diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 783906b..bdae1d1 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -1052,17 +1052,10 @@ index 4705ab6..b82865c 100644
 +## </desc>
 +gen_tunable(mount_anyfile, false)
 diff --git a/policy/mcs b/policy/mcs
-index 216b3d1..064ec83 100644
+index 216b3d1..78e56ed 100644
 --- a/policy/mcs
 +++ b/policy/mcs
-@@ -1,4 +1,6 @@
- ifdef(`enable_mcs',`
-+default_range dir_file_class_set target low;
-+
- #
- # Define sensitivities 
- #
-@@ -69,53 +71,56 @@ gen_levels(1,mcs_num_cats)
+@@ -69,53 +69,56 @@ gen_levels(1,mcs_num_cats)
  #  - /proc/pid operations are not constrained.
  
  mlsconstrain file { read ioctl lock execute execute_no_trans }
@@ -1139,7 +1132,7 @@ index 216b3d1..064ec83 100644
  
  mlsconstrain process { signal }
  	(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
-@@ -135,6 +140,9 @@ mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure d
+@@ -135,6 +138,9 @@ mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure d
  mlsconstrain { db_tuple } { insert relabelto }
  	(( h1 dom h2 ) and ( l2 eq h2 ));
  
@@ -1149,7 +1142,7 @@ index 216b3d1..064ec83 100644
  # Access control for any database objects based on MCS rules.
  mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param }
  	( h1 dom h2 );
-@@ -166,4 +174,23 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute }
+@@ -166,4 +172,23 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute }
  mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }
  	( h1 dom h2 );
  
@@ -44536,7 +44529,7 @@ index 0000000..cde0261
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..11cbcf8
+index 0000000..dff8d54
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
 @@ -0,0 +1,723 @@
@@ -45209,7 +45202,7 @@ index 0000000..11cbcf8
 +#
 +# systemd_sysctl domains local policy
 +#
-+allow systemd_sysctl_t self:capability { net_admin sys_admin sys_rawio };
++allow systemd_sysctl_t self:capability { net_admin sys_admin sys_ptrace sys_rawio };
 +allow systemd_sysctl_t self:unix_dgram_socket create_socket_perms;
 +kernel_dgram_send(systemd_sysctl_t)
 +kernel_request_load_module(systemd_sysctl_t)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 2d3a600..6fecdc7 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -25387,10 +25387,10 @@ index 0000000..1714fa6
 +/var/run/dnssec.*			gen_context(system_u:object_r:dnssec_trigger_var_run_t,s0)
 diff --git a/dnssec.if b/dnssec.if
 new file mode 100644
-index 0000000..a846ce0
+index 0000000..d22ed69
 --- /dev/null
 +++ b/dnssec.if
-@@ -0,0 +1,104 @@
+@@ -0,0 +1,123 @@
 +
 +## <summary>policy for dnssec_trigger</summary>
 +
@@ -25474,6 +25474,25 @@ index 0000000..a846ce0
 +
 +########################################
 +## <summary>
++##	Send sigkill to dnssec_trigger.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++#
++interface(`dnssec_trigger_sigkill',`
++	gen_require(`
++		type dnssec_trigger_t;
++	')
++
++    allow $1 dnssec_trigger_t:process sigkill;
++')
++
++########################################
++## <summary>
 +##	All of the rules required to administrate
 +##	an dnssec_trigger environment
 +## </summary>
@@ -56978,7 +56997,7 @@ index 86dc29d..7380935 100644
 +	logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
  ')
 diff --git a/networkmanager.te b/networkmanager.te
-index 55f2009..87e3f05 100644
+index 55f2009..b84767b 100644
 --- a/networkmanager.te
 +++ b/networkmanager.te
 @@ -9,15 +9,18 @@ type NetworkManager_t;
@@ -57055,11 +57074,11 @@ index 55f2009..87e3f05 100644
 +can_exec(NetworkManager_t, NetworkManager_exec_t)
 +#wicd
 +can_exec(NetworkManager_t, wpa_cli_exec_t)
-+
+ 
 +list_dirs_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
 +read_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
 +read_lnk_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
- 
++
 +list_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
 +read_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
 +read_lnk_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
@@ -57226,7 +57245,7 @@ index 55f2009..87e3f05 100644
  	consoletype_exec(NetworkManager_t)
  ')
  
-@@ -210,17 +257,16 @@ optional_policy(`
+@@ -210,16 +257,11 @@ optional_policy(`
  optional_policy(`
  	dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
  
@@ -57237,19 +57256,15 @@ index 55f2009..87e3f05 100644
  
  	optional_policy(`
  		consolekit_dbus_chat(NetworkManager_t)
-+		consolekit_read_pid_files(NetworkManager_t)
- 	')
-+')
- 
+-	')
+-
 -	optional_policy(`
 -		policykit_dbus_chat(NetworkManager_t)
--	')
-+optional_policy(`
-+    dnssec_trigger_domtrans(NetworkManager_t)
++		consolekit_read_pid_files(NetworkManager_t)
+ 	')
  ')
  
- optional_policy(`
-@@ -231,10 +277,15 @@ optional_policy(`
+@@ -231,10 +273,17 @@ optional_policy(`
  	dnsmasq_kill(NetworkManager_t)
  	dnsmasq_signal(NetworkManager_t)
  	dnsmasq_signull(NetworkManager_t)
@@ -57258,7 +57273,9 @@ index 55f2009..87e3f05 100644
  
  optional_policy(`
 -	gnome_stream_connect_all_gkeyringd(NetworkManager_t)
++    dnssec_trigger_domtrans(NetworkManager_t)
 +    dnssec_trigger_signull(NetworkManager_t)
++    dnssec_trigger_sigkill(NetworkManager_t)
 +')
 +
 +optional_policy(`
@@ -57266,7 +57283,7 @@ index 55f2009..87e3f05 100644
  ')
  
  optional_policy(`
-@@ -246,10 +297,26 @@ optional_policy(`
+@@ -246,10 +295,26 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -57293,7 +57310,7 @@ index 55f2009..87e3f05 100644
  ')
  
  optional_policy(`
-@@ -257,15 +324,19 @@ optional_policy(`
+@@ -257,15 +322,19 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -57315,7 +57332,7 @@ index 55f2009..87e3f05 100644
  ')
  
  optional_policy(`
-@@ -274,10 +345,17 @@ optional_policy(`
+@@ -274,10 +343,17 @@ optional_policy(`
  	nscd_signull(NetworkManager_t)
  	nscd_kill(NetworkManager_t)
  	nscd_initrc_domtrans(NetworkManager_t)
@@ -57333,7 +57350,7 @@ index 55f2009..87e3f05 100644
  ')
  
  optional_policy(`
-@@ -286,9 +364,12 @@ optional_policy(`
+@@ -286,9 +362,12 @@ optional_policy(`
  	openvpn_kill(NetworkManager_t)
  	openvpn_signal(NetworkManager_t)
  	openvpn_signull(NetworkManager_t)
@@ -57346,7 +57363,7 @@ index 55f2009..87e3f05 100644
  	policykit_domtrans_auth(NetworkManager_t)
  	policykit_read_lib(NetworkManager_t)
  	policykit_read_reload(NetworkManager_t)
-@@ -296,7 +377,7 @@ optional_policy(`
+@@ -296,7 +375,7 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -57355,7 +57372,7 @@ index 55f2009..87e3f05 100644
  ')
  
  optional_policy(`
-@@ -307,6 +388,7 @@ optional_policy(`
+@@ -307,6 +386,7 @@ optional_policy(`
  	ppp_signal(NetworkManager_t)
  	ppp_signull(NetworkManager_t)
  	ppp_read_config(NetworkManager_t)
@@ -57363,7 +57380,7 @@ index 55f2009..87e3f05 100644
  ')
  
  optional_policy(`
-@@ -320,14 +402,21 @@ optional_policy(`
+@@ -320,14 +400,21 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -57390,7 +57407,7 @@ index 55f2009..87e3f05 100644
  ')
  
  optional_policy(`
-@@ -357,6 +446,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
+@@ -357,6 +444,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
  init_dontaudit_use_fds(wpa_cli_t)
  init_use_script_ptys(wpa_cli_t)
  
@@ -65818,10 +65835,10 @@ index 8176e4a..2df1789 100644
  
 diff --git a/pcp.fc b/pcp.fc
 new file mode 100644
-index 0000000..9b8cb6b
+index 0000000..26a45e3
 --- /dev/null
 +++ b/pcp.fc
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,29 @@
 +/etc/rc\.d/init\.d/pmcd		--	gen_context(system_u:object_r:pcp_pmcd_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/pmlogger 	--      gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/pmproxy 	--	gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
@@ -65850,6 +65867,7 @@ index 0000000..9b8cb6b
 +
 +/var/run/pcp(/.*)?		gen_context(system_u:object_r:pcp_var_run_t,s0)
 +/var/run/pmcd\.socket    --  gen_context(system_u:object_r:pcp_var_run_t,s0)
++/var/run/pmlogger\.primary\.socket    -l  gen_context(system_u:object_r:pcp_var_run_t,s0)
 diff --git a/pcp.if b/pcp.if
 new file mode 100644
 index 0000000..80246e6
@@ -66002,10 +66020,10 @@ index 0000000..80246e6
 +
 diff --git a/pcp.te b/pcp.te
 new file mode 100644
-index 0000000..e24db6b
+index 0000000..684f7b0
 --- /dev/null
 +++ b/pcp.te
-@@ -0,0 +1,259 @@
+@@ -0,0 +1,260 @@
 +policy_module(pcp, 1.0.0)
 +
 +########################################
@@ -66080,7 +66098,8 @@ index 0000000..e24db6b
 +manage_dirs_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
 +manage_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
 +manage_sock_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
-+files_pid_filetrans(pcp_domain, pcp_var_run_t, { dir file sock_file })
++manage_lnk_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
++files_pid_filetrans(pcp_domain, pcp_var_run_t, { dir file sock_file lnk_file })
 +
 +manage_dirs_pattern(pcp_domain, pcp_tmp_t, pcp_tmp_t)
 +manage_files_pattern(pcp_domain, pcp_tmp_t, pcp_tmp_t)
@@ -97067,10 +97086,10 @@ index 0000000..52450c7
 +')
 diff --git a/smsd.te b/smsd.te
 new file mode 100644
-index 0000000..1fad7b8
+index 0000000..d971935
 --- /dev/null
 +++ b/smsd.te
-@@ -0,0 +1,73 @@
+@@ -0,0 +1,75 @@
 +policy_module(smsd, 1.0.0)
 +
 +########################################
@@ -97144,6 +97163,8 @@ index 0000000..1fad7b8
 +logging_send_syslog_msg(smsd_t)
 +
 +sysnet_dns_name_resolve(smsd_t)
++
++term_use_usb_ttys(smsd_t)
 diff --git a/smstools.if b/smstools.if
 index cbfe369..6594af3 100644
 --- a/smstools.if
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4ede9f2..8656868 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 143%{?dist}
+Release: 144%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -647,6 +647,15 @@ exit 0
 %endif
 
 %changelog
+* Mon Aug 24 2015 Lukas Vrabec  <lvrabec@redhat.com> 3.13.1-144
+- Allow pmlogger to create pmlogger.primary.socket link file. BZ(1254080)
+- Allow NetworkManager send sigkill to dnssec-trigger. BZ(1251764)
+- Add interface dnssec_trigger_sigkill
+- Allow smsd use usb ttys. BZ(#1250536)
+- Fix postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file.
+- Revert default_range change in targeted policy
+- Allow systemd-sysctl cap. sys_ptrace  BZ(1253926)
+
 * Fri Aug 21 2015 Lukas Vrabec  <lvrabec@redhat.com> 3.13.1-143
 - Add ipmievd policy creaed by vmojzis@redhat.com
 - Call kernel_load_module(vmware_host_t) to satisfy neverallow assertion for sys_moudle in MLS where unconfined is disabled.