diff --git a/SOURCES/0002-Add-support-for-vdsm.patch b/SOURCES/0002-Add-support-for-vdsm.patch
new file mode 100644
index 0000000..394a5dd
--- /dev/null
+++ b/SOURCES/0002-Add-support-for-vdsm.patch
@@ -0,0 +1,28 @@
+From 9fa8fb1aa6abc7a6fb4c6e5a3f2e5b6f7b261f4d Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Mon, 13 Oct 2014 14:19:15 +0200
+Subject: [PATCH 1/3] Add support for vdsm.
+
+---
+ virt.fc | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/virt.fc b/virt.fc
+index 6351bcb..9ccc90c 100644
+--- a/virt.fc
++++ b/virt.fc
+@@ -66,6 +66,11 @@ HOME_DIR/\.local/share/gnome-boxes/images(/.*)? gen_context(system_u:object_r:sv
+ /usr/bin/vios-proxy-host	--	gen_context(system_u:object_r:virtd_exec_t,s0)
+ /usr/bin/vios-proxy-guest	--  gen_context(system_u:object_r:virtd_exec_t,s0)
+ 
++#support for vdsm
++/usr/share/vdsm/vdsm    --       gen_context(system_u:object_r:virtd_exec_t,s0)
++/usr/share/vdsm/respawn    --       gen_context(system_u:object_r:virtd_exec_t,s0)
++/usr/share/vdsm/supervdsmServer    --       gen_context(system_u:object_r:virtd_exec_t,s0)
++
+ # support for nova-stack
+ /usr/bin/nova-compute       --  gen_context(system_u:object_r:virtd_exec_t,s0)
+ /usr/bin/qemu		--	gen_context(system_u:object_r:qemu_exec_t,s0)
+-- 
+2.1.0
+
diff --git a/SOURCES/0003-ALlow-sanlock_t-to-read-sysfs.patch b/SOURCES/0003-ALlow-sanlock_t-to-read-sysfs.patch
new file mode 100644
index 0000000..905f472
--- /dev/null
+++ b/SOURCES/0003-ALlow-sanlock_t-to-read-sysfs.patch
@@ -0,0 +1,24 @@
+From 135c23ffdb9d847dfc2e1fb9d412b2c1728a6a89 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Tue, 14 Oct 2014 14:13:07 +0200
+Subject: [PATCH 3/3] ALlow sanlock_t to read sysfs.
+
+---
+ sanlock.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sanlock.te b/sanlock.te
+index c60eacd..735ebd1 100644
+--- a/sanlock.te
++++ b/sanlock.te
+@@ -79,6 +79,7 @@ storage_raw_rw_fixed_disk(sanlock_t)
+ 
+ dev_read_rand(sanlock_t)
+ dev_read_urand(sanlock_t)
++dev_read_sysfs(sanlock_t)
+ 
+ auth_use_nsswitch(sanlock_t)
+ 
+-- 
+2.1.0
+
diff --git a/SOURCES/0004-ALlow-sanlock-to-send-a-signal-to-virtd_t.patch b/SOURCES/0004-ALlow-sanlock-to-send-a-signal-to-virtd_t.patch
new file mode 100644
index 0000000..07fd21a
--- /dev/null
+++ b/SOURCES/0004-ALlow-sanlock-to-send-a-signal-to-virtd_t.patch
@@ -0,0 +1,54 @@
+From 13bae06f358907c3abc9e8cf5c7a4dd3b63f394c Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 10 Oct 2014 11:43:42 +0200
+Subject: [PATCH 2/3] ALlow sanlock to send a signal to virtd_t.
+
+---
+ sanlock.te |  1 +
+ virt.if    | 18 ++++++++++++++++++
+ 2 files changed, 19 insertions(+)
+
+diff --git a/sanlock.te b/sanlock.te
+index b144d40..c60eacd 100644
+--- a/sanlock.te
++++ b/sanlock.te
+@@ -119,6 +119,7 @@ optional_policy(`
+ optional_policy(`
+ 	virt_kill_svirt(sanlock_t)
+ 	virt_kill(sanlock_t)
++    virt_signal(sanlock_t)
+ 	virt_manage_lib_files(sanlock_t)
+ 	virt_signal_svirt(sanlock_t)
+ ')
+diff --git a/virt.if b/virt.if
+index 88dcafb..7f53dd7 100644
+--- a/virt.if
++++ b/virt.if
+@@ -989,6 +989,24 @@ interface(`virt_kill',`
+ 
+ ########################################
+ ## <summary>
++##	Send a signal to virtd daemon.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`virt_signal',`
++	gen_require(`
++		type virtd_t;
++	')
++
++	allow $1 virtd_t:process signal;
++')
++
++########################################
++## <summary>
+ ##	Send a signal to virtual machines
+ ## </summary>
+ ## <param name="domain">
+-- 
+2.1.0
+
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 0dc7050..76c7a38 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 153%{?dist}.12
+Release: 153%{?dist}.13
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -28,6 +28,9 @@ patch1: policy-f20-contrib.patch
 patch2: policy-rhel-7.0.z-base.patch
 patch3: policy-rhel-7.0.z-contrib.patch
 patch4: 0001-Allow-logrotate-to-manage-virt_cache.patch
+patch5: 0002-Add-support-for-vdsm.patch
+patch6: 0003-ALlow-sanlock_t-to-read-sysfs.patch
+patch7: 0004-ALlow-sanlock-to-send-a-signal-to-virtd_t.patch
 Source1: modules-targeted-base.conf 
 Source31: modules-targeted-contrib.conf
 Source2: booleans-targeted.conf
@@ -321,6 +324,9 @@ Based off of reference policy: Checked out revision  2.20091117
 %patch1 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
 contrib_path=`pwd`
 %setup -n serefpolicy-%{version} -q
 %patch -p1
@@ -585,6 +591,13 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Nov 10 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-153.el7_0.13
+-  Add support for vdsm.
+Resolves:#1172146
+- ALlow sanlock to send a signal to virtd_t.
+- ALlow sanlock_t to read sysfs.
+Resolves:#1172147
+
 * Tue Nov 4 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-153.el7_0.12
 - Allow logrotate to manage virt_cache_t type
 Resolves:#1159834