diff --git a/container-selinux.tgz b/container-selinux.tgz
index 5d20257..ecd2a47 100644
Binary files a/container-selinux.tgz and b/container-selinux.tgz differ
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 7560b46..c4bf466 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -50166,10 +50166,10 @@ index 000000000..5871e072d
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 000000000..e944cee17
+index 000000000..9b84c582d
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,1029 @@
+@@ -0,0 +1,1037 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -50537,6 +50537,10 @@ index 000000000..e944cee17
 +')
 +
 +optional_policy(`
++    mock_read_lib_files(systemd_machined_t)
++')
++
++optional_policy(`
 +	virt_dbus_chat(systemd_machined_t)
 +	virt_sandbox_read_state(systemd_machined_t)
 +	virt_signal_sandbox(systemd_machined_t)
@@ -51115,6 +51119,10 @@ index 000000000..e944cee17
 +	dbus_connect_system_bus(systemd_resolved_t)
 +')
 +
++optional_policy(`
++    networkmanager_dbus_chat(systemd_resolved_t)
++')
++
 +########################################
 +#
 +# Common rules for systemd domains
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index d16ef44..c022c34 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -17134,10 +17134,10 @@ index 000000000..1cc5fa464
 +')
 diff --git a/conman.te b/conman.te
 new file mode 100644
-index 000000000..2357f3ba8
+index 000000000..25cbb9aff
 --- /dev/null
 +++ b/conman.te
-@@ -0,0 +1,97 @@
+@@ -0,0 +1,99 @@
 +policy_module(conman, 1.0.0)
 +
 +########################################
@@ -17215,6 +17215,8 @@ index 000000000..2357f3ba8
 +
 +userdom_use_user_ptys(conman_t)
 +
++term_use_usb_ttys(conman_t)
++
 +tunable_policy(`conman_can_network',`
 +	corenet_sendrecv_all_client_packets(conman_t)
 +	corenet_tcp_connect_all_ports(conman_t)
@@ -71621,10 +71623,10 @@ index 000000000..02df03ad6
 +')
 diff --git a/pdns.te b/pdns.te
 new file mode 100644
-index 000000000..509d89837
+index 000000000..63ddc577c
 --- /dev/null
 +++ b/pdns.te
-@@ -0,0 +1,82 @@
+@@ -0,0 +1,83 @@
 +policy_module(pdns, 1.0.2)
 +
 +########################################
@@ -71642,6 +71644,7 @@ index 000000000..509d89837
 +type pdns_t;
 +type pdns_exec_t;
 +init_daemon_domain(pdns_t, pdns_exec_t)
++init_nnp_daemon_domain(pdns_t)
 +
 +type pdns_unit_file_t;
 +systemd_unit_file(pdns_unit_file_t)
@@ -90156,7 +90159,7 @@ index c8bdea28d..beb2872e3 100644
 +	allow $1 haproxy_unit_file_t:service {status start};
  ')
 diff --git a/rhcs.te b/rhcs.te
-index 6cf79c449..14be26dce 100644
+index 6cf79c449..7b0fd415b 100644
 --- a/rhcs.te
 +++ b/rhcs.te
 @@ -20,6 +20,35 @@ gen_tunable(fenced_can_network_connect, false)
@@ -90682,7 +90685,7 @@ index 6cf79c449..14be26dce 100644
  optional_policy(`
  	lvm_exec(gfs_controld_t)
  	dev_rw_lvm_control(gfs_controld_t)
-@@ -275,10 +607,57 @@ domtrans_pattern(groupd_t, fenced_exec_t, fenced_t)
+@@ -275,10 +607,59 @@ domtrans_pattern(groupd_t, fenced_exec_t, fenced_t)
  
  dev_list_sysfs(groupd_t)
  
@@ -90714,6 +90717,8 @@ index 6cf79c449..14be26dce 100644
 +manage_sock_files_pattern(haproxy_t, haproxy_var_lib_t, haproxy_var_lib_t)
 +files_var_lib_filetrans(haproxy_t, haproxy_var_lib_t, { dir file lnk_file })
 +
++can_exec(haproxy_t, haproxy_exec_t)
++
 +corenet_sendrecv_unlabeled_packets(haproxy_t)
 +
 +corenet_tcp_connect_commplex_link_port(haproxy_t)
@@ -90742,7 +90747,7 @@ index 6cf79c449..14be26dce 100644
  ######################################
  #
  # qdiskd local policy
-@@ -292,7 +671,6 @@ manage_dirs_pattern(qdiskd_t, qdiskd_var_lib_t, qdiskd_var_lib_t)
+@@ -292,7 +673,6 @@ manage_dirs_pattern(qdiskd_t, qdiskd_var_lib_t, qdiskd_var_lib_t)
  manage_sock_files_pattern(qdiskd_t, qdiskd_var_lib_t, qdiskd_var_lib_t)
  files_var_lib_filetrans(qdiskd_t, qdiskd_var_lib_t, { file dir sock_file })
  
@@ -90750,7 +90755,7 @@ index 6cf79c449..14be26dce 100644
  kernel_read_software_raid_state(qdiskd_t)
  kernel_getattr_core_if(qdiskd_t)
  
-@@ -321,6 +699,8 @@ storage_raw_write_fixed_disk(qdiskd_t)
+@@ -321,6 +701,8 @@ storage_raw_write_fixed_disk(qdiskd_t)
  
  auth_use_nsswitch(qdiskd_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5e28ec9..5158252 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 297%{?dist}
+Release: 298%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -718,6 +718,15 @@ exit 0
 %endif
 
 %changelog
+* Sun Oct 22 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-298
+- Drop *.lst files from file list
+- Ship file_contexts.homedirs in store
+- Allow proper transition when systems starting pdns to pdns_t domain. BZ(1305522)
+- Allow haproxy daemon to reexec itself. BZ(1447800)
+- Allow conmand to use usb ttys.
+- Allow systemd_machined to read mock lib files. BZ(1504493)
+- Allow systemd_resolved_t to dbusd chat with NetworkManager_t BZ(1505081)
+
 * Fri Oct 20 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-297
 - Fix typo in virt file contexts file
 - allow ipa_dnskey_t to read /proc/net/unix file