diff --git a/policy/modules/contrib b/policy/modules/contrib
index 89c5442a0..2b8cc38af 160000
--- a/policy/modules/contrib
+++ b/policy/modules/contrib
@@ -1 +1 @@
-Subproject commit 89c5442a083107b0092f408ba1c9b6f0a40a49b4
+Subproject commit 2b8cc38af0ccc125a8004ec09d5f052c3cce4a9f
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 7da17d8a5..c833171f4 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -4277,6 +4277,24 @@ interface(`dev_rw_sysfs',`
 	list_dirs_pattern($1, sysfs_t, sysfs_t)
 ')
 
+########################################
+## <summary>
+##	Add a sysfs file
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_create_sysfs_files',`
+	gen_require(`
+		type sysfs_t;
+	')
+
+	create_files_pattern($1, sysfs_t, sysfs_t)
+')
+
 ########################################
 ## <summary>
 ##     Relabel hardware state directories.
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 277a6a19a..680acd9ef 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,4 +1,4 @@
-policy_module(devices, 1.20.6)
+policy_module(devices, 1.20.7)
 
 ########################################
 #
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
index 00c49c61e..6321f8c4b 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -165,6 +165,24 @@ interface(`iptables_manage_config',`
 	manage_files_pattern($1, iptables_conf_t, iptables_conf_t)
 ')
 
+###################################
+## <summary>
+##	dontaudit reading iptables_var_run_t
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`iptables_dontaudit_read_pids',`
+	gen_require(`
+		type iptables_var_run_t;
+	')
+
+	dontaudit $1 iptables_var_run_t:file read;
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index 2c8037bea..e91f94e97 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -1,4 +1,4 @@
-policy_module(iptables, 1.18.3)
+policy_module(iptables, 1.18.4)
 
 ########################################
 #
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 7ba62cb54..e6fbd379f 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -1,4 +1,4 @@
-policy_module(lvm, 1.19.8)
+policy_module(lvm, 1.19.9)
 
 ########################################
 #
@@ -341,6 +341,10 @@ optional_policy(`
 	ccs_stream_connect(lvm_t)
 ')
 
+optional_policy(`
+	dpkg_script_rw_pipes(lvm_t)
+')
+
 optional_policy(`
 	gpm_dontaudit_getattr_gpmctl(lvm_t)
 ')
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 701fe510f..1261c603d 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -1,4 +1,4 @@
-policy_module(modutils, 1.17.3)
+policy_module(modutils, 1.17.4)
 
 ########################################
 #
@@ -89,6 +89,7 @@ files_read_etc_runtime_files(kmod_t)
 files_read_etc_files(kmod_t)
 files_read_usr_files(kmod_t)
 files_exec_etc_files(kmod_t)
+files_search_tmp(kmod_t)
 # for nscd:
 files_dontaudit_search_pids(kmod_t)
 # to manage modules.dep
@@ -126,6 +127,10 @@ optional_policy(`
 	alsa_domtrans(kmod_t)
 ')
 
+optional_policy(`
+	dpkg_manage_script_tmp_files(kmod_t)
+')
+
 optional_policy(`
 	firstboot_dontaudit_rw_pipes(kmod_t)
 	firstboot_dontaudit_rw_stream_sockets(kmod_t)
@@ -139,6 +144,10 @@ optional_policy(`
 	hotplug_search_config(kmod_t)
 ')
 
+optional_policy(`
+	iptables_dontaudit_read_pids(kmod_t)
+')
+
 optional_policy(`
 	mount_domtrans(kmod_t)
 ')