diff --git a/SOURCES/policy-rhel-7.4.z-base.patch b/SOURCES/policy-rhel-7.4.z-base.patch
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/SOURCES/policy-rhel-7.4.z-base.patch
diff --git a/SOURCES/policy-rhel-7.4.z-contrib.patch b/SOURCES/policy-rhel-7.4.z-contrib.patch
new file mode 100644
index 0000000..dc4e90c
--- /dev/null
+++ b/SOURCES/policy-rhel-7.4.z-contrib.patch
@@ -0,0 +1,55 @@
+diff --git a/lldpad.te b/lldpad.te
+index 42e5578f2..3399d597a 100644
+--- a/lldpad.te
++++ b/lldpad.te
+@@ -64,3 +64,7 @@ optional_policy(`
+ optional_policy(`
+     networkmanager_dgram_send(lldpad_t)
+ ')
++
++optional_policy(`
++    virt_dgram_send(lldpad_t)
++')
+diff --git a/tomcat.te b/tomcat.te
+index 97bdd60c9..386c4b7ac 100644
+--- a/tomcat.te
++++ b/tomcat.te
+@@ -51,6 +51,9 @@ optional_policy(`
+ # tomcat domain policy
+ #
+ 
++allow tomcat_t self:capability { dac_override setuid kill };
++
++allow tomcat_t self:process { setcap signal signull };
+ allow tomcat_domain self:fifo_file rw_fifo_file_perms;
+ allow tomcat_domain self:unix_stream_socket create_stream_socket_perms;
+ 
+diff --git a/virt.if b/virt.if
+index 1d17889f3..c6792a5a3 100644
+--- a/virt.if
++++ b/virt.if
+@@ -1618,4 +1618,23 @@ interface(`virt_dontaudit_read_state',`
+ 	dontaudit $1 virtd_t:dir search_dir_perms;
+ 	dontaudit $1 virtd_t:file read_file_perms;
+ 	dontaudit $1 virtd_t:lnk_file read_lnk_file_perms;
++')
++
++#######################################
++## <summary>
++##	Send to libvirt with a unix dgram socket.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`virt_dgram_send',`
++	gen_require(`
++		type virtd_t, virt_var_run_t;
++	')
++
++	files_search_pids($1)
++	dgram_send_pattern($1, virt_var_run_t, virt_var_run_t, virtd_t)
+ ')
+\ No newline at end of file
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 7d21a32..2e37a69 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 166%{?dist}
+Release: 166%{?dist}.4
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -28,6 +28,8 @@ patch: policy-rhel-7.1-base.patch
 patch1: policy-rhel-7.1-contrib.patch
 patch2: policy-rhel-7.4-base.patch
 patch3: policy-rhel-7.4-contrib.patch
+patch4: policy-rhel-7.4.z-base.patch
+patch5: policy-rhel-7.4.z-contrib.patch
 Source1: modules-targeted-base.conf 
 Source31: modules-targeted-contrib.conf
 Source2: booleans-targeted.conf
@@ -339,9 +341,11 @@ Based off of reference policy: Checked out revision  2.20091117
 %prep 
 %setup -n serefpolicy-contrib-%{version} -q -b 29
 %patch3 -p1
+%patch5 -p1
 contrib_path=`pwd`
 %setup -n serefpolicy-%{version} -q
 %patch2 -p1
+%patch4 -p1
 refpolicy_path=`pwd`
 cp $contrib_path/* $refpolicy_path/policy/modules/contrib
 rm -rf $refpolicy_path/policy/modules/contrib/kubernetes.*
@@ -651,6 +655,22 @@ fi
 %endif
 
 %changelog
+* Sat Aug 26 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-166.4
+- Allow tomcat_t domain couple capabilities to make working tomcat-jsvc
+Resolves: rhbz#1485308
+
+* Thu Aug 10 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-166.3
+- Fixing wrong NVR
+Resolves: rhbz#1479767
+
+* Thu Aug 10 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-166.2
+- Increase NVR
+Resolves: rhbz#1479767
+
+* Wed Aug 09 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-166.1
+- Allow llpdad send dgram to libvirt
+Resolves: rhbz#1479767
+
 * Mon Jul 10 2017 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-166
 - Add new boolean gluster_use_execmem
 Resolves: rhbz#1469027