diff --git a/dnscrypt-proxy.service b/dnscrypt-proxy.service
index 0f3f73b..fdbe238 100644
--- a/dnscrypt-proxy.service
+++ b/dnscrypt-proxy.service
@@ -14,7 +14,6 @@ Wants=nss-lookup.target
 NonBlocking=true
 ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
 
-ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 
diff --git a/dnscrypt-proxy.spec b/dnscrypt-proxy.spec
index e808265..2e26857 100644
--- a/dnscrypt-proxy.spec
+++ b/dnscrypt-proxy.spec
@@ -31,7 +31,7 @@ Features:
 %gometa
 
 Name:           dnscrypt-proxy
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A flexible DNS proxy, with support for encrypted DNS protocols
 License:        ISC
 URL:            %{gourl}
@@ -102,6 +102,51 @@ install -Dpm 0644 %{S:1} %{buildroot}%{_unitdir}/%{name}.service
 install -Dpm 0644 %{S:2} %{buildroot}%{_unitdir}/%{name}.socket
 
 
+# Temporary SELinux workaround
+# https://github.com/fedora-selinux/selinux-policy/issues/231
+mkdir selinux
+cd selinux
+
+cat << EOF > my-ptproxy.te
+module my-ptproxy 1.0;
+
+require {
+type var_t;
+type init_t;
+class dir { create setattr };
+class lnk_file { create getattr read };
+}
+
+#============= init_t ==============
+allow init_t var_t:dir { create setattr };
+allow init_t var_t:lnk_file create;
+EOF
+
+make -f %{_datadir}/selinux/devel/Makefile
+install -p -m 644 -D my-ptproxy.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp
+
+
+%post
+%systemd_post %{name}.service
+if [ "$1" -le "1" ] ; then # First install
+semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || :
+fi
+
+
+%preun
+%systemd_preun %{name}.service
+if [ "$1" -lt "1" ] ; then # Final removal
+semodule -r my-ptproxy 2>/dev/null || :
+fi
+
+
+%postun
+%systemd_postun %{name}.service
+if [ "$1" -ge "1" ] ; then # Upgrade
+semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || :
+fi
+
+
 %files
 %license LICENSE
 %doc README.md ChangeLog
@@ -112,10 +157,15 @@ install -Dpm 0644 %{S:2} %{buildroot}%{_unitdir}/%{name}.socket
 %config(noreplace) %{_sysconfdir}/%{name}/cloaking-rules.txt
 %config(noreplace) %{_sysconfdir}/%{name}/forwarding-rules.txt
 %config(noreplace) %{_sysconfdir}/%{name}/whitelist.txt
+%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp
 %{_unitdir}/%{name}.*
 
 
 %changelog
+* Tue Feb 20 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.19-3
+- Add a policy for SELinux /var/cache creation
+- Removed ProtectHome from the SystemD service to use with GNU Stow
+
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.19-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild