ -296,7 +379,7 @@ optional_policy(`
+@@ -296,7 +380,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -59149,7 +59150,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -307,6 +390,7 @@ optional_policy(`
+@@ -307,6 +391,7 @@ optional_policy(`
  	ppp_signal(NetworkManager_t)
  	ppp_signull(NetworkManager_t)
  	ppp_read_config(NetworkManager_t)
@@ -59157,7 +59158,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -320,14 +404,21 @@ optional_policy(`
+@@ -320,14 +405,21 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -59184,7 +59185,7 @@ index 55f2009..ab2d757 100644
  ')
  
  optional_policy(`
-@@ -338,6 +429,13 @@ optional_policy(`
+@@ -338,6 +430,13 @@ optional_policy(`
  	vpn_relabelfrom_tun_socket(NetworkManager_t)
  ')
  
@@ -59198,7 +59199,7 @@ index 55f2009..ab2d757 100644
  ########################################
  #
  # wpa_cli local policy
-@@ -357,6 +455,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
+@@ -357,6 +456,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
  init_dontaudit_use_fds(wpa_cli_t)
  init_use_script_ptys(wpa_cli_t)
  
@@ -112661,7 +112662,7 @@ index facdee8..816d860 100644
 +        ps_process_pattern(virtd_t, $1)
  ')
 diff --git a/virt.te b/virt.te
-index f03dcf5..5b78d90 100644
+index f03dcf5..8d090ad 100644
 --- a/virt.te
 +++ b/virt.te
 @@ -1,451 +1,402 @@
@@ -114235,7 +114236,7 @@ index f03dcf5..5b78d90 100644
  selinux_get_enforce_mode(virtd_lxc_t)
  selinux_get_fs_mount(virtd_lxc_t)
  selinux_validate_context(virtd_lxc_t)
-@@ -974,194 +1250,354 @@ selinux_compute_create_context(virtd_lxc_t)
+@@ -974,194 +1250,355 @@ selinux_compute_create_context(virtd_lxc_t)
  selinux_compute_relabel_context(virtd_lxc_t)
  selinux_compute_user_contexts(virtd_lxc_t)
  
@@ -114300,6 +114301,7 @@ index f03dcf5..5b78d90 100644
 +dev_dontaudit_mounton_sysfs(svirt_sandbox_domain)
 +
 +fs_dontaudit_remount_tmpfs(svirt_sandbox_domain)
++fs_rw_onload_sockets(svirt_sandbox_domain)
 +
 +tunable_policy(`deny_ptrace',`',`
 +	allow svirt_sandbox_domain self:process ptrace;
@@ -114731,7 +114733,7 @@ index f03dcf5..5b78d90 100644
  allow virt_qmf_t self:tcp_socket create_stream_socket_perms;
  allow virt_qmf_t self:netlink_route_socket create_netlink_socket_perms;
  
-@@ -1174,12 +1610,12 @@ dev_read_sysfs(virt_qmf_t)
+@@ -1174,12 +1611,12 @@ dev_read_sysfs(virt_qmf_t)
  dev_read_rand(virt_qmf_t)
  dev_read_urand(virt_qmf_t)
  
@@ -114746,7 +114748,7 @@ index f03dcf5..5b78d90 100644
  sysnet_read_config(virt_qmf_t)
  
  optional_policy(`
-@@ -1192,7 +1628,7 @@ optional_policy(`
+@@ -1192,7 +1629,7 @@ optional_policy(`
  
  ########################################
  #
@@ -114755,7 +114757,7 @@ index f03dcf5..5b78d90 100644
  #
  
  allow virt_bridgehelper_t self:process { setcap getcap };
-@@ -1201,11 +1637,255 @@ allow virt_bridgehelper_t self:tcp_socket create_stream_socket_perms;
+@@ -1201,11 +1638,255 @@ allow virt_bridgehelper_t self:tcp_socket create_stream_socket_perms;
  allow virt_bridgehelper_t self:tun_socket create_socket_perms;
  allow virt_bridgehelper_t self:unix_dgram_socket create_socket_perms;
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 12b56724..945fe287 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 195%{?dist}
+Release: 196%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -647,6 +647,13 @@ exit 0
 %endif
 
 %changelog
+* Mon Jun 13 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-196
+- Allow svirt_sandbox_domains to r/w onload sockets
+- Add filetrans rule that NetworkManager_t can create net_conf_t files in /etc.
+- Add interface sysnet_filetrans_named_net_conf()
+- Rawhide fails to boot, systemd-logind needs to config transient config files
+- User Namespace is requires create on process domains
+
 * Thu Jun 08 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-195
 - Add hwloc-dump-hwdata SELinux policy
 - Add labels for mediawiki123