diff --git a/SOURCES/policy-rhel-7.6.z-base.patch b/SOURCES/policy-rhel-7.6.z-base.patch
index ddd5e75..a687990 100644
--- a/SOURCES/policy-rhel-7.6.z-base.patch
+++ b/SOURCES/policy-rhel-7.6.z-base.patch
@@ -10,6 +10,21 @@ index b6debf340..329eb3922 100644
  	allow $1_sudo_t $3:key search;
  
  	# Enter this derived domain from the user domain
+diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
+index 5c11b48e1..ef069d779 100644
+--- a/policy/modules/admin/sudo.te
++++ b/policy/modules/admin/sudo.te
+@@ -119,6 +119,10 @@ optional_policy(`
+ 	')
+ ')
+ 
++optional_policy(`
++    systemd_write_inherited_logind_sessions_pipes(sudodomain)
++')
++
+ optional_policy(`
+ 	fprintd_dbus_chat(sudodomain)
+ ')
 diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
 index 5fa83a2fb..34fd0b0f1 100644
 --- a/policy/modules/kernel/domain.if
diff --git a/SOURCES/policy-rhel-7.6.z-contrib.patch b/SOURCES/policy-rhel-7.6.z-contrib.patch
index eed0798..1fe9199 100644
--- a/SOURCES/policy-rhel-7.6.z-contrib.patch
+++ b/SOURCES/policy-rhel-7.6.z-contrib.patch
@@ -358,6 +358,65 @@ index 7804cbaf4..2bcedd014 100644
      rpc_domtrans_rpcd(glusterd_t)
      rpc_manage_nfs_state_data(glusterd_t)
  	rpc_manage_nfs_state_data_dir(glusterd_t)
+diff --git a/modemmanager.te b/modemmanager.te
+index 5a177cd5a..c7fd00ea0 100644
+--- a/modemmanager.te
++++ b/modemmanager.te
+@@ -29,7 +29,7 @@ kernel_read_system_state(modemmanager_t)
+ 
+ corecmd_exec_bin(modemmanager_t)
+ 
+-dev_read_sysfs(modemmanager_t)
++dev_rw_sysfs(modemmanager_t)
+ dev_read_urand(modemmanager_t)
+ dev_rw_modem(modemmanager_t)
+ 
+diff --git a/nagios.te b/nagios.te
+index a5e1cfda8..4141c6374 100644
+--- a/nagios.te
++++ b/nagios.te
+@@ -217,6 +217,9 @@ tunable_policy(`nagios_run_sudo',`
+ 
+     selinux_compute_access_vector(nagios_t)
+ 
++    systemd_write_inherited_logind_sessions_pipes(nagios_t)
++    systemd_dbus_chat_logind(nagios_t)
++
+     logging_send_audit_msgs(nagios_t)
+ ')
+ 
+@@ -365,6 +368,9 @@ tunable_policy(`nagios_run_sudo',`
+ 
+     selinux_compute_access_vector(nrpe_t)
+ 
++    systemd_write_inherited_logind_sessions_pipes(nrpe_t)
++    systemd_dbus_chat_logind(nrpe_t)
++
+     logging_send_audit_msgs(nrpe_t)
+ ')
+ 
+@@ -375,6 +381,13 @@ optional_policy(`
+     ')
+ ')
+ 
++optional_policy(`
++    tunable_policy(`nagios_run_sudo',`
++        sssd_read_config(nrpe_t)
++        sssd_manage_lib_files(nrpe_t)
++        sssd_read_pid_files(nrpe_t)
++    ')
++')
+ 
+ tunable_policy(`nagios_use_nfs',`
+ 	fs_manage_nfs_files(nrpe_t)
+@@ -616,3 +629,7 @@ optional_policy(`
+ optional_policy(`
+ 	unconfined_domain(nagios_unconfined_plugin_t)
+ ')
++
++optional_policy(`
++    systemd_dbus_chat_logind(nagios_unconfined_plugin_t)
++')
 diff --git a/nova.te b/nova.te
 index 2259a5192..af8dd5527 100644
 --- a/nova.te
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index ec77df7..a07d48e 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 229%{?dist}.9
+Release: 229%{?dist}.12
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -657,6 +657,18 @@ fi
 %endif
 
 %changelog
+* Tue Apr 09 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.12
+- Allow modemmanager_t domain to write to raw_ip file labeled as sysfs_t
+Resolves: rhbz#1697868
+
+* Tue Mar 26 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.11
+- Update nagios_run_sudo boolean with few allow rules related to accessing sssd
+Resolves: rhbz#1692893
+
+* Wed Mar 13 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.10
+- Allow sudodomains to write to systemd_logind_sessions_t pipes.
+Resolves: rhbz#1688224
+
 * Thu Jan 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.9
 - Allow gssd_t domain to manage kernel keyrings of every domain.
 Resolves: rhbz#1665815