diff --git a/.gitignore b/.gitignore
index b8974bb..05a0e4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,76 +1 @@
-/container-selinux-513572d.tar.gz
-/container-selinux-bcdcb9a.tar.gz
-/container-selinux-3bbbad5.tar.gz
-/container-selinux-b9809fa.tar.gz
-/container-selinux-ba28054.tar.gz
-/container-selinux-9e004af.tar.gz
-/container-selinux-ce95ddb.tar.gz
-/container-selinux-f7333f9.tar.gz
-/container-selinux-08bb6e0.tar.gz
-/container-selinux-8f8caa6.tar.gz
-/container-selinux-14f7c51.tar.gz
-/container-selinux-c81ea26.tar.gz
-/container-selinux-9027f8e.tar.gz
-/container-selinux-ed3082b.tar.gz
-/container-selinux-5212fea.tar.gz
-/container-selinux-a80afba.tar.gz
-/container-selinux-c5fd77f.tar.gz
-/container-selinux-c89e9b5.tar.gz
-/container-selinux-58324f3.tar.gz
-/container-selinux-81ff96c.tar.gz
-/container-selinux-a9260d4.tar.gz
-/container-selinux-e37e93d.tar.gz
-/container-selinux-de38c07.tar.gz
-/container-selinux-0620186.tar.gz
-/container-selinux-47e0448.tar.gz
-/container-selinux-b430a71.tar.gz
-/container-selinux-0b666c4.tar.gz
-/container-selinux-7fe0136.tar.gz
-/container-selinux-dca3b87.tar.gz
-/container-selinux-f9a30e8.tar.gz
-/container-selinux-d985665.tar.gz
-/container-selinux-8ba32a4.tar.gz
-/container-selinux-26c642a.tar.gz
-/container-selinux-96e58bf.tar.gz
-/container-selinux-599072a.tar.gz
-/container-selinux-231b213.tar.gz
-/container-selinux-d148550.tar.gz
-/container-selinux-dfcc97d.tar.gz
-/container-selinux-38a982b.tar.gz
-/container-selinux-2377c73.tar.gz
-/container-selinux-aece4ff.tar.gz
-/container-selinux-663e003.tar.gz
-/container-selinux-fd7d508.tar.gz
-/container-selinux-fd50128.tar.gz
-/container-selinux-bdc0137.tar.gz
-/container-selinux-55c7d4d.tar.gz
-/container-selinux-d248f91.tar.gz
-/container-selinux-d213769.tar.gz
-/container-selinux-701557f.tar.gz
-/container-selinux-97f8dfc.tar.gz
-/container-selinux-9b55129.tar.gz
-/container-selinux-1ecf953.tar.gz
-/container-selinux-284f9e7.tar.gz
-/container-selinux-d346375.tar.gz
-/container-selinux-bf5b26b.tar.gz
-/container-selinux-dfaf8fd.tar.gz
-/container-selinux-8ecc282.tar.gz
-/container-selinux-0407867.tar.gz
-/container-selinux-042f7cf.tar.gz
-/container-selinux-25277c8.tar.gz
-/container-selinux-c139a3d.tar.gz
-/container-selinux-452b90d.tar.gz
-/container-selinux-4e73492.tar.gz
-/container-selinux-5721d74.tar.gz
-/container-selinux-d7a3f33.tar.gz
-/container-selinux-a62c2db.tar.gz
-/container-selinux-99e2cfd.tar.gz
-/container-selinux-87fae85.tar.gz
-/container-selinux-5133af6.tar.gz
-/container-selinux-2c57a17.tar.gz
-/container-selinux-1362777.tar.gz
-/container-selinux-6f01752.tar.gz
-/container-selinux-1b655d9.tar.gz
-/container-selinux-484806a.tar.gz
-/container-selinux-21c2be6.tar.gz
-/container-selinux-5e1f62f.tar.gz
+/container-selinux-f958d0c.tar.gz
diff --git a/container-selinux.spec b/container-selinux.spec
index 5e01e51..7e54796 100644
--- a/container-selinux.spec
+++ b/container-selinux.spec
@@ -1,8 +1,8 @@
 %global debug_package   %{nil}
 
 # container-selinux
-%global git0 https://github.com/projectatomic/container-selinux
-%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda
+%global git0 https://github.com/containers/container-selinux
+%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # container-selinux stuff (prefix with ds_ for version/release etc.)
@@ -16,18 +16,16 @@
 # Format must contain '$x' somewhere to do anything useful
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
 
-# Relabel files
-%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
-
 # Version of SELinux we were using
-%global selinux_policyver 3.13.1-220
+%global selinux_policyver 3.14.3-53
 
+# Hooked up to autobuilder, please check with @lsm5 before updating
 Name: container-selinux
 %if 0%{?fedora}
 Epoch: 2
 %endif
-Version: 2.82
-Release: 1.git%{shortcommit0}%{?dist}
+Version: 2.124.0
+Release: 3%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
@@ -70,37 +68,31 @@ rm -rf container-selinux.spec
 
 %check
 
+%pre
+%selinux_relabel_pre -s %{selinuxtype}
+
 %post
 # Install all modules in a single transaction
 if [ $1 -eq 1 ]; then
-	%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
+   %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
 fi
 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
-%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null
-if %{_sbindir}/selinuxenabled ; then
-    %{_sbindir}/load_policy
-    %relabel_files
-    if [ $1 -eq 1 ]; then
-	restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
-	restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
-    fi
-fi
+%selinux_modules_install -s %{selinuxtype} $MODULES
 . %{_sysconfdir}/selinux/config
 sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
 
 %postun
 if [ $1 -eq 0 ]; then
-%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || :
-if %{_sbindir}/selinuxenabled ; then
-%{_sbindir}/load_policy
-%relabel_files
-fi
+   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
 fi
 
+%posttrans
+%selinux_relabel_post -s %{selinuxtype}
+
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}
 
@@ -108,8 +100,168 @@ fi
 %doc README.md
 %{_datadir}/selinux/*
 
+# Hooked up to autobuilder, please check with @lsm5 before updating
 %changelog
-* Sun Feb 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.82-1
+* Fri Jan 03 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-3
+- implement spec file refactoring by Zdenek Pytela, namely:
+  Change the uninstall command in the %%postun section of the specfile
+  to use the %%selinux_modules_uninstall macro which uses priority 200.
+  Change the install command in the %%post section if the specfile
+  to use the %%selinux_modules_install macro.
+  Replace relabel commands with using the %%selinux_relabel_pre and
+  %%selinux_relabel_post macros.
+  Change formatting so that the lines are vertically aligned
+  in the %%postun section.
+  (https://github.com/containers/container-selinux/pull/85)
+
+* Wed Dec 11 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.124.0-2
+- bump to v2.124.0
+- autobuilt f958d0c for fedora
+- autobuilt c57a6f9 for centos
+
+* Fri Dec 06 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.123.0-2
+- bump to v2.123.0
+- autobuilt 0b25a4a for fedora
+- autobuilt c57a6f9 for centos
+
+* Sun Oct 27 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.119.1-2
+- bump to v2.119.1
+- autobuilt 2ecb2a8 for fedora
+- autobuilt c57a6f9 for centos
+
+* Thu Oct 24 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.119.0-2
+- bump to v2.119.0
+- autobuilt b383f07 for fedora
+- autobuilt 42087be for centos
+
+* Fri Oct 11 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.118.0-2
+- bump to v2.118.0
+- autobuilt 79bdcb5 for fedora
+- autobuilt 42087be for centos
+
+* Fri Sep 20 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.117-1
+- Add label for /usr/bin/crun
+
+* Thu Sep 5 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.116-1
+- Don't let container_runtime_t transition to svirt domains.
+
+* Wed Aug 21 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.115-1
+- Allow containers to execmod files on fusefs_t
+
+* Mon Aug 19 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.114-1
+- Allow containers to settatr on /proc/self/ lnk_files
+- Allow containers to remount /proc
+
+* Fri Aug 9 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.113-1
+- Allow containers to name_bind to rawip_sockets.
+
+* Thu Aug 8 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.112-1
+- Allow containers to use fusefs_t entrypoint
+- Dontaudit attempts to setattr on devicenodes.
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.111.0-3.1.dev.git9a75deb
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jul 18 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.111.0-2.1.dev.git9a75deb
+- bump to 2.111.0
+- autobuilt 9a75deb
+
+* Wed Jul 10 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2.110.0-1.1.dev.git544d71f
+- bump to v2.110.0
+- hook up to autobuild
+
+* Mon Jul 8 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.109-1
+- Allow containers to accept connections on all socket types
+- Allow containers to connect to gssproxy stream sockets if added to container
+
+* Fri Jun 14 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.107-1
+- Allow containers to manipulate Onload files.
+
+* Tue Jun 11 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.106-1
+- Allow all unconfined domains to manage unlabeled keyrings
+- Add labeling for kubernetes pods
+
+* Mon Jun 3 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.104-1
+- Set proper labeling for container volumes in SilverBlue
+
+* Fri May 17 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.103-1
+- Set proper labeling for container volumes
+
+* Sun May 12 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.102-1
+- Allow all container domains to be entered from container_file_t
+
+* Fri May 3 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.101-1
+- Allow containers to read rpm cache and rpm databse
+
+* Tue Apr 23 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.100-1
+- Allow containers running as spc_t to create unlabeled_t kernel keyrings
+
+* Mon Apr 22 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.99-1
+- Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable.
+
+* Mon Apr 15 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.98-1
+- Allow iptables to append to container_file_t
+
+* Fri Apr 12 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.97-1
+- Allow containers to read/write sysctl_kernel_ns_last_pid_t
+- Allow containers to manage fusefs sockets and named pipes
+
+* Thu Apr 4 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.96-1
+- Allow containers to read/write sysctl_kernel_ns_last_pid_t
+
+* Mon Apr 1 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.95-1
+- Allow containers to create fusefs sockets and named pipes
+
+* Thu Mar 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.94-1
+- Allow init_t to manage container content
+- Allow container domains to create fifo_files on fusefs file systems
+- Add boolean to allow containers to use ceph file systems
+
+* Tue Mar 26 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.91-1
+- Allow container runtimes to create unlabeled keyrings
+
+* Wed Mar 20 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.90-1
+- Allow containers to mount and umount fuse file systems.  This will allow us
+- to use buidlah within a user namespace separated container.
+
+* Sat Mar 9 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.89-1
+- Allow all container domains to have container file types entrypoint
+- Add new release to fix issues with udica
+- Allow container_runtime_t to dyntransition to container domains
+
+* Sat Mar 09 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.89-5.git2521d0d
+- bump to 2.89
+- autobuilt 2521d0d
+
+* Thu Mar 07 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.88-4.git5c98b56
+- bump to 2.88
+- autobuilt 5c98b56
+
+* Wed Mar 06 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.87-3.git2c1a2ab
+- autobuilt 2c1a2ab
+
+* Sat Mar 02 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.87-2.git891a85f
+- bump to 2.87
+- autobuilt 891a85f
+
+* Fri Mar 1 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.86-1
+- Allow unconfined user and services to dyntrans to container domains, needed for CRIU
+- Allow containers exectue hugetlb files.
+
+* Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.85-1
+- More allow rules to allow containers to run within containers
+
+* Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.84-1
+- More allow rules to allow containers to run within containers
+
+* Tue Feb 26 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.82-2.git5e1f62f
+- bump to 2.82
+- autobuilt 5e1f62f
+
+* Mon Feb 25 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.83-1
+- Allow containers to mounton cgroup and container_file_t
+
+* Sun Feb 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.82-1.nightly.git5e1f62f
 - Allow confined users to use containers
 
 * Fri Feb 08 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.80-3.git21c2be6
diff --git a/sources b/sources
index e46329b..e81c4ec 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7
+SHA512 (container-selinux-f958d0c.tar.gz) = 88a4ccf596233f293118e516bafee8d758e669f292c80e8b25b1a8df956ef0e14e36cb61b53f83b20fc68e9cffe8b100d792197ea311418f11169a437c5893d2