diff --git a/policy-f21-contrib.patch b/policy-f21-contrib.patch
index 64abdc4..16566a2 100644
--- a/policy-f21-contrib.patch
+++ b/policy-f21-contrib.patch
@@ -7792,10 +7792,10 @@ index 1a7a97e..2c7252a 100644
  	domain_system_change_exemption($1)
  	role_transition $2 apmd_initrc_exec_t system_r;
 diff --git a/apm.te b/apm.te
-index 7fd431b..e05b2d4 100644
+index 7fd431b..5ce1846 100644
 --- a/apm.te
 +++ b/apm.te
-@@ -35,6 +35,9 @@ files_type(apmd_var_lib_t)
+@@ -35,12 +35,15 @@ files_type(apmd_var_lib_t)
  type apmd_var_run_t;
  files_pid_file(apmd_var_run_t)
  
@@ -7805,6 +7805,13 @@ index 7fd431b..e05b2d4 100644
  ########################################
  #
  # Client local policy
+ #
+ 
+-allow apm_t self:capability { dac_override sys_admin };
++allow apm_t self:capability { dac_override sys_admin sys_resource };
+ 
+ kernel_read_system_state(apm_t)
+ 
 @@ -48,7 +51,7 @@ dev_rw_apm_bios(apm_t)
  
  fs_getattr_xattr_fs(apm_t)
@@ -59464,10 +59471,10 @@ index 57c0161..c554eb6 100644
 +    ps_process_pattern($1, nut_t)
  ')
 diff --git a/nut.te b/nut.te
-index 5b2cb0d..429c9b8 100644
+index 5b2cb0d..ed6c07d 100644
 --- a/nut.te
 +++ b/nut.te
-@@ -7,154 +7,145 @@ policy_module(nut, 1.3.0)
+@@ -7,154 +7,146 @@ policy_module(nut, 1.3.0)
  
  attribute nut_domain;
  
@@ -59603,6 +59610,7 @@ index 5b2cb0d..429c9b8 100644
  corenet_tcp_connect_generic_port(nut_upsmon_t)
  
 +dev_read_rand(nut_upsmon_t)
++dev_read_urand(nut_upsmon_t)
 +
 +# Creates /etc/killpower
  files_manage_etc_runtime_files(nut_upsmon_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 225a6a0..9ca6485 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 105.2%{?dist}
+Release: 105.3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -604,6 +604,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Thu Feb 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-105.3
+- apmd needs sys_resource when shutting down the machine
+- Allow upsmon_t to read urandom device.
+
 * Thu Feb 02 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-105.2
 - Added boolean xdm_bind_vnc_tcp_port. BZ(1187975)
 - Allow svirt sandbox domains to read /proc/mtrr