diff --git a/SOURCES/policy-rhel-7.2.z-base.patch b/SOURCES/policy-rhel-7.2.z-base.patch
new file mode 100644
index 0000000..18c6f0b
--- /dev/null
+++ b/SOURCES/policy-rhel-7.2.z-base.patch
@@ -0,0 +1,29 @@
+diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
+index 2afd2f6..2fc80d1 100644
+--- a/policy/modules/kernel/filesystem.if
++++ b/policy/modules/kernel/filesystem.if
+@@ -2633,6 +2633,24 @@ interface(`fs_rw_hugetlbfs_files',`
+ 
+ ########################################
+ ## <summary>
++##	Manage  hugetlbfs files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`fs_manage_hugetlbfs_files',`
++	gen_require(`
++		type hugetlbfs_t;
++	')
++
++	manage_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
++')
++
++########################################
++## <summary>
+ ##	Execute hugetlbfs files.
+ ## </summary>
+ ## <param name="domain">
diff --git a/SOURCES/policy-rhel-7.2.z-contrib.patch b/SOURCES/policy-rhel-7.2.z-contrib.patch
new file mode 100644
index 0000000..7474c85
--- /dev/null
+++ b/SOURCES/policy-rhel-7.2.z-contrib.patch
@@ -0,0 +1,62 @@
+diff --git a/ctdb.if b/ctdb.if
+index 6b7d687..06895f3 100644
+--- a/ctdb.if
++++ b/ctdb.if
+@@ -55,6 +55,23 @@ interface(`ctdbd_signal',`
+         allow $1 ctdbd_t:process signal;
+ ')
+ 
++#######################################
++## <summary>
++##  Allow domain to sigchld ctdbd.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`ctdbd_sigchld',`
++    gen_require(`
++        type ctdbd_t;
++    ')
++        allow $1 ctdbd_t:process sigchld;
++')
++
+ ########################################
+ ## <summary>
+ ##	Read ctdbd's log files.
+diff --git a/openvswitch.te b/openvswitch.te
+index 1b606d8..2d00be4 100644
+--- a/openvswitch.te
++++ b/openvswitch.te
+@@ -32,7 +32,7 @@ systemd_unit_file(openvswitch_unit_file_t)
+ # openvswitch local policy
+ #
+ 
+-allow openvswitch_t self:capability { net_admin ipc_lock sys_module sys_nice sys_resource };
++allow openvswitch_t self:capability { net_admin ipc_lock sys_module sys_nice sys_rawio sys_resource };
+ allow openvswitch_t self:capability2 block_suspend;
+ allow openvswitch_t self:process { fork setsched setrlimit signal };
+ allow openvswitch_t self:fifo_file rw_fifo_file_perms;
+@@ -92,6 +92,8 @@ files_read_kernel_modules(openvswitch_t)
+ 
+ fs_getattr_all_fs(openvswitch_t)
+ fs_search_cgroup_dirs(openvswitch_t)
++fs_manage_hugetlbfs_files(openvswitch_t)
++fs_manage_hugetlbfs_dirs(openvswitch_t)
+ 
+ auth_use_nsswitch(openvswitch_t)
+ 
+diff --git a/samba.te b/samba.te
+index bf7a710..aac4015 100644
+--- a/samba.te
++++ b/samba.te
+@@ -726,6 +726,7 @@ userdom_use_inherited_user_terminals(smbcontrol_t)
+ 
+ optional_policy(`
+ 	ctdbd_stream_connect(smbcontrol_t)
++	ctdbd_sigchld(smbcontrol_t)
+ ')
+ 
+ ########################################
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index a011577..4881a76 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 60%{?dist}
+Release: 60%{?dist}.3
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -28,6 +28,8 @@ patch1: policy-rhel-7.1-contrib.patch
 patch2: policy-RHEL-7.1-flask.patch
 patch3: policy-rhel-7.2-base.patch
 patch4: policy-rhel-7.2-contrib.patch
+patch5: policy-rhel-7.2.z-base.patch
+patch6: policy-rhel-7.2.z-contrib.patch
 Source1: modules-targeted-base.conf 
 Source31: modules-targeted-contrib.conf
 Source2: booleans-targeted.conf
@@ -333,10 +335,12 @@ Based off of reference policy: Checked out revision  2.20091117
 %prep 
 %setup -n serefpolicy-contrib-%{version} -q -b 29
 %patch4 -p1
+%patch6 -p1
 contrib_path=`pwd`
 %setup -n serefpolicy-%{version} -q
 %patch3 -p1
 %patch2 -p1
+%patch5 -p1
 refpolicy_path=`pwd`
 cp $contrib_path/* $refpolicy_path/policy/modules/contrib
 rm -rf $refpolicy_path/policy/modules/contrib/kubernetes.*
@@ -611,6 +615,22 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Jan 27 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-60.3
+- Allow openvswitch domain capability sys_rawio
+Resolves: rhbz#1299405
+
+* Tue Jan 26 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-60.2
+- Add fs_manage_hugetlbfs_files() interface.
+Resolves: rhbz#1299405
+- Allow openvswitch to manage hugetlfs files and dirs
+Resolves: rhbz#1299405
+
+* Mon Jan 25 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-60.1
+- Allow openvswitch read/write hugetlb filesystem.
+Resolves: rhbz#1299405
+- Allow smbcontrol domain to send sigchld to ctdbd domain.
+Resolves: rhbz#1301522
+
 * Wed Oct 14 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-60
 Allow hypervvssd to list all mountpoints to have VSS live backup working correctly.
 Resolves:#1247880