diff --git a/systemd-mini.changes b/systemd-mini.changes
index 494967b2..fb31cad2 100644
--- a/systemd-mini.changes
+++ b/systemd-mini.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Mar 11 12:58:19 UTC 2019 - Franck Bui <fbui@suse.com>
+
+- Stop installing macros.systemd
+
+  There're no points in installing this file if we remove it right
+  after.
+
+-------------------------------------------------------------------
+Mon Mar 11 10:48:54 UTC 2019 - Franck Bui <fbui@suse.com>
+
+- Make sure systemd-network.rules take precedence over our polkit-default-privs (bsc#1125438)
+
 -------------------------------------------------------------------
 Thu Mar  7 14:27:59 UTC 2019 - Franck Bui <fbui@suse.com>
 
diff --git a/systemd-mini.spec b/systemd-mini.spec
index 73552c8c..1970f56d 100644
--- a/systemd-mini.spec
+++ b/systemd-mini.spec
@@ -440,7 +440,7 @@ opensuse_ntp_servers=({0..3}.opensuse.pool.ntp.org)
         -Dsplit-usr=true \
         -Dsplit-bin=true \
         -Dpamlibdir=/%{_lib}/security \
-        -Drpmmacrosdir=%{_prefix}/lib/rpm/macros.d \
+        -Drpmmacrosdir=no \
         -Dcertificate-root=%{_sysconfdir}/pki/systemd \
         -Ddefault-hierarchy=hybrid \
         -Ddefault-kill-user-processes=false \
@@ -545,8 +545,7 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel
 rm -rf %{buildroot}/etc/systemd/system/*.target.wants
 rm -f %{buildroot}/etc/systemd/system/default.target
 
-# Overwrite /etc/pam.d/systemd-user shipped by upstream with one
-# customized for openSUSE distros.
+# Replace /etc/pam.d/systemd-user shipped by upstream with the openSUSE one.
 install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
 
 # Remove tmp.mount from the unit search path as /tmp doesn't use tmpfs
@@ -562,6 +561,13 @@ rm %{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.pat
 # aaa_base (in procps for now)
 rm -f %{buildroot}%{_sysctldir}/50-default.conf
 
+# Make sure systemd-network polkit rules file starts with a suitable
+# number prefix so it takes precedence over our polkit-default-privs.
+%if %{with networkd}
+mv %{buildroot}%{_datadir}/polkit-1/rules.d/systemd-networkd.rules \
+        %{buildroot}%{_datadir}/polkit-1/rules.d/60-systemd-networkd.rules
+%endif
+
 # since v207 /etc/sysctl.conf is no longer parsed (commit
 # 04bf3c1a60d82791), however backward compatibility is provided by
 # /usr/lib/sysctl.d/99-sysctl.conf.
@@ -655,9 +661,6 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/random-seed
 
 %fdupes -s %{buildroot}%{_mandir}
 
-# packaged in systemd-rpm-macros
-rm -f %{buildroot}/%{_prefix}/lib/rpm/macros.d/macros.systemd
-
 # Make sure to disable all services by default. The Suse branding
 # presets package takes care of defining the right policies.
 rm -f %{buildroot}%{_presetdir}/*.preset
@@ -1137,7 +1140,7 @@ fi
 %{_datadir}/polkit-1/actions/org.freedesktop.timedate1.policy
 %{_datadir}/polkit-1/actions/org.freedesktop.login1.policy
 %if %{with networkd}
-%{_datadir}/polkit-1/rules.d/systemd-networkd.rules
+%{_datadir}/polkit-1/rules.d/60-systemd-networkd.rules
 %endif
 %if %{with resolved}
 %{_datadir}/polkit-1/actions/org.freedesktop.resolve1.policy
diff --git a/systemd.changes b/systemd.changes
index 494967b2..fb31cad2 100644
--- a/systemd.changes
+++ b/systemd.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Mar 11 12:58:19 UTC 2019 - Franck Bui <fbui@suse.com>
+
+- Stop installing macros.systemd
+
+  There're no points in installing this file if we remove it right
+  after.
+
+-------------------------------------------------------------------
+Mon Mar 11 10:48:54 UTC 2019 - Franck Bui <fbui@suse.com>
+
+- Make sure systemd-network.rules take precedence over our polkit-default-privs (bsc#1125438)
+
 -------------------------------------------------------------------
 Thu Mar  7 14:27:59 UTC 2019 - Franck Bui <fbui@suse.com>
 
diff --git a/systemd.spec b/systemd.spec
index df08f889..5ea0442f 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -438,7 +438,7 @@ opensuse_ntp_servers=({0..3}.opensuse.pool.ntp.org)
         -Dsplit-usr=true \
         -Dsplit-bin=true \
         -Dpamlibdir=/%{_lib}/security \
-        -Drpmmacrosdir=%{_prefix}/lib/rpm/macros.d \
+        -Drpmmacrosdir=no \
         -Dcertificate-root=%{_sysconfdir}/pki/systemd \
         -Ddefault-hierarchy=hybrid \
         -Ddefault-kill-user-processes=false \
@@ -543,8 +543,7 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel
 rm -rf %{buildroot}/etc/systemd/system/*.target.wants
 rm -f %{buildroot}/etc/systemd/system/default.target
 
-# Overwrite /etc/pam.d/systemd-user shipped by upstream with one
-# customized for openSUSE distros.
+# Replace /etc/pam.d/systemd-user shipped by upstream with the openSUSE one.
 install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
 
 # Remove tmp.mount from the unit search path as /tmp doesn't use tmpfs
@@ -560,6 +559,13 @@ rm %{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.pat
 # aaa_base (in procps for now)
 rm -f %{buildroot}%{_sysctldir}/50-default.conf
 
+# Make sure systemd-network polkit rules file starts with a suitable
+# number prefix so it takes precedence over our polkit-default-privs.
+%if %{with networkd}
+mv %{buildroot}%{_datadir}/polkit-1/rules.d/systemd-networkd.rules \
+        %{buildroot}%{_datadir}/polkit-1/rules.d/60-systemd-networkd.rules
+%endif
+
 # since v207 /etc/sysctl.conf is no longer parsed (commit
 # 04bf3c1a60d82791), however backward compatibility is provided by
 # /usr/lib/sysctl.d/99-sysctl.conf.
@@ -653,9 +659,6 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/random-seed
 
 %fdupes -s %{buildroot}%{_mandir}
 
-# packaged in systemd-rpm-macros
-rm -f %{buildroot}/%{_prefix}/lib/rpm/macros.d/macros.systemd
-
 # Make sure to disable all services by default. The Suse branding
 # presets package takes care of defining the right policies.
 rm -f %{buildroot}%{_presetdir}/*.preset
@@ -1135,7 +1138,7 @@ fi
 %{_datadir}/polkit-1/actions/org.freedesktop.timedate1.policy
 %{_datadir}/polkit-1/actions/org.freedesktop.login1.policy
 %if %{with networkd}
-%{_datadir}/polkit-1/rules.d/systemd-networkd.rules
+%{_datadir}/polkit-1/rules.d/60-systemd-networkd.rules
 %endif
 %if %{with resolved}
 %{_datadir}/polkit-1/actions/org.freedesktop.resolve1.policy