diff --git a/policy-f23-base.patch b/policy-f23-base.patch
index e5ab29f..a4f46e1 100644
--- a/policy-f23-base.patch
+++ b/policy-f23-base.patch
@@ -9654,7 +9654,7 @@ index 76f285e..68ef8e7 100644
 +	filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card9")
 +')
 diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
-index 0b1a871..f260e6f 100644
+index 0b1a871..a3bc891 100644
 --- a/policy/modules/kernel/devices.te
 +++ b/policy/modules/kernel/devices.te
 @@ -15,11 +15,12 @@ attribute devices_unconfined_type;
@@ -9783,7 +9783,7 @@ index 0b1a871..f260e6f 100644
  
  # Type for vmware devices.
  type vmware_device_t;
-@@ -319,5 +356,6 @@ files_associate_tmp(device_node)
+@@ -319,5 +356,8 @@ files_associate_tmp(device_node)
  #
  
  allow devices_unconfined_type self:capability sys_rawio;
@@ -9792,6 +9792,8 @@ index 0b1a871..f260e6f 100644
 +allow devices_unconfined_type device_node:{ blk_file lnk_file } *;
 +allow devices_unconfined_type device_node:{ file chr_file } ~{ execmod entrypoint };
 +allow devices_unconfined_type mtrr_device_t:file ~{ execmod entrypoint };
++dev_getattr_all(devices_unconfined_type)
++
 diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
 index 6a1e4d1..26e5558 100644
 --- a/policy/modules/kernel/domain.if
@@ -19560,7 +19562,7 @@ index e100d88..65a3b6d 100644
 +')
 +
 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 8dbab4c..7c405f5 100644
+index 8dbab4c..abdf524 100644
 --- a/policy/modules/kernel/kernel.te
 +++ b/policy/modules/kernel/kernel.te
 @@ -25,6 +25,9 @@ attribute kern_unconfined;
@@ -19865,7 +19867,7 @@ index 8dbab4c..7c405f5 100644
  
 -allow kern_unconfined sysctl_type:{ dir file } *;
 +allow kern_unconfined sysctl_type:{ file } ~entrypoint;
-+allow kern_unconfined sysctl_type:{ dir } *;
++allow kern_unconfined sysctl_type:{ dir lnk_file } *;
  
  allow kern_unconfined kernel_t:system *;
  
diff --git a/policy-f23-contrib.patch b/policy-f23-contrib.patch
index 1cc5fb9..5180f54 100644
--- a/policy-f23-contrib.patch
+++ b/policy-f23-contrib.patch
@@ -10751,7 +10751,7 @@ index 02fefaa..308616e 100644
 +	')
  ')
 diff --git a/boinc.te b/boinc.te
-index 687d4c4..3c5a83a 100644
+index 687d4c4..f668033 100644
 --- a/boinc.te
 +++ b/boinc.te
 @@ -12,7 +12,9 @@ policy_module(boinc, 1.1.1)
@@ -10844,7 +10844,7 @@ index 687d4c4..3c5a83a 100644
  
  manage_dirs_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
  manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
-@@ -61,74 +101,48 @@ files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
+@@ -61,74 +101,49 @@ files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
  manage_files_pattern(boinc_t, boinc_tmpfs_t, boinc_tmpfs_t)
  fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t, file)
  
@@ -10882,6 +10882,7 @@ index 687d4c4..3c5a83a 100644
  
 -corenet_all_recvfrom_unlabeled(boinc_t)
 +dev_getattr_mouse_dev(boinc_t)
++dev_rw_dri(boinc_t)
 +
 +files_getattr_all_dirs(boinc_t)
 +files_getattr_all_files(boinc_t)
@@ -10941,7 +10942,7 @@ index 687d4c4..3c5a83a 100644
  
  term_getattr_all_ptys(boinc_t)
  term_getattr_unallocated_ttys(boinc_t)
-@@ -137,8 +151,9 @@ init_read_utmp(boinc_t)
+@@ -137,8 +152,9 @@ init_read_utmp(boinc_t)
  
  logging_send_syslog_msg(boinc_t)
  
@@ -10953,7 +10954,7 @@ index 687d4c4..3c5a83a 100644
  
  tunable_policy(`boinc_execmem',`
  	allow boinc_t self:process { execstack execmem };
-@@ -148,48 +163,61 @@ optional_policy(`
+@@ -148,48 +164,61 @@ optional_policy(`
  	mta_send_mail(boinc_t)
  ')
  
@@ -98931,10 +98932,10 @@ index 0000000..ed76979
 +
 diff --git a/snapper.te b/snapper.te
 new file mode 100644
-index 0000000..88805d7
+index 0000000..17a28ec
 --- /dev/null
 +++ b/snapper.te
-@@ -0,0 +1,78 @@
+@@ -0,0 +1,79 @@
 +policy_module(snapper, 1.0.0)
 +
 +########################################
@@ -98960,7 +98961,8 @@ index 0000000..88805d7
 +# snapperd local policy
 +#
 +
-+allow snapperd_t self:capability dac_override;
++allow snapperd_t self:capability { dac_override sys_admin };
++allow snapperd_t self:process setsched;
 +
 +allow snapperd_t self:fifo_file rw_fifo_file_perms;
 +allow snapperd_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1275ff1..93806c2 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 158.18%{?dist}
+Release: 158.19%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -653,6 +653,11 @@ exit 0
 %endif
 
 %changelog
+* Wed Jun 09 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-158.19
+ - Allow boinc to use dri devices. This allows use Boinc for a openCL GPU calculations. BZ(1340886)
+ - Allow snapperd sys_admin capability Allow snapperd to set scheduler. Resolves: rhbz#1341765
+ - Additional access required for unconfined domains
+
 * Wed May 18 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-158.18
 - Allow ganesha-ha.sh script running under unconfined_t domain communicate with glusterd_t domains via dbus.
 - Allow ganesha daemon labeled as glusterd_t create /var/lib/nfs/ganesha dir labeled as var_lib_nfs_t.