diff --git a/containers-common.spec b/containers-common.spec
index ff4302e..eeafa61 100644
--- a/containers-common.spec
+++ b/containers-common.spec
@@ -15,7 +15,7 @@
 Epoch: 4
 Name: containers-common
 Version: 1
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 BuildArch: noarch
@@ -38,7 +38,7 @@ Source13: %{github_containers}/image/%{image_branch}/registries.conf
 Source14: %{github_containers}/podman/%{podman_branch}/docs/source/markdown/containers-mounts.conf.5.md
 Source15: %{github_containers}/shortnames/%{shortnames_branch}/shortnames.conf
 Source16: %{github_containers}/skopeo/%{skopeo_branch}/default.yaml
-Source17: %{github_containers}/skopeo/%{skopeo_branch}/integration/fixtures/policy.json
+Source17: %{github_containers}/skopeo/%{skopeo_branch}/default-policy.json
 Source18: %{github_containers}/storage/%{storage_branch}/docs/containers-storage.conf.5.md
 Source19: %{github_containers}/storage/%{storage_branch}/storage.conf
 
@@ -62,7 +62,7 @@ install -m0644 %{_sourcedir}/default.yaml %{buildroot}%{_sysconfdir}/containers/
 install -m0644 %{_sourcedir}/storage.conf %{buildroot}%{_sysconfdir}/containers/storage.conf
 install -m0644 %{_sourcedir}/registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
 install -m0644 %{_sourcedir}/shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/shortnames.conf
-install -m0644 %{_sourcedir}/policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
+install -m0644 %{_sourcedir}/default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
 
 # install manpages
 install -dp %{buildroot}%{_mandir}/man5
@@ -114,6 +114,9 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
 %{_datadir}/rhel/secrets/*
 
 %changelog
+* Mon Feb 01 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-7
+- use the correct policy.json file
+
 * Thu Jan 28 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-6
 - short-name-mode="enforcing" in registries.conf
 
diff --git a/containers.conf b/containers.conf
index 8c6fd48..14d043d 100644
--- a/containers.conf
+++ b/containers.conf
@@ -158,7 +158,7 @@ default_sysctls = [
 
 # Logging driver for the container. Available options: k8s-file and journald.
 #
-# log_driver = "k8s-file"
+# log_driver = "journald"
 
 # Maximum size allowed for the container log file. Negative numbers indicate
 # that no size limit is imposed. If positive, it must be >= 8192 to match or
@@ -246,9 +246,14 @@ default_sysctls = [
 # network_config_dir = "/etc/cni/net.d/"
 
 [engine]
-# ImageBuildFormat indicates the default image format to building
-# container images. Valid values are "oci" (default) or "docker".
-# image_build_format = "oci"
+# Maximum number of image layers to be copied (pulled/pushed) simultaneously.
+# Not setting this field, or setting it to zero, will fall back to containers/image defaults.
+# image_parallel_copies=0
+
+# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
+# container images. By default image pulled and pushed match the format of the
+# source image. Building/commiting defaults to OCI.
+# image_default_format = ""
 
 # Cgroup management implementation used for the runtime.
 # Valid options "systemd" or "cgroupfs"
@@ -321,10 +326,6 @@ default_sysctls = [
 #
 # infra_image = "k8s.gcr.io/pause:3.2"
 
-# Maximum number of image layers to be copied (pulled/pushed) simultaneously.
-# Not setting this field, or setting it to zero, will fall back to containers/image defaults.
-# image_parallel_copies=0
-
 # Specify the locking mechanism to use; valid values are "shm" and "file".
 # Change the default only if you are sure of what you are doing, in general
 # "file" is useful only on platforms where cgo is not available for using the
diff --git a/containers.conf.5.md b/containers.conf.5.md
index 2c2edb5..ceeb329 100644
--- a/containers.conf.5.md
+++ b/containers.conf.5.md
@@ -177,7 +177,7 @@ the container.
 
 Indicates whether the container engine uses MAC(SELinux) container separation via labeling. This option is ignored on disabled systems.
 
-**log_driver**="k8s-file"
+**log_driver**="journald"
 
 Logging driver for the container. Available options: `k8s-file` and `journald`.
 
@@ -278,8 +278,12 @@ Path to the directory where CNI configuration files are located.
 ## ENGINE TABLE
 The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
 
-**image_build_format**="oci"
-The default image format to building container images. Valid values are "oci" (default) or "docker".
+**image_default_format**="oci"|"v2s2"|"v2s1"
+
+Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
+container images. By default images pulled and pushed match the format of the
+source image. Building/committing defaults to OCI.
+Note: **image_build_format** is deprecated.
 
 **cgroup_check**=false
 
diff --git a/seccomp.json b/seccomp.json
index adda39e..8f2d3b2 100644
--- a/seccomp.json
+++ b/seccomp.json
@@ -89,6 +89,7 @@
 				"epoll_ctl",
 				"epoll_ctl_old",
 				"epoll_pwait",
+				"epoll_pwait2",
 				"epoll_wait",
 				"epoll_wait_old",
 				"eventfd",
@@ -117,7 +118,11 @@
 				"flock",
 				"fork",
 				"fremovexattr",
+				"fsconfig",
 				"fsetxattr",
+				"fsmount",
+				"fsopen",
+				"fspick",
 				"fstat",
 				"fstat64",
 				"fstatat64",
@@ -177,7 +182,7 @@
 				"ioprio_get",
 				"ioprio_set",
 				"ipc",
-                                "keyctl",
+				"keyctl",
 				"kill",
 				"lchown",
 				"lchown32",
@@ -205,6 +210,7 @@
 				"mmap",
 				"mmap2",
 				"mount",
+				"move_mount",
 				"mprotect",
 				"mq_getsetattr",
 				"mq_notify",
@@ -227,6 +233,7 @@
 				"open",
 				"openat",
 				"openat2",
+				"open_tree",
 				"pause",
 				"pidfd_getfd",
 				"pidfd_open",
@@ -576,19 +583,13 @@
 		{
 			"names": [
 				"bpf",
-				"clone",
 				"fanotify_init",
 				"lookup_dcookie",
-				"mount",
-				"name_to_handle_at",
 				"perf_event_open",
 				"quotactl",
 				"setdomainname",
 				"sethostname",
-				"setns",
-				"umount",
-				"umount2",
-				"unshare"
+				"setns"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@@ -600,71 +601,6 @@
 			},
 			"excludes": {}
 		},
-		{
-			"names": [
-				"clone"
-			],
-			"action": "SCMP_ACT_ALLOW",
-			"args": [
-				{
-					"index": 0,
-					"value": 2080505856,
-					"valueTwo": 0,
-					"op": "SCMP_CMP_MASKED_EQ"
-				}
-			],
-			"comment": "",
-			"includes": {},
-			"excludes": {
-				"caps": [
-					"CAP_SYS_ADMIN"
-				],
-				"arches": [
-					"s390",
-					"s390x"
-				]
-			}
-		},
-		{
-			"names": [
-				"clone"
-			],
-			"action": "SCMP_ACT_ALLOW",
-			"args": [
-				{
-					"index": 1,
-					"value": 2080505856,
-					"valueTwo": 0,
-					"op": "SCMP_CMP_MASKED_EQ"
-				}
-			],
-			"comment": "s390 parameter ordering for clone is different",
-			"includes": {
-				"arches": [
-					"s390",
-					"s390x"
-				]
-			},
-			"excludes": {
-				"caps": [
-					"CAP_SYS_ADMIN"
-				]
-			}
-		},
-		{
-			"names": [
-				"reboot"
-			],
-			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
-			"includes": {
-				"caps": [
-					"CAP_SYS_BOOT"
-				]
-			},
-			"excludes": {}
-		},
 		{
 			"names": [
 				"chroot"
@@ -700,7 +636,6 @@
 			"names": [
 				"get_mempolicy",
 				"mbind",
-				"name_to_handle_at",
 				"set_mempolicy"
 			],
 			"action": "SCMP_ACT_ALLOW",
@@ -730,6 +665,7 @@
 		{
 			"names": [
 				"kcmp",
+				"process_madvise",
 				"process_vm_readv",
 				"process_vm_writev",
 				"ptrace"
@@ -896,4 +832,4 @@
 			"excludes": {}
 		}
 	]
-}
+}
\ No newline at end of file