diff --git a/container-selinux.tgz b/container-selinux.tgz
index 96ee2555..47b8aa5c 100644
Binary files a/container-selinux.tgz and b/container-selinux.tgz differ
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 7e1ae612..53806d8d 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -34324,7 +34324,7 @@ index bc0ffc8..37b8ea5 100644
  ')
 +/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 79a45f6..2dad865 100644
+index 79a45f6..054b9f7 100644
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
 @@ -1,5 +1,21 @@
@@ -35160,7 +35160,7 @@ index 79a45f6..2dad865 100644
 +#
 +interface(`init_config_transient_files',`
 +	gen_require(`
-+		attribute init_var_run_t;
++		type init_var_run_t;
 +	')
 +
 +	allow $1 init_var_run_t:service all_service_perms;
@@ -35179,7 +35179,7 @@ index 79a45f6..2dad865 100644
 +#
 +interface(`init_manage_config_transient_files',`
 +	gen_require(`
-+		attribute init_var_run_t;
++		type init_var_run_t;
 +	')
 +
 +	allow $1 init_var_run_t:service manage_service_perms;
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 29026745..b2f3b0fc 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -106450,7 +106450,7 @@ index a240455..aac2584 100644
 -	admin_pattern($1, sssd_log_t)
  ')
 diff --git a/sssd.te b/sssd.te
-index 2d8db1f..07606ba 100644
+index 2d8db1f..9b13b30 100644
 --- a/sssd.te
 +++ b/sssd.te
 @@ -28,19 +28,31 @@ logging_log_file(sssd_var_log_t)
@@ -106571,7 +106571,7 @@ index 2d8db1f..07606ba 100644
  
  init_read_utmp(sssd_t)
  
-@@ -112,18 +132,67 @@ logging_send_syslog_msg(sssd_t)
+@@ -112,18 +132,71 @@ logging_send_syslog_msg(sssd_t)
  logging_send_audit_msgs(sssd_t)
  
  miscfiles_read_generic_certs(sssd_t)
@@ -106599,7 +106599,7 @@ index 2d8db1f..07606ba 100644
 +	kerberos_read_home_content(sssd_t)
 +    kerberos_rw_config(sssd_t)
 +    kerberos_rw_keytab(sssd_t)
-+')
+ ')
 +
 +optional_policy(`
 +	dirsrv_stream_connect(sssd_t)
@@ -106617,7 +106617,11 @@ index 2d8db1f..07606ba 100644
 +
 +optional_policy(`
 +	systemd_login_read_pid_files(sssd_t)
- ')
++')
++
++optional_policy(`
++    realmd_read_var_lib(sssd_t)
++')
 +
 +########################################
 +#
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 71273f4b..a61660fe 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 259%{?dist}
+Release: 260%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -689,6 +689,10 @@ exit 0
 %endif
 
 %changelog
+* Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-260
+- Allow sssd_t to read realmd lib files.
+- Fix init interface file. init_var_run_t is type not attribute
+
 * Mon Jun 19 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-258
 - Allow rpcbind_t to execute systemd_tmpfiles_exec_t binary files.
 - Merge branch 'rawhide' of github.com:wrabcak/selinux-policy-contrib into rawhide