diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 1585855..b7300d6 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -15913,7 +15913,7 @@ index 83d6744..3f0c0dc 100644
 +	')
  ')
 diff --git a/couchdb.te b/couchdb.te
-index 503adab..c5128a8 100644
+index 503adab..fcb0a4b 100644
 --- a/couchdb.te
 +++ b/couchdb.te
 @@ -27,6 +27,9 @@ files_type(couchdb_var_lib_t)
@@ -15939,7 +15939,7 @@ index 503adab..c5128a8 100644
  
  manage_dirs_pattern(couchdb_t, couchdb_log_t, couchdb_log_t)
  append_files_pattern(couchdb_t, couchdb_log_t, couchdb_log_t)
-@@ -56,7 +59,7 @@ files_var_lib_filetrans(couchdb_t, couchdb_var_lib_t, dir)
+@@ -56,11 +59,12 @@ files_var_lib_filetrans(couchdb_t, couchdb_var_lib_t, dir)
  
  manage_dirs_pattern(couchdb_t, couchdb_var_run_t, couchdb_var_run_t)
  manage_files_pattern(couchdb_t, couchdb_var_run_t, couchdb_var_run_t)
@@ -15948,7 +15948,12 @@ index 503adab..c5128a8 100644
  
  can_exec(couchdb_t, couchdb_exec_t)
  
-@@ -75,14 +78,15 @@ corenet_sendrecv_couchdb_server_packets(couchdb_t)
+ kernel_read_system_state(couchdb_t)
++kernel_read_fs_sysctls(couchdb_t)
+ 
+ corecmd_exec_bin(couchdb_t)
+ corecmd_exec_shell(couchdb_t)
+@@ -75,14 +79,15 @@ corenet_sendrecv_couchdb_server_packets(couchdb_t)
  corenet_tcp_bind_couchdb_port(couchdb_t)
  corenet_tcp_sendrecv_couchdb_port(couchdb_t)
  
@@ -100261,7 +100266,7 @@ index 1ec5e99..88e287d 100644
 +	allow $1 usbmuxd_unit_file_t:service all_service_perms;
 +')
 diff --git a/usbmuxd.te b/usbmuxd.te
-index 8840be6..0d1be2a 100644
+index 8840be6..041373e 100644
 --- a/usbmuxd.te
 +++ b/usbmuxd.te
 @@ -10,34 +10,54 @@ roleattribute system_r usbmuxd_roles;
@@ -100287,7 +100292,7 @@ index 8840be6..0d1be2a 100644
  #
  
 -allow usbmuxd_t self:capability { kill setgid setuid };
-+allow usbmuxd_t self:capability { fsetid chown kill setgid setuid };
++allow usbmuxd_t self:capability { fowner fsetid chown kill setgid setuid };
 +dontaudit usbmuxd_t self:capability sys_resource;
  allow usbmuxd_t self:process { signal signull };
  allow usbmuxd_t self:fifo_file rw_fifo_file_perms;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3abe7d5..b6a635f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 191%{?dist}
+Release: 192%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -582,6 +582,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Tue Oct 21 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-192
+- Allow couchdb read sysctl_fs_t files. BZ(1154327)
+- Add fowner cap in usbmuxd_t BZ (1152662)
+
 * Tue Oct 14 2014 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-191
 - Call auth_use_nsswitch to apache to read/write cloud-init keys.
 - Allow cloud-init to dbus chat with certmonger.