diff --git a/_service b/_service
new file mode 100644
index 0000000..181daf7
--- /dev/null
+++ b/_service
@@ -0,0 +1,21 @@
+<services>
+  <service name="tar_scm" mode="manual">
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="url">https://github.com/containers/container-selinux.git</param>
+    <param name="scm">git</param>
+    <param name="changesgenerate">enable</param>
+    <param name="match-tag">v*</param>
+    <param name="revision">main</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service name="recompress" mode="manual">
+    <param name="compression">xz</param>
+    <param name="file">*.tar</param>
+  </service>
+  <service name="set_version" mode="manual" >
+    <param name="file">container-selinux.spec</param>
+  </service>
+</services>
+
diff --git a/_servicedata b/_servicedata
new file mode 100644
index 0000000..872c29b
--- /dev/null
+++ b/_servicedata
@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/containers/container-selinux.git</param>
+              <param name="changesrevision">3f06c141bebc00a07eec4c0ded038aac4f2ae3f0</param></service></servicedata>
\ No newline at end of file
diff --git a/container-selinux-2.233.0.tar.xz b/container-selinux-2.233.0.tar.xz
new file mode 100644
index 0000000..421ffae
--- /dev/null
+++ b/container-selinux-2.233.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1b38f8dc1a274fb9781df60f04234f6851e93382eb95372af56a617ece8e0189
+size 28680
diff --git a/container-selinux.changes b/container-selinux.changes
index bcf5480..f2e577b 100644
--- a/container-selinux.changes
+++ b/container-selinux.changes
@@ -1,3 +1,115 @@
+-------------------------------------------------------------------
+Thu Jan  9 14:16:15 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
+
+- Add BuildRequires selinux-policy-%{selinuxtype} to enable building
+  for SLFO. Might be removed in the future again when 1231252
+  is fixed.
+
+-------------------------------------------------------------------
+Thu Nov 07 12:04:40 UTC 2024 - cathy.hu@suse.com
+
+- Update to version 2.233.0:
+  * container_engine_t: small change to allow non root exec in a container
+  * RPM: explicitly list ghosted paths and skip mode verification
+  * container-selinux install on non selinux-policy-targeted systems (#332)
+  * set container_log_t type for /var/log/kube-apiserver
+  * Allow kubelet_t to create a sock file kubelet_var_lib_t
+  * dontaudit spc_t to mmap_zero
+  * Packit: update targets (#330)
+  * container_engine_t: another round of small improvements (#327)
+  * Allow container_device_plugin_t to use the network (#325)
+  * RPM: cleanup changelog (#324)
+  * TMT: Simplify tests
+
+-------------------------------------------------------------------
+Wed Jul 10 07:52:16 UTC 2024 - cathy.hu@suse.com
+
+- Update to version 2.232.1:
+  * Bump to v2.232.1
+  * TMT: fix srpm download syntax on rawhide
+  * Bump to 2.232.0
+  * Packit: remove `update_release` key from downstream jobs (#313)
+  * Update container-selinux.8 man page
+  * Add ownership of /usr/share/udica (#312)
+  * Packit/TMT: upstream maintenance of downstream gating tests
+  * extend container_engine_t again
+  * Allow spc_t to use localectl
+  * Allow spc_t to use timedatectl
+  * introduce container_use_xserver_devices boolean to allow GPU access
+
+-------------------------------------------------------------------
+Mon May 06 07:36:02 UTC 2024 - jsegitz@suse.com
+
+- Update to version 2.231.0:
+  * Allow container domains to communicate with spc_t unix_stream_sockets
+  * Move to %posttrans to ensure selinux-policy got updated before
+    the commands run (bsc#1221720)
+
+-------------------------------------------------------------------
+Wed Apr 10 15:47:15 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Manual update to version 2.230.0+git4.a8e389d to include this 
+  commit that is needed for the main selinux-policy update to work:
+  * Rename all /var/run file context entries to /run
+
+-------------------------------------------------------------------
+Wed Apr 10 15:38:24 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 2.230.0:
+  * Move to tar_scm based packaging: added _service and _servicedata
+  * Allow containers to unmount file systems
+  * Add buildah as a container_runtime_exec_t label
+  * Additional rules for container_user_t
+  * improve container_engine_t
+
+-------------------------------------------------------------------
+Thu Jan 11 08:37:53 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 2.228:
+  * Allow container domains to watch fifo_files
+  * container_engine_t: improve for podman in kubernetes case
+  * Allow spc_t to transition to install_t domain
+  * Default to allowing containers to use dri devices
+  * Allow access to BPF Filesystems
+  * Fix kubernetes transition rule
+  * Label kubensenter as well as kubenswrapper
+  * Allow container domains to execute container_runtime_tmpfs_t files
+  * Allow container domains to ptrace themselves
+  * Allow container domains to use container_runtime_tmpfs_t as an entrypoint
+  * Add boolean to allow containers to use dri devices
+  * Give containers access to pod resources endpoint
+  * Label kubenswrapper kubelet_exec_t
+
+-------------------------------------------------------------------
+Wed Sep 20 14:21:29 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 2.222:
+  * Allow containers to read/write inherited dri devices
+
+-------------------------------------------------------------------
+Tue Aug 15 05:48:12 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 2.221:
+  * Allow containers to shutdown sockets inherited from container
+    runtimes
+  * Allow spc_t to use execmod libraries on container file systems
+  * Add boolean to allow containers to read all cert files
+  * More MLS Policy allow rules
+  * Allow container runtimes using pasta bind icmp_socket to port_t
+  * Fix spc_t transitions from container_runtime_domain
+
+-------------------------------------------------------------------
+Tue May 23 07:32:16 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 2.215.0:
+  * Add some MLS rules to policy
+  * Allow container runtime to dyntransition to spc_t
+  * Tighten controls on confined users
+  * Add labels for /var/lib/shared
+  * Cleanup entrypoint definitions
+  * Allow container_device_plugin_t access to debugfs
+  * Allow containers which use devices to map them
+
 -------------------------------------------------------------------
 Mon Apr 24 07:24:46 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/container-selinux.spec b/container-selinux.spec
index 373eb93..a8fe06b 100644
--- a/container-selinux.spec
+++ b/container-selinux.spec
@@ -26,20 +26,21 @@
 # Version of SELinux we were using
 %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
 Name:           container-selinux
-Version:        2.211.0
+Version:        2.233.0
 Release:        0
 Summary:        SELinux policies for container runtimes
 License:        GPL-2.0-only
 URL:            https://github.com/containers/container-selinux
-Source0:        https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
+Source0:        container-selinux-%{version}.tar.xz
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
+BuildRequires:  selinux-policy-%{selinuxtype}
 Requires:       selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
-Requires(post): policycoreutils
-Requires(post): /usr/bin/sed
-Requires(post): selinux-policy-base >= %{selinux_policyver}
-Requires(post): selinux-policy-targeted >= %{selinux_policyver}
-Requires(post): selinux-tools
+Requires(posttrans): policycoreutils
+Requires(posttrans): /usr/bin/sed
+Requires(posttrans): selinux-policy-base >= %{selinux_policyver}
+Requires(posttrans): selinux-policy-targeted >= %{selinux_policyver}
+Requires(posttrans): selinux-tools
 BuildArch:      noarch
 
 %description
@@ -68,7 +69,12 @@ install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates
 %pre
 %selinux_relabel_pre -s %{selinuxtype}
 
-%post
+%postun
+if [ $1 -eq 0 ]; then
+   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
+fi
+
+%posttrans
 # Install all modules in a single transaction
 if [ $1 -eq 1 ]; then
    %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
@@ -81,13 +87,6 @@ fi
 . %{_sysconfdir}/selinux/config
 sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i %{_sysconfdir}/selinux/${SELINUXTYPE}/contexts/customizable_types
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
-
-%postun
-if [ $1 -eq 0 ]; then
-   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
-fi
-
-%posttrans
 %selinux_relabel_post -s %{selinuxtype}
 
 %files
diff --git a/v2.211.0.tar.gz b/v2.211.0.tar.gz
deleted file mode 100644
index 9dc404d..0000000
--- a/v2.211.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c4eeef9975526f937fafed834c3dcf99b821e6be10d3f5373038aff2f41028d1
-size 29626