diff --git a/SOURCES/policy-rhel-7.6.z-contrib.patch b/SOURCES/policy-rhel-7.6.z-contrib.patch
index 3f343db..4f47591 100644
--- a/SOURCES/policy-rhel-7.6.z-contrib.patch
+++ b/SOURCES/policy-rhel-7.6.z-contrib.patch
@@ -358,6 +358,27 @@ index 7804cbaf4..2bcedd014 100644
      rpc_domtrans_rpcd(glusterd_t)
      rpc_manage_nfs_state_data(glusterd_t)
  	rpc_manage_nfs_state_data_dir(glusterd_t)
+diff --git a/nova.te b/nova.te
+index 2259a5192..af8dd5527 100644
+--- a/nova.te
++++ b/nova.te
+@@ -124,6 +124,7 @@ corenet_sendrecv_dns_server_packets(nova_domain)
+ corenet_sendrecv_dhcpd_server_packets(nova_domain)
+ 
+ auth_use_nsswitch(nova_t)
++auth_use_pam(nova_t)
+ auth_read_passwd(nova_domain)
+ 
+ dev_read_sysfs(nova_domain)
+@@ -132,7 +133,7 @@ dev_read_rand(nova_domain)
+ 
+ fs_getattr_all_fs(nova_domain)
+ 
+-init_read_utmp(nova_domain)
++init_rw_utmp(nova_domain)
+ 
+ libs_exec_ldconfig(nova_domain)
+ 
 diff --git a/rhcs.te b/rhcs.te
 index 0e8b031bb..c029ccd71 100644
 --- a/rhcs.te
@@ -490,3 +511,15 @@ index f4df4fda2..f585a7fb5 100644
  optional_policy(`
  	mount_exec(nfsd_t)
  	mount_manage_pid_files(nfsd_t)
+diff --git a/sysstat.te b/sysstat.te
+index a2690e315..efb2f855c 100644
+--- a/sysstat.te
++++ b/sysstat.te
+@@ -44,6 +44,7 @@ dev_read_urand(sysstat_t)
+ 
+ files_search_var(sysstat_t)
+ files_read_etc_runtime_files(sysstat_t)
++files_search_all_mountpoints(sysstat_t)
+ 
+ fs_getattr_all_fs(sysstat_t)
+ fs_list_inotifyfs(sysstat_t)
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 7cef457..40d3140 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 229%{?dist}.5
+Release: 229%{?dist}.6
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -657,6 +657,12 @@ fi
 %endif
 
 %changelog
+* Fri Nov 02 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.6
+- Allow nova_t domain to use pam
+Resolves: rhbz:#1645270
+- sysstat: grant sysstat_t the search_dir_perms set
+Resolves: rhbz#1645271
+
 * Fri Oct 12 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.5
 - Remove disabling ganesha module in pre install phase of installation new selinux-policy package where ganesha is again standalone module
 Resolves: rhbz#1638257