diff --git a/fix_cockpit.patch b/fix_cockpit.patch
index d4eae49..99c363e 100644
--- a/fix_cockpit.patch
+++ b/fix_cockpit.patch
@@ -9,10 +9,10 @@ cockpit.socket fails to start if kerberos_enabled=false
  policy/modules/contrib/cockpit.te | 2 ++
  1 file changed, 2 insertions(+)
 
-Index: fedora-policy-20210628/policy/modules/contrib/cockpit.te
+Index: fedora-policy-20210716/policy/modules/contrib/cockpit.te
 ===================================================================
---- fedora-policy-20210628.orig/policy/modules/contrib/cockpit.te
-+++ fedora-policy-20210628/policy/modules/contrib/cockpit.te
+--- fedora-policy-20210716.orig/policy/modules/contrib/cockpit.te
++++ fedora-policy-20210716/policy/modules/contrib/cockpit.te
 @@ -51,7 +51,9 @@ can_exec(cockpit_ws_t,cockpit_session_ex
  dev_read_urand(cockpit_ws_t) # for authkey
  dev_read_rand(cockpit_ws_t)  # for libssh
@@ -23,3 +23,25 @@ Index: fedora-policy-20210628/policy/modules/contrib/cockpit.te
  
  # cockpit-ws can connect to other hosts via ssh
  corenet_tcp_connect_ssh_port(cockpit_ws_t)
+Index: fedora-policy-20210716/policy/modules/contrib/cockpit.fc
+===================================================================
+--- fedora-policy-20210716.orig/policy/modules/contrib/cockpit.fc
++++ fedora-policy-20210716/policy/modules/contrib/cockpit.fc
+@@ -3,12 +3,12 @@
+ /usr/lib/systemd/system/cockpit.*		--	gen_context(system_u:object_r:cockpit_unit_file_t,s0)
+ /etc/systemd/system/cockpit.*	--	gen_context(system_u:object_r:cockpit_unit_file_t,s0)
+ 
+-/usr/libexec/cockpit-ws		--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+-/usr/libexec/cockpit-tls	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+-/usr/libexec/cockpit-wsinstance-factory	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
++/usr/lib(exec)?/cockpit-ws		--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
++/usr/lib(exec)?/cockpit-tls	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
++/usr/lib(exec)?/cockpit-wsinstance-factory	--	gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+ 
+-/usr/libexec/cockpit-session	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+-/usr/libexec/cockpit-ssh	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
++/usr/lib(exec)?/cockpit-session	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
++/usr/lib(exec)?/cockpit-ssh	--	gen_context(system_u:object_r:cockpit_session_exec_t,s0)
+ 
+ /usr/share/cockpit/motd/update-motd    -- gen_context(system_u:object_r:cockpit_ws_exec_t,s0)
+ 
diff --git a/fix_systemd.patch b/fix_systemd.patch
index 02f834e..bdab982 100644
--- a/fix_systemd.patch
+++ b/fix_systemd.patch
@@ -1,8 +1,8 @@
-Index: fedora-policy-20210628/policy/modules/system/systemd.te
+Index: fedora-policy-20210716/policy/modules/system/systemd.te
 ===================================================================
---- fedora-policy-20210628.orig/policy/modules/system/systemd.te
-+++ fedora-policy-20210628/policy/modules/system/systemd.te
-@@ -347,6 +347,10 @@ userdom_manage_user_tmp_chr_files(system
+--- fedora-policy-20210716.orig/policy/modules/system/systemd.te
++++ fedora-policy-20210716/policy/modules/system/systemd.te
+@@ -352,6 +352,10 @@ userdom_manage_user_tmp_chr_files(system
  xserver_dbus_chat(systemd_logind_t)
  
  optional_policy(`
@@ -13,7 +13,7 @@ Index: fedora-policy-20210628/policy/modules/system/systemd.te
  	apache_read_tmp_files(systemd_logind_t)
  ')
  
-@@ -854,6 +858,10 @@ optional_policy(`
+@@ -859,6 +863,10 @@ optional_policy(`
  	udev_read_pid_files(systemd_hostnamed_t)
  ')
  
@@ -24,3 +24,12 @@ Index: fedora-policy-20210628/policy/modules/system/systemd.te
  #######################################
  #
  # rfkill policy
+@@ -1097,6 +1105,8 @@ systemd_unit_file_filetrans(systemd_gpt_
+ systemd_create_unit_file_dirs(systemd_gpt_generator_t)
+ systemd_create_unit_file_lnk(systemd_gpt_generator_t)
+ 
++udev_read_pid_files(systemd_gpt_generator_t)
++
+ #######################################
+ #
+ # systemd_resolved domain
diff --git a/modules-minimum-base.conf b/modules-minimum-base.conf
index d90e3cb..853e975 100644
--- a/modules-minimum-base.conf
+++ b/modules-minimum-base.conf
@@ -412,4 +412,3 @@ packagekit = module
 # Name service cache daemon
 # 
 nscd = module
-
diff --git a/modules-targeted-base.conf b/modules-targeted-base.conf
index f5bcc4c..5e255b5 100644
--- a/modules-targeted-base.conf
+++ b/modules-targeted-base.conf
@@ -412,3 +412,10 @@ rtorrent = module
 # Policy for wicked
 #
 wicked = module
+
+# Layer: system
+# Module: rebootmgr
+#
+# Policy for rebootmgr
+#
+rebootmgr = module
diff --git a/rebootmgr.fc b/rebootmgr.fc
new file mode 100644
index 0000000..156f78f
--- /dev/null
+++ b/rebootmgr.fc
@@ -0,0 +1 @@
+/usr/sbin/rebootmgrd		--	gen_context(system_u:object_r:rebootmgr_exec_t,s0)
diff --git a/rebootmgr.if b/rebootmgr.if
new file mode 100644
index 0000000..bb42f80
--- /dev/null
+++ b/rebootmgr.if
@@ -0,0 +1,61 @@
+
+## <summary>policy for rebootmgr</summary>
+
+########################################
+## <summary>
+##	Execute rebootmgr_exec_t in the rebootmgr domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`rebootmgr_domtrans',`
+	gen_require(`
+		type rebootmgr_t, rebootmgr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rebootmgr_exec_t, rebootmgr_t)
+')
+
+######################################
+## <summary>
+##	Execute rebootmgr in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rebootmgr_exec',`
+	gen_require(`
+		type rebootmgr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, rebootmgr_exec_t)
+')
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	rebootmgr over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rebootmgr_dbus_chat',`
+	gen_require(`
+		type rebootmgr_t;
+		class dbus send_msg;
+	')
+
+	allow $1 rebootmgr_t:dbus send_msg;
+	allow rebootmgr_t $1:dbus send_msg;
+')
diff --git a/rebootmgr.te b/rebootmgr.te
new file mode 100644
index 0000000..4b4e6ab
--- /dev/null
+++ b/rebootmgr.te
@@ -0,0 +1,37 @@
+policy_module(rebootmgr, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type rebootmgr_t;
+type rebootmgr_exec_t;
+init_daemon_domain(rebootmgr_t, rebootmgr_exec_t)
+
+########################################
+#
+# rebootmgr local policy
+#
+allow rebootmgr_t self:process { fork };
+allow rebootmgr_t self:fifo_file rw_fifo_file_perms;
+allow rebootmgr_t self:unix_stream_socket create_stream_socket_perms;
+
+domain_use_interactive_fds(rebootmgr_t)
+
+files_manage_etc_files(rebootmgr_t)
+
+logging_send_syslog_msg(rebootmgr_t)
+
+miscfiles_read_localization(rebootmgr_t)
+
+systemd_start_power_services(rebootmgr_t)
+
+systemd_dbus_chat_logind(rebootmgr_t)
+
+unconfined_dbus_chat(rebootmgr_t)
+
+optional_policy(`
+	dbus_system_bus_client(rebootmgr_t)
+	dbus_connect_system_bus(rebootmgr_t)
+')
diff --git a/selinux-policy.changes b/selinux-policy.changes
index 2c52444..7f72bd1 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Sep  2 08:45:24 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Modified fix_systemd.patch to allow systemd gpt generator access to
+  udev files (bsc#1189280)
+
+-------------------------------------------------------------------
+Fri Aug 27 13:07:54 UTC 2021 - Ales Kedroutek <ales.kedroutek@suse.com>
+
+- fix rebootmgr does not trigger the reboot properly (boo#1189878)
+  * fix managing /etc/rebootmgr.conf
+  * allow rebootmgr_t to cope with systemd and dbus messaging
+
+-------------------------------------------------------------------
+Thu Aug 26 07:37:05 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Properly label cockpit files
+- Allow wicked to communicate with network manager on DBUS (bsc#1188331)
+
+-------------------------------------------------------------------
+Mon Aug 23 15:43:28 UTC 2021 - Ales Kedroutek <ales.kedroutek@suse.com>
+
+- Added policy module for rebootmgr (jsc#SMO-28) 
+
 -------------------------------------------------------------------
 Tue Aug 17 16:03:08 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
 
diff --git a/selinux-policy.spec b/selinux-policy.spec
index dce81b7..22171f3 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -81,6 +81,9 @@ Source125:      rtorrent.fc
 Source126:      wicked.te
 Source127:      wicked.if
 Source128:      wicked.fc
+Source129:      rebootmgr.te
+Source130:      rebootmgr.if
+Source131:      rebootmgr.fc
 
 Patch001:       fix_djbdns.patch
 Patch002:       fix_dbus.patch
@@ -422,7 +425,7 @@ for i in %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15}
  cp $i selinux_config
 done
 
-for i in %{SOURCE120} %{SOURCE121} %{SOURCE122} %{SOURCE123} %{SOURCE124} %{SOURCE125} %{SOURCE126} %{SOURCE127} %{SOURCE128}; do
+for i in %{SOURCE120} %{SOURCE121} %{SOURCE122} %{SOURCE123} %{SOURCE124} %{SOURCE125} %{SOURCE126} %{SOURCE127} %{SOURCE128} %{SOURCE129} %{SOURCE130} %{SOURCE131}; do
  cp $i policy/modules/contrib
 done
 
diff --git a/wicked.te b/wicked.te
index 8441a29..a5f49ed 100644
--- a/wicked.te
+++ b/wicked.te
@@ -494,6 +494,10 @@ optional_policy(`
 	virt_dbus_chat(wicked_t)
 ')
 
+optional_policy(`
+	networkmanager_dbus_chat(wicked_t)
+')
+
 #tunable_policy(`use_ecryptfs_home_dirs',`
 #fs_manage_ecryptfs_files(wicked_t)
 #')