diff --git a/SOURCES/policy-rhel-7.6.z-base.patch b/SOURCES/policy-rhel-7.6.z-base.patch
index a687990..cde33e8 100644
--- a/SOURCES/policy-rhel-7.6.z-base.patch
+++ b/SOURCES/policy-rhel-7.6.z-base.patch
@@ -84,6 +84,37 @@ index c03a52c04..8569b19db 100644
  
  auth_domtrans_pam_console(staff_t)
  
+diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
+index 8f75416ce..d5f2f5b4a 100644
+--- a/policy/modules/system/systemd.if
++++ b/policy/modules/system/systemd.if
+@@ -351,6 +351,26 @@ interface(`systemd_use_fds_logind',`
+ 	allow $1 systemd_logind_t:fd use;
+ ')
+ 
++########################################
++## <summary>
++##	Read the process state (/proc/pid) of systemd_logind_t.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`systemd_logind_read_state',`
++	gen_require(`
++		type systemd_logind_t;
++	')
++
++	allow $1 systemd_logind_t:dir search_dir_perms;
++	allow $1 systemd_logind_t:file read_file_perms;
++	allow $1 systemd_logind_t:lnk_file read_lnk_file_perms;
++')
++
+ ######################################
+ ## <summary>
+ ##	Read logind sessions files.
 diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
 index cceb511fc..f5139efd2 100644
 --- a/policy/modules/system/userdomain.te
diff --git a/SOURCES/policy-rhel-7.6.z-contrib.patch b/SOURCES/policy-rhel-7.6.z-contrib.patch
index 1fe9199..61f121d 100644
--- a/SOURCES/policy-rhel-7.6.z-contrib.patch
+++ b/SOURCES/policy-rhel-7.6.z-contrib.patch
@@ -372,9 +372,27 @@ index 5a177cd5a..c7fd00ea0 100644
  dev_rw_modem(modemmanager_t)
  
 diff --git a/nagios.te b/nagios.te
-index a5e1cfda8..4141c6374 100644
+index a5e1cfda8..02b65a000 100644
 --- a/nagios.te
 +++ b/nagios.te
+@@ -115,7 +115,7 @@ userdom_use_inherited_user_ttys(nagios_plugin_domain)
+ # Nagios local policy
+ #
+ 
+-allow nagios_t self:capability { dac_read_search dac_override setgid setuid };
++allow nagios_t self:capability { chown dac_read_search dac_override setgid setuid };
+ dontaudit nagios_t self:capability sys_tty_config;
+ allow nagios_t self:process { setpgid signal_perms };
+ allow nagios_t self:fifo_file rw_fifo_file_perms;
+@@ -203,7 +203,7 @@ mta_kill_system_mail(nagios_t)
+ systemd_exec_systemctl(nagios_t)
+ 
+ tunable_policy(`nagios_run_sudo',`
+-    allow nagios_t self:capability { setuid setgid sys_resource sys_ptrace };
++    allow nagios_t self:capability { chown setuid setgid sys_resource sys_ptrace };
+     allow nagios_t self:process { setrlimit setsched };
+ 
+     allow nagios_t self:key write;
 @@ -217,6 +217,9 @@ tunable_policy(`nagios_run_sudo',`
  
      selinux_compute_access_vector(nagios_t)
@@ -385,17 +403,42 @@ index a5e1cfda8..4141c6374 100644
      logging_send_audit_msgs(nagios_t)
  ')
  
-@@ -365,6 +368,9 @@ tunable_policy(`nagios_run_sudo',`
+@@ -224,6 +227,10 @@ optional_policy(`
+     apache_systemctl(nagios_t)
+ ')
+ 
++optional_policy(`
++	dbus_system_bus_client(nagios_t)
++')
++
+ optional_policy(`
+     tunable_policy(`nagios_run_sudo',`
+         sudo_exec(nagios_t)
+@@ -231,6 +238,12 @@ optional_policy(`
+     ')
+ ')
+ 
++optional_policy(`
++    tunable_policy(`nagios_run_sudo',`
++	    init_read_utmp(nagios_t)
++    ')
++')
++
+ tunable_policy(`nagios_run_pnp4nagios',`
+     allow nagios_t nagios_log_t:file execute;
+ ')
+@@ -365,6 +378,10 @@ tunable_policy(`nagios_run_sudo',`
  
      selinux_compute_access_vector(nrpe_t)
  
 +    systemd_write_inherited_logind_sessions_pipes(nrpe_t)
 +    systemd_dbus_chat_logind(nrpe_t)
++    systemd_logind_read_state(nrpe_t)
 +
      logging_send_audit_msgs(nrpe_t)
  ')
  
-@@ -375,6 +381,13 @@ optional_policy(`
+@@ -375,6 +392,14 @@ optional_policy(`
      ')
  ')
  
@@ -404,12 +447,24 @@ index a5e1cfda8..4141c6374 100644
 +        sssd_read_config(nrpe_t)
 +        sssd_manage_lib_files(nrpe_t)
 +        sssd_read_pid_files(nrpe_t)
++        sssd_signull(nrpe_t)
 +    ')
 +')
  
  tunable_policy(`nagios_use_nfs',`
  	fs_manage_nfs_files(nrpe_t)
-@@ -616,3 +629,7 @@ optional_policy(`
+@@ -382,6 +407,10 @@ tunable_policy(`nagios_use_nfs',`
+     fs_manage_nfs_symlinks(nrpe_t)
+ ')
+ 
++optional_policy(`
++    dbus_system_bus_client(nrpe_t)
++')
++
+ optional_policy(`
+ 	inetd_tcp_service_domain(nrpe_t, nrpe_exec_t)
+ ')
+@@ -616,3 +645,7 @@ optional_policy(`
  optional_policy(`
  	unconfined_domain(nagios_unconfined_plugin_t)
  ')
@@ -591,6 +646,19 @@ index 7394a0dfc..4402cbe09 100644
  typealias rpm_var_lib_t alias var_lib_rpm_t;
  
  type rpm_var_cache_t;
+diff --git a/sbd.te b/sbd.te
+index 202904c19..d415d2c8a 100644
+--- a/sbd.te
++++ b/sbd.te
+@@ -37,6 +37,8 @@ manage_files_pattern(sbd_t, sbd_tmpfs_t, sbd_tmpfs_t)
+ manage_dirs_pattern(sbd_t, sbd_tmpfs_t, sbd_tmpfs_t)
+ fs_tmpfs_filetrans(sbd_t, sbd_tmpfs_t, { file dir })
+ 
++auth_use_nsswitch(sbd_t)
++
+ kernel_read_system_state(sbd_t)
+ kernel_dgram_send(sbd_t)
+ kernel_rw_kernel_sysctl(sbd_t)
 diff --git a/snapper.fc b/snapper.fc
 index 4f4bdb397..0a43846a8 100644
 --- a/snapper.fc
@@ -625,6 +693,35 @@ index 8c9e4a200..5be6d3542 100644
  
  fs_getattr_all_fs(snapperd_t)
  fs_mount_xattr_fs(snapperd_t)
+diff --git a/sssd.if b/sssd.if
+index 47530e258..2d4b9b2fa 100644
+--- a/sssd.if
++++ b/sssd.if
+@@ -502,6 +502,24 @@ interface(`sssd_rw_inherited_pipes',`
+     allow $1 sssd_t:fifo_file rw_inherited_fifo_file_perms;
+ ')
+ 
++########################################
++## <summary>
++##  Allow caller to signull sssd.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`sssd_signull',`
++	gen_require(`
++		type sssd_t;
++	')
++
++	allow $1 sssd_t:process signull;
++')
++
+ ########################################
+ ## <summary>
+ ##	Transition to sssd named content
 diff --git a/sysstat.te b/sysstat.te
 index a2690e315..efb2f855c 100644
 --- a/sysstat.te
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index a07d48e..a47e230 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 229%{?dist}.12
+Release: 229%{?dist}.15
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -657,6 +657,21 @@ fi
 %endif
 
 %changelog
+* Wed Jul 10 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.15
+- Allow sbd_t domain to use nsswitch
+Resolves: rhbz#1728592
+
+* Mon May 27 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.14
+- Allow nrpe_t domain to read process state of systemd_logind_t
+- Alow nrpe_t to send signull to sssd domain when nagios_run_sudo boolean is turned on
+- Allow nrpe_t domain to be dbus cliennt
+- Allow ngaios to use chown capability
+Resolves: rhbz#1692893
+
+* Tue Apr 23 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.13
+- Update Nagios policy when sudo is used
+Resolves: rhbz#1692893
+
 * Tue Apr 09 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.12
 - Allow modemmanager_t domain to write to raw_ip file labeled as sysfs_t
 Resolves: rhbz#1697868