diff --git a/container-selinux.tgz b/container-selinux.tgz
index dacf9c7..5589848 100644
Binary files a/container-selinux.tgz and b/container-selinux.tgz differ
diff --git a/policy-f27-base.patch b/policy-f27-base.patch
index d707438..5a6303e 100644
--- a/policy-f27-base.patch
+++ b/policy-f27-base.patch
@@ -26631,10 +26631,10 @@ index 000000000..d9efb902a
 +#/usr/sbin/xrdp-sesman   --  gen_context(system_u:object_r:unconfined_exec_t,s0)
 diff --git a/policy/modules/roles/unconfineduser.if b/policy/modules/roles/unconfineduser.if
 new file mode 100644
-index 000000000..bb9082586
+index 000000000..ecc53819c
 --- /dev/null
 +++ b/policy/modules/roles/unconfineduser.if
-@@ -0,0 +1,763 @@
+@@ -0,0 +1,764 @@
 +## <summary>Unconfined user role</summary>
 +
 +########################################
@@ -27110,6 +27110,7 @@ index 000000000..bb9082586
 +	')
 +
 +	dontaudit $1 unconfined_t:dir list_dir_perms;
++	dontaudit $1 unconfined_t:file read_file_perms;
 +')
 +
 +########################################
diff --git a/policy-f27-contrib.patch b/policy-f27-contrib.patch
index bfd045d..8b4161e 100644
--- a/policy-f27-contrib.patch
+++ b/policy-f27-contrib.patch
@@ -97198,7 +97198,7 @@ index 50d07fb2e..a34db489c 100644
 +	allow $1 samba_unit_file_t:service all_service_perms;
  ')
 diff --git a/samba.te b/samba.te
-index 2b7c441e7..c9e72f196 100644
+index 2b7c441e7..adf980ca1 100644
 --- a/samba.te
 +++ b/samba.te
 @@ -6,99 +6,86 @@ policy_module(samba, 1.16.3)
@@ -97908,7 +97908,7 @@ index 2b7c441e7..c9e72f196 100644
  
  manage_dirs_pattern(nmbd_t, { smbd_var_run_t nmbd_var_run_t }, nmbd_var_run_t)
  manage_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
-@@ -526,20 +627,16 @@ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
+@@ -526,20 +627,17 @@ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
  read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
  
  manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t)
@@ -97924,6 +97924,7 @@ index 2b7c441e7..c9e72f196 100644
  manage_sock_files_pattern(nmbd_t, samba_var_t, samba_var_t)
 -files_var_filetrans(nmbd_t, samba_var_t, dir, "nmbd")
  files_var_filetrans(nmbd_t, samba_var_t, dir, "samba")
++allow nmbd_t samba_var_t:file map;
  
 -allow nmbd_t { swat_t smbcontrol_t }:process signal;
 -
@@ -97933,7 +97934,7 @@ index 2b7c441e7..c9e72f196 100644
  
  kernel_getattr_core_if(nmbd_t)
  kernel_getattr_message_if(nmbd_t)
-@@ -547,53 +644,44 @@ kernel_read_kernel_sysctls(nmbd_t)
+@@ -547,53 +645,44 @@ kernel_read_kernel_sysctls(nmbd_t)
  kernel_read_network_state(nmbd_t)
  kernel_read_software_raid_state(nmbd_t)
  kernel_read_system_state(nmbd_t)
@@ -98002,7 +98003,7 @@ index 2b7c441e7..c9e72f196 100644
  ')
  
  optional_policy(`
-@@ -606,18 +694,29 @@ optional_policy(`
+@@ -606,18 +695,29 @@ optional_policy(`
  
  ########################################
  #
@@ -98038,7 +98039,7 @@ index 2b7c441e7..c9e72f196 100644
  
  samba_read_config(smbcontrol_t)
  samba_search_var(smbcontrol_t)
-@@ -627,39 +726,38 @@ domain_use_interactive_fds(smbcontrol_t)
+@@ -627,39 +727,38 @@ domain_use_interactive_fds(smbcontrol_t)
  
  dev_read_urand(smbcontrol_t)
  
@@ -98090,7 +98091,7 @@ index 2b7c441e7..c9e72f196 100644
  
  allow smbmount_t samba_secrets_t:file manage_file_perms;
  
-@@ -668,26 +766,22 @@ manage_files_pattern(smbmount_t, samba_var_t, samba_var_t)
+@@ -668,26 +767,22 @@ manage_files_pattern(smbmount_t, samba_var_t, samba_var_t)
  manage_lnk_files_pattern(smbmount_t, samba_var_t, samba_var_t)
  files_var_filetrans(smbmount_t, samba_var_t, dir, "samba")
  
@@ -98126,7 +98127,7 @@ index 2b7c441e7..c9e72f196 100644
  
  fs_getattr_cifs(smbmount_t)
  fs_mount_cifs(smbmount_t)
-@@ -699,58 +793,77 @@ fs_read_cifs_files(smbmount_t)
+@@ -699,58 +794,77 @@ fs_read_cifs_files(smbmount_t)
  storage_raw_read_fixed_disk(smbmount_t)
  storage_raw_write_fixed_disk(smbmount_t)
  
@@ -98219,7 +98220,7 @@ index 2b7c441e7..c9e72f196 100644
  
  manage_dirs_pattern(swat_t, swat_tmp_t, swat_tmp_t)
  manage_files_pattern(swat_t, swat_tmp_t, swat_tmp_t)
-@@ -759,17 +872,13 @@ files_tmp_filetrans(swat_t, swat_tmp_t, { file dir })
+@@ -759,17 +873,13 @@ files_tmp_filetrans(swat_t, swat_tmp_t, { file dir })
  manage_files_pattern(swat_t, swat_var_run_t, swat_var_run_t)
  files_pid_filetrans(swat_t, swat_var_run_t, file)
  
@@ -98243,7 +98244,7 @@ index 2b7c441e7..c9e72f196 100644
  
  kernel_read_kernel_sysctls(swat_t)
  kernel_read_system_state(swat_t)
-@@ -777,36 +886,25 @@ kernel_read_network_state(swat_t)
+@@ -777,36 +887,25 @@ kernel_read_network_state(swat_t)
  
  corecmd_search_bin(swat_t)
  
@@ -98286,7 +98287,7 @@ index 2b7c441e7..c9e72f196 100644
  
  auth_domtrans_chk_passwd(swat_t)
  auth_use_nsswitch(swat_t)
-@@ -818,10 +916,11 @@ logging_send_syslog_msg(swat_t)
+@@ -818,10 +917,11 @@ logging_send_syslog_msg(swat_t)
  logging_send_audit_msgs(swat_t)
  logging_search_logs(swat_t)
  
@@ -98300,7 +98301,7 @@ index 2b7c441e7..c9e72f196 100644
  optional_policy(`
  	cups_read_rw_config(swat_t)
  	cups_stream_connect(swat_t)
-@@ -840,17 +939,20 @@ optional_policy(`
+@@ -840,17 +940,20 @@ optional_policy(`
  # Winbind local policy
  #
  
@@ -98327,7 +98328,7 @@ index 2b7c441e7..c9e72f196 100644
  
  allow winbind_t samba_etc_t:dir list_dir_perms;
  read_files_pattern(winbind_t, samba_etc_t, samba_etc_t)
-@@ -860,9 +962,7 @@ manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t)
+@@ -860,9 +963,7 @@ manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t)
  filetrans_pattern(winbind_t, samba_etc_t, samba_secrets_t, file)
  
  manage_dirs_pattern(winbind_t, samba_log_t, samba_log_t)
@@ -98338,7 +98339,7 @@ index 2b7c441e7..c9e72f196 100644
  manage_lnk_files_pattern(winbind_t, samba_log_t, samba_log_t)
  
  manage_dirs_pattern(winbind_t, samba_var_t, samba_var_t)
-@@ -870,41 +970,46 @@ manage_files_pattern(winbind_t, samba_var_t, samba_var_t)
+@@ -870,41 +971,46 @@ manage_files_pattern(winbind_t, samba_var_t, samba_var_t)
  manage_lnk_files_pattern(winbind_t, samba_var_t, samba_var_t)
  manage_sock_files_pattern(winbind_t, samba_var_t, samba_var_t)
  files_var_filetrans(winbind_t, samba_var_t, dir, "samba")
@@ -98397,7 +98398,7 @@ index 2b7c441e7..c9e72f196 100644
  corenet_tcp_connect_smbd_port(winbind_t)
  corenet_tcp_connect_epmap_port(winbind_t)
  corenet_tcp_connect_all_unreserved_ports(winbind_t)
-@@ -912,38 +1017,52 @@ corenet_tcp_connect_all_unreserved_ports(winbind_t)
+@@ -912,38 +1018,52 @@ corenet_tcp_connect_all_unreserved_ports(winbind_t)
  dev_read_sysfs(winbind_t)
  dev_read_urand(winbind_t)
  
@@ -98456,7 +98457,7 @@ index 2b7c441e7..c9e72f196 100644
  ')
  
  optional_policy(`
-@@ -959,31 +1078,36 @@ optional_policy(`
+@@ -959,31 +1079,36 @@ optional_policy(`
  # Winbind helper local policy
  #
  
@@ -98500,7 +98501,7 @@ index 2b7c441e7..c9e72f196 100644
  
  optional_policy(`
  	apache_append_log(winbind_helper_t)
-@@ -997,25 +1121,38 @@ optional_policy(`
+@@ -997,25 +1122,38 @@ optional_policy(`
  
  ########################################
  #
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 96db5f2..9837173 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 283.12%{?dist}
+Release: 283.13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -722,6 +722,10 @@ exit 0
 %endif
 
 %changelog
+* Wed Oct 25 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-283.13
+- Allow nmbd_t domain to mmap files labeled as samba_var_t. BZ(1505877)
+- Updatre unconfined_dontaudit_read_state() interface to dontaudit also acess to files. BZ(1503466)
+
 * Tue Oct 24 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-283.12
 - Allow chronyd_t do request kernel module and block_suspend capability
 - Allow system_cronjob_t to create /var/lib/letsencrypt dir with right label