diff --git a/SOURCES/systemd-247-policy.patch b/SOURCES/systemd-247-policy.patch
new file mode 100644
index 0000000..a54fe41
--- /dev/null
+++ b/SOURCES/systemd-247-policy.patch
@@ -0,0 +1,35 @@
+diff -Naur a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
+--- a/policy/modules/kernel/kernel.te	2021-02-22 04:12:28.000000000 -0800
++++ b/policy/modules/kernel/kernel.te	2021-02-26 14:21:22.974162725 -0800
+@@ -93,7 +93,6 @@
+ type proc_kmsg_t, proc_type;
+ fs_associate(proc_kmsg_t)
+ genfscon proc /kmsg gen_context(system_u:object_r:proc_kmsg_t,mls_systemhigh)
+-neverallow ~{ can_receive_kernel_messages kern_unconfined } proc_kmsg_t:file ~getattr;
+ 
+ # /proc kcore: inaccessible
+ type proc_kcore_t, proc_type;
+diff -Naur a/policy/modules/system/init.te b/policy/modules/system/init.te
+--- a/policy/modules/system/init.te	2021-02-22 04:12:28.000000000 -0800
++++ b/policy/modules/system/init.te	2021-02-26 15:53:09.464114056 -0800
+@@ -1920,3 +1920,7 @@
+         ccs_read_config(daemon)
+     ')
+  ')
++
++# systemd 247
++allow init_t kmsg_device_t:chr_file mounton;
++allow init_t proc_kmsg_t:file { getattr mounton };
+diff -Naur a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
+--- a/policy/modules/system/systemd.te	2021-02-22 04:12:28.000000000 -0800
++++ b/policy/modules/system/systemd.te	2021-02-26 15:18:43.051196124 -0800
+@@ -1232,3 +1232,9 @@
+ dev_write_kmsg(systemd_sleep_t)
+ 
+ fstools_rw_swap_files(systemd_sleep_t)
++
++# systemd 247
++allow systemd_logind_t self:netlink_selinux_socket create;
++allow systemd_logind_t self:netlink_selinux_socket bind;
++allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;
++allow systemd_machined_t init_var_run_t:sock_file create;
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index fc9caf0..7eee723 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 65%{?dist}
+Release: 66%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -72,6 +72,8 @@ Source35: container-selinux.tgz
 # Provide rpm macros for packages installing SELinux modules
 Source102: rpm.macros
 
+Patch0:    systemd-247-policy.patch
+
 Url: %{git0}
 BuildArch: noarch
 BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
@@ -348,7 +350,7 @@ mkdir -p %{buildroot}/%{_libexecdir}/selinux/ \
 %setup -n %{name}-contrib-%{commit1} -q -b 29
 tar -xf %{SOURCE35}
 contrib_path=`pwd`
-%setup -n %{name}-%{commit0} -q
+%autosetup -n %{name}-%{commit0} -p1
 refpolicy_path=`pwd`
 cp $contrib_path/* $refpolicy_path/policy/modules/contrib
 
@@ -715,6 +717,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Feb 26 2021 Davide Cavalca <dcavalca@fb.com> 3.14.3-66
+- Add policy tweaks for to make systemd 247 work in enforcing mode
+
 * Mon Feb 22 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-65
 - Relabel /usr/sbin/charon-systemd as ipsec_exec_t
 Resolves: rhbz#1889542