diff --git a/fix_dnsmasq.patch b/fix_dnsmasq.patch
new file mode 100644
index 0000000..0471529
--- /dev/null
+++ b/fix_dnsmasq.patch
@@ -0,0 +1,12 @@
+Index: fedora-policy-20220519/policy/modules/contrib/dnsmasq.te
+===================================================================
+--- fedora-policy-20220519.orig/policy/modules/contrib/dnsmasq.te
++++ fedora-policy-20220519/policy/modules/contrib/dnsmasq.te
+@@ -115,6 +115,7 @@ libs_exec_ldconfig(dnsmasq_t)
+ logging_send_syslog_msg(dnsmasq_t)
+ 
+ miscfiles_read_public_files(dnsmasq_t)
++sysnet_manage_config_dirs(dnsmasq_t)
+ 
+ userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
+ userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
diff --git a/fix_init.patch b/fix_init.patch
index 18063b1..a2d3af7 100644
--- a/fix_init.patch
+++ b/fix_init.patch
@@ -1,8 +1,17 @@
-Index: fedora-policy-20220124/policy/modules/system/init.te
+Index: fedora-policy-20220519/policy/modules/system/init.te
 ===================================================================
---- fedora-policy-20220124.orig/policy/modules/system/init.te
-+++ fedora-policy-20220124/policy/modules/system/init.te
-@@ -267,6 +267,8 @@ corecmd_exec_bin(init_t)
+--- fedora-policy-20220519.orig/policy/modules/system/init.te
++++ fedora-policy-20220519/policy/modules/system/init.te
+@@ -187,6 +187,8 @@ allow init_t self:bpf { map_create map_r
+ # setuid (from /sbin/shutdown)
+ # sys_chroot (from /usr/bin/chroot): now provided by corecmd_chroot_exec_chroot()
+ 
++# bsc#1197610, find a better, generic solution
++allow init_t self:file mounton;
+ allow init_t self:fifo_file rw_fifo_file_perms;
+ 
+ allow init_t self:service manage_service_perms;
+@@ -267,6 +269,8 @@ corecmd_exec_bin(init_t)
  corenet_all_recvfrom_netlabel(init_t)
  corenet_tcp_bind_all_ports(init_t)
  corenet_udp_bind_all_ports(init_t)
@@ -11,7 +20,7 @@ Index: fedora-policy-20220124/policy/modules/system/init.te
  
  dev_create_all_files(init_t)
  dev_create_all_chr_files(init_t)
-@@ -394,6 +396,7 @@ logging_manage_audit_config(init_t)
+@@ -396,6 +400,7 @@ logging_manage_audit_config(init_t)
  logging_create_syslog_netlink_audit_socket(init_t)
  logging_write_var_log_dirs(init_t)
  logging_manage_var_log_symlinks(init_t)
@@ -19,7 +28,7 @@ Index: fedora-policy-20220124/policy/modules/system/init.te
  
  seutil_read_config(init_t)
  seutil_read_login_config(init_t)
-@@ -444,10 +447,15 @@ ifdef(`distro_redhat',`
+@@ -448,9 +453,19 @@ ifdef(`distro_redhat',`
  corecmd_shell_domtrans(init_t, initrc_t)
  
  storage_raw_rw_fixed_disk(init_t)
@@ -27,15 +36,19 @@ Index: fedora-policy-20220124/policy/modules/system/init.te
  
  sysnet_read_dhcpc_state(init_t)
  
- optional_policy(`
-+    networkmanager_initrc_read_lnk_files(init_t)
++# bsc#1197610, find a better, generic solution
++optional_policy(`
++    mta_getattr_spool(init_t)
 +')
 +
 +optional_policy(`
++    networkmanager_initrc_read_lnk_files(init_t)
++')
++
+ optional_policy(`
      bootloader_domtrans(init_t)
  ')
- 
-@@ -571,10 +579,10 @@ tunable_policy(`init_audit_control',`
+@@ -575,10 +590,10 @@ tunable_policy(`init_audit_control',`
  allow init_t self:system all_system_perms;
  allow init_t self:system module_load;
  allow init_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -48,7 +61,7 @@ Index: fedora-policy-20220124/policy/modules/system/init.te
  allow init_t self:netlink_selinux_socket create_socket_perms;
  allow init_t self:unix_dgram_socket lock;
  # Until systemd is fixed
-@@ -633,6 +641,7 @@ files_delete_all_spool_sockets(init_t)
+@@ -637,6 +652,7 @@ files_delete_all_spool_sockets(init_t)
  files_create_var_lib_dirs(init_t)
  files_create_var_lib_symlinks(init_t)
  files_read_var_lib_symlinks(init_t)
@@ -56,7 +69,7 @@ Index: fedora-policy-20220124/policy/modules/system/init.te
  files_manage_urandom_seed(init_t)
  files_list_locks(init_t)
  files_list_spool(init_t)
-@@ -669,7 +678,7 @@ fs_list_all(init_t)
+@@ -674,7 +690,7 @@ fs_list_all(init_t)
  fs_list_auto_mountpoints(init_t)
  fs_register_binary_executable_type(init_t)
  fs_relabel_tmpfs_sock_file(init_t)
@@ -65,7 +78,7 @@ Index: fedora-policy-20220124/policy/modules/system/init.te
  fs_relabel_cgroup_dirs(init_t)
  fs_search_cgroup_dirs(init_t)
  # for network namespaces
-@@ -725,6 +734,7 @@ systemd_write_inherited_logind_sessions_
+@@ -730,6 +746,7 @@ systemd_write_inherited_logind_sessions_
  create_sock_files_pattern(init_t, init_sock_file_type, init_sock_file_type)
  
  create_dirs_pattern(init_t, var_log_t, var_log_t)
@@ -73,7 +86,7 @@ Index: fedora-policy-20220124/policy/modules/system/init.te
  
  auth_use_nsswitch(init_t)
  auth_rw_login_records(init_t)
-@@ -1571,6 +1581,8 @@ optional_policy(`
+@@ -1580,6 +1597,8 @@ optional_policy(`
  
  optional_policy(`
  	postfix_list_spool(initrc_t)
diff --git a/fix_unconfineduser.patch b/fix_unconfineduser.patch
index 54458d4..82632fe 100644
--- a/fix_unconfineduser.patch
+++ b/fix_unconfineduser.patch
@@ -1,8 +1,8 @@
-Index: fedora-policy-20211111/policy/modules/roles/unconfineduser.te
+Index: fedora-policy-20220509/policy/modules/roles/unconfineduser.te
 ===================================================================
---- fedora-policy-20211111.orig/policy/modules/roles/unconfineduser.te
-+++ fedora-policy-20211111/policy/modules/roles/unconfineduser.te
-@@ -122,6 +122,11 @@ tunable_policy(`unconfined_dyntrans_all'
+--- fedora-policy-20220509.orig/policy/modules/roles/unconfineduser.te
++++ fedora-policy-20220509/policy/modules/roles/unconfineduser.te
+@@ -124,6 +124,11 @@ tunable_policy(`unconfined_dyntrans_all'
      domain_dyntrans(unconfined_t)
  ')
  
@@ -14,7 +14,7 @@ Index: fedora-policy-20211111/policy/modules/roles/unconfineduser.te
  optional_policy(`
  	gen_require(`
  		type unconfined_t;
-@@ -208,6 +213,10 @@ optional_policy(`
+@@ -210,6 +215,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -25,7 +25,7 @@ Index: fedora-policy-20211111/policy/modules/roles/unconfineduser.te
  	chrome_role_notrans(unconfined_r, unconfined_t)
  
  	tunable_policy(`unconfined_chrome_sandbox_transition',`
-@@ -242,6 +251,18 @@ optional_policy(`
+@@ -244,6 +253,18 @@ optional_policy(`
  	dbus_stub(unconfined_t)
  
  	optional_policy(`
@@ -44,14 +44,3 @@ Index: fedora-policy-20211111/policy/modules/roles/unconfineduser.te
  		bluetooth_dbus_chat(unconfined_t)
  	')
  
-@@ -305,6 +326,10 @@ optional_policy(`
- ')
- 
- optional_policy(`
-+	libs_run_ldconfig(unconfined_t, unconfined_r)
-+')
-+
-+optional_policy(`
- 	firstboot_run(unconfined_t, unconfined_r)
- ')
- 
diff --git a/selinux-policy.changes b/selinux-policy.changes
index 709306f..8490579 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,4 +1,23 @@
 -------------------------------------------------------------------
+Thu May 19 12:25:31 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+- Add fix_dnsmasq.patch to fix problems with virtualization on Microos
+  (bsc#1199518)
+
+-------------------------------------------------------------------
+Tue May  3 13:18:38 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Modified fix_init.patch to allow init to setup contrained environment
+  for accountsservice. This needs a better, more general solution
+  (bsc#1197610)
+
+-------------------------------------------------------------------
+Mon May  2 11:27:49 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition.
+  This happens in certain boot conditions (bsc#1182500)
+- Changed fix_unconfineduser.patch to not transition into ldconfig_t
+  from unconfined_t (bsc#1197169)
+-------------------------------------------------------------------
 Thu Feb 17 12:24:13 UTC 2022 - Klaus Kämpf <kkaempf@suse.com>
 
 - use %license tag for COPYING file
diff --git a/selinux-policy.spec b/selinux-policy.spec
index de4fa04..b06da34 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -140,6 +140,8 @@ Patch055:       fix_auditd.patch
 Patch056:       fix_wine.patch
 Patch057:       fix_hypervkvp.patch
 Patch058:       fix_bitlbee.patch
+Patch059:       systemd_domain_dyntrans_type.patch
+Patch060:       fix_dnsmasq.patch
 
 Patch100:       sedoctool.patch
 
diff --git a/systemd_domain_dyntrans_type.patch b/systemd_domain_dyntrans_type.patch
new file mode 100644
index 0000000..8376c95
--- /dev/null
+++ b/systemd_domain_dyntrans_type.patch
@@ -0,0 +1,13 @@
+Index: fedora-policy-20220124/policy/modules/system/init.te
+===================================================================
+--- fedora-policy-20220124.orig/policy/modules/system/init.te
++++ fedora-policy-20220124/policy/modules/system/init.te
+@@ -179,6 +179,8 @@ allow init_t self:tcp_socket { listen ac
+ allow init_t self:packet_socket create_socket_perms;
+ allow init_t self:key manage_key_perms;
+ allow init_t self:bpf { map_create map_read map_write prog_load prog_run };
++domain_dyntrans_type(init_t)
++allow init_t self:process { dyntransition setcurrent };
+ 
+ # is ~sys_module really needed? observed:
+ # sys_boot