diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 546de8eb3..1dff01992 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -165,6 +165,7 @@ ifdef(`distro_gentoo',`
/usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/bridge-utils/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dhcpcd/dhcpcd-hooks(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 6cb1bd010..b8fc87b02 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -626,8 +626,10 @@ tunable_policy(`systemd_nspawn_labeled_namespace',`
dev_mounton(systemd_nspawn_t)
dev_setattr_generic_dirs(systemd_nspawn_t)
- files_search_home(systemd_nspawn_t)
+ # manage etc symlinks for /etc/localtime
+ files_manage_etc_symlinks(systemd_nspawn_t)
files_mounton_pid_dirs(systemd_nspawn_t)
+ files_search_home(systemd_nspawn_t)
fs_getattr_cgroup(systemd_nspawn_t)
fs_manage_cgroup_dirs(systemd_nspawn_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index a7c89e723..9d817e32e 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -2866,6 +2866,25 @@ interface(`userdom_read_user_tmpfs_files',`
fs_search_tmpfs($1)
')
+########################################
+##
+## dontaudit Read attempts of user tmpfs files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`userdom_dontaudit_read_user_tmpfs_files',`
+ gen_require(`
+ type user_tmpfs_t;
+ ')
+
+ dontaudit $1 user_tmpfs_t:file read_file_perms;
+ dontaudit $1 user_tmpfs_t:dir list_dir_perms;
+')
+
########################################
##
## relabel to/from user tmpfs dirs