diff --git a/SOURCES/policy-rhel-7.2.z-base.patch b/SOURCES/policy-rhel-7.2.z-base.patch
index 18c6f0b..abe8c6d 100644
--- a/SOURCES/policy-rhel-7.2.z-base.patch
+++ b/SOURCES/policy-rhel-7.2.z-base.patch
@@ -1,8 +1,34 @@
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
-index 2afd2f6..2fc80d1 100644
+index 2afd2f6..ebd9614 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
-@@ -2633,6 +2633,24 @@ interface(`fs_rw_hugetlbfs_files',`
+@@ -896,6 +896,25 @@ interface(`fs_mounton_cgroup', `
+
+ ########################################
+ ##
++## Read and write ceph files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`fs_rw_cephfs_files',`
++ gen_require(`
++ type cephfs_t;
++
++ ')
++
++ rw_files_pattern($1, cephfs_t, cephfs_t)
++')
++
++########################################
++##
+ ## Do not audit attempts to read
+ ## dirs on a CIFS or SMB filesystem.
+ ##
+@@ -2633,6 +2652,24 @@ interface(`fs_rw_hugetlbfs_files',`
########################################
##
@@ -27,3 +53,34 @@ index 2afd2f6..2fc80d1 100644
## Execute hugetlbfs files.
##
##
+diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
+index 6ac60c3..e70716a 100644
+--- a/policy/modules/kernel/filesystem.te
++++ b/policy/modules/kernel/filesystem.te
+@@ -80,6 +80,11 @@ fs_type(capifs_t)
+ files_mountpoint(capifs_t)
+ genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
+
++type cephfs_t;
++fs_type(cephfs_t)
++files_mountpoint(cephfs_t)
++genfscon ceph / gen_context(system_u:object_r:cephfs_t,s0)
++
+ type cgroup_t alias cgroupfs_t;
+ fs_type(cgroup_t)
+ files_mountpoint(cgroup_t)
+diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
+index 1584203..544b8e3 100644
+--- a/policy/modules/system/libraries.te
++++ b/policy/modules/system/libraries.te
+@@ -150,6 +150,10 @@ optional_policy(`
+ ')
+
+ optional_policy(`
++ glusterd_dontaudit_read_lib_dirs(ldconfig_t)
++')
++
++optional_policy(`
+ gnome_append_generic_cache_files(ldconfig_t)
+ ')
+
diff --git a/SOURCES/policy-rhel-7.2.z-contrib.patch b/SOURCES/policy-rhel-7.2.z-contrib.patch
index f03985c..ce36c84 100644
--- a/SOURCES/policy-rhel-7.2.z-contrib.patch
+++ b/SOURCES/policy-rhel-7.2.z-contrib.patch
@@ -48,8 +48,37 @@ index 8c8c6c9..52b4110 100644
/var/run/glusterd.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
/var/run/glusterd.* -s gen_context(system_u:object_r:glusterd_var_run_t,s0)
+/var/run/ganesha.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
+diff --git a/glusterd.if b/glusterd.if
+index fc9bf19..764ae00 100644
+--- a/glusterd.if
++++ b/glusterd.if
+@@ -158,6 +158,24 @@ interface(`glusterd_read_conf',`
+
+ ######################################
+ ##
++## Dontaudit Read /var/lib/glusterd files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`glusterd_dontaudit_read_lib_dirs',`
++ gen_require(`
++ type glusterd_var_lib_t;
++ ')
++
++ dontaudit $1 glusterd_var_lib_t:dir list_dir_perms;
++')
++
++######################################
++##
+ ## Read and write /var/lib/glusterd files.
+ ##
+ ##
diff --git a/glusterd.te b/glusterd.te
-index b974353..0c149cd 100644
+index b974353..5c9d08d 100644
--- a/glusterd.te
+++ b/glusterd.te
@@ -62,7 +62,7 @@ files_type(glusterd_brick_t)
@@ -74,7 +103,15 @@ index b974353..0c149cd 100644
manage_dirs_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
manage_files_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
-@@ -240,12 +238,21 @@ optional_policy(`
+@@ -103,6 +101,7 @@ manage_fifo_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+ manage_lnk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+ manage_blk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+ manage_chr_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
++manage_sock_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+ relabel_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+ relabel_lnk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+ relabel_dirs_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
+@@ -240,12 +239,21 @@ optional_policy(`
optional_policy(`
policykit_dbus_chat(glusterd_t)
')
@@ -96,7 +133,7 @@ index b974353..0c149cd 100644
optional_policy(`
lvm_domtrans(glusterd_t)
')
-@@ -281,6 +288,7 @@ optional_policy(`
+@@ -281,6 +289,7 @@ optional_policy(`
rpc_domtrans_nfsd(glusterd_t)
rpc_domtrans_rpcd(glusterd_t)
rpc_manage_nfs_state_data(glusterd_t)
@@ -104,6 +141,19 @@ index b974353..0c149cd 100644
')
optional_policy(`
+diff --git a/logrotate.te b/logrotate.te
+index 08c168f..71025ab 100644
+--- a/logrotate.te
++++ b/logrotate.te
+@@ -146,6 +146,8 @@ init_stream_connect(logrotate_t)
+
+ miscfiles_read_hwdata(logrotate_t)
+
++term_dontaudit_use_unallocated_ttys(logrotate_t)
++
+ userdom_use_inherited_user_terminals(logrotate_t)
+ userdom_list_user_home_dirs(logrotate_t)
+ userdom_use_unpriv_users_fds(logrotate_t)
diff --git a/openvswitch.te b/openvswitch.te
index 1b606d8..2d00be4 100644
--- a/openvswitch.te
@@ -220,3 +270,16 @@ index bf7a710..aac4015 100644
')
########################################
+diff --git a/sanlock.te b/sanlock.te
+index 2059657..423ad5e 100644
+--- a/sanlock.te
++++ b/sanlock.te
+@@ -81,6 +81,8 @@ domain_use_interactive_fds(sanlock_t)
+
+ files_read_mnt_symlinks(sanlock_t)
+
++fs_rw_cephfs_files(sanlock_t)
++
+ storage_raw_rw_fixed_disk(sanlock_t)
+
+ dev_read_rand(sanlock_t)
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index a70b1cb..c3b4751 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 60%{?dist}.7
+Release: 60%{?dist}.9
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -615,6 +615,22 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Thu Sep 01 2016 Lukas Vrabec 3.13.1-60.9
+- Dontaudit ldconfig read gluster lib files.
+Resolves: rhbz#1372182
+- Add interface glusterd_dontaudit_read_lib_dirs()
+Resolves: rhbz#1372182
+- Dontaudit Occasionally observing AVC's while running geo-rep automation
+Resolves: rhbz#1372182
+- Allow glusterd to manage socket files labeled as glusterd_brick_t.
+Resolves: rhbz#1372191
+
+* Wed Aug 10 2016 Lukas Vrabec 3.13.1-60.8
+- Add SELinux support for ceph filesystem.
+Resolves: rhbz#1365640
+- Allow sanlock service to read/write cephfs_t files
+Resolves: rhbz#1365640
+
* Fri Jun 10 2016 Lukas Vrabec 3.13.1-60.7
- Allow glusterd domain read krb5_keytab_t files.
Resolves: rhbz#1344630