diff --git a/SOURCES/openscap-1.2.17-use-chroot-for-rpm-probes.patch b/SOURCES/openscap-1.2.17-use-chroot-for-rpm-probes.patch
new file mode 100644
index 0000000..00f7d80
--- /dev/null
+++ b/SOURCES/openscap-1.2.17-use-chroot-for-rpm-probes.patch
@@ -0,0 +1,68 @@
+From 2e15ace4f3fe4b7e5e5b3829ddcd2d13f2743544 Mon Sep 17 00:00:00 2001
+From: Martin Preisler <mpreisle@redhat.com>
+Date: Wed, 18 Apr 2018 11:55:40 -0400
+Subject: [PATCH] Force the CHROOT offline mode for RPM related probes
+
+librpm doesn't fully support the rpmtsSetRootDir, we can't rely on it.
+---
+ src/OVAL/probes/unix/linux/rpminfo.c          | 2 +-
+ src/OVAL/probes/unix/linux/rpmverify.c        | 2 +-
+ src/OVAL/probes/unix/linux/rpmverifyfile.c    | 2 +-
+ src/OVAL/probes/unix/linux/rpmverifypackage.c | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/OVAL/probes/unix/linux/rpminfo.c b/src/OVAL/probes/unix/linux/rpminfo.c
+index 77759b047..8f52f020c 100644
+--- a/src/OVAL/probes/unix/linux/rpminfo.c
++++ b/src/OVAL/probes/unix/linux/rpminfo.c
+@@ -269,7 +269,7 @@ void probe_preload ()
+ 
+ void probe_offline_mode ()
+ {
+-	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_OWN|PROBE_OFFLINE_RPMDB);
++	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT|PROBE_OFFLINE_RPMDB);
+ }
+ 
+ void *probe_init (void)
+diff --git a/src/OVAL/probes/unix/linux/rpmverify.c b/src/OVAL/probes/unix/linux/rpmverify.c
+index 1a9aca01a..b1a9eaf05 100644
+--- a/src/OVAL/probes/unix/linux/rpmverify.c
++++ b/src/OVAL/probes/unix/linux/rpmverify.c
+@@ -226,7 +226,7 @@ void probe_preload ()
+ 
+ void probe_offline_mode ()
+ {
+-	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_OWN);
++	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT);
+ }
+ 
+ void *probe_init (void)
+diff --git a/src/OVAL/probes/unix/linux/rpmverifyfile.c b/src/OVAL/probes/unix/linux/rpmverifyfile.c
+index 877653b84..cbcb85fc0 100644
+--- a/src/OVAL/probes/unix/linux/rpmverifyfile.c
++++ b/src/OVAL/probes/unix/linux/rpmverifyfile.c
+@@ -311,7 +311,7 @@ void probe_preload ()
+ 
+ void probe_offline_mode ()
+ {
+-	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_OWN);
++	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT);
+ }
+ 
+ void *probe_init (void)
+diff --git a/src/OVAL/probes/unix/linux/rpmverifypackage.c b/src/OVAL/probes/unix/linux/rpmverifypackage.c
+index 3c0dd5003..2a110ef5a 100644
+--- a/src/OVAL/probes/unix/linux/rpmverifypackage.c
++++ b/src/OVAL/probes/unix/linux/rpmverifypackage.c
+@@ -312,7 +312,7 @@ ret:
+ 
+ void probe_offline_mode ()
+ {
+-	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_OWN);
++	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT);
+ }
+ 
+ void *probe_init (void)
+-- 
+2.14.3
+
diff --git a/SOURCES/openscap-1.2.17-use-chroot-for-textfilecontent.patch b/SOURCES/openscap-1.2.17-use-chroot-for-textfilecontent.patch
new file mode 100644
index 0000000..67caa76
--- /dev/null
+++ b/SOURCES/openscap-1.2.17-use-chroot-for-textfilecontent.patch
@@ -0,0 +1,120 @@
+From ff8e3a420f294339317f7d8d0e16f04a03511269 Mon Sep 17 00:00:00 2001
+From: Martin Preisler <mpreisle@redhat.com>
+Date: Wed, 18 Apr 2018 12:02:46 -0400
+Subject: [PATCH] Revert "Enables offline scan without chroot in
+ textfilecontent and textfilecontent54 probes"
+
+This reverts commit 908d002c68e43a3d3c3bede128c535fbee815a10.
+---
+ src/OVAL/probes/independent/textfilecontent.c   | 20 ++------------------
+ src/OVAL/probes/independent/textfilecontent54.c | 21 ++-------------------
+ 2 files changed, 4 insertions(+), 37 deletions(-)
+
+diff --git a/src/OVAL/probes/independent/textfilecontent.c b/src/OVAL/probes/independent/textfilecontent.c
+index 2edba7a9b..961cd98cb 100644
+--- a/src/OVAL/probes/independent/textfilecontent.c
++++ b/src/OVAL/probes/independent/textfilecontent.c
+@@ -327,13 +327,9 @@ static int process_file(const char *path, const char *filename, void *arg)
+ 	return ret;
+ }
+ 
+-void probe_offline_mode ()
+-{
+-	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_OWN);
+-}
+-
+ void *probe_init(void)
+ {
++	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT);
+ 	return NULL;
+ }
+ 
+@@ -341,8 +337,6 @@ int probe_main(probe_ctx *ctx, void *arg)
+ {
+ 	SEXP_t *path_ent, *filename_ent, *line_ent, *behaviors_ent, *filepath_ent, *probe_in;
+ 	char *pattern;
+-	char path_with_root[PATH_MAX + 1];
+-	unsigned int root_len = 0;
+ 
+ 	OVAL_FTS    *ofts;
+ 	OVAL_FTSENT *ofts_ent;
+@@ -389,22 +383,12 @@ int probe_main(probe_ctx *ctx, void *arg)
+ 	pfd.filename_ent = filename_ent;
+ 	pfd.ctx = ctx;
+ 
+-	path_with_root[PATH_MAX] = '\0';
+-	if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) {
+-		strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX);
+-		root_len = strlen(path_with_root);
+-
+-		if (path_with_root[root_len - 1] == FILE_SEPARATOR)
+-			--root_len;
+-	}		
+-
+ 	if ((ofts = oval_fts_open(path_ent, filename_ent, filepath_ent, behaviors_ent, probe_ctx_getresult(ctx))) != NULL) {
+ 		while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
+ 			if (ofts_ent->fts_info == FTS_F
+ 			    || ofts_ent->fts_info == FTS_SL) {
+-				strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len);
+ 				// todo: handle return code
+-				process_file(path_with_root, ofts_ent->file, &pfd);
++				process_file(ofts_ent->path, ofts_ent->file, &pfd);
+ 			}
+ 			oval_ftsent_free(ofts_ent);
+ 		}
+diff --git a/src/OVAL/probes/independent/textfilecontent54.c b/src/OVAL/probes/independent/textfilecontent54.c
+index 1f76ee4e9..ecff6057b 100644
+--- a/src/OVAL/probes/independent/textfilecontent54.c
++++ b/src/OVAL/probes/independent/textfilecontent54.c
+@@ -347,13 +347,9 @@ static int process_file(const char *path, const char *file, void *arg)
+ 	return ret;
+ }
+ 
+-void probe_offline_mode ()
+-{
+-	probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_OWN);
+-}
+-
+ void *probe_init(void)
+ {
++  probe_setoption(PROBEOPT_OFFLINE_MODE_SUPPORTED, PROBE_OFFLINE_CHROOT);
+   return NULL;
+ }
+ 
+@@ -375,8 +371,6 @@ int probe_main(probe_ctx *ctx, void *arg)
+ #endif
+ 	OVAL_FTS    *ofts;
+ 	OVAL_FTSENT *ofts_ent;
+-	char path_with_root[PATH_MAX + 1];
+-	unsigned int root_len = 0;
+ 
+         (void)arg;
+ 
+@@ -504,23 +498,12 @@ int probe_main(probe_ctx *ctx, void *arg)
+ 		goto cleanup;
+ 	}
+ #endif
+-
+-	path_with_root[PATH_MAX] = '\0';
+-	if (OSCAP_GSYM(offline_mode) & PROBE_OFFLINE_OWN) {
+-		strncpy(path_with_root, getenv("OSCAP_PROBE_ROOT"), PATH_MAX);
+-		root_len = strlen(path_with_root);
+-
+-		if (path_with_root[root_len - 1] == FILE_SEPARATOR)
+-			--root_len;
+-	}
+-
+ 	if ((ofts = oval_fts_open(path_ent, file_ent, filepath_ent, bh_ent, probe_ctx_getresult(ctx))) != NULL) {
+ 		while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
+ 			if (ofts_ent->fts_info == FTS_F
+ 			    || ofts_ent->fts_info == FTS_SL) {
+-				strncpy(path_with_root + root_len, ofts_ent->path, PATH_MAX - root_len);
+ 				// todo: handle return code
+-				process_file(path_with_root, ofts_ent->file, &pfd);
++				process_file(ofts_ent->path, ofts_ent->file, &pfd);
+ 			}
+ 			oval_ftsent_free(ofts_ent);
+ 		}
+-- 
+2.14.3
+
diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec
index ff28bb1..ea87688 100644
--- a/SPECS/openscap.spec
+++ b/SPECS/openscap.spec
@@ -6,7 +6,7 @@ restorecon -R /usr/bin/oscap /usr/libexec/openscap; \
 
 Name:           openscap
 Version:        1.2.16
-Release:        6%{?dist}
+Release:        8%{?dist}
 Summary:        Set of open source libraries enabling integration of the SCAP line of standards
 Group:          System Environment/Libraries
 License:        LGPLv2+
@@ -16,6 +16,8 @@ Patch0:         openscap-1.2.17-updated-bash-completion.patch
 Patch1:         openscap-1.2.17-align-bash-role-header-with-help.patch
 Patch2:         openscap-1.2.17-revert-warnings-by-default.patch
 Patch3:         openscap-1.2.17-oscap-docker-cleanup-temp-image.patch
+Patch4:         openscap-1.2.17-use-chroot-for-textfilecontent.patch
+Patch5:         openscap-1.2.17-use-chroot-for-rpm-probes.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  swig libxml2-devel libxslt-devel perl-XML-Parser
 BuildRequires:  rpm-devel
@@ -134,6 +136,8 @@ Tool for scanning Atomic containers.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 %build
 %ifarch sparc64
@@ -285,6 +289,12 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Apr 19 2018 Martin Preisler <mpreisle@redhat.com> - 1.2.16-8
+- Use the chroot mode for rpm probes (#1556988)
+
+* Wed Apr 18 2018 Martin Preisler <mpreisle@redhat.com> - 1.2.16-7
+- Use the chroot mode for textfilecontent (#1547107)
+
 * Tue Feb 06 2018 Watson Yuuma Sato <wsato@redhat.com> - 1.2.16-6
 - Cleanup temporary images created by oscap-docker (#1454637)