diff --git a/SOURCES/policy-rhel-7.9.z-base.patch b/SOURCES/policy-rhel-7.9.z-base.patch
new file mode 100644
index 0000000..8aa44c7
--- /dev/null
+++ b/SOURCES/policy-rhel-7.9.z-base.patch
@@ -0,0 +1,13 @@
+diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
+index e229517afa..53c780b2e7 100644
+--- a/policy/modules/system/miscfiles.if
++++ b/policy/modules/system/miscfiles.if
+@@ -81,7 +81,7 @@ interface(`miscfiles_manage_all_certs',`
+ 		attribute cert_type;
+ 	')
+ 
+-	allow $1 cert_type:dir list_dir_perms;
++	manage_dirs_pattern($1, cert_type, cert_type)
+ 	manage_files_pattern($1, cert_type, cert_type)
+ 	manage_lnk_files_pattern($1, cert_type, cert_type)
+ ')
diff --git a/SOURCES/policy-rhel-7.9.z-contrib.patch b/SOURCES/policy-rhel-7.9.z-contrib.patch
new file mode 100644
index 0000000..de773a9
--- /dev/null
+++ b/SOURCES/policy-rhel-7.9.z-contrib.patch
@@ -0,0 +1,36 @@
+diff --git a/glusterd.te b/glusterd.te
+index 382d67a996..322a4fe005 100644
+--- a/glusterd.te
++++ b/glusterd.te
+@@ -331,3 +331,16 @@ optional_policy(`
+ optional_policy(`
+ 	ssh_exec(glusterd_t)
+ ')
++
++
++########################################
++#
++# Local policy for ssh_keygen
++#
++
++gen_require(`
++    type ssh_keygen_t;
++')
++
++manage_dirs_pattern(ssh_keygen_t, glusterd_var_lib_t, glusterd_var_lib_t)
++manage_files_pattern(ssh_keygen_t, glusterd_var_lib_t, glusterd_var_lib_t)
+diff --git a/ldap.te b/ldap.te
+index 1c922b3402..9079ab40eb 100644
+--- a/ldap.te
++++ b/ldap.te
+@@ -57,8 +57,8 @@ allow slapd_t self:process { setsched signal } ;
+ allow slapd_t self:fifo_file rw_fifo_file_perms;
+ allow slapd_t self:tcp_socket { accept listen };
+ 
+-allow slapd_t slapd_cert_t:dir list_dir_perms;
+-read_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
++manage_dirs_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
++manage_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
+ read_lnk_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
+ 
+ manage_dirs_pattern(slapd_t, slapd_db_t, slapd_db_t)
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index cdb2268..c2c80b4 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -20,12 +20,14 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 268%{?dist}
+Release: 268%{?dist}.2
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
 patch0: policy-rhel-7.9-base.patch
 patch1: policy-rhel-7.9-contrib.patch
+patch2: policy-rhel-7.9.z-base.patch
+patch3: policy-rhel-7.9.z-contrib.patch
 Source1: modules-targeted-base.conf
 Source31: modules-targeted-contrib.conf
 Source2: booleans-targeted.conf
@@ -340,9 +342,11 @@ Based off of reference policy: Checked out revision  2.20091117
 %prep 
 %setup -n serefpolicy-contrib-%{version} -q -b 29
 %patch1 -p1
+%patch3 -p1
 contrib_path=`pwd`
 %setup -n serefpolicy-%{version} -q
 %patch0 -p1
+%patch2 -p1
 refpolicy_path=`pwd`
 cp $contrib_path/* $refpolicy_path/policy/modules/contrib
 rm -rf $refpolicy_path/policy/modules/contrib/kubernetes.*
@@ -653,6 +657,18 @@ fi
 %endif
 
 %changelog
+* Thu Oct 29 2020 Zdenek Pytela <zpytela@redhat.com> - 3.13.1-268.2
+- Allow certmonger add new entries in a generic certificates directory
+Resolves: rhbz#1879496
+- Allow slapd add new entries in ldap certificates directory
+Resolves: rhbz#1879496
+- Add miscfiles_add_entry_generic_cert_dirs() interface
+Resolves: rhbz#1879496
+
+* Mon Sep 07 2020 Zdenek Pytela <zpytela@redhat.com> - 3.13.1-268.1
+- Allow ssh-keygen create file in /var/lib/glusterd
+Resolves: rhbz#1867995
+
 * Tue May 12 2020 Zdenek Pytela <zpytela@redhat.com> - 3.13.1-268
 - Allow rhsmd read process state of all domains and kernel threads
 Resolves: rhbz#1837461