diff --git a/policy-F13.patch b/policy-F13.patch
index 6a5742b1..6efa28d4 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -12627,8 +12627,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +/var/run/cgred.*		gen_context(system_u:object_r:cgred_var_run_t, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.7.5/policy/modules/services/cgroup.if
 --- nsaserefpolicy/policy/modules/services/cgroup.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.5/policy/modules/services/cgroup.if	2009-12-22 11:07:12.000000000 -0500
-@@ -0,0 +1,52 @@
++++ serefpolicy-3.7.5/policy/modules/services/cgroup.if	2009-12-22 14:42:11.000000000 -0500
+@@ -0,0 +1,34 @@
 +## <summary>Control group rules engine daemon.</summary>
 +## <desc>
 +##	<p>
@@ -12655,35 +12655,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
 +##	</summary>
 +## </param>
 +#
-+interface(`cgroup_cgred_rw_pid_sock_file', `
++interface(`cgroup_stream_connect', `
 +	gen_require(`
-+		type cgred_var_run_t;
++		type cgred_var_run_t, cgred_t;
 +	')
 +
-+	rw_sock_files_pattern($1, cgred_var_run_t, cgred_var_run_t)
 +	files_search_pids($1)
-+')
-+
-+########################################
-+## <summary>
-+##	Unix stream socket connect to cgred.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`cgroup_cgred_stream_connect', `
-+	gen_require(`
-+		type cgred_t;
-+	')
-+
-+	allow $1 cgred_t:unix_stream_socket connectto;
++	stream_connect_pattern($1, cgred_var_run_t, cgred_var_run_t, cgred_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.5/policy/modules/services/cgroup.te
 --- nsaserefpolicy/policy/modules/services/cgroup.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.5/policy/modules/services/cgroup.te	2009-12-22 11:05:59.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/services/cgroup.te	2009-12-22 14:55:46.000000000 -0500
 @@ -0,0 +1,88 @@
 +policy_module(cgroup, 1.0.0)
 +
@@ -15011,7 +14993,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  /var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.5/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.5/policy/modules/services/dovecot.te	2009-12-21 13:07:09.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/services/dovecot.te	2009-12-22 15:39:45.000000000 -0500
 @@ -56,7 +56,7 @@
  
  allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot };
@@ -15084,7 +15066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
  allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
  allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
  
-@@ -260,3 +274,14 @@
+@@ -260,3 +274,17 @@
  optional_policy(`
  	mta_manage_spool(dovecot_deliver_t)
  ')
@@ -15092,13 +15074,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +tunable_policy(`use_nfs_home_dirs',`
 +	fs_manage_nfs_files(dovecot_deliver_t)
 +	fs_manage_nfs_symlinks(dovecot_deliver_t)
++	fs_manage_nfs_files(dovecot_t)
++	fs_manage_nfs_symlinks(dovecot_t)
 +')
 +
 +tunable_policy(`use_samba_home_dirs',`
 +	fs_manage_cifs_files(dovecot_deliver_t)
 +	fs_manage_cifs_symlinks(dovecot_deliver_t)
++	fs_manage_cifs_files(dovecot_t)
++	fs_manage_cifs_symlinks(dovecot_t)
 +')
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.5/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2009-08-14 16:14:31.000000000 -0400
 +++ serefpolicy-3.7.5/policy/modules/services/exim.te	2009-12-21 13:07:09.000000000 -0500
@@ -22975,7 +22960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.5/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.5/policy/modules/services/sendmail.te	2009-12-21 13:07:09.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/services/sendmail.te	2009-12-22 14:55:43.000000000 -0500
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -22992,7 +22977,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 -allow sendmail_t self:capability { setuid setgid net_bind_service sys_nice chown sys_tty_config };
 -allow sendmail_t self:process signal;
 +allow sendmail_t self:capability { dac_override setuid setgid net_bind_service sys_nice chown sys_tty_config };
-+allow sendmail_t self:process { setrlimit signal signull };
++allow sendmail_t self:process { setpgid setrlimit signal signull };
  allow sendmail_t self:fifo_file rw_fifo_file_perms;
  allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
  allow sendmail_t self:unix_dgram_socket create_socket_perms;
@@ -28068,7 +28053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.5/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2009-11-12 12:51:51.000000000 -0500
-+++ serefpolicy-3.7.5/policy/modules/system/init.te	2009-12-22 10:22:45.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/system/init.te	2009-12-22 14:38:31.000000000 -0500
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart, false)
@@ -28427,7 +28412,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	files_create_boot_flag(initrc_t)
  	files_rw_boot_symlinks(initrc_t)
  	# wants to read /.fonts directory
-@@ -492,15 +554,27 @@
+@@ -492,15 +554,26 @@
  	optional_policy(`
  		bind_manage_config_dirs(initrc_t)
  		bind_write_config(initrc_t)
@@ -28435,8 +28420,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +	')
 +
 +	optional_policy(`
-+		cgroup_cgrulesengd_rw_pid_sock_file(initrc_t)
-+		cgroup_cgrulesengd_stream_connect(initrc_t)
++		cgroup_stream_connect(initrc_t)
 +	')
 +
 +	optional_policy(`
@@ -28455,7 +28439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	')
  
  	optional_policy(`
-@@ -515,6 +589,33 @@
+@@ -515,6 +588,33 @@
  	')
  ')
  
@@ -28489,7 +28473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  optional_policy(`
  	amavis_search_lib(initrc_t)
  	amavis_setattr_pid_files(initrc_t)
-@@ -567,10 +668,19 @@
+@@ -567,10 +667,19 @@
  	dbus_connect_system_bus(initrc_t)
  	dbus_system_bus_client(initrc_t)
  	dbus_read_config(initrc_t)
@@ -28509,7 +28493,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -590,6 +700,10 @@
+@@ -590,6 +699,10 @@
  ')
  
  optional_policy(`
@@ -28520,7 +28504,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	dev_read_usbfs(initrc_t)
  
  	# init scripts run /etc/hotplug/usb.rc
-@@ -646,20 +760,20 @@
+@@ -646,20 +759,20 @@
  ')
  
  optional_policy(`
@@ -28547,7 +28531,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  
  optional_policy(`
  	ifdef(`distro_redhat',`
-@@ -668,6 +782,7 @@
+@@ -668,6 +781,7 @@
  
  	mysql_stream_connect(initrc_t)
  	mysql_write_log(initrc_t)
@@ -28555,7 +28539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -700,7 +815,6 @@
+@@ -700,7 +814,6 @@
  ')
  
  optional_policy(`
@@ -28563,7 +28547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	fs_write_ramfs_sockets(initrc_t)
  	fs_search_ramfs(initrc_t)
  
-@@ -722,8 +836,6 @@
+@@ -722,8 +835,6 @@
  	# bash tries ioctl for some reason
  	files_dontaudit_ioctl_all_pids(initrc_t)
  
@@ -28572,7 +28556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -736,13 +848,16 @@
+@@ -736,13 +847,16 @@
  	squid_manage_logs(initrc_t)
  ')
  
@@ -28589,7 +28573,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -751,6 +866,7 @@
+@@ -751,6 +865,7 @@
  
  optional_policy(`
  	udev_rw_db(initrc_t)
@@ -28597,7 +28581,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -758,6 +874,15 @@
+@@ -758,6 +873,15 @@
  ')
  
  optional_policy(`
@@ -28613,7 +28597,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	unconfined_domain(initrc_t)
  
  	ifdef(`distro_redhat',`
-@@ -768,6 +893,21 @@
+@@ -768,6 +892,21 @@
  	optional_policy(`
  		mono_domtrans(initrc_t)
  	')
@@ -28635,7 +28619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -793,3 +933,31 @@
+@@ -793,3 +932,31 @@
  optional_policy(`
  	zebra_read_config(initrc_t)
  ')