diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 59cae3f..752e811 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -29472,7 +29472,7 @@ index bc0ffc8..7198bd9 100644
  ')
 +/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 79a45f6..b88e8a2 100644
+index 79a45f6..6c7a9d9 100644
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
 @@ -1,5 +1,21 @@
@@ -30494,7 +30494,7 @@ index 79a45f6..b88e8a2 100644
  ########################################
  ## <summary>
  ##	Allow the specified domain to connect to daemon with a tcp socket
-@@ -1840,3 +2380,473 @@ interface(`init_udp_recvfrom_all_daemons',`
+@@ -1840,3 +2380,492 @@ interface(`init_udp_recvfrom_all_daemons',`
  	')
  	corenet_udp_recvfrom_labeled($1, daemon)
  ')
@@ -30968,6 +30968,25 @@ index 79a45f6..b88e8a2 100644
 +	init_pid_filetrans($1, systemd_unit_file_t, dir, "generator")
 +	init_pid_filetrans($1, systemd_unit_file_t, dir, "system")
 +')
++
++########################################
++## <summary>
++##	Read systemd lib files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_read_var_lib_files',`
++	gen_require(`
++		type init_var_lib_t;
++	')
++
++	files_search_var_lib($1)
++	read_files_pattern($1, init_var_lib_t, init_var_lib_t)
++')
 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
 index 17eda24..1381948 100644
 --- a/policy/modules/system/init.te
@@ -34091,10 +34110,12 @@ index 446fa99..22f539c 100644
 +	plymouthd_exec_plymouth(sulogin_t)
  ')
 diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index b50c5fe..e55a556 100644
+index b50c5fe..13da95a 100644
 --- a/policy/modules/system/logging.fc
 +++ b/policy/modules/system/logging.fc
-@@ -2,10 +2,13 @@
+@@ -1,11 +1,14 @@
+-/dev/log		-s	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
++/dev/log		-l	gen_context(system_u:object_r:devlog_t,mls_systemhigh)
  
  /etc/rsyslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
  /etc/syslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
@@ -34180,7 +34201,7 @@ index b50c5fe..e55a556 100644
 +/var/webmin(/.*)?		gen_context(system_u:object_r:var_log_t,s0)
 +
 diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 4e94884..8de26ad 100644
+index 4e94884..6b1eae3 100644
 --- a/policy/modules/system/logging.if
 +++ b/policy/modules/system/logging.if
 @@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
@@ -34296,8 +34317,8 @@ index 4e94884..8de26ad 100644
 +		type devlog_t;
 +	')
 +
-+	allow $1 devlog_t:sock_file manage_sock_file_perms;
-+	dev_filetrans($1, devlog_t, sock_file)
++	allow $1 devlog_t:lnk_file manage_sock_file_perms;
++	dev_filetrans($1, devlog_t, lnk_file)
 +	init_pid_filetrans($1, devlog_t, sock_file, "syslog")
 +')
 +
@@ -34706,7 +34727,7 @@ index 4e94884..8de26ad 100644
 +    logging_log_filetrans($1, var_log_t, dir, "anaconda")
 +')
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 59b04c1..d9852d4 100644
+index 59b04c1..df37453 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
 @@ -4,6 +4,21 @@ policy_module(logging, 1.20.1)
@@ -34858,17 +34879,18 @@ index 59b04c1..d9852d4 100644
  mls_file_write_all_levels(audisp_t)
 +mls_socket_write_all_levels(audisp_t)
 +mls_dbus_send_all_levels(audisp_t)
-+
-+auth_use_nsswitch(audisp_t)
  
- logging_send_syslog_msg(audisp_t)
+-logging_send_syslog_msg(audisp_t)
++auth_use_nsswitch(audisp_t)
  
 -miscfiles_read_localization(audisp_t)
++logging_send_syslog_msg(audisp_t)
  
  sysnet_dns_name_resolve(audisp_t)
  
  optional_policy(`
  	dbus_system_bus_client(audisp_t)
++    dbus_connect_system_bus(audisp_t)
 +
 +	optional_policy(`
 +		setroubleshoot_dbus_chat(audisp_t)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 3ea2457..463359e 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -546,7 +546,7 @@ index 058d908..1e92177 100644
 +')
 +
 diff --git a/abrt.te b/abrt.te
-index eb50f07..34371ae 100644
+index eb50f07..d77f4a6 100644
 --- a/abrt.te
 +++ b/abrt.te
 @@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1)
@@ -984,7 +984,7 @@ index eb50f07..34371ae 100644
  allow abrt_retrace_worker_t self:fifo_file rw_fifo_file_perms;
  
  domtrans_pattern(abrt_retrace_worker_t, abrt_retrace_coredump_exec_t, abrt_retrace_coredump_t)
-@@ -365,38 +451,56 @@ corecmd_exec_shell(abrt_retrace_worker_t)
+@@ -365,38 +451,58 @@ corecmd_exec_shell(abrt_retrace_worker_t)
  
  dev_read_urand(abrt_retrace_worker_t)
  
@@ -1005,7 +1005,8 @@ index eb50f07..34371ae 100644
 +# abrt_dump_oops local policy
  #
  
- allow abrt_dump_oops_t self:capability dac_override;
+-allow abrt_dump_oops_t self:capability dac_override;
++allow abrt_dump_oops_t self:capability { fowner chown fsetid dac_override };
  allow abrt_dump_oops_t self:fifo_file rw_fifo_file_perms;
 -allow abrt_dump_oops_t self:unix_stream_socket { accept listen };
 +allow abrt_dump_oops_t self:unix_stream_socket create_stream_socket_perms;
@@ -1041,10 +1042,12 @@ index eb50f07..34371ae 100644
  logging_read_generic_logs(abrt_dump_oops_t)
 +logging_read_syslog_pid(abrt_dump_oops_t)
 +logging_send_syslog_msg(abrt_dump_oops_t)
++
++init_read_var_lib_files(abrt_dump_oops_t)
  
  #######################################
  #
-@@ -404,7 +508,7 @@ logging_read_generic_logs(abrt_dump_oops_t)
+@@ -404,7 +510,7 @@ logging_read_generic_logs(abrt_dump_oops_t)
  #
  
  allow abrt_watch_log_t self:fifo_file rw_fifo_file_perms;
@@ -1053,7 +1056,7 @@ index eb50f07..34371ae 100644
  
  read_files_pattern(abrt_watch_log_t, abrt_etc_t, abrt_etc_t)
  
-@@ -413,16 +517,42 @@ domtrans_pattern(abrt_watch_log_t, abrt_dump_oops_exec_t, abrt_dump_oops_t)
+@@ -413,16 +519,42 @@ domtrans_pattern(abrt_watch_log_t, abrt_dump_oops_exec_t, abrt_dump_oops_t)
  corecmd_exec_bin(abrt_watch_log_t)
  
  logging_read_all_logs(abrt_watch_log_t)
@@ -1097,7 +1100,7 @@ index eb50f07..34371ae 100644
  ')
  
  #######################################
-@@ -430,10 +560,7 @@ tunable_policy(`abrt_upload_watch_anon_write',`
+@@ -430,10 +562,7 @@ tunable_policy(`abrt_upload_watch_anon_write',`
  # Global local policy
  #
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 9dfee1f..b72705f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 111%{?dist}
+Release: 112%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -605,6 +605,12 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Mon Feb 16 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-112
+- Allow audisp to connect to system DBUS for service.
+- Label /dev/log correctly.
+- Add interface init_read_var_lib_files().
+- Allow abrt_dump_oops_t read /var/lib/systemd/, Allow abrt_dump_oops_t cap. chown,fsetid,fowner, BZ(1187017)
+
 * Tue Feb 10 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-111
 - Label /usr/libexec/postgresql-ctl as postgresql_exec_t. BZ(1191004)
 - Remove automatcically running filetrans_named_content form sysnet_manage_config