diff --git a/macros.selinux-policy b/macros.selinux-policy
index 0d8bb2a..77f8aa9 100644
--- a/macros.selinux-policy
+++ b/macros.selinux-policy
@@ -28,7 +28,7 @@
 %_selinux_store_policy_path %{_selinux_store_path}/${_policytype}
 
 %_file_context_file %{_sysconfdir}/selinux/${SELINUXTYPE}/contexts/files/file_contexts
-%_file_context_file_pre /run/rpm-state/file_contexts.pre
+%_file_context_file_pre /var/adm/update-scripts/file_contexts.pre
 
 %_file_custom_defined_booleans %{_selinux_store_policy_path}/rpmbooleans.custom
 %_file_custom_defined_booleans_tmp %{_selinux_store_policy_path}/rpmbooleans.custom.tmp
@@ -92,7 +92,7 @@ if %{_sbindir}/selinuxenabled; then \
     _policytype="targeted" \
   fi \
   if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
-    mkdir -p /run/rpm-state \
+    mkdir -p $(dirname %{_file_context_file_pre}) \
     [ -f %{_file_context_file_pre} ] || cp -f %{_file_context_file} %{_file_context_file_pre} \
   fi \
 fi \
diff --git a/selinux-policy.changes b/selinux-policy.changes
index 867614b..81640ad 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Oct  4 14:40:03 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Use /var/adm/update-scripts in macros.selinux-policy. The rpm state
+  directory doesn't exist on SUSE systems (bsc#1213593)
+
+-------------------------------------------------------------------
+Tue Sep 19 07:57:02 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Modified update.sh to require first parameter "full" to also
+  update container-selinux. For maintenance updates you usually
+  don't want it to be updated
+
 -------------------------------------------------------------------
 Fri Jul 28 14:49:04 UTC 2023 - filippo.bonazzi@suse.com
 
diff --git a/update.sh b/update.sh
index 823357d..056b1ea 100644
--- a/update.sh
+++ b/update.sh
@@ -2,18 +2,20 @@
 
 date=$(date '+%Y%m%d')
 base_name_pattern='selinux-policy-*.tar.xz'
-
 echo Update to $date
 
 old_tar_file=$(ls -1 $base_name_pattern)
 
 osc service manualrun
 
-rm -rf container-selinux
-git clone --depth 1 https://github.com/containers/container-selinux.git
-rm -f container.*
-mv container-selinux/container.* .
-rm -rf container-selinux
+if [ "$1" = "full" ]; then
+  echo doing full update including container-selinux
+  rm -rf container-selinux
+  git clone --depth 1 https://github.com/containers/container-selinux.git
+  rm -f container.*
+  mv container-selinux/container.* .
+  rm -rf container-selinux
+fi
 
 # delete old files. Might need a better sanity check
 tar_cnt=$(ls -1 $base_name_pattern  | wc -l)
@@ -24,4 +26,3 @@ if [ $tar_cnt -gt 1 ]; then
 fi
 
 osc status
-